Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: US charges Samourai cryptomixer founders for laundering $100 million

Featured Deal: A one-year Sam's Club membership is only $14 now

Latest Buyer's Guide: How to setup a VPN on your router: Detailed walkthrough

Computer running slow, cant download FRST

Started by jcol1227 , Mar 18 2024 12:04 PM

This topic is locked

45 replies to this topic

#1 jcol1227

Members
23 posts
OFFLINE

Local time:12:30 AM

Posted 18 March 2024 - 12:04 PM

My computer has been running slow, taking forever on start up, as well as 100% disk usage. Ive searched the forums in regards to this and tried everything suggested (downloaded and installed all windows updates, run checkdisk, disabled "windows search", disabled super fetch/sysmain, disabled Skype, updated IDE ATA/ATAPI drivers, etc.) and Im starting to wonder if its due to malware.

When I try to download and install FRST windows blocks it from running saying its detected Trojan:Win32/Wacatac.B!ml

(see attached)

Please help!

Attached Files

Capture.PNG 43.88KB 0 downloads

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 polskamachina

Malware Response Team
5,622 posts
ONLINE

Gender:Male
Location:California
Local time:09:30 PM

Posted 18 March 2024 - 12:16 PM

Hi jcol1227,

My name is polskamachina and I would like to :welcome: you to the Malware Removal Forum. I will be helping you with your malware issues.

What follows below are some ground rules for this forum.

I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-7 hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

Do NOT run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine. Running any additional tools may detect false positives, interfere with our tools, cause unforeseen damage, or system instability.
Do not attach logs or use code boxes, just copy and paste the text into your replies to me.
I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

Let's begin:

Do you have access to a clean computer? If you do:

Download the FRST64 program to a USB drive.
Remove the drive from your clean computer and insert it into your infected computer and run FRST64 from the USB drive
Click on Scan
Once the scan completes, FRST.txt and Addition.txt will appear on your USB drive in the folder from which you ran FRST64
Copy and paste those two logs into your next reply to me

Let me know if you have any questions.

polskamachina

Edited by polskamachina, 18 March 2024 - 12:16 PM.

If I have made your computing life easier, please consider making a contribution.

#3 jcol1227

Topic Starter

Members
23 posts
OFFLINE

Local time:12:30 AM

Posted 19 March 2024 - 05:42 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18.03.2024
Ran by Buckner Plumbing (administrator) on BP-LAPTOP (HP HP Notebook) (19-03-2024 06:08:30)
Running from C:\Users\Buckner Plumbing\OneDrive\Desktop\FRST64.exe
Loaded Profiles: Buckner Plumbing
Platform: Microsoft Windows 10 Home Version 22H2 19045.4170 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Creative Cloud UI Helper.exe <4>
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe <2>
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe <2>
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\mcafee\MfeAV\MfeAVSvc.exe
(C:\Program Files\Mozilla Firefox\firefox.exe ->) (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <64>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> ) C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(services.exe ->) (CyberLink Corp. -> CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
(services.exe ->) (HP Inc.) [File not signed] C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(services.exe ->) (McAfee, Inc. -> Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
(services.exe ->) (McAfee, Inc. -> Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(services.exe ->) (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\McCSPServiceHost.exe
(services.exe ->) (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <2>
(services.exe ->) (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\mcsvchost\McSvHost.exe
(services.exe ->) (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(services.exe ->) (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
(services.exe ->) (McAfee, Inc. -> McAfee, Inc.) C:\Windows\System32\mfevtps.exe <2>
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(svchost.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe
(svchost.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(svchost.exe ->) (Adobe Systems Incorporated -> ) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(svchost.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(svchost.exe ->) (HP Inc. -> ) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartProvider.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(svchost.exe ->) (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(svchost.exe ->) (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\mcafee\vul\McVulCtr.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DeviceCensus.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(svchost.exe ->) (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <6>
(svchost.exe ->) (Mozilla Corporation -> Mozilla Foundation) C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe
(svchost.exe ->) (Mozilla Corporation -> Mozilla Foundation) C:\Program Files\Mozilla Firefox\default-browser-agent.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9217024 2017-04-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [231640 2016-09-20] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4096992 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [705784 2016-06-20] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2024-01-13] (Adobe Inc. -> )
HKLM\...\RunOnce: [!BCILauncher] => C:\WINDOWS\Temp\MUBSTemp\BCILauncher.EXE [18464 2024-03-19] (Microsoft Corporation -> ) <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [8731040 2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\...\Run: [MicrosoftEdgeAutoLaunch_3C524E9FA40EF560AE6A5D7D0ECDB354] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4060608 2024-03-07] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\hpcpp196: C:\Windows\System32\spool\prtprocs\x64\hpcpp196.dll [758000 2017-02-14] (HP Inc. -> HP Inc.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [203936 2024-01-13] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\HP Universal Print Monitor: C:\WINDOWS\system32\HPMPW081.DLL [127728 2017-02-14] (HP Inc. -> HP Inc.)
HKLM\...\Print\Monitors\HPMLM190: C:\WINDOWS\system32\hpmlm190.dll [310696 2017-02-14] (HP Inc. -> HP Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP JumpStart Launch.lnk [2017-01-10]
ShortcutTarget: HP JumpStart Launch.lnk -> c:\Windows\Installer\{B90CB0DE-2E60-41C4-9857-466EB98192BF}\HPlogo_blue.ico () [File not signed]

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {F41A5686-0C4B-4DC5-B690-9FFA9277798F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {88C3785B-77B3-4DC2-AA20-B646069AC8A3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {25B551F9-7C7F-4F1E-AB30-D2B1CF1761DD} - System32\Tasks\Adobe Creative Cloud => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [1131488 2024-01-13] (Adobe Inc. -> Adobe Inc.)
Task: {6D6A088A-43AD-4B05-B4B2-749D9AB2430F} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_445_Plugin.exe -check plugin (No File)
Task: {9EB466A8-E0FF-4062-8692-434A1F4CBF55} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (No File)
Task: {505703A0-6780-44E9-83F5-9132DAC01B04} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4096992 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {363A5FD7-DDD4-46DA-9EAB-3B3429497F71} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [4434400 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {4A7C5211-7393-4C3E-8208-B4580CAA4171} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [584488 2016-09-21] (Dropbox, Inc -> )
Task: {F8022533-4096-4FC4-B348-6E3AA1BB9813} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-01-29] (Dropbox, Inc -> Dropbox, Inc.)
Task: {938E617C-282A-4726-B4F4-AA8A92A2581D} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-01-29] (Dropbox, Inc -> Dropbox, Inc.)
Task: {B4CCC76C-CE99-45A5-9013-0D69C8B119FD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [703536 2024-02-01] (HP Inc. -> HP Inc.)
Task: {CC3CD0DC-A784-4338-B339-942254500380} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2024-02-01] (HP Inc. -> HP Inc.)
Task: {EE4D1B9A-DCE6-4B28-BD07-D5B3360FE63A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /f (No File)
Task: {47FE9080-3210-4D46-9A8A-F036DD28E404} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1161264 2024-02-01] (HP Inc. -> HP Inc.)
Task: {F718C6AF-261D-4DCF-8535-6B325EBDE51A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe /DeviceScanR6 (No File)
Task: {819D5087-D3D3-4284-A504-CBF67206D977} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1657880 2016-10-04] (HP Inc. -> HP Inc.)
Task: {36A8DDF7-B1D0-4A9A-A58C-B4DD9F8326CE} - System32\Tasks\HPEA3JOBS => C:\Program -> Files\HP\HP ePrint\hpeprint.exe /CheckJobs
Task: {BAE8BCA8-782B-4423-B75B-2CA1044C0B3C} - System32\Tasks\HPJumpStartProvider => C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartProvider.exe [843800 2016-08-05] (HP Inc. -> )
Task: {223E241F-46DC-4DEF-8067-362F3E5CFF38} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4565040 2023-07-17] (McAfee, LLC -> McAfee, LLC)
Task: {3F096479-7DB0-4BB7-8087-B54B2CDC8E78} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1012344 2017-05-25] (McAfee, Inc. -> McAfee, Inc.)
Task: {2827F75E-E29E-42D0-9F58-86680AA96E35} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1012344 2017-05-25] (McAfee, Inc. -> McAfee, Inc.)
Task: {47C0E76F-67D9-4354-807C-081859F79BBF} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [745296 2017-05-31] (McAfee, Inc. -> McAfee, Inc.)
Task: {E0FDDB02-80EA-4A76-9BF7-3F5AB70E5A74} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28491856 2024-03-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {59C9E5A2-A896-4DC7-A6E0-8DE97F259B1C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28491856 2024-03-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {7A9453A2-4413-46EF-8B17-61D5A81ACC8B} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [220824 2024-03-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {1978835A-F756-4C8B-84C1-68F46C7FF464} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [220824 2024-03-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {442A5E67-2751-47C4-9F85-4D0F69394325} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [342736 2024-03-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {21F8480D-296A-408C-9EEA-B86A80EC60BA} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => %ProgramFiles%\CUAssistant\culauncher.exe (No File)
Task: {6390E4D4-D0BB-4053-815B-1189B4FAAB26} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCmdRun.exe [1650024 2024-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C803DEBF-D109-4263-B19C-3522A3428B68} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCmdRun.exe [1650024 2024-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C77C2146-B72D-460D-B947-10E53303F81D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCmdRun.exe [1650024 2024-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {67F0E93C-9B8C-45C7-9E78-8EFFE8624F9F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCmdRun.exe [1650024 2024-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FF19AEF6-FA1F-4BE3-B818-32DCD77A5D51} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [671648 2024-03-05] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {43B402A2-8DBE-45FD-B143-CF19A2E7C111} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-1936981840-1978000543-3804904241-1001 E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [671648 2024-03-05] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {D0BCC693-0878-44E0-B7B1-F2C897B40F85} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34720 2024-02-24] (Mozilla Corporation -> Mozilla Foundation)
Task: {3EC0C88A-D0D9-4E7F-AEF2-A7DDB8721EF0} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [34720 2024-03-05] (Mozilla Corporation -> Mozilla Foundation)
Task: {F9BBC389-A626-4895-975D-D7925CB0414A} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [52104 2017-06-20] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{418c7cc2-f2ba-413a-86bc-89e01001936f}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Buckner Plumbing\AppData\Local\Microsoft\Edge\User Data\Default [2024-03-16]
Edge Extension: (Google Docs Offline) - C:\Users\Buckner Plumbing\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-09]
Edge Extension: (Edge relevant text changes) - C:\Users\Buckner Plumbing\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-29]

FireFox:
========
FF DefaultProfile: upx7vtdc.default
FF ProfilePath: C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\0sx8i1eu.default-release [2024-03-19]
FF DownloadDir: C:\Users\Buckner Plumbing\Downloads
FF ProfilePath: C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default [2024-03-16]
FF Notifications: Mozilla\Firefox\Profiles\upx7vtdc.default -> hxxps://spark.adobe.com
FF Extension: (Firefox All Aboard 1.6) - C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default\Extensions\@all-aboard-v1-6.xpi [2017-05-11] [Legacy]
FF Extension: (Adaware AdBlock) - C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default\Extensions\AdBlockerLavaSoftFF@lavasoft.com.xpi [2024-01-29]
FF Extension: (uBlock Origin) - C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default\Extensions\uBlock0@raymondhill.net.xpi [2024-02-24]
FF Extension: (Block Site) - C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default\Extensions\{07046613-1993-4b66-9dd1-9dd1ce581cb7}.xpi [2020-10-08]
FF Extension: (Re-Pagination) - C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default\Extensions\{6072cb90-a0bd-11da-a746-0800200c9a66}.xpi [2017-09-06] [Legacy]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-06-13] [Legacy]
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-12-07]
FF Extension: (Firefox All Aboard 1.6) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\@all-aboard-v1-6 [2024-03-05] [Legacy]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-07-10] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-05-31] (McAfee, Inc. -> )
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2024-01-13] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @devicesoft.com/np_device_plugin -> C:\Users\Buckner Plumbing\AppData\Roaming\WebPlugins\DVR\npDvrSVideo.dll [2017-05-17] (npDvrSVideo) [File not signed]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-05-31] (McAfee, Inc. -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-02-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-09-01] (WildTangent Inc -> )
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2024-01-13] (Adobe Inc. -> Adobe Systems)

Chrome:
=======
CHR HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2017-06-20] (Advanced Micro Devices, Inc. -> )
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [944096 2024-01-13] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [4555744 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
S2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-08-10] (Advanced Micro Devices) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [125656 2016-09-20] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14097992 2024-03-04] (Microsoft Corporation -> Microsoft Corporation)
R3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1752992 2017-03-29] (McAfee, Inc. -> Intel Security)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-01-29] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-01-29] (Dropbox, Inc -> Dropbox, Inc.)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-09-01] (WildTangent Inc -> WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc. -> McAfee, Inc.)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1268736 2016-10-05] (HP Inc.) [File not signed]
R2 HP Orbit Service; C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe [3421616 2017-06-20] (HP Inc. -> HP Inc.)
R2 HPAppHelperCap; C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe [891328 2024-02-01] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Program Files\HP\HP Enabling Services\DiagsCap.exe [889896 2024-02-01] (HP Inc. -> HP Inc.)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [461848 2016-08-05] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Program Files\HP\HP Enabling Services\NetworkCap.exe [886824 2024-02-01] (HP Inc. -> HP Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe [890408 2024-02-01] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [631800 2016-06-20] (HP Inc. -> HP Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [984480 2017-06-03] (McAfee, Inc. -> McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [419096 2016-04-01] (McAfee, Inc. -> McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc. -> McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\McCSPServiceHost.exe [2139832 2017-05-30] (McAfee, Inc. -> McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc. -> McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc. -> McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc. -> McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [241656 2017-04-30] (McAfee, Inc. -> McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [390656 2017-04-30] (McAfee, Inc. -> McAfee, Inc.)
R3 mfevtp; C:\windows\system32\mfevtps.exe [343544 2017-04-30] (McAfee, Inc. -> McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1543248 2017-05-31] (McAfee, Inc. -> McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc. -> McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2016-06-15] (HP Inc.) [File not signed]
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1042288 2017-05-22] (McAfee, Inc. -> Intel Security, Inc.)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2016-06-15] (HP Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2016-03-23] (CyberLink Corp. -> CyberLink)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\NisSrv.exe [3191272 2024-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MsMpEng.exe [133688 2024-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [76824 2017-05-02] (McAfee, Inc. -> McAfee, Inc.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [209608 2017-05-31] (McAfee, Inc. -> McAfee, Inc.)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [476176 2017-05-02] (McAfee, Inc. -> McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [353808 2017-05-02] (McAfee, Inc. -> McAfee, Inc.)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [84536 2017-05-02] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [504336 2017-05-02] (McAfee, Inc. -> McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [918544 2017-05-02] (McAfee, Inc. -> McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [495632 2017-04-07] (McAfee, Inc. -> McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [107544 2017-04-07] (McAfee, Inc. -> McAfee, Inc.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [109072 2017-05-02] (McAfee, Inc. -> McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252432 2017-05-02] (McAfee, Inc. -> McAfee, Inc.)
R0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [20928 2024-03-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [603416 2024-03-14] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105752 2024-03-14] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [40200 2023-11-17] (HP Inc. -> HP)
S2 amdacpksd; \??\C:\WINDOWS\system32\drivers\amdacpksd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-03-19 06:08 - 2024-03-19 06:13 - 000034696 _____ C:\Users\Buckner Plumbing\OneDrive\Desktop\FRST.txt
2024-03-19 06:05 - 2024-03-19 06:11 - 000000000 ____D C:\FRST
2024-03-19 06:04 - 2024-03-19 06:04 - 002390528 _____ (Farbar) C:\Users\Buckner Plumbing\OneDrive\Desktop\FRST64.exe
2024-03-18 12:11 - 2024-03-18 12:11 - 000000000 ___HD C:\ProgramData\temp
2024-03-16 11:40 - 2024-03-16 11:41 - 000000000 ___HD C:\adobeTemp
2024-03-14 15:56 - 2024-03-14 15:56 - 000019530 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-03-14 15:55 - 2024-03-14 15:55 - 000019530 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-03-14 15:03 - 2024-03-14 15:03 - 000000000 ___HD C:\$WinREAgent
2024-03-11 11:56 - 2024-03-11 11:56 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Documents\HealthCare.gov
2024-03-11 11:48 - 2024-03-11 11:48 - 000248658 _____ C:\Users\Buckner Plumbing\Downloads\EligibilityResultsNotice.pdf
2024-03-09 18:24 - 2024-03-09 18:24 - 000479131 _____ C:\Users\Buckner Plumbing\OneDrive\Documents\TN_unclaimed_3416264.pdf
2024-03-09 17:57 - 2024-03-09 17:58 - 000412458 _____ C:\Users\Buckner Plumbing\Downloads\17100123041763_302713.pdf
2024-03-09 17:57 - 2024-03-09 17:57 - 001376816 _____ (Google LLC) C:\Users\Buckner Plumbing\Downloads\ChromeSetup.exe
2024-03-09 13:38 - 2024-03-09 13:38 - 000000112 ___SH C:\bootTel.dat
2024-03-09 13:19 - 2024-03-09 13:19 - 000000017 _____ C:\Users\Buckner Plumbing\AppData\Local\resmon.resmoncfg
2024-03-05 18:25 - 2024-03-07 18:00 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2024-03-03 18:19 - 2024-03-03 18:19 - 000088939 _____ C:\Users\Buckner Plumbing\Downloads\CJ01Apr21_TO_09Apr21.txt
2024-02-29 15:20 - 2024-02-29 15:20 - 000129979 _____ C:\Users\Buckner Plumbing\Downloads\Download-2.PDF
2024-02-29 15:16 - 2024-02-29 15:16 - 000116202 _____ C:\Users\Buckner Plumbing\Downloads\Download-1.PDF
2024-02-29 15:11 - 2024-02-29 15:11 - 000116202 _____ C:\Users\Buckner Plumbing\Downloads\Download.PDF
2024-02-25 15:32 - 2024-02-25 15:32 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Documents\My Bluetooth
2024-02-25 15:32 - 2024-02-25 15:32 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Documents\hp.system.package.metadata
2024-02-25 15:32 - 2024-02-25 15:32 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Documents\hp.applications.package.appdata
2024-02-25 15:32 - 2024-02-25 15:32 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Documents\FLIR
2024-02-25 15:32 - 2024-02-25 15:32 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Documents\design
2024-02-25 15:32 - 2024-02-25 15:32 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Documents\Custom Office Templates
2024-02-25 15:31 - 2024-02-25 15:31 - 000000000 ___HD C:\OneDriveTemp
2024-02-25 15:31 - 2024-02-25 15:31 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Desktop\Buckner Plumbing
2024-02-25 15:16 - 2024-02-25 15:16 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Local\OneDrive
2024-02-25 14:53 - 2024-02-25 14:53 - 000000000 ____D C:\ProgramData\PLUG
2024-02-25 14:41 - 2024-02-25 14:41 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Local\Backup
2024-02-25 14:05 - 2024-02-25 14:05 - 000000992 _____ C:\Users\Buckner Plumbing\OneDrive\Desktop\CBS - Shortcut.lnk
2024-02-25 12:37 - 2024-02-25 12:37 - 000000000 ____D C:\Users\Buckner Plumbing\.ms-ad
2024-02-24 23:22 - 2024-02-24 23:38 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-02-24 23:22 - 2024-02-24 23:23 - 000000000 ____D C:\WINDOWS\InboxApps
2024-02-24 20:05 - 2024-02-24 20:05 - 000003160 _____ C:\WINDOWS\system32\Tasks\StartCN
2024-02-24 20:05 - 2024-02-24 20:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2024-02-24 20:04 - 2024-02-24 20:04 - 000000000 ____D C:\Program Files\ATI Technologies
2024-02-24 20:04 - 2024-02-24 20:04 - 000000000 ____D C:\Program Files (x86)\AMD
2024-02-24 19:51 - 2024-02-24 19:51 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\LocalLow\AMD
2024-02-24 19:47 - 2017-06-28 19:29 - 000922520 _____ (AMD) C:\WINDOWS\system32\coinst_16.50.dll
2024-02-24 19:47 - 2017-06-28 19:29 - 000290712 _____ C:\WINDOWS\system32\dgtrayicon.exe
2024-02-24 19:47 - 2017-06-28 19:29 - 000284056 _____ C:\WINDOWS\system32\GameManager64.dll
2024-02-24 19:47 - 2017-06-28 19:29 - 000277912 _____ C:\WINDOWS\system32\clinfo.exe
2024-02-24 19:47 - 2017-06-28 19:29 - 000276376 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2024-02-24 19:47 - 2017-06-28 19:29 - 000248728 _____ C:\WINDOWS\SysWOW64\GameManager32.dll
2024-02-24 19:47 - 2017-06-28 19:29 - 000242072 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2024-02-24 19:47 - 2017-06-28 19:29 - 000168856 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2024-02-24 19:47 - 2017-06-28 19:29 - 000143768 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2024-02-24 19:47 - 2017-06-28 19:29 - 000138136 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2024-02-24 19:47 - 2017-06-28 19:29 - 000117656 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2024-02-24 19:47 - 2017-06-28 19:28 - 000467352 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2024-02-24 19:47 - 2017-06-28 19:28 - 000239000 _____ C:\WINDOWS\system32\atieah64.exe
2024-02-24 19:47 - 2017-06-28 19:28 - 000216984 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2024-02-24 19:47 - 2017-06-28 19:28 - 000211864 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2024-02-24 19:47 - 2017-06-28 19:28 - 000185240 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2024-02-24 19:47 - 2017-06-28 19:28 - 000145304 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2024-02-24 19:47 - 2017-06-28 19:28 - 000126360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2024-02-24 19:47 - 2017-06-28 19:28 - 000119192 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2024-02-24 19:47 - 2017-06-28 19:25 - 000119736 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2024-02-24 19:47 - 2017-06-28 19:25 - 000102032 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2024-02-24 19:47 - 2017-06-28 07:59 - 000154384 _____ C:\WINDOWS\system32\samu_krnl_ci.sbin
2024-02-24 19:47 - 2017-06-28 07:59 - 000120368 _____ C:\WINDOWS\system32\kapp_ci.sbin
2024-02-24 19:47 - 2017-06-28 07:59 - 000115984 _____ C:\WINDOWS\system32\kapp_si.sbin
2024-02-24 19:46 - 2017-06-28 19:27 - 009880472 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdvlk64.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 007927192 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdvlk32.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 002501016 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 002183064 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 001015704 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 001015704 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 000411032 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2024-02-24 19:46 - 2017-06-28 19:27 - 000121240 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 000112024 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 000108440 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 000096152 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 000068504 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll
2024-02-24 19:46 - 2017-06-28 19:26 - 000853912 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2024-02-24 19:46 - 2017-06-28 19:26 - 000688024 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2024-02-24 19:46 - 2017-06-28 19:26 - 000256920 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2024-02-24 19:46 - 2017-06-28 19:26 - 000229784 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2024-02-24 19:46 - 2017-06-28 19:26 - 000091544 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmcl64.dll
2024-02-24 19:46 - 2017-06-28 19:26 - 000075160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmcl32.dll
2024-02-24 19:46 - 2017-06-28 19:25 - 000474984 _____ C:\WINDOWS\system32\amdmiracast.dll
2024-02-24 19:46 - 2017-06-28 19:25 - 000151448 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2024-02-24 19:46 - 2017-06-28 19:25 - 000135280 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2024-02-24 19:46 - 2017-06-28 19:25 - 000119736 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2024-02-24 19:46 - 2017-06-28 19:25 - 000102024 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2024-02-24 19:46 - 2017-06-28 19:24 - 000124920 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2024-02-24 19:46 - 2017-06-28 19:24 - 000112960 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2024-02-24 19:46 - 2017-06-28 07:59 - 000000144 _____ C:\WINDOWS\SysWOW64\amd-vulkan32.json
2024-02-24 19:46 - 2017-06-28 07:59 - 000000144 _____ C:\WINDOWS\system32\amd-vulkan64.json
2024-02-24 19:41 - 2024-02-24 19:41 - 000000000 ____D C:\ProgramData\SoundResearch
2024-02-24 19:37 - 2017-04-13 06:39 - 003122648 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2024-02-24 19:37 - 2017-04-13 06:39 - 001435136 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2024-02-24 19:37 - 2017-04-13 06:39 - 000532376 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2024-02-24 19:37 - 2017-04-13 06:39 - 000467152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2024-02-24 19:37 - 2017-04-13 06:39 - 000381408 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2024-02-24 19:37 - 2017-04-13 06:39 - 000341144 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2024-02-24 19:37 - 2017-04-13 06:39 - 000341144 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2024-02-24 19:37 - 2017-04-13 06:39 - 000166200 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2024-02-24 19:37 - 2017-04-13 06:38 - 001015864 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll
2024-02-24 19:37 - 2017-04-13 06:38 - 000984904 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2024-02-24 19:37 - 2017-04-13 06:38 - 000876400 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SEHDHF32.dll
2024-02-24 19:37 - 2017-04-13 06:38 - 000867152 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2024-02-24 19:37 - 2017-04-13 06:38 - 000865096 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2024-02-24 19:37 - 2017-04-13 06:38 - 000736936 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.dll
2024-02-24 19:37 - 2017-04-13 06:38 - 000525256 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2024-02-24 19:37 - 2017-04-13 06:38 - 000343696 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2024-02-24 19:37 - 2017-04-13 06:37 - 001353272 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2024-02-24 19:37 - 2017-04-13 06:37 - 000691672 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2024-02-24 19:37 - 2017-04-13 06:37 - 000387304 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2024-02-24 19:37 - 2017-04-13 06:37 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2024-02-24 19:37 - 2017-04-13 06:37 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2024-02-24 19:37 - 2017-04-13 06:37 - 000214824 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2024-02-24 19:37 - 2017-04-13 06:37 - 000110976 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2024-02-24 19:37 - 2017-04-13 06:37 - 000088336 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2024-02-24 19:37 - 2017-04-13 06:35 - 003677184 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2024-02-24 19:37 - 2017-04-13 06:35 - 003205120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2024-02-24 19:37 - 2017-04-13 06:35 - 002209792 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2024-02-24 19:37 - 2017-04-13 06:35 - 000258856 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2024-02-24 19:35 - 2017-04-13 06:36 - 001616680 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
2024-02-24 19:35 - 2017-04-13 06:36 - 001529128 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64Proxy.dll
2024-02-24 19:35 - 2017-04-13 06:36 - 000467136 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\CAF64APO2.dll
2024-02-24 19:35 - 2017-04-13 06:36 - 000112488 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\Caf64api.dll
2024-02-24 19:35 - 2017-04-13 06:35 - 000122312 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2024-02-24 19:35 - 2017-04-13 02:54 - 000000864 _____ C:\WINDOWS\system32\cxapo.prop
2024-02-24 18:20 - 2024-02-24 18:20 - 000001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2024-02-24 18:20 - 2024-02-24 18:20 - 000000000 ____D C:\Program Files\PCHealthCheck
2024-02-24 17:53 - 2024-02-24 19:42 - 000002285 _____ C:\Users\Buckner Plumbing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk
2024-02-24 17:52 - 2024-03-18 12:19 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-02-24 17:51 - 2024-02-24 18:56 - 000000000 ____D C:\Program Files\Mozilla Firefox

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-03-19 06:01 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-03-18 15:19 - 2020-11-19 03:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-03-18 14:00 - 2021-02-04 15:06 - 000000000 ___RD C:\Users\Buckner Plumbing\Creative Cloud Files
2024-03-18 12:18 - 2021-05-02 12:05 - 000934922 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-03-18 12:18 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2024-03-18 12:16 - 2018-06-20 17:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2024-03-18 12:11 - 2021-05-02 11:40 - 000008192 ___SH C:\DumpStack.log.tmp
2024-03-18 12:11 - 2020-11-19 03:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-03-18 12:10 - 2019-12-07 05:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-03-18 12:10 - 2017-06-15 03:19 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2024-03-16 11:40 - 2021-02-04 15:20 - 000000000 ____D C:\Program Files\Common Files\Adobe
2024-03-16 11:37 - 2021-02-04 15:35 - 000000000 ____D C:\Program Files\Adobe
2024-03-16 11:29 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-03-16 11:23 - 2020-11-19 03:30 - 000336168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-03-16 11:17 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-03-16 11:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-03-16 11:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-03-16 11:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-03-16 11:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-03-16 11:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-03-16 11:17 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\servicing
2024-03-16 11:16 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-03-16 11:08 - 2018-05-04 22:10 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Local\Packages
2024-03-16 10:06 - 2020-11-19 03:32 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-03-16 09:54 - 2024-01-13 20:39 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1936981840-1978000543-3804904241-1001
2024-03-16 09:54 - 2021-05-02 12:17 - 000003390 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1936981840-1978000543-3804904241-1001
2024-03-16 09:54 - 2021-05-02 09:52 - 000002423 _____ C:\Users\Buckner Plumbing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-03-14 16:09 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-03-14 15:55 - 2020-11-19 03:32 - 003017216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-03-14 14:55 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-03-14 14:48 - 2020-11-19 03:30 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-03-14 14:45 - 2017-03-17 15:32 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-03-14 14:31 - 2017-03-17 15:32 - 190470136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-03-09 13:12 - 2016-10-21 08:37 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2024-03-07 18:01 - 2017-01-10 05:57 - 000000000 ____D C:\ProgramData\Realtek
2024-03-07 18:00 - 2017-03-21 10:37 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-03-07 17:47 - 2021-05-02 12:17 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2024-03-06 00:42 - 2017-03-21 10:37 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-03-05 23:24 - 2020-11-19 03:32 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-03-05 23:24 - 2020-11-19 03:32 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-03-04 05:31 - 2017-04-18 01:17 - 000000000 ____D C:\ProgramData\AMD
2024-02-29 14:48 - 2016-10-21 08:33 - 000000000 ____D C:\ProgramData\HP
2024-02-29 14:47 - 2016-10-21 08:33 - 000000000 ____D C:\Program Files\HP
2024-02-29 14:40 - 2020-11-19 03:33 - 000000000 ____D C:\ProgramData\Packages
2024-02-29 13:39 - 2017-06-15 22:41 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Local\HP
2024-02-29 13:39 - 2017-06-15 03:18 - 000000000 ____D C:\Program Files (x86)\HP
2024-02-29 13:39 - 2017-03-17 13:19 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Local\Hewlett-Packard
2024-02-29 13:31 - 2016-10-21 08:31 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2024-02-29 13:25 - 2016-10-21 08:33 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2024-02-29 13:24 - 2017-03-17 13:19 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Roaming\hpqLog
2024-02-29 13:24 - 2016-10-21 08:33 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2024-02-29 13:21 - 2016-08-23 15:10 - 000000000 ____D C:\SWSETUP
2024-02-25 20:47 - 2017-05-06 07:59 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Roaming\Microsoft\MMC
2024-02-25 16:04 - 2017-04-15 02:00 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Roaming\Microsoft\Word
2024-02-25 15:32 - 2021-05-02 09:52 - 000000000 ____D C:\Users\Buckner Plumbing
2024-02-25 15:31 - 2017-03-17 12:22 - 000000000 ___RD C:\Users\Buckner Plumbing\OneDrive
2024-02-25 15:27 - 2021-05-02 12:17 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-02-25 15:22 - 2024-01-29 21:43 - 000002121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk
2024-02-25 15:22 - 2024-01-29 21:43 - 000002110 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-02-25 14:39 - 2021-05-03 13:04 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2024-02-25 14:26 - 2021-02-04 16:45 - 000000000 ____D C:\Program Files\ruxim
2024-02-25 14:26 - 2018-01-13 07:59 - 000000000 ____D C:\Program Files\rempl
2024-02-25 12:37 - 2024-01-13 20:11 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Roaming\com.adobe.dunamis
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Com
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2024-02-24 23:23 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2024-02-24 23:23 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\IME
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Windows Defender
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\System
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2024-02-24 23:22 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemApps
2024-02-24 23:22 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\appcompat
2024-02-24 22:57 - 2019-12-07 05:52 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2024-02-24 22:57 - 2019-12-07 05:52 - 000020827 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2024-02-24 22:57 - 2019-12-07 05:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2024-02-24 22:57 - 2019-12-07 05:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2024-02-24 20:16 - 2021-05-02 12:17 - 000003506 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2024-02-24 20:15 - 2024-01-13 20:00 - 000003530 _____ C:\WINDOWS\system32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0
2024-02-24 19:55 - 2017-06-15 03:19 - 000000000 ____D C:\Program Files\AMD
2024-02-24 19:51 - 2017-06-15 03:19 - 000000000 ____D C:\AMD
2024-02-24 19:51 - 2017-03-17 12:21 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Local\AMD
2024-02-24 19:41 - 2017-06-15 03:20 - 000001851 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS Audio Control.lnk
2024-02-24 19:40 - 2017-06-15 03:20 - 000057556 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2024-02-24 19:38 - 2017-06-15 03:20 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2024-02-24 18:51 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2024-02-24 18:37 - 2019-12-07 05:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2024-02-24 17:52 - 2017-03-21 10:39 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\LocalLow\Mozilla

==================== Files in the root of some directories ========

2017-03-17 12:19 - 2024-03-19 06:01 - 001314973 _____ () C:\Users\Buckner Plumbing\AppData\Local\BTServer.log
2018-10-26 12:52 - 2018-10-26 12:52 - 000000000 _____ () C:\Users\Buckner Plumbing\AppData\Local\oobelibMkey.log
2024-03-09 13:19 - 2024-03-09 13:19 - 000000017 _____ () C:\Users\Buckner Plumbing\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18.03.2024
Ran by Buckner Plumbing (19-03-2024 06:22:07)
Running from C:\Users\Buckner Plumbing\OneDrive\Desktop
Microsoft Windows 10 Home Version 22H2 19045.4170 (X64) (2021-05-02 16:20:08)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1936981840-1978000543-3804904241-500 - Administrator - Disabled)
Buckner Plumbing (S-1-5-21-1936981840-1978000543-3804904241-1001 - Administrator - Enabled) => C:\Users\Buckner Plumbing
DefaultAccount (S-1-5-21-1936981840-1978000543-3804904241-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1936981840-1978000543-3804904241-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-1936981840-1978000543-3804904241-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1936981840-1978000543-3804904241-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Disabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Disabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{13DA9C7C-EBFB-40D0-94A1-55B42883DF21}) (Version: 21.2.1 - HP Inc.) Hidden
ACP Application (HKLM\...\{FC5382F1-9A21-5071-E376-C401639D8227}) (Version: 2016.0809.2131.47 - Advanced Micro Devices, Inc.) Hidden
Adobe Acrobat (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 23.008.20555 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 6.1.0.587 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.4.0.63 - Adobe Inc.)
Adobe Illustrator 2020 (HKLM-x32\...\ILST_24_3) (Version: 24.3 - Adobe Inc.)
Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_1_1) (Version: 22.1.1.138 - Adobe Inc.)
Adobe Reader XI (11.0.23) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601053}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AMD Install Manager (HKLM\...\{870A7CB1-9CC6-98C6-0CFC-110F4E70395B}) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.) Hidden
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2017.0620.401.5401 - Advanced Micro Devices, Inc.)
Barn Yarn Collector's Edition (HKLM-x32\...\WTA-67b4db76-3743-45bd-b82a-ec7c5e521b94) (Version: 3.0.2.48 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.5.6909 - CyberLink Corp.)
CyberLink PowerDirector 14 (HKLM-x32\...\{6BADCD73-E925-46F7-A295-FF2448632728}) (Version: 14.0.2.3309 - CyberLink Corp.)
Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.863.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
FLIR Tools (HKLM-x32\...\{1E4B41AC-E594-4101-A677-FC23FA0BC0FE}) (Version: 5.13.18031.2002 - FLIR Systems) Hidden
FLIR Tools (HKLM-x32\...\{1f3093d4-5da7-4bb6-8e45-ef8f7ffb9b04}) (Version: 5.13.18031.2002 - FLIR Systems)
FLIR Tools English Documentation (HKLM-x32\...\{037C1BC6-8980-4C11-A648-62FD924256FD}) (Version: 5.13.18031.2002 - FLIR Systems) Hidden
HP Audio Switch (HKLM-x32\...\{0C5D69BD-B518-46DB-8471-506CD27F9478}) (Version: 1.0.138.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM\...\{2CB12285-90BF-469F-B973-34495ABAF048}) (Version: 5.2.20454 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{5C690381-6AF5-4374-B50C-02F0390E9980}) (Version: 5.2.20454 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{D711D91A-127D-4A11-BA83-634868AD8016}) (Version: 5.2.20454 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{EA274518-738D-4A48-A1CB-596173D4C6A2}) (Version: 5.2.20454 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{03ED1397-7E72-4F6E-A0F0-2994A0A13421}) (Version: 5.2.20454 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{5b1a1d22-bd59-44e0-a954-e2f18ec43a23}) (Version: 5.2.20454 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{B9ADB0F9-459B-4E6B-A021-0F38C73FC060}) (Version: 5.2.20454 - HP Inc.) Hidden
HP JumpStart Bridge (HKLM-x32\...\{9B252E0D-7B31-48A6-B01E-B5CCBA286E8E}) (Version: 1.1.0.168 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{B90CB0DE-2E60-41C4-9857-466EB98192BF}) (Version: 1.1.158.0 - HP Inc.)
HP Orbit (HKLM\...\{1A083C69-5382-4CF9-8074-80EC050D9FC8}) (Version: 3.5.171.271 - HP) Hidden
HP Orbit (HKLM-x32\...\{82b971c1-85fa-4c53-ada1-4ec6be0c0c8a}) (Version: 3.5.171.271 - HP Inc.)
HP Orbit Service (HKLM\...\{B384505E-0FE1-4A0F-9E92-7C592276E0A4}) (Version: 2.5.171.271 - HP Inc) Hidden
HP Recovery Manager (HKLM-x32\...\{64BAA990-F1FC-4145-A7B1-E41FBBC9DA47}) (Version: 1.2.1510 - HP) Hidden
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8357.5639 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{C85AC2ED-2305-4137-A8BA-CC628F635C82}) (Version: 12.18.34.21 - HP Inc.)
HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.29 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.14 - HP Inc.)
IPCMultiViewSetup (HKLM-x32\...\{1C375B52-884F-40C1-A962-7F20048A7420}) (Version: 1.0.0 - IPCamera)
Letter Quest - Grimm's Journey (HKLM-x32\...\WTA-cb7f0e76-9578-4ef3-b7a8-b96046b1ca07) (Version: 3.0.2.118 - WildTangent) Hidden
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0.1 - McAfee, Inc.)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.17328.20162 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 122.0.2365.92 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 122.0.2365.92 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\...\OneDriveSetup.exe) (Version: 24.040.0225.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (HKLM\...\{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (HKLM\...\{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (HKLM-x32\...\{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (HKLM-x32\...\{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31326 (HKLM-x32\...\{2d507699-404c-4c8b-a54a-38e352f32cdd}) (Version: 14.32.31326.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31326 (HKLM-x32\...\{817e21c1-6b3a-4bc1-8c49-67e4e1887b3a}) (Version: 14.32.31326.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31326 (HKLM\...\{38624EB5-356D-4B08-8357-C33D89A5C0C5}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31326 (HKLM\...\{C96241EA-9900-4FE8-85B3-1E238D509DF6}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31326 (HKLM-x32\...\{A250E750-DB3F-40C1-8460-8EF77C7582DA}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31326 (HKLM-x32\...\{46E11E7F-01E1-44D0-BB86-C67342D253DD}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 123.0.1 (x64 en-US)) (Version: 123.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.3 - Mozilla)
Mystika 2 (HKLM-x32\...\WTA-bb06e8c0-4b81-425c-804a-6267ade1aa0f) (Version: 1.1.2.4 - WildTangent) Hidden
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.17328.20142 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.17328.20142 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.17328.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14026.20246 - Microsoft Corporation) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.57 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8117 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.76 - REALTEK Semiconductor Corp.)
Runefall (HKLM-x32\...\WTA-18546825-9881-4edf-8e4e-c545a50bfc3f) (Version: 3.0.2.126 - WildTangent) Hidden
Sparkle 2 (HKLM-x32\...\WTA-87ecc590-42a0-4281-9334-6cdc2fbd2c65) (Version: 3.0.2.51 - WildTangent) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.5.10.75 - Synaptics Incorporated)
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{0746492E-47B6-4251-940C-44462DFD74BB}) (Version: 2.55.0.0 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
UpdateAssistant (HKLM\...\{76A22428-2400-4521-96AF-7AC4A6174CA5}) (Version: 1.25.0.0 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.)
WebPlugin version 1.0.1.323 (HKLM-x32\...\{70019763-8886-4723-AFD6-D920B0E2F4AE}_is1) (Version: 1.0.1.323 - DVR Soft.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.1.1.14 - WildTangent) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23214 - Microsoft Corporation)
Windows Driver Package - SeeSnake (CXCVBS) Media (10/01/2009 6.0.114.0) (HKLM\...\406A683F4E027049BD7ACBF3299A2FF13C802FFC) (Version: 10/01/2009 6.0.114.0 - SeeSnake)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )

Packages:
=========

Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2021-01-29] (Adobe Systems Incorporated)
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc [2024-01-13] (Adobe Systems Incorporated)
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2021-02-04] (Amazon.com)
Facebook -> C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2023.531.1.0_x64__8xx8rvfyw5nnt [2024-01-29] (Meta)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6 [2017-03-17] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6 [2024-02-29] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-05-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-05-03] (Microsoft Corporation) [MS Ad]
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2402.13001.0_x64__8wekyb3d8bbwe [2024-02-29] (Microsoft Corporation) [Startup Task]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2024-01-29] (Netflix, Inc.)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.19.1262.0_x64__8wekyb3d8bbwe [2024-02-29] (Microsoft Studios) [MS Ad]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-17] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1936981840-1978000543-3804904241-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-4AD7BFE68F30} -> [Creative Cloud Files] => C:\Users\Buckner Plumbing\Creative Cloud Files [2021-02-04 15:06]
CustomCLSID: HKU\S-1-5-21-1936981840-1978000543-3804904241-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-1936981840-1978000543-3804904241-1001_Classes\CLSID\{C591CFEA-E432-495d-A0BE-58E4CCD87B17}\Shell\Open\Command -> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll",ShowDevicePropPage 1
CustomCLSID: HKU\S-1-5-21-1936981840-1978000543-3804904241-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-03-16] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-03-16] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-03-16] (Adobe Inc. -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-03-16] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2017-05-31] (McAfee, Inc. -> McAfee, Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-06-20] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-03-16] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2017-05-31] (McAfee, Inc. -> McAfee, Inc.)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [57344 2008-12-17] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://secure.rezserver.com/sdk/v1/LinkFwd?refid=7684&destination=priceline&refclickid=square

==================== Loaded Modules (Whitelisted) =============

2016-09-14 00:14 - 2016-09-14 00:14 - 000011776 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 002013696 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000739840 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000191488 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000071168 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2024-03-09 14:23 - 2024-03-09 14:23 - 000138752 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\fac6974d57966cdb701c5c384473c92b\BRIDGECommon.ni.dll
2024-03-09 14:25 - 2024-03-09 14:25 - 000114688 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\f3902a60ab4bbd98705839eaad6427a3\BridgeExtension.ni.dll
2016-10-21 08:37 - 2016-10-21 08:37 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\AppVIsvSubsystems32.dll
2016-10-21 08:37 - 2016-10-21 08:37 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\c2r32.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000049664 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qdds.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000029696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000037376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000459776 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjp2.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000236544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000275456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qmng.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000023552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000022528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000351744 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtiff.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000374784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 001212416 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 000912384 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 005496320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 005804544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 001061376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 003187712 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 002924544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 000310784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 005444608 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 000277504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 000193024 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {3EB731EC-856E-45EE-8468-F26F4FD58DEE} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {3EB731EC-856E-45EE-8468-F26F4FD58DEE} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1936981840-1978000543-3804904241-1001 -> {3EB731EC-856E-45EE-8468-F26F4FD58DEE} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2024-03-09] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2024-02-01] (HP Inc. -> HP Inc.)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2024-02-01] (HP Inc. -> HP Inc.)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1936981840-1978000543-3804904241-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated)
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=3791
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-03-09] (Microsoft Corporation -> Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2017-05-31] (McAfee, Inc. -> McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2017-05-31] (McAfee, Inc. -> McAfee, Inc.)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 07:47 - 2016-07-16 07:45 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1936981840-1978000543-3804904241-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "BtServer"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKLM\...\StartupApproved\Run32: => "HPRadioMgr"
HKLM\...\StartupApproved\Run32: => "SeeSnakeHQUpdater"
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_3C524E9FA40EF560AE6A5D7D0ECDB354"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{738AA787-A5B3-457C-A90D-82CA9720D8BB}] => (Allow) C:\ProgramData\FLIR Systems\FLIR Tools\Updates\FLIR Tools Updater.exe (FLIR Systems AB -> FLIR Systems)
FirewallRules: [{3016D91E-A4CE-46AC-BD0B-A790539EE6CA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3C5D89BF-2B7B-422C-8394-8E84767E22EC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EDD6128C-87DF-4970-85C2-5476E9B2D671}] => (Allow) LPort=13148
FirewallRules: [{38F80664-20C9-4699-B638-6FE643FFEE2A}] => (Allow) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe (HP Inc. -> HP Inc.)
FirewallRules: [{C7612779-155D-4606-BFF4-87E83C90E658}] => (Allow) C:\Program Files\CyberLink\PowerDirector14\PDR10.EXE => No File
FirewallRules: [{D6E8D63F-F43F-4A74-9579-A3BC6EB32FC0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{19B35FA3-14D8-4DF8-8DDA-2FF5718DBA6A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe (CyberLink Corp. -> CyberLink)
FirewallRules: [{A3D63267-65E0-48F1-ABD4-35C5E7C31017}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe => No File
FirewallRules: [{221EB7E1-1BF2-4984-BC38-2F9C1A505842}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{D0712CC8-4A8F-4219-9C4A-20A1FA18BF66}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{4FB083F8-DFC0-42AC-BBC0-A0D54B40264A}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{A09E4E47-B373-4662-A9FB-00848FD03D0B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E3C0F766-80C8-48F0-8790-5ED0B69192C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1E2F9E56-8481-47BD-8944-E0FB91443C58}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BD374420-B398-493D-8F4B-8014EA18F582}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1137CCD9-B9D0-4859-8EDC-68DD8020D178}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F160D60D-E2DB-4DAE-BEB1-87BCD66F0F45}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{494E55EC-909D-4711-BFA8-6FF0188C8BF8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F1BDDF4D-82F6-4758-8276-B31F926DA13E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.114.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4D9BD41B-506D-4E99-9ED2-C362B96D62DC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.114.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{36385761-3028-47E4-A9E7-B82096F0335E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.114.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{897EC260-CB95-4462-9C9B-202D536F7B16}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.114.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{00B510DA-B6D4-4B36-879E-F521BE80078E}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.92\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

09-03-2024 14:33:36 Scheduled Checkpoint
14-03-2024 15:12:54 Windows Modules Installer

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (03/18/2024 12:16:14 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (03/16/2024 01:30:31 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on RECOVERY (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (03/16/2024 01:30:31 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Windows (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (03/16/2024 11:30:25 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (03/16/2024 11:14:32 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:

Error: (03/16/2024 11:14:19 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:

Error: (03/16/2024 11:14:14 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:

Error: (03/16/2024 11:14:07 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:

System errors:
=============
Error: (03/18/2024 12:11:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The uhssvc service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (03/18/2024 12:11:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the uhssvc service to connect.

Error: (03/18/2024 12:11:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The amdacpksd service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/18/2024 12:09:49 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mccspsvc service.

Error: (03/18/2024 12:09:49 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ModuleCoreService service.

Error: (03/18/2024 12:08:59 PM) (Source: DCOM) (EventID: 10010) (User: BP-LAPTOP)
Description: The server Microsoft.Windows.Search_1.14.13.19041_neutral_neutral_cw5n1h2txyewy!ShellFeedsUI.AppXfbff151h5bmghg166fvn34ccayg70vts.mca did not register with DCOM within the required timeout.

Error: (03/16/2024 11:22:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The uhssvc service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (03/16/2024 11:22:02 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the uhssvc service to connect.

Windows Defender:
================
Date: 2024-03-18 12:47:35
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.B!ml&threatid=2147735505&enterprise=0
Name: Trojan:Win32/Wacatac.B!ml
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Buckner Plumbing\OneDrive\Desktop\FRST64.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Mozilla Firefox\firefox.exe
Security intelligence Version: AV: 1.407.521.0, AS: 1.407.521.0, NIS: 1.407.521.0
Engine Version: AM: 1.1.24020.9, NIS: 1.1.24020.9

Date: 2024-03-18 12:41:10
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.B!ml&threatid=2147735505&enterprise=0
Name: Trojan:Win32/Wacatac.B!ml
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Buckner Plumbing\Downloads\FRST64.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Mozilla Firefox\firefox.exe
Security intelligence Version: AV: 1.407.521.0, AS: 1.407.521.0, NIS: 1.407.521.0
Engine Version: AM: 1.1.24020.9, NIS: 1.1.24020.9

Date: 2024-03-18 12:40:16
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.B!ml&threatid=2147735505&enterprise=0
Name: Trojan:Win32/Wacatac.B!ml
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Buckner Plumbing\Downloads\FRST64.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Mozilla Firefox\firefox.exe
Security intelligence Version: AV: 1.407.521.0, AS: 1.407.521.0, NIS: 1.407.521.0
Engine Version: AM: 1.1.24020.9, NIS: 1.1.24020.9

Date: 2024-03-18 12:40:08
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.B!ml&threatid=2147735505&enterprise=0
Name: Trojan:Win32/Wacatac.B!ml
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Buckner Plumbing\Downloads\FRST64.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.407.521.0, AS: 1.407.521.0, NIS: 1.407.521.0
Engine Version: AM: 1.1.24020.9, NIS: 1.1.24020.9

Date: 2024-03-18 12:38:00
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.B!ml&threatid=2147735505&enterprise=0
Name: Trojan:Win32/Wacatac.B!ml
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Buckner Plumbing\Downloads\FRST64.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.407.521.0, AS: 1.407.521.0, NIS: 1.407.521.0
Engine Version: AM: 1.1.24020.9, NIS: 1.1.24020.9
Event[0]:

Date: 2024-02-24 17:17:29
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.2952.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

Date: 2024-02-24 17:17:29
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.2952.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

Date: 2024-02-24 17:17:29
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.2952.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

Date: 2024-02-24 15:15:31
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.2917.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

Date: 2024-02-24 15:15:31
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.2917.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

CodeIntegrity:
===============
Date: 2024-03-19 06:11:55
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.

Date: 2024-03-18 13:47:06
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2024-03-18 12:40:29
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

BIOS: Insyde F.21 10/27/2016
Motherboard: HP 81F9
Processor: AMD A10-9600P RADEON R5, 10 COMPUTE CORES 4C+6G
Percentage of memory in use: 85%
Total physical RAM: 7647.12 MB
Available physical RAM: 1091.52 MB
Total Virtual: 11999.12 MB
Available Virtual: 2453.51 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:916.59 GB) (Free:824.23 GB) (Model: TOSHIBA MQ01ABD100) NTFS
Drive d: (RECOVERY) (Fixed) (Total:13.69 GB) (Free:1.65 GB) (Model: TOSHIBA MQ01ABD100) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{7de8c6a7-9a55-438d-afb1-8e8177dab4fa}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.35 GB) NTFS
\\?\Volume{771c2074-a093-44da-aa77-3c96a07fbad7}\ () (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 395B16A8)

Partition: GPT.

==================== End of Addition.txt =======================

#4 polskamachina

Malware Response Team
5,622 posts
ONLINE

Gender:Male
Location:California
Local time:09:30 PM

Posted 20 March 2024 - 05:18 PM

Hi jcol1227

Good job posting the FRST logs. The reason you were unable to download the FRST program was because Windows Defender flagged it as malware when it shouldn't have. This can happen sometimes when the FRST program is updated and Microsoft didn't get the memo to whitelist it.

I see you have some McAfee products installed but they have been disabled. I highly suggest that you remove the McAfee programs as they can cause some performance issues. Let me know if you agree to remove them and I'll send you instructions on how to uninstall them without leaving any leftovers.

Let's begin with the following: Note: The fix below will empty out your temporary files and folders as well as your Recycle Bin. If you have anything in there that you'd like to retrieve, now is the time to salvage them. Also, it may clear out your browsers' cahce and cookies. Make sure you write down down or memorize any of your saved usernames and passwords as you may be asked to login to those website again.

Highlight the text below in its entirety and press Ctrl-C to copy it to your clipboard (there is no need to paste it anywhere)

Start::
CreateRestorePoint:
CloseProcesses:
Task: {F41A5686-0C4B-4DC5-B690-9FFA9277798F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {6D6A088A-43AD-4B05-B4B2-749D9AB2430F} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_445_Plugin.exe  -check plugin (No File)
Task: {9EB466A8-E0FF-4062-8692-434A1F4CBF55} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe  (No File)
Task: {EE4D1B9A-DCE6-4B28-BD07-D5B3360FE63A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe  /f (No File)
Task: {F718C6AF-261D-4DCF-8535-6B325EBDE51A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe  /DeviceScanR6 (No File)
Task: {21F8480D-296A-408C-9EEA-B86A80EC60BA} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => %ProgramFiles%\CUAssistant\culauncher.exe  (No File)
U3 mfeavfk01; no ImagePath
FirewallRules: [{C7612779-155D-4606-BFF4-87E83C90E658}] => (Allow) C:\Program Files\CyberLink\PowerDirector14\PDR10.EXE => No File
FirewallRules: [{A3D63267-65E0-48F1-ABD4-35C5E7C31017}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe => No File
HKLM\...\RunOnce: [!BCILauncher] => C:\WINDOWS\Temp\MUBSTemp\BCILauncher.EXE [18464 2024-03-19] (Microsoft Corporation -> ) <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
S2 amdacpksd; \??\C:\WINDOWS\system32\drivers\amdacpksd.sys [X]
EmptyTemp:
End::

Run FRST64
Click on Fix
When the fix completes, you will be asked to restart your computer
Please close all open windows and allow the restart
When the restart has completed, the file, Fixlog.txt will have been placed onto your Desktop (or whatever folder from which you launched the program)
Copy and paste that file into your next reply to me

Download AdwCleaner and save it to your Desktop
Right-click on AdwCleaner.exe and select Run as Administrator
Accept the EULA (I accept), then click on Scan Now
Let the scan complete
Once the scan completes, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button
Subsequently you may be asked to Run Basic Repair. This is optional. I would suggest holding off on this for now.
Once the cleaning process is complete, AdwCleaner will ask you to restart your computer
Close all other open windows and allow it to restart
After the restart, Notepad will open with the AdwCleaner cleaning log
Please copy and paste the contents of that log into your next reply to me

Next:

ESET Online Scanner:

Download ESET Online Scanner from the ESET website by clicking the ONE-TIME SCAN button on that webpage
Double-click the esetonlinescanner.exe file you downloaded to run the application
Select product language
Click Get started and confirm the User access control dialog of Windows
In the Terms of use screen, click Accept if you agree to the Terms of use. After accepting the terms of use, the shortcut for ESET Online Scanner is created on your Desktop
Click Get started in the welcome screen
Select whether or not you want to join the Customer Experience Improvement Program, and whether or not to enable the feedback system, then click Continue
Select the Full Scan type
Select the choice to enable detections of potentially unwanted applications (PUA)
After the detection module updates are downloaded, the scan starts. Scan progress is shown via the progress bar along with the path and title of file being scanned. You can pause or cancel the scan at any time
Note: The scan make take several hours depending on how many files are on your computer..When the scan has finished and if threats have been detected, click Save scan log and save the text file with a unique name such as, ESET results.txt then click Continue.
Copy and paste the contents of this ESET results report into your next reply to me (If no threats were detected, you do not need to save the results)
The following steps are optional and are not required
- If there has been no ESET security product detected on your machine, and your user account has administrator privileges, ESET Online Scanner will offer you to turn on Periodic scan. This choice is up to you
- In the Thank you for using ESET Online Scanner screen you can rate the application and leave feedback. In addition, to delete all detection modules and settings of ESET Online Scanner configured in previous steps, select Delete application's data on closing
- Click Submit and close if you rated the application and/or left a feedback, or click Close without feedback
Click Finish to exit ESET Online Scanner

Run FRST64
Click on Scan
When the scan completes, please copy and paste FRST.txt and Addition.txt into your next reply to me

In summary I will need from you:

Fixlog.txt
AdwCleaner cleaning log
ESET scan log (if threats were found)
FRST.txt
Addition.txt
Do you agree to remove the McAfee security programs?
How is your computer performing now?

Let me know if you have any questions.

polskamachina

If I have made your computing life easier, please consider making a contribution.

#5 jcol1227

Topic Starter

Members
23 posts
OFFLINE

Local time:12:30 AM

Posted 21 March 2024 - 05:06 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 19.03.2024
Ran by Buckner Plumbing (20-03-2024 19:20:24) Run:1
Running from C:\Users\Buckner Plumbing\OneDrive\Desktop
Loaded Profiles: defaultuser0 & Buckner Plumbing
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
Task: {F41A5686-0C4B-4DC5-B690-9FFA9277798F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {6D6A088A-43AD-4B05-B4B2-749D9AB2430F} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_445_Plugin.exe -check plugin (No File)
Task: {9EB466A8-E0FF-4062-8692-434A1F4CBF55} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (No File)
Task: {EE4D1B9A-DCE6-4B28-BD07-D5B3360FE63A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /f (No File)
Task: {F718C6AF-261D-4DCF-8535-6B325EBDE51A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe /DeviceScanR6 (No File)
Task: {21F8480D-296A-408C-9EEA-B86A80EC60BA} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => %ProgramFiles%\CUAssistant\culauncher.exe (No File)
U3 mfeavfk01; no ImagePath
FirewallRules: [{C7612779-155D-4606-BFF4-87E83C90E658}] => (Allow) C:\Program Files\CyberLink\PowerDirector14\PDR10.EXE => No File
FirewallRules: [{A3D63267-65E0-48F1-ABD4-35C5E7C31017}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe => No File
HKLM\...\RunOnce: [!BCILauncher] => C:\WINDOWS\Temp\MUBSTemp\BCILauncher.EXE [18464 2024-03-19] (Microsoft Corporation -> ) <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
S2 amdacpksd; \??\C:\WINDOWS\system32\drivers\amdacpksd.sys [X]
EmptyTemp:
End::
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F41A5686-0C4B-4DC5-B690-9FFA9277798F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F41A5686-0C4B-4DC5-B690-9FFA9277798F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6D6A088A-43AD-4B05-B4B2-749D9AB2430F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D6A088A-43AD-4B05-B4B2-749D9AB2430F}" => removed successfully
C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player NPAPI Notifier" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9EB466A8-E0FF-4062-8692-434A1F4CBF55}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9EB466A8-E0FF-4062-8692-434A1F4CBF55}" => removed successfully
C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE4D1B9A-DCE6-4B28-BD07-D5B3360FE63A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE4D1B9A-DCE6-4B28-BD07-D5B3360FE63A}" => removed successfully
C:\WINDOWS\System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F718C6AF-261D-4DCF-8535-6B325EBDE51A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F718C6AF-261D-4DCF-8535-6B325EBDE51A}" => removed successfully
C:\WINDOWS\System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{21F8480D-296A-408C-9EEA-B86A80EC60BA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21F8480D-296A-408C-9EEA-B86A80EC60BA}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\CUAssistant\CULauncher" => removed successfully
HKLM\System\CurrentControlSet\Services\mfeavfk01 => removed successfully
mfeavfk01 => service removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C7612779-155D-4606-BFF4-87E83C90E658}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A3D63267-65E0-48F1-ABD4-35C5E7C31017}" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\!BCILauncher" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate => removed successfully
HKLM\System\CurrentControlSet\Services\amdacpksd => removed successfully
amdacpksd => service removed successfully

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 58575518 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 1322 B
Windows/system/drivers => 29765311 B
Edge => 0 B
Firefox => 2023347749 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
ProgramData => 6656 B
Public => 6656 B
systemprofile => 6656 B
systemprofile32 => 6656 B
LocalService => 77116 B
NetworkService => 264365680 B
defaultuser0 => 264372336 B
Buckner Plumbing => 1187823004 B

RecycleBin => 73277 B
EmptyTemp: => 3.6 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 19:37:09 ====

# -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build:    03-04-2024
# Database: 2024-03-04.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    03-20-2024
# Duration: 00:00:29
# OS:       Windows 10 (Build 19045.4170)
# Cleaned: 55
# Failed:   0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Users\Buckner Plumbing\Downloads\fst

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted       Preinstalled.HPAudioSwitch   Folder   C:\Program Files (x86)\HP\HPAUDIOSWITCH
Deleted       Preinstalled.HPAudioSwitch   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{819D5087-D3D3-4284-A504-CBF67206D977}
Deleted       Preinstalled.HPAudioSwitch   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPAudioSwitch
Deleted       Preinstalled.HPAudioSwitch   Task   C:\Windows\System32\Tasks\HPAUDIOSWITCH
Deleted       Preinstalled.HPJumpStartBridge   Folder   C:\Program Files (x86)\HP\HP JUMPSTART BRIDGE
Deleted       Preinstalled.HPJumpStartBridge   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BAE8BCA8-782B-4423-B75B-2CA1044C0B3C}
Deleted       Preinstalled.HPJumpStartBridge   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPJumpStartProvider
Deleted       Preinstalled.HPJumpStartBridge   Task   C:\Windows\System32\Tasks\HPJUMPSTARTPROVIDER
Deleted       Preinstalled.HPJumpStartLaunch   Folder   C:\Program Files (x86)\HP\HP JUMPSTART LAUNCH
Deleted       Preinstalled.HPOrbit   Folder   C:\Program Files\HP\HP ORBIT
Deleted       Preinstalled.HPOrbit   Folder   C:\Program Files\HP\HP ORBIT SERVICE
Deleted       Preinstalled.HPOrbit   Folder   C:\ProgramData\HP\HP ORBIT
Deleted       Preinstalled.HPOrbit   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1A083C69-5382-4CF9-8074-80EC050D9FC8}
Deleted       Preinstalled.HPOrbit   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B384505E-0FE1-4A0F-9E92-7C592276E0A4}
Deleted       Preinstalled.HPRegistrationService   Folder   C:\Program Files (x86)\HP\HP REGISTRATION SERVICE
Deleted       Preinstalled.HPRegistrationService   Folder   C:\ProgramData\HP\HP REGISTRATION SERVICE
Deleted       Preinstalled.HPRegistrationService   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D1E8F2D7-7794-4245-B286-87ED86C1893C}
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\HP\SUPPORT
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Users\Buckner Plumbing\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Registry   HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6FA09B91-5D97-45A9-95E9-50F635C98043}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{C85AC2ED-2305-4137-A8BA-CC628F635C82}
Deleted       Preinstalled.HPSureConnect   Folder   C:\Program Files (x86)\HP INC\HP SURE CONNECT
Deleted       Preinstalled.HPSureConnect   Folder   C:\Program Files\HPCOMMRECOVERY
Deleted       Preinstalled.HPSureConnect   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6468C4A5-E47E-405F-B675-A70A70983EA6}
Deleted       Preinstalled.WildTangentGamesBundle   File   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - hp.lnk
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\BARN YARN COLLECTORS EDITION
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\LETTER QUEST - GRIMMS JOURNEY
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\MYSTIKA 2
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\RUNEFALL
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\SPARKLE 2
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDTANGENT GAMES
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDTANGENT GAMES\APP
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent wildgames Master Uninstall
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-vegasworld
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-hp-freegames
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-hp-genres
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-hp-main
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [8051 octets] - [20/03/2024 19:47:53]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

======ESET SCAN LOG=====

03/21/24 2:48:16 AM
Scanned files: 594694
Detected files: 1
Cleaned files: 1
Total scan time 05:46:11
Scan status: Finished
C:\Recovery\OEM\Point_D\BiosReadBack\DT\samifldrv64.sys Win64/AMI.J potentially unsafe application cleaned by deleting

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.03.2024
Ran by Buckner Plumbing (administrator) on BP-LAPTOP (HP HP Notebook) (21-03-2024 17:29:11)
Running from C:\Users\Buckner Plumbing\OneDrive\Desktop\FRST64.exe
Loaded Profiles: Buckner Plumbing
Platform: Microsoft Windows 10 Home Version 22H2 19045.4170 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Crash Processor.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Creative Cloud UI Helper.exe <4>
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe <2>
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe <2>
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\mcafee\MfeAV\MfeAVSvc.exe
(C:\Program Files\HP\HP Enabling Services\NetworkCap.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\BridgeCommunication.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ESET, spol. s r.o. -> ESET) C:\Users\Buckner Plumbing\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe <2>
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Buckner Plumbing\AppData\Local\Microsoft\OneDrive\24.040.0225.0003\Microsoft.SharePoint.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <33>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> ) C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(services.exe ->) (CyberLink Corp. -> CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
(services.exe ->) (McAfee, Inc. -> Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(services.exe ->) (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\McCSPServiceHost.exe
(services.exe ->) (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <2>
(services.exe ->) (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\mcsvchost\McSvHost.exe
(services.exe ->) (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(services.exe ->) (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
(services.exe ->) (McAfee, Inc. -> McAfee, Inc.) C:\Windows\System32\mfevtps.exe <2>
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(svchost.exe ->) (Adobe Systems Incorporated -> ) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(svchost.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9217024 2017-04-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [231640 2016-09-20] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4096992 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [705784 2016-06-20] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2024-01-13] (Adobe Inc. -> )
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [8731040 2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\...\Run: [MicrosoftEdgeAutoLaunch_3C524E9FA40EF560AE6A5D7D0ECDB354] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4060608 2024-03-07] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\hpcpp196: C:\Windows\System32\spool\prtprocs\x64\hpcpp196.dll [758000 2017-02-14] (HP Inc. -> HP Inc.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [203936 2024-01-13] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\HP Universal Print Monitor: C:\WINDOWS\system32\HPMPW081.DLL [127728 2017-02-14] (HP Inc. -> HP Inc.)
HKLM\...\Print\Monitors\HPMLM190: C:\WINDOWS\system32\hpmlm190.dll [310696 2017-02-14] (HP Inc. -> HP Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP JumpStart Launch.lnk [2017-01-10]
ShortcutTarget: HP JumpStart Launch.lnk -> c:\Windows\Installer\{B90CB0DE-2E60-41C4-9857-466EB98192BF}\HPlogo_blue.ico () [File not signed]

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {88C3785B-77B3-4DC2-AA20-B646069AC8A3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {25B551F9-7C7F-4F1E-AB30-D2B1CF1761DD} - System32\Tasks\Adobe Creative Cloud => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [1131488 2024-01-13] (Adobe Inc. -> Adobe Inc.)
Task: {505703A0-6780-44E9-83F5-9132DAC01B04} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4096992 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {363A5FD7-DDD4-46DA-9EAB-3B3429497F71} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [4434400 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {4A7C5211-7393-4C3E-8208-B4580CAA4171} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [584488 2016-09-21] (Dropbox, Inc -> )
Task: {F8022533-4096-4FC4-B348-6E3AA1BB9813} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-01-29] (Dropbox, Inc -> Dropbox, Inc.)
Task: {938E617C-282A-4726-B4F4-AA8A92A2581D} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-01-29] (Dropbox, Inc -> Dropbox, Inc.)
Task: {B4CCC76C-CE99-45A5-9013-0D69C8B119FD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [703536 2024-02-01] (HP Inc. -> HP Inc.)
Task: {CC3CD0DC-A784-4338-B339-942254500380} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2024-02-01] (HP Inc. -> HP Inc.)
Task: {47FE9080-3210-4D46-9A8A-F036DD28E404} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1161264 2024-02-01] (HP Inc. -> HP Inc.)
Task: {36A8DDF7-B1D0-4A9A-A58C-B4DD9F8326CE} - System32\Tasks\HPEA3JOBS => C:\Program -> Files\HP\HP ePrint\hpeprint.exe /CheckJobs
Task: {223E241F-46DC-4DEF-8067-362F3E5CFF38} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4565040 2023-07-17] (McAfee, LLC -> McAfee, LLC)
Task: {3F096479-7DB0-4BB7-8087-B54B2CDC8E78} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1012344 2017-05-25] (McAfee, Inc. -> McAfee, Inc.)
Task: {2827F75E-E29E-42D0-9F58-86680AA96E35} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1012344 2017-05-25] (McAfee, Inc. -> McAfee, Inc.)
Task: {47C0E76F-67D9-4354-807C-081859F79BBF} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [745296 2017-05-31] (McAfee, Inc. -> McAfee, Inc.)
Task: {EB05428C-84E0-4BFF-9530-CB92D31AB621} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28491744 2024-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {19579CBF-5A68-47B7-A2F8-5985760CB941} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28491744 2024-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {EE2F5648-DED0-4B02-938B-C5E84092CB87} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [220608 2024-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {ED6085B5-DE3A-42D9-BD16-6C521207A000} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [220608 2024-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {442A5E67-2751-47C4-9F85-4D0F69394325} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [342736 2024-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {6390E4D4-D0BB-4053-815B-1189B4FAAB26} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCmdRun.exe [1650024 2024-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C803DEBF-D109-4263-B19C-3522A3428B68} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCmdRun.exe [1650024 2024-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C77C2146-B72D-460D-B947-10E53303F81D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCmdRun.exe [1650024 2024-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {67F0E93C-9B8C-45C7-9E78-8EFFE8624F9F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCmdRun.exe [1650024 2024-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FF19AEF6-FA1F-4BE3-B818-32DCD77A5D51} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [671648 2024-03-05] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {43B402A2-8DBE-45FD-B143-CF19A2E7C111} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-1936981840-1978000543-3804904241-1001 E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [671648 2024-03-05] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {D0BCC693-0878-44E0-B7B1-F2C897B40F85} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34720 2024-02-24] (Mozilla Corporation -> Mozilla Foundation)
Task: {3EC0C88A-D0D9-4E7F-AEF2-A7DDB8721EF0} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [34720 2024-03-05] (Mozilla Corporation -> Mozilla Foundation)
Task: {F9BBC389-A626-4895-975D-D7925CB0414A} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [52104 2017-06-20] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{418c7cc2-f2ba-413a-86bc-89e01001936f}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Buckner Plumbing\AppData\Local\Microsoft\Edge\User Data\Default [2024-03-16]
Edge Extension: (Google Docs Offline) - C:\Users\Buckner Plumbing\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-09]
Edge Extension: (Edge relevant text changes) - C:\Users\Buckner Plumbing\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-29]

FireFox:
========
FF DefaultProfile: upx7vtdc.default
FF ProfilePath: C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\0sx8i1eu.default-release [2024-03-21]
FF DownloadDir: C:\Users\Buckner Plumbing\Downloads
FF ProfilePath: C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default [2024-03-20]
FF Notifications: Mozilla\Firefox\Profiles\upx7vtdc.default -> hxxps://spark.adobe.com
FF Extension: (Firefox All Aboard 1.6) - C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default\Extensions\@all-aboard-v1-6.xpi [2017-05-11] [Legacy]
FF Extension: (Adaware AdBlock) - C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default\Extensions\AdBlockerLavaSoftFF@lavasoft.com.xpi [2024-01-29]
FF Extension: (uBlock Origin) - C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default\Extensions\uBlock0@raymondhill.net.xpi [2024-02-24]
FF Extension: (Block Site) - C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default\Extensions\{07046613-1993-4b66-9dd1-9dd1ce581cb7}.xpi [2020-10-08]
FF Extension: (Re-Pagination) - C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default\Extensions\{6072cb90-a0bd-11da-a746-0800200c9a66}.xpi [2017-09-06] [Legacy]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-06-13] [Legacy]
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-12-07]
FF Extension: (Firefox All Aboard 1.6) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\@all-aboard-v1-6 [2024-03-05] [Legacy]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-07-10] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-05-31] (McAfee, Inc. -> )
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2024-01-13] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @devicesoft.com/np_device_plugin -> C:\Users\Buckner Plumbing\AppData\Roaming\WebPlugins\DVR\npDvrSVideo.dll [2017-05-17] (npDvrSVideo) [File not signed]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-05-31] (McAfee, Inc. -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-02-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File]
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2024-01-13] (Adobe Inc. -> Adobe Systems)

Chrome:
=======
CHR HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2017-06-20] (Advanced Micro Devices, Inc. -> )
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [944096 2024-01-13] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [4555744 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
S2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-08-10] (Advanced Micro Devices) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [125656 2016-09-20] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14097992 2024-03-19] (Microsoft Corporation -> Microsoft Corporation)
R3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1752992 2017-03-29] (McAfee, Inc. -> Intel Security)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-01-29] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-01-29] (Dropbox, Inc -> Dropbox, Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc. -> McAfee, Inc.)
R2 HPAppHelperCap; C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe [891328 2024-02-01] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Program Files\HP\HP Enabling Services\DiagsCap.exe [889896 2024-02-01] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Program Files\HP\HP Enabling Services\NetworkCap.exe [886824 2024-02-01] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe [890408 2024-02-01] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [631800 2016-06-20] (HP Inc. -> HP Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [984480 2017-06-03] (McAfee, Inc. -> McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [419096 2016-04-01] (McAfee, Inc. -> McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc. -> McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\McCSPServiceHost.exe [2139832 2017-05-30] (McAfee, Inc. -> McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc. -> McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc. -> McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc. -> McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [241656 2017-04-30] (McAfee, Inc. -> McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [390656 2017-04-30] (McAfee, Inc. -> McAfee, Inc.)
R3 mfevtp; C:\windows\system32\mfevtps.exe [343544 2017-04-30] (McAfee, Inc. -> McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1543248 2017-05-31] (McAfee, Inc. -> McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc. -> McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2016-06-15] (HP Inc.) [File not signed]
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1042288 2017-05-22] (McAfee, Inc. -> Intel Security, Inc.)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2016-06-15] (HP Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2016-03-23] (CyberLink Corp. -> CyberLink)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\NisSrv.exe [3191272 2024-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MsMpEng.exe [133688 2024-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 GamesAppIntegrationService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe" [X]
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
S2 HP Comm Recover; "C:\Program Files\HPCommRecovery\HPCommRecovery.exe" [X]
S2 HP Orbit Service; "C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe" [X]
S2 HPJumpStartBridge; "c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe" [X]
S2 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [76824 2017-05-02] (McAfee, Inc. -> McAfee, Inc.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [209608 2017-05-31] (McAfee, Inc. -> McAfee, Inc.)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [476176 2017-05-02] (McAfee, Inc. -> McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [353808 2017-05-02] (McAfee, Inc. -> McAfee, Inc.)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [84536 2017-05-02] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [504336 2017-05-02] (McAfee, Inc. -> McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [918544 2017-05-02] (McAfee, Inc. -> McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [495632 2017-04-07] (McAfee, Inc. -> McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [107544 2017-04-07] (McAfee, Inc. -> McAfee, Inc.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [109072 2017-05-02] (McAfee, Inc. -> McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252432 2017-05-02] (McAfee, Inc. -> McAfee, Inc.)
R0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [20928 2024-03-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [603416 2024-03-14] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105752 2024-03-14] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [40200 2023-11-17] (HP Inc. -> HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-03-21 02:48 - 2024-03-21 02:48 - 000000506 _____ C:\Users\Buckner Plumbing\OneDrive\Desktop\ESET_scan.txt
2024-03-20 20:06 - 2024-03-20 20:16 - 000001300 _____ C:\Users\Buckner Plumbing\OneDrive\Desktop\ESET Online Scanner.lnk
2024-03-20 20:04 - 2024-03-20 20:16 - 000001400 _____ C:\Users\Buckner Plumbing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2024-03-20 20:04 - 2024-03-20 20:04 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Local\ESET
2024-03-20 19:57 - 2024-03-20 19:57 - 008389496 _____ (ESET) C:\Users\Buckner Plumbing\OneDrive\Desktop\esetonlinescanner.exe
2024-03-20 19:52 - 2024-03-20 19:52 - 000008921 _____ C:\Users\Buckner Plumbing\OneDrive\Desktop\AdwCleaner[C00].txt
2024-03-20 19:45 - 2024-03-20 19:51 - 000000000 ____D C:\AdwCleaner
2024-03-20 19:44 - 2024-03-20 19:44 - 008790880 _____ (Malwarebytes) C:\Users\Buckner Plumbing\OneDrive\Desktop\adwcleaner.exe
2024-03-20 19:39 - 2024-03-20 19:39 - 000000000 ___HD C:\ProgramData\temp
2024-03-20 19:20 - 2024-03-20 19:37 - 000006807 _____ C:\Users\Buckner Plumbing\OneDrive\Desktop\Fixlog.txt
2024-03-20 19:18 - 2024-03-21 17:29 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Desktop\FRST-OlderVersion
2024-03-19 06:22 - 2024-03-19 06:27 - 000052045 _____ C:\Users\Buckner Plumbing\OneDrive\Desktop\Addition.txt
2024-03-19 06:08 - 2024-03-21 17:34 - 000031005 _____ C:\Users\Buckner Plumbing\OneDrive\Desktop\FRST.txt
2024-03-19 06:05 - 2024-03-21 17:32 - 000000000 ____D C:\FRST
2024-03-19 06:04 - 2024-03-21 17:29 - 002391040 _____ (Farbar) C:\Users\Buckner Plumbing\OneDrive\Desktop\FRST64.exe
2024-03-16 11:40 - 2024-03-16 11:41 - 000000000 ___HD C:\adobeTemp
2024-03-14 15:56 - 2024-03-14 15:56 - 000019530 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-03-14 15:55 - 2024-03-14 15:55 - 000019530 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-03-14 15:03 - 2024-03-14 15:03 - 000000000 ___HD C:\$WinREAgent
2024-03-11 11:56 - 2024-03-11 11:56 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Documents\HealthCare.gov
2024-03-11 11:48 - 2024-03-11 11:48 - 000248658 _____ C:\Users\Buckner Plumbing\Downloads\EligibilityResultsNotice.pdf
2024-03-09 18:24 - 2024-03-09 18:24 - 000479131 _____ C:\Users\Buckner Plumbing\OneDrive\Documents\TN_unclaimed_3416264.pdf
2024-03-09 17:57 - 2024-03-09 17:58 - 000412458 _____ C:\Users\Buckner Plumbing\Downloads\17100123041763_302713.pdf
2024-03-09 17:57 - 2024-03-09 17:57 - 001376816 _____ (Google LLC) C:\Users\Buckner Plumbing\Downloads\ChromeSetup.exe
2024-03-09 13:38 - 2024-03-09 13:38 - 000000112 ___SH C:\bootTel.dat
2024-03-09 13:19 - 2024-03-09 13:19 - 000000017 _____ C:\Users\Buckner Plumbing\AppData\Local\resmon.resmoncfg
2024-03-05 18:25 - 2024-03-19 10:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2024-03-03 18:19 - 2024-03-03 18:19 - 000088939 _____ C:\Users\Buckner Plumbing\Downloads\CJ01Apr21_TO_09Apr21.txt
2024-02-29 15:20 - 2024-02-29 15:20 - 000129979 _____ C:\Users\Buckner Plumbing\Downloads\Download-2.PDF
2024-02-29 15:16 - 2024-02-29 15:16 - 000116202 _____ C:\Users\Buckner Plumbing\Downloads\Download-1.PDF
2024-02-29 15:11 - 2024-02-29 15:11 - 000116202 _____ C:\Users\Buckner Plumbing\Downloads\Download.PDF
2024-02-25 15:32 - 2024-02-25 15:32 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Documents\My Bluetooth
2024-02-25 15:32 - 2024-02-25 15:32 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Documents\hp.system.package.metadata
2024-02-25 15:32 - 2024-02-25 15:32 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Documents\hp.applications.package.appdata
2024-02-25 15:32 - 2024-02-25 15:32 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Documents\FLIR
2024-02-25 15:32 - 2024-02-25 15:32 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Documents\design
2024-02-25 15:32 - 2024-02-25 15:32 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Documents\Custom Office Templates
2024-02-25 15:31 - 2024-02-25 15:31 - 000000000 ___HD C:\OneDriveTemp
2024-02-25 15:31 - 2024-02-25 15:31 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Desktop\Buckner Plumbing
2024-02-25 15:16 - 2024-02-25 15:16 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Local\OneDrive
2024-02-25 14:53 - 2024-02-25 14:53 - 000000000 ____D C:\ProgramData\PLUG
2024-02-25 14:41 - 2024-02-25 14:41 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Local\Backup
2024-02-25 14:05 - 2024-02-25 14:05 - 000000992 _____ C:\Users\Buckner Plumbing\OneDrive\Desktop\CBS - Shortcut.lnk
2024-02-25 12:37 - 2024-02-25 12:37 - 000000000 ____D C:\Users\Buckner Plumbing\.ms-ad
2024-02-24 23:22 - 2024-02-24 23:38 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-02-24 23:22 - 2024-02-24 23:23 - 000000000 ____D C:\WINDOWS\InboxApps
2024-02-24 20:05 - 2024-02-24 20:05 - 000003160 _____ C:\WINDOWS\system32\Tasks\StartCN
2024-02-24 20:05 - 2024-02-24 20:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2024-02-24 20:04 - 2024-02-24 20:04 - 000000000 ____D C:\Program Files\ATI Technologies
2024-02-24 20:04 - 2024-02-24 20:04 - 000000000 ____D C:\Program Files (x86)\AMD
2024-02-24 19:51 - 2024-02-24 19:51 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\LocalLow\AMD
2024-02-24 19:47 - 2017-06-28 19:29 - 000922520 _____ (AMD) C:\WINDOWS\system32\coinst_16.50.dll
2024-02-24 19:47 - 2017-06-28 19:29 - 000290712 _____ C:\WINDOWS\system32\dgtrayicon.exe
2024-02-24 19:47 - 2017-06-28 19:29 - 000284056 _____ C:\WINDOWS\system32\GameManager64.dll
2024-02-24 19:47 - 2017-06-28 19:29 - 000277912 _____ C:\WINDOWS\system32\clinfo.exe
2024-02-24 19:47 - 2017-06-28 19:29 - 000276376 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2024-02-24 19:47 - 2017-06-28 19:29 - 000248728 _____ C:\WINDOWS\SysWOW64\GameManager32.dll
2024-02-24 19:47 - 2017-06-28 19:29 - 000242072 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2024-02-24 19:47 - 2017-06-28 19:29 - 000168856 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2024-02-24 19:47 - 2017-06-28 19:29 - 000143768 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2024-02-24 19:47 - 2017-06-28 19:29 - 000138136 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2024-02-24 19:47 - 2017-06-28 19:29 - 000117656 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2024-02-24 19:47 - 2017-06-28 19:28 - 000467352 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2024-02-24 19:47 - 2017-06-28 19:28 - 000239000 _____ C:\WINDOWS\system32\atieah64.exe
2024-02-24 19:47 - 2017-06-28 19:28 - 000216984 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2024-02-24 19:47 - 2017-06-28 19:28 - 000211864 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2024-02-24 19:47 - 2017-06-28 19:28 - 000185240 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2024-02-24 19:47 - 2017-06-28 19:28 - 000145304 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2024-02-24 19:47 - 2017-06-28 19:28 - 000126360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2024-02-24 19:47 - 2017-06-28 19:28 - 000119192 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2024-02-24 19:47 - 2017-06-28 19:25 - 000119736 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2024-02-24 19:47 - 2017-06-28 19:25 - 000102032 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2024-02-24 19:47 - 2017-06-28 07:59 - 000154384 _____ C:\WINDOWS\system32\samu_krnl_ci.sbin
2024-02-24 19:47 - 2017-06-28 07:59 - 000120368 _____ C:\WINDOWS\system32\kapp_ci.sbin
2024-02-24 19:47 - 2017-06-28 07:59 - 000115984 _____ C:\WINDOWS\system32\kapp_si.sbin
2024-02-24 19:46 - 2017-06-28 19:27 - 009880472 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdvlk64.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 007927192 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdvlk32.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 002501016 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 002183064 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 001015704 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 001015704 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 000411032 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2024-02-24 19:46 - 2017-06-28 19:27 - 000121240 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 000112024 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 000108440 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 000096152 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 000068504 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll
2024-02-24 19:46 - 2017-06-28 19:26 - 000853912 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2024-02-24 19:46 - 2017-06-28 19:26 - 000688024 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2024-02-24 19:46 - 2017-06-28 19:26 - 000256920 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2024-02-24 19:46 - 2017-06-28 19:26 - 000229784 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2024-02-24 19:46 - 2017-06-28 19:26 - 000091544 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmcl64.dll
2024-02-24 19:46 - 2017-06-28 19:26 - 000075160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmcl32.dll
2024-02-24 19:46 - 2017-06-28 19:25 - 000474984 _____ C:\WINDOWS\system32\amdmiracast.dll
2024-02-24 19:46 - 2017-06-28 19:25 - 000151448 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2024-02-24 19:46 - 2017-06-28 19:25 - 000135280 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2024-02-24 19:46 - 2017-06-28 19:25 - 000119736 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2024-02-24 19:46 - 2017-06-28 19:25 - 000102024 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2024-02-24 19:46 - 2017-06-28 19:24 - 000124920 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2024-02-24 19:46 - 2017-06-28 19:24 - 000112960 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2024-02-24 19:46 - 2017-06-28 07:59 - 000000144 _____ C:\WINDOWS\SysWOW64\amd-vulkan32.json
2024-02-24 19:46 - 2017-06-28 07:59 - 000000144 _____ C:\WINDOWS\system32\amd-vulkan64.json
2024-02-24 19:41 - 2024-02-24 19:41 - 000000000 ____D C:\ProgramData\SoundResearch
2024-02-24 19:37 - 2017-04-13 06:39 - 003122648 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2024-02-24 19:37 - 2017-04-13 06:39 - 001435136 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2024-02-24 19:37 - 2017-04-13 06:39 - 000532376 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2024-02-24 19:37 - 2017-04-13 06:39 - 000467152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2024-02-24 19:37 - 2017-04-13 06:39 - 000381408 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2024-02-24 19:37 - 2017-04-13 06:39 - 000341144 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2024-02-24 19:37 - 2017-04-13 06:39 - 000341144 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2024-02-24 19:37 - 2017-04-13 06:39 - 000166200 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2024-02-24 19:37 - 2017-04-13 06:38 - 001015864 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll
2024-02-24 19:37 - 2017-04-13 06:38 - 000984904 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2024-02-24 19:37 - 2017-04-13 06:38 - 000876400 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SEHDHF32.dll
2024-02-24 19:37 - 2017-04-13 06:38 - 000867152 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2024-02-24 19:37 - 2017-04-13 06:38 - 000865096 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2024-02-24 19:37 - 2017-04-13 06:38 - 000736936 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.dll
2024-02-24 19:37 - 2017-04-13 06:38 - 000525256 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2024-02-24 19:37 - 2017-04-13 06:38 - 000343696 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2024-02-24 19:37 - 2017-04-13 06:37 - 001353272 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2024-02-24 19:37 - 2017-04-13 06:37 - 000691672 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2024-02-24 19:37 - 2017-04-13 06:37 - 000387304 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2024-02-24 19:37 - 2017-04-13 06:37 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2024-02-24 19:37 - 2017-04-13 06:37 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2024-02-24 19:37 - 2017-04-13 06:37 - 000214824 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2024-02-24 19:37 - 2017-04-13 06:37 - 000110976 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2024-02-24 19:37 - 2017-04-13 06:37 - 000088336 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2024-02-24 19:37 - 2017-04-13 06:35 - 003677184 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2024-02-24 19:37 - 2017-04-13 06:35 - 003205120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2024-02-24 19:37 - 2017-04-13 06:35 - 002209792 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2024-02-24 19:37 - 2017-04-13 06:35 - 000258856 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2024-02-24 19:35 - 2017-04-13 06:36 - 001616680 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
2024-02-24 19:35 - 2017-04-13 06:36 - 001529128 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64Proxy.dll
2024-02-24 19:35 - 2017-04-13 06:36 - 000467136 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\CAF64APO2.dll
2024-02-24 19:35 - 2017-04-13 06:36 - 000112488 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\Caf64api.dll
2024-02-24 19:35 - 2017-04-13 06:35 - 000122312 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2024-02-24 19:35 - 2017-04-13 02:54 - 000000864 _____ C:\WINDOWS\system32\cxapo.prop
2024-02-24 18:20 - 2024-02-24 18:20 - 000001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2024-02-24 18:20 - 2024-02-24 18:20 - 000000000 ____D C:\Program Files\PCHealthCheck
2024-02-24 17:53 - 2024-02-24 19:42 - 000002285 _____ C:\Users\Buckner Plumbing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk
2024-02-24 17:52 - 2024-03-21 17:27 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-02-24 17:51 - 2024-02-24 18:56 - 000000000 ____D C:\Program Files\Mozilla Firefox

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-03-21 17:31 - 2016-10-21 08:33 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2024-03-21 17:25 - 2018-06-20 17:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2024-03-21 17:21 - 2021-02-04 16:45 - 000000000 ____D C:\Program Files\ruxim
2024-03-21 17:19 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-03-21 02:47 - 2020-11-19 03:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-03-20 20:12 - 2021-02-04 15:06 - 000000000 ___RD C:\Users\Buckner Plumbing\Creative Cloud Files
2024-03-20 20:02 - 2020-11-19 03:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-03-20 20:02 - 2016-10-21 08:33 - 000000000 ____D C:\ProgramData\HP
2024-03-20 20:01 - 2021-05-02 11:40 - 000008192 ___SH C:\DumpStack.log.tmp
2024-03-20 20:01 - 2019-12-07 05:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-03-20 20:01 - 2017-06-15 03:19 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2024-03-20 19:51 - 2017-06-15 03:18 - 000000000 ____D C:\Program Files (x86)\HP
2024-03-20 19:51 - 2017-03-17 12:23 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Roaming\Hewlett-Packard
2024-03-20 19:51 - 2016-10-21 08:34 - 000000000 ____D C:\Program Files (x86)\HP Inc
2024-03-20 19:51 - 2016-10-21 08:33 - 000000000 ____D C:\Program Files\HP
2024-03-20 19:51 - 2016-10-21 08:31 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2024-03-20 19:34 - 2017-05-05 20:22 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\LocalLow\Temp
2024-03-20 17:12 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-03-20 17:12 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-03-19 13:40 - 2016-10-21 08:37 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2024-03-18 12:18 - 2021-05-02 12:05 - 000934922 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-03-18 12:18 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2024-03-16 11:40 - 2021-02-04 15:20 - 000000000 ____D C:\Program Files\Common Files\Adobe
2024-03-16 11:37 - 2021-02-04 15:35 - 000000000 ____D C:\Program Files\Adobe
2024-03-16 11:23 - 2020-11-19 03:30 - 000336168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-03-16 11:17 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-03-16 11:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-03-16 11:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-03-16 11:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-03-16 11:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-03-16 11:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-03-16 11:17 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\servicing
2024-03-16 11:16 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-03-16 11:08 - 2018-05-04 22:10 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Local\Packages
2024-03-16 10:06 - 2020-11-19 03:32 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-03-16 09:54 - 2024-01-13 20:39 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1936981840-1978000543-3804904241-1001
2024-03-16 09:54 - 2021-05-02 12:17 - 000003390 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1936981840-1978000543-3804904241-1001
2024-03-16 09:54 - 2021-05-02 09:52 - 000002423 _____ C:\Users\Buckner Plumbing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-03-14 16:09 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-03-14 15:55 - 2020-11-19 03:32 - 003017216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-03-14 14:48 - 2020-11-19 03:30 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-03-14 14:45 - 2017-03-17 15:32 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-03-14 14:31 - 2017-03-17 15:32 - 190470136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-03-07 18:01 - 2017-01-10 05:57 - 000000000 ____D C:\ProgramData\Realtek
2024-03-07 18:00 - 2017-03-21 10:37 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-03-07 17:47 - 2021-05-02 12:17 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2024-03-06 00:42 - 2017-03-21 10:37 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-03-05 23:24 - 2020-11-19 03:32 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-03-05 23:24 - 2020-11-19 03:32 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-03-04 05:31 - 2017-04-18 01:17 - 000000000 ____D C:\ProgramData\AMD
2024-02-29 14:40 - 2020-11-19 03:33 - 000000000 ____D C:\ProgramData\Packages
2024-02-29 13:39 - 2017-06-15 22:41 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Local\HP
2024-02-29 13:39 - 2017-03-17 13:19 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Local\Hewlett-Packard
2024-02-29 13:24 - 2017-03-17 13:19 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Roaming\hpqLog
2024-02-29 13:24 - 2016-10-21 08:33 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2024-02-29 13:21 - 2016-08-23 15:10 - 000000000 ____D C:\SWSETUP
2024-02-25 20:47 - 2017-05-06 07:59 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Roaming\Microsoft\MMC
2024-02-25 16:04 - 2017-04-15 02:00 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Roaming\Microsoft\Word
2024-02-25 15:32 - 2021-05-02 09:52 - 000000000 ____D C:\Users\Buckner Plumbing
2024-02-25 15:31 - 2017-03-17 12:22 - 000000000 ___RD C:\Users\Buckner Plumbing\OneDrive
2024-02-25 15:27 - 2021-05-02 12:17 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-02-25 15:22 - 2024-01-29 21:43 - 000002121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk
2024-02-25 15:22 - 2024-01-29 21:43 - 000002110 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-02-25 14:39 - 2021-05-03 13:04 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2024-02-25 14:26 - 2018-01-13 07:59 - 000000000 ____D C:\Program Files\rempl
2024-02-25 12:37 - 2024-01-13 20:11 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Roaming\com.adobe.dunamis
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Com
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2024-02-24 23:23 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2024-02-24 23:23 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\IME
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Windows Defender
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\System
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2024-02-24 23:22 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemApps
2024-02-24 23:22 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\appcompat
2024-02-24 22:57 - 2019-12-07 05:52 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2024-02-24 22:57 - 2019-12-07 05:52 - 000020827 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2024-02-24 22:57 - 2019-12-07 05:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2024-02-24 22:57 - 2019-12-07 05:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2024-02-24 20:16 - 2021-05-02 12:17 - 000003506 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2024-02-24 20:15 - 2024-01-13 20:00 - 000003530 _____ C:\WINDOWS\system32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0
2024-02-24 19:55 - 2017-06-15 03:19 - 000000000 ____D C:\Program Files\AMD
2024-02-24 19:51 - 2017-06-15 03:19 - 000000000 ____D C:\AMD
2024-02-24 19:51 - 2017-03-17 12:21 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Local\AMD
2024-02-24 19:41 - 2017-06-15 03:20 - 000001851 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS Audio Control.lnk
2024-02-24 19:40 - 2017-06-15 03:20 - 000057556 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2024-02-24 19:38 - 2017-06-15 03:20 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2024-02-24 18:51 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2024-02-24 18:37 - 2019-12-07 05:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2024-02-24 17:52 - 2017-03-21 10:39 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\LocalLow\Mozilla

==================== Files in the root of some directories ========

2017-03-17 12:19 - 2024-03-21 17:21 - 001324128 _____ () C:\Users\Buckner Plumbing\AppData\Local\BTServer.log
2018-10-26 12:52 - 2018-10-26 12:52 - 000000000 _____ () C:\Users\Buckner Plumbing\AppData\Local\oobelibMkey.log
2024-03-09 13:19 - 2024-03-09 13:19 - 000000017 _____ () C:\Users\Buckner Plumbing\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.03.2024
Ran by Buckner Plumbing (21-03-2024 17:41:47)
Running from C:\Users\Buckner Plumbing\OneDrive\Desktop
Microsoft Windows 10 Home Version 22H2 19045.4170 (X64) (2021-05-02 16:20:08)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1936981840-1978000543-3804904241-500 - Administrator - Disabled)
Buckner Plumbing (S-1-5-21-1936981840-1978000543-3804904241-1001 - Administrator - Enabled) => C:\Users\Buckner Plumbing
DefaultAccount (S-1-5-21-1936981840-1978000543-3804904241-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1936981840-1978000543-3804904241-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-1936981840-1978000543-3804904241-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1936981840-1978000543-3804904241-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Disabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Disabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{13DA9C7C-EBFB-40D0-94A1-55B42883DF21}) (Version: 21.2.1 - HP Inc.) Hidden
ACP Application (HKLM\...\{FC5382F1-9A21-5071-E376-C401639D8227}) (Version: 2016.0809.2131.47 - Advanced Micro Devices, Inc.) Hidden
Adobe Acrobat (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 23.008.20555 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 6.1.0.587 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.4.0.63 - Adobe Inc.)
Adobe Illustrator 2020 (HKLM-x32\...\ILST_24_3) (Version: 24.3 - Adobe Inc.)
Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_1_1) (Version: 22.1.1.138 - Adobe Inc.)
Adobe Reader XI (11.0.23) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601053}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AMD Install Manager (HKLM\...\{870A7CB1-9CC6-98C6-0CFC-110F4E70395B}) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.) Hidden
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2017.0620.401.5401 - Advanced Micro Devices, Inc.)
Barn Yarn Collector's Edition (HKLM-x32\...\WTA-67b4db76-3743-45bd-b82a-ec7c5e521b94) (Version: 3.0.2.48 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.5.6909 - CyberLink Corp.)
CyberLink PowerDirector 14 (HKLM-x32\...\{6BADCD73-E925-46F7-A295-FF2448632728}) (Version: 14.0.2.3309 - CyberLink Corp.)
Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.863.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
FLIR Tools (HKLM-x32\...\{1E4B41AC-E594-4101-A677-FC23FA0BC0FE}) (Version: 5.13.18031.2002 - FLIR Systems) Hidden
FLIR Tools (HKLM-x32\...\{1f3093d4-5da7-4bb6-8e45-ef8f7ffb9b04}) (Version: 5.13.18031.2002 - FLIR Systems)
FLIR Tools English Documentation (HKLM-x32\...\{037C1BC6-8980-4C11-A648-62FD924256FD}) (Version: 5.13.18031.2002 - FLIR Systems) Hidden
HP Audio Switch (HKLM-x32\...\{0C5D69BD-B518-46DB-8471-506CD27F9478}) (Version: 1.0.138.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM\...\{2CB12285-90BF-469F-B973-34495ABAF048}) (Version: 5.2.20454 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{5C690381-6AF5-4374-B50C-02F0390E9980}) (Version: 5.2.20454 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{D711D91A-127D-4A11-BA83-634868AD8016}) (Version: 5.2.20454 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{EA274518-738D-4A48-A1CB-596173D4C6A2}) (Version: 5.2.20454 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{03ED1397-7E72-4F6E-A0F0-2994A0A13421}) (Version: 5.2.20454 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{5b1a1d22-bd59-44e0-a954-e2f18ec43a23}) (Version: 5.2.20454 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{B9ADB0F9-459B-4E6B-A021-0F38C73FC060}) (Version: 5.2.20454 - HP Inc.) Hidden
HP JumpStart Bridge (HKLM-x32\...\{9B252E0D-7B31-48A6-B01E-B5CCBA286E8E}) (Version: 1.1.0.168 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{B90CB0DE-2E60-41C4-9857-466EB98192BF}) (Version: 1.1.158.0 - HP Inc.)
HP Orbit (HKLM-x32\...\{82b971c1-85fa-4c53-ada1-4ec6be0c0c8a}) (Version: 3.5.171.271 - HP Inc.)
HP Recovery Manager (HKLM-x32\...\{64BAA990-F1FC-4145-A7B1-E41FBBC9DA47}) (Version: 1.2.1510 - HP) Hidden
HP System Event Utility (HKLM-x32\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.14 - HP Inc.)
IPCMultiViewSetup (HKLM-x32\...\{1C375B52-884F-40C1-A962-7F20048A7420}) (Version: 1.0.0 - IPCamera)
Letter Quest - Grimm's Journey (HKLM-x32\...\WTA-cb7f0e76-9578-4ef3-b7a8-b96046b1ca07) (Version: 3.0.2.118 - WildTangent) Hidden
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0.1 - McAfee, Inc.)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.17328.20184 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 122.0.2365.92 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 122.0.2365.92 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\...\OneDriveSetup.exe) (Version: 24.040.0225.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (HKLM\...\{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (HKLM\...\{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (HKLM-x32\...\{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (HKLM-x32\...\{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31326 (HKLM-x32\...\{2d507699-404c-4c8b-a54a-38e352f32cdd}) (Version: 14.32.31326.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31326 (HKLM-x32\...\{817e21c1-6b3a-4bc1-8c49-67e4e1887b3a}) (Version: 14.32.31326.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31326 (HKLM\...\{38624EB5-356D-4B08-8357-C33D89A5C0C5}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31326 (HKLM\...\{C96241EA-9900-4FE8-85B3-1E238D509DF6}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31326 (HKLM-x32\...\{A250E750-DB3F-40C1-8460-8EF77C7582DA}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31326 (HKLM-x32\...\{46E11E7F-01E1-44D0-BB86-C67342D253DD}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 123.0.1 (x64 en-US)) (Version: 123.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.3 - Mozilla)
Mystika 2 (HKLM-x32\...\WTA-bb06e8c0-4b81-425c-804a-6267ade1aa0f) (Version: 1.1.2.4 - WildTangent) Hidden
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.17328.20142 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.17328.20142 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.17328.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14026.20246 - Microsoft Corporation) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.57 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8117 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.76 - REALTEK Semiconductor Corp.)
Runefall (HKLM-x32\...\WTA-18546825-9881-4edf-8e4e-c545a50bfc3f) (Version: 3.0.2.126 - WildTangent) Hidden
Sparkle 2 (HKLM-x32\...\WTA-87ecc590-42a0-4281-9334-6cdc2fbd2c65) (Version: 3.0.2.51 - WildTangent) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.5.10.75 - Synaptics Incorporated)
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{0746492E-47B6-4251-940C-44462DFD74BB}) (Version: 2.55.0.0 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{B9A7A138-BFD5-4C73-A269-F78CCA28150E}) (Version: 8.94.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{76A22428-2400-4521-96AF-7AC4A6174CA5}) (Version: 1.25.0.0 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.)
WebPlugin version 1.0.1.323 (HKLM-x32\...\{70019763-8886-4723-AFD6-D920B0E2F4AE}_is1) (Version: 1.0.1.323 - DVR Soft.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23214 - Microsoft Corporation)
Windows Driver Package - SeeSnake (CXCVBS) Media (10/01/2009 6.0.114.0) (HKLM\...\406A683F4E027049BD7ACBF3299A2FF13C802FFC) (Version: 10/01/2009 6.0.114.0 - SeeSnake)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )

Packages:
=========

Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2021-01-29] (Adobe Systems Incorporated)
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc [2024-01-13] (Adobe Systems Incorporated)
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2021-02-04] (Amazon.com)
Facebook -> C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2023.531.1.0_x64__8xx8rvfyw5nnt [2024-01-29] (Meta)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6 [2017-03-17] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6 [2024-02-29] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-05-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-05-03] (Microsoft Corporation) [MS Ad]
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2402.13001.0_x64__8wekyb3d8bbwe [2024-02-29] (Microsoft Corporation) [Startup Task]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2024-01-29] (Netflix, Inc.)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.19.1262.0_x64__8wekyb3d8bbwe [2024-02-29] (Microsoft Studios) [MS Ad]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-17] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1936981840-1978000543-3804904241-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-4AD7BFE68F30} -> [Creative Cloud Files] => C:\Users\Buckner Plumbing\Creative Cloud Files [2021-02-04 15:06]
CustomCLSID: HKU\S-1-5-21-1936981840-1978000543-3804904241-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-1936981840-1978000543-3804904241-1001_Classes\CLSID\{C591CFEA-E432-495d-A0BE-58E4CCD87B17}\Shell\Open\Command -> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll",ShowDevicePropPage 1
CustomCLSID: HKU\S-1-5-21-1936981840-1978000543-3804904241-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-03-16] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-03-16] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-03-16] (Adobe Inc. -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-03-16] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2017-05-31] (McAfee, Inc. -> McAfee, Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-06-20] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-03-16] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2017-05-31] (McAfee, Inc. -> McAfee, Inc.)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [57344 2008-12-17] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://secure.rezserver.com/sdk/v1/LinkFwd?refid=7684&destination=priceline&refclickid=square

==================== Loaded Modules (Whitelisted) =============

2016-09-14 00:14 - 2016-09-14 00:14 - 000011776 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 002013696 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000739840 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000191488 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000071168 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000049664 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qdds.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000029696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000037376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000459776 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjp2.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000236544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000275456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qmng.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000023552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000022528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000351744 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtiff.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000374784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 001212416 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 000912384 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 005496320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 005804544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 001061376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 003187712 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 002924544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 000310784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 005444608 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 000277504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 000193024 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {3EB731EC-856E-45EE-8468-F26F4FD58DEE} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {3EB731EC-856E-45EE-8468-F26F4FD58DEE} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1936981840-1978000543-3804904241-1001 -> {3EB731EC-856E-45EE-8468-F26F4FD58DEE} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2024-03-09] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1936981840-1978000543-3804904241-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated)
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=3791
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-03-09] (Microsoft Corporation -> Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2017-05-31] (McAfee, Inc. -> McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2017-05-31] (McAfee, Inc. -> McAfee, Inc.)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 07:47 - 2016-07-16 07:45 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1936981840-1978000543-3804904241-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "BtServer"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKLM\...\StartupApproved\Run32: => "HPRadioMgr"
HKLM\...\StartupApproved\Run32: => "SeeSnakeHQUpdater"
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_3C524E9FA40EF560AE6A5D7D0ECDB354"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{738AA787-A5B3-457C-A90D-82CA9720D8BB}] => (Allow) C:\ProgramData\FLIR Systems\FLIR Tools\Updates\FLIR Tools Updater.exe (FLIR Systems AB -> FLIR Systems)
FirewallRules: [{3016D91E-A4CE-46AC-BD0B-A790539EE6CA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3C5D89BF-2B7B-422C-8394-8E84767E22EC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EDD6128C-87DF-4970-85C2-5476E9B2D671}] => (Allow) LPort=13148
FirewallRules: [{38F80664-20C9-4699-B638-6FE643FFEE2A}] => (Allow) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe => No File
FirewallRules: [{D6E8D63F-F43F-4A74-9579-A3BC6EB32FC0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{19B35FA3-14D8-4DF8-8DDA-2FF5718DBA6A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe (CyberLink Corp. -> CyberLink)
FirewallRules: [{221EB7E1-1BF2-4984-BC38-2F9C1A505842}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{D0712CC8-4A8F-4219-9C4A-20A1FA18BF66}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{4FB083F8-DFC0-42AC-BBC0-A0D54B40264A}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{A09E4E47-B373-4662-A9FB-00848FD03D0B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E3C0F766-80C8-48F0-8790-5ED0B69192C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1E2F9E56-8481-47BD-8944-E0FB91443C58}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BD374420-B398-493D-8F4B-8014EA18F582}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1137CCD9-B9D0-4859-8EDC-68DD8020D178}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F160D60D-E2DB-4DAE-BEB1-87BCD66F0F45}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{494E55EC-909D-4711-BFA8-6FF0188C8BF8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F1BDDF4D-82F6-4758-8276-B31F926DA13E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.114.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4D9BD41B-506D-4E99-9ED2-C362B96D62DC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.114.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{36385761-3028-47E4-A9E7-B82096F0335E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.114.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{897EC260-CB95-4462-9C9B-202D536F7B16}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.114.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{00B510DA-B6D4-4B36-879E-F521BE80078E}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.92\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

09-03-2024 14:33:36 Scheduled Checkpoint
14-03-2024 15:12:54 Windows Modules Installer
20-03-2024 19:49:41 AdwCleaner_BeforeCleaning_20/03/2024_19:49:36

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (03/20/2024 08:15:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ESETOnlineScanner.exe, version: 10.34.8.0, time stamp: 0x65f09154
Faulting module name: ntdll.dll, version: 10.0.19041.3996, time stamp: 0x9b4c0fa6
Exception code: 0xc0000005
Fault offset: 0x0005f5f3
Faulting process id: 0x1c78
Faulting application start time: 0x01da7b2489a627ed
Faulting application path: C:\Users\Buckner Plumbing\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 9facadbc-6b2f-41fc-a65c-946d498e3dbd
Faulting package full name:
Faulting package-relative application ID:

Error: (03/20/2024 08:11:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ESETOnlineScanner.exe, version: 10.34.8.0, time stamp: 0x65f09154
Faulting module name: ntdll.dll, version: 10.0.19041.3996, time stamp: 0x9b4c0fa6
Exception code: 0xc0000005
Fault offset: 0x0005f5f3
Faulting process id: 0x2b54
Faulting application start time: 0x01da7b239cf025d4
Faulting application path: C:\Users\Buckner Plumbing\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: ae9917f7-d206-45b0-992c-1d7cc7706479
Faulting package full name:
Faulting package-relative application ID:

Error: (03/20/2024 08:06:11 PM) (Source: MsiInstaller) (EventID: 11706) (User: BP-LAPTOP)
Description: Product: HP JumpStart Launch -- Error 1706. An installation package for the product HP JumpStart Launch cannot be found. Try the installation again using a valid copy of the installation package 'SetupHPJumpStartLaunch.msi'.

Error: (03/20/2024 08:05:51 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (03/20/2024 07:44:33 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (03/20/2024 07:22:29 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid..

Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (03/20/2024 07:20:26 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied..This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {383d5a2c-ce3a-41d1-9345-fd08ab25e3e2}

Error: (03/20/2024 04:57:15 PM) (Source: Adaptive Sleep Service) (EventID: 0) (User: )
Description: Event-ID 0

System errors:
=============
Error: (03/21/2024 05:29:57 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240016: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.407.605.0) - Current Channel (Broad).

Error: (03/20/2024 08:05:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/20/2024 08:05:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Comm Recovery service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/20/2024 08:05:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GamesAppIntegrationService service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/20/2024 08:02:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Orbit Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/20/2024 08:02:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The uhssvc service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (03/20/2024 08:02:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the uhssvc service to connect.

Error: (03/20/2024 07:51:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Orbit Service service terminated unexpectedly. It has done this 1 time(s).

Windows Defender:
================
Date: 2024-03-20 17:22:51
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-03-20 17:15:36
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-03-19 07:43:29
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-03-18 12:47:35
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.B!ml&threatid=2147735505&enterprise=0
Name: Trojan:Win32/Wacatac.B!ml
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Buckner Plumbing\OneDrive\Desktop\FRST64.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Mozilla Firefox\firefox.exe
Security intelligence Version: AV: 1.407.521.0, AS: 1.407.521.0, NIS: 1.407.521.0
Engine Version: AM: 1.1.24020.9, NIS: 1.1.24020.9

Date: 2024-03-18 12:41:10
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.B!ml&threatid=2147735505&enterprise=0
Name: Trojan:Win32/Wacatac.B!ml
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Buckner Plumbing\Downloads\FRST64.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Mozilla Firefox\firefox.exe
Security intelligence Version: AV: 1.407.521.0, AS: 1.407.521.0, NIS: 1.407.521.0
Engine Version: AM: 1.1.24020.9, NIS: 1.1.24020.9
Event[0]:

Date: 2024-02-24 17:17:29
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.2952.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

Date: 2024-02-24 17:17:29
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.2952.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

Date: 2024-02-24 17:17:29
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.2952.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

Date: 2024-02-24 15:15:31
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.2917.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

Date: 2024-02-24 15:15:31
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.2917.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

CodeIntegrity:
===============
Date: 2024-03-21 17:37:57
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2024-03-21 17:22:37
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.

Date: 2024-03-20 20:05:52
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements.

Date: 2024-03-20 20:05:51
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

BIOS: Insyde F.21 10/27/2016
Motherboard: HP 81F9
Processor: AMD A10-9600P RADEON R5, 10 COMPUTE CORES 4C+6G
Percentage of memory in use: 64%
Total physical RAM: 7647.12 MB
Available physical RAM: 2698.77 MB
Total Virtual: 11999.12 MB
Available Virtual: 5252.64 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:916.59 GB) (Free:822.67 GB) (Model: TOSHIBA MQ01ABD100) NTFS
Drive d: (RECOVERY) (Fixed) (Total:13.69 GB) (Free:1.65 GB) (Model: TOSHIBA MQ01ABD100) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{7de8c6a7-9a55-438d-afb1-8e8177dab4fa}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.35 GB) NTFS
\\?\Volume{771c2074-a093-44da-aa77-3c96a07fbad7}\ () (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 395B16A8)

Partition: GPT.

==================== End of Addition.txt =======================

I enthusiastically consent to the removal of all McAfee security program application entries and registry keys! Please provide whatever steps necessary for execution.
Overall performance seems to be improved in regards to startup, however 100% disk usage for extended periods followed by intermittenet periods of low/average usage still seems to be occuring. Re-evaluation after removal of McAfee date may be indicated?

#6 polskamachina

Malware Response Team
5,622 posts
ONLINE

Gender:Male
Location:California
Local time:09:30 PM

Posted 21 March 2024 - 09:07 PM

Hi jcol1227,

Good job running all the diagnostic tools. :thumbup2:

Let's take care of McAfee. It most likely will take several operations to clear everything out. There are also some other pre-installed programs that were deleted by AdwCleaner whose leftovers are still sitting in your system.

Those other programs are:

HP Audio Switch
HP Jumpstart Bridge
HP Jumpstart Launch
HP Orbit

Note: Revo Uninstaller does a more thorough job deleting programs on your computer than using the Programs and Features option in Windows. Since it is a more powerful tool, please be sure to follow these instructions VERY carefully.

Note: If the program you need to uninstall is not listed by Revo, then let me know and we will try an alternate method of removal.

Please download and install Revo Uninstaller Free
note: there is no need to click anything on that page, the download will start automatically
Double click Revo Uninstaller to run it
From the list of your installed programs double click on the McAfee LiveSafe
When prompted if you want to uninstall it, click Yes
Be sure the Advanced option is selected then click Next
The program will run, if prompted again, click Yes
Note this important step: Before Revo removes the remnants of the program, the original program's uninstaller will run and will prompt you when the process is complete. Then it may ask you to restart your computer. DO NOT RESTART YOUR COMPUTER AT THIS TIME. Click cancel on the restart option and then continue with Revo's uninstallation process
Once the program has searched for leftovers click Next
Check the box for Select All and then click Delete and accept the prompt that asks if you want to delete the selections
When prompted click on Yes and then on Next
Repeat the above 2 steps until the uninstall completes
Next, go back to step #3 and one by one, remove the entries that I marked above, in red, for removal
Once done click Finish
Restart the computer only if asked to do so and you have no more products to uninstall.

Run FRST64.exe
Click on Scan
When the scan completes, please copy and paste FRST.txt and Addition.txt into your next reply to me

Run FRST64.exe
In the small Search: box window, copy and paste:

SearchAll: McAfee

Click on, Search Files
It may take some time to search through all your files and registry
When the search completes, the file Search.txt will be placed onto your Desktop
Copy and paste that file into your next reply to me

In summary I will need from you:

FRST.txt
Addition.txt
Search.txt
Did removing the McAfee program and other leftover products improve your computer's performance?

Let me know if you have any questions.

polskamachina

If I have made your computing life easier, please consider making a contribution.

#7 jcol1227

Topic Starter

Members
23 posts
OFFLINE

Local time:12:30 AM

Posted 22 March 2024 - 02:37 PM

Thanks!

So I ran Revo as directed. The only thing worth noting is there was a small issue being able to run the HP uninstaller program for the HP Jumpstart and Jumpstart Bridge (see attached). I was however able to continue with the uninstall via Revo by selecting and deleting the found files and entries as you instructed. But Im wondering if this is the reason FRST still returned such an extensive search list.

Uninstalling the McAfee programs seems to have made a remarkable difference in performance and disk usage! Thanks so much!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22.03.2024
Ran by Buckner Plumbing (administrator) on BP-LAPTOP (HP HP Notebook) (22-03-2024 13:49:21)
Running from C:\Users\Buckner Plumbing\OneDrive\Desktop\FRST64.exe
Loaded Profiles: Buckner Plumbing
Platform: Microsoft Windows 10 Home Version 22H2 19045.4170 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Crash Processor.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Creative Cloud UI Helper.exe <4>
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe ->) (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(C:\Program Files\HP\HP Enabling Services\NetworkCap.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\BridgeCommunication.exe <2>
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <12>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> ) C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(services.exe ->) (CyberLink Corp. -> CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(svchost.exe ->) (Adobe Systems Incorporated -> ) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(svchost.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9217024 2017-04-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [231640 2016-09-20] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4096992 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [705784 2016-06-20] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2024-01-13] (Adobe Inc. -> )
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [8731040 2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\...\Run: [MicrosoftEdgeAutoLaunch_3C524E9FA40EF560AE6A5D7D0ECDB354] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4060608 2024-03-07] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\hpcpp196: C:\Windows\System32\spool\prtprocs\x64\hpcpp196.dll [758000 2017-02-14] (HP Inc. -> HP Inc.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [203936 2024-01-13] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\HP Universal Print Monitor: C:\WINDOWS\system32\HPMPW081.DLL [127728 2017-02-14] (HP Inc. -> HP Inc.)
HKLM\...\Print\Monitors\HPMLM190: C:\WINDOWS\system32\hpmlm190.dll [310696 2017-02-14] (HP Inc. -> HP Inc.)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {88C3785B-77B3-4DC2-AA20-B646069AC8A3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {25B551F9-7C7F-4F1E-AB30-D2B1CF1761DD} - System32\Tasks\Adobe Creative Cloud => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [1131488 2024-01-13] (Adobe Inc. -> Adobe Inc.)
Task: {505703A0-6780-44E9-83F5-9132DAC01B04} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4096992 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {363A5FD7-DDD4-46DA-9EAB-3B3429497F71} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [4434400 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {4A7C5211-7393-4C3E-8208-B4580CAA4171} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [584488 2016-09-21] (Dropbox, Inc -> )
Task: {F8022533-4096-4FC4-B348-6E3AA1BB9813} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-01-29] (Dropbox, Inc -> Dropbox, Inc.)
Task: {938E617C-282A-4726-B4F4-AA8A92A2581D} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-01-29] (Dropbox, Inc -> Dropbox, Inc.)
Task: {B4CCC76C-CE99-45A5-9013-0D69C8B119FD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [703536 2024-02-01] (HP Inc. -> HP Inc.)
Task: {CC3CD0DC-A784-4338-B339-942254500380} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2024-02-01] (HP Inc. -> HP Inc.)
Task: {47FE9080-3210-4D46-9A8A-F036DD28E404} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1161264 2024-02-01] (HP Inc. -> HP Inc.)
Task: {36A8DDF7-B1D0-4A9A-A58C-B4DD9F8326CE} - System32\Tasks\HPEA3JOBS => C:\Program -> Files\HP\HP ePrint\hpeprint.exe /CheckJobs
Task: {EB05428C-84E0-4BFF-9530-CB92D31AB621} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28491744 2024-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {19579CBF-5A68-47B7-A2F8-5985760CB941} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28491744 2024-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {EE2F5648-DED0-4B02-938B-C5E84092CB87} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [220608 2024-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {ED6085B5-DE3A-42D9-BD16-6C521207A000} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [220608 2024-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {442A5E67-2751-47C4-9F85-4D0F69394325} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [342736 2024-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {6390E4D4-D0BB-4053-815B-1189B4FAAB26} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCmdRun.exe [1650024 2024-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C803DEBF-D109-4263-B19C-3522A3428B68} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCmdRun.exe [1650024 2024-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C77C2146-B72D-460D-B947-10E53303F81D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCmdRun.exe [1650024 2024-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {67F0E93C-9B8C-45C7-9E78-8EFFE8624F9F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCmdRun.exe [1650024 2024-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FF19AEF6-FA1F-4BE3-B818-32DCD77A5D51} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [671648 2024-03-05] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {43B402A2-8DBE-45FD-B143-CF19A2E7C111} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-1936981840-1978000543-3804904241-1001 E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [671648 2024-03-05] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {D0BCC693-0878-44E0-B7B1-F2C897B40F85} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34720 2024-02-24] (Mozilla Corporation -> Mozilla Foundation)
Task: {3EC0C88A-D0D9-4E7F-AEF2-A7DDB8721EF0} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [34720 2024-03-05] (Mozilla Corporation -> Mozilla Foundation)
Task: {F9BBC389-A626-4895-975D-D7925CB0414A} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [52104 2017-06-20] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{418c7cc2-f2ba-413a-86bc-89e01001936f}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Buckner Plumbing\AppData\Local\Microsoft\Edge\User Data\Default [2024-03-16]
Edge Extension: (Google Docs Offline) - C:\Users\Buckner Plumbing\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-09]
Edge Extension: (Edge relevant text changes) - C:\Users\Buckner Plumbing\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-29]

FireFox:
========
FF DefaultProfile: upx7vtdc.default
FF ProfilePath: C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\0sx8i1eu.default-release [2024-03-22]
FF DownloadDir: C:\Users\Buckner Plumbing\Downloads
FF ProfilePath: C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default [2024-03-22]
FF Notifications: Mozilla\Firefox\Profiles\upx7vtdc.default -> hxxps://spark.adobe.com
FF Extension: (Firefox All Aboard 1.6) - C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default\Extensions\@all-aboard-v1-6.xpi [2017-05-11] [Legacy]
FF Extension: (Adaware AdBlock) - C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default\Extensions\AdBlockerLavaSoftFF@lavasoft.com.xpi [2024-01-29]
FF Extension: (uBlock Origin) - C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default\Extensions\uBlock0@raymondhill.net.xpi [2024-02-24]
FF Extension: (Block Site) - C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default\Extensions\{07046613-1993-4b66-9dd1-9dd1ce581cb7}.xpi [2020-10-08]
FF Extension: (Re-Pagination) - C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default\Extensions\{6072cb90-a0bd-11da-a746-0800200c9a66}.xpi [2017-09-06] [Legacy]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-06-13] [Legacy]
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-12-07]
FF Extension: (Firefox All Aboard 1.6) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\@all-aboard-v1-6 [2024-03-05] [Legacy]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2024-01-13] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @devicesoft.com/np_device_plugin -> C:\Users\Buckner Plumbing\AppData\Roaming\WebPlugins\DVR\npDvrSVideo.dll [2017-05-17] (npDvrSVideo) [File not signed]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-02-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File]
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2024-01-13] (Adobe Inc. -> Adobe Systems)

Chrome:
=======
CHR HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2017-06-20] (Advanced Micro Devices, Inc. -> )
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [944096 2024-01-13] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [4555744 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
S2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-08-10] (Advanced Micro Devices) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [125656 2016-09-20] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14097992 2024-03-19] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-01-29] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-01-29] (Dropbox, Inc -> Dropbox, Inc.)
R2 HPAppHelperCap; C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe [891328 2024-02-01] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Program Files\HP\HP Enabling Services\DiagsCap.exe [889896 2024-02-01] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Program Files\HP\HP Enabling Services\NetworkCap.exe [886824 2024-02-01] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe [890408 2024-02-01] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [631800 2016-06-20] (HP Inc. -> HP Inc.)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2016-06-15] (HP Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2016-06-15] (HP Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2016-03-23] (CyberLink Corp. -> CyberLink)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\NisSrv.exe [3191272 2024-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MsMpEng.exe [133688 2024-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 GamesAppIntegrationService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe" [X]
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
S2 HP Comm Recover; "C:\Program Files\HPCommRecovery\HPCommRecovery.exe" [X]
S2 HPJumpStartBridge; "c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe" [X]
S2 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [20928 2024-03-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [603416 2024-03-14] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105752 2024-03-14] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [40200 2023-11-17] (HP Inc. -> HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-03-22 13:20 - 2024-03-22 13:23 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Desktop\Revo Uninstaller
2024-03-22 13:02 - 2024-03-22 13:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2024-03-22 13:02 - 2024-03-22 13:02 - 000000000 ____D C:\Program Files\VS Revo Group
2024-03-21 02:48 - 2024-03-21 02:48 - 000000506 _____ C:\Users\Buckner Plumbing\OneDrive\Desktop\ESET_scan.txt
2024-03-20 20:06 - 2024-03-20 20:16 - 000001300 _____ C:\Users\Buckner Plumbing\OneDrive\Desktop\ESET Online Scanner.lnk
2024-03-20 20:04 - 2024-03-20 20:16 - 000001400 _____ C:\Users\Buckner Plumbing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2024-03-20 20:04 - 2024-03-20 20:04 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Local\ESET
2024-03-20 19:57 - 2024-03-20 19:57 - 008389496 _____ (ESET) C:\Users\Buckner Plumbing\OneDrive\Desktop\esetonlinescanner.exe
2024-03-20 19:52 - 2024-03-20 19:52 - 000008921 _____ C:\Users\Buckner Plumbing\OneDrive\Desktop\AdwCleaner[C00].txt
2024-03-20 19:45 - 2024-03-20 19:51 - 000000000 ____D C:\AdwCleaner
2024-03-20 19:44 - 2024-03-20 19:44 - 008790880 _____ (Malwarebytes) C:\Users\Buckner Plumbing\OneDrive\Desktop\adwcleaner.exe
2024-03-20 19:39 - 2024-03-20 19:39 - 000000000 ___HD C:\ProgramData\temp
2024-03-20 19:20 - 2024-03-20 19:37 - 000006807 _____ C:\Users\Buckner Plumbing\OneDrive\Desktop\Fixlog.txt
2024-03-20 19:18 - 2024-03-22 13:49 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Desktop\FRST-OlderVersion
2024-03-19 06:22 - 2024-03-21 17:46 - 000050138 _____ C:\Users\Buckner Plumbing\OneDrive\Desktop\Addition.txt
2024-03-19 06:08 - 2024-03-22 13:51 - 000024508 _____ C:\Users\Buckner Plumbing\OneDrive\Desktop\FRST.txt
2024-03-19 06:05 - 2024-03-22 13:50 - 000000000 ____D C:\FRST
2024-03-19 06:04 - 2024-03-22 13:49 - 002391040 _____ (Farbar) C:\Users\Buckner Plumbing\OneDrive\Desktop\FRST64.exe
2024-03-16 11:40 - 2024-03-16 11:41 - 000000000 ___HD C:\adobeTemp
2024-03-14 15:56 - 2024-03-14 15:56 - 000019530 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-03-14 15:55 - 2024-03-14 15:55 - 000019530 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-03-14 15:03 - 2024-03-14 15:03 - 000000000 ___HD C:\$WinREAgent
2024-03-11 11:56 - 2024-03-11 11:56 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Documents\HealthCare.gov
2024-03-11 11:48 - 2024-03-11 11:48 - 000248658 _____ C:\Users\Buckner Plumbing\Downloads\EligibilityResultsNotice.pdf
2024-03-09 18:24 - 2024-03-09 18:24 - 000479131 _____ C:\Users\Buckner Plumbing\OneDrive\Documents\TN_unclaimed_3416264.pdf
2024-03-09 17:57 - 2024-03-09 17:58 - 000412458 _____ C:\Users\Buckner Plumbing\Downloads\17100123041763_302713.pdf
2024-03-09 17:57 - 2024-03-09 17:57 - 001376816 _____ (Google LLC) C:\Users\Buckner Plumbing\Downloads\ChromeSetup.exe
2024-03-09 13:38 - 2024-03-09 13:38 - 000000112 ___SH C:\bootTel.dat
2024-03-09 13:19 - 2024-03-09 13:19 - 000000017 _____ C:\Users\Buckner Plumbing\AppData\Local\resmon.resmoncfg
2024-03-05 18:25 - 2024-03-19 10:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2024-03-03 18:19 - 2024-03-03 18:19 - 000088939 _____ C:\Users\Buckner Plumbing\Downloads\CJ01Apr21_TO_09Apr21.txt
2024-02-29 15:20 - 2024-02-29 15:20 - 000129979 _____ C:\Users\Buckner Plumbing\Downloads\Download-2.PDF
2024-02-29 15:16 - 2024-02-29 15:16 - 000116202 _____ C:\Users\Buckner Plumbing\Downloads\Download-1.PDF
2024-02-29 15:11 - 2024-02-29 15:11 - 000116202 _____ C:\Users\Buckner Plumbing\Downloads\Download.PDF
2024-02-25 15:32 - 2024-02-25 15:32 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Documents\My Bluetooth
2024-02-25 15:32 - 2024-02-25 15:32 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Documents\hp.system.package.metadata
2024-02-25 15:32 - 2024-02-25 15:32 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Documents\hp.applications.package.appdata
2024-02-25 15:32 - 2024-02-25 15:32 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Documents\FLIR
2024-02-25 15:32 - 2024-02-25 15:32 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Documents\design
2024-02-25 15:32 - 2024-02-25 15:32 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Documents\Custom Office Templates
2024-02-25 15:31 - 2024-02-25 15:31 - 000000000 ___HD C:\OneDriveTemp
2024-02-25 15:31 - 2024-02-25 15:31 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Desktop\Buckner Plumbing
2024-02-25 15:16 - 2024-02-25 15:16 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Local\OneDrive
2024-02-25 14:53 - 2024-02-25 14:53 - 000000000 ____D C:\ProgramData\PLUG
2024-02-25 14:41 - 2024-02-25 14:41 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Local\Backup
2024-02-25 14:05 - 2024-02-25 14:05 - 000000992 _____ C:\Users\Buckner Plumbing\OneDrive\Desktop\CBS - Shortcut.lnk
2024-02-25 12:37 - 2024-02-25 12:37 - 000000000 ____D C:\Users\Buckner Plumbing\.ms-ad
2024-02-24 23:22 - 2024-02-24 23:38 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-02-24 23:22 - 2024-02-24 23:23 - 000000000 ____D C:\WINDOWS\InboxApps
2024-02-24 20:05 - 2024-02-24 20:05 - 000003160 _____ C:\WINDOWS\system32\Tasks\StartCN
2024-02-24 20:05 - 2024-02-24 20:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2024-02-24 20:04 - 2024-02-24 20:04 - 000000000 ____D C:\Program Files\ATI Technologies
2024-02-24 20:04 - 2024-02-24 20:04 - 000000000 ____D C:\Program Files (x86)\AMD
2024-02-24 19:51 - 2024-02-24 19:51 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\LocalLow\AMD
2024-02-24 19:47 - 2017-06-28 19:29 - 000922520 _____ (AMD) C:\WINDOWS\system32\coinst_16.50.dll
2024-02-24 19:47 - 2017-06-28 19:29 - 000290712 _____ C:\WINDOWS\system32\dgtrayicon.exe
2024-02-24 19:47 - 2017-06-28 19:29 - 000284056 _____ C:\WINDOWS\system32\GameManager64.dll
2024-02-24 19:47 - 2017-06-28 19:29 - 000277912 _____ C:\WINDOWS\system32\clinfo.exe
2024-02-24 19:47 - 2017-06-28 19:29 - 000276376 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2024-02-24 19:47 - 2017-06-28 19:29 - 000248728 _____ C:\WINDOWS\SysWOW64\GameManager32.dll
2024-02-24 19:47 - 2017-06-28 19:29 - 000242072 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2024-02-24 19:47 - 2017-06-28 19:29 - 000168856 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2024-02-24 19:47 - 2017-06-28 19:29 - 000143768 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2024-02-24 19:47 - 2017-06-28 19:29 - 000138136 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2024-02-24 19:47 - 2017-06-28 19:29 - 000117656 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2024-02-24 19:47 - 2017-06-28 19:28 - 000467352 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2024-02-24 19:47 - 2017-06-28 19:28 - 000239000 _____ C:\WINDOWS\system32\atieah64.exe
2024-02-24 19:47 - 2017-06-28 19:28 - 000216984 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2024-02-24 19:47 - 2017-06-28 19:28 - 000211864 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2024-02-24 19:47 - 2017-06-28 19:28 - 000185240 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2024-02-24 19:47 - 2017-06-28 19:28 - 000145304 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2024-02-24 19:47 - 2017-06-28 19:28 - 000126360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2024-02-24 19:47 - 2017-06-28 19:28 - 000119192 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2024-02-24 19:47 - 2017-06-28 19:25 - 000119736 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2024-02-24 19:47 - 2017-06-28 19:25 - 000102032 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2024-02-24 19:47 - 2017-06-28 07:59 - 000154384 _____ C:\WINDOWS\system32\samu_krnl_ci.sbin
2024-02-24 19:47 - 2017-06-28 07:59 - 000120368 _____ C:\WINDOWS\system32\kapp_ci.sbin
2024-02-24 19:47 - 2017-06-28 07:59 - 000115984 _____ C:\WINDOWS\system32\kapp_si.sbin
2024-02-24 19:46 - 2017-06-28 19:27 - 009880472 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdvlk64.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 007927192 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdvlk32.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 002501016 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 002183064 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 001015704 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 001015704 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 000411032 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2024-02-24 19:46 - 2017-06-28 19:27 - 000121240 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 000112024 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 000108440 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 000096152 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 000068504 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll
2024-02-24 19:46 - 2017-06-28 19:26 - 000853912 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2024-02-24 19:46 - 2017-06-28 19:26 - 000688024 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2024-02-24 19:46 - 2017-06-28 19:26 - 000256920 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2024-02-24 19:46 - 2017-06-28 19:26 - 000229784 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2024-02-24 19:46 - 2017-06-28 19:26 - 000091544 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmcl64.dll
2024-02-24 19:46 - 2017-06-28 19:26 - 000075160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmcl32.dll
2024-02-24 19:46 - 2017-06-28 19:25 - 000474984 _____ C:\WINDOWS\system32\amdmiracast.dll
2024-02-24 19:46 - 2017-06-28 19:25 - 000151448 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2024-02-24 19:46 - 2017-06-28 19:25 - 000135280 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2024-02-24 19:46 - 2017-06-28 19:25 - 000119736 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2024-02-24 19:46 - 2017-06-28 19:25 - 000102024 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2024-02-24 19:46 - 2017-06-28 19:24 - 000124920 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2024-02-24 19:46 - 2017-06-28 19:24 - 000112960 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2024-02-24 19:46 - 2017-06-28 07:59 - 000000144 _____ C:\WINDOWS\SysWOW64\amd-vulkan32.json
2024-02-24 19:46 - 2017-06-28 07:59 - 000000144 _____ C:\WINDOWS\system32\amd-vulkan64.json
2024-02-24 19:41 - 2024-02-24 19:41 - 000000000 ____D C:\ProgramData\SoundResearch
2024-02-24 19:37 - 2017-04-13 06:39 - 003122648 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2024-02-24 19:37 - 2017-04-13 06:39 - 001435136 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2024-02-24 19:37 - 2017-04-13 06:39 - 000532376 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2024-02-24 19:37 - 2017-04-13 06:39 - 000467152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2024-02-24 19:37 - 2017-04-13 06:39 - 000381408 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2024-02-24 19:37 - 2017-04-13 06:39 - 000341144 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2024-02-24 19:37 - 2017-04-13 06:39 - 000341144 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2024-02-24 19:37 - 2017-04-13 06:39 - 000166200 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2024-02-24 19:37 - 2017-04-13 06:38 - 001015864 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll
2024-02-24 19:37 - 2017-04-13 06:38 - 000984904 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2024-02-24 19:37 - 2017-04-13 06:38 - 000876400 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SEHDHF32.dll
2024-02-24 19:37 - 2017-04-13 06:38 - 000867152 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2024-02-24 19:37 - 2017-04-13 06:38 - 000865096 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2024-02-24 19:37 - 2017-04-13 06:38 - 000736936 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.dll
2024-02-24 19:37 - 2017-04-13 06:38 - 000525256 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2024-02-24 19:37 - 2017-04-13 06:38 - 000343696 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2024-02-24 19:37 - 2017-04-13 06:37 - 001353272 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2024-02-24 19:37 - 2017-04-13 06:37 - 000691672 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2024-02-24 19:37 - 2017-04-13 06:37 - 000387304 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2024-02-24 19:37 - 2017-04-13 06:37 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2024-02-24 19:37 - 2017-04-13 06:37 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2024-02-24 19:37 - 2017-04-13 06:37 - 000214824 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2024-02-24 19:37 - 2017-04-13 06:37 - 000110976 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2024-02-24 19:37 - 2017-04-13 06:37 - 000088336 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2024-02-24 19:37 - 2017-04-13 06:35 - 003677184 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2024-02-24 19:37 - 2017-04-13 06:35 - 003205120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2024-02-24 19:37 - 2017-04-13 06:35 - 002209792 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2024-02-24 19:37 - 2017-04-13 06:35 - 000258856 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2024-02-24 19:35 - 2017-04-13 06:36 - 001616680 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
2024-02-24 19:35 - 2017-04-13 06:36 - 001529128 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64Proxy.dll
2024-02-24 19:35 - 2017-04-13 06:36 - 000467136 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\CAF64APO2.dll
2024-02-24 19:35 - 2017-04-13 06:36 - 000112488 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\Caf64api.dll
2024-02-24 19:35 - 2017-04-13 06:35 - 000122312 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2024-02-24 19:35 - 2017-04-13 02:54 - 000000864 _____ C:\WINDOWS\system32\cxapo.prop
2024-02-24 18:20 - 2024-02-24 18:20 - 000001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2024-02-24 18:20 - 2024-02-24 18:20 - 000000000 ____D C:\Program Files\PCHealthCheck
2024-02-24 17:53 - 2024-02-24 19:42 - 000002285 _____ C:\Users\Buckner Plumbing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk
2024-02-24 17:52 - 2024-03-22 13:49 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-02-24 17:51 - 2024-02-24 18:56 - 000000000 ____D C:\Program Files\Mozilla Firefox

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-03-22 13:47 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-03-22 13:41 - 2021-02-04 15:06 - 000000000 ___RD C:\Users\Buckner Plumbing\Creative Cloud Files
2024-03-22 13:32 - 2021-05-02 11:40 - 000008192 ___SH C:\DumpStack.log.tmp
2024-03-22 13:32 - 2020-11-19 03:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-03-22 13:31 - 2019-12-07 05:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-03-22 13:31 - 2017-06-15 03:19 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2024-03-22 13:24 - 2017-06-15 22:41 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Local\HP
2024-03-22 13:24 - 2017-06-15 03:20 - 000000000 ____D C:\ProgramData\Package Cache
2024-03-22 13:19 - 2017-06-15 03:18 - 000000000 ____D C:\Program Files (x86)\HP
2024-03-22 13:19 - 2017-03-17 12:20 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Roaming\HP
2024-03-22 13:19 - 2016-10-21 08:33 - 000000000 ____D C:\ProgramData\HP
2024-03-22 13:12 - 2021-05-02 12:17 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2024-03-22 13:11 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2024-03-22 13:11 - 2019-12-07 05:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2024-03-22 13:10 - 2024-01-13 20:39 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1936981840-1978000543-3804904241-1001
2024-03-22 13:10 - 2021-05-02 12:17 - 000003390 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1936981840-1978000543-3804904241-1001
2024-03-22 13:10 - 2021-05-02 09:52 - 000002423 _____ C:\Users\Buckner Plumbing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-03-21 22:22 - 2020-11-19 03:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-03-21 18:18 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-03-21 17:31 - 2016-10-21 08:33 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2024-03-21 17:21 - 2021-02-04 16:45 - 000000000 ____D C:\Program Files\ruxim
2024-03-20 19:51 - 2017-03-17 12:23 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Roaming\Hewlett-Packard
2024-03-20 19:51 - 2016-10-21 08:34 - 000000000 ____D C:\Program Files (x86)\HP Inc
2024-03-20 19:51 - 2016-10-21 08:33 - 000000000 ____D C:\Program Files\HP
2024-03-20 19:51 - 2016-10-21 08:31 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2024-03-20 19:34 - 2017-05-05 20:22 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\LocalLow\Temp
2024-03-20 17:12 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-03-19 13:40 - 2016-10-21 08:37 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2024-03-18 12:18 - 2021-05-02 12:05 - 000934922 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-03-16 11:40 - 2021-02-04 15:20 - 000000000 ____D C:\Program Files\Common Files\Adobe
2024-03-16 11:37 - 2021-02-04 15:35 - 000000000 ____D C:\Program Files\Adobe
2024-03-16 11:23 - 2020-11-19 03:30 - 000336168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-03-16 11:17 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-03-16 11:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-03-16 11:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-03-16 11:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-03-16 11:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-03-16 11:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-03-16 11:17 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\servicing
2024-03-16 11:16 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-03-16 11:08 - 2018-05-04 22:10 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Local\Packages
2024-03-16 10:06 - 2020-11-19 03:32 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-03-14 16:09 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-03-14 15:55 - 2020-11-19 03:32 - 003017216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-03-14 14:48 - 2020-11-19 03:30 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-03-14 14:45 - 2017-03-17 15:32 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-03-14 14:31 - 2017-03-17 15:32 - 190470136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-03-07 18:01 - 2017-01-10 05:57 - 000000000 ____D C:\ProgramData\Realtek
2024-03-07 18:00 - 2017-03-21 10:37 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-03-07 17:47 - 2021-05-02 12:17 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2024-03-06 00:42 - 2017-03-21 10:37 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-03-05 23:24 - 2020-11-19 03:32 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-03-05 23:24 - 2020-11-19 03:32 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-03-04 05:31 - 2017-04-18 01:17 - 000000000 ____D C:\ProgramData\AMD
2024-02-29 14:40 - 2020-11-19 03:33 - 000000000 ____D C:\ProgramData\Packages
2024-02-29 13:39 - 2017-03-17 13:19 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Local\Hewlett-Packard
2024-02-29 13:24 - 2017-03-17 13:19 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Roaming\hpqLog
2024-02-29 13:24 - 2016-10-21 08:33 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2024-02-29 13:21 - 2016-08-23 15:10 - 000000000 ____D C:\SWSETUP
2024-02-25 20:47 - 2017-05-06 07:59 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Roaming\Microsoft\MMC
2024-02-25 16:04 - 2017-04-15 02:00 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Roaming\Microsoft\Word
2024-02-25 15:32 - 2021-05-02 09:52 - 000000000 ____D C:\Users\Buckner Plumbing
2024-02-25 15:31 - 2017-03-17 12:22 - 000000000 ___RD C:\Users\Buckner Plumbing\OneDrive
2024-02-25 15:27 - 2021-05-02 12:17 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-02-25 15:22 - 2024-01-29 21:43 - 000002121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk
2024-02-25 15:22 - 2024-01-29 21:43 - 000002110 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-02-25 14:39 - 2021-05-03 13:04 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2024-02-25 14:26 - 2018-01-13 07:59 - 000000000 ____D C:\Program Files\rempl
2024-02-25 12:37 - 2024-01-13 20:11 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Roaming\com.adobe.dunamis
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Com
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2024-02-24 23:23 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2024-02-24 23:23 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\IME
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Windows Defender
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\System
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2024-02-24 23:22 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemApps
2024-02-24 23:22 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\appcompat
2024-02-24 22:57 - 2019-12-07 05:52 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2024-02-24 22:57 - 2019-12-07 05:52 - 000020827 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2024-02-24 22:57 - 2019-12-07 05:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2024-02-24 22:57 - 2019-12-07 05:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2024-02-24 20:16 - 2021-05-02 12:17 - 000003506 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2024-02-24 20:15 - 2024-01-13 20:00 - 000003530 _____ C:\WINDOWS\system32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0
2024-02-24 19:55 - 2017-06-15 03:19 - 000000000 ____D C:\Program Files\AMD
2024-02-24 19:51 - 2017-06-15 03:19 - 000000000 ____D C:\AMD
2024-02-24 19:51 - 2017-03-17 12:21 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Local\AMD
2024-02-24 19:41 - 2017-06-15 03:20 - 000001851 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS Audio Control.lnk
2024-02-24 19:40 - 2017-06-15 03:20 - 000057556 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2024-02-24 19:38 - 2017-06-15 03:20 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2024-02-24 18:51 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2024-02-24 17:52 - 2017-03-21 10:39 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\LocalLow\Mozilla

==================== Files in the root of some directories ========

2017-03-17 12:19 - 2024-03-22 13:46 - 001329170 _____ () C:\Users\Buckner Plumbing\AppData\Local\BTServer.log
2018-10-26 12:52 - 2018-10-26 12:52 - 000000000 _____ () C:\Users\Buckner Plumbing\AppData\Local\oobelibMkey.log
2024-03-09 13:19 - 2024-03-09 13:19 - 000000017 _____ () C:\Users\Buckner Plumbing\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22.03.2024
Ran by Buckner Plumbing (22-03-2024 13:56:12)
Running from C:\Users\Buckner Plumbing\OneDrive\Desktop
Microsoft Windows 10 Home Version 22H2 19045.4170 (X64) (2021-05-02 16:20:08)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1936981840-1978000543-3804904241-500 - Administrator - Disabled)
Buckner Plumbing (S-1-5-21-1936981840-1978000543-3804904241-1001 - Administrator - Enabled) => C:\Users\Buckner Plumbing
DefaultAccount (S-1-5-21-1936981840-1978000543-3804904241-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1936981840-1978000543-3804904241-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-1936981840-1978000543-3804904241-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1936981840-1978000543-3804904241-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{13DA9C7C-EBFB-40D0-94A1-55B42883DF21}) (Version: 21.2.1 - HP Inc.) Hidden
ACP Application (HKLM\...\{FC5382F1-9A21-5071-E376-C401639D8227}) (Version: 2016.0809.2131.47 - Advanced Micro Devices, Inc.) Hidden
Adobe Acrobat (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 23.008.20555 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 6.1.0.587 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.4.0.63 - Adobe Inc.)
Adobe Illustrator 2020 (HKLM-x32\...\ILST_24_3) (Version: 24.3 - Adobe Inc.)
Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_1_1) (Version: 22.1.1.138 - Adobe Inc.)
Adobe Reader XI (11.0.23) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601053}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AMD Install Manager (HKLM\...\{870A7CB1-9CC6-98C6-0CFC-110F4E70395B}) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.) Hidden
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2017.0620.401.5401 - Advanced Micro Devices, Inc.)
Barn Yarn Collector's Edition (HKLM-x32\...\WTA-67b4db76-3743-45bd-b82a-ec7c5e521b94) (Version: 3.0.2.48 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.5.6909 - CyberLink Corp.)
CyberLink PowerDirector 14 (HKLM-x32\...\{6BADCD73-E925-46F7-A295-FF2448632728}) (Version: 14.0.2.3309 - CyberLink Corp.)
Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.863.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
FLIR Tools (HKLM-x32\...\{1E4B41AC-E594-4101-A677-FC23FA0BC0FE}) (Version: 5.13.18031.2002 - FLIR Systems) Hidden
FLIR Tools (HKLM-x32\...\{1f3093d4-5da7-4bb6-8e45-ef8f7ffb9b04}) (Version: 5.13.18031.2002 - FLIR Systems)
FLIR Tools English Documentation (HKLM-x32\...\{037C1BC6-8980-4C11-A648-62FD924256FD}) (Version: 5.13.18031.2002 - FLIR Systems) Hidden
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM\...\{2CB12285-90BF-469F-B973-34495ABAF048}) (Version: 5.2.20454 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{5C690381-6AF5-4374-B50C-02F0390E9980}) (Version: 5.2.20454 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{D711D91A-127D-4A11-BA83-634868AD8016}) (Version: 5.2.20454 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{EA274518-738D-4A48-A1CB-596173D4C6A2}) (Version: 5.2.20454 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{03ED1397-7E72-4F6E-A0F0-2994A0A13421}) (Version: 5.2.20454 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{5b1a1d22-bd59-44e0-a954-e2f18ec43a23}) (Version: 5.2.20454 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{B9ADB0F9-459B-4E6B-A021-0F38C73FC060}) (Version: 5.2.20454 - HP Inc.) Hidden
HP Recovery Manager (HKLM-x32\...\{64BAA990-F1FC-4145-A7B1-E41FBBC9DA47}) (Version: 1.2.1510 - HP) Hidden
HP System Event Utility (HKLM-x32\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.14 - HP Inc.)
IPCMultiViewSetup (HKLM-x32\...\{1C375B52-884F-40C1-A962-7F20048A7420}) (Version: 1.0.0 - IPCamera)
Letter Quest - Grimm's Journey (HKLM-x32\...\WTA-cb7f0e76-9578-4ef3-b7a8-b96046b1ca07) (Version: 3.0.2.118 - WildTangent) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.17328.20184 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 122.0.2365.92 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 122.0.2365.92 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\...\OneDriveSetup.exe) (Version: 24.045.0303.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (HKLM\...\{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (HKLM\...\{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (HKLM-x32\...\{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (HKLM-x32\...\{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31326 (HKLM-x32\...\{2d507699-404c-4c8b-a54a-38e352f32cdd}) (Version: 14.32.31326.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31326 (HKLM-x32\...\{817e21c1-6b3a-4bc1-8c49-67e4e1887b3a}) (Version: 14.32.31326.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31326 (HKLM\...\{38624EB5-356D-4B08-8357-C33D89A5C0C5}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31326 (HKLM\...\{C96241EA-9900-4FE8-85B3-1E238D509DF6}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31326 (HKLM-x32\...\{A250E750-DB3F-40C1-8460-8EF77C7582DA}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31326 (HKLM-x32\...\{46E11E7F-01E1-44D0-BB86-C67342D253DD}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 123.0.1 (x64 en-US)) (Version: 123.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.3 - Mozilla)
Mystika 2 (HKLM-x32\...\WTA-bb06e8c0-4b81-425c-804a-6267ade1aa0f) (Version: 1.1.2.4 - WildTangent) Hidden
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.17328.20142 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.17328.20142 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.17328.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14026.20246 - Microsoft Corporation) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.57 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8117 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.76 - REALTEK Semiconductor Corp.)
Revo Uninstaller 2.4.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.4.5 - VS Revo Group, Ltd.)
Runefall (HKLM-x32\...\WTA-18546825-9881-4edf-8e4e-c545a50bfc3f) (Version: 3.0.2.126 - WildTangent) Hidden
Sparkle 2 (HKLM-x32\...\WTA-87ecc590-42a0-4281-9334-6cdc2fbd2c65) (Version: 3.0.2.51 - WildTangent) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.5.10.75 - Synaptics Incorporated)
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{0746492E-47B6-4251-940C-44462DFD74BB}) (Version: 2.55.0.0 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{B9A7A138-BFD5-4C73-A269-F78CCA28150E}) (Version: 8.94.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{76A22428-2400-4521-96AF-7AC4A6174CA5}) (Version: 1.25.0.0 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.)
WebPlugin version 1.0.1.323 (HKLM-x32\...\{70019763-8886-4723-AFD6-D920B0E2F4AE}_is1) (Version: 1.0.1.323 - DVR Soft.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23214 - Microsoft Corporation)
Windows Driver Package - SeeSnake (CXCVBS) Media (10/01/2009 6.0.114.0) (HKLM\...\406A683F4E027049BD7ACBF3299A2FF13C802FFC) (Version: 10/01/2009 6.0.114.0 - SeeSnake)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )

Packages:
=========

Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2021-01-29] (Adobe Systems Incorporated)
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc [2024-01-13] (Adobe Systems Incorporated)
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2021-02-04] (Amazon.com)
Facebook -> C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2023.531.1.0_x64__8xx8rvfyw5nnt [2024-01-29] (Meta)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6 [2017-03-17] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6 [2024-02-29] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-05-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-05-03] (Microsoft Corporation) [MS Ad]
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2402.13001.0_x64__8wekyb3d8bbwe [2024-02-29] (Microsoft Corporation) [Startup Task]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2024-01-29] (Netflix, Inc.)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.19.1262.0_x64__8wekyb3d8bbwe [2024-02-29] (Microsoft Studios) [MS Ad]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-17] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1936981840-1978000543-3804904241-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-4AD7BFE68F30} -> [Creative Cloud Files] => C:\Users\Buckner Plumbing\Creative Cloud Files [2021-02-04 15:06]
CustomCLSID: HKU\S-1-5-21-1936981840-1978000543-3804904241-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-1936981840-1978000543-3804904241-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-03-16] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-03-16] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-03-16] (Adobe Inc. -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-03-16] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-06-20] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-03-16] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Inc.)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [57344 2008-12-17] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://secure.rezserver.com/sdk/v1/LinkFwd?refid=7684&destination=priceline&refclickid=square

==================== Loaded Modules (Whitelisted) =============

2016-09-14 00:14 - 2016-09-14 00:14 - 000011776 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 002013696 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000739840 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000191488 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000071168 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-06-15 04:36 - 2016-06-15 04:36 - 000050688 _____ (HP Inc.) [File not signed] c:\windows\system32\hpzinw12.dll
2016-06-15 04:36 - 2016-06-15 04:36 - 000066048 _____ (HP Inc.) [File not signed] c:\windows\system32\hpzipm12.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000049664 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qdds.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000029696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000037376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000459776 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjp2.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000236544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000275456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qmng.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000023552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000022528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000351744 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtiff.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000374784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 001212416 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 000912384 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 005496320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 005804544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 001061376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 003187712 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 002924544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 000310784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 005444608 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 000277504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 000193024 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {3EB731EC-856E-45EE-8468-F26F4FD58DEE} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {3EB731EC-856E-45EE-8468-F26F4FD58DEE} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1936981840-1978000543-3804904241-1001 -> {3EB731EC-856E-45EE-8468-F26F4FD58DEE} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2024-03-09] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1936981840-1978000543-3804904241-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated)
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=3791
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-03-09] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 07:47 - 2016-07-16 07:45 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1936981840-1978000543-3804904241-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "BtServer"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKLM\...\StartupApproved\Run32: => "HPRadioMgr"
HKLM\...\StartupApproved\Run32: => "SeeSnakeHQUpdater"
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_3C524E9FA40EF560AE6A5D7D0ECDB354"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{738AA787-A5B3-457C-A90D-82CA9720D8BB}] => (Allow) C:\ProgramData\FLIR Systems\FLIR Tools\Updates\FLIR Tools Updater.exe (FLIR Systems AB -> FLIR Systems)
FirewallRules: [{3016D91E-A4CE-46AC-BD0B-A790539EE6CA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3C5D89BF-2B7B-422C-8394-8E84767E22EC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D6E8D63F-F43F-4A74-9579-A3BC6EB32FC0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{19B35FA3-14D8-4DF8-8DDA-2FF5718DBA6A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe (CyberLink Corp. -> CyberLink)
FirewallRules: [{221EB7E1-1BF2-4984-BC38-2F9C1A505842}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{D0712CC8-4A8F-4219-9C4A-20A1FA18BF66}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{A09E4E47-B373-4662-A9FB-00848FD03D0B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E3C0F766-80C8-48F0-8790-5ED0B69192C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1E2F9E56-8481-47BD-8944-E0FB91443C58}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BD374420-B398-493D-8F4B-8014EA18F582}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1137CCD9-B9D0-4859-8EDC-68DD8020D178}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F160D60D-E2DB-4DAE-BEB1-87BCD66F0F45}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{494E55EC-909D-4711-BFA8-6FF0188C8BF8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F1BDDF4D-82F6-4758-8276-B31F926DA13E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.114.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4D9BD41B-506D-4E99-9ED2-C362B96D62DC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.114.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{36385761-3028-47E4-A9E7-B82096F0335E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.114.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{897EC260-CB95-4462-9C9B-202D536F7B16}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.114.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{00B510DA-B6D4-4B36-879E-F521BE80078E}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.92\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

14-03-2024 15:12:54 Windows Modules Installer
20-03-2024 19:49:41 AdwCleaner_BeforeCleaning_20/03/2024_19:49:36

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (03/22/2024 01:30:52 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress..

Error: (03/22/2024 01:30:52 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]

Error: (03/22/2024 01:30:52 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress..

Error: (03/22/2024 01:30:51 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]

Error: (03/22/2024 01:24:52 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid..

Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (03/22/2024 01:23:11 PM) (Source: MsiInstaller) (EventID: 11706) (User: BP-LAPTOP)
Description: Product: HP JumpStart Launch -- Error 1706. An installation package for the product HP JumpStart Launch cannot be found. Try the installation again using a valid copy of the installation package 'SetupHPJumpStartLaunch.msi'.

Error: (03/22/2024 01:21:25 PM) (Source: MsiInstaller) (EventID: 11706) (User: BP-LAPTOP)
Description: Product: HP JumpStart Bridge -- Error 1706. An installation package for the product HP JumpStart Bridge cannot be found. Try the installation again using a valid copy of the installation package 'SetupHPJumpStartBridge.msi'.

Error: (03/22/2024 01:08:44 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

System errors:
=============
Error: (03/22/2024 01:35:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/22/2024 01:35:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Comm Recovery service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/22/2024 01:35:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GamesAppIntegrationService service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/22/2024 01:32:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The uhssvc service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (03/22/2024 01:32:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the uhssvc service to connect.

Error: (03/21/2024 05:29:57 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240016: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.407.605.0) - Current Channel (Broad).

Error: (03/20/2024 08:05:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/20/2024 08:05:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Comm Recovery service failed to start due to the following error:
The system cannot find the file specified.

Windows Defender:
================
Date: 2024-03-20 17:22:51
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-03-20 17:15:36
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-03-19 07:43:29
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-03-18 12:47:35
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.B!ml&threatid=2147735505&enterprise=0
Name: Trojan:Win32/Wacatac.B!ml
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Buckner Plumbing\OneDrive\Desktop\FRST64.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Mozilla Firefox\firefox.exe
Security intelligence Version: AV: 1.407.521.0, AS: 1.407.521.0, NIS: 1.407.521.0
Engine Version: AM: 1.1.24020.9, NIS: 1.1.24020.9

Date: 2024-03-18 12:41:10
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.B!ml&threatid=2147735505&enterprise=0
Name: Trojan:Win32/Wacatac.B!ml
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Buckner Plumbing\Downloads\FRST64.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Mozilla Firefox\firefox.exe
Security intelligence Version: AV: 1.407.521.0, AS: 1.407.521.0, NIS: 1.407.521.0
Engine Version: AM: 1.1.24020.9, NIS: 1.1.24020.9
Event[0]:

Date: 2024-02-24 17:17:29
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.2952.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

Date: 2024-02-24 17:17:29
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.2952.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

Date: 2024-02-24 17:17:29
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.2952.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

Date: 2024-02-24 15:15:31
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.2917.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

Date: 2024-02-24 15:15:31
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.2917.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

CodeIntegrity:
===============
Date: 2024-03-22 13:00:41
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.

Date: 2024-03-21 18:17:55
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: Insyde F.21 10/27/2016
Motherboard: HP 81F9
Processor: AMD A10-9600P RADEON R5, 10 COMPUTE CORES 4C+6G
Percentage of memory in use: 48%
Total physical RAM: 7647.12 MB
Available physical RAM: 3969.92 MB
Total Virtual: 11999.12 MB
Available Virtual: 7406.54 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:916.59 GB) (Free:823.14 GB) (Model: TOSHIBA MQ01ABD100) NTFS
Drive d: (RECOVERY) (Fixed) (Total:13.69 GB) (Free:1.65 GB) (Model: TOSHIBA MQ01ABD100) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{7de8c6a7-9a55-438d-afb1-8e8177dab4fa}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.35 GB) NTFS
\\?\Volume{771c2074-a093-44da-aa77-3c96a07fbad7}\ () (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 395B16A8)

Partition: GPT.

==================== End of Addition.txt =======================

Attached Files

HP JumpStartBridge_image.PNG 7.56KB 0 downloads
HP JumpStartBridge_image2.PNG 5.9KB 0 downloads

#8 jcol1227

Topic Starter

Members
23 posts
OFFLINE

Local time:12:30 AM

Posted 22 March 2024 - 02:41 PM

Had to zip the FRST search results. Please see attached.

Attached Files

Search.zip 42.22KB 1 downloads

#9 polskamachina

Malware Response Team
5,622 posts
ONLINE

Gender:Male
Location:California
Local time:09:30 PM

Posted 22 March 2024 - 07:41 PM

Hi jcol1227

Glad to hear that you've noticed some improvement in your computer's performance. Regarding the JumpStart errors, we'll come back to that later. I wouldn't worry about it for now.

Let's continue with the McAfee removal.

Download the attached file, fixlist.txt, and place it into the same folder from which you will run FRST64.exe

Run FRST64.exe
Click on Fix
When the fix completes, you will be asked to restart your computer
Please close all open windows and allow the restart
When the restart has completed, the file, Fixlog.txt will have been placed onto your Desktop (or whatever folder from which you launched the program)
Copy and paste that file into your next reply to me

Run FRST64.exe
Click on Scan
When the scan completes, please copy and paste FRST.txt and Addition.txt into your next reply to me

In summary I will need from you:

Fixlog.txt
FRST.txt
Addition.txt
How is your computer performing now?

Let me know if you have any questions.

polskamachina

Attached Files

fixlist.txt 22.57KB 3 downloads

If I have made your computing life easier, please consider making a contribution.

#10 jcol1227

Topic Starter

Members
23 posts
OFFLINE

Local time:12:30 AM

Posted 23 March 2024 - 12:29 PM

Hey polskamachina,

Disk usage seems to be low now, but Im still noticing 100% usage after restart for maybe 15-20 minutes. Perhaps this is normal? All other performance peramaters seem good. Please see below for other requested information.

Fix result of Farbar Recovery Scan Tool (x64) Version: 23.03.2024 01
Ran by Buckner Plumbing (23-03-2024 12:56:19) Run:2
Running from C:\Users\Buckner Plumbing\OneDrive\Desktop
Loaded Profiles: Buckner Plumbing
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
C:\Windows\System32\Tasks_Migrated\McAfee Remediation (Prepare)
C:\Windows\System32\Tasks_Migrated\McAfeeLogon
C:\Windows\System32\Tasks_Migrated\McAfee\McAfee Auto Maintenance Task Agent
C:\Windows\System32\Tasks_Migrated\McAfee\McAfee Idle Detection Task
C:\Users\Buckner Plumbing\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\McAfee_McAgent
C:\SYSTEM.SAV\logs\BB\McAfee.txt
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\McAfee.js
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\McafeeDefender.css
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\McAfeeDefenderBanner.png
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\MCAfeeLogo.png
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\McafeeNoAv.css
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\McAfeeNoAvBanner.png
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\sv-SE\Solution_SFMcafeeDefender_A.html
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\sv-SE\Solution_SFMcafeeNoAV_A.html
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\pt-PT\Solution_SFMcafeeDefender_A.html
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\pt-PT\Solution_SFMcafeeNoAV_A.html
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\pl-PL\Solution_SFMcafeeDefender_A.html
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\pl-PL\Solution_SFMcafeeNoAV_A.html
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\nl-NL\Solution_SFMcafeeDefender_A.html
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\nl-NL\Solution_SFMcafeeNoAV_A.html
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\nb-NO\Solution_SFMcafeeDefender_A.html
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\nb-NO\Solution_SFMcafeeNoAV_A.html
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\it-IT\Solution_SFMcafeeDefender_A.html
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\it-IT\Solution_SFMcafeeNoAV_A.html
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\fr-FR\Solution_SFMcafeeDefender_A.html
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\fr-FR\Solution_SFMcafeeNoAV_A.html
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\fi-FI\Solution_SFMcafeeDefender_A.html
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\fi-FI\Solution_SFMcafeeNoAV_A.html
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\es-ES\Solution_SFMcafeeDefender_A.html
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\es-ES\Solution_SFMcafeeNoAV_A.html
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\en-US\Solution_SFMcafeeDefender_A.html
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\en-US\Solution_SFMcafeeNoAV_A.html
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\de-DE\Solution_SFMcafeeDefender_A.html
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\de-DE\Solution_SFMcafeeNoAV_A.html
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\da-DK\Solution_SFMcafeeDefender_A.html
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\da-DK\Solution_SFMcafeeNoAV_A.html
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\mcafee.css
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\mcafee.html
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\mcafee.js
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\resources\mcafee-big-logo.png
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\resources\mcafee-logo.png
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-ar.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-bg.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-ca.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-cs.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-da.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-de.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-el.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-en-gb.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-en-us.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-en.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-es-ar.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-es-es.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-es-mx.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-es.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-et.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-eu-es.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-eu.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-fi.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-fr-ca.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-fr.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-gl-es.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-gl.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-he.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-hr.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-hu.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-it.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-ja.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-ko.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-lt.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-lv.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-nb.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-nl.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-pl.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-pt-br.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-pt-pt.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-pt.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-ro.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-ru.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-sk.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-sl.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-sr.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-sv.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-th.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-tr.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-zh-cn.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-zh-hk.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-zh-tw.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-zh.json
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee.json
2018-06-20 21:38 - 2018-06-20 21:39 _____ C:\Windows\System32\Tasks_Migrated\McAfee
2021-05-02 12:17 - 2024-03-22 13:12 _____ C:\Windows\System32\Tasks\McAfee
2017-03-17 12:24 - 2017-03-21 08:13 _____ C:\Users\Buckner Plumbing\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#home.mcafee.com
2017-03-17 12:24 - 2017-03-17 12:24 _____ C:\Users\Buckner Plumbing\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QN3RUGC3\home.mcafee.com
2017-03-17 12:24 - 2024-03-22 13:10 _____ C:\Users\Buckner Plumbing\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QN3RUGC3\home.mcafee.com\AppSupport\Common\Secure\McAfee.swf
2017-03-17 12:59 - 2017-03-17 12:59 _____ C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee
2017-01-10 05:48 - 2017-01-10 05:48 _____ C:\hp\McAfeeRules
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C307ED64-2933-4E7E-869B-7EFC8F6C7B18}\LocalServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{309437E9-DE9F-4005-8C66-B1A74D6A23C2}\1.0\0\win64|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{309437E9-DE9F-4005-8C66-B1A74D6A23C2}\1.0\HELPDIR|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{16D2A02D-7200-4AD7-97FA-BEEE9D3AF9FC}\InProcServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A95B959F-64A9-43E4-A874-C8A77905854A}\InprocServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\OneSettings|TargetingAttributes
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\OneSettings|TargetingAttributesVerified
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\HP\HPActiveSupport\Devices|McAfeeSub
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\HP\HPActiveSupport\Devices|Dynamic
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\HP\HPActiveSupport\HPSF\ObjectState|McAfeeDefender_A
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1FCCD250-A453-4348-86C1-E5EA9B76FADB}|AppPath
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8F94DF3-F6C6-422a-8BFC-7EE0F60A8609}|AppPath
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\cfwids|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\ClientAnalyticsService|Path
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\ClientAnalyticsService|Path.Org
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\ClientAnalyticsService|Path.Win32
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\HipShieldK|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\HomeNetSvc|Path
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\HomeNetSvc|Path.Org
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\HomeNetSvc|Path.Win32
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\HomeNetSvc|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McAPExe|Path
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McAPExe|Path.Org
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McAPExe|Path.Win32
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McAPExe|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McAWFwk|Path
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McAWFwk|Path.Org
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McAWFwk|Path.Win32
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McAWFwk|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McBootDelayStartSvc|Path
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McBootDelayStartSvc|Path.Org
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McBootDelayStartSvc|Path.Win32
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McBootDelayStartSvc|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mccspsvc|Path
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mccspsvc|Path.Org
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mccspsvc|Path.Win32
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mccspsvc|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McMPFSvc|Path
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McMPFSvc|Path.Org
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McMPFSvc|Path.Win32
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McMPFSvc|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mcpltsvc|Path
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mcpltsvc|Path.Org
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mcpltsvc|Path.Win32
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mcpltsvc|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McProxy|Path
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McProxy|Path.Org
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McProxy|Path.Win32
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McProxy|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfeaack|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfeavfk|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfeelamk|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfefire|Path
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfefire|Path.Org
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfefire|Path.Win32
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfefire|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfefirek|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfehidk|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfemms|Path
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfemms|Path.Org
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfemms|Path.Win32
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfemms|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfencbdc|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfencrk|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfeplk|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfevtp|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfewfpk|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\ModuleCoreService|Path
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\ModuleCoreService|Path.Org
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\ModuleCoreService|Path.Win32
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\ModuleCoreService|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\MSK80Service|Path
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\MSK80Service|Path.Org
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\MSK80Service|Path.Win32
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\MSK80Service|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-1936981840-1978000543-3804904241-1001|\Device\HarddiskVolume3\PROGRA~1\COMMON~1\McAfee\platform\McUICnt.exe
DeleteValue: HKEY_USERS\S-1-5-21-1936981840-1978000543-3804904241-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\AppListBackup\EventDrivenBackedUpCompatInfo_1583164904|EventDrivenBackedUpCompatInfo_1583164904
DeleteValue: HKEY_USERS\S-1-5-21-1936981840-1978000543-3804904241-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\AppListBackup\EventDrivenBackedUpCompatInfo_1583166012|EventDrivenBackedUpCompatInfo_1583166012
DeleteValue: HKEY_USERS\S-1-5-21-1936981840-1978000543-3804904241-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\AppListBackup\EventDrivenBackedUpCompatInfo_1583166075|EventDrivenBackedUpCompatInfo_1583166075
DeleteValue: HKEY_USERS\S-1-5-21-1936981840-1978000543-3804904241-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\AppListBackup\ListOfEventDrivenBackedUpApps_1730433805|ListOfEventDrivenBackedUpApps_1730433805
DeleteValue: HKEY_USERS\S-1-5-21-1936981840-1978000543-3804904241-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\AppListBackup\ListOfTaskBackedUpTiles_1733417492|ListOfTaskBackedUpTiles_1733417492
DeleteValue: HKEY_USERS\S-1-5-21-1936981840-1978000543-3804904241-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\AppListBackup\TotalListOfLastBackedUpTiles_1733368274|TotalListOfLastBackedUpTiles_1733368274
DeleteValue: HKEY_USERS\S-1-5-21-1936981840-1978000543-3804904241-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{3CBED990-7F9F-410A-8CA1-0BF3598DA4B4}|AppId
DeleteValue: HKEY_USERS\S-1-5-21-1936981840-1978000543-3804904241-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F9E99AB6-DAF9-466D-82C4-548464D539F1}|AppId
DeleteValue: HKEY_USERS\S-1-5-21-1936981840-1978000543-3804904241-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\mcafee.com\agent\mcupdate.exe
DeleteValue: HKEY_USERS\S-1-5-21-1936981840-1978000543-3804904241-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
DeleteKey: HKEY_USERS\.DEFAULT\Software\McAfee
DeleteKey: HKEY_USERS\S-1-5-21-1936981840-1978000543-3804904241-1001\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\mcafee.com
DeleteKey: HKEY_USERS\S-1-5-21-1936981840-1978000543-3804904241-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{2f71e061-2230-4d10-b784-cffb8189ab5b}$windows.data.apps.appleveltileinfo$appleveltilelist\windows.data.apps.appleveltileinfo$w~mcafee.mcagent
DeleteKey: HKEY_USERS\S-1-5-21-1936981840-1978000543-3804904241-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{2f71e061-2230-4d10-b784-cffb8189ab5b}$windows.data.apps.appleveltileinfo$appleveltilelist\windows.data.apps.appleveltileinfo$w~mcafee.mcagent
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File]
End::
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Windows\System32\Tasks_Migrated\McAfee Remediation (Prepare) => moved successfully
C:\Windows\System32\Tasks_Migrated\McAfeeLogon => moved successfully
C:\Windows\System32\Tasks_Migrated\McAfee\McAfee Auto Maintenance Task Agent => moved successfully
C:\Windows\System32\Tasks_Migrated\McAfee\McAfee Idle Detection Task => moved successfully
C:\Users\Buckner Plumbing\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\McAfee_McAgent => moved successfully
C:\SYSTEM.SAV\logs\BB\McAfee.txt => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\McAfee.js => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\McafeeDefender.css => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\McAfeeDefenderBanner.png => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\MCAfeeLogo.png => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\McafeeNoAv.css => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\McAfeeNoAvBanner.png => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\sv-SE\Solution_SFMcafeeDefender_A.html => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\sv-SE\Solution_SFMcafeeNoAV_A.html => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\pt-PT\Solution_SFMcafeeDefender_A.html => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\pt-PT\Solution_SFMcafeeNoAV_A.html => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\pl-PL\Solution_SFMcafeeDefender_A.html => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\pl-PL\Solution_SFMcafeeNoAV_A.html => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\nl-NL\Solution_SFMcafeeDefender_A.html => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\nl-NL\Solution_SFMcafeeNoAV_A.html => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\nb-NO\Solution_SFMcafeeDefender_A.html => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\nb-NO\Solution_SFMcafeeNoAV_A.html => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\it-IT\Solution_SFMcafeeDefender_A.html => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\it-IT\Solution_SFMcafeeNoAV_A.html => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\fr-FR\Solution_SFMcafeeDefender_A.html => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\fr-FR\Solution_SFMcafeeNoAV_A.html => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\fi-FI\Solution_SFMcafeeDefender_A.html => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\fi-FI\Solution_SFMcafeeNoAV_A.html => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\es-ES\Solution_SFMcafeeDefender_A.html => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\es-ES\Solution_SFMcafeeNoAV_A.html => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\en-US\Solution_SFMcafeeDefender_A.html => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\en-US\Solution_SFMcafeeNoAV_A.html => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\de-DE\Solution_SFMcafeeDefender_A.html => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\de-DE\Solution_SFMcafeeNoAV_A.html => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\da-DK\Solution_SFMcafeeDefender_A.html => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6\www\solutions\da-DK\Solution_SFMcafeeNoAV_A.html => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\mcafee.css => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\mcafee.html => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\mcafee.js => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\resources\mcafee-big-logo.png => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\resources\mcafee-logo.png => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-ar.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-bg.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-ca.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-cs.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-da.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-de.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-el.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-en-gb.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-en-us.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-en.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-es-ar.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-es-es.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-es-mx.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-es.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-et.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-eu-es.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-eu.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-fi.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-fr-ca.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-fr.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-gl-es.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-gl.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-he.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-hr.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-hu.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-it.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-ja.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-ko.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-lt.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-lv.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-nb.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-nl.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-pl.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-pt-br.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-pt-pt.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-pt.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-ro.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-ru.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-sk.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-sl.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-sr.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-sv.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-th.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-tr.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-zh-cn.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-zh-hk.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-zh-tw.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee-zh.json => moved successfully
C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee\localization\lang\mcafee.json => moved successfully

"C:\Windows\System32\Tasks_Migrated\McAfee" Folder move:

C:\Windows\System32\Tasks_Migrated\McAfee => moved successfully

"C:\Windows\System32\Tasks\McAfee" Folder move:

C:\Windows\System32\Tasks\McAfee => moved successfully

"C:\Users\Buckner Plumbing\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#home.mcafee.com" Folder move:

C:\Users\Buckner Plumbing\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#home.mcafee.com => moved successfully

"C:\Users\Buckner Plumbing\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QN3RUGC3\home.mcafee.com" Folder move:

C:\Users\Buckner Plumbing\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QN3RUGC3\home.mcafee.com => moved successfully
"C:\Users\Buckner Plumbing\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QN3RUGC3\home.mcafee.com\AppSupport\Common\Secure\McAfee.swf" => not found

"C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee" Folder move:

C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6\WebSources\Content\Pages\mcafee => moved successfully

"C:\hp\McAfeeRules" Folder move:

C:\hp\McAfeeRules => moved successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C307ED64-2933-4E7E-869B-7EFC8F6C7B18}\LocalServer32\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{309437E9-DE9F-4005-8C66-B1A74D6A23C2}\1.0\0\win64\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{309437E9-DE9F-4005-8C66-B1A74D6A23C2}\1.0\HELPDIR\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{16D2A02D-7200-4AD7-97FA-BEEE9D3AF9FC}\InProcServer32\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A95B959F-64A9-43E4-A874-C8A77905854A}\InprocServer32\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\OneSettings\\TargetingAttributes" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\OneSettings\\TargetingAttributesVerified" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\HP\HPActiveSupport\Devices\\McAfeeSub" => not found
"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\HP\HPActiveSupport\Devices\\Dynamic" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\HP\HPActiveSupport\HPSF\ObjectState\\McAfeeDefender_A" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1FCCD250-A453-4348-86C1-E5EA9B76FADB}\\AppPath" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8F94DF3-F6C6-422a-8BFC-7EE0F60A8609}\\AppPath" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\cfwids\\DisplayName" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\ClientAnalyticsService\\Path" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\ClientAnalyticsService\\Path.Org" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\ClientAnalyticsService\\Path.Win32" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\HipShieldK\\DisplayName" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\HomeNetSvc\\Path" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\HomeNetSvc\\Path.Org" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\HomeNetSvc\\Path.Win32" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\HomeNetSvc\\DisplayName" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McAPExe\\Path" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McAPExe\\Path.Org" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McAPExe\\Path.Win32" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McAPExe\\DisplayName" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McAWFwk\\Path" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McAWFwk\\Path.Org" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McAWFwk\\Path.Win32" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McAWFwk\\DisplayName" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McBootDelayStartSvc\\Path" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McBootDelayStartSvc\\Path.Org" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McBootDelayStartSvc\\Path.Win32" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McBootDelayStartSvc\\DisplayName" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mccspsvc\\Path" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mccspsvc\\Path.Org" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mccspsvc\\Path.Win32" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mccspsvc\\DisplayName" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McMPFSvc\\Path" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McMPFSvc\\Path.Org" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McMPFSvc\\Path.Win32" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McMPFSvc\\DisplayName" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mcpltsvc\\Path" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mcpltsvc\\Path.Org" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mcpltsvc\\Path.Win32" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mcpltsvc\\DisplayName" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McProxy\\Path" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McProxy\\Path.Org" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McProxy\\Path.Win32" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McProxy\\DisplayName" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfeaack\\DisplayName" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfeavfk\\DisplayName" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfeelamk\\DisplayName" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfefire\\Path" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfefire\\Path.Org" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfefire\\Path.Win32" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfefire\\DisplayName" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfefirek\\DisplayName" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfehidk\\DisplayName" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfemms\\Path" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfemms\\Path.Org" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfemms\\Path.Win32" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfemms\\DisplayName" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfencbdc\\DisplayName" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfencrk\\DisplayName" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfeplk\\DisplayName" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfevtp\\DisplayName" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfewfpk\\DisplayName" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\ModuleCoreService\\Path" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\ModuleCoreService\\Path.Org" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\ModuleCoreService\\Path.Win32" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\ModuleCoreService\\DisplayName" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\MSK80Service\\Path" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\MSK80Service\\Path.Org" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\MSK80Service\\Path.Win32" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\MSK80Service\\DisplayName" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-1936981840-1978000543-3804904241-1001\\\Device\HarddiskVolume3\PROGRA~1\COMMON~1\McAfee\platform\McUICnt.exe" => removed successfully
"HKEY_USERS\S-1-5-21-1936981840-1978000543-3804904241-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\AppListBackup\EventDrivenBackedUpCompatInfo_1583164904\\EventDrivenBackedUpCompatInfo_1583164904" => removed successfully
"HKEY_USERS\S-1-5-21-1936981840-1978000543-3804904241-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\AppListBackup\EventDrivenBackedUpCompatInfo_1583166012\\EventDrivenBackedUpCompatInfo_1583166012" => removed successfully
"HKEY_USERS\S-1-5-21-1936981840-1978000543-3804904241-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\AppListBackup\EventDrivenBackedUpCompatInfo_1583166075\\EventDrivenBackedUpCompatInfo_1583166075" => removed successfully
"HKEY_USERS\S-1-5-21-1936981840-1978000543-3804904241-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\AppListBackup\ListOfEventDrivenBackedUpApps_1730433805\\ListOfEventDrivenBackedUpApps_1730433805" => removed successfully
"HKEY_USERS\S-1-5-21-1936981840-1978000543-3804904241-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\AppListBackup\ListOfTaskBackedUpTiles_1733417492\\ListOfTaskBackedUpTiles_1733417492" => removed successfully
"HKEY_USERS\S-1-5-21-1936981840-1978000543-3804904241-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\AppListBackup\TotalListOfLastBackedUpTiles_1733368274\\TotalListOfLastBackedUpTiles_1733368274" => removed successfully
"HKEY_USERS\S-1-5-21-1936981840-1978000543-3804904241-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{3CBED990-7F9F-410A-8CA1-0BF3598DA4B4}\\AppId" => removed successfully
"HKEY_USERS\S-1-5-21-1936981840-1978000543-3804904241-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F9E99AB6-DAF9-466D-82C4-548464D539F1}\\AppId" => removed successfully
"HKEY_USERS\S-1-5-21-1936981840-1978000543-3804904241-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Program Files\mcafee.com\agent\mcupdate.exe" => removed successfully
"HKEY_USERS\S-1-5-21-1936981840-1978000543-3804904241-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Program Files\Common Files\McAfee\platform\McUICnt.exe" => removed successfully
HKEY_USERS\.DEFAULT\Software\McAfee => removed successfully
HKEY_USERS\S-1-5-21-1936981840-1978000543-3804904241-1001\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\mcafee.com => removed successfully
HKEY_USERS\S-1-5-21-1936981840-1978000543-3804904241-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{2f71e061-2230-4d10-b784-cffb8189ab5b}$windows.data.apps.appleveltileinfo$appleveltilelist\windows.data.apps.appleveltileinfo$w~mcafee.mcagent => removed successfully
HKEY_USERS\S-1-5-21-1936981840-1978000543-3804904241-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{2f71e061-2230-4d10-b784-cffb8189ab5b}$windows.data.apps.appleveltileinfo$appleveltilelist\windows.data.apps.appleveltileinfo$w~mcafee.mcagent => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0 => removed successfully

The system needed a reboot.

==== End of Fixlog 12:57:26 ====

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.03.2024 01
Ran by Buckner Plumbing (administrator) on BP-LAPTOP (HP HP Notebook) (23-03-2024 13:03:16)
Running from C:\Users\Buckner Plumbing\OneDrive\Desktop\FRST64.exe
Loaded Profiles: Buckner Plumbing
Platform: Microsoft Windows 10 Home Version 22H2 19045.4170 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\BridgeCommunication.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> ) C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(services.exe ->) (CyberLink Corp. -> CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(svchost.exe ->) (Dropbox, Inc -> ) C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
(svchost.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9217024 2017-04-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [231640 2016-09-20] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4096992 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [705784 2016-06-20] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2024-01-13] (Adobe Inc. -> )
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [8731040 2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\...\Run: [MicrosoftEdgeAutoLaunch_3C524E9FA40EF560AE6A5D7D0ECDB354] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4060608 2024-03-07] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\hpcpp196: C:\Windows\System32\spool\prtprocs\x64\hpcpp196.dll [758000 2017-02-14] (HP Inc. -> HP Inc.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [203936 2024-01-13] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\HP Universal Print Monitor: C:\WINDOWS\system32\HPMPW081.DLL [127728 2017-02-14] (HP Inc. -> HP Inc.)
HKLM\...\Print\Monitors\HPMLM190: C:\WINDOWS\system32\hpmlm190.dll [310696 2017-02-14] (HP Inc. -> HP Inc.)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {88C3785B-77B3-4DC2-AA20-B646069AC8A3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {25B551F9-7C7F-4F1E-AB30-D2B1CF1761DD} - System32\Tasks\Adobe Creative Cloud => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [1131488 2024-01-13] (Adobe Inc. -> Adobe Inc.)
Task: {505703A0-6780-44E9-83F5-9132DAC01B04} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4096992 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {363A5FD7-DDD4-46DA-9EAB-3B3429497F71} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [4434400 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {4A7C5211-7393-4C3E-8208-B4580CAA4171} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [584488 2016-09-21] (Dropbox, Inc -> )
Task: {F8022533-4096-4FC4-B348-6E3AA1BB9813} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-01-29] (Dropbox, Inc -> Dropbox, Inc.)
Task: {938E617C-282A-4726-B4F4-AA8A92A2581D} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-01-29] (Dropbox, Inc -> Dropbox, Inc.)
Task: {B4CCC76C-CE99-45A5-9013-0D69C8B119FD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [703536 2024-02-01] (HP Inc. -> HP Inc.) -> C:\Program Files (x86)\HP\HP Support Framework\\/show
Task: {CC3CD0DC-A784-4338-B339-942254500380} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2024-02-01] (HP Inc. -> HP Inc.)
Task: {47FE9080-3210-4D46-9A8A-F036DD28E404} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1161264 2024-02-01] (HP Inc. -> HP Inc.)
Task: {36A8DDF7-B1D0-4A9A-A58C-B4DD9F8326CE} - System32\Tasks\HPEA3JOBS => C:\Program -> Files\HP\HP ePrint\hpeprint.exe /CheckJobs
Task: {EB05428C-84E0-4BFF-9530-CB92D31AB621} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28491744 2024-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {19579CBF-5A68-47B7-A2F8-5985760CB941} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28491744 2024-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {EE2F5648-DED0-4B02-938B-C5E84092CB87} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [220608 2024-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {ED6085B5-DE3A-42D9-BD16-6C521207A000} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [220608 2024-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {442A5E67-2751-47C4-9F85-4D0F69394325} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonx86\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe [342736 2024-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {6390E4D4-D0BB-4053-815B-1189B4FAAB26} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCmdRun.exe [1650024 2024-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C803DEBF-D109-4263-B19C-3522A3428B68} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCmdRun.exe [1650024 2024-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C77C2146-B72D-460D-B947-10E53303F81D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCmdRun.exe [1650024 2024-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {67F0E93C-9B8C-45C7-9E78-8EFFE8624F9F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCmdRun.exe [1650024 2024-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FF19AEF6-FA1F-4BE3-B818-32DCD77A5D51} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [671648 2024-03-05] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {43B402A2-8DBE-45FD-B143-CF19A2E7C111} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-1936981840-1978000543-3804904241-1001 E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [671648 2024-03-05] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {D0BCC693-0878-44E0-B7B1-F2C897B40F85} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34720 2024-02-24] (Mozilla Corporation -> Mozilla Foundation)
Task: {3EC0C88A-D0D9-4E7F-AEF2-A7DDB8721EF0} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [34720 2024-03-05] (Mozilla Corporation -> Mozilla Foundation)
Task: {F9BBC389-A626-4895-975D-D7925CB0414A} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [52104 2017-06-20] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{418c7cc2-f2ba-413a-86bc-89e01001936f}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Buckner Plumbing\AppData\Local\Microsoft\Edge\User Data\Default [2024-03-23]
Edge Extension: (Google Docs Offline) - C:\Users\Buckner Plumbing\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-09]
Edge Extension: (Edge relevant text changes) - C:\Users\Buckner Plumbing\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-29]

FireFox:
========
FF DefaultProfile: upx7vtdc.default
FF ProfilePath: C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\0sx8i1eu.default-release [2024-03-23]
FF DownloadDir: C:\Users\Buckner Plumbing\Downloads
FF ProfilePath: C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default [2024-03-23]
FF Notifications: Mozilla\Firefox\Profiles\upx7vtdc.default -> hxxps://spark.adobe.com
FF Extension: (Firefox All Aboard 1.6) - C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default\Extensions\@all-aboard-v1-6.xpi [2017-05-11] [Legacy]
FF Extension: (Adaware AdBlock) - C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default\Extensions\AdBlockerLavaSoftFF@lavasoft.com.xpi [2024-01-29]
FF Extension: (uBlock Origin) - C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default\Extensions\uBlock0@raymondhill.net.xpi [2024-02-24]
FF Extension: (Block Site) - C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default\Extensions\{07046613-1993-4b66-9dd1-9dd1ce581cb7}.xpi [2020-10-08]
FF Extension: (Re-Pagination) - C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default\Extensions\{6072cb90-a0bd-11da-a746-0800200c9a66}.xpi [2017-09-06] [Legacy]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-06-13] [Legacy]
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-12-07]
FF Extension: (Firefox All Aboard 1.6) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\@all-aboard-v1-6 [2024-03-05] [Legacy]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2024-01-13] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @devicesoft.com/np_device_plugin -> C:\Users\Buckner Plumbing\AppData\Roaming\WebPlugins\DVR\npDvrSVideo.dll [2017-05-17] (npDvrSVideo) [File not signed]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-02-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2024-01-13] (Adobe Inc. -> Adobe Systems)

Chrome:
=======
CHR HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2017-06-20] (Advanced Micro Devices, Inc. -> )
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [944096 2024-01-13] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [4555744 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
S2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-08-10] (Advanced Micro Devices) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [125656 2016-09-20] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14097992 2024-03-19] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-01-29] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-01-29] (Dropbox, Inc -> Dropbox, Inc.)
R2 HPAppHelperCap; C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe [891328 2024-02-01] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Program Files\HP\HP Enabling Services\DiagsCap.exe [889896 2024-02-01] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Program Files\HP\HP Enabling Services\NetworkCap.exe [886824 2024-02-01] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe [890408 2024-02-01] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [631800 2016-06-20] (HP Inc. -> HP Inc.)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2016-06-15] (HP Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2016-06-15] (HP Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2016-03-23] (CyberLink Corp. -> CyberLink)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\NisSrv.exe [3191272 2024-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MsMpEng.exe [133688 2024-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 GamesAppIntegrationService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe" [X]
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
S2 HP Comm Recover; "C:\Program Files\HPCommRecovery\HPCommRecovery.exe" [X]
S2 HPJumpStartBridge; "c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe" [X]
S2 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [20928 2024-03-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [603416 2024-03-14] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105752 2024-03-14] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [40200 2023-11-17] (HP Inc. -> HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-03-23 13:03 - 2024-03-23 13:06 - 000023161 _____ C:\Users\Buckner Plumbing\OneDrive\Desktop\FRST.txt
2024-03-23 12:56 - 2024-03-23 12:57 - 000050231 _____ C:\Users\Buckner Plumbing\OneDrive\Desktop\Fixlog.txt
2024-03-23 12:56 - 2024-03-23 12:56 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Desktop\FRST-OlderVersion
2024-03-22 15:38 - 2024-03-22 15:38 - 000043231 _____ C:\Users\Buckner Plumbing\OneDrive\Desktop\Search.zip
2024-03-22 14:22 - 2024-03-22 15:17 - 000272836 _____ C:\Users\Buckner Plumbing\OneDrive\Desktop\Search.txt
2024-03-22 13:20 - 2024-03-22 13:23 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Desktop\Revo Uninstaller
2024-03-22 13:02 - 2024-03-22 13:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2024-03-22 13:02 - 2024-03-22 13:02 - 000000000 ____D C:\Program Files\VS Revo Group
2024-03-21 02:48 - 2024-03-21 02:48 - 000000506 _____ C:\Users\Buckner Plumbing\OneDrive\Desktop\ESET_scan.txt
2024-03-20 20:06 - 2024-03-20 20:16 - 000001300 _____ C:\Users\Buckner Plumbing\OneDrive\Desktop\ESET Online Scanner.lnk
2024-03-20 20:04 - 2024-03-20 20:16 - 000001400 _____ C:\Users\Buckner Plumbing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2024-03-20 20:04 - 2024-03-20 20:04 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Local\ESET
2024-03-20 19:57 - 2024-03-20 19:57 - 008389496 _____ (ESET) C:\Users\Buckner Plumbing\OneDrive\Desktop\esetonlinescanner.exe
2024-03-20 19:52 - 2024-03-20 19:52 - 000008921 _____ C:\Users\Buckner Plumbing\OneDrive\Desktop\AdwCleaner[C00].txt
2024-03-20 19:45 - 2024-03-20 19:51 - 000000000 ____D C:\AdwCleaner
2024-03-20 19:44 - 2024-03-20 19:44 - 008790880 _____ (Malwarebytes) C:\Users\Buckner Plumbing\OneDrive\Desktop\adwcleaner.exe
2024-03-20 19:39 - 2024-03-20 19:39 - 000000000 ___HD C:\ProgramData\temp
2024-03-19 06:05 - 2024-03-23 13:05 - 000000000 ____D C:\FRST
2024-03-19 06:04 - 2024-03-23 12:56 - 002391552 _____ (Farbar) C:\Users\Buckner Plumbing\OneDrive\Desktop\FRST64.exe
2024-03-16 11:40 - 2024-03-16 11:41 - 000000000 ___HD C:\adobeTemp
2024-03-14 15:56 - 2024-03-14 15:56 - 000019530 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-03-14 15:55 - 2024-03-14 15:55 - 000019530 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-03-14 15:03 - 2024-03-14 15:03 - 000000000 ___HD C:\$WinREAgent
2024-03-11 11:56 - 2024-03-11 11:56 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Documents\HealthCare.gov
2024-03-11 11:48 - 2024-03-11 11:48 - 000248658 _____ C:\Users\Buckner Plumbing\Downloads\EligibilityResultsNotice.pdf
2024-03-09 18:24 - 2024-03-09 18:24 - 000479131 _____ C:\Users\Buckner Plumbing\OneDrive\Documents\TN_unclaimed_3416264.pdf
2024-03-09 17:57 - 2024-03-09 17:58 - 000412458 _____ C:\Users\Buckner Plumbing\Downloads\17100123041763_302713.pdf
2024-03-09 17:57 - 2024-03-09 17:57 - 001376816 _____ (Google LLC) C:\Users\Buckner Plumbing\Downloads\ChromeSetup.exe
2024-03-09 13:38 - 2024-03-09 13:38 - 000000112 ___SH C:\bootTel.dat
2024-03-09 13:19 - 2024-03-09 13:19 - 000000017 _____ C:\Users\Buckner Plumbing\AppData\Local\resmon.resmoncfg
2024-03-05 18:25 - 2024-03-19 10:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2024-03-03 18:19 - 2024-03-03 18:19 - 000088939 _____ C:\Users\Buckner Plumbing\Downloads\CJ01Apr21_TO_09Apr21.txt
2024-02-29 15:20 - 2024-02-29 15:20 - 000129979 _____ C:\Users\Buckner Plumbing\Downloads\Download-2.PDF
2024-02-29 15:16 - 2024-02-29 15:16 - 000116202 _____ C:\Users\Buckner Plumbing\Downloads\Download-1.PDF
2024-02-29 15:11 - 2024-02-29 15:11 - 000116202 _____ C:\Users\Buckner Plumbing\Downloads\Download.PDF
2024-02-25 15:32 - 2024-02-25 15:32 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Documents\My Bluetooth
2024-02-25 15:32 - 2024-02-25 15:32 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Documents\hp.system.package.metadata
2024-02-25 15:32 - 2024-02-25 15:32 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Documents\hp.applications.package.appdata
2024-02-25 15:32 - 2024-02-25 15:32 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Documents\FLIR
2024-02-25 15:32 - 2024-02-25 15:32 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Documents\design
2024-02-25 15:32 - 2024-02-25 15:32 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Documents\Custom Office Templates
2024-02-25 15:31 - 2024-02-25 15:31 - 000000000 ___HD C:\OneDriveTemp
2024-02-25 15:31 - 2024-02-25 15:31 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Desktop\Buckner Plumbing
2024-02-25 15:16 - 2024-02-25 15:16 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Local\OneDrive
2024-02-25 14:53 - 2024-02-25 14:53 - 000000000 ____D C:\ProgramData\PLUG
2024-02-25 14:41 - 2024-02-25 14:41 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Local\Backup
2024-02-25 14:05 - 2024-02-25 14:05 - 000000992 _____ C:\Users\Buckner Plumbing\OneDrive\Desktop\CBS - Shortcut.lnk
2024-02-25 12:37 - 2024-02-25 12:37 - 000000000 ____D C:\Users\Buckner Plumbing\.ms-ad
2024-02-24 23:22 - 2024-02-24 23:38 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-02-24 23:22 - 2024-02-24 23:23 - 000000000 ____D C:\WINDOWS\InboxApps
2024-02-24 20:05 - 2024-02-24 20:05 - 000003160 _____ C:\WINDOWS\system32\Tasks\StartCN
2024-02-24 20:05 - 2024-02-24 20:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2024-02-24 20:04 - 2024-02-24 20:04 - 000000000 ____D C:\Program Files\ATI Technologies
2024-02-24 20:04 - 2024-02-24 20:04 - 000000000 ____D C:\Program Files (x86)\AMD
2024-02-24 19:51 - 2024-02-24 19:51 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\LocalLow\AMD
2024-02-24 19:47 - 2017-06-28 19:29 - 000922520 _____ (AMD) C:\WINDOWS\system32\coinst_16.50.dll
2024-02-24 19:47 - 2017-06-28 19:29 - 000290712 _____ C:\WINDOWS\system32\dgtrayicon.exe
2024-02-24 19:47 - 2017-06-28 19:29 - 000284056 _____ C:\WINDOWS\system32\GameManager64.dll
2024-02-24 19:47 - 2017-06-28 19:29 - 000277912 _____ C:\WINDOWS\system32\clinfo.exe
2024-02-24 19:47 - 2017-06-28 19:29 - 000276376 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2024-02-24 19:47 - 2017-06-28 19:29 - 000248728 _____ C:\WINDOWS\SysWOW64\GameManager32.dll
2024-02-24 19:47 - 2017-06-28 19:29 - 000242072 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2024-02-24 19:47 - 2017-06-28 19:29 - 000168856 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2024-02-24 19:47 - 2017-06-28 19:29 - 000143768 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2024-02-24 19:47 - 2017-06-28 19:29 - 000138136 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2024-02-24 19:47 - 2017-06-28 19:29 - 000117656 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2024-02-24 19:47 - 2017-06-28 19:28 - 000467352 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2024-02-24 19:47 - 2017-06-28 19:28 - 000239000 _____ C:\WINDOWS\system32\atieah64.exe
2024-02-24 19:47 - 2017-06-28 19:28 - 000216984 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2024-02-24 19:47 - 2017-06-28 19:28 - 000211864 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2024-02-24 19:47 - 2017-06-28 19:28 - 000185240 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2024-02-24 19:47 - 2017-06-28 19:28 - 000145304 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2024-02-24 19:47 - 2017-06-28 19:28 - 000126360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2024-02-24 19:47 - 2017-06-28 19:28 - 000119192 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2024-02-24 19:47 - 2017-06-28 19:25 - 000119736 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2024-02-24 19:47 - 2017-06-28 19:25 - 000102032 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2024-02-24 19:47 - 2017-06-28 07:59 - 000154384 _____ C:\WINDOWS\system32\samu_krnl_ci.sbin
2024-02-24 19:47 - 2017-06-28 07:59 - 000120368 _____ C:\WINDOWS\system32\kapp_ci.sbin
2024-02-24 19:47 - 2017-06-28 07:59 - 000115984 _____ C:\WINDOWS\system32\kapp_si.sbin
2024-02-24 19:46 - 2017-06-28 19:27 - 009880472 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdvlk64.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 007927192 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdvlk32.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 002501016 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 002183064 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 001015704 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 001015704 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 000411032 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2024-02-24 19:46 - 2017-06-28 19:27 - 000121240 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 000112024 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 000108440 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 000096152 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 000068504 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll
2024-02-24 19:46 - 2017-06-28 19:26 - 000853912 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2024-02-24 19:46 - 2017-06-28 19:26 - 000688024 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2024-02-24 19:46 - 2017-06-28 19:26 - 000256920 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2024-02-24 19:46 - 2017-06-28 19:26 - 000229784 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2024-02-24 19:46 - 2017-06-28 19:26 - 000091544 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmcl64.dll
2024-02-24 19:46 - 2017-06-28 19:26 - 000075160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmcl32.dll
2024-02-24 19:46 - 2017-06-28 19:25 - 000474984 _____ C:\WINDOWS\system32\amdmiracast.dll
2024-02-24 19:46 - 2017-06-28 19:25 - 000151448 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2024-02-24 19:46 - 2017-06-28 19:25 - 000135280 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2024-02-24 19:46 - 2017-06-28 19:25 - 000119736 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2024-02-24 19:46 - 2017-06-28 19:25 - 000102024 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2024-02-24 19:46 - 2017-06-28 19:24 - 000124920 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2024-02-24 19:46 - 2017-06-28 19:24 - 000112960 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2024-02-24 19:46 - 2017-06-28 07:59 - 000000144 _____ C:\WINDOWS\SysWOW64\amd-vulkan32.json
2024-02-24 19:46 - 2017-06-28 07:59 - 000000144 _____ C:\WINDOWS\system32\amd-vulkan64.json
2024-02-24 19:41 - 2024-02-24 19:41 - 000000000 ____D C:\ProgramData\SoundResearch
2024-02-24 19:37 - 2017-04-13 06:39 - 003122648 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2024-02-24 19:37 - 2017-04-13 06:39 - 001435136 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2024-02-24 19:37 - 2017-04-13 06:39 - 000532376 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2024-02-24 19:37 - 2017-04-13 06:39 - 000467152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2024-02-24 19:37 - 2017-04-13 06:39 - 000381408 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2024-02-24 19:37 - 2017-04-13 06:39 - 000341144 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2024-02-24 19:37 - 2017-04-13 06:39 - 000341144 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2024-02-24 19:37 - 2017-04-13 06:39 - 000166200 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2024-02-24 19:37 - 2017-04-13 06:38 - 001015864 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll
2024-02-24 19:37 - 2017-04-13 06:38 - 000984904 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2024-02-24 19:37 - 2017-04-13 06:38 - 000876400 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SEHDHF32.dll
2024-02-24 19:37 - 2017-04-13 06:38 - 000867152 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2024-02-24 19:37 - 2017-04-13 06:38 - 000865096 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2024-02-24 19:37 - 2017-04-13 06:38 - 000736936 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.dll
2024-02-24 19:37 - 2017-04-13 06:38 - 000525256 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2024-02-24 19:37 - 2017-04-13 06:38 - 000343696 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2024-02-24 19:37 - 2017-04-13 06:37 - 001353272 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2024-02-24 19:37 - 2017-04-13 06:37 - 000691672 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2024-02-24 19:37 - 2017-04-13 06:37 - 000387304 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2024-02-24 19:37 - 2017-04-13 06:37 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2024-02-24 19:37 - 2017-04-13 06:37 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2024-02-24 19:37 - 2017-04-13 06:37 - 000214824 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2024-02-24 19:37 - 2017-04-13 06:37 - 000110976 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2024-02-24 19:37 - 2017-04-13 06:37 - 000088336 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2024-02-24 19:37 - 2017-04-13 06:35 - 003677184 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2024-02-24 19:37 - 2017-04-13 06:35 - 003205120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2024-02-24 19:37 - 2017-04-13 06:35 - 002209792 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2024-02-24 19:37 - 2017-04-13 06:35 - 000258856 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2024-02-24 19:35 - 2017-04-13 06:36 - 001616680 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
2024-02-24 19:35 - 2017-04-13 06:36 - 001529128 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64Proxy.dll
2024-02-24 19:35 - 2017-04-13 06:36 - 000467136 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\CAF64APO2.dll
2024-02-24 19:35 - 2017-04-13 06:36 - 000112488 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\Caf64api.dll
2024-02-24 19:35 - 2017-04-13 06:35 - 000122312 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2024-02-24 19:35 - 2017-04-13 02:54 - 000000864 _____ C:\WINDOWS\system32\cxapo.prop
2024-02-24 18:20 - 2024-02-24 18:20 - 000001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2024-02-24 18:20 - 2024-02-24 18:20 - 000000000 ____D C:\Program Files\PCHealthCheck
2024-02-24 17:53 - 2024-02-24 19:42 - 000002285 _____ C:\Users\Buckner Plumbing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk
2024-02-24 17:52 - 2024-03-22 13:49 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-02-24 17:51 - 2024-02-24 18:56 - 000000000 ____D C:\Program Files\Mozilla Firefox

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-03-23 13:02 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-03-23 12:59 - 2021-05-02 11:40 - 000008192 ___SH C:\DumpStack.log.tmp
2024-03-23 12:59 - 2020-11-19 03:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-03-23 12:58 - 2019-12-07 05:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-03-23 12:58 - 2017-06-15 03:19 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2024-03-23 12:57 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2024-03-23 12:57 - 2016-10-21 13:47 - 000000000 ___HD C:\hp
2024-03-23 12:49 - 2021-02-04 15:06 - 000000000 ___RD C:\Users\Buckner Plumbing\Creative Cloud Files
2024-03-22 19:05 - 2020-11-19 03:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-03-22 13:24 - 2017-06-15 22:41 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Local\HP
2024-03-22 13:24 - 2017-06-15 03:20 - 000000000 ____D C:\ProgramData\Package Cache
2024-03-22 13:19 - 2017-06-15 03:18 - 000000000 ____D C:\Program Files (x86)\HP
2024-03-22 13:19 - 2017-03-17 12:20 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Roaming\HP
2024-03-22 13:19 - 2016-10-21 08:33 - 000000000 ____D C:\ProgramData\HP
2024-03-22 13:11 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2024-03-22 13:11 - 2019-12-07 05:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2024-03-22 13:10 - 2024-01-13 20:39 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1936981840-1978000543-3804904241-1001
2024-03-22 13:10 - 2021-05-02 12:17 - 000003390 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1936981840-1978000543-3804904241-1001
2024-03-22 13:10 - 2021-05-02 09:52 - 000002423 _____ C:\Users\Buckner Plumbing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-03-21 18:18 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-03-21 17:31 - 2016-10-21 08:33 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2024-03-21 17:21 - 2021-02-04 16:45 - 000000000 ____D C:\Program Files\ruxim
2024-03-20 19:51 - 2017-03-17 12:23 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Roaming\Hewlett-Packard
2024-03-20 19:51 - 2016-10-21 08:34 - 000000000 ____D C:\Program Files (x86)\HP Inc
2024-03-20 19:51 - 2016-10-21 08:33 - 000000000 ____D C:\Program Files\HP
2024-03-20 19:51 - 2016-10-21 08:31 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2024-03-20 19:34 - 2017-05-05 20:22 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\LocalLow\Temp
2024-03-20 17:12 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-03-19 13:40 - 2016-10-21 08:37 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2024-03-18 12:18 - 2021-05-02 12:05 - 000934922 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-03-16 11:40 - 2021-02-04 15:20 - 000000000 ____D C:\Program Files\Common Files\Adobe
2024-03-16 11:37 - 2021-02-04 15:35 - 000000000 ____D C:\Program Files\Adobe
2024-03-16 11:23 - 2020-11-19 03:30 - 000336168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-03-16 11:17 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-03-16 11:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-03-16 11:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-03-16 11:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-03-16 11:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-03-16 11:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-03-16 11:17 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\servicing
2024-03-16 11:16 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-03-16 11:08 - 2018-05-04 22:10 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Local\Packages
2024-03-16 10:06 - 2020-11-19 03:32 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-03-14 16:09 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-03-14 15:55 - 2020-11-19 03:32 - 003017216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-03-14 14:48 - 2020-11-19 03:30 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-03-14 14:45 - 2017-03-17 15:32 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-03-14 14:31 - 2017-03-17 15:32 - 190470136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-03-07 18:01 - 2017-01-10 05:57 - 000000000 ____D C:\ProgramData\Realtek
2024-03-07 18:00 - 2017-03-21 10:37 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-03-07 17:47 - 2021-05-02 12:17 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2024-03-06 00:42 - 2017-03-21 10:37 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-03-05 23:24 - 2020-11-19 03:32 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-03-05 23:24 - 2020-11-19 03:32 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-03-04 05:31 - 2017-04-18 01:17 - 000000000 ____D C:\ProgramData\AMD
2024-02-29 14:40 - 2020-11-19 03:33 - 000000000 ____D C:\ProgramData\Packages
2024-02-29 13:39 - 2017-03-17 13:19 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Local\Hewlett-Packard
2024-02-29 13:24 - 2017-03-17 13:19 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Roaming\hpqLog
2024-02-29 13:24 - 2016-10-21 08:33 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2024-02-29 13:21 - 2016-08-23 15:10 - 000000000 ____D C:\SWSETUP
2024-02-25 20:47 - 2017-05-06 07:59 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Roaming\Microsoft\MMC
2024-02-25 16:04 - 2017-04-15 02:00 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Roaming\Microsoft\Word
2024-02-25 15:32 - 2021-05-02 09:52 - 000000000 ____D C:\Users\Buckner Plumbing
2024-02-25 15:31 - 2017-03-17 12:22 - 000000000 ___RD C:\Users\Buckner Plumbing\OneDrive
2024-02-25 15:27 - 2021-05-02 12:17 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-02-25 15:22 - 2024-01-29 21:43 - 000002121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk
2024-02-25 15:22 - 2024-01-29 21:43 - 000002110 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-02-25 14:39 - 2021-05-03 13:04 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2024-02-25 14:26 - 2018-01-13 07:59 - 000000000 ____D C:\Program Files\rempl
2024-02-25 12:37 - 2024-01-13 20:11 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Roaming\com.adobe.dunamis
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Com
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2024-02-24 23:23 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2024-02-24 23:23 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\IME
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Windows Defender
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\System
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2024-02-24 23:22 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemApps
2024-02-24 23:22 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\appcompat
2024-02-24 22:57 - 2019-12-07 05:52 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2024-02-24 22:57 - 2019-12-07 05:52 - 000020827 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2024-02-24 22:57 - 2019-12-07 05:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2024-02-24 22:57 - 2019-12-07 05:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2024-02-24 20:16 - 2021-05-02 12:17 - 000003506 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2024-02-24 20:15 - 2024-01-13 20:00 - 000003530 _____ C:\WINDOWS\system32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0
2024-02-24 19:55 - 2017-06-15 03:19 - 000000000 ____D C:\Program Files\AMD
2024-02-24 19:51 - 2017-06-15 03:19 - 000000000 ____D C:\AMD
2024-02-24 19:51 - 2017-03-17 12:21 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Local\AMD
2024-02-24 19:41 - 2017-06-15 03:20 - 000001851 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS Audio Control.lnk
2024-02-24 19:40 - 2017-06-15 03:20 - 000057556 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2024-02-24 19:38 - 2017-06-15 03:20 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2024-02-24 18:51 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2024-02-24 17:52 - 2017-03-21 10:39 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\LocalLow\Mozilla

==================== Files in the root of some directories ========

2017-03-17 12:19 - 2024-03-23 13:01 - 001337601 _____ () C:\Users\Buckner Plumbing\AppData\Local\BTServer.log
2018-10-26 12:52 - 2018-10-26 12:52 - 000000000 _____ () C:\Users\Buckner Plumbing\AppData\Local\oobelibMkey.log
2024-03-09 13:19 - 2024-03-09 13:19 - 000000017 _____ () C:\Users\Buckner Plumbing\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23.03.2024 01
Ran by Buckner Plumbing (23-03-2024 13:12:33)
Running from C:\Users\Buckner Plumbing\OneDrive\Desktop
Microsoft Windows 10 Home Version 22H2 19045.4170 (X64) (2021-05-02 16:20:08)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1936981840-1978000543-3804904241-500 - Administrator - Disabled)
Buckner Plumbing (S-1-5-21-1936981840-1978000543-3804904241-1001 - Administrator - Enabled) => C:\Users\Buckner Plumbing
DefaultAccount (S-1-5-21-1936981840-1978000543-3804904241-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1936981840-1978000543-3804904241-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-1936981840-1978000543-3804904241-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1936981840-1978000543-3804904241-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{13DA9C7C-EBFB-40D0-94A1-55B42883DF21}) (Version: 21.2.1 - HP Inc.) Hidden
ACP Application (HKLM\...\{FC5382F1-9A21-5071-E376-C401639D8227}) (Version: 2016.0809.2131.47 - Advanced Micro Devices, Inc.) Hidden
Adobe Acrobat (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 23.008.20555 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 6.1.0.587 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.4.0.63 - Adobe Inc.)
Adobe Illustrator 2020 (HKLM-x32\...\ILST_24_3) (Version: 24.3 - Adobe Inc.)
Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_1_1) (Version: 22.1.1.138 - Adobe Inc.)
Adobe Reader XI (11.0.23) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601053}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AMD Install Manager (HKLM\...\{870A7CB1-9CC6-98C6-0CFC-110F4E70395B}) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.) Hidden
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2017.0620.401.5401 - Advanced Micro Devices, Inc.)
Barn Yarn Collector's Edition (HKLM-x32\...\WTA-67b4db76-3743-45bd-b82a-ec7c5e521b94) (Version: 3.0.2.48 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.5.6909 - CyberLink Corp.)
CyberLink PowerDirector 14 (HKLM-x32\...\{6BADCD73-E925-46F7-A295-FF2448632728}) (Version: 14.0.2.3309 - CyberLink Corp.)
Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.863.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
FLIR Tools (HKLM-x32\...\{1E4B41AC-E594-4101-A677-FC23FA0BC0FE}) (Version: 5.13.18031.2002 - FLIR Systems) Hidden
FLIR Tools (HKLM-x32\...\{1f3093d4-5da7-4bb6-8e45-ef8f7ffb9b04}) (Version: 5.13.18031.2002 - FLIR Systems)
FLIR Tools English Documentation (HKLM-x32\...\{037C1BC6-8980-4C11-A648-62FD924256FD}) (Version: 5.13.18031.2002 - FLIR Systems) Hidden
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM\...\{2CB12285-90BF-469F-B973-34495ABAF048}) (Version: 5.2.20454 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{5C690381-6AF5-4374-B50C-02F0390E9980}) (Version: 5.2.20454 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{D711D91A-127D-4A11-BA83-634868AD8016}) (Version: 5.2.20454 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{EA274518-738D-4A48-A1CB-596173D4C6A2}) (Version: 5.2.20454 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{03ED1397-7E72-4F6E-A0F0-2994A0A13421}) (Version: 5.2.20454 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{5b1a1d22-bd59-44e0-a954-e2f18ec43a23}) (Version: 5.2.20454 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{B9ADB0F9-459B-4E6B-A021-0F38C73FC060}) (Version: 5.2.20454 - HP Inc.) Hidden
HP Recovery Manager (HKLM-x32\...\{64BAA990-F1FC-4145-A7B1-E41FBBC9DA47}) (Version: 1.2.1510 - HP) Hidden
HP System Event Utility (HKLM-x32\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.14 - HP Inc.)
IPCMultiViewSetup (HKLM-x32\...\{1C375B52-884F-40C1-A962-7F20048A7420}) (Version: 1.0.0 - IPCamera)
Letter Quest - Grimm's Journey (HKLM-x32\...\WTA-cb7f0e76-9578-4ef3-b7a8-b96046b1ca07) (Version: 3.0.2.118 - WildTangent) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.17328.20184 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 122.0.2365.92 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 122.0.2365.92 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\...\OneDriveSetup.exe) (Version: 24.045.0303.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (HKLM\...\{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (HKLM\...\{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (HKLM-x32\...\{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (HKLM-x32\...\{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31326 (HKLM-x32\...\{2d507699-404c-4c8b-a54a-38e352f32cdd}) (Version: 14.32.31326.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31326 (HKLM-x32\...\{817e21c1-6b3a-4bc1-8c49-67e4e1887b3a}) (Version: 14.32.31326.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31326 (HKLM\...\{38624EB5-356D-4B08-8357-C33D89A5C0C5}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31326 (HKLM\...\{C96241EA-9900-4FE8-85B3-1E238D509DF6}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31326 (HKLM-x32\...\{A250E750-DB3F-40C1-8460-8EF77C7582DA}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31326 (HKLM-x32\...\{46E11E7F-01E1-44D0-BB86-C67342D253DD}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 123.0.1 (x64 en-US)) (Version: 123.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.3 - Mozilla)
Mystika 2 (HKLM-x32\...\WTA-bb06e8c0-4b81-425c-804a-6267ade1aa0f) (Version: 1.1.2.4 - WildTangent) Hidden
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.17328.20142 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.17328.20142 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.17328.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14026.20246 - Microsoft Corporation) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.57 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8117 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.76 - REALTEK Semiconductor Corp.)
Revo Uninstaller 2.4.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.4.5 - VS Revo Group, Ltd.)
Runefall (HKLM-x32\...\WTA-18546825-9881-4edf-8e4e-c545a50bfc3f) (Version: 3.0.2.126 - WildTangent) Hidden
Sparkle 2 (HKLM-x32\...\WTA-87ecc590-42a0-4281-9334-6cdc2fbd2c65) (Version: 3.0.2.51 - WildTangent) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.5.10.75 - Synaptics Incorporated)
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{0746492E-47B6-4251-940C-44462DFD74BB}) (Version: 2.55.0.0 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{B9A7A138-BFD5-4C73-A269-F78CCA28150E}) (Version: 8.94.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{76A22428-2400-4521-96AF-7AC4A6174CA5}) (Version: 1.25.0.0 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.)
WebPlugin version 1.0.1.323 (HKLM-x32\...\{70019763-8886-4723-AFD6-D920B0E2F4AE}_is1) (Version: 1.0.1.323 - DVR Soft.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23214 - Microsoft Corporation)
Windows Driver Package - SeeSnake (CXCVBS) Media (10/01/2009 6.0.114.0) (HKLM\...\406A683F4E027049BD7ACBF3299A2FF13C802FFC) (Version: 10/01/2009 6.0.114.0 - SeeSnake)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )

Packages:
=========

Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2021-01-29] (Adobe Systems Incorporated)
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc [2024-01-13] (Adobe Systems Incorporated)
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2021-02-04] (Amazon.com)
Facebook -> C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2023.531.1.0_x64__8xx8rvfyw5nnt [2024-01-29] (Meta)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6 [2017-03-17] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6 [2024-02-29] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-05-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-05-03] (Microsoft Corporation) [MS Ad]
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2402.13001.0_x64__8wekyb3d8bbwe [2024-02-29] (Microsoft Corporation) [Startup Task]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2024-01-29] (Netflix, Inc.)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.19.1262.0_x64__8wekyb3d8bbwe [2024-02-29] (Microsoft Studios) [MS Ad]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-17] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1936981840-1978000543-3804904241-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-4AD7BFE68F30} -> [Creative Cloud Files] => C:\Users\Buckner Plumbing\Creative Cloud Files [2021-02-04 15:06]
CustomCLSID: HKU\S-1-5-21-1936981840-1978000543-3804904241-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-1936981840-1978000543-3804904241-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-03-16] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-03-16] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-03-16] (Adobe Inc. -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-03-16] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-06-20] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-03-16] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Inc.)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [57344 2008-12-17] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://secure.rezserver.com/sdk/v1/LinkFwd?refid=7684&destination=priceline&refclickid=square

==================== Loaded Modules (Whitelisted) =============

2016-09-14 00:14 - 2016-09-14 00:14 - 000011776 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 002013696 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000739840 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000191488 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000071168 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-06-15 04:36 - 2016-06-15 04:36 - 000050688 _____ (HP Inc.) [File not signed] c:\windows\system32\hpzinw12.dll
2016-06-15 04:36 - 2016-06-15 04:36 - 000066048 _____ (HP Inc.) [File not signed] c:\windows\system32\hpzipm12.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000049664 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qdds.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000029696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000037376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000459776 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjp2.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000236544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000275456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qmng.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000023552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000022528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000351744 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtiff.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000374784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 001212416 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 000912384 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 005496320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 005804544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 001061376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 003187712 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 002924544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 000310784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 005444608 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 000277504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 000193024 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {3EB731EC-856E-45EE-8468-F26F4FD58DEE} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {3EB731EC-856E-45EE-8468-F26F4FD58DEE} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1936981840-1978000543-3804904241-1001 -> {3EB731EC-856E-45EE-8468-F26F4FD58DEE} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2024-03-09] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1936981840-1978000543-3804904241-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated)
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=3791
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-03-09] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 07:47 - 2016-07-16 07:45 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1936981840-1978000543-3804904241-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "BtServer"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKLM\...\StartupApproved\Run32: => "HPRadioMgr"
HKLM\...\StartupApproved\Run32: => "SeeSnakeHQUpdater"
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_3C524E9FA40EF560AE6A5D7D0ECDB354"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{738AA787-A5B3-457C-A90D-82CA9720D8BB}] => (Allow) C:\ProgramData\FLIR Systems\FLIR Tools\Updates\FLIR Tools Updater.exe (FLIR Systems AB -> FLIR Systems)
FirewallRules: [{3016D91E-A4CE-46AC-BD0B-A790539EE6CA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3C5D89BF-2B7B-422C-8394-8E84767E22EC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D6E8D63F-F43F-4A74-9579-A3BC6EB32FC0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{19B35FA3-14D8-4DF8-8DDA-2FF5718DBA6A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe (CyberLink Corp. -> CyberLink)
FirewallRules: [{221EB7E1-1BF2-4984-BC38-2F9C1A505842}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{D0712CC8-4A8F-4219-9C4A-20A1FA18BF66}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{A09E4E47-B373-4662-A9FB-00848FD03D0B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E3C0F766-80C8-48F0-8790-5ED0B69192C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1E2F9E56-8481-47BD-8944-E0FB91443C58}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BD374420-B398-493D-8F4B-8014EA18F582}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1137CCD9-B9D0-4859-8EDC-68DD8020D178}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F160D60D-E2DB-4DAE-BEB1-87BCD66F0F45}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{494E55EC-909D-4711-BFA8-6FF0188C8BF8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F1BDDF4D-82F6-4758-8276-B31F926DA13E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.114.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4D9BD41B-506D-4E99-9ED2-C362B96D62DC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.114.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{36385761-3028-47E4-A9E7-B82096F0335E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.114.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{897EC260-CB95-4462-9C9B-202D536F7B16}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.114.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{00B510DA-B6D4-4B36-879E-F521BE80078E}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.92\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

14-03-2024 15:12:54 Windows Modules Installer
20-03-2024 19:49:41 AdwCleaner_BeforeCleaning_20/03/2024_19:49:36

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (03/23/2024 12:58:03 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress..

Error: (03/23/2024 12:58:03 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]

Error: (03/23/2024 12:58:03 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress..

Error: (03/23/2024 12:58:03 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]

Error: (03/23/2024 12:57:45 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning..

Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (03/23/2024 12:56:20 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied..This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {0cb20458-6b93-40be-bd3f-a2c3f08fc984}

Error: (03/22/2024 01:30:52 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress..

Error: (03/22/2024 01:30:52 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]

System errors:
=============
Error: (03/23/2024 01:02:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/23/2024 01:02:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Comm Recovery service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/23/2024 01:02:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GamesAppIntegrationService service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/23/2024 12:59:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The uhssvc service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (03/23/2024 12:59:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the uhssvc service to connect.

Error: (03/23/2024 12:57:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Cyberlink RichVideo64 Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).

Error: (03/23/2024 12:57:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AdaptiveSleepService service terminated unexpectedly. It has done this 1 time(s).

Error: (03/23/2024 12:57:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Windows Defender:
================
Date: 2024-03-20 17:22:51
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-03-20 17:15:36
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-03-19 07:43:29
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-03-18 12:47:35
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.B!ml&threatid=2147735505&enterprise=0
Name: Trojan:Win32/Wacatac.B!ml
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Buckner Plumbing\OneDrive\Desktop\FRST64.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Mozilla Firefox\firefox.exe
Security intelligence Version: AV: 1.407.521.0, AS: 1.407.521.0, NIS: 1.407.521.0
Engine Version: AM: 1.1.24020.9, NIS: 1.1.24020.9

Date: 2024-03-18 12:41:10
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.B!ml&threatid=2147735505&enterprise=0
Name: Trojan:Win32/Wacatac.B!ml
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Buckner Plumbing\Downloads\FRST64.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Mozilla Firefox\firefox.exe
Security intelligence Version: AV: 1.407.521.0, AS: 1.407.521.0, NIS: 1.407.521.0
Engine Version: AM: 1.1.24020.9, NIS: 1.1.24020.9
Event[0]:

Date: 2024-02-24 17:17:29
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.2952.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

Date: 2024-02-24 17:17:29
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.2952.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

Date: 2024-02-24 17:17:29
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.2952.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

Date: 2024-02-24 15:15:31
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.2917.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

Date: 2024-02-24 15:15:31
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.2917.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

CodeIntegrity:
===============
Date: 2024-03-22 13:00:41
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.

Date: 2024-03-21 18:17:55
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: Insyde F.21 10/27/2016
Motherboard: HP 81F9
Processor: AMD A10-9600P RADEON R5, 10 COMPUTE CORES 4C+6G
Percentage of memory in use: 43%
Total physical RAM: 7647.12 MB
Available physical RAM: 4315.62 MB
Total Virtual: 11999.12 MB
Available Virtual: 8606.98 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:916.59 GB) (Free:821.89 GB) (Model: TOSHIBA MQ01ABD100) NTFS
Drive d: (RECOVERY) (Fixed) (Total:13.69 GB) (Free:1.65 GB) (Model: TOSHIBA MQ01ABD100) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{7de8c6a7-9a55-438d-afb1-8e8177dab4fa}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.35 GB) NTFS
\\?\Volume{771c2074-a093-44da-aa77-3c96a07fbad7}\ () (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 395B16A8)

Partition: GPT.

==================== End of Addition.txt =======================

#11 polskamachina

Malware Response Team
5,622 posts
ONLINE

Gender:Male
Location:California
Local time:09:30 PM

Posted 24 March 2024 - 12:30 PM

Hi jcol1227

Disk usage seems to be low now, but Im still noticing 100% usage after restart for maybe 15-20 minutes. Perhaps this is normal? All other performance peramaters seem good.

Looking over your installed programs I see some potentially high CPU usage items such as your Adobe products. Can you please tell me the model number of your laptop? It would be helpful for me to know the hardware powering your system.

Next:

Highlight the text below in its entirety and press Ctrl-C to copy it to your clipboard:

Start::
S2 GamesAppIntegrationService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe" [X]
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
S2 HP Comm Recover; "C:\Program Files\HPCommRecovery\HPCommRecovery.exe" [X]
S2 HPJumpStartBridge; "c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe" [X]
S2 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" [X]
End::

Run FRST64
Click on Fix
When the fix completes, the file Fixlog.txt will be placed onto your Desktop
Copy and paste that file into your next reply to me

Next:

Let's check out the derfrag utility and make sure it's not being run on a schedule because that can really slow things down.

Hold down the Windows flag key and tap the letter E
A Windows Explorer box should open with a list of your computer's main components.
Right-click on OS (C:) and select Properties
Click on the Tools tab
Click on the Defragment now... button
In the Schedule: heading, turn OFF scheduled runs
Click OK to accept the changes

Next:

We need to remove the McAfee Antispyware entry from your Security Center with a tool called WBEMTest

Go to Start -> Run or press Windows key + R.
Type in wbemtest and press enter.
Press Connect...
In Namespace box type in root\SecurityCenter2 and press Connect (the diagram below these instructions illustrates these initial steps)
Press Enum Instances...button
Then copy and paste the following bold text AntiSpywareProduct into the box named Class Info and press OK.
The next popup box should list the entry, {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
Click on that entry and press Delete. If that specific entry is not listed, please let me know

Run FRST64
Click on Scan
Copy and paste FRSTtxt and Addition.txt into your next reply to me

In summary I will need from you:

Model number of your laptop
Fixlog.txt
Were you able to verify that defrag was not running on a schedule?
Were you able to delete McAfee's Antispyware entry using the WBEMTest tool from the Security Center?
FRST.txt
Addition.txt
How is your computer performing now?

Let me know if you have any questions.

polskamachina

Edited by polskamachina, 27 March 2024 - 12:20 PM.

If I have made your computing life easier, please consider making a contribution.

#12 jcol1227

Topic Starter

Members
23 posts
OFFLINE

Local time:12:30 AM

Posted 24 March 2024 - 03:17 PM

Hey man,

See attached sys_info.PNG for computer model etc.

Defrag was running on a schedule and is now disabled.

Fixlist was successful which you will see in the Fixlog below.

Removal of the antispyware product via WBEMTest was unsuccessful, however. See attached WBEMTest_denied.PNG

Should I still run FRST despite not successfully removing the Antispyware entry?

Fix result of Farbar Recovery Scan Tool (x64) Version: 24.03.2024 01
Ran by Buckner Plumbing (24-03-2024 15:51:59) Run:3
Running from C:\Users\Buckner Plumbing\OneDrive\Desktop
Loaded Profiles: Buckner Plumbing
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
S2 GamesAppIntegrationService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe" [X]
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
S2 HP Comm Recover; "C:\Program Files\HPCommRecovery\HPCommRecovery.exe" [X]
S2 HPJumpStartBridge; "c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe" [X]
S2 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" [X]
End::
*****************

HKLM\System\CurrentControlSet\Services\GamesAppIntegrationService => removed successfully
GamesAppIntegrationService => service removed successfully
HKLM\System\CurrentControlSet\Services\GamesAppService => removed successfully
GamesAppService => service removed successfully
HKLM\System\CurrentControlSet\Services\HP Comm Recover => removed successfully
HP Comm Recover => service removed successfully
HKLM\System\CurrentControlSet\Services\HPJumpStartBridge => removed successfully
HPJumpStartBridge => service removed successfully
HKLM\System\CurrentControlSet\Services\HPSupportSolutionsFrameworkService => removed successfully
HPSupportSolutionsFrameworkService => service removed successfully

==== End of Fixlog 15:51:59 ====

Attached Files

sys_info.PNG 306.36KB 0 downloads
WBEMTest_denied.PNG 11.99KB 0 downloads

#13 jcol1227

Topic Starter

Members
23 posts
OFFLINE

Local time:12:30 AM

Posted 25 March 2024 - 07:30 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24.03.2024 01
Ran by Buckner Plumbing (administrator) on BP-LAPTOP (HP HP Notebook) (25-03-2024 08:17:15)
Running from C:\Users\Buckner Plumbing\OneDrive\Desktop\FRST64.exe
Loaded Profiles: Buckner Plumbing
Platform: Microsoft Windows 10 Home Version 22H2 19045.4170 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Crash Processor.exe
(C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Creative Cloud UI Helper.exe <4>
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe <2>
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <15>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> ) C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(services.exe ->) (CyberLink Corp. -> CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(svchost.exe ->) (Adobe Systems Incorporated -> ) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(svchost.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\ruxim\PLUGScheduler.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotification.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9217024 2017-04-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [231640 2016-09-20] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4096992 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [705784 2016-06-20] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2024-01-13] (Adobe Inc. -> )
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [8731040 2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\...\Run: [MicrosoftEdgeAutoLaunch_3C524E9FA40EF560AE6A5D7D0ECDB354] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4060608 2024-03-07] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\hpcpp196: C:\Windows\System32\spool\prtprocs\x64\hpcpp196.dll [758000 2017-02-14] (HP Inc. -> HP Inc.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [203936 2024-01-13] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\HP Universal Print Monitor: C:\WINDOWS\system32\HPMPW081.DLL [127728 2017-02-14] (HP Inc. -> HP Inc.)
HKLM\...\Print\Monitors\HPMLM190: C:\WINDOWS\system32\hpmlm190.dll [310696 2017-02-14] (HP Inc. -> HP Inc.)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {88C3785B-77B3-4DC2-AA20-B646069AC8A3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {25B551F9-7C7F-4F1E-AB30-D2B1CF1761DD} - System32\Tasks\Adobe Creative Cloud => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [1131488 2024-01-13] (Adobe Inc. -> Adobe Inc.)
Task: {505703A0-6780-44E9-83F5-9132DAC01B04} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4096992 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {363A5FD7-DDD4-46DA-9EAB-3B3429497F71} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [4434400 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {4A7C5211-7393-4C3E-8208-B4580CAA4171} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [584488 2016-09-21] (Dropbox, Inc -> )
Task: {F8022533-4096-4FC4-B348-6E3AA1BB9813} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-01-29] (Dropbox, Inc -> Dropbox, Inc.)
Task: {938E617C-282A-4726-B4F4-AA8A92A2581D} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-01-29] (Dropbox, Inc -> Dropbox, Inc.)
Task: {B4CCC76C-CE99-45A5-9013-0D69C8B119FD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [703536 2024-02-01] (HP Inc. -> HP Inc.) -> C:\Program Files (x86)\HP\HP Support Framework\\/show
Task: {CC3CD0DC-A784-4338-B339-942254500380} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2024-02-01] (HP Inc. -> HP Inc.)
Task: {47FE9080-3210-4D46-9A8A-F036DD28E404} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1161264 2024-02-01] (HP Inc. -> HP Inc.)
Task: {36A8DDF7-B1D0-4A9A-A58C-B4DD9F8326CE} - System32\Tasks\HPEA3JOBS => C:\Program -> Files\HP\HP ePrint\hpeprint.exe /CheckJobs
Task: {EB05428C-84E0-4BFF-9530-CB92D31AB621} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28491744 2024-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {19579CBF-5A68-47B7-A2F8-5985760CB941} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28491744 2024-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {EE2F5648-DED0-4B02-938B-C5E84092CB87} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [220608 2024-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {ED6085B5-DE3A-42D9-BD16-6C521207A000} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [220608 2024-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {442A5E67-2751-47C4-9F85-4D0F69394325} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonx86\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe [342736 2024-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {6390E4D4-D0BB-4053-815B-1189B4FAAB26} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCmdRun.exe [1650024 2024-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C803DEBF-D109-4263-B19C-3522A3428B68} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCmdRun.exe [1650024 2024-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C77C2146-B72D-460D-B947-10E53303F81D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCmdRun.exe [1650024 2024-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {67F0E93C-9B8C-45C7-9E78-8EFFE8624F9F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCmdRun.exe [1650024 2024-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FF19AEF6-FA1F-4BE3-B818-32DCD77A5D51} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [671648 2024-03-05] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {43B402A2-8DBE-45FD-B143-CF19A2E7C111} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-1936981840-1978000543-3804904241-1001 E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [671648 2024-03-05] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {D0BCC693-0878-44E0-B7B1-F2C897B40F85} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34720 2024-02-24] (Mozilla Corporation -> Mozilla Foundation)
Task: {3EC0C88A-D0D9-4E7F-AEF2-A7DDB8721EF0} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [34720 2024-03-05] (Mozilla Corporation -> Mozilla Foundation)
Task: {F9BBC389-A626-4895-975D-D7925CB0414A} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [52104 2017-06-20] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{418c7cc2-f2ba-413a-86bc-89e01001936f}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Buckner Plumbing\AppData\Local\Microsoft\Edge\User Data\Default [2024-03-23]
Edge Extension: (Google Docs Offline) - C:\Users\Buckner Plumbing\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-09]
Edge Extension: (Edge relevant text changes) - C:\Users\Buckner Plumbing\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-29]

FireFox:
========
FF DefaultProfile: upx7vtdc.default
FF ProfilePath: C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\0sx8i1eu.default-release [2024-03-25]
FF DownloadDir: C:\Users\Buckner Plumbing\Downloads
FF ProfilePath: C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default [2024-03-23]
FF Notifications: Mozilla\Firefox\Profiles\upx7vtdc.default -> hxxps://spark.adobe.com
FF Extension: (Firefox All Aboard 1.6) - C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default\Extensions\@all-aboard-v1-6.xpi [2017-05-11] [Legacy]
FF Extension: (Adaware AdBlock) - C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default\Extensions\AdBlockerLavaSoftFF@lavasoft.com.xpi [2024-01-29]
FF Extension: (uBlock Origin) - C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default\Extensions\uBlock0@raymondhill.net.xpi [2024-02-24]
FF Extension: (Block Site) - C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default\Extensions\{07046613-1993-4b66-9dd1-9dd1ce581cb7}.xpi [2020-10-08]
FF Extension: (Re-Pagination) - C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default\Extensions\{6072cb90-a0bd-11da-a746-0800200c9a66}.xpi [2017-09-06] [Legacy]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-06-13] [Legacy]
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-12-07]
FF Extension: (Firefox All Aboard 1.6) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\@all-aboard-v1-6 [2024-03-05] [Legacy]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2024-01-13] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @devicesoft.com/np_device_plugin -> C:\Users\Buckner Plumbing\AppData\Roaming\WebPlugins\DVR\npDvrSVideo.dll [2017-05-17] (npDvrSVideo) [File not signed]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-02-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2024-01-13] (Adobe Inc. -> Adobe Systems)

Chrome:
=======
CHR HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2017-06-20] (Advanced Micro Devices, Inc. -> )
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [944096 2024-01-13] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [4555744 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
S2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-08-10] (Advanced Micro Devices) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [125656 2016-09-20] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14097992 2024-03-19] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-01-29] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-01-29] (Dropbox, Inc -> Dropbox, Inc.)
R2 HPAppHelperCap; C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe [891328 2024-02-01] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Program Files\HP\HP Enabling Services\DiagsCap.exe [889896 2024-02-01] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Program Files\HP\HP Enabling Services\NetworkCap.exe [886824 2024-02-01] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe [890408 2024-02-01] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [631800 2016-06-20] (HP Inc. -> HP Inc.)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2016-06-15] (HP Inc.) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2016-06-15] (HP Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2016-03-23] (CyberLink Corp. -> CyberLink)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\NisSrv.exe [3191272 2024-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MsMpEng.exe [133688 2024-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [20928 2024-03-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [603416 2024-03-14] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105752 2024-03-14] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [40200 2023-11-17] (HP Inc. -> HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-03-25 08:17 - 2024-03-25 08:20 - 000024752 _____ C:\Users\Buckner Plumbing\OneDrive\Desktop\FRST.txt
2024-03-23 12:56 - 2024-03-24 15:51 - 000001627 _____ C:\Users\Buckner Plumbing\OneDrive\Desktop\Fixlog.txt
2024-03-23 12:56 - 2024-03-24 15:51 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Desktop\FRST-OlderVersion
2024-03-22 15:38 - 2024-03-22 15:38 - 000043231 _____ C:\Users\Buckner Plumbing\OneDrive\Desktop\Search.zip
2024-03-22 14:22 - 2024-03-22 15:17 - 000272836 _____ C:\Users\Buckner Plumbing\OneDrive\Desktop\Search.txt
2024-03-22 13:20 - 2024-03-24 16:07 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Desktop\Revo Uninstaller
2024-03-22 13:02 - 2024-03-22 13:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2024-03-22 13:02 - 2024-03-22 13:02 - 000000000 ____D C:\Program Files\VS Revo Group
2024-03-21 02:48 - 2024-03-21 02:48 - 000000506 _____ C:\Users\Buckner Plumbing\OneDrive\Desktop\ESET_scan.txt
2024-03-20 20:06 - 2024-03-20 20:16 - 000001300 _____ C:\Users\Buckner Plumbing\OneDrive\Desktop\ESET Online Scanner.lnk
2024-03-20 20:04 - 2024-03-20 20:16 - 000001400 _____ C:\Users\Buckner Plumbing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2024-03-20 20:04 - 2024-03-20 20:04 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Local\ESET
2024-03-20 19:57 - 2024-03-20 19:57 - 008389496 _____ (ESET) C:\Users\Buckner Plumbing\OneDrive\Desktop\esetonlinescanner.exe
2024-03-20 19:52 - 2024-03-20 19:52 - 000008921 _____ C:\Users\Buckner Plumbing\OneDrive\Desktop\AdwCleaner[C00].txt
2024-03-20 19:45 - 2024-03-20 19:51 - 000000000 ____D C:\AdwCleaner
2024-03-20 19:44 - 2024-03-20 19:44 - 008790880 _____ (Malwarebytes) C:\Users\Buckner Plumbing\OneDrive\Desktop\adwcleaner.exe
2024-03-20 19:39 - 2024-03-20 19:39 - 000000000 ___HD C:\ProgramData\temp
2024-03-19 06:05 - 2024-03-25 08:19 - 000000000 ____D C:\FRST
2024-03-19 06:04 - 2024-03-24 15:51 - 002391552 _____ (Farbar) C:\Users\Buckner Plumbing\OneDrive\Desktop\FRST64.exe
2024-03-16 11:40 - 2024-03-16 11:41 - 000000000 ___HD C:\adobeTemp
2024-03-14 15:56 - 2024-03-14 15:56 - 000019530 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-03-14 15:55 - 2024-03-14 15:55 - 000019530 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-03-14 15:03 - 2024-03-14 15:03 - 000000000 ___HD C:\$WinREAgent
2024-03-11 11:56 - 2024-03-11 11:56 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Documents\HealthCare.gov
2024-03-11 11:48 - 2024-03-11 11:48 - 000248658 _____ C:\Users\Buckner Plumbing\Downloads\EligibilityResultsNotice.pdf
2024-03-09 18:24 - 2024-03-09 18:24 - 000479131 _____ C:\Users\Buckner Plumbing\OneDrive\Documents\TN_unclaimed_3416264.pdf
2024-03-09 17:57 - 2024-03-09 17:58 - 000412458 _____ C:\Users\Buckner Plumbing\Downloads\17100123041763_302713.pdf
2024-03-09 17:57 - 2024-03-09 17:57 - 001376816 _____ (Google LLC) C:\Users\Buckner Plumbing\Downloads\ChromeSetup.exe
2024-03-09 13:38 - 2024-03-09 13:38 - 000000112 ___SH C:\bootTel.dat
2024-03-09 13:19 - 2024-03-09 13:19 - 000000017 _____ C:\Users\Buckner Plumbing\AppData\Local\resmon.resmoncfg
2024-03-05 18:25 - 2024-03-25 08:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2024-03-03 18:19 - 2024-03-03 18:19 - 000088939 _____ C:\Users\Buckner Plumbing\Downloads\CJ01Apr21_TO_09Apr21.txt
2024-02-29 15:20 - 2024-02-29 15:20 - 000129979 _____ C:\Users\Buckner Plumbing\Downloads\Download-2.PDF
2024-02-29 15:16 - 2024-02-29 15:16 - 000116202 _____ C:\Users\Buckner Plumbing\Downloads\Download-1.PDF
2024-02-29 15:11 - 2024-02-29 15:11 - 000116202 _____ C:\Users\Buckner Plumbing\Downloads\Download.PDF
2024-02-25 15:32 - 2024-02-25 15:32 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Documents\My Bluetooth
2024-02-25 15:32 - 2024-02-25 15:32 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Documents\hp.system.package.metadata
2024-02-25 15:32 - 2024-02-25 15:32 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Documents\hp.applications.package.appdata
2024-02-25 15:32 - 2024-02-25 15:32 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Documents\FLIR
2024-02-25 15:32 - 2024-02-25 15:32 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Documents\design
2024-02-25 15:32 - 2024-02-25 15:32 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Documents\Custom Office Templates
2024-02-25 15:31 - 2024-02-25 15:31 - 000000000 ___HD C:\OneDriveTemp
2024-02-25 15:31 - 2024-02-25 15:31 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Desktop\Buckner Plumbing
2024-02-25 15:16 - 2024-02-25 15:16 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Local\OneDrive
2024-02-25 14:53 - 2024-02-25 14:53 - 000000000 ____D C:\ProgramData\PLUG
2024-02-25 14:41 - 2024-02-25 14:41 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Local\Backup
2024-02-25 14:05 - 2024-02-25 14:05 - 000000992 _____ C:\Users\Buckner Plumbing\OneDrive\Desktop\CBS - Shortcut.lnk
2024-02-25 12:37 - 2024-02-25 12:37 - 000000000 ____D C:\Users\Buckner Plumbing\.ms-ad
2024-02-24 23:22 - 2024-02-24 23:38 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-02-24 23:22 - 2024-02-24 23:23 - 000000000 ____D C:\WINDOWS\InboxApps
2024-02-24 20:05 - 2024-02-24 20:05 - 000003160 _____ C:\WINDOWS\system32\Tasks\StartCN
2024-02-24 20:05 - 2024-02-24 20:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2024-02-24 20:04 - 2024-02-24 20:04 - 000000000 ____D C:\Program Files\ATI Technologies
2024-02-24 20:04 - 2024-02-24 20:04 - 000000000 ____D C:\Program Files (x86)\AMD
2024-02-24 19:51 - 2024-02-24 19:51 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\LocalLow\AMD
2024-02-24 19:47 - 2017-06-28 19:29 - 000922520 _____ (AMD) C:\WINDOWS\system32\coinst_16.50.dll
2024-02-24 19:47 - 2017-06-28 19:29 - 000290712 _____ C:\WINDOWS\system32\dgtrayicon.exe
2024-02-24 19:47 - 2017-06-28 19:29 - 000284056 _____ C:\WINDOWS\system32\GameManager64.dll
2024-02-24 19:47 - 2017-06-28 19:29 - 000277912 _____ C:\WINDOWS\system32\clinfo.exe
2024-02-24 19:47 - 2017-06-28 19:29 - 000276376 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2024-02-24 19:47 - 2017-06-28 19:29 - 000248728 _____ C:\WINDOWS\SysWOW64\GameManager32.dll
2024-02-24 19:47 - 2017-06-28 19:29 - 000242072 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2024-02-24 19:47 - 2017-06-28 19:29 - 000168856 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2024-02-24 19:47 - 2017-06-28 19:29 - 000143768 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2024-02-24 19:47 - 2017-06-28 19:29 - 000138136 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2024-02-24 19:47 - 2017-06-28 19:29 - 000117656 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2024-02-24 19:47 - 2017-06-28 19:28 - 000467352 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2024-02-24 19:47 - 2017-06-28 19:28 - 000239000 _____ C:\WINDOWS\system32\atieah64.exe
2024-02-24 19:47 - 2017-06-28 19:28 - 000216984 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2024-02-24 19:47 - 2017-06-28 19:28 - 000211864 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2024-02-24 19:47 - 2017-06-28 19:28 - 000185240 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2024-02-24 19:47 - 2017-06-28 19:28 - 000145304 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2024-02-24 19:47 - 2017-06-28 19:28 - 000126360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2024-02-24 19:47 - 2017-06-28 19:28 - 000119192 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2024-02-24 19:47 - 2017-06-28 19:25 - 000119736 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2024-02-24 19:47 - 2017-06-28 19:25 - 000102032 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2024-02-24 19:47 - 2017-06-28 07:59 - 000154384 _____ C:\WINDOWS\system32\samu_krnl_ci.sbin
2024-02-24 19:47 - 2017-06-28 07:59 - 000120368 _____ C:\WINDOWS\system32\kapp_ci.sbin
2024-02-24 19:47 - 2017-06-28 07:59 - 000115984 _____ C:\WINDOWS\system32\kapp_si.sbin
2024-02-24 19:46 - 2017-06-28 19:27 - 009880472 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdvlk64.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 007927192 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdvlk32.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 002501016 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 002183064 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 001015704 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 001015704 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 000411032 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2024-02-24 19:46 - 2017-06-28 19:27 - 000121240 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 000112024 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 000108440 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 000096152 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2024-02-24 19:46 - 2017-06-28 19:27 - 000068504 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll
2024-02-24 19:46 - 2017-06-28 19:26 - 000853912 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2024-02-24 19:46 - 2017-06-28 19:26 - 000688024 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2024-02-24 19:46 - 2017-06-28 19:26 - 000256920 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2024-02-24 19:46 - 2017-06-28 19:26 - 000229784 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2024-02-24 19:46 - 2017-06-28 19:26 - 000091544 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmcl64.dll
2024-02-24 19:46 - 2017-06-28 19:26 - 000075160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmcl32.dll
2024-02-24 19:46 - 2017-06-28 19:25 - 000474984 _____ C:\WINDOWS\system32\amdmiracast.dll
2024-02-24 19:46 - 2017-06-28 19:25 - 000151448 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2024-02-24 19:46 - 2017-06-28 19:25 - 000135280 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2024-02-24 19:46 - 2017-06-28 19:25 - 000119736 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2024-02-24 19:46 - 2017-06-28 19:25 - 000102024 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2024-02-24 19:46 - 2017-06-28 19:24 - 000124920 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2024-02-24 19:46 - 2017-06-28 19:24 - 000112960 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2024-02-24 19:46 - 2017-06-28 07:59 - 000000144 _____ C:\WINDOWS\SysWOW64\amd-vulkan32.json
2024-02-24 19:46 - 2017-06-28 07:59 - 000000144 _____ C:\WINDOWS\system32\amd-vulkan64.json
2024-02-24 19:41 - 2024-02-24 19:41 - 000000000 ____D C:\ProgramData\SoundResearch
2024-02-24 19:37 - 2017-04-13 06:39 - 003122648 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2024-02-24 19:37 - 2017-04-13 06:39 - 001435136 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2024-02-24 19:37 - 2017-04-13 06:39 - 000532376 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2024-02-24 19:37 - 2017-04-13 06:39 - 000467152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2024-02-24 19:37 - 2017-04-13 06:39 - 000381408 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2024-02-24 19:37 - 2017-04-13 06:39 - 000341144 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2024-02-24 19:37 - 2017-04-13 06:39 - 000341144 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2024-02-24 19:37 - 2017-04-13 06:39 - 000166200 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2024-02-24 19:37 - 2017-04-13 06:38 - 001015864 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll
2024-02-24 19:37 - 2017-04-13 06:38 - 000984904 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2024-02-24 19:37 - 2017-04-13 06:38 - 000876400 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SEHDHF32.dll
2024-02-24 19:37 - 2017-04-13 06:38 - 000867152 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2024-02-24 19:37 - 2017-04-13 06:38 - 000865096 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2024-02-24 19:37 - 2017-04-13 06:38 - 000736936 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.dll
2024-02-24 19:37 - 2017-04-13 06:38 - 000525256 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2024-02-24 19:37 - 2017-04-13 06:38 - 000343696 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2024-02-24 19:37 - 2017-04-13 06:37 - 001353272 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2024-02-24 19:37 - 2017-04-13 06:37 - 000691672 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2024-02-24 19:37 - 2017-04-13 06:37 - 000387304 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2024-02-24 19:37 - 2017-04-13 06:37 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2024-02-24 19:37 - 2017-04-13 06:37 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2024-02-24 19:37 - 2017-04-13 06:37 - 000214824 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2024-02-24 19:37 - 2017-04-13 06:37 - 000110976 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2024-02-24 19:37 - 2017-04-13 06:37 - 000088336 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2024-02-24 19:37 - 2017-04-13 06:35 - 003677184 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2024-02-24 19:37 - 2017-04-13 06:35 - 003205120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2024-02-24 19:37 - 2017-04-13 06:35 - 002209792 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2024-02-24 19:37 - 2017-04-13 06:35 - 000258856 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2024-02-24 19:35 - 2017-04-13 06:36 - 001616680 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
2024-02-24 19:35 - 2017-04-13 06:36 - 001529128 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64Proxy.dll
2024-02-24 19:35 - 2017-04-13 06:36 - 000467136 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\CAF64APO2.dll
2024-02-24 19:35 - 2017-04-13 06:36 - 000112488 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\Caf64api.dll
2024-02-24 19:35 - 2017-04-13 06:35 - 000122312 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2024-02-24 19:35 - 2017-04-13 02:54 - 000000864 _____ C:\WINDOWS\system32\cxapo.prop
2024-02-24 18:20 - 2024-02-24 18:20 - 000001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2024-02-24 18:20 - 2024-02-24 18:20 - 000000000 ____D C:\Program Files\PCHealthCheck
2024-02-24 17:53 - 2024-02-24 19:42 - 000002285 _____ C:\Users\Buckner Plumbing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk
2024-02-24 17:52 - 2024-03-24 15:47 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-02-24 17:51 - 2024-02-24 18:56 - 000000000 ____D C:\Program Files\Mozilla Firefox

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-03-25 08:15 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-03-24 19:16 - 2020-11-19 03:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-03-24 15:54 - 2021-02-04 15:06 - 000000000 ___RD C:\Users\Buckner Plumbing\Creative Cloud Files
2024-03-24 15:49 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-03-24 15:43 - 2021-05-02 11:40 - 000008192 ___SH C:\DumpStack.log.tmp
2024-03-24 15:43 - 2020-11-19 03:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-03-24 15:42 - 2019-12-07 05:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-03-24 15:42 - 2017-06-15 03:19 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2024-03-23 12:57 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2024-03-23 12:57 - 2016-10-21 13:47 - 000000000 ___HD C:\hp
2024-03-22 13:24 - 2017-06-15 22:41 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Local\HP
2024-03-22 13:24 - 2017-06-15 03:20 - 000000000 ____D C:\ProgramData\Package Cache
2024-03-22 13:19 - 2017-06-15 03:18 - 000000000 ____D C:\Program Files (x86)\HP
2024-03-22 13:19 - 2017-03-17 12:20 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Roaming\HP
2024-03-22 13:19 - 2016-10-21 08:33 - 000000000 ____D C:\ProgramData\HP
2024-03-22 13:11 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2024-03-22 13:11 - 2019-12-07 05:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2024-03-22 13:10 - 2024-01-13 20:39 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1936981840-1978000543-3804904241-1001
2024-03-22 13:10 - 2021-05-02 12:17 - 000003390 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1936981840-1978000543-3804904241-1001
2024-03-22 13:10 - 2021-05-02 09:52 - 000002423 _____ C:\Users\Buckner Plumbing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-03-21 17:31 - 2016-10-21 08:33 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2024-03-21 17:21 - 2021-02-04 16:45 - 000000000 ____D C:\Program Files\ruxim
2024-03-20 19:51 - 2017-03-17 12:23 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Roaming\Hewlett-Packard
2024-03-20 19:51 - 2016-10-21 08:34 - 000000000 ____D C:\Program Files (x86)\HP Inc
2024-03-20 19:51 - 2016-10-21 08:33 - 000000000 ____D C:\Program Files\HP
2024-03-20 19:51 - 2016-10-21 08:31 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2024-03-20 19:34 - 2017-05-05 20:22 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\LocalLow\Temp
2024-03-20 17:12 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-03-19 13:40 - 2016-10-21 08:37 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2024-03-18 12:18 - 2021-05-02 12:05 - 000934922 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-03-16 11:40 - 2021-02-04 15:20 - 000000000 ____D C:\Program Files\Common Files\Adobe
2024-03-16 11:37 - 2021-02-04 15:35 - 000000000 ____D C:\Program Files\Adobe
2024-03-16 11:23 - 2020-11-19 03:30 - 000336168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-03-16 11:17 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-03-16 11:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-03-16 11:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-03-16 11:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-03-16 11:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-03-16 11:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-03-16 11:17 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\servicing
2024-03-16 11:16 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-03-16 11:08 - 2018-05-04 22:10 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Local\Packages
2024-03-16 10:06 - 2020-11-19 03:32 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-03-14 16:09 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-03-14 15:55 - 2020-11-19 03:32 - 003017216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-03-14 14:48 - 2020-11-19 03:30 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-03-14 14:45 - 2017-03-17 15:32 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-03-14 14:31 - 2017-03-17 15:32 - 190470136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-03-07 18:01 - 2017-01-10 05:57 - 000000000 ____D C:\ProgramData\Realtek
2024-03-07 18:00 - 2017-03-21 10:37 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-03-07 17:47 - 2021-05-02 12:17 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2024-03-06 00:42 - 2017-03-21 10:37 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-03-05 23:24 - 2020-11-19 03:32 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-03-05 23:24 - 2020-11-19 03:32 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-03-04 05:31 - 2017-04-18 01:17 - 000000000 ____D C:\ProgramData\AMD
2024-02-29 14:40 - 2020-11-19 03:33 - 000000000 ____D C:\ProgramData\Packages
2024-02-29 13:39 - 2017-03-17 13:19 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Local\Hewlett-Packard
2024-02-29 13:24 - 2017-03-17 13:19 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Roaming\hpqLog
2024-02-29 13:24 - 2016-10-21 08:33 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2024-02-29 13:21 - 2016-08-23 15:10 - 000000000 ____D C:\SWSETUP
2024-02-25 20:47 - 2017-05-06 07:59 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Roaming\Microsoft\MMC
2024-02-25 16:04 - 2017-04-15 02:00 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Roaming\Microsoft\Word
2024-02-25 15:32 - 2021-05-02 09:52 - 000000000 ____D C:\Users\Buckner Plumbing
2024-02-25 15:31 - 2017-03-17 12:22 - 000000000 ___RD C:\Users\Buckner Plumbing\OneDrive
2024-02-25 15:27 - 2021-05-02 12:17 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-02-25 15:22 - 2024-01-29 21:43 - 000002121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk
2024-02-25 15:22 - 2024-01-29 21:43 - 000002110 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-02-25 14:39 - 2021-05-03 13:04 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2024-02-25 14:26 - 2018-01-13 07:59 - 000000000 ____D C:\Program Files\rempl
2024-02-25 12:37 - 2024-01-13 20:11 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Roaming\com.adobe.dunamis
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2024-02-24 23:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Com
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-02-24 23:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2024-02-24 23:23 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2024-02-24 23:23 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\IME
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Windows Defender
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\System
2024-02-24 23:23 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2024-02-24 23:22 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemApps
2024-02-24 23:22 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\appcompat
2024-02-24 22:57 - 2019-12-07 05:52 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2024-02-24 22:57 - 2019-12-07 05:52 - 000020827 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2024-02-24 22:57 - 2019-12-07 05:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2024-02-24 22:57 - 2019-12-07 05:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2024-02-24 20:16 - 2021-05-02 12:17 - 000003506 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2024-02-24 20:15 - 2024-01-13 20:00 - 000003530 _____ C:\WINDOWS\system32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0
2024-02-24 19:55 - 2017-06-15 03:19 - 000000000 ____D C:\Program Files\AMD
2024-02-24 19:51 - 2017-06-15 03:19 - 000000000 ____D C:\AMD
2024-02-24 19:51 - 2017-03-17 12:21 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Local\AMD
2024-02-24 19:41 - 2017-06-15 03:20 - 000001851 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS Audio Control.lnk
2024-02-24 19:40 - 2017-06-15 03:20 - 000057556 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2024-02-24 19:38 - 2017-06-15 03:20 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2024-02-24 18:51 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2024-02-24 17:52 - 2017-03-21 10:39 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\LocalLow\Mozilla

==================== Files in the root of some directories ========

2017-03-17 12:19 - 2024-03-25 08:16 - 001346421 _____ () C:\Users\Buckner Plumbing\AppData\Local\BTServer.log
2018-10-26 12:52 - 2018-10-26 12:52 - 000000000 _____ () C:\Users\Buckner Plumbing\AppData\Local\oobelibMkey.log
2024-03-09 13:19 - 2024-03-09 13:19 - 000000017 _____ () C:\Users\Buckner Plumbing\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24.03.2024 01
Ran by Buckner Plumbing (25-03-2024 08:26:47)
Running from C:\Users\Buckner Plumbing\OneDrive\Desktop
Microsoft Windows 10 Home Version 22H2 19045.4170 (X64) (2021-05-02 16:20:08)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1936981840-1978000543-3804904241-500 - Administrator - Disabled)
Buckner Plumbing (S-1-5-21-1936981840-1978000543-3804904241-1001 - Administrator - Enabled) => C:\Users\Buckner Plumbing
DefaultAccount (S-1-5-21-1936981840-1978000543-3804904241-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1936981840-1978000543-3804904241-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-1936981840-1978000543-3804904241-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1936981840-1978000543-3804904241-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{13DA9C7C-EBFB-40D0-94A1-55B42883DF21}) (Version: 21.2.1 - HP Inc.) Hidden
ACP Application (HKLM\...\{FC5382F1-9A21-5071-E376-C401639D8227}) (Version: 2016.0809.2131.47 - Advanced Micro Devices, Inc.) Hidden
Adobe Acrobat (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 23.008.20555 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 6.1.0.587 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.4.0.63 - Adobe Inc.)
Adobe Illustrator 2020 (HKLM-x32\...\ILST_24_3) (Version: 24.3 - Adobe Inc.)
Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_1_1) (Version: 22.1.1.138 - Adobe Inc.)
Adobe Reader XI (11.0.23) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601053}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AMD Install Manager (HKLM\...\{870A7CB1-9CC6-98C6-0CFC-110F4E70395B}) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.) Hidden
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2017.0620.401.5401 - Advanced Micro Devices, Inc.)
Barn Yarn Collector's Edition (HKLM-x32\...\WTA-67b4db76-3743-45bd-b82a-ec7c5e521b94) (Version: 3.0.2.48 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.5.6909 - CyberLink Corp.)
CyberLink PowerDirector 14 (HKLM-x32\...\{6BADCD73-E925-46F7-A295-FF2448632728}) (Version: 14.0.2.3309 - CyberLink Corp.)
Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.863.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
FLIR Tools (HKLM-x32\...\{1E4B41AC-E594-4101-A677-FC23FA0BC0FE}) (Version: 5.13.18031.2002 - FLIR Systems) Hidden
FLIR Tools (HKLM-x32\...\{1f3093d4-5da7-4bb6-8e45-ef8f7ffb9b04}) (Version: 5.13.18031.2002 - FLIR Systems)
FLIR Tools English Documentation (HKLM-x32\...\{037C1BC6-8980-4C11-A648-62FD924256FD}) (Version: 5.13.18031.2002 - FLIR Systems) Hidden
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM\...\{2CB12285-90BF-469F-B973-34495ABAF048}) (Version: 5.2.20454 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{5C690381-6AF5-4374-B50C-02F0390E9980}) (Version: 5.2.20454 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{D711D91A-127D-4A11-BA83-634868AD8016}) (Version: 5.2.20454 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{EA274518-738D-4A48-A1CB-596173D4C6A2}) (Version: 5.2.20454 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{03ED1397-7E72-4F6E-A0F0-2994A0A13421}) (Version: 5.2.20454 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{5b1a1d22-bd59-44e0-a954-e2f18ec43a23}) (Version: 5.2.20454 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{B9ADB0F9-459B-4E6B-A021-0F38C73FC060}) (Version: 5.2.20454 - HP Inc.) Hidden
HP Recovery Manager (HKLM-x32\...\{64BAA990-F1FC-4145-A7B1-E41FBBC9DA47}) (Version: 1.2.1510 - HP) Hidden
HP System Event Utility (HKLM-x32\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.14 - HP Inc.)
IPCMultiViewSetup (HKLM-x32\...\{1C375B52-884F-40C1-A962-7F20048A7420}) (Version: 1.0.0 - IPCamera)
Letter Quest - Grimm's Journey (HKLM-x32\...\WTA-cb7f0e76-9578-4ef3-b7a8-b96046b1ca07) (Version: 3.0.2.118 - WildTangent) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.17328.20184 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 122.0.2365.92 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 122.0.2365.92 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\...\OneDriveSetup.exe) (Version: 24.045.0303.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (HKLM\...\{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (HKLM\...\{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (HKLM-x32\...\{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (HKLM-x32\...\{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31326 (HKLM-x32\...\{2d507699-404c-4c8b-a54a-38e352f32cdd}) (Version: 14.32.31326.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31326 (HKLM-x32\...\{817e21c1-6b3a-4bc1-8c49-67e4e1887b3a}) (Version: 14.32.31326.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31326 (HKLM\...\{38624EB5-356D-4B08-8357-C33D89A5C0C5}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31326 (HKLM\...\{C96241EA-9900-4FE8-85B3-1E238D509DF6}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31326 (HKLM-x32\...\{A250E750-DB3F-40C1-8460-8EF77C7582DA}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31326 (HKLM-x32\...\{46E11E7F-01E1-44D0-BB86-C67342D253DD}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 123.0.1 (x64 en-US)) (Version: 123.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.3 - Mozilla)
Mystika 2 (HKLM-x32\...\WTA-bb06e8c0-4b81-425c-804a-6267ade1aa0f) (Version: 1.1.2.4 - WildTangent) Hidden
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.17328.20142 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.17328.20142 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.17328.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14026.20246 - Microsoft Corporation) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.57 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8117 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.76 - REALTEK Semiconductor Corp.)
Revo Uninstaller 2.4.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.4.5 - VS Revo Group, Ltd.)
Runefall (HKLM-x32\...\WTA-18546825-9881-4edf-8e4e-c545a50bfc3f) (Version: 3.0.2.126 - WildTangent) Hidden
Sparkle 2 (HKLM-x32\...\WTA-87ecc590-42a0-4281-9334-6cdc2fbd2c65) (Version: 3.0.2.51 - WildTangent) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.5.10.75 - Synaptics Incorporated)
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{0746492E-47B6-4251-940C-44462DFD74BB}) (Version: 2.55.0.0 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{B9A7A138-BFD5-4C73-A269-F78CCA28150E}) (Version: 8.94.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{76A22428-2400-4521-96AF-7AC4A6174CA5}) (Version: 1.25.0.0 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.)
WebPlugin version 1.0.1.323 (HKLM-x32\...\{70019763-8886-4723-AFD6-D920B0E2F4AE}_is1) (Version: 1.0.1.323 - DVR Soft.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23214 - Microsoft Corporation)
Windows Driver Package - SeeSnake (CXCVBS) Media (10/01/2009 6.0.114.0) (HKLM\...\406A683F4E027049BD7ACBF3299A2FF13C802FFC) (Version: 10/01/2009 6.0.114.0 - SeeSnake)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )

Packages:
=========

Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2021-01-29] (Adobe Systems Incorporated)
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc [2024-01-13] (Adobe Systems Incorporated)
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2021-02-04] (Amazon.com)
Facebook -> C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2023.531.1.0_x64__8xx8rvfyw5nnt [2024-01-29] (Meta)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6 [2017-03-17] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6 [2024-02-29] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-05-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-05-03] (Microsoft Corporation) [MS Ad]
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2402.13001.0_x64__8wekyb3d8bbwe [2024-02-29] (Microsoft Corporation) [Startup Task]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2024-01-29] (Netflix, Inc.)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.19.1262.0_x64__8wekyb3d8bbwe [2024-02-29] (Microsoft Studios) [MS Ad]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-17] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1936981840-1978000543-3804904241-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-4AD7BFE68F30} -> [Creative Cloud Files] => C:\Users\Buckner Plumbing\Creative Cloud Files [2021-02-04 15:06]
CustomCLSID: HKU\S-1-5-21-1936981840-1978000543-3804904241-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-1936981840-1978000543-3804904241-1001_Classes\CLSID\{C591CFEA-E432-495d-A0BE-58E4CCD87B17}\Shell\Open\Command -> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll",ShowDevicePropPage 1
CustomCLSID: HKU\S-1-5-21-1936981840-1978000543-3804904241-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-03-16] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-03-16] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-03-16] (Adobe Inc. -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-03-16] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-06-20] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-03-16] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Inc.)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [57344 2008-12-17] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://secure.rezserver.com/sdk/v1/LinkFwd?refid=7684&destination=priceline&refclickid=square

==================== Loaded Modules (Whitelisted) =============

2016-09-14 00:14 - 2016-09-14 00:14 - 000011776 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 002013696 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000739840 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000191488 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000071168 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2017-06-20 04:59 - 2017-06-20 04:59 - 000851456 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\CNext\CNext\atiacm64.dll
2017-06-20 04:59 - 2017-06-20 04:59 - 000004608 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\CNext\CNext\atiamenu.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000049664 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qdds.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000029696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000037376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000459776 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjp2.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000236544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000275456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qmng.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000023552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000022528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000351744 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtiff.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 000374784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2016-09-14 00:15 - 2016-09-14 00:15 - 001212416 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 000912384 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 005496320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 005804544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 001061376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 003187712 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 002924544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 000310784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 005444608 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 000277504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 000193024 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {3EB731EC-856E-45EE-8468-F26F4FD58DEE} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {3EB731EC-856E-45EE-8468-F26F4FD58DEE} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1936981840-1978000543-3804904241-1001 -> {3EB731EC-856E-45EE-8468-F26F4FD58DEE} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2024-03-09] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1936981840-1978000543-3804904241-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated)
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=3791
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-03-09] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 07:47 - 2016-07-16 07:45 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1936981840-1978000543-3804904241-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "BtServer"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKLM\...\StartupApproved\Run32: => "HPRadioMgr"
HKLM\...\StartupApproved\Run32: => "SeeSnakeHQUpdater"
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_3C524E9FA40EF560AE6A5D7D0ECDB354"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{738AA787-A5B3-457C-A90D-82CA9720D8BB}] => (Allow) C:\ProgramData\FLIR Systems\FLIR Tools\Updates\FLIR Tools Updater.exe (FLIR Systems AB -> FLIR Systems)
FirewallRules: [{3016D91E-A4CE-46AC-BD0B-A790539EE6CA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3C5D89BF-2B7B-422C-8394-8E84767E22EC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D6E8D63F-F43F-4A74-9579-A3BC6EB32FC0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{19B35FA3-14D8-4DF8-8DDA-2FF5718DBA6A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe (CyberLink Corp. -> CyberLink)
FirewallRules: [{221EB7E1-1BF2-4984-BC38-2F9C1A505842}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{D0712CC8-4A8F-4219-9C4A-20A1FA18BF66}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{A09E4E47-B373-4662-A9FB-00848FD03D0B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E3C0F766-80C8-48F0-8790-5ED0B69192C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1E2F9E56-8481-47BD-8944-E0FB91443C58}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BD374420-B398-493D-8F4B-8014EA18F582}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1137CCD9-B9D0-4859-8EDC-68DD8020D178}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F160D60D-E2DB-4DAE-BEB1-87BCD66F0F45}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{494E55EC-909D-4711-BFA8-6FF0188C8BF8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F1BDDF4D-82F6-4758-8276-B31F926DA13E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.114.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4D9BD41B-506D-4E99-9ED2-C362B96D62DC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.114.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{36385761-3028-47E4-A9E7-B82096F0335E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.114.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{897EC260-CB95-4462-9C9B-202D536F7B16}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.114.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{00B510DA-B6D4-4B36-879E-F521BE80078E}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.92\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

20-03-2024 19:49:41 AdwCleaner_BeforeCleaning_20/03/2024_19:49:36

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (03/24/2024 03:41:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ShellExperienceHost.exe version 10.0.19041.3758 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 5d8

Start Time: 01da7e22c85a2e0a

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

Report Id: 1b2024a7-8524-43af-9dc4-4ce894fcf435

Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.19041.3636_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: App

Hang type: Cross-process

Error: (03/24/2024 03:36:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Video.UI.exe version 10.22091.1006.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1484

Start Time: 01da7d47bdf82561

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.22091.10061.0_x64__8wekyb3d8bbwe\Video.UI.exe

Report Id: 7738719b-0191-4ea8-9efb-67a50df63197

Faulting package full name: Microsoft.ZuneVideo_10.22091.10061.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: Microsoft.ZuneVideo

Hang type: Quiesce

Error: (03/24/2024 03:36:19 PM) (Source: Adaptive Sleep Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/23/2024 02:35:21 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on RECOVERY (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (03/23/2024 02:35:21 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Windows (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (03/23/2024 12:58:03 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress..

Error: (03/23/2024 12:58:03 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]

Error: (03/23/2024 12:58:03 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress..

System errors:
=============
Error: (03/25/2024 08:20:07 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Mozilla Maintenance Service service terminated with the following error:
Incorrect function.

Error: (03/24/2024 03:47:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/24/2024 03:47:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Comm Recovery service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/24/2024 03:47:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GamesAppIntegrationService service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/24/2024 03:43:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The uhssvc service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (03/24/2024 03:43:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the uhssvc service to connect.

Error: (03/24/2024 03:41:58 PM) (Source: DCOM) (EventID: 10010) (User: BP-LAPTOP)
Description: The server Microsoft.Windows.ContentDeliveryManager_10.0.19041.3636_neutral_neutral_cw5n1h2txyewy!App.AppXw3qcpc7p849541dp39vvqd01bn7z9ybh.mca did not register with DCOM within the required timeout.

Error: (03/23/2024 01:02:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
The system cannot find the file specified.

Windows Defender:
================
Date: 2024-03-23 14:59:18
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-03-20 17:22:51
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-03-20 17:15:36
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-03-19 07:43:29
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-03-18 12:47:35
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.B!ml&threatid=2147735505&enterprise=0
Name: Trojan:Win32/Wacatac.B!ml
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Buckner Plumbing\OneDrive\Desktop\FRST64.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Mozilla Firefox\firefox.exe
Security intelligence Version: AV: 1.407.521.0, AS: 1.407.521.0, NIS: 1.407.521.0
Engine Version: AM: 1.1.24020.9, NIS: 1.1.24020.9
Event[0]:

Date: 2024-02-24 17:17:29
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.2952.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

Date: 2024-02-24 17:17:29
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.2952.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

Date: 2024-02-24 17:17:29
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.2952.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

Date: 2024-02-24 15:15:31
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.2917.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

Date: 2024-02-24 15:15:31
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.2917.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

CodeIntegrity:
===============
Date: 2024-03-22 13:00:41
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.

Date: 2024-03-21 18:17:55
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: Insyde F.21 10/27/2016
Motherboard: HP 81F9
Processor: AMD A10-9600P RADEON R5, 10 COMPUTE CORES 4C+6G
Percentage of memory in use: 54%
Total physical RAM: 7647.12 MB
Available physical RAM: 3479.55 MB
Total Virtual: 11999.12 MB
Available Virtual: 6556.98 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:916.59 GB) (Free:822.53 GB) (Model: TOSHIBA MQ01ABD100) NTFS
Drive d: (RECOVERY) (Fixed) (Total:13.69 GB) (Free:1.65 GB) (Model: TOSHIBA MQ01ABD100) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{7de8c6a7-9a55-438d-afb1-8e8177dab4fa}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.35 GB) NTFS
\\?\Volume{771c2074-a093-44da-aa77-3c96a07fbad7}\ () (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 395B16A8)

Partition: GPT.

==================== End of Addition.txt =======================

#14 jcol1227

Topic Starter

Members
23 posts
OFFLINE

Local time:12:30 AM

Posted 25 March 2024 - 07:54 AM

UPDATE: computer model - HP TPN-C126

#15 polskamachina

Malware Response Team
5,622 posts
ONLINE

Gender:Male
Location:California
Local time:09:30 PM

Posted 25 March 2024 - 11:30 AM

Hi jcol1227

While I figure out why you got an error message trying to delete McAfee from the security center, I'd like to investigate whether or not your computer's slowness is being caused by an inefficient cooling system. The directions to run Speccy are below:

Guide Overview

The purpose of this guide is to teach you how to post your computer's specifications to the forum with minimal effort on your part. This is often helpful when troubleshooting problems and the person helping you needs to see the details of your computer's hardware.

Tools Needed

Speccy - First, you will need a program called Speccy.

Instructions

Click this link to download the Free Version.
You will now be asked where you want to save the file. The best place to save it is the Desktop, as it will be easy to find later.
After the file finishes downloading, you are ready to run Speccy. Simply double-click it and follow the prompts until installation is complete. You may want to set the options under View, to Imperial, if you prefer degrees Fahrenheit over Celsius. For me, it will save me one step of conversion.
Once inside Speccy, it will look similar to this (with your computer's specifications, of course):
Now, in the menu bar at the top left, click File > Publish Snapshot
Click Yes > then Copy to Clipboard
Now, once you are back in the forum topic you are posting in, left click in the Reply to this topic message box
Right-click in the empty space of the Reply box and select Paste.
The snapshot URL should appear in your reply window

I'd like to investigate a registry key which contains information about your system restore points.

Highlight the text below in its entirety and press Ctrl-C to copy it to your clipboard:

Start::
ExportKey: HKLM\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore
End::

Run FRST64
Click on Fix
When the fix completes, Fixlog.txt will be placed onto your Desktop
Copy and paste that file into your next reply to me

In summary I will need from you:

Speccy link to the snapshot it created
Fixlog.txt

Let me know if you have any questions.

polskamachina

If I have made your computing life easier, please consider making a contribution.

Back to Virus, Trojan, Spyware, and Malware Removal Help

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Computer running slow, cant download FRST

#1 jcol1227

Attached Files

BC AdBot (Login to Remove)

#2 polskamachina

#3 jcol1227

#4 polskamachina

#5 jcol1227

#6 polskamachina

#7 jcol1227

Attached Files

#8 jcol1227

Attached Files

#9 polskamachina

Attached Files

#10 jcol1227

#11 polskamachina

#12 jcol1227

Attached Files

#13 jcol1227

#14 jcol1227

#15 polskamachina

1 user(s) are reading this topic

Sign In