Thank you Android8888
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2020 01
Ran by Don Van Horne (administrator) on DONVANHORNE-HP (Hewlett-Packard Rfrb h8-1070t) (26-05-2020 18:30:00)
Running from C:\Users\Don Van Horne\Downloads
Loaded Profiles: Don Van Horne
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe" -- "%1")
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files (x86)\Atomic Alarm Clock\timeserv.exe
() [File not signed] C:\Program Files\MobiGame\aeg_launcher.exe
() [File not signed] C:\Program Files\MobiGame\MobiGameUpdater.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Genie9 LTD -> Genie9) C:\Program Files\Genie9\Zoolz2\ZoolzService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <36>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(INTERNET PROJECT LLC -> Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Tencent Technology(Shenzhen) Company Limited -> Tencent) C:\Program Files\txgameassistant\appmarket\QMEmulatorService.exe
(Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\Don Van Horne\AppData\Local\Kingsoft\WPS Office\11.2.0.9363\office6\wpscenter.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-2844776404-49628929-1600567784-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [44024 2017-07-16] (Glarysoft LTD -> Glarysoft Ltd)
HKU\S-1-5-21-2844776404-49628929-1600567784-1001\...\Run: [Voicemod] => C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe [2420168 2019-08-28] (Voicemod Sociedad Limitada -> Voicemod)
HKU\S-1-5-21-2844776404-49628929-1600567784-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2844776404-49628929-1600567784-1001\...\MountPoints2: {0c7b13d5-52e3-11e7-a092-e06995fa1427} - J:\LaunchU3.exe -a
HKU\S-1-5-21-2844776404-49628929-1600567784-1001\...\MountPoints2: {d1ff534f-e17d-11e5-9127-e06995fa1427} - J:\LaunchU3.exe -a
HKU\S-1-5-21-2844776404-49628929-1600567784-1001\...\MountPoints2: {fd8c2287-f628-11e2-81e0-e06995fa1427} - J:\iStudio.exe
HKU\S-1-5-21-2844776404-49628929-1600567784-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-2844776404-49628929-1600567784-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05262020164612703\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [44024 2017-07-16] (Glarysoft LTD -> Glarysoft Ltd)
HKU\S-1-5-21-2844776404-49628929-1600567784-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05262020164612703\...\Run: [Voicemod] => C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe [2420168 2019-08-28] (Voicemod Sociedad Limitada -> Voicemod)
HKU\S-1-5-21-2844776404-49628929-1600567784-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05262020164612703\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2844776404-49628929-1600567784-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05262020164612703\...\MountPoints2: {0c7b13d5-52e3-11e7-a092-e06995fa1427} - J:\LaunchU3.exe -a
HKU\S-1-5-21-2844776404-49628929-1600567784-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05262020164612703\...\MountPoints2: {d1ff534f-e17d-11e5-9127-e06995fa1427} - J:\LaunchU3.exe -a
HKU\S-1-5-21-2844776404-49628929-1600567784-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05262020164612703\...\MountPoints2: {fd8c2287-f628-11e2-81e0-e06995fa1427} - J:\iStudio.exe
HKU\S-1-5-21-2844776404-49628929-1600567784-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05262020164612703\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-2844776404-49628929-1600567784-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05262020164617845\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2011-06-20] (Hewlett-Packard Company) [File not signed]
HKU\S-1-5-21-2844776404-49628929-1600567784-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05262020164617845\...\RunOnce: [Application Restart #0] => C:\Program Files\Microsoft Security Client\msseces.exe -Recover
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.61\Installer\chrmstp.exe [2020-05-26] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\79.1.2.41\Installer\chrmstp.exe [2020-01-06] (Brave Software, Inc.) [File not signed]
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{10880D85-AAD9-4558-ABDC-2AB1552D831F}] -> C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe [2011-06-20] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2014-10-25]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass -> )
Startup: C:\Users\Don Van Horne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Disabled [2013-05-24] ()
Startup: C:\Users\Don Van Horne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ivacy.lnk [2020-05-26]
ShortcutTarget: Ivacy.lnk -> C:\Program Files (x86)\Ivacy\Ivacy.exe (Ivacy Ltd -> )
BootExecute: autocheck autochk * Partizan
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {061BA8C7-C9BE-42CB-AA80-B996A179B3E2} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {18DC4D9E-7891-47D2-BC53-9F103B1D6F9D} - System32\Tasks\HPCustParticipation HP DeskJet 2600 series => C:\Program Files\HP\HP DeskJet 2600 series\Bin\HPCustPartic.exe [6653064 2017-07-11] (Hewlett Packard -> HP Inc.)
Task: {18EF42A1-5D75-498F-A33B-871E8657636E} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_371_pepper.exe [1454136 2020-05-12] (Adobe Inc. -> Adobe)
Task: {2093C28C-2B40-4A7A-AF7B-AC5108FDFD4E} - System32\Tasks\WinSysCleanUAC => C:\Program Files\WinSysClean X7 PRO\WinSysClean.exe [18398360 2015-11-11] (Ultimate Systems -> Ultimate Systems, SRL)
Task: {218A1C90-88FF-4869-8E1F-60DD9D46634D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {2D64BBD1-1A6B-4520-91CE-96A72323F852} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2844776404-49628929-1600567784-1001UA => C:\Users\Don Van Horne\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-08-15] (Facebook, Inc. -> Facebook Inc.)
Task: {2E22CB27-B694-47D0-9C69-8DE04906C331} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [1091992 2018-12-17] (Greatis Software LLC -> Greatis Software)
Task: {37E5ED1B-5225-4692-8814-C560AB0D239E} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [2162704 2020-03-20] (Symantec Corporation -> Symantec Corporation)
Task: {478213F3-A362-43B1-8CE0-C180DC84D38B} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-10-12] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {4B32FC0E-BC06-4C58-B4B7-19BC69F184CC} - System32\Tasks\WpsUpdateTask_Don Van Horne => C:\Users\Don Van Horne\AppData\Local\Kingsoft\WPS Office\11.2.0.9363\office6\wpsupdate.exe [157952 2020-05-21] (Zhuhai Kingsoft Office Software Co., Ltd. -> )
Task: {5A2D6350-2BA0-486D-AFE2-1FD705F29BA2} - System32\Tasks\Norton 360\Norton Security Suite Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.16.2.22\SymErr.exe
Task: {5B1C76C6-C563-46C9-8EB6-A73C8A1A6814} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\22.20.2.57\WSCStub.exe [645008 2020-03-20] (Symantec Corporation -> Symantec Corporation)
Task: {63EA5DE7-470C-466B-9E74-D8B983DA82E8} - System32\Tasks\Norton Security Suite\Norton Security Suite Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.20.2.57\SymErr.exe [117056 2020-03-20] (Symantec Corporation -> Symantec Corporation)
Task: {6D4EAD97-F101-44BF-965E-C994F06AB1D3} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2844776404-49628929-1600567784-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [187984 2013-08-14] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {6FCBA012-3DFD-4990-B430-A4FC9CAEDB72} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {70468692-AEE2-4F3C-BF78-445CB6B17BB6} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [1251640 2013-01-09] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {75A76D2D-5E09-4F6A-8052-58EC56AE92AE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1301560 2011-02-23] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {78BF24DD-DC18-4163-8179-756D885E714C} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [127176 2020-05-20] (Mozilla Corporation -> Mozilla Foundation)
Task: {7BD45CDC-009B-497D-898B-B77FEE72E359} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2844776404-49628929-1600567784-1001Core => C:\Users\Don Van Horne\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-08-15] (Facebook, Inc. -> Facebook Inc.)
Task: {80A0C8E0-8BE7-4D1C-B4F2-0A4EEA50FFED} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [897528 2017-07-16] (Glarysoft LTD -> Glarysoft Ltd)
Task: {89CCA673-A2F4-4699-BC5D-D660CDCDDE10} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_371_Plugin.exe [1458232 2020-05-12] (Adobe Inc. -> Adobe)
Task: {8A0E898E-1F5F-4BA6-9D79-ACC6DD20AB18} - System32\Tasks\Open URL by RoboForm => C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/uninstall.html?aaa=KICMJMGMPMNJIMOMNJIMCNJMLMGMKJCNLMNMLMIMCNNJOJMMPMCNNMMJPMKJOMMJKJLJHMPMHMNJJNJICMIMCNGMCNNMFMGMCNOMPMCNGMNMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMFMNMMMJNHICMIJAJLILJOMJNBJCMLLAJBJPNJKOJBJPNHLAJNIBJKJJNKJCMJNNICMJNDJCMKJBJ"
Task: {8A82F504-FCC0-4DD3-9658-56C0548F266C} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [134640 2017-07-16] (Glarysoft LTD -> Glarysoft Ltd)
Task: {8D481235-AD15-4985-ADAA-D55EDEB3DDC5} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2844776404-49628929-1600567784-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [233048 2013-08-14] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {8DACD8AA-C966-4963-AD63-0FAA3AF315CF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [12344 2013-07-09] (Hewlett-Packard Company -> Microsoft)
Task: {970A7A77-058A-4209-A68E-31F2C0A32906} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2844776404-49628929-1600567784-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [187984 2013-08-14] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {976A52EA-A8AE-437C-BDA3-D671F899EC92} - System32\Tasks\GMHSkipUAC => C:\Program Files (x86)\Glarysoft\Malware Hunter\MalwareHunter.exe [2358768 2017-07-16] (Glarysoft LTD -> Glarysoft Ltd)
Task: {A0A29FC1-BAE7-4F39-AE09-16A65BC2F5C0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1301560 2011-02-23] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {A4358AB7-10BC-4602-A98B-07BDDB4EE95C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {A6FD9788-3A54-4D2A-9EF7-6531C2569182} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-10-12] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {B20E4EDA-1D5D-4534-B579-38C837EB58E0} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-2844776404-49628929-1600567784-1001 => C:\Users\Don Van Horne\AppData\Local\MEGAsync\MEGAupdater.exe [615160 2019-02-07] (Mega Limited -> Mega Limited)
Task: {B68864E0-F2AA-42DB-A641-2D9C95274075} - System32\Tasks\Norton 360\Norton Security Suite Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.16.2.22\SymErr.exe
Task: {B75618BA-6B03-4881-8B2B-345A4E77EFD7} - System32\Tasks\HPCustPartic.exe_{3B501A62-F23B-4CB0-9BE8-FF553EBAF15B} => C:\Program Files\HP\HP DeskJet 2600 series\Bin\HPCustPartic.exe [6653064 2017-07-11] (Hewlett Packard -> HP Inc.)
Task: {BC46BBF7-AADD-4196-8687-33F22142963F} - System32\Tasks\GoogleUpdateTaskMachineUA1cff2fdd758a3e3 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {BCD995F5-6038-4186-AA84-D095C2C7DEDF} - System32\Tasks\HPCeeScheduleForDONVANHORNE-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [91704 2010-09-14] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {C02563E4-3133-4C2B-A008-EEA92F5E855B} - System32\Tasks\Trojan Remover => C:\Program Files\Loaris\Trojan Remover\ltr.exe [13416448 2015-02-02] () [File not signed]
Task: {C06E72E0-ED29-41FF-BBDD-1C0D86326BD5} - System32\Tasks\Norton Security Suite\Norton Security Suite Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.20.2.57\SymErr.exe [117056 2020-03-20] (Symantec Corporation -> Symantec Corporation)
Task: {C5D7207A-D386-4842-854D-8013657152AB} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2844776404-49628929-1600567784-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [187984 2013-08-14] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {DF6B8BC2-D398-42EC-A5F0-0D6236D9403F} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [742920 2019-02-05] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {E86A16B9-DEF6-44A4-88DC-5746A57DAF68} - System32\Tasks\Zoolz Start Backup => C:\Program Files\Genie9\Zoolz2\ZoolzLauncher.exe [395592 2019-06-20] (Genie9 LTD -> Genie9)
Task: {EF7F4BB1-1342-4A35-9405-6641CA682B28} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-05-12] (Adobe Inc. -> Adobe)
Task: {F754A0D0-361A-4638-A828-045A4B204B4E} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2844776404-49628929-1600567784-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [187984 2013-08-14] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {FC1F642C-122D-4BEB-8212-0107C8987458} - System32\Tasks\WpsExternal_Don Van Horne_20200521033502 => C:\Users\Don Van Horne\AppData\Local\Kingsoft\WPS Office\11.2.0.9363\office6\wps.exe [1065216 2020-05-21] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2844776404-49628929-1600567784-1001Core.job => C:\Users\Don Van Horne\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2844776404-49628929-1600567784-1001UA.job => C:\Users\Don Van Horne\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForDONVANHORNE-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 10 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{4E9E706F-1D22-4200-946F-FDF88D459214}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{4E9E706F-1D22-4200-946F-FDF88D459214}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{6C98BE56-189D-4D2C-88D2-A4C7E642731F}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{6C98BE56-189D-4D2C-88D2-A4C7E642731F}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{CA66EA55-F081-4FE4-88E4-23D5ABB24D40}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
HKLM\System\...\Parameters\PersistentRoutes: [169.254.0.0,255.255.0.0,10.0.0.3,1]
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2844776404-49628929-1600567784-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05262020164617845\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-2844776404-49628929-1600567784-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05262020164617845\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM -> {EDECF09A-4FFA-4871-B01A-9F71AE7066E9} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
SearchScopes: HKU\S-1-5-19 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05262020164611320 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05262020164611936 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2844776404-49628929-1600567784-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U453DF&PC=U453&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2844776404-49628929-1600567784-1001 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL =
SearchScopes: HKU\S-1-5-21-2844776404-49628929-1600567784-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U453DF&PC=U453&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2844776404-49628929-1600567784-1001 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = hxxp://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2844776404-49628929-1600567784-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = &gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-2844776404-49628929-1600567784-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
SearchScopes: HKU\S-1-5-21-2844776404-49628929-1600567784-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05262020164612703 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U453DF&PC=U453&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2844776404-49628929-1600567784-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05262020164612703 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL =
SearchScopes: HKU\S-1-5-21-2844776404-49628929-1600567784-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05262020164612703 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U453DF&PC=U453&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2844776404-49628929-1600567784-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05262020164612703 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = hxxp://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2844776404-49628929-1600567784-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05262020164612703 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = &gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-2844776404-49628929-1600567784-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05262020164612703 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.20.2.57\coIEPlg.dll [2020-03-20] (Symantec Corporation -> Symantec Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-10-25] (LastPass -> LastPass)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc -> Google Inc.)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine32\22.20.2.57\coIEPlg.dll [2020-03-20] (Symantec Corporation -> Symantec Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-10-25] (LastPass -> LastPass)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc -> Google Inc.)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-10-25] (LastPass -> LastPass)
Toolbar: HKLM - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Privacy Suite 17\SPMIEToolbar64.dll [2016-07-28] (Steganos Software GmbH -> Steganos Software GmbH)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc -> Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.20.2.57\coIEPlg.dll [2020-03-20] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-10-25] (LastPass -> LastPass)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine32\22.20.2.57\coIEPlg.dll [2020-03-20] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM-x32 - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Privacy Suite 17\SPMIEToolbar.dll [2016-07-28] (Steganos Software GmbH -> Steganos Software GmbH)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc -> Google Inc.)
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-2844776404-49628929-1600567784-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-2844776404-49628929-1600567784-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.20.2.57\coIEPlg.dll [2020-03-20] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKU\S-1-5-21-2844776404-49628929-1600567784-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05262020164612703 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-2844776404-49628929-1600567784-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05262020164612703 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.20.2.57\coIEPlg.dll [2020-03-20] (Symantec Corporation -> Symantec Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Software Sarl -> Skype Technologies)
FireFox:
========
FF DefaultProfile: 5tmeq4yc.default-1468950079443-1529608410322
FF ProfilePath: C:\Users\Don Van Horne\AppData\Roaming\Mozilla\Firefox\Profiles\5tmeq4yc.default-1468950079443-1529608410322 [2020-05-25]
FF user.js: detected! => C:\Users\Don Van Horne\AppData\Roaming\Mozilla\Firefox\Profiles\5tmeq4yc.default-1468950079443-1529608410322\user.js [2019-10-06]
FF Homepage: Mozilla\Firefox\Profiles\5tmeq4yc.default-1468950079443-1529608410322 -> hxxps://www.malwarebytes.org/restorebrowser/cpkqmx79bdfhjsw6uw6g_18_26_20¶m1=1¶m2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3Dwingy%26cd%3D2XzuyEtN2Y1L1Qzu0EtDyCzyzyyD0F0AtCyEtByBtAyCtC0BtN0D0Tzu0StBtAyBtAtN1L2XzuyEtFtByCtFtDtFzytAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyC0EyBtCtDyByByCtGtAtCtC0FtGyB0ByE0EtGtBzytC0FtGzzzzyCtDyD0A0FyB0A0D0EyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzyyE1QzzyC1P1OtGyCtAyD1PtGyE1OtD1OtGzztAyB1PtGzzyE1Szz1RtC1R1S1StBzy1S2QtN0A0LzutDtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtAtDyEyBtCtBtAtB%26cr%3D1969344138%26a%3Dbgy_cpkqmx79bdfhjsw6uw6g_18_26_20%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
FF NetworkProxy: Mozilla\Firefox\Profiles\5tmeq4yc.default-1468950079443-1529608410322 -> type", 4
FF Notifications: Mozilla\Firefox\Profiles\5tmeq4yc.default-1468950079443-1529608410322 -> hxxps://www.youtube.com; hxxps://www.disclose.tv; hxxps://www.facebook.com
FF Extension: (clean-facebook) - C:\Users\Don Van Horne\AppData\Roaming\Mozilla\Firefox\Profiles\5tmeq4yc.default-1468950079443-1529608410322\Extensions\jid1-dwtGBwQjx3SUQc@jetpack.xpi [2019-02-22]
FF Extension: (LastPass: Free Password Manager) - C:\Users\Don Van Horne\AppData\Roaming\Mozilla\Firefox\Profiles\5tmeq4yc.default-1468950079443-1529608410322\Extensions\support@lastpass.com.xpi [2020-05-20]
FF Extension: (Google Translator for Firefox) - C:\Users\Don Van Horne\AppData\Roaming\Mozilla\Firefox\Profiles\5tmeq4yc.default-1468950079443-1529608410322\Extensions\translator@zoli.bod.xpi [2018-12-10]
FF Extension: (Image Zoom) - C:\Users\Don Van Horne\AppData\Roaming\Mozilla\Firefox\Profiles\5tmeq4yc.default-1468950079443-1529608410322\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2018-06-23] [Legacy]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\Don Van Horne\AppData\Roaming\Mozilla\Firefox\Profiles\5tmeq4yc.default-1468950079443-1529608410322\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2020-05-20]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Don Van Horne\AppData\Roaming\Mozilla\Firefox\Profiles\5tmeq4yc.default-1468950079443-1529608410322\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-04-20]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-03] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bonjour4firefox@apple.com] - C:\Program Files (x86)\Bonjour SDK\Bin\FirefoxExtension
FF Extension: (Bonjour Extension for Firefox) - C:\Program Files (x86)\Bonjour SDK\Bin\FirefoxExtension [2018-02-15] [Legacy] [not signed]
FF HKU\S-1-5-21-2844776404-49628929-1600567784-1001\...\Firefox\Extensions: [{A2E18BA9-E68C-4c96-AC77-E5F24DF98306}] - C:\Program Files (x86)\Allavsoft\Video Downloader Converter\extensions\3.12.8.6141\BVDFirefoxExt
FF Extension: (Allavsoft Firefox Extension) - C:\Program Files (x86)\Allavsoft\Video Downloader Converter\extensions\3.12.8.6141\BVDFirefoxExt [2016-11-10] [Legacy] [not signed]
FF HKU\S-1-5-21-2844776404-49628929-1600567784-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Don Van Horne\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Extension: (Ace Script) - C:\Users\Don Van Horne\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2018-11-26]
FF HKU\S-1-5-21-2844776404-49628929-1600567784-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05262020164612703\...\Firefox\Extensions: [{A2E18BA9-E68C-4c96-AC77-E5F24DF98306}] - C:\Program Files (x86)\Allavsoft\Video Downloader Converter\extensions\3.12.8.6141\BVDFirefoxExt
FF HKU\S-1-5-21-2844776404-49628929-1600567784-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05262020164612703\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Don Van Horne\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_371.dll [2020-05-12] (Adobe Inc. -> )
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-10-25] (LastPass -> LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_371.dll [2020-05-12] (Adobe Inc. -> )
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] (Apple Inc. -> )
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-10-25] (LastPass -> LastPass)
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll [2011-08-11] (McAfee, Inc. -> McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2013-11-03] (RealNetworks, Inc. -> RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.) [File not signed]
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.) [File not signed]
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.) [File not signed]
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2013-11-03] (RealNetworks, Inc. -> RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealNetworks, Inc. -> RealDownloader)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-10-12] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-10-12] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2013-08-05] (WildTangent Inc -> )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-03] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2844776404-49628929-1600567784-1001: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu -> Hulu LLC)
FF Plugin HKU\S-1-5-21-2844776404-49628929-1600567784-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Don Van Horne\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Software Sarl -> Skype Limited)
FF Plugin HKU\S-1-5-21-2844776404-49628929-1600567784-1001: @stickypassword.com/Sticky Password -> C:\Program Files (x86)\Sticky Password\npspAutofill.dll [2013-08-01] (Lamantine Software a.s. -> Lamantine Software a.s.)
FF Plugin HKU\S-1-5-21-2844776404-49628929-1600567784-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Don Van Horne\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-04-06] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-2844776404-49628929-1600567784-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05262020164612703: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu -> Hulu LLC)
FF Plugin HKU\S-1-5-21-2844776404-49628929-1600567784-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05262020164612703: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Don Van Horne\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Software Sarl -> Skype Limited)
FF Plugin HKU\S-1-5-21-2844776404-49628929-1600567784-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05262020164612703: @stickypassword.com/Sticky Password -> C:\Program Files (x86)\Sticky Password\npspAutofill.dll [2013-08-01] (Lamantine Software a.s. -> Lamantine Software a.s.)
FF Plugin HKU\S-1-5-21-2844776404-49628929-1600567784-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05262020164612703: @zoom.us/ZoomVideoPlugin -> C:\Users\Don Van Horne\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-04-06] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-2844776404-49628929-1600567784-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05262020164617845: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu -> Hulu LLC)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Don Van Horne\AppData\Local\Google\Chrome\User Data\Default [2020-05-26]
CHR Notifications: Default -> hxxps://americanmilitarynews.os.tc; hxxps://saraacarter.com; hxxps://twitter.com; hxxps://wg1wga.com; hxxps://www.infowars.com; hxxps://www.wondershare.net; hxxps://www.youtube.com; hxxps://youtube.notification-0.com
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?type=994519&fr=yo-yhp-ch","hxxps://www.google.com/?trackid=sp-006"
CHR DefaultSearchURL: Default -> hxxps://www.searchsecurepro.co/search.php?type=search&id=MTI4NzU&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://auto.searchsecurepro.co/autocomplete.js?omni=true&appId=MTI4NzU&q={searchTerms}
CHR Extension: (Google Translate) - C:\Users\Don Van Horne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2020-04-20]
CHR Extension: (Slides) - C:\Users\Don Van Horne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Norton Password Manager) - C:\Users\Don Van Horne\AppData\Local\Google\Chrome\User Data\Default\Extensions\admmjipmmciaobhojoghlmleefbicajg [2020-05-11]
CHR Extension: (Web) - C:\Users\Don Van Horne\AppData\Local\Google\Chrome\User Data\Default\Extensions\amhckedkghbciendefbknenmokkgcnfa [2020-04-22]
CHR Extension: (Docs) - C:\Users\Don Van Horne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\Don Van Horne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-11-01]
CHR Extension: (YouTube) - C:\Users\Don Van Horne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-24]
CHR Extension: (Honey) - C:\Users\Don Van Horne\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2020-04-20]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Don Van Horne\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-04-20]
CHR Extension: (Plugins) - C:\Users\Don Van Horne\AppData\Local\Google\Chrome\User Data\Default\Extensions\chemohaemmfhjpmlgkmkanfpfbkaihop [2017-07-03]
CHR Extension: (Google Search) - C:\Users\Don Van Horne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-24]
CHR Extension: (Yahoo Partner) - C:\Users\Don Van Horne\AppData\Local\Google\Chrome\User Data\Default\Extensions\facbafpefjlcpifgggajlhdafafocnef [2019-05-30]
CHR Extension: (Sheets) - C:\Users\Don Van Horne\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Norton Safe Web) - C:\Users\Don Van Horne\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnpbeacklnhmkkilekogeiekaglbmmka [2020-05-11]
CHR Extension: (Google Docs Offline) - C:\Users\Don Van Horne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-26]
CHR Extension: (Hola Free VPN, unblock any site!) - C:\Users\Don Van Horne\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2020-05-19]
CHR Extension: (Norton Safe) - C:\Users\Don Van Horne\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbmobhkkblcgdifigjglcjneplefbkmh [2017-04-29]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Don Van Horne\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2020-05-14]
CHR Extension: (Xfinity) - C:\Users\Don Van Horne\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemjgdpngmhbimofcicjfhibkdbigdmb [2014-11-05]
CHR Extension: (Norton Identity Safe) - C:\Users\Don Van Horne\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-02-15]
CHR Extension: (Grammarly for Chrome) - C:\Users\Don Van Horne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2020-05-26]
CHR Extension: (PeerName) - C:\Users\Don Van Horne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdihlopcnkjinfjhbeopjfmnfpcoaop [2019-09-12]
CHR Extension: (MeddleMonkey) - C:\Users\Don Van Horne\AppData\Local\Google\Chrome\User Data\Default\Extensions\moihledlmchhofenpacbhphnbnpakgmo [2020-03-31]
CHR Extension: (Norton Safe) - C:\Users\Don Van Horne\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpnlkmlkncncpgnnkmkgoobfpnjmblnk [2020-05-09]
CHR Extension: (Wikibuy from Capital One) - C:\Users\Don Van Horne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2020-05-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Don Van Horne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-02]
CHR Extension: (Gmail) - C:\Users\Don Van Horne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-22]
CHR Extension: (Chrome Media Router) - C:\Users\Don Van Horne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-26]
CHR Extension: (Social Translator (discontinued)) - C:\Users\Don Van Horne\AppData\Local\Google\Chrome\User Data\Default\Extensions\plofenifjagmdikfcobngnfmmnfmphin [2016-10-14]
CHR Profile: C:\Users\Don Van Horne\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-02-14]
CHR Profile: C:\Users\Don Van Horne\AppData\Local\Google\Chrome\User Data\System Profile [2020-03-02]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.20.2.57\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKU\S-1-5-21-2844776404-49628929-1600567784-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo]
CHR HKU\S-1-5-21-2844776404-49628929-1600567784-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05262020164612703\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo]
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.20.2.57\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [dhancbnhabhandieicagelcddkdfgoif] - C:\Program Files (x86)\Allavsoft\Video Downloader Converter\extensions\3.12.8.6141\BVDChromeExt.crx [2016-11-10]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd]
CHR HKLM-x32\...\Chrome\Extension: [hemjgdpngmhbimofcicjfhibkdbigdmb] - C:\ProgramData\comcastModemRelease\shortcuts\chrome\xfinity.crx [2013-02-08]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AegLauncher; C:\Program Files\MobiGame\aeg_launcher.exe [7183872 2020-02-09] () [File not signed]
S3 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-02] (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation)
S3 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [237056 2012-04-26] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 AtomicAlarmClock; C:\Program Files (x86)\Atomic Alarm Clock\timeserv.exe [2007040 2013-04-24] () [File not signed]
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-10-12] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-10-12] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 CLKMSVC10_38F51D56; c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-01-25] (CyberLink -> CyberLink)
S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo Uninstaller 2017\DfSdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) [File not signed]
S3 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2017-10-30] (Digital Wave Ltd -> Digital Wave Ltd.)
S3 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database_b83fa2\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database_b83fa2\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [81392 2019-08-01] (INTERNET PROJECT LLC -> Freemake)
S3 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2018-03-02] (Ellora Assets Corp.) [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [255040 2014-09-28] (WildTangent Inc -> WildTangent)
S3 GSService; C:\Windows\SysWOW64\GSService.exe [505056 2013-09-09] (cyan soft ltd -> )
S3 HideMyIpSRV; C:\Program Files (x86)\Hide My IP 6\HideMyIpSRV.exe [4375792 2015-10-07] (My Privacy Tools, Inc. -> Hide My IP)
S3 Leawo_service; C:\Program Files (x86)\Common Files\Appkeys\yytool64.exe [1232880 2014-05-04] (Shenzhen Moyea Software -> )
S3 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-06-20] (Hewlett-Packard Company) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [502032 2011-10-18] (McAfee, Inc. -> McAfee, Inc.)
S3 MediaMall Server; C:\Program Files (x86)\MediaMall\MediaMallServer.exe [7604320 2019-09-13] (MediaMall Technologies, Inc. -> MediaMall Technologies, Inc.)
R2 MobiGameUpdater; C:\Program Files\MobiGame\MobiGameUpdater.exe [202240 2020-02-09] () [File not signed]
S2 NortonSecurity; C:\Program Files (x86)\Norton Security Suite\Engine\22.20.2.57\NortonSecurity.exe [344760 2020-03-20] (Symantec Corporation -> Symantec Corporation)
S3 OpenVPNService; C:\Program Files (x86)\Ivacy\bin\openvpnserv.exe [26416 2016-05-24] (Ivacy Ltd -> The OpenVPN Project)
S3 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1793088 2017-11-08] (PDF Complete Inc. -> PDF Complete Inc)
S3 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-04-24] (Sony Corporation -> Sony Corporation)
R2 QMEmulatorService; C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe [166384 2019-12-11] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
S3 rccsvc; C:\Program Files (x86)\Quietzone\RQZ\rccsvc.exe [2043392 2014-04-10] (CJSC Returnil Software -> Returnil and its licensors)
S3 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] (RealNetworks, Inc. -> )
S3 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [272024 2007-05-13] (CyberLink -> )
S3 RoxioNow Service; C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [399344 2010-11-26] (Sonic Solutions -> Roxio)
S3 rsssvc; C:\Program Files (x86)\Quietzone\RQZ\rsssvc.exe [1061808 2014-04-10] (CJSC Returnil Software -> Returnil and its licensors)
S3 SophosVirusRemovalTool; C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [152872 2014-08-11] (Sophos Limited -> Sophos Limited)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [318464 2012-04-24] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer -> TeamViewer GmbH)
S3 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [308088 2015-12-07] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2286976 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
S3 wpscloudsvr; C:\Users\Don Van Horne\AppData\Local\Kingsoft\WPS Office\wpscloudsvr.exe [791296 2020-05-21] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
R2 Zoolz 2 Service; C:\Program Files\Genie9\Zoolz2\ZoolzService.exe [478536 2019-06-20] (Genie9 LTD -> Genie9)
S3 {0CBD4F48-3751-475D-BE88-4F271385B672}; C:\Program Files\Shadow Defender\Service.exe [74936 2015-08-26] (Yang Ping -> SHADOWDEFENDER.COM)
S2 ACPService; "C:\Program Files (x86)\Philips\CamSuite\2.0.15.0\ACPService.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [11172864 2012-04-26] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [339456 2012-04-26] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (APOWERSOFT LIMITED -> Wondershare)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [94720 2014-06-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-20] (AVG Technologies -> AVG Technologies)
S1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20200526.001\BHDrvx64.sys [1952136 2020-02-10] (Symantec Corporation -> Symantec Corporation)
R1 ccSet_NGC; C:\Windows\System32\drivers\NGCx64\1614020.039\ccSetx64.sys [192376 2020-03-20] (Symantec Corporation -> Symantec Corporation)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [24376 2010-03-01] (Hewlett-Packard Company -> )
S3 cqcpu; C:\Windows\System32\drivers\cqcpu.sys [24376 2010-03-01] (Hewlett-Packard Company -> )
S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2014-01-17] (Digiarty, Inc. -> Digiarty Software, Inc.)
R0 diskpt; C:\Windows\System32\drivers\diskpt.sys [422584 2015-08-26] (Yang Ping -> SHADOWDEFENDER.COM)
R3 dvdfab; C:\Windows\System32\drivers\dvdfab.sys [79232 2011-08-15] (Fengtao Software Inc. -> Fengtao Software Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [516784 2019-10-09] (Symantec Corporation -> Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [154288 2019-10-12] (Symantec Corporation -> Symantec Corporation)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2017-07-31] (Glarysoft Ltd -> Glarysoft Ltd)
S3 GUMHFilters; C:\Program Files (x86)\Glarysoft\Malware Hunter\Native\winxp_x64\GUMHFilter.sys [41272 2017-06-29] (Glarysoft LTD -> GlarySoft Ltd)
R1 GUSBootStartup; C:\Windows\System32\drivers\GUSBootStartup.sys [20160 2017-07-31] (Glarysoft Ltd -> Glarysoft Ltd)
R3 HCW723x; C:\Windows\System32\DRIVERS\HCW723x.sys [1847680 2012-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Hauppauge Computer Works, Inc.)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20200526.061\IDSvia64.sys [1451016 2020-04-06] (Symantec Corporation -> Symantec Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2020-05-26] (Malwarebytes Corporation -> Malwarebytes)
R1 MobiVBoxDrv; C:\Program Files\MobiGame\vbox\MobiVBoxDrv.sys [314688 2020-02-04] (Iron Entertainment Inc. -> Oracle Corporation)
R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2013-03-05] (MediaMall Technologies, Inc. -> MediaMall Technologies, Inc.)
R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2473616 2014-12-10] (MEDIATEK INC. -> MediaTek Inc.)
R2 npf; C:\Windows\system32\drivers\npf.sys [36600 2018-12-19] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2018-12-21] (Greatis Software LLC -> Greatis Software)
R3 PCWinSoft; C:\Windows\System32\DRIVERS\scrcamhrdrv_x64.sys [241800 2012-10-11] (PCWinSoft Systems Informatica Ltda -> Windows ® Server 2003 DDK provider)
S3 phaudlwr; C:\Windows\System32\DRIVERS\phaudlwr.sys [114608 2009-10-20] (PHAUD -> Philips Applied Technologies)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Research In Motion Limited)
R0 rmseffmv; C:\Windows\System32\drivers\rmseffmv.sys [31432 2014-04-10] (CJSC Returnil Software -> CJSC Returnil Software)
R0 rmseng; C:\Windows\System32\drivers\rmseng.sys [333728 2014-04-10] (CJSC Returnil Software -> CJSC Returnil Software)
R1 SLEE_19_DRIVER; C:\Windows\Sleen1964.sys [117848 2016-07-28] (Softwareentwicklung Patric Remus - ArchiCrypt - (Patric W.Remus) -> Softwareentwicklung Remus - ArchiCrypt - )
S3 SPC620; C:\Windows\System32\drivers\SPC620.sys [581120 2007-09-28] (Microsoft Windows Hardware Compatibility Publisher -> Philips )
S3 SPC620m; C:\Windows\System32\drivers\SPC620m.sys [8192 2007-09-28] (Microsoft Windows Hardware Compatibility Publisher -> Philips )
R1 SRTSP; C:\Windows\System32\drivers\NGCx64\1614020.039\SRTSP64.SYS [889520 2020-03-20] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\drivers\NGCx64\1614020.039\SRTSPX64.SYS [50864 2020-03-20] (Symantec Corporation -> Symantec Corporation)
R3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [536576 2012-04-24] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 swg3kser00; C:\Windows\System32\DRIVERS\swg3kser00.sys [258432 2011-05-13] (Microsoft Windows Hardware Compatibility Publisher -> Sierra Wireless Incorporated)
S3 swiwdmbx; C:\Windows\System32\DRIVERS\swiwdmbx64.sys [109312 2011-05-16] (Microsoft Windows Hardware Compatibility Publisher -> Sierra Wireless Inc.)
S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [297472 2011-05-28] (Microsoft Windows Hardware Compatibility Publisher -> Sierra Wireless Inc.)
R0 SymEFASI; C:\Windows\System32\drivers\NGCx64\1614020.039\SYMEFASI64.SYS [1964552 2020-03-20] (Symantec Corporation -> Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100064 2019-03-19] (Symantec Corporation -> Symantec Corporation)
S3 SymEvnt; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\SymPlatform\SymEvnt.sys [712368 2020-01-09] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\Windows\System32\drivers\NGCx64\1614020.039\Ironx64.SYS [316656 2020-03-20] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\Windows\System32\drivers\NGCx64\1614020.039\symnets.sys [575280 2020-03-20] (Symantec Corporation -> Symantec Corporation)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [39728 2016-05-24] (Ivacy Ltd -> The OpenVPN Project)
S3 tesrsdt; C:\Windows\system32\drivers\tesrsdt.sys [432840 2019-12-14] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S3 TesSafe; C:\Windows\system32\TesSafe.sys [545568 2019-12-14] (Tencent Technology(Shenzhen)