Inactive My computer was hacked 3 months ago

Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

SFSBIZCON

Thread Starter
Joined
Nov 29, 2021
Messages
10
Some people in the same career space as me sent me a link through Facebook in order to access my computer. I clicked the link and my computer instantly and violently shut down. Afterwards, industry specific websites were not accepting my passwords or sending the password change option to my email address unless I did it from a different device at which point, the same password tried previously would then work. I used an incognito browser on the same site and it worked once and then no more. I downloaded Firefox and the website worked once and then, no more. I have run Kaspersky and Avast and it hasn't helped. I'm unsure how to back up my entire computer as I am not tech savvy at all. TIA for your time. Below is the Dropbox link to the requested files

https://www.dropbox.com/scl/fi/4mwp...re.paper?dl=0&rlkey=4us17wfg5497v314557nj9srh
 

DR.M

Trusted Advisor
Malware Specialist
Joined
Sep 4, 2019
Messages
3,321
Hi, SFSBIZCON.

Welcome to TSG Forums.

Have you run FRST tool as instructed here?

If yes, please attach the two files created in your next reply.
 

Couriant

James
Moderator
Joined
Mar 26, 2002
Messages
43,379
@SFSBIZCON I deleted your post as it was caught in an approval queue. I have checked your link and it doesn't have any usable files. Please use the link provided by Dr.M
 

SFSBIZCON

Thread Starter
Joined
Nov 29, 2021
Messages
10
@SFSBIZCON I deleted your post as it was caught in an approval queue. I have checked your link and it doesn't have any usable files. Please use the link provided by Dr.M

Tech Support Guy System Info Utility version 1.0.0.9
OS Version: Microsoft Windows 10 Home, 64 bit, Build 19043, Installed 20210308022439.000000-300
Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz, Intel64 Family 6 Model 42 Stepping 7, CPU Count: 4
Total Physical RAM: 8 GB
Graphics Card: Intel(R) HD Graphics 3000
Hard Drives: C: 464 GB (90 GB Free);
Motherboard: Hewlett-Packard 167E, ver KBC Version 22.1F, s/n PCMED001Y2H0F2
System: Hewlett-Packard, ver HPQOEM - f, s/n CNU21315KC
Antivirus: Windows Defender, Disabled

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-11-2021
Ran by hp (administrator) on DESKTOP-I9VTLAM (Hewlett-Packard HP ProBook 4430s) (30-11-2021 11:47:39)
Running from C:\Users\hp\Downloads
Loaded Profiles: hp
Platform: Microsoft Windows 10 Home Version 21H1 19043.1348 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <3>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(GeoComply USA, Inc. -> GeoComply) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe
(Google LLC -> ) C:\Program Files\Google\Drive File Stream\53.0.8.0\crashpad_handler.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <52>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe <7>
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avp.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avpui.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\plugins_nms.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksde.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksdeui.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <13>
(Plantronics Inc -> Plantronics, Inc.) C:\Program Files (x86)\Plantronics\Spokes3G\SpokesUpdateService.exe
(Popcorn Time) [File not signed] C:\Program Files (x86)\Popcorn Time\Updater.exe
(Proton Technologies AG -> ) C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe
(Proton Technologies AG -> ) C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe
(Proton Technologies AG -> ) C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(SurfRight B.V. -> SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe
(WOLF OF WEBSTREET (OPC) PRIVATE LIMITED -> Copyright 2017.) C:\Program Files (x86)\MalwareFox AntiMalware\ZAM.exe <2>
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF3\3.0.0.308\WsAppService3.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [134936 2021-11-10] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [HotKeysCmds] => "C:\WINDOWS\system32\hkcmd.exe" (No File)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [436704 2020-09-25] (Corel Corporation -> WinZip Computing, S.L.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [Opera Browser Assistant] => C:\Users\hp\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [4597968 2021-11-23] (Opera Software AS -> Opera Software)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\MalwareFox AntiMalware\ZAM.exe [15767792 2021-11-29] (WOLF OF WEBSTREET (OPC) PRIVATE LIMITED -> Copyright 2017.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [uupdate] => C:\ProgramData\wDcLibs\uhelper.exe [512280 2019-11-28] (Shenzhen Yi Xing Investment Co., Ltd. -> )
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [8807712 2021-11-10] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2138272 2016-10-08] (Shenzhen Yi Xing Investment Co., Ltd. -> iSkySoft)
HKLM-x32\...\Run: [PLTHub.exe] => C:\Program Files (x86)\Plantronics\Spokes3G\PLTHub.exe [2867304 2020-06-26] (Plantronics Inc -> Plantronics, Inc.)
HKLM-x32\...\Run: [PlantronicsStatusIndicator] => C:\Program Files (x86)\Plantronics\PlantronicsStatusIndicator\PlantronicsStatusIndicator.exe [8129256 2020-04-01] (Embrava Pty Ltd -> Plantronics Inc)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5267168 2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe [54402392 2021-11-19] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe [54402392 2021-11-19] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-613475361-4011792205-542959771-1000\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe [54402392 2021-11-19] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5397216 2021-10-05] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\Run: [Facebook.MessengerDesktop] => C:\Users\hp\AppData\Local\Programs\Messenger\Messenger.exe [110793448 2021-04-05] (Facebook, Inc. -> Facebook, Inc.)
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35342976 2021-11-12] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\Run: [ProtonVPN] => C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe [7743592 2021-09-21] (Proton Technologies AG -> )
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [5461888 2021-07-30] (Windscribe Limited -> Windscribe Limited)
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5397216 2021-10-05] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe [54402392 2021-11-19] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\Run: [] => [X]
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\Run: [Viddly YouTube Downloader] => C:\Program Files\Viddly YouTube Downloader\Viddly.exe [2192384 2021-10-30] (Viddly Inc.) [File not signed]
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\Run: [GoogleChromeAutoLaunch_BC2181BA6FEFC094049535C747D5BFD8] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe [54402392 2021-11-19] (Google LLC -> Google, Inc.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [65160 2021-07-24] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\EPSON WF-2540 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMIUE.DLL [120320 2015-01-06] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\MPE3 Port: C:\WINDOWS\system32\mpelocalmon.dll [26112 2019-12-03] (Copyright (c) Code Industry Ltd) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\96.0.4664.45\Installer\chrmstp.exe [2021-11-18] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2021-04-30]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (Corel Corporation -> WinZip Computing)
Startup: C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2020-05-10]
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe (June Fabrics Technology Inc. -> )
BootExecute: autocheck autochk * bootdelete
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01B436CF-65E9-43BB-A021-12D10C2273D4} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {0777C7F6-5B56-4830-9E4F-ADCECF5ABD82} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-16] (Google Inc -> Google LLC)
Task: {123878A1-3428-4422-923C-867DD8B45410} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\8.7.0\AutoUpdate.exe [2285592 2021-09-03] (IObit CO., LTD -> IObit)
Task: {176E116E-1593-4019-A7E6-95BCB224BAF8} - System32\Tasks\Opera scheduled assistant Autoupdate 1598392491 => C:\Users\TEMP.DESKTOP-I9VTLAM\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\TEMP.DESKTOP-I9VTLAM\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {18C4DC2E-A2FE-438E-93D9-3D5A8D58E149} - System32\Tasks\easyxploreUpdateTaskUserS-1-5-21-613475361-4011792205-542959771-1001UA => C:\Users\hp\AppData\Local\easyxplore\Update\easyxploreUpdate.exe /ua /installsource scheduler (No File) <==== ATTENTION
Task: {250902D2-E286-4553-94C7-DC8318E452F3} - System32\Tasks\Driver Booster SkipUAC (hp) => C:\Program Files (x86)\IObit\Driver Booster\8.7.0\DriverBooster.exe [8335896 2021-09-03] (IObit CO., LTD -> IObit)
Task: {25F74347-2B70-45E3-81FC-760043771293} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4974872 2021-11-10] (Avast Software s.r.o. -> AVAST Software)
Task: {2679CFBF-518C-48F2-A5BE-8C9F191D090B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-11-12] (Piriform Software Ltd -> Piriform)
Task: {2B6740E9-3A7E-4CE7-951A-FEE143EE5A2A} - \Mozilla\Firefox Background Update 308046B0AF4A39CB -> No File <==== ATTENTION
Task: {2CFB8949-918A-4C8A-AB44-0521D8CF9558} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1790184 2021-04-30] (Avast Software s.r.o. -> Avast Software)
Task: {30466BAB-D520-4D40-A790-01DEA9241338} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {38A7EDB2-C39C-494C-A570-D5B4A237B5B8} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
Task: {3C0E46CC-E24D-4D84-9584-C249FE67C6F6} - System32\Tasks\Avast Driver Updater Scan => C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe scheduled (No File)
Task: {4901AAC4-73BE-457A-973E-C7841578F47A} - System32\Tasks\LocalExplorer Update => C:\Program Files (x86)\LocalExplorer\LocalExplorer.exe [97002 2014-08-08] (VNProDev) [File not signed]
Task: {4917D7BA-FF6D-44D9-B89D-D6E0152ED0CA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4D323DCD-B133-4D3C-9A5C-FB6B30C982BE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {50284487-5F5A-4242-9BC5-11710DC0BDE7} - System32\Tasks\easyxplore_chk => C:\Users\hp\AppData\Local\Programs\easyxplore\EasyXplore.exe /chk (No File) <==== ATTENTION
Task: {50941B41-3646-4206-B499-6E0FEF299662} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\8.7.0\Scheduler.exe [156696 2021-08-06] (IObit CO., LTD -> IObit)
Task: {5B6D3204-ADB1-46DD-B02F-77184287F5B0} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
Task: {60E01292-C618-43B5-BDA2-24B0A2FE3439} - System32\Tasks\com.amazon.kpr.ncd => C:\Users\hp\AppData\Local\Amazon\Kindle Previewer 3\KPR_NCD.exe [2274392 2021-10-20] (Amazon.com Services LLC -> )
Task: {61E12E21-7BFF-460E-9164-E218D0DD3025} - System32\Tasks\GeoComply Update Task => C:\Program Files (x86)\GeoComply\\PlayerLocationCheck\Update\GeoComplyUpdate.exe [3191272 2021-11-05] (GeoComply USA, Inc. -> GeoComply) -> /config=C:\Program Files (x86)\GeoComply\\PlayerLocationCheck\Update\GeoComplyUpdate.xml
Task: {725C9E94-25BA-48A7-89A2-0B70854527F9} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
Task: {7927D501-27C0-4627-8F87-1FC910EC563A} - System32\Tasks\CCleanerSkipUAC - hp => C:\Program Files\CCleaner\CCleaner.exe [29417088 2021-11-12] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {7A470405-ACE6-48B4-BCEB-11F0EC06F168} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [29417088 2021-11-12] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {7D60D9D7-B8CD-44CF-930F-B4D07CC60CF8} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [743488 2021-11-12] (Kaspersky Lab JSC -> AO Kaspersky Lab)
Task: {95F2A930-D6DC-41F6-8AE3-D6C2C2ED6618} - System32\Tasks\Opera scheduled assistant Autoupdate 1637282468 => C:\Users\hp\AppData\Local\Programs\Opera\launcher.exe [2265296 2021-11-23] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\hp\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {A307E686-62BB-412F-8443-D2DAA7CAF7B6} - System32\Tasks\easyxplore_run => C:\Users\hp\AppData\Local\Programs\easyxplore\EasyXplore.exe /start:reboot (No File) <==== ATTENTION
Task: {A6507194-134E-4800-93F0-320421815AA8} - System32\Tasks\Opera scheduled Autoupdate 1598392471 => C:\Users\TEMP.DESKTOP-I9VTLAM\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {A73CF663-BC5B-4D25-8707-886C9BF48A15} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {B5EAD3A6-B20A-4D77-A3BE-51F20FA39531} - System32\Tasks\Opera scheduled Autoupdate 1637282460 => C:\Users\hp\AppData\Local\Programs\Opera\launcher.exe [2265296 2021-11-23] (Opera Software AS -> Opera Software)
Task: {BC7F0484-5F96-48BA-9827-BB7805B4D617} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {BDA2046F-2E85-4E43-AAF4-11193EC69380} - System32\Tasks\Patch My PC => C:\Users\hp\Desktop\New folder\PatchMyPC.exe [3164752 2021-09-11] (Patch My PC, LLC -> Patch My PC, LLC)
Task: {C1D5F049-B650-4EF8-8129-E09F3AFBA1AC} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [220816 2019-09-30] (Tweaking LLC -> Tweaking.com)
Task: {CC02C56D-C8EA-4545-8493-E4A2BC468B1D} - System32\Tasks\Adobe Creative Cloud => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [779504 2021-09-09] (Adobe Inc. -> Adobe Inc.)
Task: {D46D5EA4-CC04-4190-BD0E-F06CC80A6209} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D88EE0D5-9AEB-419D-916D-BE0EDCA676E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-16] (Google Inc -> Google LLC)
Task: {EB079D79-5EA8-4D18-A59F-5E57CC8F5BD3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984 2011-06-01] (Apple Inc. -> Apple Inc.)
Task: {EDD7EC92-71EC-46FC-9651-9B232488454C} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [682936 2021-11-23] (Mozilla Corporation -> Mozilla Foundation)
Task: {EDF60BB5-D85C-4310-AC84-2AC3BE9D0A70} - System32\Tasks\GeoComply Service Check => "C:\Program Files (x86)\GeoComply/\PlayerLocationCheck\Application\PlayerLocationCheckTask.cmd" (No File)
Task: {EFCD7A5E-2F04-49BD-B3A8-690A1A9A5C44} - System32\Tasks\easyxploreUpdateTaskUserS-1-5-21-613475361-4011792205-542959771-1001Core => C:\Users\hp\AppData\Local\easyxplore\Update\easyxploreUpdate.exe /c (No File) <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Avast Driver Updater Scan.job => C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{45a45513-1135-4a9a-b950-3a2a853333c1}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9c76091e-9d17-4ccd-bd00-4754fadcda2a}: [DhcpNameServer] 8.8.8.8
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

Edge:
=======
Edge HomeButtonPage: HKU\S-1-5-21-613475361-4011792205-542959771-1001 -> hxxp://www.google.com
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\hp\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-30]
Edge HomePage: Default -> hxxp://www.google.com/
Edge StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=87nptdwxol753020&param1=y6bdVFVIsvuYsgEClQfz8B3zzGW%2BMXjYap41VPqwQlLYtLzY2aAQ3Bw4gfRcAj3Yst88BlydE5%2BCh%2FY7wePUJhOYZ5mubnCToxl%2FaZtk7ouRZXgTjrBVaRpOTlBCVExJNaVeatOVcXW014SeseNRRButGMp946UVTyEZgxOjbUBb7bqawqRUs4Y5dKX5Lxc2FckphZ0%2BMK%2F0YLktXYhpo36l6K3ig%2BE39RVp1ihBDFlL77o6Zlg99y6JfrEFYv%2BYlP4CMhMuok6qhRkuAwNhKyDDZsBq9pH2QtIgiYYuqVFPDlYkZ9Ga7CU25hMHvXOgnT9a1ireV5o1b8P2JBdU37u1H%2FToc1LG3az8AUzYXSW8ZywerGSCQWDBl3ltcJjA"
Edge DefaultSearchURL: Default -> hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=87nptdwxol753020&param1=y6bdVFVIsvuYsgEClQfz8B3zzGW%2BMXjYap41VPqwQlLYtLzY2aAQ3Bw4gfRcAj3Yg%2FUXfXOu5OSZZNzeNjM%2FEF5QWmjNY%2Ff2JQE0XwXxXGxCBxYfZ2Tn15mQkLvPSRESpyaoUVrMInmghOJ3fs%2FDK0TQwNm8urLMahvA59bAa7x1bIZdYWp9shLh6a7qvvDgRI%2BhKbaFNMLY9SQd3VVlZBAVdz5k7gD9NtXJ4Jn6W1mA%2Fyg0YZODEfLfyPzlfAXZzh4%2B%2BeLnvPH0bZYlFMSlc9Omf7U5XJa7QMgkZLhrntawnOpXA6J7kiIwk1IK1j%2FHBCHLonfAZh661tXvWP3nsu%2Fe6eYwZ74Ljok%2BhXqpeDyjwhTTw9ec9dgM5hc16gbs&p={searchTerms}
Edge DefaultSearchKeyword: Default -> us.search.yahoo.com
Edge Extension: (Kaspersky Protection) - C:\Users\hp\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-11-13]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\hp\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-11-30]
Edge HKU\S-1-5-21-613475361-4011792205-542959771-1000\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]
Edge HKU\S-1-5-21-613475361-4011792205-542959771-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: tjquiq2n.default
FF ProfilePath: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\tjquiq2n.default [2021-11-11]
FF ProfilePath: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\hn90dm0h.default-release [2021-11-30]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2021-07-23]
FF HKLM\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2021-09-09] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2021-09-09] (Adobe Inc. -> Adobe Systems)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2021-11-12] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2021-11-12] <==== ATTENTION

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default [2021-11-30]
CHR DownloadDir: C:\Users\hp\Desktop\New folder
CHR Notifications: Default -> hxxps://277257115634392.webpush.freshchat.com; hxxps://94730764731922.webpush.freshchat.com; hxxps://business.facebook.com; hxxps://discordapp.com; hxxps://drive.google.com; hxxps://storyxpress.co; hxxps://vev.io; hxxps://www.draftkings.com; hxxps://www.godaddy.com
CHR HomePage: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=87nptdwxol753020&param1=y6bdVFVIsvuYsgEClQfz8B3zzGW%2BMXjYap41VPqwQlLYtLzY2aAQ3Bw4gfRcAj3YWa3oKtzq3XeNb%2F4Y7dVi4VYu4cQaKpu4THJCGORr6nCuzuz4v8cj4wU8Kl5l0%2BBLfEc6jJvIJerC24D%2BX%2BcQVcXcD3QZ2GW5u5J%2FhdYBgHF%2FaN9WX0w42tCrFBsCuzAOvAy35cqqR%2BzyIORcngxOsrjjtlGNRzRRUrPVENji47QWr6VpHyEGgnAsXi48RVJRoQcEdgm9CpJvyYPbCMb0zgBkQajWGuCfl%2Bs3v2XaMxJivM4M6hDpKx%2F%2BZrQnM4Zyvz%2BB7%2Bt43tZTqn6RRE7TNo8TimFQtJc0OsjHPfkY7mpJwwS%2FyiJ75Wv0B9pM2LsxeBuB5I%2FJ%2B6xBduIe9DjJTw%3D%3D
CHR StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=87nptdwxol753020&param1=y6bdVFVIsvuYsgEClQfz8B3zzGW%2BMXjYap41VPqwQlLYtLzY2aAQ3Bw4gfRcAj3YWa3oKtzq3XeNb%2F4Y7dVi4UZozKha5LGuJf8PWZfbIZAlVlStPm435DStuo03LFt4IylmWEEvWX%2BSAXfyAZByIeYLAkSv%2F%2F0aufHl46dgElfJk0nGNgPJPxRQmazNmdlhNm7rJBCuapOS5SxhswZ%2Fj%2FbjOqL32q0AAvpDAlUZ%2BAVjcfvEsglDfT58FYnUkdH4Vo0KpsdcvKD6%2FBXG80VNhGeormLrMfeuGsK2T4SARgXla674vzsEvn9Gn5Drr7Osad1uXeluxQ584osqmYnwgQlS%2Fw8cTseSZ9YdbQYE0CM4ODEd2GmSWWtM2LqKutCGddJEafgXq8laRy0wT2ZnOg%3D%3D"
CHR NewTab: Default -> Not-active:"chrome-extension://jbjgkhmocaaicjdbafhgoncfbopkfcng/homepage.html"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Session Restore: Default -> is enabled.
CHR Extension: (Slides) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-09-16]
CHR Extension: (Kaspersky Protection) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-11-12]
CHR Extension: (Docs) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-09-16]
CHR Extension: (Google Drive) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-30]
CHR Extension: (JSON Formatter) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjindcccaagfpapjjmafapmmgkkhgoa [2021-11-11]
CHR Extension: (YouTube) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-09-16]
CHR Extension: (Honey) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2021-11-18]
CHR Extension: (Fantasy Basketball WZRD) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmojbnihkmbdandkddobjnilkegcooll [2021-11-28]
CHR Extension: (TTS Reader: Speak Kindle Books Aloud) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\boejkcdniilikalcdbigmobbmejjbppf [2021-10-06]
CHR Extension: (Nimbus Screenshot & Screen Video Recorder) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2021-11-29]
CHR Extension: (Video Downloader Pro) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccdikaeknpeokoejlpffihfmpfelakcg [2020-11-30]
CHR Extension: (Web paint) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\colbejldlbhdkjhdndknbminnlbbkecj [2021-05-26]
CHR Extension: (Seamless.AI) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbepenphjfofmnjmlacfcdehikakmaap [2021-11-18]
CHR Extension: (PDF tools all-in-one) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemiojeoeomfggoapmnfnmpnkieojonj [2021-03-08]
CHR Extension: (Adobe Acrobat) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-11-16]
CHR Extension: (Zoom Recording / Video Downloader) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehioimgmdbbkmbbimfjcdmonjnjjhgng [2021-04-27]
CHR Extension: (Sheets) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-09-16]
CHR Extension: (Google Docs Offline) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-17]
CHR Extension: (VCR Screen-Share) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmfakinflkflhggbhibfclfidnbcflnd [2021-04-19]
CHR Extension: (Local Video Player in Browser) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gooogiookckojjoinofnjfogcfocfkbn [2021-09-02]
CHR Extension: (Ultimate Volume Booster) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcfnhafpadfnabbnjnhdfdacolpmdbjo [2021-10-13]
CHR Extension: (Video Downloader professional) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcmifggiafbblnlgkeamfopdecenbcle [2021-11-29]
CHR Extension: (Auto HD 720p/1080p) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\hglhiepjhbhcjpjnehnggbleobjlblde [2021-07-29]
CHR Extension: (Enable right click) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhojmcideegachlhfgfdhailpfhgknjm [2021-03-04]
CHR Extension: (DraftKings Chrome Extension) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkicikjgcbcahcflpejdpehchnehjnl [2021-02-01]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-11-28]
CHR Extension: (Yahoo Homepage) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbjgkhmocaaicjdbafhgoncfbopkfcng [2020-08-01]
CHR Extension: (Screen Recorder Video Editor Webcam Recorder) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfpjkgdpgdbddknpgplfkjjfncenlmkf [2021-11-17]
CHR Extension: (RetailMeNot Deal Finder™️) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjfblogammkiefalfpafidabbnamoknm [2021-11-22]
CHR Extension: (Player Salary Tooltip for DraftKings) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\koafaenckabjpnofnidmkillbhgnabei [2021-02-01]
CHR Extension: (RotoGrinders - DraftKings Tools) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lokmacldfjfgajcebibmmfohacnikhhd [2021-11-28]
CHR Extension: (Coupert - Automatic Coupon Finder & Cashback) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidniedemcgceagapgdekdbmanojomk [2021-11-28]
CHR Extension: (Elementor pro nulled) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmnjckgmijamnepkccfbgpifhgccobg [2021-02-13]
CHR Extension: (RotoGrinders Basketball Reference) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\mklaikjfchdedoaemannepoofcpgbfbn [2021-02-01]
CHR Extension: (Screencastify - Screen Video Recorder) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmeijimgabbpbgpdklnllpncmdofkcpn [2021-11-28]
CHR Extension: (Similar Sites - Discover Related Websites) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\necpbmbhhdiplmfhmjicabdeighkndkn [2021-10-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR Extension: (Enhanced ESPN NBA box score) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\obmjelnefbpppnlclofadlniafdnhjpc [2021-08-11]
CHR Extension: (Enable Right Click for Google Chrome™) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofgdcdohlhjfdhbnfkikfeakhpojhpgm [2021-07-15]
CHR Extension: (DraftKings Lineup Filler - FantasyWonder.com) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\opekpkkpcbgfpnificmdbgdgaibdomhk [2021-02-01]
CHR Extension: (vidIQ Vision for YouTube) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2021-11-28]
CHR Extension: (Gmail) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-30]
CHR Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnhplgjpclknigjpccbcnmicgcieojbh [2021-10-23]
CHR Extension: (NBA ScoopsZone) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pooiemhefbajoinogpdbpipkbphbjjpn [2021-02-01]
CHR Profile: C:\Users\hp\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-11-28]
CHR Profile: C:\Users\hp\AppData\Local\Google\Chrome\User Data\System Profile [2021-11-28]
CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM\...\Chrome\Extension: [bnbbhgcfmdnamgfgjfgjdkcjbofkjihb]
CHR HKLM\...\Chrome\Extension: [jbjgkhmocaaicjdbafhgoncfbopkfcng]
CHR HKU\S-1-5-21-613475361-4011792205-542959771-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bnbbhgcfmdnamgfgjfgjdkcjbofkjihb]
CHR HKU\S-1-5-21-613475361-4011792205-542959771-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jbjgkhmocaaicjdbafhgoncfbopkfcng]
CHR HKU\S-1-5-21-613475361-4011792205-542959771-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [bnbbhgcfmdnamgfgjfgjdkcjbofkjihb]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [jbjgkhmocaaicjdbafhgoncfbopkfcng]

Opera:
=======
OPR Profile: C:\Users\hp\AppData\Roaming\Opera Software\Opera Stable [2021-11-29]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\hp\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-11-16]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\hp\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-08-17]
OPR Extension: (Web Clipper : Easy Screenshot) - C:\Users\hp\AppData\Roaming\Opera Software\Opera Stable\Extensions\nlhabdnjcoggnpnnaamopkaolcggpdmi [2021-07-09]
StartMenuInternet: (HKLM) OperaStable - C:\Users\hp\AppData\Local\Programs\Opera\Launcher.exe

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [842480 2021-09-09] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3833088 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3603200 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8376400 2021-11-10] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [680728 2021-11-10] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [427800 2021-11-10] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56912 2021-05-30] (Avast Software s.r.o. -> AVAST Software)
R2 AVP21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avp.exe [184768 2021-11-12] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44328 2021-11-10] (Dropbox, Inc -> Dropbox, Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [151496 2021-11-16] (SurfRight B.V. -> SurfRight B.V.)
S3 klvssbridge64_21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\vssbridge64.exe [479280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 KSDE5.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksde.exe [447104 2021-11-12] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 PlantronicsUpdateService; C:\Program Files (x86)\Plantronics\Spokes3G\SpokesUpdateService.exe [1949800 2020-06-26] (Plantronics Inc -> Plantronics, Inc.)
R2 Player Location Check; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/service.exe [3141608 2021-11-05] (GeoComply USA, Inc. -> GeoComply)
R3 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [115304 2021-09-21] (Proton Technologies AG -> )
R3 ProtonVPN Update Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [65128 2021-09-21] (Proton Technologies AG -> )
S3 ProtonVPN WireGuard; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.WireGuardService.exe [50792 2021-09-21] (Proton Technologies AG -> )
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13271336 2021-09-02] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2019-01-08] (Popcorn Time) [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\NisSrv.exe [3294680 2020-03-30] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MsMpEng.exe [103168 2020-03-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [1300352 2021-07-30] (Windscribe Limited -> Windscribe Limited)
R2 WsAppService3; C:\Program Files (x86)\Wondershare\WAF3\3.0.0.308\WsAppService3.exe [83232 2019-07-09] (Wondershare Technology Co.,Ltd -> Wondershare)
S3 WsDrvInst; C:\Program Files (x86)\iSkysoft\Video Converter Ultimate\Transfer\DriverInstall.exe [111384 2020-02-10] (Shenzhen Yi Xing Investment Co., Ltd. -> Wondershare)
R2 ZAMSvc; C:\Program Files (x86)\MalwareFox AntiMalware\ZAM.exe [15767792 2021-11-29] (WOLF OF WEBSTREET (OPC) PRIVATE LIMITED -> Copyright 2017.)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35704 2021-11-10] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [222112 2021-11-10] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [367632 2021-11-18] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [250392 2021-11-10] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [99344 2021-11-10] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [21936 2021-09-26] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41344 2021-11-10] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [184648 2021-11-10] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [538976 2021-11-10] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107848 2021-11-10] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [82904 2021-11-10] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [852216 2021-11-10] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [557648 2021-11-10] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [214384 2021-11-10] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [317696 2021-11-10] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [250032 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 GDPL_BOOM; C:\WINDOWS\system32\drivers\boomvad.sys [51016 2019-09-11] (WDKTestCert Adarsh,131897759775447238 -> Windows (R) Win 7 DDK provider)
R1 googledrivefs3525; C:\WINDOWS\System32\DRIVERS\googledrivefs3525.sys [389640 2021-09-09] (Google LLC -> Google, Inc.)
R3 hsstap; C:\WINDOWS\System32\drivers\hsstap.sys [39424 2020-09-29] (Microsoft Windows Hardware Compatibility Publisher -> Pango)
R3 int0800; C:\WINDOWS\System32\drivers\flashud.sys [62984 2019-08-28] (Intel Corporation -> Intel Corporation)
R1 klbackupdisk; C:\WINDOWS\system32\DRIVERS\klbackupdisk.sys [110336 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [211704 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [126216 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [41656 2021-02-19] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R1 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [514840 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klgse; C:\WINDOWS\System32\DRIVERS\klgse.sys [674104 2021-09-09] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [1469240 2021-09-09] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP21.3\Bases\klids.sys [273176 2021-11-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1042712 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [98040 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [112392 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [112904 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [85256 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [96008 2021-11-12] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [55592 2021-02-19] (AnchorFree Inc -> The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [276064 2021-11-25] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [314040 2021-11-25] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [113976 2021-11-25] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [225648 2021-11-29] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [155912 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [327936 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [300808 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 netfilter2; C:\WINDOWS\System32\drivers\netfilter2.sys [86632 2020-04-24] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R1 pango_netfilter2; C:\WINDOWS\System32\drivers\pango_netfilter2.sys [94600 2021-04-13] (Pango Inc. -> Pango Inc)
U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [94560 2021-11-29] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com)
S3 ProtonVPNCallout; C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win10\ProtonVPN.CalloutDriver.sys [34176 2021-05-28] (Microsoft Windows Hardware Compatibility Publisher -> Proton Technologies AG)
R3 SPUVCbv; C:\WINDOWS\System32\Drivers\SPUVCbv64.sys [919072 2021-09-11] (SUNPLUS INNOVATION TECHNOLOGY INC. -> Sunplus Innovation Technology Inc.)
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [25608 2020-11-02] (AVG Technologies CZ, s.r.o. -> SlimWare Utilities, Inc.)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2014-11-05] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49024 2020-12-30] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [57768 2021-07-30] (Windscribe Limited -> The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45960 2020-03-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [391392 2020-03-30] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59104 2020-03-30] (Microsoft Windows -> Microsoft Corporation)
S3 WindscribeSplitTunnel; C:\WINDOWS\system32\DRIVERS\WindscribeSplitTunnel.sys [35752 2021-07-30] (Windscribe Limited -> )
R3 windtun420; C:\WINDOWS\System32\drivers\windtun420.sys [47544 2021-07-30] (Windscribe Limited -> WireGuard LLC)
R3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [29680 2021-10-08] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
R3 wovad_micarray; C:\WINDOWS\system32\drivers\womic.sys [34496 2020-02-15] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2021-11-29] (Zemana Ltd. -> Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2021-11-29] (Zemana Ltd. -> Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three months (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-30 11:43 - 2021-11-30 11:44 - 002311680 _____ (Farbar) C:\Users\hp\Downloads\FRST64 (1).exe
2021-11-29 16:46 - 2021-11-29 16:55 - 000063889 _____ C:\Users\hp\Downloads\Addition.txt
2021-11-29 16:35 - 2021-11-30 11:50 - 000050891 _____ C:\Users\hp\Downloads\FRST.txt
2021-11-29 16:30 - 2021-11-30 11:49 - 000000000 ____D C:\FRST
2021-11-29 16:29 - 2021-11-29 16:29 - 002311680 _____ (Farbar) C:\Users\hp\Downloads\FRST64.exe
2021-11-29 16:10 - 2021-11-29 16:10 - 000094560 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON24.SYS
2021-11-29 14:35 - 2021-11-30 11:55 - 002222326 _____ C:\WINDOWS\ZAM.krnl.trace
2021-11-29 14:35 - 2021-11-30 11:55 - 000269130 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2021-11-29 14:35 - 2021-11-29 14:35 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2021-11-29 14:35 - 2021-11-29 14:35 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2021-11-29 14:35 - 2021-11-29 14:35 - 000001255 _____ C:\Users\Public\Desktop\MalwareFox AntiMalware.lnk
2021-11-29 14:35 - 2021-11-29 14:35 - 000000000 ____D C:\Users\hp\AppData\Local\Zemana
2021-11-29 14:35 - 2021-11-29 14:35 - 000000000 ____D C:\Users\hp\AppData\Local\Wolf of Webstreet OPC Private Limited
2021-11-29 14:35 - 2021-11-29 14:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MalwareFox AntiMalware
2021-11-29 14:35 - 2021-11-29 14:35 - 000000000 ____D C:\Program Files (x86)\MalwareFox AntiMalware
2021-11-29 14:34 - 2021-11-29 14:35 - 006617512 _____ (Zemana Ltd. ) C:\Users\hp\Downloads\MalwareFox(1).exe
2021-11-29 14:34 - 2021-11-29 14:34 - 006617512 _____ (Zemana Ltd. ) C:\Users\hp\Downloads\MalwareFox.exe
2021-11-28 11:15 - 2021-11-28 11:15 - 000001706 _____ C:\Users\hp\Documents\cc_20211128_111525.reg
2021-11-25 05:54 - 2021-11-29 12:03 - 000225648 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2021-11-25 05:54 - 2021-11-25 05:54 - 000314040 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2021-11-25 05:54 - 2021-11-25 05:54 - 000276064 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2021-11-25 05:54 - 2021-11-25 05:54 - 000113976 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2021-11-23 03:28 - 2021-11-29 23:35 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-11-21 16:45 - 2021-11-21 16:45 - 000013616 _____ C:\Users\hp\Documents\cc_20211121_164525.reg
2021-11-18 19:41 - 2021-11-29 15:59 - 000003574 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1637282468
2021-11-18 19:41 - 2021-11-29 15:59 - 000003326 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1637282460
2021-11-18 19:41 - 2021-11-26 18:39 - 000001435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2021-11-18 08:26 - 2021-11-18 08:26 - 000132165 _____ C:\Users\hp\Documents\bookmarks_11_18_21.html
2021-11-17 09:27 - 2021-11-17 09:27 - 003731992 _____ C:\WINDOWS\system32\.crusader
2021-11-16 12:14 - 2021-11-16 12:14 - 000001962 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2021-11-16 12:14 - 2021-11-16 12:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2021-11-16 12:14 - 2021-11-16 12:14 - 000000000 ____D C:\Program Files\HitmanPro
2021-11-16 12:12 - 2021-11-17 19:03 - 000000000 ____D C:\ProgramData\HitmanPro
2021-11-15 17:23 - 2021-11-15 17:23 - 000000552 _____ C:\Users\hp\Documents\cc_20211115_172338.reg
2021-11-15 17:22 - 2021-11-15 17:22 - 000013628 _____ C:\Users\hp\Documents\cc_20211115_172245.reg
2021-11-15 15:05 - 2021-11-15 15:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Viddly YouTube Downloader
2021-11-12 20:10 - 2021-11-12 20:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-11-12 11:32 - 2021-11-29 15:59 - 000002638 _____ C:\WINDOWS\system32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2021-11-12 11:31 - 2021-11-12 11:31 - 000001155 _____ C:\Users\Public\Desktop\Kaspersky VPN.lnk
2021-11-12 11:31 - 2021-11-12 11:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky VPN
2021-11-12 11:31 - 2021-11-12 11:31 - 000000000 ____D C:\Program Files\Common Files\AV
2021-11-12 11:30 - 2021-11-12 11:30 - 000002170 _____ C:\Users\Public\Desktop\Kaspersky Security Cloud.lnk
2021-11-12 11:30 - 2021-11-12 11:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Cloud
2021-11-12 11:30 - 2021-02-19 21:09 - 000110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2021-11-12 11:29 - 2021-11-12 11:31 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2021-11-12 11:29 - 2021-11-12 11:31 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2021-11-12 11:28 - 2021-02-19 21:08 - 001042712 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2021-11-12 11:28 - 2021-02-19 21:08 - 000514840 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2021-11-11 16:34 - 2021-11-11 16:36 - 000000000 ____D C:\Users\hp\Desktop\BaDshaH.EAV.ESS.v8.0.319.1-20211012
2021-11-11 13:17 - 2021-11-11 13:17 - 000011363 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-11-11 13:16 - 2021-11-11 13:16 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-11-11 13:15 - 2021-11-11 13:15 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-11-11 13:14 - 2021-11-11 13:14 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-11-11 12:08 - 2021-11-11 12:08 - 000000000 ___HD C:\$WinREAgent
2021-11-11 11:27 - 2021-11-30 10:51 - 000000000 ____D C:\ProgramData\Mozilla
2021-11-11 11:27 - 2021-11-30 10:50 - 000000000 ____D C:\Users\hp\AppData\LocalLow\Mozilla
2021-11-11 11:27 - 2021-11-29 23:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-11-11 11:27 - 2021-11-29 15:20 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-11-11 11:27 - 2021-11-23 10:28 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-11-11 11:27 - 2021-11-11 11:27 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk
2021-11-11 11:27 - 2021-11-11 11:27 - 000000000 ____D C:\Users\hp\AppData\Roaming\Mozilla
2021-11-11 11:27 - 2021-11-11 11:27 - 000000000 ____D C:\Users\hp\AppData\Local\Mozilla
2021-11-10 20:09 - 2021-11-10 20:09 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2021-11-10 20:09 - 2021-11-10 20:09 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2021-11-10 20:09 - 2021-11-10 20:09 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2021-11-10 20:09 - 2021-11-10 20:09 - 000044328 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2021-11-10 06:42 - 2021-11-10 06:42 - 000340248 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2021-11-10 06:42 - 2021-11-10 06:42 - 000214384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2021-11-09 19:27 - 2021-11-09 19:27 - 000219703 _____ C:\Users\hp\Downloads\final sales script.pdf
2021-11-08 07:05 - 2021-11-08 07:05 - 000211036 _____ C:\Users\hp\Downloads\mckinsy updated ews report.pdf
2021-11-03 05:50 - 2021-11-03 05:50 - 000000000 ____D C:\Users\hp\Desktop\Alex.Rocha.The.Ultimate.Credit.Repair.Business.Growth.Bundle.02.19.part01
2021-11-03 05:04 - 2021-11-03 05:04 - 000001099 _____ C:\Users\hp\Desktop\Alex.Rocha.The.Ultimate.Credit.Repair.Business.Growth.Bundle.02.19.part01 - Shortcut (2).lnk
2021-10-30 23:59 - 2021-10-30 23:59 - 000001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-10-30 23:59 - 2021-10-30 23:59 - 000000000 ____D C:\Program Files\PCHealthCheck
2021-10-30 13:09 - 2021-10-30 13:09 - 000001547 _____ C:\Users\hp\Desktop\Alex.Rocha.The.Ultimate.Credit.Repair.Business.Growth.Bundle.02.19.part01 - Shortcut.lnk
2021-10-26 14:43 - 2021-10-26 14:43 - 000002677 _____ C:\Users\hp\Desktop\Squoosh.lnk
2021-10-26 07:42 - 2021-11-29 15:59 - 000002378 _____ C:\WINDOWS\system32\Tasks\com.amazon.kpr.ncd
2021-10-26 07:42 - 2021-10-26 07:42 - 000000000 ____D C:\Users\hp\.kindle
2021-10-26 07:42 - 2021-10-26 07:42 - 000000000 ____D C:\ProgramData\boost_interprocess
2021-10-26 07:41 - 2021-10-26 07:41 - 000001400 _____ C:\Users\hp\Desktop\Kindle Previewer 3.lnk
2021-10-26 07:41 - 2021-10-26 07:41 - 000000000 ____D C:\Users\hp\AppData\Roaming\Amazon
2021-10-26 07:40 - 2021-10-26 07:40 - 000000000 ____D C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2021-10-26 07:38 - 2021-10-26 07:38 - 000000000 ____D C:\Users\hp\AppData\Local\Amazon
2021-10-15 08:30 - 2021-10-15 08:30 - 000611960 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-10-15 08:27 - 2021-10-15 08:27 - 000706536 _____ C:\WINDOWS\system32\TextShaping.dll
2021-10-15 08:27 - 2021-10-15 08:27 - 000098304 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-10-15 08:26 - 2021-10-15 08:26 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-10-08 14:37 - 2021-10-08 14:37 - 000029680 _____ (WireGuard LLC) C:\WINDOWS\system32\Drivers\wintun.sys
2021-10-08 14:35 - 2021-10-08 14:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProtonVPN
2021-10-06 12:28 - 2021-10-08 06:29 - 000285399 _____ C:\Users\hp\Documents\100621AlfredMckinsyEWS-CFPB-NOTICEOFINTENTTOFILESUIT-PRELITIGATION-BOA-NFCU-LEGALSHIELD.pdf
2021-10-05 09:04 - 2021-10-05 09:04 - 000000552 _____ C:\Users\hp\Documents\cc_20211005_100407.reg
2021-10-05 09:03 - 2021-10-05 09:03 - 000021326 _____ C:\Users\hp\Documents\cc_20211005_100337.reg
2021-10-02 14:08 - 2021-11-15 15:05 - 000001860 _____ C:\Users\Public\Desktop\Viddly YouTube Downloader.lnk
2021-09-25 18:08 - 2021-09-27 10:50 - 000425974 _____ C:\Users\hp\Documents\092521xTESTCLIENTxCFPBxPRELITIGATIONxROUND1.pdf
2021-09-23 12:45 - 2021-09-23 12:45 - 000002703 _____ C:\Users\hp\Desktop\Bjorn's Folder Trees.lnk
2021-09-23 11:28 - 2021-11-19 19:41 - 000002057 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2021-09-23 11:28 - 2021-11-19 19:41 - 000001899 _____ C:\Users\Default\Desktop\Google Slides.lnk
2021-09-23 11:28 - 2021-11-19 19:41 - 000001899 _____ C:\Users\Default\Desktop\Google Sheets.lnk
2021-09-23 11:28 - 2021-11-19 19:41 - 000001887 _____ C:\Users\Default\Desktop\Google Docs.lnk
2021-09-23 11:28 - 2021-09-09 09:29 - 000389640 _____ (Google, Inc.) C:\WINDOWS\system32\Drivers\googledrivefs3525.sys
2021-09-22 15:20 - 2021-09-22 15:20 - 000000000 ____D C:\Users\hp\New folder (2)
2021-09-22 15:20 - 2021-09-22 15:20 - 000000000 ____D C:\Users\hp\New folder
2021-09-18 23:20 - 2021-11-25 06:34 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-09-18 23:20 - 2021-11-25 06:34 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-09-18 23:13 - 2021-09-18 23:13 - 000002348 _____ C:\Users\hp\Desktop\Microsoft Edge.lnk
2021-09-15 08:40 - 2021-09-15 08:40 - 000672768 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-09-15 08:39 - 2021-09-15 08:39 - 002111488 _____ (Digimarc) C:\WINDOWS\SysWOW64\DMRCDecoder.dll
2021-09-15 08:39 - 2021-09-15 08:39 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-09-15 08:39 - 2021-09-15 08:39 - 001164288 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-09-15 08:37 - 2021-09-15 08:37 - 002295296 _____ (Digimarc) C:\WINDOWS\system32\DMRCDecoder.dll
2021-09-15 08:37 - 2021-09-15 08:37 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-09-15 08:37 - 2021-09-15 08:37 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-09-12 01:43 - 2021-09-12 01:43 - 000000000 ____D C:\WINDOWS\PCHEALTH
2021-09-12 01:37 - 2021-09-12 01:37 - 000000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2021-09-12 01:36 - 2021-09-12 01:36 - 000000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2021-09-11 13:50 - 2021-09-11 13:50 - 000000000 ____D C:\RegBackup
2021-09-11 13:47 - 2021-11-28 11:21 - 000000000 ____D C:\Users\hp\AppData\Roaming\XnView
2021-09-11 13:25 - 2021-09-11 13:25 - 001151992 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2021-09-11 13:24 - 2021-09-11 13:24 - 004321160 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athw10x.sys
2021-09-11 13:24 - 2021-09-11 13:24 - 000919072 _____ (Sunplus Innovation Technology Inc.) C:\WINDOWS\system32\Drivers\SPUVCBv64.sys
2021-09-11 13:24 - 2021-09-11 13:24 - 000342048 _____ (SunplusIT) C:\WINDOWS\system32\VCamPPage_x64.dll
2021-09-11 13:24 - 2021-09-11 13:24 - 000286752 _____ (SunplusIT) C:\WINDOWS\SysWOW64\VCamPPage.dll
2021-09-11 13:24 - 2021-09-11 13:24 - 000014681 _____ C:\WINDOWS\TWAINSP_HP.ini
2021-09-11 13:24 - 2021-09-11 13:24 - 000007408 _____ C:\WINDOWS\TWAINSP_HP.src
2021-09-11 13:23 - 2021-09-11 13:23 - 000043840 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\Drivers\Accelerometer.sys
2021-09-11 13:23 - 2021-09-11 13:23 - 000031040 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\hpservice.exe
2021-09-11 13:23 - 2021-09-11 13:23 - 000031040 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\Drivers\hpdskflt.sys
2021-09-11 13:23 - 2021-09-11 13:23 - 000021312 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\accelerometerdll.DLL
2021-09-11 13:23 - 2021-09-11 13:23 - 000018240 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\HPMDPCoInst12.dll
2021-09-11 13:18 - 2021-09-11 13:18 - 000000000 ____D C:\Users\hp\AppData\LocalLow\iTop Screen Recorder
2021-09-11 13:17 - 2021-09-11 13:37 - 000000000 ____D C:\Users\hp\AppData\Roaming\iTop Screenshot
2021-09-11 13:17 - 2021-09-11 13:18 - 000000000 ____D C:\Users\hp\AppData\Roaming\iTop Screen Recorder
2021-09-11 13:17 - 2021-09-11 13:18 - 000000000 ____D C:\ProgramData\iTop
2021-09-11 13:16 - 2021-09-11 13:17 - 000000000 ____D C:\ProgramData\iTop VPN
2021-09-11 13:16 - 2021-09-11 13:16 - 000000000 ____D C:\ProgramData\{150F4013-6884-4350-8DDC-6BFCB4C5DC15}
2021-09-11 13:15 - 2021-09-11 13:36 - 000000000 ____D C:\ProgramData\ProductData
2021-09-11 13:14 - 2021-09-13 09:01 - 000002622 _____ C:\WINDOWS\system32\Tasks\Driver Booster Scheduler
2021-09-11 13:14 - 2021-09-13 09:01 - 000002608 _____ C:\WINDOWS\system32\Tasks\Driver Booster Update
2021-09-11 13:14 - 2021-09-13 09:01 - 000002442 _____ C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (hp)
2021-09-11 13:14 - 2021-09-11 13:16 - 000000000 ____D C:\Users\hp\AppData\LocalLow\IObit
2021-09-11 13:14 - 2021-09-11 13:15 - 000002351 _____ C:\Users\Public\Desktop\Driver Booster 8.lnk
2021-09-11 13:14 - 2021-09-11 13:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 8
2021-09-11 13:14 - 2021-09-11 13:14 - 000000000 ____D C:\Program Files (x86)\IObit
2021-09-11 13:04 - 2021-09-11 13:15 - 000000000 ____D C:\Users\hp\AppData\Roaming\IObit
2021-09-11 13:04 - 2021-09-11 13:15 - 000000000 ____D C:\ProgramData\IObit
2021-09-11 11:24 - 2021-09-11 11:30 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2021-09-11 11:24 - 2021-09-11 11:26 - 000000000 ___HD C:\WINDOWS\msdownld.tmp
2021-09-11 11:24 - 2021-09-11 11:24 - 000000000 ____D C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2021-09-11 11:23 - 2021-09-11 11:24 - 000000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2021-09-11 11:21 - 2021-09-11 11:21 - 000001155 _____ C:\Users\hp\Desktop\MSI Afterburner.lnk
2021-09-11 11:21 - 2021-09-11 11:21 - 000000000 ____D C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2021-09-11 11:20 - 2021-11-29 13:40 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2021-09-11 11:19 - 2021-09-13 09:01 - 000003064 _____ C:\WINDOWS\system32\Tasks\Tweaking.com - Windows Repair Tray Icon
2021-09-11 11:19 - 2021-09-13 09:01 - 000003042 _____ C:\WINDOWS\system32\Tasks\Patch My PC
2021-09-11 11:19 - 2021-09-11 11:19 - 000001012 _____ C:\Users\Public\Desktop\Driver Easy.lnk
2021-09-11 11:19 - 2021-09-11 11:19 - 000000000 ____D C:\Users\hp\AppData\Roaming\Easeware
2021-09-11 11:19 - 2021-09-11 11:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy
2021-09-11 11:19 - 2021-09-11 11:19 - 000000000 ____D C:\Program Files\Easeware
2021-09-11 11:18 - 2021-09-11 11:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2021-09-11 11:18 - 2021-09-11 11:18 - 000002355 _____ C:\Users\Public\Desktop\Tweaking.com - Simple System Tweaker.lnk
2021-09-11 11:17 - 2021-09-11 11:18 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2021-09-11 11:07 - 2021-09-11 11:10 - 000000000 ____D C:\Users\hp\AppData\Local\WhatsApp
2021-09-11 11:04 - 2021-10-23 08:38 - 000001124 _____ C:\Users\hp\Desktop\XnView.lnk
2021-09-11 11:04 - 2021-10-23 08:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView
2021-09-11 11:04 - 2021-10-23 08:38 - 000000000 ____D C:\Program Files (x86)\XnView
2021-09-11 11:02 - 2021-11-29 15:59 - 000002244 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - hp
2021-09-11 10:57 - 2021-09-11 10:57 - 000000000 ____D C:\Users\hp\AppData\Local\Patch_My_PC,_LLC
2021-09-10 20:19 - 2021-11-30 11:58 - 000003330 _____ C:\WINDOWS\system32\Tasks\GeoComply Service Check
2021-09-09 10:15 - 2021-09-09 10:15 - 000000000 ____D C:\Users\hp\AppData\Local\SolidDocuments
2021-09-09 09:59 - 2021-09-09 09:59 - 000000040 ____H C:\747BB6B84319
2021-09-09 09:59 - 2021-09-09 09:59 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2021-09-09 09:55 - 2021-10-17 02:42 - 000002114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2021-09-09 09:55 - 2021-10-17 02:42 - 000002103 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2021-09-09 09:55 - 2021-09-09 09:55 - 000002091 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2021-09-09 09:34 - 2021-09-13 08:33 - 000000000 ___RD C:\Users\hp\Creative Cloud Files
2021-09-09 09:28 - 2021-11-29 15:59 - 000002612 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2021-09-09 09:26 - 2021-09-13 09:01 - 000002532 _____ C:\WINDOWS\system32\Tasks\Adobe Creative Cloud
2021-09-09 09:25 - 2021-09-09 09:25 - 000001382 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2021-09-09 09:25 - 2021-09-09 09:25 - 000001352 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2021-09-09 09:24 - 2021-11-30 06:07 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-09-09 09:21 - 2021-09-09 09:31 - 000000000 ____D C:\Program Files\Common Files\Adobe
2021-09-09 09:21 - 2021-09-09 09:28 - 000000000 ____D C:\Program Files\Adobe
2021-09-09 04:03 - 2021-09-09 04:03 - 000006534 _____ C:\Users\hp\Documents\cc_20210909_050301.reg
2021-09-04 20:01 - 2021-09-04 20:01 - 000002677 _____ C:\Users\hp\Desktop\YouTube.lnk
2021-09-04 09:18 - 2021-09-04 09:19 - 004731046 _____ C:\Users\hp\Desktop\Synthesia demo.mp4
2021-09-02 05:24 - 2021-09-13 09:01 - 000002612 _____ C:\WINDOWS\system32\Tasks\LocalExplorer Update
2021-09-02 05:24 - 2021-09-02 05:24 - 000000000 ____D C:\Program Files (x86)\LocalExplorer
2021-09-02 04:35 - 2021-09-02 04:35 - 000035622 _____ C:\Users\hp\Documents\cc_20210902_053503.reg

==================== Three months (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-30 11:46 - 2019-09-16 12:25 - 000000000 ____D C:\Program Files (x86)\Google
2021-11-30 11:22 - 2021-03-08 01:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-11-30 11:14 - 2020-08-01 11:32 - 000000000 ____D C:\Program Files\CCleaner
2021-11-30 10:38 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-11-30 06:29 - 2021-05-24 14:41 - 000000000 ____D C:\Users\hp\AppData\Local\Avast Software
2021-11-30 05:56 - 2020-03-16 09:03 - 000000000 ____D C:\ProgramData\AVAST Software
2021-11-30 05:54 - 2020-09-17 07:45 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-11-30 05:53 - 2021-03-08 02:23 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-11-30 05:53 - 2021-03-08 01:53 - 000008192 ___SH C:\DumpStack.log.tmp
2021-11-30 05:52 - 2021-03-08 02:00 - 000000000 ____D C:\Users\hp
2021-11-30 05:52 - 2021-03-08 02:00 - 000000000 ____D C:\Users\defaultuser0
2021-11-30 05:52 - 2019-12-07 04:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-11-30 05:42 - 2019-12-07 04:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-11-29 15:59 - 2021-04-28 20:27 - 000002676 _____ C:\WINDOWS\system32\Tasks\GeoComply Update Task
2021-11-29 15:59 - 2021-04-28 20:18 - 000003214 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d713e9f538be82
2021-11-29 15:59 - 2021-03-08 02:22 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-11-29 15:59 - 2021-03-08 02:22 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-11-29 15:59 - 2021-03-08 02:22 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-11-29 15:59 - 2021-03-08 02:22 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-11-29 15:59 - 2021-03-08 02:22 - 000002988 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-11-29 15:59 - 2021-03-08 02:22 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-11-29 15:43 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-11-29 15:43 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-11-29 13:29 - 2021-07-09 06:47 - 000000000 ___RD C:\Users\hp\Desktop\New folder
2021-11-28 14:42 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-11-22 16:14 - 2020-11-02 14:10 - 000000000 ____D C:\Users\hp\AppData\Roaming\Messenger
2021-11-22 16:14 - 2020-11-02 14:10 - 000000000 ____D C:\Users\hp\AppData\Local\Messenger
2021-11-22 16:14 - 2020-01-08 11:30 - 000000000 ____D C:\Users\hp\AppData\Local\Dropbox
2021-11-21 16:55 - 2019-09-11 16:14 - 000000000 ____D C:\ProgramData\Packages
2021-11-20 04:28 - 2021-03-08 02:22 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-11-18 21:57 - 2019-09-16 12:26 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-11-18 21:57 - 2019-09-16 12:26 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-11-18 10:43 - 2020-03-16 09:05 - 000367632 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2021-11-18 08:39 - 2021-07-08 20:44 - 000001371 _____ C:\Users\hp\Desktop\M29580191_6-8-2021 - Shortcut.lnk
2021-11-17 19:16 - 2021-03-08 02:12 - 000840602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-11-17 19:16 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2021-11-16 12:06 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-11-15 16:17 - 2020-03-23 07:27 - 000000000 ____D C:\Users\hp\AppData\Local\CrashDumps
2021-11-15 15:07 - 2021-03-27 23:53 - 000000000 ____D C:\Program Files\Viddly YouTube Downloader
2021-11-15 15:06 - 2021-06-01 03:48 - 000000000 ____D C:\Users\hp\AppData\Local\luminati
2021-11-12 20:11 - 2020-01-08 11:31 - 000000000 ____D C:\Program Files (x86)\Dropbox
2021-11-12 19:08 - 2019-09-07 15:43 - 000000000 ____D C:\Users\hp\AppData\Local\Packages
2021-11-12 12:23 - 2021-07-09 07:42 - 000000792 _____ C:\Users\hp\Desktop\Dropbox - Shortcut.lnk
2021-11-12 11:36 - 2021-02-19 21:09 - 000096008 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klpnpflt.sys
2021-11-12 11:29 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-11-12 11:00 - 2020-01-08 11:31 - 000000932 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2021-11-12 11:00 - 2020-01-08 11:31 - 000000928 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2021-11-12 10:27 - 2021-03-08 02:22 - 000003892 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2021-11-12 10:27 - 2021-03-08 02:22 - 000003660 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2021-11-11 14:36 - 2021-05-25 14:35 - 000671056 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-11-11 14:36 - 2020-03-16 09:08 - 000002088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2021-11-11 14:36 - 2020-03-16 09:08 - 000002076 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2021-11-11 14:31 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-11-11 14:31 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-11-11 14:31 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-11-11 14:31 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-11-11 14:31 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-11-11 14:30 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-11-11 14:30 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-11-11 14:30 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-11-11 14:30 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-11-11 14:30 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-11-11 14:30 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing
2021-11-11 13:28 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-11-11 12:06 - 2019-09-10 18:12 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-11-11 11:58 - 2019-09-10 18:12 - 141529560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-11-10 06:43 - 2020-03-16 09:05 - 000317696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2021-11-10 06:42 - 2020-10-15 16:01 - 000184648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2021-11-10 06:42 - 2020-04-14 23:17 - 000538976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2021-11-10 06:42 - 2020-03-16 09:05 - 000557648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2021-11-10 06:42 - 2020-03-16 09:05 - 000250392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2021-11-10 06:42 - 2020-03-16 09:05 - 000222112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2021-11-10 06:42 - 2020-03-16 09:05 - 000107848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2021-11-10 06:42 - 2020-03-16 09:05 - 000099344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2021-11-10 06:42 - 2020-03-16 09:05 - 000082904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2021-11-10 06:42 - 2020-03-16 09:05 - 000041344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2021-11-10 06:42 - 2020-03-16 09:05 - 000035704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2021-11-10 06:41 - 2020-03-16 09:05 - 000852216 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2021-11-05 06:18 - 2019-09-16 11:19 - 000000000 ____D C:\Users\hp\AppData\Local\PlaceholderTileLogoFolder
2021-11-01 06:50 - 2021-08-29 08:30 - 000000000 ____D C:\Users\hp\Desktop\Steven Palmieri Zooms with agendas

==================== Files in the root of some directories ========

2020-04-04 21:06 - 2020-04-04 21:06 - 000370070 _____ () C:\Users\hp\AppData\Roaming\logo_empire_desktop.ico
2020-07-26 19:47 - 2020-07-26 19:47 - 000000000 _____ () C:\Users\hp\AppData\Local\BIT2AF8.tmp
2020-07-26 19:47 - 2020-07-26 19:47 - 000000000 _____ () C:\Users\hp\AppData\Local\BIT2B08.tmp
2020-08-11 10:45 - 2020-08-11 10:45 - 000000000 _____ () C:\Users\hp\AppData\Local\BIT6C89.tmp
2020-08-11 10:45 - 2020-08-11 10:45 - 000000000 _____ () C:\Users\hp\AppData\Local\BIT6CF8.tmp
2020-07-24 15:15 - 2020-07-24 15:15 - 000000000 _____ () C:\Users\hp\AppData\Local\BITD4FE.tmp
2020-07-24 15:15 - 2020-07-24 15:15 - 000000000 _____ () C:\Users\hp\AppData\Local\BITD50F.tmp
2021-09-09 10:00 - 2021-09-09 10:00 - 000000000 _____ () C:\Users\hp\AppData\Local\oobelibMkey.log
2021-02-19 18:23 - 2021-02-19 18:23 - 000000758 _____ () C:\Users\hp\AppData\Local\recently-used.xbel

==================== SigCheckExt =========================

2021-02-23 14:58 - 2019-12-03 18:33 - 000026112 _____ (Copyright (c) Code Industry Ltd ) C:\WINDOWS\system32\mpelocalmon.dll
2021-02-23 14:58 - 2019-12-03 18:33 - 000016896 _____ (Copyright (c) Code Industry Ltd ) C:\WINDOWS\system32\mpelocalui.dll
2012-09-28 14:45 - 2012-09-28 14:45 - 000246272 _____ C:\WINDOWS\system32\rtvcvfw64.dll
2019-11-19 11:56 - 2007-08-26 22:03 - 000360448 _____ (CodeGear) C:\WINDOWS\SysWOW64\midas.dll
2012-09-28 14:45 - 2012-09-28 14:45 - 000247296 _____ C:\WINDOWS\SysWOW64\rtvcvfw32.dll
2006-10-26 12:45 - 2006-10-26 12:45 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WISPTIS.EXE
2020-12-08 15:55 - 2020-12-08 15:55 - 012477322 _____ (craigslistharvester.com) C:\Users\hp\Downloads\CLHarvester-4.5.1.0.exe
2021-03-08 09:51 - 2021-03-08 09:51 - 007447202 _____ (Free PDF Solutions) C:\Users\hp\Downloads\doctopdf_setup.exe
2021-11-30 11:43 - 2021-11-30 11:44 - 002311680 _____ (Farbar) C:\Users\hp\Downloads\FRST64 (1).exe
2021-11-29 16:29 - 2021-11-29 16:29 - 002311680 _____ (Farbar) C:\Users\hp\Downloads\FRST64.exe
2021-03-02 20:28 - 2021-03-02 20:28 - 017782855 _____ (Tomabo ) C:\Users\hp\Downloads\mp4-downloader-3-setup.exe
2021-01-02 12:56 - 2021-01-02 12:56 - 020909273 _____ (Tomabo ) C:\Users\hp\Downloads\mp4-downloader-setup.exe
2021-04-30 13:51 - 2021-04-30 13:51 - 001207209 _____ (Regall, LLC. ) C:\Users\hp\Downloads\objectfixzip_setup.exe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {ec0782fb-7ff3-11eb-b996-ffffca6a3c8a}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {0f3be872-7fdb-11eb-8319-eb536c4590e1}
device ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{0f3be873-7fdb-11eb-8319-eb536c4590e1}
path \windows\system32\winload.exe
description Windows Recovery Environment
locale en-US
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{0f3be873-7fdb-11eb-8319-eb536c4590e1}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \WINDOWS\system32\winload.exe
description Windows 10
locale en-US
inherit {bootloadersettings}
recoverysequence {0f3be872-7fdb-11eb-8319-eb536c4590e1}
displaymessageoverride Recovery
recoveryenabled Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \WINDOWS
resumeobject {ec0782fb-7ff3-11eb-b996-ffffca6a3c8a}
nx OptIn
bootmenupolicy Standard

Resume from Hibernate
---------------------
identifier {ec0782fb-7ff3-11eb-b996-ffffca6a3c8a}
device partition=C:
path \WINDOWS\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {0f3be872-7fdb-11eb-8319-eb536c4590e1}
recoveryenabled Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems No

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Local

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
integrityservices Enable

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {0f3be873-7fdb-11eb-8319-eb536c4590e1}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume3
ramdisksdipath \Recovery\WindowsRE\boot.sdi

==================== End of FRST.txt ========================
 

SFSBIZCON

Thread Starter
Joined
Nov 29, 2021
Messages
10
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2021
Ran by hp (30-11-2021 12:02:15)
Running from C:\Users\hp\Downloads
Microsoft Windows 10 Home Version 21H1 19043.1348 (X64) (2021-03-08 07:24:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-613475361-4011792205-542959771-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-613475361-4011792205-542959771-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-613475361-4011792205-542959771-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-613475361-4011792205-542959771-501 - Limited - Disabled)
hp (S-1-5-21-613475361-4011792205-542959771-1001 - Administrator - Enabled) => C:\Users\hp
WDAGUtilityAccount (S-1-5-21-613475361-4011792205-542959771-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Security Cloud (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
AV: Avast Antivirus (Disabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Security Cloud (Enabled) {774D7037-0984-41B0-3A87-5E88E680AD58}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.5.0.617 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 21.9.2494 - Avast Software)
Backup and Sync from Google (HKLM\...\{685BAD50-A3AA-4B91-A15B-77F9DC7346D4}) (Version: 3.57.4043.4118 - Google, Inc.)
Bandicam (HKLM-x32\...\Bandicam) (Version: 4.6.2.1699 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandicam.com)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Boom 3D (HKLM\...\{A010F47B-F6D0-4C0E-BAD7-00D97E44E323}) (Version: 1.1.6 - Global Delight)
Camtasia 2020 (HKLM\...\{B22D61D6-A710-4C52-9CCC-931E02624256}) (Version: 20.0.12.26479 - TechSmith Corporation) Hidden
Camtasia 2020 (HKLM-x32\...\{25384ed0-e328-4c04-88d3-cbeb9b325953}) (Version: 20.0.12.26479 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.87 - Piriform)
Craigslist Harvester (HKLM-x32\...\{A663D2D0-B2B5-42F5-9F49-4C9871171C54}) (Version: 4.5.1.0 - craigslistharvester.com)
Driver Booster 8 (HKLM-x32\...\Driver Booster_is1) (Version: 8.7.0 - IObit)
Driver Easy 5.7.0 (HKLM\...\DriverEasy_is1) (Version: 5.7.0 - Easeware)
Dropbox (HKLM-x32\...\Dropbox) (Version: 135.4.4221 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.541.1 - Dropbox, Inc.) Hidden
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version: - SEIKO EPSON Corporation)
Free DOC To PDF Converter (HKLM-x32\...\{64C121FA-D8DE-4A5C-AC93-864CE414FC9F}) (Version: 1.0.0 - Free PDF Solutions)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.45 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 53.0.8.0 - Google LLC)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.23.318 - SurfRight B.V.)
HotspotShield TAP-Windows 9.24.4 (HKLM\...\HotspotShield TAP-Windows) (Version: 9.24.4 - Pango Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{314d4c01-f54b-4125-a71f-1e2722c29050}) (Version: 10.1.1.40 - Intel(R) Corporation) Hidden
iSkysoft Helper Compact 2.5.2 (HKLM-x32\...\{9BF12010-8799-41A5-A671-E9CFDE9E79F3}_is1) (Version: 2.5.2 - iSkysoft)
iSkysoft Video Converter Ultimate(Build 11.7.1.5) (HKLM-x32\...\iSkysoft Video Converter Ultimate_is1) (Version: 11.7.1.5 - iSkysoft Software)
Kaspersky Security Cloud (HKLM-x32\...\{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 - Kaspersky) Hidden
Kaspersky Security Cloud (HKLM-x32\...\InstallWIX_{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 - Kaspersky)
Kaspersky VPN (HKLM-x32\...\{FF2A12B8-AEB7-48C0-95C8-E2E3D67DFCB2}) (Version: 21.3.10.391 - Kaspersky) Hidden
Kaspersky VPN (HKLM-x32\...\InstallWIX_{FF2A12B8-AEB7-48C0-95C8-E2E3D67DFCB2}) (Version: 21.3.10.391 - Kaspersky)
Kindle Previewer 3 (HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\Kindle Previewer 3) (Version: 3.59.1 - Amazon)
LightPDF Editor V1.0.0 (HKLM-x32\...\{161C8BF4-DB06-49A7-B6AC-7CAB7DAF136F}_is1) (Version: 1.0.0 - Apowersoft LIMITED)
LocalExplorer (HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\LocalExplorer) (Version: 1.0 - LocalExplorer)
MalwareFox AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Wolf of Webstreet OPC Private Limited)
Master PDF Editor 5.7.20 (HKLM\...\Master PDF Editor 5.7.20_is1) (Version: 5.7.20 - Code Industry Ltd.)
Messenger 97.11.116 (HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 97.11.116 - Facebook, Inc.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.34 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 96.0.1054.34 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\OneDriveSetup.exe) (Version: 21.150.0725.0001 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 ENU (HKLM\...\{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 94.0.2 (x64 en-US)) (Version: 94.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 94.0.1 - Mozilla)
MSI Afterburner 4.6.3 (HKLM-x32\...\Afterburner) (Version: 4.6.3 - MSI Co., LTD)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.0.1 - OBS Project)
OldMHUUninstaller (HKLM-x32\...\{46e6b145-a83f-48b9-b0bb-19051359163f}) (Version: 3.2.0.0 - Plantronics, Inc.) Hidden
OldMHUUninstallerMSI (HKLM-x32\...\{D7AD685E-F4D0-4E56-98EF-85C89BC5D4D8}) (Version: 3.2.0.0 - Plantronics, Inc.) Hidden
Opera Stable 70.0.3728.106 (HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\Opera 70.0.3728.106) (Version: 70.0.3728.106 - Opera Software)
Opera Stable 81.0.4196.60 (HKLM-x32\...\Opera 81.0.4196.60) (Version: 81.0.4196.60 - Opera Software)
PdaNet+ for Android 5.22 (HKLM-x32\...\PdaNet_is1) (Version: - June Fabrics Technology)
Plantronics Hub Software (HKLM\...\{AA917987-70ED-4100-A7D9-BFAE1759A4A3}) (Version: 3.18.52904.14653 - Plantronics, Inc.) Hidden
Plantronics Hub Software (HKLM-x32\...\{fbc85e8f-fdf4-467a-aab0-2d9fa260f033}) (Version: 3.18.52904.14653 - Plantronics, Inc.)
Plantronics Status Indicator companion app (HKLM-x32\...\{58352D23-EA25-4203-95A1-8BD51CE311FD}) (Version: 1.0.7 - Plantronics Inc)
Player Location Check (HKLM-x32\...\{F0753064-8D66-41A7-9F23-7691290387BF}) (Version: 3.1.1.3 - GeoComply)
ProtonVPN (HKLM-x32\...\{239B4CE9-E207-498C-8D22-446891111636}) (Version: 1.23.4 - Proton Technologies AG) Hidden
ProtonVPN (HKLM-x32\...\ProtonVPN 1.23.4) (Version: 1.23.4 - Proton Technologies AG)
ProtonVPNTap (HKLM-x32\...\{5DA710E2-1B81-4675-BFC5-76BAF63AE1F6}) (Version: 1.1.3 - Proton Technologies AG)
ProtonVPNTun (HKLM-x32\...\{C953D354-0C14-4CB5-AB42-0A9E40F55857}) (Version: 0.13.0 - Proton Technologies AG)
RawTherapee version 5.8 (HKLM\...\RawTherapee5.8_is1) (Version: 5.8 - rawtherapee.com)
RivaTuner Statistics Server 7.3.0 (HKLM-x32\...\RTSS) (Version: 7.3.0 - Unwinder)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.69 - Synaptics Incorporated)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.21.8 - TeamViewer)
Telegram Desktop (HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 3.0 - Telegram FZ-LLC)
Tweaking.com - Simple System Tweaker (HKLM-x32\...\Tweaking.com - Simple System Tweaker) (Version: 2.2.0 - Tweaking.com)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.11.7 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
Viddly YouTube Downloader 5.0.333 (HKLM\...\{9217DBAB-2532-4811-98D6-450CEF0D1BA7}_is1) (Version: 5.0.333 - Viddly Inc.)
WhatsApp (HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\WhatsApp) (Version: 2.2134.10 - WhatsApp)
Willing Webcam Lite (HKLM-x32\...\Willing Webcam Lite_is1) (Version: 5.5.4 - Willing Software)
Windows Driver Package - Cambridge Silicon Radio (CSRBC) USB (10/26/2012 2.4.0.0) (HKLM\...\20C7EDA3129B3FF8F72F9BF59252B718B554FBDC) (Version: 10/26/2012 2.4.0.0 - Cambridge Silicon Radio)
Windows Driver Package - Plantronics, Inc. (usbser.ntamd64) Ports (04/21/2009 5.1) (HKLM\...\07AFE62D73C8799E9E5689F86FB9F48389717BA3) (Version: 04/21/2009 5.1 - Plantronics, Inc.)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Windows Uninstaller 1.7 (HKLM\...\Windows Uninstaller_is1) (Version: 1.7 - Alex T.)
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 2.2 Build 10 - Windscribe Limited)
WinRAR 6.02 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)
WinZip 25.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2412F}) (Version: 25.0.14273 - Corel Corporation)
WO Mic Client (HKLM-x32\...\WOMic) (Version: - )
Wondershare DVD Creator(Build 6.3.1) (HKLM-x32\...\Wondershare DVD Creator_is1) (Version: - Wondershare Software)
XnView 2.50.2 (HKLM-x32\...\XnView_is1) (Version: 2.50.2 - Gougelet Pierre-e)
Zoom (HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\ZoomUMX) (Version: 5.7.0 (522) - Zoom Video Communications, Inc.)

Packages:
=========
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2021-09-09] (Adobe Systems Incorporated)
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2021-09-09] (Adobe Systems Incorporated)
DTS Sound Unbound -> C:\Program Files\WindowsApps\DTSInc.DTSSoundUnbound_2021.4.13.0_x64__t5j2fzbtdg37r [2021-11-12] (DTS, Inc.)
Duplicate Cleaner Free -> C:\Program Files\WindowsApps\DigitalVolcanoSoftware.DuplicateCleanerFree_5.13.4.0_neutral__55chcb595f864 [2021-10-12] (DigitalVolcano Software)
Free Proxy VPN -> C:\Program Files\WindowsApps\41219Prispiii.FreeProxyVPN_1.0.2.0_x64__dczxx83a5hp10 [2021-08-05] (Prispiii)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_132.4.265.0_x64__v10z8vjag6ke6 [2021-11-29] (HP Inc.)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1300.7.115.0_x64__8xx8rvfyw5nnt [2021-11-11] (Facebook Inc) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-08-05] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-08-05] (Microsoft Corporation) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_51.10913.5790.0_x64__8wekyb3d8bbwe [2021-11-21] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-08-05] (Microsoft Corporation)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2021-08-05] (Adobe Systems Incorporated)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2021-08-05] (Microsoft Corporation)
Zip Extractor Pro -> C:\Program Files\WindowsApps\38526MediaLife.ZipPlus_2.0.4.0_x86__1crh1k73ty8mg [2021-08-05] (Media Life)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-613475361-4011792205-542959771-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-E6CF0D8ED327} -> [Creative Cloud Files] => C:\Users\hp\Creative Cloud Files [2021-09-09 09:34]
CustomCLSID: HKU\S-1-5-21-613475361-4011792205-542959771-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-613475361-4011792205-542959771-1001_Classes\CLSID\{ca31933b-b116-4444-9c6d-e5103390fb76}\localserver32 -> C:\Program Files\TechSmith\Camtasia 2020\CamtasiaStudio.exe (TechSmith Corporation -> TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-613475361-4011792205-542959771-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.WinZipExpressForOffice.dll (Corel Corporation -> )
CustomCLSID: HKU\S-1-5-21-613475361-4011792205-542959771-1001_Classes\CLSID\{d936918b-9c4b-555e-074a-c79314be04e1}\localserver32 -> C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe (Proton Technologies AG -> )
CustomCLSID: HKU\S-1-5-21-613475361-4011792205-542959771-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\hp\Desktop\SFS Business Consulting\Dropbox [2021-07-09 08:00]
CustomCLSID: HKU\S-1-5-21-613475361-4011792205-542959771-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-08-03] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-08-03] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-08-03] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-10-19] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-10-19] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-10-19] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-11-10] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-11-10] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\MalwareFox AntiMalware\ZAMShellExt64.dll [2021-11-29] (Zemana Ltd. -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-08-03] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-09-09] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-11-10] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-10-19] (Google LLC -> Google)
ContextMenuHandlers1: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\shellex.dll [2021-11-12] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\WZSHLS64.DLL [2020-09-25] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers2: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\shellex.dll [2021-11-12] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-11-10] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-10-19] (Google LLC -> Google)
ContextMenuHandlers4: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\shellex.dll [2021-11-12] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\WZSHLS64.DLL [2020-09-25] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\MalwareFox AntiMalware\ZAMShellExt64.dll [2021-11-29] (Zemana Ltd. -> )
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-08-03] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-09-09] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-11-10] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\shellex.dll [2021-11-12] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\WZSHLS64.DLL [2020-09-25] (Corel Corporation -> WinZip Computing)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.mjpg] => C:\WINDOWS\system32\bdmjpeg64.dll [75248 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\WINDOWS\system32\bdmpegv64.dll [75272 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\WINDOWS\system32\bdmpega64.acm [75784 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [VIDC.RTV1] => C:\WINDOWS\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\hp\Desktop\Bjorn's Folder Trees.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=lohkjlnmfomimgdjjidgkkbbficboamg
ShortcutWithArgument: C:\Users\hp\Desktop\Squoosh.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fklnhlgfamfeknafaldenkmoeccpkmmf
ShortcutWithArgument: C:\Users\hp\Desktop\TikTok.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=ahoadnkmomodgfkfokbclmabbfdaejpe
ShortcutWithArgument: C:\Users\hp\Desktop\YouTube.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml
ShortcutWithArgument: C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Bjorn's Folder Trees.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=lohkjlnmfomimgdjjidgkkbbficboamg
ShortcutWithArgument: C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Squoosh.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fklnhlgfamfeknafaldenkmoeccpkmmf
ShortcutWithArgument: C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\TikTok.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=ahoadnkmomodgfkfokbclmabbfdaejpe
ShortcutWithArgument: C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml
ShortcutWithArgument: C:\Users\hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2021-02-23 14:58 - 2019-12-03 18:33 - 000026112 _____ (Copyright (c) Code Industry Ltd) [File not signed] C:\WINDOWS\System32\mpelocalmon.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-613475361-4011792205-542959771-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=87nptdwxol753020&param1=y6bdVFVIsvuYsgEClQfz8B3zzGW%2BMXjYap41VPqwQlLYtLzY2aAQ3Bw4gfRcAj3Y2TE5blGuPQCLyhjlp3Pwz3hNUWUxcByj0SsUzQrg6BLkNckEHK%2F2t8oQiL6HwzArm8gsiswd%2BKBeyhWdb6uHdhxxewVh2o0J9jUjU8lYD5UP5eS0qywe7gs4eTPtkbULBdt0YSQhfQ4%2Bq9v%2BDxKQGvUqcm2caBy4sFgvzD0vv1hJKA9cvwpmfFjYyJFqXqZ4MNyYzRCNypGE6i6q1YOXeZ3zbJ6ri%2BQT9E4JySAf2Gh1%2BYc6NaEWxmJQ2pTP6f5yRHmTGD7LQfviN9k%2FHOYkcPp%2F3LpODr%2F6BAsB7l6pcIcT%2B24J%2Fpa0ilA2gRkacN0%2FfhPCEXxwH%2BLRTJZPXRKi6w%3D%3D
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-613475361-4011792205-542959771-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=87nptdwxol753020&param1=y6bdVFVIsvuYsgEClQfz8B3zzGW%2BMXjYap41VPqwQlLYtLzY2aAQ3Bw4gfRcAj3YxAea1LDjuOw7IR4xIWfTFIJaSzFCcuibTH3bEvRzyBZbol3kaRgVovppzXq0J1AZ%2FXvYo6s1bo4lqVyiQrtuJ9qw7s01wr1s4MP9OajqC7J%2BZHjGeM08G6hh6d6IcAkX0dd9RVBHfl%2B1iLIcYlpxY2u9zT7JYkrXSbhJwV8Us516Pw14Ymz6gh%2BOKngKZOdYmTxC8%2BOCXPQJGPuOHcNRoDzCBDJJWOoNus7cBsTbluGo3bTZh0be1ZafQ3Zo6MFj9dOXb9lrUWPlWS7WaLysRllOFm0gHDHLCsa9JXspmYuI3QbKwbrkWyYf8yKW4YB2&p={searchTerms}
SearchScopes: HKU\S-1-5-21-613475361-4011792205-542959771-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=87nptdwxol753020&param1=y6bdVFVIsvuYsgEClQfz8B3zzGW%2BMXjYap41VPqwQlLYtLzY2aAQ3Bw4gfRcAj3YxAea1LDjuOw7IR4xIWfTFIJaSzFCcuibTH3bEvRzyBZbol3kaRgVovppzXq0J1AZ%2FXvYo6s1bo4lqVyiQrtuJ9qw7s01wr1s4MP9OajqC7J%2BZHjGeM08G6hh6d6IcAkX0dd9RVBHfl%2B1iLIcYlpxY2u9zT7JYkrXSbhJwV8Us516Pw14Ymz6gh%2BOKngKZOdYmTxC8%2BOCXPQJGPuOHcNRoDzCBDJJWOoNus7cBsTbluGo3bTZh0be1ZafQ3Zo6MFj9dOXb9lrUWPlWS7WaLysRllOFm0gHDHLCsa9JXspmYuI3QbKwbrkWyYf8yKW4YB2&p={searchTerms}
SearchScopes: HKU\S-1-5-21-613475361-4011792205-542959771-1001 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-613475361-4011792205-542959771-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-613475361-4011792205-542959771-1001 -> {2A23ab71-4ac6-41f2-a955-ea576e553146} URL =
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-07-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-07-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-07-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-07-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-07-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-07-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 06:47 - 2016-07-16 06:45 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-613475361-4011792205-542959771-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-613475361-4011792205-542959771-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "WinZip UN"
HKLM\...\StartupApproved\Run: => "WinZip FAH"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Opera Browser Assistant"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "PLTHub.exe"
HKLM\...\StartupApproved\Run32: => "PlantronicsStatusIndicator"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "iSkysoft Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\StartupApproved\StartupFolder: => "PdaNet Desktop.lnk"
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\StartupApproved\Run: => "Facebook.MessengerDesktop"
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\StartupApproved\Run: => "Opera Browser Assistant"
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_BC2181BA6FEFC094049535C747D5BFD8"
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\StartupApproved\Run: => "Adobe Reader Synchronizer"
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\StartupApproved\Run: => "Viddly YouTube Downloader"
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\StartupApproved\Run: => "Windscribe"
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\StartupApproved\Run: => "GoogleDriveFS"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{126C83A2-08F3-4B3B-B6FB-105C3313A533}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{822D0C5D-A1D8-44C0-B5E4-9B8E5152B3D5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{1292F6F3-DCA3-4289-82EA-659CFE350862}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{2AEF5E53-6179-4B26-B4DA-1C364E76F550}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{CD3A806B-79AE-4B5A-857E-CEFA466B56A4}] => (Allow) C:\Users\hp\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{410C5652-17CB-488B-BC84-78BD42CBE164}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.140.508.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EF5F9D1E-CBA9-4975-AC8E-0E79FCA30D05}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.140.508.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F64DF407-FEE8-401D-90E1-D6DE95C8E4C9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.140.508.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8AB175CB-589A-4968-9FF0-A7CB4E5BD0A6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.140.508.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A782F11E-0479-4F74-AE21-36CD6A42FC9D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.140.508.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BAC2375F-FBA5-4E79-8ACA-C206AA5B603E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.140.508.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3555F0DB-60B1-488B-A41F-6A8BCD96D340}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.140.508.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F723C26C-774F-4140-BB7E-352562F19A7D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.140.508.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FA85A5DC-9F76-48F1-B57E-6497F0E764DB}] => (Allow) C:\Program Files\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [{C7EAABBE-20E0-4D08-A89D-62C48930CB63}] => (Allow) C:\Program Files\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [{D4D2E98E-035F-4DD7-A6E8-3412E0C3F088}] => (Allow) C:\Program Files (x86)\Plantronics\PlantronicsStatusIndicator\PlantronicsStatusIndicator.exe (Embrava Pty Ltd -> Plantronics Inc)
FirewallRules: [{E115EDA8-4820-4B76-9F4E-C4B6E5E449F4}] => (Allow) LPort=30000
FirewallRules: [{45020579-25FF-4D5F-98A3-E867F6D699B1}] => (Allow) LPort=8321
FirewallRules: [{AB12FF75-C221-46D2-AE77-F65D38FF43C6}] => (Allow) C:\Program Files (x86)\WOMic\womicclient.exe () [File not signed]
FirewallRules: [UDP Query User{C6ABF3A0-87AC-4A66-BE84-C2337946A504}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [TCP Query User{2CF23ECF-542E-448C-BD0F-6E9A450869B9}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [{A7B766CF-77FA-40B3-9AB8-988C43578A54}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe (Popcorn Time) [File not signed]
FirewallRules: [{53AFA428-3872-4254-8FD1-5891B8867CB6}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe (Popcorn Time) [File not signed]
FirewallRules: [UDP Query User{25D9EB7E-B473-4005-B666-5E7ADBC74FD6}C:\program files (x86)\willing webcam lite\wwlite.exe] => (Allow) C:\program files (x86)\willing webcam lite\wwlite.exe (Willing Software) [File not signed]
FirewallRules: [TCP Query User{E56E057B-B21F-49E0-9AED-523CBBFC2B53}C:\program files (x86)\willing webcam lite\wwlite.exe] => (Allow) C:\program files (x86)\willing webcam lite\wwlite.exe (Willing Software) [File not signed]
FirewallRules: [{DC821C3A-F728-4A85-801E-023002FFDA5A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8DC280C2-79FD-4834-8B99-8C1497D30854}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{10D1E795-F235-436A-AA58-7479BBD41914}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{05279798-9152-4D27-8547-E06429245407}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{1103F056-66A9-44BB-9AE5-4F6610677BD5}C:\program files\avast software\avast\avastui.exe] => (Allow) C:\program files\avast software\avast\avastui.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [UDP Query User{9796C500-00FE-4E00-9B4A-82DD6A04B221}C:\program files\avast software\avast\avastui.exe] => (Allow) C:\program files\avast software\avast\avastui.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{D9C70E8A-FD57-492B-9E36-B3998AF4EAD7}] => (Allow) C:\Program Files (x86)\Apowersoft\LightPDF Editor\{app}\ServiceModule\Apowersoft.CoreServices.exe => No File
FirewallRules: [{16BBD745-1F59-44AD-8AB3-2559E5A125B3}] => (Allow) C:\Program Files (x86)\Apowersoft\LightPDF Editor\{app}\ServiceModule\Apowersoft.CoreServices.exe => No File
FirewallRules: [{7FC12E48-9431-4C20-8DF0-3BC27FFA3F51}] => (Allow) C:\Users\hp\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{44DD6AC7-5743-4252-9F72-65F37C52C916}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{8BF85673-7461-49EE-BC80-6F7199683BEC}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{75B967C8-F456-4D63-981B-595633024DCC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{AD16C88F-796E-46C5-A2B1-6E2D0B9D141B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{858E6926-7A82-4A5F-A60B-B35BAE0E939B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{CA8FE3EE-29D0-499A-A47A-7CEA8AD6297D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{47548CAB-3DC5-4352-BD35-0E60FB76D0FA}] => (Allow) C:\Program Files\Easeware\DriverEasy\DriverEasy.exe (Easeware Technology Limited -> Easeware)
FirewallRules: [{21BB9241-2A60-4F77-BF72-D18FDAF9961E}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{2EE7DAAE-18ED-4507-9A92-907EEDF44143}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{A4ED5B39-04A6-4571-B6DF-896931A5C804}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{97C87D3E-454F-45C9-A9EA-7ABF0D8E62E5}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{B93FD417-9D09-4608-ABE2-741CC07A570E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5077E5F0-F009-4948-A063-8400FFBDB0B6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4DC2EB6F-7A98-42BF-A4A5-C507EE9F0916}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{66881454-520B-4E3E-BE6C-A7273EF547D5}] => (Allow) C:\Users\hp\AppData\Local\Programs\Opera\81.0.4196.54\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{A32EF264-C9E3-4B0F-97EF-A58E7E45415A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{B0EAE7D0-FA29-4E96-A055-A9833777170B}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\96.0.1054.34\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E24185B0-F698-4A59-B378-EF70E3CAB0E9}] => (Allow) C:\Users\hp\AppData\Local\Programs\Opera\81.0.4196.60\opera.exe (Opera Software AS -> Opera Software)

==================== Restore Points =========================

29-11-2021 19:58:42 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Qualcomm Atheros AR3011 Bluetooth 3.0 Adapter
Description: Qualcomm Atheros AR3011 Bluetooth 3.0 Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (11/30/2021 11:17:39 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (11/30/2021 11:06:05 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on System Reserved because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (11/30/2021 10:19:47 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on System Reserved because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (11/30/2021 09:54:08 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on System Reserved because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (11/30/2021 05:56:54 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (11/30/2021 05:55:56 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (11/30/2021 05:55:36 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (11/30/2021 05:43:10 AM) (Source: ESENT) (EventID: 485) (User: )
Description: svchost (3804,D,35) SRUJet: An attempt to delete the file "C:\WINDOWS\system32\sru\SRUDB.jfm" failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The delete file operation will fail with error -1032 (0xfffffbf8).


System errors:
=============
Error: (11/30/2021 05:59:02 AM) (Source: Schannel) (EventID: 4108) (User: DESKTOP-I9VTLAM)
Description: The certificate received from the remote server has not validated correctly. The error code is 0x80092012. The TLS connection request has failed. The attached data contains the server certificate.

Error: (11/30/2021 05:54:25 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WMPNetworkSvc service terminated with the following error:
An attempt was made to reference a token that does not exist.

Error: (11/30/2021 05:54:25 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1068" attempting to start the service upnphost with arguments "Unavailable" in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (11/30/2021 05:54:24 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The upnphost service depends on the SSDPSRV service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/30/2021 05:51:55 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}. The error:
"2147942405"
Happened while starting this command:
C:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding

Error: (11/30/2021 05:51:55 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}. The error:
"2147942405"
Happened while starting this command:
C:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding

Error: (11/30/2021 05:47:23 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}. The error:
"2147942405"
Happened while starting this command:
C:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding

Error: (11/30/2021 05:47:23 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}. The error:
"2147942405"
Happened while starting this command:
C:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding


Windows Defender:
================Event[0]:

Date: 2021-08-06 00:45:46
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.343.2295.0
Previous security intelligence Version: 1.313.431.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.16900.4
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

Date: 2021-08-06 00:45:46
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.343.2295.0
Previous security intelligence Version: 1.313.431.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.16900.4
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

Date: 2021-08-06 00:45:46
Description:
Microsoft Defender Antivirus has encountered an error trying to update the engine.
New Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.16900.4
Error Code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

CodeIntegrity:
===============
Date: 2021-11-30 12:06:43
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-11-30 12:06:25
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avp.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-11-30 12:05:39
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: Hewlett-Packard 68SRR Ver. F.0A 07/18/2011
Motherboard: Hewlett-Packard 167E
Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 78%
Total physical RAM: 8126.36 MB
Available physical RAM: 1709.59 MB
Total Virtual: 12990.36 MB
Available Virtual: 3704.35 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:464.36 GB) (Free:94.02 GB) NTFS

\\?\Volume{74ac5e27-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{74ac5e27-0000-0000-0000-a03674000000}\ () (Fixed) (Total:0.91 GB) (Free:0.39 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 74AC5E27)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=464.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=928 MB) - (Type=27)

==================== End of Addition.txt =======================
 

SFSBIZCON

Thread Starter
Joined
Nov 29, 2021
Messages
10
Hi, SFSBIZCON.

Welcome to TSG Forums.

Have you run FRST tool as instructed here?

If yes, please attach the two files created in your next reply.
I've done that. Hopefully, I've done it correctly? My apologies if not.
 

DR.M

Trusted Advisor
Malware Specialist
Joined
Sep 4, 2019
Messages
3,321
Hi, SFSBIZCON.

Apologies for the late reply.

The first thing you should do, if there is a suspicion of your computer compromise, is to change all your passwords (accounts, emails, sites...), preferably from another, healthy machine.

After that...

Adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!
2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

====================

My first comments regarding your logs:

1. Microsoft Office Enterprise

Enterprise edition is for big companies and not for individuals. Therefore, the license used here is very possibly not legal, unless the computer belongs to a company. If this is not the case, please uninstall it.

If you want to try free Office alternatives (with my preferable order):

Home | LibreOffice - Free Office Suite - Based on OpenOffice - Compatible with Microsoft
www.freeoffice.com - Download
Apache OpenOffice - Official Site - The Free and Open Productivity Suite
WPS Office - Free Office Download for PC & Mobile, Alternative to MS Office

I'm sure you will be more happy with them, since Microsoft Office 2007 is extremely old version.


2. Several antivirus/antimalware software

Your are already running Windows 10 with the built-in Windows Defender antivirus. However, you have installed both Kaspersky and Avast. Only Kaspersky is enabled, so I recommend you to uninstall, if not both, at least Avast.

Many antivirus in the system may cause:
  • False positives: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.
  • Low performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.
  • Less protection: Two antivirus trying to scan the same file may interfere with the process and allow a malicious file onto the computer without notice to you.
To uninstall Avast:
https://support.avast.com/en-us/article/Uninstall-Antivirus-Utility

To uninstall Kaspersky:
https://support.kaspersky.com/us/common/uninstall/1464


3. Uninstall programs

I do not recommend registry cleaners, system optimizers, driver boosters and the like. It is your computer and certainly your choice. The potential is ever present to cause more problems than they claim to fix, and many of the tools we use to clean the computer detects these programs as PUPs, potentially Unwanted Programs.

So please, uninstall the following:

Driver Booster 8
Driver Easy 5.7.0

You may also consider if you need 3 VPN programs:

Kaspersky VPN
ProtonVPN
HotspotShield TAP

When you finish, restart the computer.


4. FRST fresh logs

When you finish with the uninstalls, please run FRST tool again and attach fresh logs for me to check, Addition.txt and FRST.txt.


In your next reply please post:
  1. What programs did you uninstall
  2. The fresh FRST logs, Addition and FRST
 

SFSBIZCON

Thread Starter
Joined
Nov 29, 2021
Messages
10
I uninstalled free proxy vpn (I don't recall ever installing that), kaspersky vpn, proton vpn, Hotspot shield (I don't recall installing it) Avast AV, Driver Booster and Driver Easy.
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2021
Ran by hp (04-12-2021 10:15:48)
Running from C:\Users\hp\Desktop\New folder
Microsoft Windows 10 Home Version 21H1 19043.1348 (X64) (2021-03-08 07:24:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-613475361-4011792205-542959771-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-613475361-4011792205-542959771-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-613475361-4011792205-542959771-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-613475361-4011792205-542959771-501 - Limited - Disabled)
hp (S-1-5-21-613475361-4011792205-542959771-1001 - Administrator - Enabled) => C:\Users\hp
WDAGUtilityAccount (S-1-5-21-613475361-4011792205-542959771-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Security Cloud (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Security Cloud (Enabled) {774D7037-0984-41B0-3A87-5E88E680AD58}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat 2020 (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0E1401753200}) (Version: 20.004.30017 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Backup and Sync from Google (HKLM\...\{685BAD50-A3AA-4B91-A15B-77F9DC7346D4}) (Version: 3.57.4043.4118 - Google, Inc.)
Bandicam (HKLM-x32\...\Bandicam) (Version: 4.6.2.1699 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandicam.com)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Boom 3D (HKLM\...\{A010F47B-F6D0-4C0E-BAD7-00D97E44E323}) (Version: 1.1.6 - Global Delight)
Camtasia 2020 (HKLM\...\{B22D61D6-A710-4C52-9CCC-931E02624256}) (Version: 20.0.12.26479 - TechSmith Corporation) Hidden
Camtasia 2020 (HKLM-x32\...\{25384ed0-e328-4c04-88d3-cbeb9b325953}) (Version: 20.0.12.26479 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.87 - Piriform)
Craigslist Harvester (HKLM-x32\...\{A663D2D0-B2B5-42F5-9F49-4C9871171C54}) (Version: 4.5.1.0 - craigslistharvester.com)
Dropbox (HKLM-x32\...\Dropbox) (Version: 136.4.4345 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.541.1 - Dropbox, Inc.) Hidden
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version: - SEIKO EPSON Corporation)
Free DOC To PDF Converter (HKLM-x32\...\{64C121FA-D8DE-4A5C-AC93-864CE414FC9F}) (Version: 1.0.0 - Free PDF Solutions)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.45 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 53.0.8.0 - Google LLC)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.23.318 - SurfRight B.V.)
Intel(R) Chipset Device Software (HKLM-x32\...\{314d4c01-f54b-4125-a71f-1e2722c29050}) (Version: 10.1.1.40 - Intel(R) Corporation) Hidden
iSkysoft Helper Compact 2.5.2 (HKLM-x32\...\{9BF12010-8799-41A5-A671-E9CFDE9E79F3}_is1) (Version: 2.5.2 - iSkysoft)
iSkysoft Video Converter Ultimate(Build 11.7.1.5) (HKLM-x32\...\iSkysoft Video Converter Ultimate_is1) (Version: 11.7.1.5 - iSkysoft Software)
Kaspersky Security Cloud (HKLM-x32\...\{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 - Kaspersky) Hidden
Kaspersky Security Cloud (HKLM-x32\...\InstallWIX_{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 - Kaspersky)
Kindle Previewer 3 (HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\Kindle Previewer 3) (Version: 3.59.1 - Amazon)
LightPDF Editor V1.0.0 (HKLM-x32\...\{161C8BF4-DB06-49A7-B6AC-7CAB7DAF136F}_is1) (Version: 1.0.0 - Apowersoft LIMITED)
LocalExplorer (HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\LocalExplorer) (Version: 1.0 - LocalExplorer)
MalwareFox AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Wolf of Webstreet OPC Private Limited)
Master PDF Editor 5.8.20 (HKLM\...\Master PDF Editor 5.82_is1) (Version: 5.8.20 - Code Industry Ltd.)
Messenger 97.11.116 (HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 97.11.116 - Facebook, Inc.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.43 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 96.0.1054.43 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\OneDriveSetup.exe) (Version: 21.150.0725.0001 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 ENU (HKLM\...\{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 94.0.2 (x64 en-US)) (Version: 94.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 94.0.1 - Mozilla)
MSI Afterburner 4.6.3 (HKLM-x32\...\Afterburner) (Version: 4.6.3 - MSI Co., LTD)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.0.1 - OBS Project)
OldMHUUninstaller (HKLM-x32\...\{46e6b145-a83f-48b9-b0bb-19051359163f}) (Version: 3.2.0.0 - Plantronics, Inc.) Hidden
OldMHUUninstallerMSI (HKLM-x32\...\{D7AD685E-F4D0-4E56-98EF-85C89BC5D4D8}) (Version: 3.2.0.0 - Plantronics, Inc.) Hidden
Opera Stable 70.0.3728.106 (HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\Opera 70.0.3728.106) (Version: 70.0.3728.106 - Opera Software)
Opera Stable 81.0.4196.60 (HKLM-x32\...\Opera 81.0.4196.60) (Version: 81.0.4196.60 - Opera Software)
PdaNet+ for Android 5.22 (HKLM-x32\...\PdaNet_is1) (Version: - June Fabrics Technology)
Plantronics Hub Software (HKLM\...\{AA917987-70ED-4100-A7D9-BFAE1759A4A3}) (Version: 3.18.52904.14653 - Plantronics, Inc.) Hidden
Plantronics Hub Software (HKLM-x32\...\{fbc85e8f-fdf4-467a-aab0-2d9fa260f033}) (Version: 3.18.52904.14653 - Plantronics, Inc.)
Plantronics Status Indicator companion app (HKLM-x32\...\{58352D23-EA25-4203-95A1-8BD51CE311FD}) (Version: 1.0.7 - Plantronics Inc)
Player Location Check (HKLM-x32\...\{F0753064-8D66-41A7-9F23-7691290387BF}) (Version: 3.1.1.3 - GeoComply)
RawTherapee version 5.8 (HKLM\...\RawTherapee5.8_is1) (Version: 5.8 - rawtherapee.com)
RivaTuner Statistics Server 7.3.0 (HKLM-x32\...\RTSS) (Version: 7.3.0 - Unwinder)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.69 - Synaptics Incorporated)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.21.8 - TeamViewer)
Telegram Desktop (HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 3.0 - Telegram FZ-LLC)
Tweaking.com - Simple System Tweaker (HKLM-x32\...\Tweaking.com - Simple System Tweaker) (Version: 2.2.0 - Tweaking.com)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.11.7 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
Viddly YouTube Downloader 5.0.333 (HKLM\...\{9217DBAB-2532-4811-98D6-450CEF0D1BA7}_is1) (Version: 5.0.333 - Viddly Inc.)
WhatsApp (HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\WhatsApp) (Version: 2.2134.10 - WhatsApp)
Willing Webcam Lite (HKLM-x32\...\Willing Webcam Lite_is1) (Version: 5.5.4 - Willing Software)
Windows Driver Package - Cambridge Silicon Radio (CSRBC) USB (10/26/2012 2.4.0.0) (HKLM\...\20C7EDA3129B3FF8F72F9BF59252B718B554FBDC) (Version: 10/26/2012 2.4.0.0 - Cambridge Silicon Radio)
Windows Driver Package - Plantronics, Inc. (usbser.ntamd64) Ports (04/21/2009 5.1) (HKLM\...\07AFE62D73C8799E9E5689F86FB9F48389717BA3) (Version: 04/21/2009 5.1 - Plantronics, Inc.)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 2.2 Build 10 - Windscribe Limited)
WinRAR 6.02 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)
WinZip 25.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2412F}) (Version: 25.0.14273 - Corel Corporation)
WO Mic Client (HKLM-x32\...\WOMic) (Version: - )
Wondershare DVD Creator(Build 6.3.1) (HKLM-x32\...\Wondershare DVD Creator_is1) (Version: - Wondershare Software)
XnView 2.50.2 (HKLM-x32\...\XnView_is1) (Version: 2.50.2 - Gougelet Pierre-e)
Zoom (HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\ZoomUMX) (Version: 5.7.0 (522) - Zoom Video Communications, Inc.)

Packages:
=========
DTS Sound Unbound -> C:\Program Files\WindowsApps\DTSInc.DTSSoundUnbound_2021.4.13.0_x64__t5j2fzbtdg37r [2021-11-12] (DTS, Inc.)
Duplicate Cleaner Free -> C:\Program Files\WindowsApps\DigitalVolcanoSoftware.DuplicateCleanerFree_5.13.4.0_neutral__55chcb595f864 [2021-10-12] (DigitalVolcano Software)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_132.4.265.0_x64__v10z8vjag6ke6 [2021-11-29] (HP Inc.)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1320.12.119.0_x64__8xx8rvfyw5nnt [2021-12-03] (Facebook Inc) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-08-05] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-08-05] (Microsoft Corporation) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_51.10913.5796.0_x64__8wekyb3d8bbwe [2021-12-03] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-08-05] (Microsoft Corporation)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2021-08-05] (Adobe Systems Incorporated)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2021-08-05] (Microsoft Corporation)
Zip Extractor Pro -> C:\Program Files\WindowsApps\38526MediaLife.ZipPlus_2.0.4.0_x86__1crh1k73ty8mg [2021-08-05] (Media Life)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-613475361-4011792205-542959771-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-613475361-4011792205-542959771-1001_Classes\CLSID\{ca31933b-b116-4444-9c6d-e5103390fb76}\localserver32 -> C:\Program Files\TechSmith\Camtasia 2020\CamtasiaStudio.exe (TechSmith Corporation -> TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-613475361-4011792205-542959771-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.WinZipExpressForOffice.dll (Corel Corporation -> )
CustomCLSID: HKU\S-1-5-21-613475361-4011792205-542959771-1001_Classes\CLSID\{d936918b-9c4b-555e-074a-c79314be04e1}\localserver32 -> "C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-613475361-4011792205-542959771-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\hp\Desktop\SFS Business Consulting\Dropbox [2021-07-09 08:00]
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-10-19] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-10-19] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-10-19] (Google LLC -> Google)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\MalwareFox AntiMalware\ZAMShellExt64.dll [2021-11-29] (Zemana Ltd. -> )
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-10-19] (Google LLC -> Google)
ContextMenuHandlers1: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\shellex.dll [2021-11-12] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\WZSHLS64.DLL [2020-09-25] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers2: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\shellex.dll [2021-11-12] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-10-19] (Google LLC -> Google)
ContextMenuHandlers4: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\shellex.dll [2021-11-12] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\WZSHLS64.DLL [2020-09-25] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\MalwareFox AntiMalware\ZAMShellExt64.dll [2021-11-29] (Zemana Ltd. -> )
ContextMenuHandlers6: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\shellex.dll [2021-11-12] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\WZSHLS64.DLL [2020-09-25] (Corel Corporation -> WinZip Computing)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.mjpg] => C:\WINDOWS\system32\bdmjpeg64.dll [75248 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\WINDOWS\system32\bdmpegv64.dll [75272 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\WINDOWS\system32\bdmpega64.acm [75784 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [VIDC.RTV1] => C:\WINDOWS\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\hp\Desktop\Bjorn's Folder Trees.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=lohkjlnmfomimgdjjidgkkbbficboamg
ShortcutWithArgument: C:\Users\hp\Desktop\Squoosh.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fklnhlgfamfeknafaldenkmoeccpkmmf
ShortcutWithArgument: C:\Users\hp\Desktop\TikTok.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=ahoadnkmomodgfkfokbclmabbfdaejpe
ShortcutWithArgument: C:\Users\hp\Desktop\YouTube.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml
ShortcutWithArgument: C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Bjorn's Folder Trees.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=lohkjlnmfomimgdjjidgkkbbficboamg
ShortcutWithArgument: C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Squoosh.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fklnhlgfamfeknafaldenkmoeccpkmmf
ShortcutWithArgument: C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\TikTok.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=ahoadnkmomodgfkfokbclmabbfdaejpe
ShortcutWithArgument: C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml
ShortcutWithArgument: C:\Users\hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2021-02-23 14:58 - 2021-11-10 00:41 - 000026112 _____ (Copyright (c) Code Industry Ltd) [File not signed] C:\WINDOWS\System32\mpelocalmon.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

URLSearchHook: [S-1-5-21-613475361-4011792205-542959771-1000] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-613475361-4011792205-542959771-1001 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-613475361-4011792205-542959771-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-613475361-4011792205-542959771-1001 -> {2A23ab71-4ac6-41f2-a955-ea576e553146} URL =
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2020\AcroIEFavStub.dll => No File
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2020\AcroIEFavStub.dll => No File
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2020\AcroIEFavStub.dll No File

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 06:47 - 2016-07-16 06:45 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-613475361-4011792205-542959771-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "WinZip UN"
HKLM\...\StartupApproved\Run: => "WinZip FAH"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Opera Browser Assistant"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "PLTHub.exe"
HKLM\...\StartupApproved\Run32: => "PlantronicsStatusIndicator"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "iSkysoft Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\StartupApproved\StartupFolder: => "PdaNet Desktop.lnk"
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\StartupApproved\Run: => "Facebook.MessengerDesktop"
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\StartupApproved\Run: => "Opera Browser Assistant"
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_BC2181BA6FEFC094049535C747D5BFD8"
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\StartupApproved\Run: => "Adobe Reader Synchronizer"
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\StartupApproved\Run: => "Viddly YouTube Downloader"
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\StartupApproved\Run: => "Windscribe"
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\StartupApproved\Run: => "GoogleDriveFS"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{126C83A2-08F3-4B3B-B6FB-105C3313A533}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{822D0C5D-A1D8-44C0-B5E4-9B8E5152B3D5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{1292F6F3-DCA3-4289-82EA-659CFE350862}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{2AEF5E53-6179-4B26-B4DA-1C364E76F550}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{CD3A806B-79AE-4B5A-857E-CEFA466B56A4}] => (Allow) C:\Users\hp\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{410C5652-17CB-488B-BC84-78BD42CBE164}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.140.508.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EF5F9D1E-CBA9-4975-AC8E-0E79FCA30D05}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.140.508.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F64DF407-FEE8-401D-90E1-D6DE95C8E4C9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.140.508.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8AB175CB-589A-4968-9FF0-A7CB4E5BD0A6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.140.508.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A782F11E-0479-4F74-AE21-36CD6A42FC9D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.140.508.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BAC2375F-FBA5-4E79-8ACA-C206AA5B603E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.140.508.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3555F0DB-60B1-488B-A41F-6A8BCD96D340}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.140.508.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F723C26C-774F-4140-BB7E-352562F19A7D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.140.508.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FA85A5DC-9F76-48F1-B57E-6497F0E764DB}] => (Allow) C:\Program Files\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [{C7EAABBE-20E0-4D08-A89D-62C48930CB63}] => (Allow) C:\Program Files\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [{D4D2E98E-035F-4DD7-A6E8-3412E0C3F088}] => (Allow) C:\Program Files (x86)\Plantronics\PlantronicsStatusIndicator\PlantronicsStatusIndicator.exe (Embrava Pty Ltd -> Plantronics Inc)
FirewallRules: [{E115EDA8-4820-4B76-9F4E-C4B6E5E449F4}] => (Allow) LPort=30000
FirewallRules: [{45020579-25FF-4D5F-98A3-E867F6D699B1}] => (Allow) LPort=8321
FirewallRules: [{AB12FF75-C221-46D2-AE77-F65D38FF43C6}] => (Allow) C:\Program Files (x86)\WOMic\womicclient.exe () [File not signed]
FirewallRules: [UDP Query User{C6ABF3A0-87AC-4A66-BE84-C2337946A504}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [TCP Query User{2CF23ECF-542E-448C-BD0F-6E9A450869B9}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [{A7B766CF-77FA-40B3-9AB8-988C43578A54}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe (Popcorn Time) [File not signed]
FirewallRules: [{53AFA428-3872-4254-8FD1-5891B8867CB6}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe (Popcorn Time) [File not signed]
FirewallRules: [UDP Query User{25D9EB7E-B473-4005-B666-5E7ADBC74FD6}C:\program files (x86)\willing webcam lite\wwlite.exe] => (Allow) C:\program files (x86)\willing webcam lite\wwlite.exe (Willing Software) [File not signed]
FirewallRules: [TCP Query User{E56E057B-B21F-49E0-9AED-523CBBFC2B53}C:\program files (x86)\willing webcam lite\wwlite.exe] => (Allow) C:\program files (x86)\willing webcam lite\wwlite.exe (Willing Software) [File not signed]
FirewallRules: [{DC821C3A-F728-4A85-801E-023002FFDA5A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8DC280C2-79FD-4834-8B99-8C1497D30854}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{10D1E795-F235-436A-AA58-7479BBD41914}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{05279798-9152-4D27-8547-E06429245407}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{1103F056-66A9-44BB-9AE5-4F6610677BD5}C:\program files\avast software\avast\avastui.exe] => (Allow) C:\program files\avast software\avast\avastui.exe => No File
FirewallRules: [UDP Query User{9796C500-00FE-4E00-9B4A-82DD6A04B221}C:\program files\avast software\avast\avastui.exe] => (Allow) C:\program files\avast software\avast\avastui.exe => No File
FirewallRules: [{D9C70E8A-FD57-492B-9E36-B3998AF4EAD7}] => (Allow) C:\Program Files (x86)\Apowersoft\LightPDF Editor\{app}\ServiceModule\Apowersoft.CoreServices.exe => No File
FirewallRules: [{16BBD745-1F59-44AD-8AB3-2559E5A125B3}] => (Allow) C:\Program Files (x86)\Apowersoft\LightPDF Editor\{app}\ServiceModule\Apowersoft.CoreServices.exe => No File
FirewallRules: [{7FC12E48-9431-4C20-8DF0-3BC27FFA3F51}] => (Allow) C:\Users\hp\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{75B967C8-F456-4D63-981B-595633024DCC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{AD16C88F-796E-46C5-A2B1-6E2D0B9D141B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{858E6926-7A82-4A5F-A60B-B35BAE0E939B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{CA8FE3EE-29D0-499A-A47A-7CEA8AD6297D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{B93FD417-9D09-4608-ABE2-741CC07A570E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5077E5F0-F009-4948-A063-8400FFBDB0B6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{66881454-520B-4E3E-BE6C-A7273EF547D5}] => (Allow) C:\Users\hp\AppData\Local\Programs\Opera\81.0.4196.54\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{A32EF264-C9E3-4B0F-97EF-A58E7E45415A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{E24185B0-F698-4A59-B378-EF70E3CAB0E9}] => (Allow) C:\Users\hp\AppData\Local\Programs\Opera\81.0.4196.60\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{DA11576F-EDCC-474C-805F-E55AD22CB33E}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{9551DB47-9219-4A55-BBC5-E24F638B6CE0}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\96.0.1054.43\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

30-11-2021 15:38:33 Removed Adobe Acrobat DC.
30-11-2021 16:04:17 Installed Adobe Acrobat 2020.
03-12-2021 17:22:22 Removed Adobe Acrobat 2020.

==================== Faulty Device Manager Devices ============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Qualcomm Atheros AR3011 Bluetooth 3.0 Adapter
Description: Qualcomm Atheros AR3011 Bluetooth 3.0 Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (12/04/2021 09:56:43 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/04/2021 09:56:17 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (12/04/2021 09:28:35 AM) (Source: MsiInstaller) (EventID: 11704) (User: DESKTOP-I9VTLAM)
Description: Application: Kaspersky VPN -- Error 1704. An installation for Adobe Acrobat 2020 is currently paused. Changes made by this installation will be canceled. Start the installation again after the process shutdown.<<1704>>

Error: (12/03/2021 05:43:43 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/03/2021 05:36:05 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (12/03/2021 05:35:31 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/03/2021 09:55:14 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=TimerEvent

Error: (12/02/2021 09:55:14 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=TimerEvent


System errors:
=============
Error: (12/04/2021 09:54:42 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WMPNetworkSvc service terminated with the following error:
An attempt was made to reference a token that does not exist.

Error: (12/04/2021 09:54:42 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1068" attempting to start the service upnphost with arguments "Unavailable" in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (12/04/2021 09:54:42 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The upnphost service depends on the SSDPSRV service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (12/04/2021 09:54:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AvastWscReporter service failed to start due to the following error:
The system cannot find the file specified.

Error: (12/03/2021 05:42:49 PM) (Source: Schannel) (EventID: 4108) (User: DESKTOP-I9VTLAM)
Description: The certificate received from the remote server has not validated correctly. The error code is 0x80092012. The TLS connection request has failed. The attached data contains the server certificate.

Error: (12/03/2021 05:42:43 PM) (Source: Schannel) (EventID: 4108) (User: DESKTOP-I9VTLAM)
Description: The certificate received from the remote server has not validated correctly. The error code is 0x80092012. The TLS connection request has failed. The attached data contains the server certificate.

Error: (12/03/2021 05:33:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Media Player Network Sharing Service service terminated with the following error:
An attempt was made to reference a token that does not exist.

Error: (12/03/2021 05:33:58 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1068" attempting to start the service upnphost with arguments "Unavailable" in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}


Windows Defender:
================Event[0]:

Date: 2021-08-06 00:45:46
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.343.2295.0
Previous security intelligence Version: 1.313.431.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.16900.4
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

Date: 2021-08-06 00:45:46
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.343.2295.0
Previous security intelligence Version: 1.313.431.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.16900.4
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

Date: 2021-08-06 00:45:46
Description:
Microsoft Defender Antivirus has encountered an error trying to update the engine.
New Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.16900.4
Error Code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

CodeIntegrity:
===============
Date: 2021-12-04 10:17:58
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avp.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-12-04 10:12:34
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: Hewlett-Packard 68SRR Ver. F.0A 07/18/2011
Motherboard: Hewlett-Packard 167E
Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 65%
Total physical RAM: 8126.36 MB
Available physical RAM: 2839.27 MB
Total Virtual: 13246.36 MB
Available Virtual: 7039.96 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:464.36 GB) (Free:91.39 GB) NTFS

\\?\Volume{74ac5e27-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{74ac5e27-0000-0000-0000-a03674000000}\ () (Fixed) (Total:0.91 GB) (Free:0.39 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 74AC5E27)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=464.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=928 MB) - (Type=27)

==================== End of Addition.txt =======================
 
Last edited:

DR.M

Trusted Advisor
Malware Specialist
Joined
Sep 4, 2019
Messages
3,321
Very good. Are you going to keep Microsoft Office Enterprise? It is not legally activated.
 

SFSBIZCON

Thread Starter
Joined
Nov 29, 2021
Messages
10
I believe it was on the computer when I bought it and I don't want to lose any of my files as my business depends on them. I don't have the tech smarts to uninstall office and then recover the files and such. I'll try it after I finish up these last 2 clients that I'm in the process of helping. No problem.

Tech Support Guy System Info Utility version 1.0.0.9
OS Version: Microsoft Windows 10 Home, 64 bit, Build 19043, Installed 20210308022439.000000-300
Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz, Intel64 Family 6 Model 42 Stepping 7, CPU Count: 4
Total Physical RAM: 8 GB
Graphics Card: Intel(R) HD Graphics 3000
Hard Drives: C: 464 GB (91 GB Free);
Motherboard: Hewlett-Packard 167E, ver KBC Version 22.1F, s/n PCMED001Y2H0F2
System: Hewlett-Packard, ver HPQOEM - f, s/n CNU21315KC
Antivirus: Windows Defender, Disabled
I uninstalled free proxy vpn (I don't recall ever installing that), kaspersky vpn, proton vpn, Hotspot shield (I don't recall installing it) Avast AV, Driver Booster and Driver Easy.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-12-2021
Ran by hp (administrator) on DESKTOP-I9VTLAM (Hewlett-Packard HP ProBook 4430s) (04-12-2021 10:09:52)
Running from C:\Users\hp\Desktop\New folder
Loaded Profiles: defaultuser0 & hp
Platform: Microsoft Windows 10 Home Version 21H1 19043.1348 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cermak Technologies, Inc. -> Cermak Technologies, Inc.) C:\Users\hp\Desktop\New folder\tsginfo (1).exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(GeoComply USA, Inc. -> GeoComply) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe
(Google LLC -> ) C:\Program Files\Google\Drive File Stream\53.0.8.0\crashpad_handler.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <40>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe <7>
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avp.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avpui.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\plugins_nms.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <10>
(Plantronics Inc -> Plantronics, Inc.) C:\Program Files (x86)\Plantronics\Spokes3G\SpokesUpdateService.exe
(Popcorn Time) [File not signed] C:\Program Files (x86)\Popcorn Time\Updater.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(SurfRight B.V. -> SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe
(WOLF OF WEBSTREET (OPC) PRIVATE LIMITED -> Copyright 2017.) C:\Program Files (x86)\MalwareFox AntiMalware\ZAM.exe <2>
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF3\3.0.0.308\WsAppService3.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HotKeysCmds] => "C:\WINDOWS\system32\hkcmd.exe" (No File)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [436704 2020-09-25] (Corel Corporation -> WinZip Computing, S.L.)
HKLM\...\Run: [Opera Browser Assistant] => C:\Users\hp\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [4597968 2021-11-23] (Opera Software AS -> Opera Software)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\MalwareFox AntiMalware\ZAM.exe [15767792 2021-11-29] (WOLF OF WEBSTREET (OPC) PRIVATE LIMITED -> Copyright 2017.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [uupdate] => C:\ProgramData\wDcLibs\uhelper.exe [512280 2019-11-28] (Shenzhen Yi Xing Investment Co., Ltd. -> )
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [8807712 2021-11-29] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2138272 2016-10-08] (Shenzhen Yi Xing Investment Co., Ltd. -> iSkySoft)
HKLM-x32\...\Run: [PLTHub.exe] => C:\Program Files (x86)\Plantronics\Spokes3G\PLTHub.exe [2867304 2020-06-26] (Plantronics Inc -> Plantronics, Inc.)
HKLM-x32\...\Run: [PlantronicsStatusIndicator] => C:\Program Files (x86)\Plantronics\PlantronicsStatusIndicator\PlantronicsStatusIndicator.exe [8129256 2020-04-01] (Embrava Pty Ltd -> Plantronics Inc)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => "C:\Program Files (x86)\Adobe\Acrobat 2020\Acrobat\Acrotray.exe" (No File)
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe [54402392 2021-11-19] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe [54402392 2021-11-19] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5397216 2021-10-05] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\Run: [Facebook.MessengerDesktop] => C:\Users\hp\AppData\Local\Programs\Messenger\Messenger.exe [110793448 2021-04-05] (Facebook, Inc. -> Facebook, Inc.)
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35342976 2021-11-12] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\Run: [ProtonVPN] => C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe (No File)
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [5461888 2021-07-30] (Windscribe Limited -> Windscribe Limited)
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 2020\Acrobat\AdobeCollabSync.exe [5471968 2021-10-04] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe [54402392 2021-11-19] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\Run: [] => [X]
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\Run: [Viddly YouTube Downloader] => C:\Program Files\Viddly YouTube Downloader\Viddly.exe [2192384 2021-10-30] (Viddly Inc.) [File not signed]
HKU\S-1-5-21-613475361-4011792205-542959771-1001\...\Run: [GoogleChromeAutoLaunch_BC2181BA6FEFC094049535C747D5BFD8] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe [54402392 2021-11-19] (Google LLC -> Google, Inc.)
HKLM\...\Print\Monitors\EPSON WF-2540 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMIUE.DLL [120320 2015-01-06] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\MPE3 Port: C:\WINDOWS\system32\mpelocalmon.dll [26112 2021-11-10] (Copyright (c) Code Industry Ltd) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\96.0.4664.45\Installer\chrmstp.exe [2021-11-18] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2021-04-30]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (Corel Corporation -> WinZip Computing)
Startup: C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2020-05-10]
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe (June Fabrics Technology Inc. -> )
BootExecute: autocheck autochk * bootdelete
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0777C7F6-5B56-4830-9E4F-ADCECF5ABD82} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-16] (Google Inc -> Google LLC)
Task: {176E116E-1593-4019-A7E6-95BCB224BAF8} - System32\Tasks\Opera scheduled assistant Autoupdate 1598392491 => C:\Users\TEMP.DESKTOP-I9VTLAM\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\TEMP.DESKTOP-I9VTLAM\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {18C4DC2E-A2FE-438E-93D9-3D5A8D58E149} - System32\Tasks\easyxploreUpdateTaskUserS-1-5-21-613475361-4011792205-542959771-1001UA => C:\Users\hp\AppData\Local\easyxplore\Update\easyxploreUpdate.exe /ua /installsource scheduler (No File) <==== ATTENTION
Task: {2679CFBF-518C-48F2-A5BE-8C9F191D090B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-11-12] (Piriform Software Ltd -> Piriform)
Task: {2B6740E9-3A7E-4CE7-951A-FEE143EE5A2A} - \Mozilla\Firefox Background Update 308046B0AF4A39CB -> No File <==== ATTENTION
Task: {30466BAB-D520-4D40-A790-01DEA9241338} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {324116A1-BB5F-4A2B-B280-F6815910DD54} - System32\Tasks\GeoComply Service Check => "C:\Program Files (x86)\GeoComply/\PlayerLocationCheck\Application\PlayerLocationCheckTask.cmd" (No File)
Task: {38A7EDB2-C39C-494C-A570-D5B4A237B5B8} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
Task: {3C0E46CC-E24D-4D84-9584-C249FE67C6F6} - System32\Tasks\Avast Driver Updater Scan => C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe scheduled (No File)
Task: {4901AAC4-73BE-457A-973E-C7841578F47A} - System32\Tasks\LocalExplorer Update => C:\Program Files (x86)\LocalExplorer\LocalExplorer.exe [97002 2014-08-08] (VNProDev) [File not signed]
Task: {4917D7BA-FF6D-44D9-B89D-D6E0152ED0CA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4D323DCD-B133-4D3C-9A5C-FB6B30C982BE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {50284487-5F5A-4242-9BC5-11710DC0BDE7} - System32\Tasks\easyxplore_chk => C:\Users\hp\AppData\Local\Programs\easyxplore\EasyXplore.exe /chk (No File) <==== ATTENTION
Task: {5B6D3204-ADB1-46DD-B02F-77184287F5B0} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
Task: {60E01292-C618-43B5-BDA2-24B0A2FE3439} - System32\Tasks\com.amazon.kpr.ncd => C:\Users\hp\AppData\Local\Amazon\Kindle Previewer 3\KPR_NCD.exe [2274392 2021-10-20] (Amazon.com Services LLC -> )
Task: {61E12E21-7BFF-460E-9164-E218D0DD3025} - System32\Tasks\GeoComply Update Task => C:\Program Files (x86)\GeoComply\\PlayerLocationCheck\Update\GeoComplyUpdate.exe [3191272 2021-11-05] (GeoComply USA, Inc. -> GeoComply) -> /config=C:\Program Files (x86)\GeoComply\\PlayerLocationCheck\Update\GeoComplyUpdate.xml
Task: {725C9E94-25BA-48A7-89A2-0B70854527F9} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
Task: {7927D501-27C0-4627-8F87-1FC910EC563A} - System32\Tasks\CCleanerSkipUAC - hp => C:\Program Files\CCleaner\CCleaner.exe [29417088 2021-11-12] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {7A470405-ACE6-48B4-BCEB-11F0EC06F168} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [29417088 2021-11-12] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {7D60D9D7-B8CD-44CF-930F-B4D07CC60CF8} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [743488 2021-11-12] (Kaspersky Lab JSC -> AO Kaspersky Lab)
Task: {95F2A930-D6DC-41F6-8AE3-D6C2C2ED6618} - System32\Tasks\Opera scheduled assistant Autoupdate 1637282468 => C:\Users\hp\AppData\Local\Programs\Opera\launcher.exe [2265296 2021-11-23] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\hp\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {A307E686-62BB-412F-8443-D2DAA7CAF7B6} - System32\Tasks\easyxplore_run => C:\Users\hp\AppData\Local\Programs\easyxplore\EasyXplore.exe /start:reboot (No File) <==== ATTENTION
Task: {A6507194-134E-4800-93F0-320421815AA8} - System32\Tasks\Opera scheduled Autoupdate 1598392471 => C:\Users\TEMP.DESKTOP-I9VTLAM\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {A73CF663-BC5B-4D25-8707-886C9BF48A15} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {B11C6ABB-B6C3-46D8-8128-3A6D7470A596} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {B5EAD3A6-B20A-4D77-A3BE-51F20FA39531} - System32\Tasks\Opera scheduled Autoupdate 1637282460 => C:\Users\hp\AppData\Local\Programs\Opera\launcher.exe [2265296 2021-11-23] (Opera Software AS -> Opera Software)
Task: {BDA2046F-2E85-4E43-AAF4-11193EC69380} - System32\Tasks\Patch My PC => C:\Users\hp\Desktop\New folder\PatchMyPC.exe [3164752 2021-09-11] (Patch My PC, LLC -> Patch My PC, LLC)
Task: {C1D5F049-B650-4EF8-8129-E09F3AFBA1AC} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [220816 2019-09-30] (Tweaking LLC -> Tweaking.com)
Task: {D46D5EA4-CC04-4190-BD0E-F06CC80A6209} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D88EE0D5-9AEB-419D-916D-BE0EDCA676E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-16] (Google Inc -> Google LLC)
Task: {EB079D79-5EA8-4D18-A59F-5E57CC8F5BD3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984 2011-06-01] (Apple Inc. -> Apple Inc.)
Task: {EDD7EC92-71EC-46FC-9651-9B232488454C} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" <==== ATTENTION
Task: {EFCD7A5E-2F04-49BD-B3A8-690A1A9A5C44} - System32\Tasks\easyxploreUpdateTaskUserS-1-5-21-613475361-4011792205-542959771-1001Core => C:\Users\hp\AppData\Local\easyxplore\Update\easyxploreUpdate.exe /c (No File) <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Avast Driver Updater Scan.job => C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{45a45513-1135-4a9a-b950-3a2a853333c1}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9c76091e-9d17-4ccd-bd00-4754fadcda2a}: [DhcpNameServer] 8.8.8.8
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

Edge:
=======
Edge HomeButtonPage: HKU\S-1-5-21-613475361-4011792205-542959771-1001 -> hxxp://www.google.com
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\hp\AppData\Local\Microsoft\Edge\User Data\Default [2021-12-04]
Edge HomePage: Default -> hxxp://www.google.com/
Edge StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=87nptdwxol753020&param1=y6bdVFVIsvuYsgEClQfz8B3zzGW%2BMXjYap41VPqwQlLYtLzY2aAQ3Bw4gfRcAj3Yst88BlydE5%2BCh%2FY7wePUJhOYZ5mubnCToxl%2FaZtk7ouRZXgTjrBVaRpOTlBCVExJNaVeatOVcXW014SeseNRRButGMp946UVTyEZgxOjbUBb7bqawqRUs4Y5dKX5Lxc2FckphZ0%2BMK%2F0YLktXYhpo36l6K3ig%2BE39RVp1ihBDFlL77o6Zlg99y6JfrEFYv%2BYlP4CMhMuok6qhRkuAwNhKyDDZsBq9pH2QtIgiYYuqVFPDlYkZ9Ga7CU25hMHvXOgnT9a1ireV5o1b8P2JBdU37u1H%2FToc1LG3az8AUzYXSW8ZywerGSCQWDBl3ltcJjA"
Edge DefaultSearchURL: Default -> hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=87nptdwxol753020&param1=y6bdVFVIsvuYsgEClQfz8B3zzGW%2BMXjYap41VPqwQlLYtLzY2aAQ3Bw4gfRcAj3Yg%2FUXfXOu5OSZZNzeNjM%2FEF5QWmjNY%2Ff2JQE0XwXxXGxCBxYfZ2Tn15mQkLvPSRESpyaoUVrMInmghOJ3fs%2FDK0TQwNm8urLMahvA59bAa7x1bIZdYWp9shLh6a7qvvDgRI%2BhKbaFNMLY9SQd3VVlZBAVdz5k7gD9NtXJ4Jn6W1mA%2Fyg0YZODEfLfyPzlfAXZzh4%2B%2BeLnvPH0bZYlFMSlc9Omf7U5XJa7QMgkZLhrntawnOpXA6J7kiIwk1IK1j%2FHBCHLonfAZh661tXvWP3nsu%2Fe6eYwZ74Ljok%2BhXqpeDyjwhTTw9ec9dgM5hc16gbs&p={searchTerms}
Edge DefaultSearchKeyword: Default -> us.search.yahoo.com
Edge Extension: (Kaspersky Protection) - C:\Users\hp\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-11-13]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\hp\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-12-01]
Edge HKU\S-1-5-21-613475361-4011792205-542959771-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: tjquiq2n.default
FF ProfilePath: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\tjquiq2n.default [2021-11-11]
FF ProfilePath: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\hn90dm0h.default-release [2021-12-04]
FF HKLM\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 2020\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi => not found
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 2020\Acrobat\Air\nppdf32.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2021-11-12] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2021-11-12] <==== ATTENTION

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default [2021-12-04]
CHR DownloadDir: C:\Users\hp\Desktop\New folder
CHR Notifications: Default -> hxxps://277257115634392.webpush.freshchat.com; hxxps://94730764731922.webpush.freshchat.com; hxxps://business.facebook.com; hxxps://discordapp.com; hxxps://drive.google.com; hxxps://storyxpress.co; hxxps://vev.io; hxxps://www.draftkings.com; hxxps://www.godaddy.com
CHR HomePage: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=87nptdwxol753020&param1=y6bdVFVIsvuYsgEClQfz8B3zzGW%2BMXjYap41VPqwQlLYtLzY2aAQ3Bw4gfRcAj3YWa3oKtzq3XeNb%2F4Y7dVi4VYu4cQaKpu4THJCGORr6nCuzuz4v8cj4wU8Kl5l0%2BBLfEc6jJvIJerC24D%2BX%2BcQVcXcD3QZ2GW5u5J%2FhdYBgHF%2FaN9WX0w42tCrFBsCuzAOvAy35cqqR%2BzyIORcngxOsrjjtlGNRzRRUrPVENji47QWr6VpHyEGgnAsXi48RVJRoQcEdgm9CpJvyYPbCMb0zgBkQajWGuCfl%2Bs3v2XaMxJivM4M6hDpKx%2F%2BZrQnM4Zyvz%2BB7%2Bt43tZTqn6RRE7TNo8TimFQtJc0OsjHPfkY7mpJwwS%2FyiJ75Wv0B9pM2LsxeBuB5I%2FJ%2B6xBduIe9DjJTw%3D%3D
CHR StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=87nptdwxol753020&param1=y6bdVFVIsvuYsgEClQfz8B3zzGW%2BMXjYap41VPqwQlLYtLzY2aAQ3Bw4gfRcAj3YWa3oKtzq3XeNb%2F4Y7dVi4UZozKha5LGuJf8PWZfbIZAlVlStPm435DStuo03LFt4IylmWEEvWX%2BSAXfyAZByIeYLAkSv%2F%2F0aufHl46dgElfJk0nGNgPJPxRQmazNmdlhNm7rJBCuapOS5SxhswZ%2Fj%2FbjOqL32q0AAvpDAlUZ%2BAVjcfvEsglDfT58FYnUkdH4Vo0KpsdcvKD6%2FBXG80VNhGeormLrMfeuGsK2T4SARgXla674vzsEvn9Gn5Drr7Osad1uXeluxQ584osqmYnwgQlS%2Fw8cTseSZ9YdbQYE0CM4ODEd2GmSWWtM2LqKutCGddJEafgXq8laRy0wT2ZnOg%3D%3D"
CHR NewTab: Default -> Not-active:"chrome-extension://jbjgkhmocaaicjdbafhgoncfbopkfcng/homepage.html"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Session Restore: Default -> is enabled.
CHR Extension: (Slides) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-09-16]
CHR Extension: (Kaspersky Protection) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-11-12]
CHR Extension: (Docs) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-09-16]
CHR Extension: (Google Drive) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-30]
CHR Extension: (JSON Formatter) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjindcccaagfpapjjmafapmmgkkhgoa [2021-11-11]
CHR Extension: (YouTube) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-09-16]
CHR Extension: (Honey) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2021-11-18]
CHR Extension: (Fantasy Basketball WZRD) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmojbnihkmbdandkddobjnilkegcooll [2021-11-28]
CHR Extension: (TTS Reader: Speak Kindle Books Aloud) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\boejkcdniilikalcdbigmobbmejjbppf [2021-10-06]
CHR Extension: (Nimbus Screenshot & Screen Video Recorder) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2021-11-29]
CHR Extension: (Video Downloader Pro) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccdikaeknpeokoejlpffihfmpfelakcg [2020-11-30]
CHR Extension: (Web paint) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\colbejldlbhdkjhdndknbminnlbbkecj [2021-05-26]
CHR Extension: (Seamless.AI) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbepenphjfofmnjmlacfcdehikakmaap [2021-11-18]
CHR Extension: (PDF tools all-in-one) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemiojeoeomfggoapmnfnmpnkieojonj [2021-03-08]
CHR Extension: (Adobe Acrobat) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-11-16]
CHR Extension: (Zoom Recording / Video Downloader) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehioimgmdbbkmbbimfjcdmonjnjjhgng [2021-04-27]
CHR Extension: (Sheets) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-09-16]
CHR Extension: (Google Docs Offline) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-11-30]
CHR Extension: (VCR Screen-Share) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmfakinflkflhggbhibfclfidnbcflnd [2021-04-19]
CHR Extension: (Local Video Player in Browser) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gooogiookckojjoinofnjfogcfocfkbn [2021-09-02]
CHR Extension: (Ultimate Volume Booster) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcfnhafpadfnabbnjnhdfdacolpmdbjo [2021-10-13]
CHR Extension: (Video Downloader professional) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcmifggiafbblnlgkeamfopdecenbcle [2021-12-04]
CHR Extension: (Auto HD 720p/1080p) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\hglhiepjhbhcjpjnehnggbleobjlblde [2021-07-29]
CHR Extension: (Enable right click) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhojmcideegachlhfgfdhailpfhgknjm [2021-03-04]
CHR Extension: (DraftKings Chrome Extension) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkicikjgcbcahcflpejdpehchnehjnl [2021-02-01]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-11-28]
CHR Extension: (Yahoo Homepage) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbjgkhmocaaicjdbafhgoncfbopkfcng [2020-08-01]
CHR Extension: (Screen Recorder Video Editor Webcam Recorder) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfpjkgdpgdbddknpgplfkjjfncenlmkf [2021-11-17]
CHR Extension: (RetailMeNot Deal Finder™️) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjfblogammkiefalfpafidabbnamoknm [2021-11-22]
CHR Extension: (Player Salary Tooltip for DraftKings) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\koafaenckabjpnofnidmkillbhgnabei [2021-02-01]
CHR Extension: (RotoGrinders - DraftKings Tools) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lokmacldfjfgajcebibmmfohacnikhhd [2021-11-28]
CHR Extension: (Coupert - Automatic Coupon Finder & Cashback) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidniedemcgceagapgdekdbmanojomk [2021-11-28]
CHR Extension: (Elementor pro nulled) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmnjckgmijamnepkccfbgpifhgccobg [2021-02-13]
CHR Extension: (RotoGrinders Basketball Reference) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\mklaikjfchdedoaemannepoofcpgbfbn [2021-02-01]
CHR Extension: (Screencastify - Screen Video Recorder) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmeijimgabbpbgpdklnllpncmdofkcpn [2021-11-28]
CHR Extension: (Similar Sites - Discover Related Websites) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\necpbmbhhdiplmfhmjicabdeighkndkn [2021-10-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR Extension: (Enhanced ESPN NBA box score) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\obmjelnefbpppnlclofadlniafdnhjpc [2021-12-03]
CHR Extension: (Enable Right Click for Google Chrome™) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofgdcdohlhjfdhbnfkikfeakhpojhpgm [2021-07-15]
CHR Extension: (DraftKings Lineup Filler - FantasyWonder.com) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\opekpkkpcbgfpnificmdbgdgaibdomhk [2021-02-01]
CHR Extension: (vidIQ Vision for YouTube) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2021-11-28]
CHR Extension: (Gmail) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-30]
CHR Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnhplgjpclknigjpccbcnmicgcieojbh [2021-10-23]
CHR Extension: (Majestic Backlink Analyzer) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnmjaflneibolacpepklokkjnakmikmg [2021-12-01]
CHR Extension: (NBA ScoopsZone) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pooiemhefbajoinogpdbpipkbphbjjpn [2021-02-01]
CHR Profile: C:\Users\hp\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-11-28]
CHR Profile: C:\Users\hp\AppData\Local\Google\Chrome\User Data\System Profile [2021-11-28]
CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM\...\Chrome\Extension: [bnbbhgcfmdnamgfgjfgjdkcjbofkjihb]
CHR HKLM\...\Chrome\Extension: [jbjgkhmocaaicjdbafhgoncfbopkfcng]
CHR HKU\S-1-5-21-613475361-4011792205-542959771-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bnbbhgcfmdnamgfgjfgjdkcjbofkjihb]
CHR HKU\S-1-5-21-613475361-4011792205-542959771-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jbjgkhmocaaicjdbafhgoncfbopkfcng]
CHR HKU\S-1-5-21-613475361-4011792205-542959771-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [bnbbhgcfmdnamgfgjfgjdkcjbofkjihb]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [jbjgkhmocaaicjdbafhgoncfbopkfcng]

Opera:
=======
OPR Profile: C:\Users\hp\AppData\Roaming\Opera Software\Opera Stable [2021-11-29]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\hp\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-11-16]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\hp\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-08-17]
OPR Extension: (Web Clipper : Easy Screenshot) - C:\Users\hp\AppData\Roaming\Opera Software\Opera Stable\Extensions\nlhabdnjcoggnpnnaamopkaolcggpdmi [2021-07-09]
StartMenuInternet: (HKLM) OperaStable - C:\Users\hp\AppData\Local\Programs\Opera\Launcher.exe

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 AVP21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avp.exe [184768 2021-11-12] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44328 2021-11-29] (Dropbox, Inc -> Dropbox, Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [151496 2021-11-16] (SurfRight B.V. -> SurfRight B.V.)
S3 klvssbridge64_21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\vssbridge64.exe [479280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 PlantronicsUpdateService; C:\Program Files (x86)\Plantronics\Spokes3G\SpokesUpdateService.exe [1949800 2020-06-26] (Plantronics Inc -> Plantronics, Inc.)
R2 Player Location Check; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/service.exe [3141608 2021-11-05] (GeoComply USA, Inc. -> GeoComply)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13271336 2021-09-02] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2019-01-08] (Popcorn Time) [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\NisSrv.exe [3294680 2020-03-30] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MsMpEng.exe [103168 2020-03-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [1300352 2021-07-30] (Windscribe Limited -> Windscribe Limited)
R2 WsAppService3; C:\Program Files (x86)\Wondershare\WAF3\3.0.0.308\WsAppService3.exe [83232 2019-07-09] (Wondershare Technology Co.,Ltd -> Wondershare)
S3 WsDrvInst; C:\Program Files (x86)\iSkysoft\Video Converter Ultimate\Transfer\DriverInstall.exe [111384 2020-02-10] (Shenzhen Yi Xing Investment Co., Ltd. -> Wondershare)
R2 ZAMSvc; C:\Program Files (x86)\MalwareFox AntiMalware\ZAM.exe [15767792 2021-11-29] (WOLF OF WEBSTREET (OPC) PRIVATE LIMITED -> Copyright 2017.)
S2 AvastWscReporter; "C:\Program Files\AVAST Software\Avast\wsc_proxy.exe" /runassvc /rpcserver [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [250032 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 GDPL_BOOM; C:\WINDOWS\system32\drivers\boomvad.sys [51016 2019-09-11] (WDKTestCert Adarsh,131897759775447238 -> Windows (R) Win 7 DDK provider)
R1 googledrivefs3525; C:\WINDOWS\System32\DRIVERS\googledrivefs3525.sys [389640 2021-09-09] (Google LLC -> Google, Inc.)
S3 hsstap; C:\WINDOWS\System32\drivers\hsstap.sys [39424 2020-09-29] (Microsoft Windows Hardware Compatibility Publisher -> Pango)
R3 int0800; C:\WINDOWS\System32\drivers\flashud.sys [62984 2019-08-28] (Intel Corporation -> Intel Corporation)
R1 klbackupdisk; C:\WINDOWS\system32\DRIVERS\klbackupdisk.sys [110336 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [211704 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [126216 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [41656 2021-02-19] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R1 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [514840 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klgse; C:\WINDOWS\System32\DRIVERS\klgse.sys [674104 2021-09-09] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [1469240 2021-09-09] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP21.3\Bases\klids.sys [273176 2021-11-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1042712 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [98040 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [112392 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [112904 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [85256 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [96008 2021-11-12] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [276064 2021-11-25] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [314040 2021-11-25] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [113976 2021-11-25] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [225648 2021-11-29] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [155912 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [327936 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [300808 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 netfilter2; C:\WINDOWS\System32\drivers\netfilter2.sys [86632 2020-04-24] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R1 pango_netfilter2; C:\WINDOWS\System32\drivers\pango_netfilter2.sys [94600 2021-04-13] (Pango Inc. -> Pango Inc)
U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [94560 2021-11-29] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com)
R3 SPUVCbv; C:\WINDOWS\System32\Drivers\SPUVCbv64.sys [919072 2021-09-11] (SUNPLUS INNOVATION TECHNOLOGY INC. -> Sunplus Innovation Technology Inc.)
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [25608 2020-11-02] (AVG Technologies CZ, s.r.o. -> SlimWare Utilities, Inc.)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2014-11-05] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49024 2020-12-30] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [57768 2021-07-30] (Windscribe Limited -> The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45960 2020-03-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [391392 2020-03-30] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59104 2020-03-30] (Microsoft Windows -> Microsoft Corporation)
S3 WindscribeSplitTunnel; C:\WINDOWS\system32\DRIVERS\WindscribeSplitTunnel.sys [35752 2021-07-30] (Windscribe Limited -> )
R3 windtun420; C:\WINDOWS\System32\drivers\windtun420.sys [47544 2021-07-30] (Windscribe Limited -> WireGuard LLC)
R3 wovad_micarray; C:\WINDOWS\system32\drivers\womic.sys [34496 2020-02-15] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2021-11-29] (Zemana Ltd. -> Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2021-11-29] (Zemana Ltd. -> Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-12-03 17:48 - 2021-12-03 17:48 - 000418351 _____ C:\Users\hp\Downloads\A_McKinsey_Response_Letter_06202109134194767.pdf
2021-12-03 17:47 - 2021-12-03 17:47 - 000416838 _____ C:\Users\hp\Downloads\210921-7299375 Response.pdf
2021-12-03 17:47 - 2021-12-03 17:47 - 000105281 _____ C:\Users\hp\Downloads\PRE LITIGATION Alfred Mckinsey Wells Fargo original CFPB complaint 092121.pdf
2021-12-01 15:06 - 2021-12-01 15:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-11-30 12:34 - 2021-11-30 12:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Master PDF Editor 5
2021-11-30 12:32 - 2021-11-30 12:33 - 033189616 _____ (Code Industry Ltd. ) C:\Users\hp\Downloads\MasterPDFEditor-setup(1).exe
2021-11-30 12:09 - 2021-11-30 12:09 - 000065389 _____ C:\Users\hp\Downloads\Shortcut.txt
2021-11-30 11:43 - 2021-11-30 11:44 - 002311680 _____ (Farbar) C:\Users\hp\Downloads\FRST64 (1).exe
2021-11-29 16:46 - 2021-11-30 12:09 - 000060167 _____ C:\Users\hp\Downloads\Addition.txt
2021-11-29 16:35 - 2021-11-30 12:09 - 000084947 _____ C:\Users\hp\Downloads\FRST.txt
2021-11-29 16:30 - 2021-12-04 10:11 - 000000000 ____D C:\FRST
2021-11-29 16:29 - 2021-11-29 16:29 - 002311680 _____ (Farbar) C:\Users\hp\Downloads\FRST64.exe
2021-11-29 16:10 - 2021-11-29 16:10 - 000094560 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON24.SYS
2021-11-29 14:35 - 2021-12-04 10:14 - 000335213 _____ C:\WINDOWS\ZAM.krnl.trace
2021-11-29 14:35 - 2021-12-04 10:13 - 000052742 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2021-11-29 14:35 - 2021-11-29 14:35 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2021-11-29 14:35 - 2021-11-29 14:35 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2021-11-29 14:35 - 2021-11-29 14:35 - 000001255 _____ C:\Users\Public\Desktop\MalwareFox AntiMalware.lnk
2021-11-29 14:35 - 2021-11-29 14:35 - 000000000 ____D C:\Users\hp\AppData\Local\Zemana
2021-11-29 14:35 - 2021-11-29 14:35 - 000000000 ____D C:\Users\hp\AppData\Local\Wolf of Webstreet OPC Private Limited
2021-11-29 14:35 - 2021-11-29 14:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MalwareFox AntiMalware
2021-11-29 14:35 - 2021-11-29 14:35 - 000000000 ____D C:\Program Files (x86)\MalwareFox AntiMalware
2021-11-29 14:34 - 2021-11-29 14:35 - 006617512 _____ (Zemana Ltd. ) C:\Users\hp\Downloads\MalwareFox(1).exe
2021-11-29 14:34 - 2021-11-29 14:34 - 006617512 _____ (Zemana Ltd. ) C:\Users\hp\Downloads\MalwareFox.exe
2021-11-29 10:10 - 2021-11-29 10:10 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2021-11-29 10:10 - 2021-11-29 10:10 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2021-11-29 10:10 - 2021-11-29 10:10 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2021-11-29 10:10 - 2021-11-29 10:10 - 000044328 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2021-11-28 11:15 - 2021-11-28 11:15 - 000001706 _____ C:\Users\hp\Documents\cc_20211128_111525.reg
2021-11-25 05:54 - 2021-11-29 12:03 - 000225648 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2021-11-25 05:54 - 2021-11-25 05:54 - 000314040 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2021-11-25 05:54 - 2021-11-25 05:54 - 000276064 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2021-11-25 05:54 - 2021-11-25 05:54 - 000113976 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2021-11-23 03:28 - 2021-11-29 23:35 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-11-21 16:45 - 2021-11-21 16:45 - 000013616 _____ C:\Users\hp\Documents\cc_20211121_164525.reg
2021-11-18 19:41 - 2021-11-29 15:59 - 000003574 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1637282468
2021-11-18 19:41 - 2021-11-29 15:59 - 000003326 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1637282460
2021-11-18 19:41 - 2021-11-26 18:39 - 000001435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2021-11-18 08:26 - 2021-11-18 08:26 - 000132165 _____ C:\Users\hp\Documents\bookmarks_11_18_21.html
2021-11-17 09:27 - 2021-11-17 09:27 - 003731992 _____ C:\WINDOWS\system32\.crusader
2021-11-16 12:14 - 2021-11-16 12:14 - 000001962 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2021-11-16 12:14 - 2021-11-16 12:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2021-11-16 12:14 - 2021-11-16 12:14 - 000000000 ____D C:\Program Files\HitmanPro
2021-11-16 12:12 - 2021-11-17 19:03 - 000000000 ____D C:\ProgramData\HitmanPro
2021-11-15 17:23 - 2021-11-15 17:23 - 000000552 _____ C:\Users\hp\Documents\cc_20211115_172338.reg
2021-11-15 17:22 - 2021-11-15 17:22 - 000013628 _____ C:\Users\hp\Documents\cc_20211115_172245.reg
2021-11-15 15:05 - 2021-11-15 15:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Viddly YouTube Downloader
2021-11-12 11:32 - 2021-11-29 15:59 - 000002638 _____ C:\WINDOWS\system32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2021-11-12 11:31 - 2021-11-12 11:31 - 000000000 ____D C:\Program Files\Common Files\AV
2021-11-12 11:30 - 2021-11-12 11:30 - 000002170 _____ C:\Users\Public\Desktop\Kaspersky Security Cloud.lnk
2021-11-12 11:30 - 2021-11-12 11:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Cloud
2021-11-12 11:30 - 2021-02-19 21:09 - 000110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2021-11-12 11:29 - 2021-12-04 09:29 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2021-11-12 11:29 - 2021-12-04 09:29 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2021-11-12 11:28 - 2021-02-19 21:08 - 001042712 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2021-11-12 11:28 - 2021-02-19 21:08 - 000514840 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2021-11-11 16:34 - 2021-11-11 16:36 - 000000000 ____D C:\Users\hp\Desktop\BaDshaH.EAV.ESS.v8.0.319.1-20211012
2021-11-11 13:17 - 2021-11-11 13:17 - 000011363 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-11-11 13:16 - 2021-11-11 13:16 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-11-11 13:15 - 2021-11-11 13:15 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-11-11 13:14 - 2021-11-11 13:14 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-11-11 12:08 - 2021-11-11 12:08 - 000000000 ___HD C:\$WinREAgent
2021-11-11 11:27 - 2021-12-04 10:03 - 000000000 ____D C:\ProgramData\Mozilla
2021-11-11 11:27 - 2021-12-04 10:02 - 000000000 ____D C:\Users\hp\AppData\LocalLow\Mozilla
2021-11-11 11:27 - 2021-11-29 23:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-11-11 11:27 - 2021-11-29 15:20 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-11-11 11:27 - 2021-11-23 10:28 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-11-11 11:27 - 2021-11-11 11:27 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk
2021-11-11 11:27 - 2021-11-11 11:27 - 000000000 ____D C:\Users\hp\AppData\Roaming\Mozilla
2021-11-11 11:27 - 2021-11-11 11:27 - 000000000 ____D C:\Users\hp\AppData\Local\Mozilla
2021-11-09 19:27 - 2021-11-09 19:27 - 000219703 _____ C:\Users\hp\Downloads\final sales script.pdf
2021-11-08 07:05 - 2021-11-08 07:05 - 000211036 _____ C:\Users\hp\Downloads\mckinsy updated ews report.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-12-04 10:09 - 2021-07-09 06:47 - 000000000 ___RD C:\Users\hp\Desktop\New folder
2021-12-04 10:00 - 2021-09-10 20:19 - 000003330 _____ C:\WINDOWS\system32\Tasks\GeoComply Service Check
2021-12-04 10:00 - 2020-08-01 11:32 - 000000000 ____D C:\Program Files\CCleaner
2021-12-04 09:57 - 2019-09-16 12:25 - 000000000 ____D C:\Program Files (x86)\Google
2021-12-04 09:56 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-12-04 09:54 - 2021-05-25 14:35 - 000668296 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-12-04 09:54 - 2021-05-24 14:41 - 000000000 ____D C:\Users\hp\AppData\Local\Avast Software
2021-12-04 09:54 - 2021-03-08 02:23 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-12-04 09:54 - 2021-03-08 01:53 - 000008192 ___SH C:\DumpStack.log.tmp
2021-12-04 09:54 - 2020-09-17 07:45 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-12-04 09:54 - 2020-03-16 09:03 - 000000000 ____D C:\ProgramData\AVAST Software
2021-12-04 09:53 - 2021-03-08 02:00 - 000000000 ____D C:\Users\defaultuser0
2021-12-04 09:53 - 2019-12-07 04:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-12-04 09:52 - 2021-03-08 02:00 - 000000000 ____D C:\Users\hp
2021-12-04 09:51 - 2021-09-11 13:15 - 000000000 ____D C:\ProgramData\ProductData
2021-12-04 09:51 - 2021-09-11 13:04 - 000000000 ____D C:\Users\hp\AppData\Roaming\IObit
2021-12-04 09:51 - 2021-09-11 11:19 - 000000000 ____D C:\Users\hp\AppData\Roaming\Easeware
2021-12-04 09:31 - 2021-07-07 12:17 - 000000000 ____D C:\Users\hp\AppData\Roaming\Proton Technologies AG
2021-12-04 09:30 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2021-12-04 09:29 - 2020-07-23 15:15 - 000000000 ____D C:\Users\TEMP
2021-12-04 09:28 - 2019-09-10 20:25 - 000000000 ____D C:\ProgramData\Adobe
2021-12-04 09:27 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-12-04 09:27 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-12-04 09:27 - 2019-09-07 15:43 - 000000000 ____D C:\Users\hp\AppData\Local\Packages
2021-12-04 09:11 - 2021-03-08 01:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-12-04 00:32 - 2021-09-18 23:20 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-12-04 00:32 - 2021-09-18 23:20 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-12-03 17:58 - 2020-01-08 11:49 - 000000000 ____D C:\Users\hp\AppData\Local\D3DSCache
2021-12-03 17:36 - 2021-03-08 02:22 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-12-03 17:26 - 2021-09-09 09:21 - 000000000 ____D C:\Program Files\Common Files\Adobe
2021-12-03 17:26 - 2019-09-10 20:25 - 000000000 ____D C:\Program Files (x86)\Adobe
2021-12-03 17:25 - 2021-09-09 09:21 - 000000000 ____D C:\Program Files\Adobe
2021-12-03 17:25 - 2019-09-07 15:43 - 000000000 ____D C:\Users\hp\AppData\Roaming\Adobe
2021-12-01 15:08 - 2020-01-08 11:31 - 000000000 ____D C:\Program Files (x86)\Dropbox
2021-12-01 15:08 - 2020-01-08 11:30 - 000000000 ____D C:\Users\hp\AppData\Local\Dropbox
2021-11-30 16:12 - 2021-03-08 02:22 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-11-30 16:11 - 2021-09-09 09:59 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2021-11-30 15:33 - 2021-08-28 05:37 - 000000033 _____ C:\WINDOWS\Eic.ini
2021-11-30 05:42 - 2019-12-07 04:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-11-29 15:59 - 2021-10-26 07:42 - 000002378 _____ C:\WINDOWS\system32\Tasks\com.amazon.kpr.ncd
2021-11-29 15:59 - 2021-09-11 11:02 - 000002244 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - hp
2021-11-29 15:59 - 2021-04-28 20:27 - 000002676 _____ C:\WINDOWS\system32\Tasks\GeoComply Update Task
2021-11-29 15:59 - 2021-04-28 20:18 - 000003214 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d713e9f538be82
2021-11-29 15:59 - 2021-03-08 02:22 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-11-29 15:59 - 2021-03-08 02:22 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-11-29 15:59 - 2021-03-08 02:22 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-11-29 13:40 - 2021-09-11 11:20 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2021-11-28 14:42 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-11-28 11:21 - 2021-09-11 13:47 - 000000000 ____D C:\Users\hp\AppData\Roaming\XnView
2021-11-22 16:14 - 2020-11-02 14:10 - 000000000 ____D C:\Users\hp\AppData\Roaming\Messenger
2021-11-22 16:14 - 2020-11-02 14:10 - 000000000 ____D C:\Users\hp\AppData\Local\Messenger
2021-11-21 16:55 - 2019-09-11 16:14 - 000000000 ____D C:\ProgramData\Packages
2021-11-19 19:41 - 2021-09-23 11:28 - 000002057 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2021-11-19 19:41 - 2021-09-23 11:28 - 000001899 _____ C:\Users\Default\Desktop\Google Slides.lnk
2021-11-19 19:41 - 2021-09-23 11:28 - 000001899 _____ C:\Users\Default\Desktop\Google Sheets.lnk
2021-11-19 19:41 - 2021-09-23 11:28 - 000001887 _____ C:\Users\Default\Desktop\Google Docs.lnk
2021-11-18 21:57 - 2019-09-16 12:26 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-11-18 21:57 - 2019-09-16 12:26 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-11-18 08:39 - 2021-07-08 20:44 - 000001371 _____ C:\Users\hp\Desktop\M29580191_6-8-2021 - Shortcut.lnk
2021-11-17 19:16 - 2021-03-08 02:12 - 000840602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-11-16 12:06 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-11-15 16:17 - 2020-03-23 07:27 - 000000000 ____D C:\Users\hp\AppData\Local\CrashDumps
2021-11-15 15:07 - 2021-03-27 23:53 - 000000000 ____D C:\Program Files\Viddly YouTube Downloader
2021-11-15 15:06 - 2021-06-01 03:48 - 000000000 ____D C:\Users\hp\AppData\Local\luminati
2021-11-15 15:05 - 2021-10-02 14:08 - 000001860 _____ C:\Users\Public\Desktop\Viddly YouTube Downloader.lnk
2021-11-12 12:23 - 2021-07-09 07:42 - 000000792 _____ C:\Users\hp\Desktop\Dropbox - Shortcut.lnk
2021-11-12 11:36 - 2021-02-19 21:09 - 000096008 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klpnpflt.sys
2021-11-12 11:29 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-11-12 11:00 - 2020-01-08 11:31 - 000000932 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2021-11-12 11:00 - 2020-01-08 11:31 - 000000928 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2021-11-12 10:27 - 2021-03-08 02:22 - 000003892 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2021-11-12 10:27 - 2021-03-08 02:22 - 000003660 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2021-11-11 14:31 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-11-11 14:31 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-11-11 14:31 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-11-11 14:31 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-11-11 14:31 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-11-11 14:30 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-11-11 14:30 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-11-11 14:30 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-11-11 14:30 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-11-11 14:30 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-11-11 14:30 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing
2021-11-11 13:28 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-11-11 12:06 - 2019-09-10 18:12 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-11-11 11:58 - 2019-09-10 18:12 - 141529560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-11-10 00:41 - 2021-02-23 14:58 - 000026112 _____ (Copyright (c) Code Industry Ltd ) C:\WINDOWS\system32\mpelocalmon.dll
2021-11-10 00:41 - 2021-02-23 14:58 - 000016896 _____ (Copyright (c) Code Industry Ltd ) C:\WINDOWS\system32\mpelocalui.dll
2021-11-05 06:18 - 2019-09-16 11:19 - 000000000 ____D C:\Users\hp\AppData\Local\PlaceholderTileLogoFolder

==================== Files in the root of some directories ========

2020-04-04 21:06 - 2020-04-04 21:06 - 000370070 _____ () C:\Users\hp\AppData\Roaming\logo_empire_desktop.ico
2020-07-26 19:47 - 2020-07-26 19:47 - 000000000 _____ () C:\Users\hp\AppData\Local\BIT2AF8.tmp
2020-07-26 19:47 - 2020-07-26 19:47 - 000000000 _____ () C:\Users\hp\AppData\Local\BIT2B08.tmp
2020-08-11 10:45 - 2020-08-11 10:45 - 000000000 _____ () C:\Users\hp\AppData\Local\BIT6C89.tmp
2020-08-11 10:45 - 2020-08-11 10:45 - 000000000 _____ () C:\Users\hp\AppData\Local\BIT6CF8.tmp
2020-07-24 15:15 - 2020-07-24 15:15 - 000000000 _____ () C:\Users\hp\AppData\Local\BITD4FE.tmp
2020-07-24 15:15 - 2020-07-24 15:15 - 000000000 _____ () C:\Users\hp\AppData\Local\BITD50F.tmp
2021-09-09 10:00 - 2021-12-03 17:28 - 000000205 _____ () C:\Users\hp\AppData\Local\oobelibMkey.log
2021-02-19 18:23 - 2021-02-19 18:23 - 000000758 _____ () C:\Users\hp\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 

DR.M

Trusted Advisor
Malware Specialist
Joined
Sep 4, 2019
Messages
3,321
I don't want to lose any of my files as my business depends on them. I don't have the tech smarts to uninstall office and then recover the files and such.
You won't lose your Office files if you uninstall Microsoft Office. The files will stay there, and you can open them with the free Office program you will choose.

But I would like to check something else now.

Is your operating system (Windows) legally activated?
  • Press Windows icon on your Desktop, together with the letter R.
  • Type cmd, and press Ctrl + Shift + Enter to run Command Prompt as administrator.
  • Copy and paste the following command and press Enter:
Code:
slmgr /dli
  • After running the command, you will get a report. Please take a screenshot of what you got and attach it in your next reply. Here is an article where you can see how do you take a screenshot with the snipping tool, in case you need it.
 

SFSBIZCON

Thread Starter
Joined
Nov 29, 2021
Messages
10
I believe it was on the computer when I bought it and I don't want to lose any of my files as my business depends on them. I don't have the tech smarts to uninstall office and then recover the files and such. I'll try it after I finish up these last 2 clients that I'm in the process of helping. No problem.

Tech Support Guy System Info Utility version 1.0.0.9
OS Version: Microsoft Windows 10 Home, 64 bit, Build 19043, Installed 20210308022439.000000-300
Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz, Intel64 Family 6 Model 42 Stepping 7, CPU Count: 4
Total Physical RAM: 8 GB
Graphics Card: Intel(R) HD Graphics 3000
Hard Drives: C: 464 GB (91 GB Free);
Motherboard: Hewlett-Packard 167E, ver KBC Version 22.1F, s/n PCMED001Y2H0F2
System: Hewlett-Packard, ver HPQOEM - f, s/n CNU21315KC
Antivirus: Windows Defender, Disabled


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-12-2021
Ran by hp (administrator) on DESKTOP-I9VTLAM (Hewlett-Packard HP ProBook 4430s) (04-12-2021 10:09:52)
Running from C:\Users\hp\Desktop\New folder
Loaded Profiles: defaultuser0 & hp
Platform: Microsoft Windows 10 Home Version 21H1 19043.1348 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================




You won't lose your Office files if you uninstall Microsoft Office. The files will stay there, and you can open them with the free Office program you will choose.

But I would like to check something else now.

Is your operating system (Windows) legally activated?
  • Press Windows icon on your Desktop, together with the letter R.
  • Type cmd, and press Ctrl + Shift + Enter to run Command Prompt as administrator.
  • Copy and paste the following command and press Enter:
Code:
slmgr /dli
  • After running the command, you will get a report. Please take a screenshot of what you got and attach it in your next reply. Here is an article where you can see how do you take a screenshot with the snipping tool, in case you need it.
You won't lose your Office files if you uninstall Microsoft Office. The files will stay there, and you can open them with the free Office program you will choose.

But I would like to check something else now.

Is your operating system (Windows) legally activated?
  • Press Windows icon on your Desktop, together with the letter R.
  • Type cmd, and press Ctrl + Shift + Enter to run Command Prompt as administrator.
  • Copy and paste the following command and press Enter:
Code:
slmgr /dli
  • After running the command, you will get a report. Please take a screenshot of what you got and attach it in your next reply. Here is an article where you can see how do you take a screenshot with the snipping tool, in case you need it.
You won't lose your Office files if you uninstall Microsoft Office. The files will stay there, and you can open them with the free Office program you will choose.

But I would like to check something else now.

Is your operating system (Windows) legally activated?
  • Press Windows icon on your Desktop, together with the letter R.
  • Type cmd, and press Ctrl + Shift + Enter to run Command Prompt as administrator.
  • Copy and paste the following command and press Enter:
Code:
slmgr /dli
  • After running the command, you will get a report. Please take a screenshot of what you got and attach it in your next reply. Here is an article where you can see how do you take a screenshot with the snipping tool, in case you need it.
 

Attachments

DR.M

Trusted Advisor
Malware Specialist
Joined
Sep 4, 2019
Messages
3,321
Hi, SFSBIZCON.

Unfortunately, the operating system is neither OEM nor Retail licensed. It is a KMS Volume licensed. This maybe is due to several reasons: you bought the license from a questionable site or store, the computer belongs to a company, or you used KMS service to activate the operating system.

Having said that, unfortunately I can't help you, until you legally activate Windows with a legal license. I'm doing this not only because of the Forum's rules, but also because having an illegal operating system is the easier way to get infected or hacked. What's the meaning to clean the computer, when it is sure that it will get infected soon or later?

However, I have for you some questions in order to understand the situation and help you if there is a way.

When did you buy this computer? Was there an operating system installed? If yes, do you remember anything about it? E.g. Windows XP, Vista, Windows 7 Home? If it is a laptop, you can check for a label on its back and see what is says.
 

SFSBIZCON

Thread Starter
Joined
Nov 29, 2021
Messages
10
Hi, SFSBIZCON.

Unfortunately, the operating system is neither OEM nor Retail licensed. It is a KMS Volume licensed. This maybe is due to several reasons: you bought the license from a questionable site or store, the computer belongs to a company, or you used KMS service to activate the operating system.

Having said that, unfortunately I can't help you, until you legally activate Windows with a legal license. I'm doing this not only because of the Forum's rules, but also because having an illegal operating system is the easier way to get infected or hacked. What's the meaning to clean the computer, when it is sure that it will get infected soon or later?

However, I have for you some questions in order to understand the situation and help you if there is a way.

When did you buy this computer? Was there an operating system installed? If yes, do you remember anything about it? E.g. Windows XP, Vista, Windows 7 Home? If it is a laptop, you can check for a label on its back and see what is says.
I don't know what you mean. I bought the computer from someone on the internet many years back. Someone hacked it and they've somehow been keeping me from accessing certain websites specific to my industry.
 

DR.M

Trusted Advisor
Malware Specialist
Joined
Sep 4, 2019
Messages
3,321
I bought the computer from someone on the internet many years back.
Some sellers sell Volume licenses, which are mainly used by large companies, to ordinary users. They claim that they sell in a low price, but this type of licenses may cause issues at a later stage. In other words, they are not legal for ordinary users.

I asked you some questions at the end of my previous post. Can you please let me know about the answers?
 
Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top