Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Trojan? secureconv-ec.com

2K views 24 replies 3 participants last post by  DR.M 
#1 ·
When searching on chrome, approx 1 in 20 times, I'll get a pop up attempting to take me to secureconv-ec.com and its flagged as a trojan.
Unsure where to determine its location and how to remove.
Thanks.

Tech Support Guy System Info Utility version 1.0.0.9
OS Version: Microsoft Windows 10 Pro, 64 bit, Build 19041, Installed 20201004075620.000000-420
Processor: Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz, Intel64 Family 6 Model 158 Stepping 13, CPU Count: 16
Total Physical RAM: 64 GB
Graphics Card: NVIDIA GeForce RTX 2080 Ti
Hard Drives: C: 953 GB (728 GB Free); E: 2794 GB (937 GB Free); G: 4657 GB (1992 GB Free);
Motherboard: Micro-Star International Co., Ltd. MAG Z390 TOMAHAWK (MS-7B18), ver 1.0, s/n K116358246
System: American Megatrends Inc., ver ALASKA - 1072009, s/n Default string
Antivirus: Avast Antivirus, Enabled and Updated
 
#2 ·
Hi, BigHaus.

I will be assisting you regarding your computer's issues. Have in mind that I am still in training and my fixes have to be approved by my instructor, so there may be a slight delay in my replies. Look at it as a good thing though, since you will have two people looking at your problem.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting! Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Please, copy all the content of the required logs and paste it inside your post. Do not attach any log or other file, unless directed otherwise.

4. If your computer seems to start working normally, please don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within four days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

========================================================

Let's start.

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

If your antivirus software detects the tool as malicious, it's safe to allow FRST to run. It is a false-positive detection.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please copy and paste the content of these two logs in your next reply (or attach/upload).
 
#3 ·
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-11-2020
Ran by xyz (administrator) on DESKTOP-0H1FL2Q (Micro-Star International Co., Ltd. MS-7B18) (27-11-2020 08:51:08)
Running from E:\DL 2020
Loaded Profiles: xyz & JetBrainsYouTrack
Platform: Windows 10 Pro Version 2004 19041.630 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Amazon.com Inc.) [File not signed] E:\YouTrack\internal\java\windows-amd64\bin\java.exe
(Amazon.com Inc.) [File not signed] E:\YouTrack\internal\java\windows-amd64\bin\javaw.exe
(Amazon.com Services LLC -> Amazon.com Inc.) C:\Users\xyz\AppData\Local\Amazon Drive\AmazonPhotos.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdredline.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpn-browser-helper.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe
(Express Vpn LLC -> The OpenVPN Project) C:\Program Files (x86)\ExpressVPN\expressvpnd\windows\openvpn.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <96>
(GP Software -> GP Software) C:\Program Files\GPSoftware\Directory Opus\dopus.exe
(GP Software -> GP Software) C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
(ICEpower a/s -> ICEpower) C:\Windows\System32\ICEsoundService64.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(JetBrains s.r.o. -> JetBrains GmbH) E:\YouTrack\launcher\bin\JetService.exe
(JRiver, Inc. -> JRiver, Inc.) C:\Program Files\J River\Media Center 26\JRService.exe
(JRiver, Inc. -> JRiver, Inc.) C:\Program Files\J River\Media Center 26\Media Center 26.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mediafour Corporation -> Mediafour Corporation) C:\Program Files\Mediafour\MacDrive 10\MacDrive10Service.exe
(Mediafour Corporation -> Mediafour Corporation) C:\Program Files\Mediafour\MacDrive 10\MDHelper.exe
(Mediafour Corporation -> Mediafour) C:\Program Files\Mediafour\MacDrive 10\MacDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2009.4.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <12>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d223212c0a2275b5\Display.NvContainer\NVDisplay.Container.exe <2>
(Opera Software AS -> Opera Software) C:\Users\xyz\AppData\Local\Programs\Opera\assistant\browser_assistant.exe <2>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(ShareX Team) [File not signed] C:\Program Files\ShareX\ShareX.exe
(The Document Foundation -> The Document Foundation) C:\Program Files\LibreOffice\program\scalc.exe
(The Document Foundation -> The Document Foundation) C:\Program Files\LibreOffice\program\soffice.bin
(The Document Foundation -> The Document Foundation) C:\Program Files\LibreOffice\program\soffice.exe
(voidtools -> voidtools) C:\Program Files\Everything\Everything.exe <2>
(Wiziple software -> 1Clipboard) C:\Users\xyz\AppData\Local\1Clipboard\app-0.1.8\1Clipboard.exe <4>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9279432 2018-09-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [2240288 2019-02-03] (voidtools -> voidtools)
HKLM\...\Run: [MacDrive 10 helper] => C:\Program Files\Mediafour\MacDrive 10\MDHelper.exe [299872 2017-09-28] (Mediafour Corporation -> Mediafour Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [331064 2020-07-24] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646776 2020-03-12] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [465120 2020-08-20] (Express Vpn LLC -> ExpressVPN)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2048631613-2831981643-1474844327-1003\...\Run: [GoogleChromeAutoLaunch_99D1FF639E3638B290DAE6A24A50957B] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-2048631613-2831981643-1474844327-1003\...\Run: [1Clipboard] => C:\Users\xyz\AppData\Local\1Clipboard\app-0.1.8\1Clipboard.exe [51310576 2016-08-17] (Wiziple software -> 1Clipboard)
HKU\S-1-5-21-2048631613-2831981643-1474844327-1003\...\Run: [Directory Opus Desktop Dblclk] => C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe [714944 2020-06-22] (GP Software -> GP Software)
HKU\S-1-5-21-2048631613-2831981643-1474844327-1003\...\Run: [Amazon Photos] => C:\Users\xyz\AppData\Local\Amazon Drive\AmazonPhotos.exe [10028720 2020-11-25] (Amazon.com Services LLC -> Amazon.com Inc.)
HKU\S-1-5-21-2048631613-2831981643-1474844327-1003\...\Run: [ExpressVPN4] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe [1161440 2020-08-20] (Express Vpn LLC -> ExpressVPN)
HKU\S-1-5-21-2048631613-2831981643-1474844327-1003\...\Run: [Opera Browser Assistant] => C:\Users\xyz\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3154456 2020-11-24] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-2048631613-2831981643-1474844327-1004\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.198\Installer\chrmstp.exe [2020-11-16] (Google LLC -> Google LLC)
Startup: C:\Users\xyz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Directory Opus (Startup).lnk [2020-05-23]
ShortcutTarget: Directory Opus (Startup).lnk -> C:\Program Files\GPSoftware\Directory Opus\dopus.exe (GP Software -> GP Software)
Startup: C:\Users\xyz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2020-06-19]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team) [File not signed]
BootExecute: autocheck autochk * bddel.exe
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F7D3612-374C-4BC5-B24C-2E863F9333C4} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144744 2020-11-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {0F9D98F5-C277-472F-85EF-BE0C03E97017} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {2949E04B-A71B-4CCB-8E61-720C67C083A5} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22939528 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {3CE88125-D5F1-422D-856F-C5AF03417DEE} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3F7ED1AD-D2AD-4E84-BF85-607E57AAB993} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22939528 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {3FA1A6F5-ADA1-44BE-ABE8-44CD0EE251B6} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [895080 2020-10-28] (Bitdefender SRL -> Bitdefender)
Task: {4DF67F2C-C557-4244-8C67-99EC39235E40} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {545ACD33-9D1F-40E2-A3BA-E8E444E0FD22} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6955E9ED-B2E6-4C62-B331-9D3A229C4A46} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-05] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {6B9345A2-DDB3-4914-9D07-6A8220C49258} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [670928 2020-11-18] (Mozilla Corporation -> Mozilla Foundation)
Task: {941E3EDC-ADD9-467A-AE15-90290661E0AB} - System32\Tasks\G2MUpdateTask-S-1-5-21-2048631613-2831981643-1474844327-1003 => C:\Users\xyz\AppData\Local\GoToMeeting\18962\g2mupdate.exe [31320 2020-10-22] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {972821C9-8DA9-4BEC-9FE5-9863D720D3E5} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [914456 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9E04343B-B177-43D7-8A80-68E8EA6291C5} - System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-2048631613-2831981643-1474844327-1003Core => C:\Users\xyz\AppData\Local\BraveSoftware\Update\BraveUpdate.exe [157320 2020-02-08] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {AA34A7EA-B9B4-4961-ACD0-87B28DD98F22} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [914456 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AC5CE38E-BDD5-4449-BCF6-CA4987ED3145} - System32\Tasks\Opera scheduled assistant Autoupdate 1583002139 => C:\Users\xyz\AppData\Local\Programs\Opera\launcher.exe [1721368 2020-11-09] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\xyz\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {B849ED77-6EBC-41C9-BA6C-AEA77FE1805B} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [653848 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BB6DA6BF-FA65-4BD0-A2C6-EDA057F04C62} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-05] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {C4ED33F8-257D-43E2-A53C-DD331E64E3F9} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C6A3D794-218F-4173-830B-99A032BD6DEA} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302880 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D0C4DEA1-2157-41A6-937F-481FCAF6CFD4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-02-06] (Google LLC -> Google LLC)
Task: {D140CD2D-5DB1-4656-8B82-D66B8A10CE9E} - System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-2048631613-2831981643-1474844327-1003UA => C:\Users\xyz\AppData\Local\BraveSoftware\Update\BraveUpdate.exe [157320 2020-02-08] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {E3FD55AF-480F-4E0C-B132-3DA4B13CCBEE} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E7F7B079-D1ED-4DD4-9212-0CB808714A31} - System32\Tasks\G2MUploadTask-S-1-5-21-2048631613-2831981643-1474844327-1003 => C:\Users\xyz\AppData\Local\GoToMeeting\18962\g2mupload.exe [31320 2020-10-22] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {F0438804-3AD3-4C78-9369-A508ACEC4EAA} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144744 2020-11-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {F90DF26B-E601-4BE4-A8FB-D4D0844678C3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-02-06] (Google LLC -> Google LLC)
Task: {FE8F51F6-5460-49A7-8BEC-5F63144891FE} - System32\Tasks\Opera scheduled Autoupdate 1581188361 => c:\users\xyz\appdata\local\programs\opera\launcher.exe [1721368 2020-11-09] (Opera Software AS -> Opera Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2048631613-2831981643-1474844327-1003.job => C:\Users\xyz\AppData\Local\GoToMeeting\18962\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2048631613-2831981643-1474844327-1003.job => C:\Users\xyz\AppData\Local\GoToMeeting\18962\g2mupload.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1ebc415e-fce3-42f6-a54a-68b8ec60b35b}: [DhcpNameServer] 10.0.1.1 10.0.1.3
Tcpip\..\Interfaces\{6926abb0-6bfd-4e6d-9d7c-bf81eaf5897e}: [DhcpNameServer] 10.157.0.1
Tcpip\..\Interfaces\{84bd8d22-5c22-4c0d-b155-506b7440e219}: [DhcpNameServer] 192.168.0.1

Edge:
======
Edge Extension: (uBlock Origin) -> EdgeExtension_37833NikRollsuBlockOrigin_f8jsg5mm64m62 => C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.24.0_neutral__f8jsg5mm64m62 [2020-02-06]
Edge DefaultProfile: Default
Edge Profile: C:\Users\xyz\AppData\Local\Microsoft\Edge\User Data\Default [2020-11-25]
Edge Notifications: Default -> hxxps://twitter.com
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: 9xl9sqvh.default
FF DefaultProfile: y4ty9tmy.default
FF ProfilePath: C:\Users\xyz\AppData\Roaming\Mozilla\SeaMonkey\Profiles\9xl9sqvh.default [2020-11-02]
FF Extension: (DOM Inspector) - C:\Users\xyz\AppData\Roaming\Mozilla\SeaMonkey\Profiles\9xl9sqvh.default\Extensions\inspector@mozilla.org.xpi [2020-02-06] [Legacy] [not signed]
FF Extension: (ChatZilla) - C:\Users\xyz\AppData\Roaming\Mozilla\SeaMonkey\Profiles\9xl9sqvh.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}.xpi [2020-02-06] [Legacy] [not signed]
FF Extension: (Lightning) - C:\Users\xyz\AppData\Roaming\Mozilla\SeaMonkey\Profiles\9xl9sqvh.default\Extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} [2020-02-06] [Legacy] [not signed]
FF ProfilePath: C:\Users\xyz\AppData\Roaming\Mozilla\Firefox\Profiles\y4ty9tmy.default [2020-09-19]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\xyz\AppData\Roaming\Mozilla\Firefox\Profiles\y4ty9tmy.default\Extensions\sp@avast.com.xpi [2020-02-06]
FF Extension: (Avast Online Security) - C:\Users\xyz\AppData\Roaming\Mozilla\Firefox\Profiles\y4ty9tmy.default\Extensions\wrc@avast.com.xpi [2020-02-06]
FF ProfilePath: C:\Users\xyz\AppData\Roaming\Mozilla\Firefox\Profiles\7lqtzs3i.default-release-1605384285072 [2020-11-27]
FF Extension: (Facebook Container) - C:\Users\xyz\AppData\Roaming\Mozilla\Firefox\Profiles\7lqtzs3i.default-release-1605384285072\Extensions\@contain-facebook.xpi [2020-11-20]
FF Extension: (LastPass: Free Password Manager) - C:\Users\xyz\AppData\Roaming\Mozilla\Firefox\Profiles\7lqtzs3i.default-release-1605384285072\Extensions\support@lastpass.com.xpi [2020-11-18]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\xyz\AppData\Roaming\Mozilla\Firefox\Profiles\7lqtzs3i.default-release-1605384285072\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2020-11-25]
FF Extension: (Save to Notion) - C:\Users\xyz\AppData\Roaming\Mozilla\Firefox\Profiles\7lqtzs3i.default-release-1605384285072\Extensions\{4b547b2c-e114-4344-9b70-09b2fe0785f3}.xpi [2020-11-18]
FF Extension: (Old Layout for Facebook) - C:\Users\xyz\AppData\Roaming\Mozilla\Firefox\Profiles\7lqtzs3i.default-release-1605384285072\Extensions\{8792af17-0df8-40ab-81d3-6cc777171564}.xpi [2020-11-25]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\dtplugin\npDeployJava1.dll [2020-04-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\plugin2\npjp2.dll [2020-04-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-11-18] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2048631613-2831981643-1474844327-1003: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Users\xyz\AppData\Local\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2020-02-08] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin HKU\S-1-5-21-2048631613-2831981643-1474844327-1003: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Users\xyz\AppData\Local\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2020-02-08] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin HKU\S-1-5-21-2048631613-2831981643-1474844327-1003: @zoom.us/ZoomVideoPlugin -> C:\Users\xyz\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-05-14] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\bd_js_config.js [2020-09-20] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\bd_config.cfg [2020-09-20] <==== ATTENTION

Chrome:
=======
CHR Profile: C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default [2020-11-27]
CHR DownloadDir: E:\DL 2020
CHR Notifications: Default -> hxxps://app.slack.com; hxxps://calendar.google.com; hxxps://drive.google.com; hxxps://neilpatel.com; hxxps://twitter.com; hxxps://voice.google.com; hxxps://www.instagram.com
CHR Extension: (Google Translate) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2020-03-18]
CHR Extension: (Slides) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-02-06]
CHR Extension: (Simple mass downloader) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\abdkkegmcbiomijcbdaodaflgehfffed [2020-07-12]
CHR Extension: (lock) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeblfdkhhhdcdjpifhhbdiojplfjncoa [2020-11-17]
CHR Extension: (Flash Video Downloader) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2020-05-02]
CHR Extension: (Adblocker for Chrome - NoAds) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\alplpnakfeabeiebipdmaenpmbgknjce [2020-02-29]
CHR Extension: (Docs) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-02-06]
CHR Extension: (1Password extension (desktop app required)) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjjhallfgjeglblehebfpbcfeobpgk [2020-02-08]
CHR Extension: (Google Drive) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (Image Downloader for IW) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcieicfnbnmlffkgbiemoofinidpgloa [2020-07-08]
CHR Extension: (Turn Off the Lights) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2020-07-23]
CHR Extension: (DuckDuckGo) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2020-10-24]
CHR Extension: (Double-click Image Downloader) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkijmpolkanhdehnlnabfooghjdokakc [2020-05-26]
CHR Extension: (YouTube) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-02-06]
CHR Extension: (Vimeo™ Video Downloader) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgpbghdbejagejmciefmekcklikpoeel [2020-11-21]
CHR Extension: (uBlock Origin) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2020-10-20]
CHR Extension: (Superhuman) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcgcnpooblobhncpnddnhoendgbnglpn [2020-06-13]
CHR Extension: (Session Buddy) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2020-05-13]
CHR Extension: (Proper Menubar for Google Chrome) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\egclcjdpndeoioimlbbbmdhcaopnedkp [2020-03-12]
CHR Extension: (GoFullPage - Full Page Screen Capture) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2020-09-14]
CHR Extension: (Sheets) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-02-06]
CHR Extension: (ExpressVPN: VPN proxy to unblock everything) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgddmllnllkalaagkghckoinaemmogpe [2020-11-17]
CHR Extension: (Google Docs Offline) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-11]
CHR Extension: (Avast Online Security) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-06-04]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2020-11-25]
CHR Extension: (feedly) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2020-02-08]
CHR Extension: (Ledger Wallet Ethereum) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmlhkialjkaldndjnlcdfdphcgeadkkm [2020-02-08]
CHR Extension: (VIEW LATER - save links in a stack) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnolaplfoobcmgfmjphkmbjolinelpkb [2020-02-08]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2020-11-25]
CHR Extension: (Stream Video Downloader) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkngaibigegepnlckfcbecjoilcjbhf [2020-02-08]
CHR Extension: (TREZOR Chrome Extension) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcjjhjgimijdkoamemaghajlhegmoclj [2020-02-08]
CHR Extension: (Chrome Audio Capture) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfokdmfpdnokpmpbjhjbcabgligoelgp [2020-02-08]
CHR Extension: (Ledger Wallet Bitcoin) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdpmhnladdopljabkgpacgpliggeeaf [2020-07-29]
CHR Extension: (Notion Web Clipper) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\knheggckgoiihginacbkhaalnibhilkk [2020-10-06]
CHR Extension: (Linkclump) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj [2020-07-29]
CHR Extension: (TabCopy) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\micdllihgoppmejpecmkilggmaagfdmb [2020-08-26]
CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2020-07-23]
CHR Extension: (MEW CX) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbmnnijcnlegkjjpcfjclmcfggfefdm [2020-11-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-02-06]
CHR Extension: (ColorPick Eyedropper) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohcpnigalekghcmgcdcenkpelffpdolg [2020-10-04]
CHR Extension: (Downloader for Instagram) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\olkpikmlhoaojbbmmpejnimiglejmboe [2020-11-25]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2020-02-08]
CHR Extension: (Gmail) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-20]
CHR Extension: (Privacy Badger) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2020-10-11]
CHR Extension: (RSS Feed Reader) - C:\Users\xyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2020-09-03]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

Opera:
=======
OPR Extension: (Privacy Badger) - C:\Users\xyz\AppData\Roaming\Opera Software\Opera Stable\Extensions\ldfkcgjipgfchpnojicdgpgiocoeelik [2020-04-29]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-05-20] (Apple Inc. -> Apple Inc.)
R2 bdredline; C:\Program Files\Bitdefender Antivirus Free\bdredline.exe [2500144 2019-03-27] (Bitdefender SRL -> Bitdefender)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9057136 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)
R2 Everything; C:\Program Files\Everything\Everything.exe [2240288 2019-02-03] (voidtools -> voidtools)
R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [437472 2020-08-20] (Express Vpn LLC -> ExpressVPN)
R2 MacDrive10Service; C:\Program Files\Mediafour\MacDrive 10\MacDrive10Service.exe [223088 2018-03-21] (Mediafour Corporation -> Mediafour Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7269976 2020-11-25] (Malwarebytes Inc -> Malwarebytes)
R3 Media Center 26 Service; C:\Program Files\J River\Media Center 26\JRService.exe [435088 2020-09-04] (JRiver, Inc. -> JRiver, Inc.)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1355768 2020-10-28] (Bitdefender SRL -> Bitdefender)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5101992 2020-11-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [242024 2020-03-17] (Bitdefender SRL -> Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [582304 2020-10-02] (Bitdefender SRL -> Bitdefender)
R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [242024 2020-03-17] (Bitdefender SRL -> Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 YouTrack; E:\YouTrack\launcher\bin\JetService.exe [392808 2020-06-23] (JetBrains s.r.o. -> JetBrains GmbH)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d223212c0a2275b5\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d223212c0a2275b5\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [2151624 2020-10-02] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [796200 2020-05-26] (Bitdefender SRL -> Bitdefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [22960 2019-03-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R1 CBDisk; C:\Windows\system32\drivers\CBDisk.sys [70344 2015-06-09] (EldoS Corporation -> EldoS Corporation)
S3 edrsensor; C:\WINDOWS\System32\DRIVERS\edrsensor.sys [309120 2020-02-03] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-11-25] (Malwarebytes Corporation -> Malwarebytes)
S3 EvoMouseDriverFilterHidUsb; C:\WINDOWS\System32\drivers\EvoMouseDriverFilterHidUsb.sys [29936 2016-01-29] (WDKTestCert v.kurilovich,130838452094803308 -> Evoluent)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [37024 2020-08-20] (ExprsVPN LLC -> ExpressVPN)
R1 Gemma; C:\WINDOWS\System32\DRIVERS\gemma.sys [473608 2020-10-02] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220160 2020-11-25] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-11-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [197792 2020-11-25] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2020-11-25] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-11-25] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [138904 2020-11-25] (Malwarebytes Inc -> Malwarebytes)
R0 MDAPFS; C:\Windows\System32\Drivers\MDAPFS.sys [458800 2017-12-04] (Mediafour Corporation -> Other World Computing)
R0 MDAPFSCT; C:\Windows\System32\Drivers\MDAPFSCT.sys [47944 2017-12-04] (Mediafour Corporation -> Other World Computing)
R0 MDDISK; C:\Windows\System32\Drivers\MDDISK.sys [37808 2017-12-04] (Mediafour Corporation -> Other World Computing)
R0 MDFSYSNT; C:\Windows\System32\Drivers\MDFSYSNT.sys [321856 2017-12-04] (Mediafour Corporation -> Other World Computing)
R0 MDMOUNT; C:\Windows\System32\Drivers\MDMOUNT.sys [29064 2017-12-04] (Mediafour Corporation -> Other World Computing)
R3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [44304 2019-12-06] (ExprsVPN LLC -> The OpenVPN Project)
R2 trufos; C:\WINDOWS\System32\drivers\trufos.sys [640760 2020-10-02] (Bitdefender SRL -> Bitdefender)
R0 vlflt; C:\WINDOWS\System32\DRIVERS\vlflt.sys [385776 2020-10-02] (Bitdefender SRL -> Bitdefender)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-11-27 08:50 - 2020-11-27 08:51 - 000000000 ____D C:\FRST
2020-11-26 16:34 - 2020-11-26 16:34 - 000000000 ____D C:\Users\xyz\AppData\Local\Amazon Drive
2020-11-26 08:19 - 2020-11-26 08:19 - 000000000 ___DC C:\Users\xyz\Documents\BCU Backup 2020-11-26_08-19-58
2020-11-25 20:17 - 2020-11-25 20:20 - 106442969 _____ C:\Users\xyz\Downloads\2020-12-01_France.pdf
2020-11-25 19:44 - 2020-11-26 08:30 - 000000000 ____D C:\Program Files\BCUninstaller
2020-11-25 19:44 - 2020-11-25 19:44 - 000000913 _____ C:\Users\Public\Desktop\BCUninstaller.lnk
2020-11-25 19:44 - 2020-11-25 19:44 - 000000913 _____ C:\ProgramData\Desktop\BCUninstaller.lnk
2020-11-25 19:44 - 2020-11-25 19:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BCUninstaller
2020-11-25 19:39 - 2020-11-25 19:39 - 000044008 _____ C:\WINDOWS\system32\bddel.exe
2020-11-25 19:39 - 2020-11-25 19:39 - 000000594 _____ C:\WINDOWS\system32\bddel.dat
2020-11-25 18:33 - 2020-11-25 18:33 - 000197792 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2020-11-25 18:33 - 2020-11-25 18:33 - 000138904 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2020-11-25 18:33 - 2020-11-25 18:33 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-11-25 13:27 - 2020-11-25 13:27 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-11-25 13:27 - 2020-11-25 13:27 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-11-25 13:27 - 2020-11-25 13:27 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-11-25 13:26 - 2020-11-25 13:26 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-11-25 13:26 - 2020-11-25 13:26 - 000220160 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-11-25 13:26 - 2020-11-25 13:26 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-11-25 13:26 - 2020-11-25 13:26 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-11-25 13:26 - 2020-11-25 13:26 - 000000000 ____D C:\Program Files\Malwarebytes
2020-11-24 23:40 - 2020-11-24 23:40 - 000000039 _____ C:\Users\xyz\AppData\Local\kritadisplayrc
2020-11-21 19:02 - 2020-11-21 19:26 - 921549587 _____ C:\Users\xyz\Downloads\Ricoh_BounceFM Interview.mov
2020-11-21 17:19 - 2020-11-21 17:19 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2020-11-19 18:54 - 2020-11-19 19:00 - 1426386834 _____ C:\Users\xyz\Downloads\Candido - Anthology (2-CD) (2005) (WAV).zip
2020-11-19 18:52 - 2020-11-19 19:07 - 2843426079 _____ C:\Users\xyz\Downloads\David Mancuso - 2005 Shibuya FM (Japan) (5-CD) (WAV)(2).zip
2020-11-19 18:48 - 2020-11-19 18:50 - 374046944 _____ C:\Users\xyz\Downloads\Candido - Thousand Finger Man (1970) (WAV)(1).zip
2020-11-19 18:47 - 2020-11-19 18:50 - 630946015 _____ C:\Users\xyz\Downloads\Eddie Hazel - Game, Dames & Guitar Thangs (Expanded) (1977) (WAV) (CD Rip).zip
2020-11-19 18:46 - 2020-11-19 18:47 - 332793414 _____ C:\Users\xyz\Downloads\Candido Camero - Candido (1956) (WAV).zip
2020-11-19 18:46 - 2020-11-19 18:47 - 076796638 _____ C:\Users\xyz\Downloads\Whitney Houston - Love Will Save the Day (Jellybean & Morales 12'' Remix) (WAV)(1).zip
2020-11-19 18:44 - 2020-11-19 18:45 - 118967302 _____ C:\Users\xyz\Downloads\Herbie Hancock - Stars In Your Eyes (Special Disco Remix) (1980) (WAV)(1).wav
2020-11-18 22:35 - 2020-11-18 22:35 - 076796638 _____ C:\Users\xyz\Downloads\Whitney Houston - Love Will Save the Day (Jellybean & Morales 12'' Remix) (WAV).zip
2020-11-18 22:32 - 2020-11-18 22:33 - 118967302 _____ C:\Users\xyz\Downloads\Herbie Hancock - Stars In Your Eyes (Special Disco Remix) (1980) (WAV).wav
2020-11-18 20:02 - 2020-11-18 20:08 - 1720214697 _____ C:\Users\xyz\Downloads\Frenzy in The Club for Face The Bass 11-17-2020.mp4
2020-11-18 19:51 - 2020-11-18 19:51 - 005063883 _____ C:\Users\xyz\Downloads\fe1302_b3b74b626a544a26a0bd6f209a909683.pdf
2020-11-18 18:53 - 2020-11-18 19:02 - 2843426079 _____ C:\Users\xyz\Downloads\David Mancuso - 2005 Shibuya FM (Japan) (5-CD) (WAV)(1).zip
2020-11-18 18:46 - 2020-11-25 18:32 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-11-18 12:57 - 2020-11-18 12:58 - 374046944 _____ C:\Users\xyz\Downloads\Candido - Thousand Finger Man (1970) (WAV).zip
2020-11-18 10:41 - 2020-11-18 10:47 - 2843426079 _____ C:\Users\xyz\Downloads\David Mancuso - 2005 Shibuya FM (Japan) (5-CD) (WAV).zip
2020-11-16 09:28 - 2020-11-25 19:19 - 000000000 ____D C:\Users\xyz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2020-11-14 12:04 - 2020-11-14 12:04 - 000000000 ____D C:\Users\xyz\Desktop\Old Firefox Data
2020-11-11 00:14 - 2020-11-11 00:14 - 000086620 _____ C:\ProgramData\agent.update.1605082466.bdinstall.v2.bin
2020-11-10 22:26 - 2020-11-10 22:26 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-11-10 22:26 - 2020-11-10 22:26 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-11-10 22:26 - 2020-11-10 22:26 - 000152576 _____ C:\WINDOWS\system32\EoAExperiences.exe
2020-11-10 22:26 - 2020-11-10 22:26 - 000009265 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2020-11-10 22:25 - 2020-11-10 22:25 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll
2020-11-09 00:09 - 2020-11-09 00:09 - 000000078 _____ C:\Users\xyz\AppData\Roaming\VCFX.dat
2020-11-09 00:05 - 2020-11-09 00:05 - 000001128 _____ C:\Users\Public\Desktop\VCartoonizer.lnk
2020-11-09 00:05 - 2020-11-09 00:05 - 000001128 _____ C:\ProgramData\Desktop\VCartoonizer.lnk
2020-11-09 00:05 - 2020-11-09 00:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VCartoonizer
2020-11-09 00:05 - 2020-11-09 00:05 - 000000000 ____D C:\Program Files (x86)\VCartoonizer
2020-11-08 23:59 - 2020-11-09 00:10 - 000000078 _____ C:\Users\xyz\AppData\Roaming\IP.dat
2020-11-08 23:59 - 2020-11-08 23:59 - 000001075 _____ C:\Users\Public\Desktop\iToon.lnk
2020-11-08 23:59 - 2020-11-08 23:59 - 000001075 _____ C:\ProgramData\Desktop\iToon.lnk
2020-11-08 23:59 - 2020-11-08 23:59 - 000000000 ____D C:\Users\xyz\AppData\Roaming\iToon
2020-11-08 23:59 - 2020-11-08 23:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iToon
2020-11-08 23:59 - 2020-11-08 23:59 - 000000000 ____D C:\Program Files (x86)\iToon
2020-11-08 23:51 - 2020-11-08 23:51 - 000000000 ____D C:\Users\xyz\AppData\Roaming\gmic
2020-11-08 23:51 - 2020-11-08 23:51 - 000000000 ____D C:\Users\xyz\AppData\Local\ImageMagick
2020-11-08 23:50 - 2020-11-08 23:50 - 000000000 ____D C:\Users\xyz\AppData\Roaming\PrimaCartoonizer
2020-11-08 23:49 - 2020-11-09 00:16 - 000000078 _____ C:\Users\xyz\AppData\Roaming\PC.dat
2020-11-08 23:49 - 2020-11-08 23:49 - 000001183 _____ C:\Users\Public\Desktop\Prima Cartoonizer.lnk
2020-11-08 23:49 - 2020-11-08 23:49 - 000001183 _____ C:\ProgramData\Desktop\Prima Cartoonizer.lnk
2020-11-08 23:49 - 2020-11-08 23:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prima Cartoonizer
2020-11-08 23:49 - 2020-11-08 23:49 - 000000000 ____D C:\Program Files (x86)\Prima Cartoonizer
2020-11-06 14:25 - 2020-11-06 14:26 - 028577997 _____ C:\Users\xyz\Downloads\2020-11-01_FHM_Australia.pdf
2020-11-05 19:37 - 2020-11-05 19:38 - 204230656 _____ C:\Users\xyz\Downloads\PM6SetupR5260.msi
2020-11-04 13:08 - 2020-11-04 13:08 - 000001263 _____ C:\Users\xyz\AppData\Local\recently-used.xbel
2020-11-01 13:26 - 2020-11-24 23:40 - 000021459 _____ C:\Users\xyz\AppData\Local\kritarc
2020-11-01 13:26 - 2020-11-01 13:26 - 000000000 ____D C:\Users\xyz\AppData\Roaming\krita
2020-11-01 13:26 - 2020-11-01 13:26 - 000000000 ____D C:\Users\xyz\AppData\Local\krita
2020-11-01 13:25 - 2020-11-01 13:25 - 000001823 _____ C:\Users\Public\Desktop\Krita.lnk
2020-11-01 13:25 - 2020-11-01 13:25 - 000001823 _____ C:\ProgramData\Desktop\Krita.lnk
2020-11-01 13:25 - 2020-11-01 13:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Krita
2020-11-01 13:25 - 2020-11-01 13:25 - 000000000 ____D C:\Program Files\Krita (x64)

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-11-27 08:52 - 2020-09-19 14:12 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2020-11-27 08:48 - 2020-10-04 06:52 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-11-27 08:48 - 2019-12-07 01:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-11-27 02:37 - 2019-12-07 01:03 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2020-11-27 00:11 - 2020-04-08 09:34 - 000000000 ____D C:\Users\xyz\AppData\Roaming\1Clipboard
2020-11-27 00:03 - 2020-02-08 11:54 - 000000000 ____D C:\Users\xyz\AppData\Roaming\vlc
2020-11-26 16:35 - 2020-10-12 20:41 - 000001233 _____ C:\Users\xyz\Desktop\Amazon Backup.lnk
2020-11-26 16:35 - 2020-10-12 20:38 - 000000000 ____D C:\Users\xyz\AppData\Roaming\Amazon Cloud Drive
2020-11-26 16:34 - 2020-10-12 20:39 - 000001217 _____ C:\Users\xyz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Photos.lnk
2020-11-26 13:37 - 2020-10-04 06:56 - 000004444 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1583002139
2020-11-26 12:25 - 2020-02-02 13:25 - 000000000 ____D C:\ProgramData\NVIDIA
2020-11-26 08:18 - 2020-02-06 23:53 - 000000000 ____D C:\Users\xyz\AppData\LocalLow\Mozilla
2020-11-26 01:46 - 2020-10-04 06:56 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-11-26 01:46 - 2020-05-05 15:24 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-11-25 20:08 - 2020-02-08 10:59 - 000000000 ____D C:\ProgramData\Mozilla
2020-11-25 19:24 - 2020-03-24 11:16 - 000000000 ____D C:\Users\xyz\AppData\Local\SquirrelTemp
2020-11-25 18:36 - 2020-10-04 07:01 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-11-25 18:36 - 2019-12-07 01:13 - 000000000 ____D C:\WINDOWS\INF
2020-11-25 18:32 - 2020-10-04 06:56 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-11-25 18:32 - 2020-10-04 06:52 - 000008192 ___SH C:\DumpStack.log.tmp
2020-11-25 18:32 - 2020-06-19 17:43 - 000000000 ____D C:\Users\xyz\Documents\ShareX
2020-11-25 18:32 - 2020-02-08 11:45 - 000000000 ____D C:\Users\xyz\AppData\Local\Everything
2020-11-25 18:32 - 2020-02-08 11:10 - 000000000 ____D C:\Users\xyz\AppData\Roaming\Everything
2020-11-25 18:32 - 2020-02-08 10:59 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-11-25 18:32 - 2020-02-02 13:25 - 000054443 _____ C:\ProgramData\NVDisplayContainerWatchdog.log_backup1
2020-11-25 18:32 - 2020-02-02 13:25 - 000020121 _____ C:\ProgramData\NVDisplay.ContainerLocalSystem.log_backup1
2020-11-25 18:32 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\ServiceState
2020-11-25 18:32 - 2019-12-07 01:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-11-25 13:26 - 2019-12-07 01:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-11-25 11:25 - 2020-02-02 13:25 - 000011853 _____ C:\ProgramData\DisplaySessionContainer1.log_backup1
2020-11-25 08:29 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-11-25 07:18 - 2020-06-16 16:55 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-11-25 07:18 - 2020-06-16 16:55 - 000002259 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-11-25 07:18 - 2020-06-16 16:55 - 000002259 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-11-25 07:18 - 2019-12-07 01:14 - 000000000 ___HD C:\Program Files\WindowsApps
2020-11-21 17:19 - 2020-02-08 10:59 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-11-21 17:17 - 2020-02-02 13:25 - 000001209 _____ C:\ProgramData\NvcDispCorePlugin.log_backup1
2020-11-21 17:16 - 2020-02-06 23:18 - 000011787 _____ C:\ProgramData\DisplaySessionContainer2.log_backup1
2020-11-21 17:15 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-11-20 16:05 - 2020-02-08 10:59 - 000002613 _____ C:\Users\xyz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2020-11-20 16:05 - 2020-02-08 10:59 - 000002576 _____ C:\Users\xyz\Desktop\Brave.lnk
2020-11-16 12:31 - 2020-02-06 23:48 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-11-16 12:31 - 2020-02-06 23:48 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-11-16 12:31 - 2020-02-06 23:48 - 000002260 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-11-15 00:03 - 2019-05-24 09:23 - 000000000 ____D C:\Program Files\Microsoft Office
2020-11-13 13:43 - 2020-10-04 06:56 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-11-13 13:43 - 2020-10-04 06:56 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-11-12 17:03 - 2020-02-06 23:32 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-11-12 17:01 - 2020-02-06 23:32 - 133736600 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-11-12 08:16 - 2020-10-04 06:56 - 000004194 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1581188361
2020-11-12 08:16 - 2020-02-08 10:59 - 000001403 _____ C:\Users\xyz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2020-11-11 00:14 - 2020-06-13 14:27 - 000000000 ____D C:\Program Files\Bitdefender Agent
2020-11-11 00:13 - 2020-10-04 06:52 - 000699888 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-11-11 00:12 - 2020-10-05 22:07 - 000000000 ____D C:\Users\xyz\AppData\Roaming\Notion
2020-11-11 00:12 - 2020-03-24 11:17 - 000000000 ____D C:\Users\xyz\AppData\Roaming\Slack
2020-11-11 00:12 - 2019-12-07 01:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-11-11 00:12 - 2019-12-07 01:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-11-11 00:12 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2020-11-11 00:12 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SystemResources
2020-11-11 00:12 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2020-11-11 00:12 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\setup
2020-11-11 00:12 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-11-11 00:12 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-11-11 00:12 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-11-11 00:12 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-11-11 00:12 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-11-10 22:27 - 2019-12-07 01:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-11-10 22:25 - 2020-10-04 06:53 - 002876928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2020-11-06 17:01 - 2020-06-19 17:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShareX
2020-11-06 17:01 - 2020-06-19 17:43 - 000000000 ____D C:\Program Files\ShareX
2020-11-05 07:31 - 2020-10-04 02:38 - 000000000 ___DC C:\WINDOWS\Panther
2020-11-04 17:14 - 2020-03-24 11:17 - 000002193 _____ C:\Users\xyz\Desktop\Slack.lnk
2020-11-04 17:14 - 2020-03-24 11:17 - 000000000 ____D C:\Users\xyz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies Inc
2020-11-04 17:14 - 2020-03-24 11:16 - 000000000 ____D C:\Users\xyz\AppData\Local\slack
2020-11-02 16:52 - 2020-08-20 17:00 - 000000000 ____D C:\Users\xyz\.dbus-keyrings
2020-11-01 13:54 - 2020-03-30 15:17 - 000000000 ____D C:\Users\xyz\AppData\Roaming\XnViewMP
2020-11-01 08:38 - 2020-05-05 07:51 - 000000000 ____D C:\Users\xyz\AppData\Local\GoToMeeting
2020-10-29 06:11 - 2020-10-04 06:56 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2048631613-2831981643-1474844327-1003
2020-10-29 06:11 - 2020-10-04 03:20 - 000002361 _____ C:\Users\xyz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-10-29 06:11 - 2020-02-06 23:19 - 000000000 ___RD C:\Users\xyz\OneDrive

==================== Files in the root of some directories ========

2003-12-04 08:05 - 2003-12-04 08:05 - 000000000 ____H () C:\ProgramData\sdpsenv.dat
2020-11-08 23:59 - 2020-11-09 00:10 - 000000078 _____ () C:\Users\xyz\AppData\Roaming\IP.dat
2020-11-08 23:49 - 2020-11-09 00:16 - 000000078 _____ () C:\Users\xyz\AppData\Roaming\PC.dat
2020-11-09 00:09 - 2020-11-09 00:09 - 000000078 _____ () C:\Users\xyz\AppData\Roaming\VCFX.dat
2020-11-01 13:26 - 2020-11-24 23:39 - 000002974 _____ () C:\Users\xyz\AppData\Local\krita-sysinfo.log
2020-11-01 13:26 - 2020-11-24 23:40 - 000042057 _____ () C:\Users\xyz\AppData\Local\krita.log
2020-11-24 23:40 - 2020-11-24 23:40 - 000000039 _____ () C:\Users\xyz\AppData\Local\kritadisplayrc
2020-11-01 13:26 - 2020-11-24 23:40 - 000021459 _____ () C:\Users\xyz\AppData\Local\kritarc
2020-11-04 13:08 - 2020-11-04 13:08 - 000001263 _____ () C:\Users\xyz\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 
#4 ·
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-11-2020
Ran by xyz (27-11-2020 08:52:22)
Running from E:\DL 2020
Windows 10 Pro Version 2004 19041.630 (X64) (2020-10-04 14:56:20)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2048631613-2831981643-1474844327-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2048631613-2831981643-1474844327-503 - Limited - Disabled)
Guest (S-1-5-21-2048631613-2831981643-1474844327-501 - Limited - Disabled)
JetBrainsYouTrack (S-1-5-21-2048631613-2831981643-1474844327-1004 - Limited - Enabled) => C:\Users\JetBrainsYouTrack
WDAGUtilityAccount (S-1-5-21-2048631613-2831981643-1474844327-504 - Limited - Disabled)
xyz (S-1-5-21-2048631613-2831981643-1474844327-1003 - Administrator - Enabled) => C:\Users\xyz

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {EA21BCE8-A461-99C3-3A0D-4C964E75494E}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1Password (HKU\S-1-5-21-2048631613-2831981643-1474844327-1003\...\1Password) (Version: 7.6.778 - AgileBits Inc.)
7-Zip 20.00 alpha (x64) (HKLM\...\7-Zip) (Version: 20.00 alpha - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.013.20066 - Adobe Systems Incorporated)
Amazon Photos (HKU\S-1-5-21-2048631613-2831981643-1474844327-1003\...\Amazon Photos) (Version: 7.6.1 - Amazon.com, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{9738288C-21BC-4F54-AB4F-72F059339376}) (Version: 8.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{DEB339C1-2687-43AB-816A-8714F3E26846}) (Version: 8.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C788AE25-3D4E-4D18-811B-3219F778487E}) (Version: 13.5.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
BCUninstaller (HKLM\...\{f4fef76c-1aa9-441c-af7e-d27f58d898d1}_is1) (Version: 4.16.0.38993 - Marcin Szeniak)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 24.0.1.169 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.17.200 - Bitdefender)
Bluefire Reader for Windows (HKLM-x32\...\{6DC2F94C-1F8B-432A-B4E5-3454968CA299}) (Version: 1.01.1006 - Bluefire Productions, LLC)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BookWright version 1.5.0 (HKLM-x32\...\{C17978EB-5A2C-40E3-B351-F03A27245BF9}_is1) (Version: 1.5.0 - Blurb, Inc.)
Brave (HKU\S-1-5-21-2048631613-2831981643-1474844327-1003\...\BraveSoftware Brave-Browser) (Version: 87.1.17.73 - Brave Software Inc)
Bulk Rename Utility 3.3.1.0 (64-bit) (HKLM\...\Bulk Rename Utility Installation_is1) (Version: - TGRMN Software)
CopyTrans HEIC for Windows (HKLM\...\CopyTrans HEIC for Windows_is1) (Version: 1.0.0.7 - Ursa Minor Ltd)
Directory Opus (HKLM\...\{6CFA061F-1A4C-4569-963F-2ACFC60F5CAD}_is1) (Version: 12.21 - GPSoftware)
Everything 1.4.1.935 (x64) (HKLM\...\Everything) (Version: 1.4.1.935 - David Carpenter)
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B8468D8835}) (Version: 7.12.1.4 - ExpressVPN) Hidden
ExpressVPN (HKLM-x32\...\{ebd248cd-b3ef-4e14-b91a-d626fa5c392a}) (Version: 7.12.1.4 - ExpressVPN)
Free PDF Compressor (HKLM-x32\...\{BFA49A14-EC18-4071-BC13-B43043B09222}_is1) (Version: - freepdfcompressor.com)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.1 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 86.0.4240.198 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden
GoTo Opener (HKLM-x32\...\{C0F33C38-345C-4C02-B161-11389350C2A5}) (Version: 1.0.533 - LogMeIn, Inc.)
GoToMeeting 10.14.0.18962 (HKU\S-1-5-21-2048631613-2831981643-1474844327-1003\...\GoToMeeting) (Version: 10.14.0.18962 - LogMeIn, Inc.)
GStreamer 1.0 (HKLM-x32\...\{2B4318DA-B944-4DE9-9E07-DE407C4542C1}) (Version: 1.16.2 - GStreamer Project)
HFSExplorer 0.23.1 (HKLM-x32\...\HFSExplorer) (Version: 0.23.1 - Catacombae Software)
HWiNFO64 Version 6.22 (HKLM\...\HWiNFO64_is1) (Version: 6.22 - Martin Malik - REALiX)
Inkscape (HKLM-x32\...\Inkscape) (Version: 1.0.0- - Inkscape)
Intel(R) Chipset Device Software (HKLM-x32\...\{4551f75f-3c54-4f09-8221-8c8a061bad00}) (Version: 10.1.18019.8144 - Intel(R) Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1909.12.0.1236 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.52.230.1 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{c6de84fd-ece7-4c2a-9f06-8cabe7ab79a0}) (Version: 1.52.230.1 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000040-0210-1033-84C8-B8D95FA3C8C3}) (Version: 21.40.0.1 - Intel Corporation)
IrfanView 4.54 (64-bit) (HKLM\...\IrfanView64) (Version: 4.54 - Irfan Skiljan)
iToon version 2.1.9 (HKLM-x32\...\{3CEFEA4A-CC8C-4C31-830A-36AB1D4AC901}_is1) (Version: 2.1.9 - itoon.net)
iTunes (HKLM\...\{EA1B93E5-47D8-4252-8441-DEC5F5274C60}) (Version: 12.10.8.5 - Apple Inc.)
Java 8 Update 251 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180251F0}) (Version: 8.0.2510.8 - Oracle Corporation)
JetBrains YouTrack 2020.2 (HKLM-x32\...\{61FE081D-2689-4576-916F-4C490A065B40}) (Version: 20.2.9836 - JetBrains)
JRiver Media Center 26 (64-bit) (HKLM\...\Media Center 26 (64-bit)) (Version: 26 - JRiver, Inc.)
Krita (x64) 4.4.1 (HKLM\...\Krita_x64) (Version: 4.4.1.100 - Krita Foundation)
LibreOffice 6.4.0.3 (HKLM\...\{5DE38E8F-2A6F-44E7-9D24-0C6D056597D6}) (Version: 6.4.0.3 - The Document Foundation)
MacDrive 10 Standard (HKLM\...\{E683EA04-6880-4E28-9882-C24C78E40BCD}) (Version: 10.5.4.9 - Mediafour Corporation) Hidden
MacDrive 10 Standard (HKLM-x32\...\{6a01eda0-48cb-4c14-bf17-f54a88aabd49}) (Version: 10.5.4.9 - Other World Computing, Inc.)
Malwarebytes version 4.2.3.96 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.3.96 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13328.20356 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.47 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.137.99 - )
Microsoft OneDrive (HKU\S-1-5-21-2048631613-2831981643-1474844327-1003\...\OneDriveSetup.exe) (Version: 20.169.0823.0008 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{97238E8A-4919-4A1E-965A-C6C36938F4CE}) (Version: 2.68.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Mozilla Firefox 83.0 (x64 en-US) (HKLM\...\Mozilla Firefox 83.0 (x64 en-US)) (Version: 83.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 72.0.2 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.8.4 - Notepad++ Team)
Notion 2.0.9 (HKU\S-1-5-21-2048631613-2831981643-1474844327-1003\...\{fcdf0d7f-424b-5f10-a1c7-a8f643f21adf}) (Version: 2.0.9 - Notion Labs, Incorporated)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.19 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.20.2.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.2.34 - NVIDIA Corporation)
NVIDIA Graphics Driver 441.87 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 441.87 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden
Opera Stable 72.0.3815.320 (HKU\S-1-5-21-2048631613-2831981643-1474844327-1003\...\Opera 72.0.3815.320) (Version: 72.0.3815.320 - Opera Software)
Pale Moon 28.8.2.1 (x64 en-US) (HKLM\...\Pale Moon 28.8.2.1 (x64 en-US)) (Version: 28.8.2.1 - Moonchild Productions)
PDF Shaper Free 10.0 (HKLM-x32\...\PDF Shaper Free_is1) (Version: - Burnaware)
Photo Mechanic (HKLM\...\{91B9F6BE-3256-4074-B743-6015CEAEED4F}) (Version: 6.0.5029 - Camera Bits, Inc.)
Photo Mechanic 5 (HKLM-x32\...\{DE924CF0-B8BB-42BA-BDA0-14535F79DF3F}) (Version: 5.0 - Camera Bits, Inc)
Prima Cartoonizer version 2.2 (HKLM-x32\...\{DD2AE33E-132A-42CF-9849-8F9F55D1EB27}_is1) (Version: 2.2 - Primacartoonizer.com)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8522 - Realtek Semiconductor Corp.)
SeaMonkey 2.49.5 (x64 en-US) (HKLM\...\SeaMonkey 2.49.5 (x64 en-US)) (Version: 2.49.5 - Mozilla)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 13.3.0 - ShareX Team)
Slack (HKU\S-1-5-21-2048631613-2831981643-1474844327-1003\...\slack) (Version: 4.10.3 - Slack Technologies Inc.)
SpeedCrunch (HKLM-x32\...\SpeedCrunch) (Version: 0.12 - SpeedCrunch)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
Topaz Adjust AI (HKU\S-1-5-21-2048631613-2831981643-1474844327-1003\...\{91694451-ff2d-4d31-98e4-5b80d77844fd}) (Version: 1.0.0 - Topaz Labs, LLC)
Topaz DeNoise AI (HKLM\...\Topaz DeNoise AI 2.2.2) (Version: 2.2.2 - Topaz Labs LLC)
Topaz Gigapixel AI (HKLM\...\Topaz Gigapixel AI 4.9.4.1) (Version: 4.9.4.1 - Topaz Labs LLC)
Topaz JPEG to RAW AI (HKU\S-1-5-21-2048631613-2831981643-1474844327-1003\...\{980020be-bf73-4720-ac0a-d9e7799bb50e}) (Version: 1.0.0 - Topaz Labs, LLC)
Topaz Mask AI (HKLM\...\Topaz Mask AI 1.2.4) (Version: 1.2.4 - Topaz Labs LLC)
Topaz Sharpen AI (HKLM\...\Topaz Sharpen AI 2.0.5) (Version: 2.0.5 - Topaz Labs LLC)
Topaz Studio 2 (HKLM\...\Topaz Studio 2 2.3.1) (Version: 2.3.1 - Topaz Labs LLC)
VCartoonizer version 1.4.7 (HKLM-x32\...\{C116AC2F-3550-4E65-B598-EABF402A0546}_is1) (Version: 1.4.7 - Cartoonizevideo.com by Convert Daily Inc.)
Vivaldi (HKU\S-1-5-21-2048631613-2831981643-1474844327-1003\...\Vivaldi) (Version: 2.10.1745.27 - Vivaldi Technologies AS.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Waterfox Current 68.0 (x64 en-US) (HKLM\...\Waterfox Current 68.0 (x64 en-US)) (Version: 68.0 - Waterfox)
XnViewMP 0.96.5 (HKLM\...\XnViewMP_is1) (Version: 0.96.5 - Gougelet Pierre-e)
XYplorer 20.80 (HKLM-x32\...\XYplorer) (Version: 20.80 - Donald Lessau, Cologne Code Company)
Zoom (HKU\S-1-5-21-2048631613-2831981643-1474844327-1003\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)

Packages:
=========
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_121.1.193.0_x64__v10z8vjag6ke6 [2020-11-03] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-02-09] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-02-09] (Microsoft Corporation) [MS Ad]
Microsoft Office Outlook Desktop Integration -> C:\Program Files\WindowsApps\Microsoft.OutlookDesktopIntegrationServices_16009.11426.10000.0_x64__8wekyb3d8bbwe [2020-02-12] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-10-24] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.958.0_x64__56jybvy8sckqj [2020-10-04] (NVIDIA Corp.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-02-15] (Microsoft Corporation)
uBlock Origin -> C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.24.0_neutral__f8jsg5mm64m62 [2020-02-06] (Nik Rolls)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003_Classes\CLSID\{034F85A4-55EC-4964-A3C5-652813B0FD3A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software -> GP Software)
CustomCLSID: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003_Classes\CLSID\{06B74C04-E813-4DD4-A972-172836EFA8D6}\InprocServer32 -> C:\Users\xyz\AppData\Local\BraveSoftware\Update\1.3.99.0\psuser_64.dll (Brave Software, Inc. -> BraveSoftware Inc.)
CustomCLSID: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003_Classes\CLSID\{06C9646D-2807-44C0-97D2-6DA0DB623DB4}\localserver32 -> C:\Users\xyz\AppData\Local\BraveSoftware\Brave-Browser\Application\87.1.17.73\notification_helper.exe (Brave Software, Inc. -> Brave Software, Inc.)
CustomCLSID: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003_Classes\CLSID\{108A0ADB-56B4-44BD-9F35-D44D720932B2}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software -> GP Software)
CustomCLSID: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003_Classes\CLSID\{11DF74D3-A6AD-4A07-9990-1806B08E0120}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software -> GP Software)
CustomCLSID: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003_Classes\CLSID\{17B7BC10-DF79-44D5-AF0A-BDFAA5C6C23A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software -> GP Software)
CustomCLSID: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003_Classes\CLSID\{19E812AC-D2EB-4012-A71B-341C237AA086}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software -> GP Software)
CustomCLSID: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003_Classes\CLSID\{208C13AC-A5EF-458D-96DF-2B13E255FC52}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software -> GP Software)
CustomCLSID: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003_Classes\CLSID\{24C51DB7-F1E3-433F-B950-81301D74B37D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software -> GP Software)
CustomCLSID: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003_Classes\CLSID\{26A069F4-77A4-4458-AEDE-655DE79BF359}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software -> GP Software)
CustomCLSID: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003_Classes\CLSID\{27F26BBA-6F8B-4D8B-9F31-EFC79D646B3C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software -> GP Software)
CustomCLSID: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003_Classes\CLSID\{283D308B-7EA9-4DA0-BCC0-96010F4A875E}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software -> GP Software)
CustomCLSID: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003_Classes\CLSID\{2CBA127B-B76B-42DB-9005-9922061B0224}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software -> GP Software)
CustomCLSID: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003_Classes\CLSID\{2F522D57-5F11-4213-916F-B1CBDFF18332}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software -> GP Software)
CustomCLSID: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003_Classes\CLSID\{302E9B16-54AB-4BC9-A94B-A262239CE138}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software -> GP Software)
CustomCLSID: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003_Classes\CLSID\{303A1582-D0AA-4EFD-AA95-B6797F9AC875}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software -> GP Software)
CustomCLSID: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003_Classes\CLSID\{339FA1D5-707F-4CE4-8291-B2AF27C34A74}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software -> GP Software)
CustomCLSID: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003_Classes\CLSID\{4C416A93-B1B8-4880-BD2D-D1F8517761D1}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software -> GP Software)
CustomCLSID: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003_Classes\CLSID\{556C02E3-85D0-4A37-935B-03F3A0CAE89A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software -> GP Software)
CustomCLSID: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003_Classes\CLSID\{5C1DE490-8DB6-47EB-814C-D577090C63CD}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software -> GP Software)
CustomCLSID: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003_Classes\CLSID\{5F5ECB1D-E47A-470D-975F-025CE89095F0}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software -> GP Software)
CustomCLSID: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003_Classes\CLSID\{64080B4D-8A20-4569-B6E1-A9271A2AFA87}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software -> GP Software)
CustomCLSID: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003_Classes\CLSID\{6CFB8CA8-923F-47CA-8B4A-56DB4B0F3995}\InprocServer32 -> C:\Users\xyz\AppData\Local\BraveSoftware\Update\1.3.99.0\psuser_64.dll (Brave Software, Inc. -> BraveSoftware Inc.)
CustomCLSID: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003_Classes\CLSID\{6FF9C0BE-F91E-4166-8C4F-545A5C0ACCD6}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software -> GP Software)
CustomCLSID: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003_Classes\CLSID\{763483DF-0E26-455F-B60C-684493812CB5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software -> GP Software)
CustomCLSID: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003_Classes\CLSID\{7BC347CB-D8C3-4A81-AE8E-4C886BCA4C27}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software -> GP Software)
CustomCLSID: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003_Classes\CLSID\{8BC0EC67-3327-4398-B587-7A7E95A6383C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software -> GP Software)
CustomCLSID: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003_Classes\CLSID\{8C371082-0AF6-49AE-B1A5-06469C247EBB}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software -> GP Software)
CustomCLSID: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003_Classes\CLSID\{8D7F47FF-59FA-4216-98BB-174F81CB8347}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software -> GP Software)
CustomCLSID: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003_Classes\CLSID\{97EC877C-BC09-4223-8CFF-28305DB30712}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software -> GP Software)
CustomCLSID: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003_Classes\CLSID\{9A807080-9B86-4453-B61D-02122B8F6754}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software -> GP Software)
CustomCLSID: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003_Classes\CLSID\{A78CB667-B0DF-4AE6-8008-91D353985C12}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software -> GP Software)
CustomCLSID: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003_Classes\CLSID\{B03A72C6-78A5-4371-BEC8-32098116598F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software -> GP Software)
CustomCLSID: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003_Classes\CLSID\{B197FB10-52C3-4DDA-935C-6759F8966E7A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software -> GP Software)
CustomCLSID: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003_Classes\CLSID\{BCA9D37C-CA60-4160-9115-97A00F24702D}\localserver32 -> C:\Users\xyz\AppData\Local\Vivaldi\Application\2.10.1745.27\notification_helper.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
CustomCLSID: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003_Classes\CLSID\{C83BB5B3-7208-467B-8257-B4C55D7EC1A3}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software -> GP Software)
CustomCLSID: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003_Classes\CLSID\{CB0D124F-3DF5-4DC6-8C54-F62CF3FCE76C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software -> GP Software)
CustomCLSID: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003_Classes\CLSID\{CCCFE62F-5D05-45EC-A595-C762485E5B39}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software -> GP Software)
CustomCLSID: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003_Classes\CLSID\{D6059A7F-EC97-485C-AE7B-5F932653116B}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software -> GP Software)
CustomCLSID: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003_Classes\CLSID\{DB3919A4-D478-475D-9D92-4451A01F73C8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software -> GP Software)
CustomCLSID: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003_Classes\CLSID\{ECB4D15E-A220-40F9-8ADA-9331A2B5980D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software -> GP Software)
ShellExecuteHooks: Directory Opus Shell Execute Hook - {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [1966784 2020-06-22] (GP Software -> GP Software)
ShellExecuteHooks-x32: Directory Opus Shell Execute Hook - {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll [387776 2020-06-22] (GP Software -> GP Software)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [MacDrive10VolumeIcon] -> {2D8107D0-B8BD-4517-A467-D1816FBB29CB} => C:\Program Files\Mediafour\MacDrive 10\MDVolumeIcons.dll [2017-09-28] (Mediafour Corporation) [File not signed]
ShellIconOverlayIdentifiers: [MacDrive10VolumeIconReadOnly] -> {34916EDE-C357-419A-BD17-AB27153474E1} => C:\Program Files\Mediafour\MacDrive 10\MDVolumeIcons.dll [2017-09-28] (Mediafour Corporation) [File not signed]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2020-02-06] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2020-01-29] (Notepad++ -> )
ContextMenuHandlers1: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2019-10-17] (TGRMN Software -> Bulk Rename Utility)
ContextMenuHandlers1: [CMPCContextMenu] -> {1650dc30-2343-498a-b49a-37b90918f611} => -> No File
ContextMenuHandlers2: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2019-10-17] (TGRMN Software -> Bulk Rename Utility)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-11-25] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2020-02-06] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2019-10-17] (TGRMN Software -> Bulk Rename Utility)
ContextMenuHandlers4: [CMPCContextMenu] -> {1650dc30-2343-498a-b49a-37b90918f611} => -> No File
ContextMenuHandlers4: [PMShellExt] -> {D33CAA34-6010-4798-A3A3-11600C03EDDB} => C:\Program Files\Camera Bits\Photo Mechanic\PMShellMenu.dll [2020-08-25] (Camera Bits, Inc.) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d223212c0a2275b5\nvshext.dll [2019-12-27] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2020-02-06] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-11-25] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers1_S-1-5-21-2048631613-2831981643-1474844327-1003: [OpusZip] -> {E9FE4040-3C93-11D4-8006-00201860E88A} => C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [2020-06-22] (GP Software -> GP Software)
ContextMenuHandlers4_S-1-5-21-2048631613-2831981643-1474844327-1003: [OpusZip] -> {E9FE4040-3C93-11D4-8006-00201860E88A} => C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [2020-06-22] (GP Software -> GP Software)
ContextMenuHandlers5_S-1-5-21-2048631613-2831981643-1474844327-1003: [DOpus] -> {B9DD4945-1BED-4CB7-994C-F40B72B7725A} => C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [2020-06-22] (GP Software -> GP Software)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\xyz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Ledger Wallet Bitcoin.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kkdpmhnladdopljabkgpacgpliggeeaf
ShortcutWithArgument: C:\Users\xyz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Ledger Wallet Ethereum.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=hmlhkialjkaldndjnlcdfdphcgeadkkm
ShortcutWithArgument: C:\Users\xyz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\TREZOR Chrome Extension.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=jcjjhjgimijdkoamemaghajlhegmoclj

==================== Loaded Modules (Whitelisted) =============

2020-02-09 11:56 - 2020-09-04 07:10 - 000965632 ____N () [File not signed] C:\Program Files\J River\Media Center 26\Plugins\hh_portable.dll
2020-02-09 11:56 - 2020-09-04 07:10 - 001458688 ____N () [File not signed] C:\Program Files\J River\Media Center 26\Plugins\in_mp3.dll
2020-04-08 09:34 - 2016-08-17 13:47 - 000012288 _____ () [File not signed] C:\Users\xyz\AppData\Local\1Clipboard\app-0.1.8\libegl.dll
2020-04-08 09:34 - 2016-08-17 13:47 - 001581568 _____ () [File not signed] C:\Users\xyz\AppData\Local\1Clipboard\app-0.1.8\libglesv2.dll
2020-04-08 09:34 - 2016-08-17 13:47 - 000124928 _____ () [File not signed] C:\Users\xyz\AppData\Local\1Clipboard\app-0.1.8\resources\app.asar.unpacked\node_modules\ffi\build\Release\ffi_bindings.node
2020-04-08 09:34 - 2016-08-17 13:47 - 000118784 _____ () [File not signed] C:\Users\xyz\AppData\Local\1Clipboard\app-0.1.8\resources\app.asar.unpacked\node_modules\ffi\node_modules\ref\build\Release\binding.node
2020-04-08 09:34 - 2016-08-17 13:47 - 000496640 _____ () [File not signed] C:\Users\xyz\AppData\Local\1Clipboard\app-0.1.8\resources\app.asar.unpacked\node_modules\lwip.win32\build\Release\lwip_decoder.node
2020-04-08 09:34 - 2016-08-17 13:47 - 000401408 _____ () [File not signed] C:\Users\xyz\AppData\Local\1Clipboard\app-0.1.8\resources\app.asar.unpacked\node_modules\lwip.win32\build\Release\lwip_encoder.node
2020-04-08 09:34 - 2016-08-17 13:47 - 000336384 _____ () [File not signed] C:\Users\xyz\AppData\Local\1Clipboard\app-0.1.8\resources\app.asar.unpacked\node_modules\lwip.win32\build\Release\lwip_image.node
2020-04-08 09:34 - 2016-08-17 13:47 - 000148992 _____ () [File not signed] C:\Users\xyz\AppData\Local\1Clipboard\app-0.1.8\resources\app.asar.unpacked\node_modules\msgpack.win32\build\Release\msgpackBinding.node
2020-04-08 09:34 - 2016-08-17 13:47 - 000897536 _____ () [File not signed] C:\Users\xyz\AppData\Local\1Clipboard\app-0.1.8\resources\app.asar.unpacked\node_modules\sqlite3\lib\binding\node-v46-win32-ia32\node_sqlite3.node
2020-11-25 20:17 - 2020-11-25 20:17 - 000799744 _____ () [File not signed] C:\Users\xyz\AppData\Local\Amazon Drive\sqlite3.dll
2019-10-09 14:59 - 2019-10-09 14:59 - 000145920 _____ (Amazon.com Inc.) [File not signed] E:\YouTrack\internal\java\windows-amd64\bin\java.dll
2019-10-09 14:59 - 2019-10-09 14:59 - 000024064 _____ (Amazon.com Inc.) [File not signed] E:\YouTrack\internal\java\windows-amd64\bin\jimage.dll
2019-10-09 14:59 - 2019-10-09 14:59 - 000017920 _____ (Amazon.com Inc.) [File not signed] E:\YouTrack\internal\java\windows-amd64\bin\management.dll
2019-10-09 14:59 - 2019-10-09 14:59 - 000025088 _____ (Amazon.com Inc.) [File not signed] E:\YouTrack\internal\java\windows-amd64\bin\management_ext.dll
2019-10-09 14:59 - 2019-10-09 14:59 - 000083968 _____ (Amazon.com Inc.) [File not signed] E:\YouTrack\internal\java\windows-amd64\bin\net.dll
2019-10-09 14:59 - 2019-10-09 14:59 - 000055808 _____ (Amazon.com Inc.) [File not signed] E:\YouTrack\internal\java\windows-amd64\bin\nio.dll
2019-10-09 14:59 - 2019-10-09 14:59 - 010920448 _____ (Amazon.com Inc.) [File not signed] E:\YouTrack\internal\java\windows-amd64\bin\server\jvm.dll
2019-10-09 14:59 - 2019-10-09 14:59 - 000139264 _____ (Amazon.com Inc.) [File not signed] E:\YouTrack\internal\java\windows-amd64\bin\sunec.dll
2019-10-09 14:59 - 2019-10-09 14:59 - 000032256 _____ (Amazon.com Inc.) [File not signed] E:\YouTrack\internal\java\windows-amd64\bin\sunmscapi.dll
2019-10-09 14:59 - 2019-10-09 14:59 - 000045056 _____ (Amazon.com Inc.) [File not signed] E:\YouTrack\internal\java\windows-amd64\bin\verify.dll
2019-10-09 14:59 - 2019-10-09 14:59 - 000073728 _____ (Amazon.com Inc.) [File not signed] E:\YouTrack\internal\java\windows-amd64\bin\zip.dll
2020-02-08 11:04 - 2020-02-06 05:00 - 000076800 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2020-02-09 11:56 - 2020-09-04 07:11 - 001074176 ____N (JRiver, Inc.) [File not signed] C:\Program Files\J River\Media Center 26\Plugins\in_mp4.dll
2020-02-09 11:56 - 2020-09-04 07:13 - 001585152 ____N (JRiver, Inc.) [File not signed] C:\Program Files\J River\Media Center 26\Plugins\out_main.dll
2020-02-09 11:56 - 2020-09-04 07:10 - 000446464 ____N (JRiver, Inc.) [File not signed] C:\Program Files\J River\Media Center 26\Plugins\rc_main.dll
2017-09-22 10:17 - 2017-09-22 10:17 - 000162304 _____ (Mediafour Corporation) [File not signed] C:\Program Files\Common Files\Mediafour\M4ProductUpdates.dll
2015-06-09 12:12 - 2015-06-09 12:12 - 000093184 _____ (Mediafour Corporation) [File not signed] C:\Program Files\Mediafour\MacDrive 10\MACDRAPI.DLL
2017-09-28 13:47 - 2017-09-28 13:47 - 000280576 _____ (Mediafour Corporation) [File not signed] C:\Program Files\Mediafour\MacDrive 10\MDVolumeIcons.dll
2020-04-08 09:34 - 2016-08-17 13:47 - 009441280 _____ (Node.js) [File not signed] C:\Users\xyz\AppData\Local\1Clipboard\app-0.1.8\node.dll
2020-01-23 01:28 - 2020-01-23 01:28 - 000069120 _____ (Python Software Foundation) [File not signed] C:\Program Files\LibreOffice\program\python-core-3.7.6\lib\_socket.pyd
2020-01-23 01:28 - 2020-01-23 01:28 - 000019456 _____ (Python Software Foundation) [File not signed] C:\Program Files\LibreOffice\program\python-core-3.7.6\lib\select.pyd
2020-11-25 20:17 - 2020-11-25 20:17 - 000125952 _____ (Robert Vazan) [File not signed] C:\Users\xyz\AppData\Local\Amazon Drive\crc32c.dll
2020-01-23 01:49 - 2020-01-23 01:49 - 000518656 _____ (The Document Foundation) [File not signed] C:\Program Files\LibreOffice\program\pyuno.pyd

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\sdpsenv.dat:naughtypirates [322]
AlternateDataStreams: C:\Users\xyz\AppData\Local\Temp:com.affinity.designer.2 [241]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2048631613-2831981643-1474844327-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://oem17win10.msn.com/?pc=NMTE
SearchScopes: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003 -> DefaultScope {BE7565AC-EBCB-48CB-9BB8-76B067D1760E} URL =
SearchScopes: HKU\S-1-5-21-2048631613-2831981643-1474844327-1003 -> {BE7565AC-EBCB-48CB-9BB8-76B067D1760E} URL =
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\ssv.dll [2020-04-22] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\jp2ssv.dll [2020-04-22] (Oracle America, Inc. -> Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-18 20:49 - 2019-03-18 20:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2048631613-2831981643-1474844327-1003\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
HKU\S-1-5-21-2048631613-2831981643-1474844327-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 10.157.0.1 - 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-2048631613-2831981643-1474844327-1003\...\StartupApproved\Run: => "Opera Browser Assistant"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FF95B525-7351-48A3-ADBA-B10E3963FAB4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E05C74D7-DAD7-47CA-A821-4B04218B02E4}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C152E69F-CB69-4B22-94C0-0802DA7D893C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8110C95A-815F-434A-B803-B16EDDA3F530}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{38F2071F-58C6-409A-9723-CF4179745624}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E1CE5259-7112-4DB2-8EC4-28B170F838BF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{16FBF506-50B4-44DA-9924-09B4B01B26AB}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [UDP Query User{ABB5CB46-5CE1-4B5C-8D00-3EE4E66A4809}C:\program files (x86)\camera bits\photo mechanic 5\photo mechanic.exe] => (Allow) C:\program files (x86)\camera bits\photo mechanic 5\photo mechanic.exe (Camera Bits, Inc. -> Camera Bits, Inc.)
FirewallRules: [TCP Query User{1147B0BE-624C-4B74-A8F3-FDD03DFAC099}C:\program files (x86)\camera bits\photo mechanic 5\photo mechanic.exe] => (Allow) C:\program files (x86)\camera bits\photo mechanic 5\photo mechanic.exe (Camera Bits, Inc. -> Camera Bits, Inc.)
FirewallRules: [UDP Query User{C09F7335-A400-4C89-982E-2210E8A4BFF8}C:\program files\ditto\ditto.exe] => (Allow) C:\program files\ditto\ditto.exe () [File not signed]
FirewallRules: [TCP Query User{D36D566D-94C7-4FEF-B7D9-FD4041A71F30}C:\program files\ditto\ditto.exe] => (Allow) C:\program files\ditto\ditto.exe () [File not signed]
FirewallRules: [{1CFEC87C-D15D-4C6D-AD40-55AB65AA9BAC}] => (Allow) C:\Users\xyz\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{A16F1650-BE78-4A7B-A1CF-0025B2228AC9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{92A671D8-673E-4CD2-85E3-343BCD8F5629}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{DFEAD553-A539-48F7-83C6-A4D0C5CBE222}C:\program files\j river\media center 26\media center 26.exe] => (Allow) C:\program files\j river\media center 26\media center 26.exe (JRiver, Inc. -> JRiver, Inc.)
FirewallRules: [TCP Query User{0AF0CFF8-9B08-4CAA-89E0-EB265B46AC3E}C:\program files\j river\media center 26\media center 26.exe] => (Allow) C:\program files\j river\media center 26\media center 26.exe (JRiver, Inc. -> JRiver, Inc.)
FirewallRules: [UDP Query User{83FECF7E-3562-48B4-AC44-81916E5E7B08}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{03CF0774-32B0-4789-BC4A-E9CB810F3546}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{7F3B609D-ECEF-4371-B4BC-DED8ED0BA0F0}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{615AB2B9-EF2B-4D4B-AAE7-ED75CD8CC5AC}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{FAD87F40-B99B-4FFC-9D19-D57E48BC27CF}] => (Allow) c:\users\xyz\appdata\local\programs\opera\72.0.3815.186\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{B5CD48E3-C010-4AF0-85CD-5997B3A7F6DC}] => (Allow) c:\users\xyz\appdata\local\programs\opera\72.0.3815.320\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{A0D8FFB2-6C7D-4573-AD35-30944CA49797}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{733B9110-6545-4782-947C-D131B5A49D98}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{095565C3-CD11-4C4F-9E55-61A5FA23FEBA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2FED7499-CDE0-460C-B2C9-152879AFF041}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1257D136-6249-414A-9B1C-B167294767C1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

10-11-2020 22:22:56 Windows Modules Installer
20-11-2020 16:11:42 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (11/26/2020 04:35:02 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: DESKTOP-0H1FL2Q)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).

Error: (11/26/2020 04:35:02 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-0H1FL2Q)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (11/25/2020 06:33:49 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: DESKTOP-0H1FL2Q)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).

Error: (11/25/2020 06:33:49 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-0H1FL2Q)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (11/25/2020 12:07:02 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: DESKTOP-0H1FL2Q)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).

Error: (11/25/2020 12:07:02 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-0H1FL2Q)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (11/23/2020 02:05:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Media Center 26.exe version 26.0.107.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 4fc4

Start Time: 01d6c06e537e9f6a

Termination Time: 5

Application Path: C:\Program Files\J River\Media Center 26\Media Center 26.exe

Report Id: 8ae77d09-04c1-4081-9d44-8446b706e12e

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (11/23/2020 07:20:04 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on 2020-Drive_1 (E:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

System errors:
=============
Error: (11/25/2020 06:33:02 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 57@01010013

Error: (11/25/2020 06:33:02 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 57@01010013

Error: (11/25/2020 06:33:02 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 57@01010013

Error: (11/21/2020 05:17:36 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 57@01010013

Error: (11/21/2020 05:17:36 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 57@01010013

Error: (11/21/2020 05:17:36 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 57@01010013

Error: (11/21/2020 05:16:51 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1053" attempting to start the service camsvc with arguments "Unavailable" in order to run the server:
Windows.Internal.CapabilityAccess.Management.CapabilityConsentManager

Error: (11/21/2020 05:16:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Capability Access Manager Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

CodeIntegrity:
===================================

Date: 2020-11-27 08:35:04.8150000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bitdefender Antivirus Free\bdamsi\264922028524842683\antimalware_provider64.dll that did not meet the Windows signing level requirements.

Date: 2020-11-27 08:35:04.8100000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bitdefender Antivirus Free\bdamsi\264922028524842683\antimalware_provider64.dll that did not meet the Windows signing level requirements.

Date: 2020-11-27 08:35:04.8020000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bitdefender Antivirus Free\bdamsi\264922028524842683\antimalware_provider64.dll that did not meet the Windows signing level requirements.

Date: 2020-11-27 06:33:30.6560000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bitdefender Antivirus Free\bdamsi\264922028524842683\antimalware_provider64.dll that did not meet the Windows signing level requirements.

Date: 2020-11-27 06:33:30.6520000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bitdefender Antivirus Free\bdamsi\264922028524842683\antimalware_provider64.dll that did not meet the Windows signing level requirements.

Date: 2020-11-27 06:33:30.6460000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bitdefender Antivirus Free\bdamsi\264922028524842683\antimalware_provider64.dll that did not meet the Windows signing level requirements.

Date: 2020-11-27 06:33:30.6420000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bitdefender Antivirus Free\bdamsi\264922028524842683\antimalware_provider64.dll that did not meet the Windows signing level requirements.

Date: 2020-11-27 06:33:30.6340000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bitdefender Antivirus Free\bdamsi\264922028524842683\antimalware_provider64.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 1.60 08/21/2019
Motherboard: Micro-Star International Co., Ltd. MAG Z390 TOMAHAWK (MS-7B18)
Processor: Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz
Percentage of memory in use: 46%
Total physical RAM: 65470.23 MB
Available physical RAM: 34845.47 MB
Total Virtual: 87998.23 MB
Available Virtual: 47814.23 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:953.24 GB) (Free:724.21 GB) NTFS
Drive e: (2020-Drive_1) (Fixed) (Total:2794.5 GB) (Free:937.84 GB) NTFS
Drive g: (083020a) (Fixed) (Total:4657.17 GB) (Free:1992.59 GB) HFSJ

\\?\Volume{065326e9-55bb-4ae5-8fe0-d28a9a8365a7}\ (Recovery) (Fixed) (Total:0.52 GB) (Free:0.09 GB) NTFS
\\?\Volume{ba530d2b-e095-456d-8e57-73aae836bd8a}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
\\?\Volume{c396a908-8245-456d-a2c3-c0b8a93e9cb9}\ (EFI) (Fixed) (Total:0.19 GB) (Free:0.19 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Size: 953.9 GB) (Disk ID: 11F411F5)

Partition: GPT.

==========================================================
Disk: 2 (Protective MBR) (Size: 4657.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
 
#8 ·
Hi, BigHaus.

Apologies for the delay.

As I mentioned above, Malwarebytes Browser Guard is blocking the specific domain (ecureconv-ec.com) to protect you. It is a questionable domain.So nothing wrong with the pop up.

The logs you have provided didn't show any obvious sign of malware in the computer. However, if you want me to take a second look, and just to be sure, you can proceed to the following:

1. Run AdwCleaner

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Filestab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

2. Run Malwarebytes
  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code:
    [*]Under the title Scan Options, all the options are checked.
    [*]Under the title Windows Security Center (Premium only) the option is unchecked.
    [*]Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Thread Scan Summary window open.
If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.
In your next reply, please post:
  1. The screenshot with the popup (if it appears)
  2. The AdwCleaner[S0*].txt
  3. The Malwarebytes report
 
#10 ·
# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-11-23.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 12-01-2020
# Duration: 00:00:16
# OS: Windows 10 Pro
# Scanned: 31920
# Detected: 1

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

PUP.Optional.22ChromeEXT Downloader for Instagram - olkpikmlhoaojbbmmpejnimiglejmboe

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 
#11 ·
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/1/20
Scan Time: 11:52 PM
Log File: 5a7808a4-3473-11eb-b4a9-2cf05d053f74.json

-Software Information-
Version: 4.2.3.96
Components Version: 1.0.1122
Update Package Version: 1.0.33746
License: Premium

-System Information-
OS: Windows 10 (Build 19041.630)
CPU: x64
File System: NTFS
User: DESKTOP-0H1FL2Q\xyz

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 337244
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 min, 13 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

Product Rectangle Azure Font Computer
 
#12 ·
Hi, BigHaus.

Let's clean the potentially unwanted program found be AdwCleaner and then take care of some other things.

1. AdwCleaner (Clean)
  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all threads found and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it (Note: previous scan showed no pre-installed software in your machine, so you can skip these sub steps).
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start ADWCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

2. Remove Avast

Although Avast is no longer installed in the computer, it is shown in the Security Center in your logs. That means that it may not uninstalled correctly.
  • Follow the instructions here to download and use the Avast Uninstall Utility.
  • In the instructions there is a step asking you to run the Avast Uninstall Utility in Safe Mode. Use the instructions here to start the computer in Safe Mode (Use the first option, From Settings).

3. Run FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
ContextMenuHandlers1: [CMPCContextMenu] -> {1650dc30-2343-498a-b49a-37b90918f611} => -> No File
ContextMenuHandlers4: [CMPCContextMenu] -> {1650dc30-2343-498a-b49a-37b90918f611} => -> No File
AlternateDataStreams: C:\ProgramData\sdpsenv.dat:naughtypirates [322]
AlternateDataStreams: C:\Users\xyz\AppData\Local\Temp:com.affinity.designer.2 [241]
Virustotal:  C:\ProgramData\sdpsenv.dat
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

In your next reply please post:
  1. The AdwCleaner[C0*].txt
  2. The fixlog.txt
  3. Your feedback about any other issue regarding this computer
 
#13 ·
# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-11-23.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-03-2020
# Duration: 00:00:01
# OS: Windows 10 Pro
# Cleaned: 0
# Failed: 1

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

Not Deleted Downloader for Instagram - olkpikmlhoaojbbmmpejnimiglejmboe

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1460 octets] - [01/12/2020 23:48:33]
AdwCleaner[S01].txt - [1521 octets] - [03/12/2020 00:01:32]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
 
#14 ·
Fix result of Farbar Recovery Scan Tool (x64) Version: 02-12-2020
Ran by xyz (03-12-2020 01:04:55) Run:1
Running from C:\Users\xyz\Desktop
Loaded Profiles: xyz & JetBrainsYouTrack
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
ContextMenuHandlers1: [CMPCContextMenu] -> {1650dc30-2343-498a-b49a-37b90918f611} => -> No File
ContextMenuHandlers4: [CMPCContextMenu] -> {1650dc30-2343-498a-b49a-37b90918f611} => -> No File
AlternateDataStreams: C:\ProgramData\sdpsenv.dat:naughtypirates [322]
AlternateDataStreams: C:\Users\xyz\AppData\Local\Temp:com.affinity.designer.2 [241]
Virustotal: C:\ProgramData\sdpsenv.dat
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
"AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}" => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\CMPCContextMenu => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\CMPCContextMenu => removed successfully
C:\ProgramData\sdpsenv.dat => ":naughtypirates" ADS removed successfully
C:\Users\xyz\AppData\Local\Temp => ":com.affinity.designer.2" ADS removed successfully
VirusTotal: C:\ProgramData\sdpsenv.dat => D41D8CD98F00B204E9800998ECF8427E (0-byte MD5)

=========== EmptyTemp: ==========

BITS transfer queue => 12083200 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 428690074 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 283724084 B
Edge => 27317 B
Chrome => 10649730659 B
Firefox => 1153123282 B
Opera => 62011865 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 38590 B
NetworkService => 38590 B
xyz => 185292820 B
JetBrainsYouTrack => 185292820 B

RecycleBin => 0 B
EmptyTemp: => 12.1 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 01:07:45 ====
 
#16 ·
Hi, BigHaus.

It seems that the PUP found by AdwCleaner was not removed. Let's try remove it using a different way.

1. Open Chrome.
2. At the top right choose More (the three vertical dots) > More Tools > Extensions
3. Find Downloader for Instagram, and remove it, clicking on Remove.
4. Confirm the action by clicking Remove once again.

Please report back about the result.
 
#19 ·
DR M is away and I will be assisting you.
Please run AdwCleaner once more and post the AdwCleaner scan log (AdwCleaner[S0*].txt)
No, I am here, and apologize for the short delay. :)

I'm taking over from where we left if iMacg3 is fine with this.

BigHaus, please go on with iMacg3's instructions above.
 
#20 ·
# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-11-23.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-03-2020
# Duration: 00:00:01
# OS: Windows 10 Pro
# Cleaned: 0
# Failed: 1

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

Not Deleted Downloader for Instagram - olkpikmlhoaojbbmmpejnimiglejmboe

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1460 octets] - [01/12/2020 23:48:33]
AdwCleaner[S01].txt - [1521 octets] - [03/12/2020 00:01:32]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
 
#22 ·
My mistake. I selected the wrong log file. Here is the correct one:

# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-09-29.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 12-05-2020
# Duration: 00:00:12
# OS: Windows 10 Pro
# Scanned: 31837
# Detected: 0

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.

AdwCleaner[S00].txt - [1460 octets] - [01/12/2020 23:48:33]
AdwCleaner[S01].txt - [1521 octets] - [03/12/2020 00:01:32]
AdwCleaner[C01].txt - [1691 octets] - [03/12/2020 00:02:30]
AdwCleaner[S02].txt - [1588 octets] - [05/12/2020 09:23:51]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S03].txt ##########
 
#23 · (Edited)
Yes!!! :)

This is what we wanted to see!

The following tool will remove the tools we used (AdwCleaner and FRST) as well as reset system restore points. You can keep Malwarebytes, and use it from time to time as an on-demand antimalware scanner.

Download KpRm by kernel-panik and save it to your desktop.
  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.

Since no other problem with this computer,

here are some final tips about your computer's security from now on:

Some of the following, are from Klein's (2005) article, So how did I get infected in the first place. Since then, the article has been reproduced or linked to in dozens of locations. As a result, many malware experts have continued updating it, to include current operating systems and software program information. My source is Security Garden, and I marked for you the following:

1. Keep your Windows updated!
It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.

2. Update 3rd Party Software Programs
Third Party software programs have long been targets for malware creators. It has been stated that "Adobe's Reader and Flash and all versions of Java are together responsible for a total of 66 percent of the vulnerabilities in Windows systems exploited by malware.'' It's important to keep everything updated.

3. Update the browsers you use
Many malware infections install themselves by exploiting security holes in the Internet browser that you use. So... Keep them updated.

4. Be careful about what you download and what you open!
  • Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself. Watch for pre-checked options such as toolbars that are not essential to the operation of the installed software.
  • Peer-to-peer (P2P) programs like Kazaa, BearShare, Imesh, Warez P2P, and others, allow the creation of a network enabling people to connect with other users and upload or download material in a fast efficient manner. BUT even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected.
  • Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Have this in mind.
  • Do not open any files without being certain of what they are!
5. Avoid questionable web sites!
Visit web sites that are trustworthy and reputable. Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders. Also, never give out personal information of any sort online or click "OK" to a pop-up unless it is signed by a reputable company and you know what it is.

6. PC means personal computer!
Don't give access to your computer to friends or family who appear to be clueless about what they are doing.

7. Back-up your work!
Make back-ups of your personal files frequently. You never know when you'll have to reformat and start from scratch. You can always reformat and reinstall programs, but you cannot replace your data if you haven't made backups.

8. Must-Have Software
An anti-virus and an anti-spyware program is a necessity for the security of your computer. Be sure that you keep them updated, and that real time protection is enabled.

If you have any questions or concerns please don't hesitate to ask!

I'm glad I was able to help you.
:)
 
#24 ·
# Run at 12/13/2020 4:10:59 PM
# KpRm (Kernel-panik) version 2.8
# Website https://kernel-panik.me/tool/kprm/
# Run by xyz from C:\Users\xyz\Desktop
# Computer Name: DESKTOP-0H1FL2Q
# OS: Windows 10 X64 (19041)
# Number of passes: 2

- Checked options -

~ Registry Backup
~ Delete Tools
~ Restore System Settings
~ UAC Restore
~ Delete Restore Points
~ Create Restore Point
~ Delete Quarantines

- Create Registry Backup -

~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up
~ [OK] Hive C:\Users\xyz\NTUSER.dat backed up

[OK] Registry Backup: C:\KPRM\backup\2020-12-13-16-10-59

- Delete Tools -

## AdwCleaner
[OK] C:\AdwCleaner deleted

## FRST
[OK] C:\FRST deleted

- Restore System Settings -

[OK] Reset WinSock
[OK] FLUSHDNS
[OK] Hide Hidden file.
[OK] Show Extensions for known file types
[OK] Hide protected operating system files

- Restore UAC -

[OK] Set EnableLUA with default (1) value
[OK] Set ConsentPromptBehaviorAdmin with default (5) value
[OK] Set ConsentPromptBehaviorUser with default (3) value
[OK] Set EnableInstallerDetection with default (0) value
[OK] Set EnableSecureUIAPaths with default (1) value
[OK] Set EnableUIADesktopToggle with default (0) value
[OK] Set EnableVirtualization with default (1) value
[OK] Set FilterAdministratorToken with default (0) value
[OK] Set PromptOnSecureDesktop with default (1) value
[OK] Set ValidateAdminCodeSignatures with default (0) value

- Clear Restore Points -

~ [OK] RP named KpRm created at 12/14/2020 00:09:42 deleted
[OK] All system restore points have been successfully deleted

- Create Restore Point -

[OK] System Restore Point created

- Display System Restore Point -

~ RP named KpRm created at 12/14/2020 00:11:12

-- KPRM finished in 25.85s --
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top