Jump to content


Photo

PC Doesn't Respond


  • Please log in to reply
11 replies to this topic

#1 koolsam

koolsam

    SWI Junkie

  • Full Member
  • PipPipPipPip
  • 270 posts

Posted 15 July 2020 - 01:23 AM

Hi,

I run Windows 10 64-bit For the past few days my Laptop goes into Not Responding Mode and i have to wait for it to respond again

 

I am Attaching the Malware Bytes log,FRST Log and Security Analysis log

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/15/20
Scan Time: 11:54 AM
Log File: d5ec9f8c-c663-11ea-8bdc-5453ed271987.json

-Software Information-
Version: 4.1.0.56
Components Version: 1.0.979
Update Package Version: 1.0.26847
License: Trial

-System Information-
OS: Windows 10 (Build 19041.329)
CPU: x64
File System: NTFS
User: DESKTOP-4RH6A7H\pvsam

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 287723
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 5 min, 25 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)



#2 koolsam

koolsam

    SWI Junkie

  • Full Member
  • PipPipPipPip
  • 270 posts

Posted 15 July 2020 - 01:25 AM

Here i am attaching the FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2020 01
Ran by pvsam (administrator) on DESKTOP-4RH6A7H (Sony Corporation SVE15113ENB) (15-07-2020 12:31:17)
Running from C:\Users\pvsam\Desktop
Loaded Profiles: pvsam
Platform: Windows 10 Pro Version 2004 19041.329 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Corel Corporation -> WinZip Computing) C:\Program Files\WinZip\WzPreloader.exe
(Elaborate Bytes AG -> Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(eVenture Limited -> eVenture Limited) C:\Program Files (x86)\hide.me VPN\Hide.me.exe
(eVenture Limited -> eVenture Limited) C:\Program Files (x86)\hide.me VPN\hidemesvc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\pvsam\AppData\Local\Microsoft\OneDrive\20.084.0426.0007\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\pvsam\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2005.5739.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2006.10-0\MsMpEng.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Nero 2020\Nero BackItUp\NBService.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Transfer\Transfer.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Qualcomm Atheros -> ) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SEAGATE TECHNOLOGY LLC -> Seagate Technology LLC) C:\Program Files (x86)\Toolkit\Toolkit.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe <5>
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Tonec Inc. -> Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
(Tonec Inc. -> Tonec Inc.) [File not signed] C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc. -> Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(UiPath, Inc. -> UiPath) C:\Users\pvsam\AppData\Local\UiPath\app-20.4.0\Robot JS Add-on\UiPath.RobotJS.UserHost.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2814096 2019-08-30] (Corel Corporation -> Corel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954368 2015-09-21] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-11] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1870928 2017-02-18] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG -> Elaborate Bytes AG)
HKLM-x32\...\Run: [Nero BackItUp] => C:\Program Files (x86)\Nero\Nero 2020\Nero BackItUp\BackItUp.exe [1156376 2019-11-07] (Nero AG -> Nero AG)
HKLM-x32\...\Run: [DriveSpan] => C:\Program Files (x86)\Nero\Transfer\Transfer.exe [138520 2019-06-24] (Nero AG -> Nero AG)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [353064 2020-03-16] (RealNetworks, Inc. -> RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => c:\program files (x86)\real\RealDownloader\downloader2.exe [1272104 2020-03-04] (RealNetworks, Inc. -> )
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-04-02] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
HKU\S-1-5-21-2953840584-32695445-2838772337-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [5451576 2020-04-17] (Tonec Inc. -> Tonec Inc.) [File not signed]
HKU\S-1-5-21-2953840584-32695445-2838772337-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22245560 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2953840584-32695445-2838772337-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886352 2017-02-18] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKU\S-1-5-21-2953840584-32695445-2838772337-1001\...\Run: [uTorrent] => C:\Users\pvsam\AppData\Roaming\uTorrent\uTorrent.exe [1893104 2020-05-18] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-2953840584-32695445-2838772337-1001\...\Run: [Toolkit] => "C:\Program Files (x86)\Toolkit\Toolkit.exe" /WinStart**퓛㑋⤀耀C:\ProgramData\Microsoft\Windows\Start Menu\Progra
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [54944 2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.116\Installer\chrmstp.exe [2020-06-25] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\WINDOWS\system32\AthCredentialProvider.dll [2014-04-02] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\WINDOWS\system32\AthCredentialProvider.dll [2014-04-02] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
IFEO\osppsvc.exe: [Debugger] rundll32.exe SppExtComObjHook.dll,PatcherMain
IFEO\SppExtComObj.exe: [Debugger] rundll32.exe SppExtComObjHook.dll,PatcherMain
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2020-03-16]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2019-10-11]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (Corel Corporation -> WinZip Computing)
Startup: C:\Users\pvsam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hide.me VPN.lnk [2020-07-15]
ShortcutTarget: hide.me VPN.lnk -> C:\Program Files (x86)\hide.me VPN\Hide.me.exe (eVenture Limited -> eVenture Limited)
CHR HKU\S-1-5-21-2953840584-32695445-2838772337-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0288C0E9-4967-445B-ABC2-56535B09DC39} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {0F5AD7CC-3B65-4980-858C-FF00B3E99105} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MpCmdRun.exe [512272 2020-07-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1472AABD-9FC7-45C0-A99D-30AB003F548A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MpCmdRun.exe [512272 2020-07-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {198829D2-BADD-42AA-BBFA-5348987C11B6} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2953840584-32695445-2838772337-1001 => C:\program files (x86)\real\RealDownloader\RealUpgrade.exe [135464 2020-03-04] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {1A615AE6-4F51-4724-9406-6CE2C212CC09} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2814096 2019-08-30] (Corel Corporation -> Corel Corporation)
Task: {207735CF-45AE-410F-9589-C10EC24DFEF8} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2953840584-32695445-2838772337-1001 => C:\program files (x86)\real\RealDownloader\RealUpgrade.exe [135464 2020-03-04] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {2B506DC7-3CD0-4ABA-9C6F-2F5B3BDA595D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4569496 2020-07-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {37BE11AC-D196-4295-AE29-1CD4919DC230} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MpCmdRun.exe [512272 2020-07-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {473295B5-8E0D-4D26-A8D7-31CD546EE8DB} - System32\Tasks\RealDownloader Update Check => c:\program files (x86)\real\RealDownloader\downloader2.exe [1272104 2020-03-04] (RealNetworks, Inc. -> )
Task: {4A69AB32-E25A-45EF-B276-AE48A6839BB1} - System32\Tasks\Agent Activation Runtime\S-1-5-21-2953840584-32695445-2838772337-1001 => C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe [13312 2020-06-12] (Microsoft Windows -> )
Task: {4DECB667-DC1A-44D1-A987-0467539EF9B0} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [124112 2020-07-10] (Mozilla Corporation -> Mozilla Foundation)
Task: {52B13C2F-376B-4459-9C5C-D4C35F1E2887} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [123744 2020-07-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {6DD22F65-2EAE-49D1-8BF9-F6B336E4AD8C} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {6ECE3CB8-FAA8-40B1-8303-9D813F9A75D1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1331792 2020-05-07] (Adobe Inc. -> Adobe Inc.)
Task: {71668F7B-0AC5-49D7-BFAD-12E513AD97C0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MpCmdRun.exe [512272 2020-07-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7BC7CAB8-4EEA-448C-969A-C409FC29B286} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2814096 2019-08-30] (Corel Corporation -> Corel Corporation)
Task: {7E575AEA-988C-475B-AF8F-7DBB4B3D2106} - System32\Tasks\UiPath RobotJS => C:\Users\pvsam\AppData\Local\UiPath\app-20.4.0\Robot JS Add-on\UiPath.RobotJS.UserHost.exe [74368 2020-05-09] (UiPath, Inc. -> UiPath)
Task: {8595BAF8-5131-451D-A9EA-8007D231106C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-03] (Google Inc -> Google LLC)
Task: {8FFCB64D-6971-4614-947C-B267FE7E54EA} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-06-09] (Adobe Inc. -> Adobe)
Task: {9F6AAC59-30A6-4CA3-8741-A2A59982A78D} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_387_Plugin.exe [1459256 2020-06-09] (Adobe Inc. -> Adobe)
Task: {9FAA6B37-F563-42D8-B3E6-3EA455480E48} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23810952 2020-06-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {A5E67EBC-58A3-4B5C-BFAA-B6A73613BCF7} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23810952 2020-06-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {A8CE9D26-ADE5-4BA9-9EB3-A165BEBD26C1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18227896 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {B94D2B65-C19B-4AE5-B712-1BCFAE970356} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2814096 2019-08-30] (Corel Corporation -> Corel Corporation)
Task: {C8A5504E-3D0B-4B36-A60F-487A47B799E7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-03] (Google Inc -> Google LLC)
Task: {DBF15E71-904B-4F84-BE91-35A7E37D9198} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4569496 2020-07-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {EF5A3185-AA52-418E-B88E-E16DC31FC9AC} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [7071000 2019-11-10] (Nero AG -> Nero AG)
Task: {F876EE3E-7064-4B33-88D5-16E6DC7DF1D1} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [123744 2020-07-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {F9C0D174-CD71-4765-93D4-0AF7F73A223A} - System32\Tasks\NCH Software\InventoriaSchedBackup => C:\Program Files (x86)\NCH Software\Inventoria\Inventoria.exe [1725472 2018-10-17] (NCH Software Pty Ltd -> NCH Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.31.1
Tcpip\..\Interfaces\{02b9c437-413a-489e-9076-b76ffe1753a5}: [DhcpNameServer] 192.168.31.1
Tcpip\..\Interfaces\{048acda3-11fc-4348-b943-c9884bf7d0ff}: [DhcpNameServer] 192.168.31.1
Tcpip\..\Interfaces\{1fbc7e30-effa-4c31-8a63-80a7663260fb}: [NameServer] 209.250.251.37 217.182.206.81
Tcpip\..\Interfaces\{7ee77e4d-e4fa-4135-9fa5-11f4f5776419}: [NameServer] 209.58.169.88 209.58.169.90
Tcpip\..\Interfaces\{91e9e8fe-4fa1-406b-91cb-3eaf17e137db}: [NameServer] 209.250.251.37 217.182.206.81
Tcpip\..\Interfaces\{b17686ac-cbbb-443a-8c43-130c5994f370}: [DhcpNameServer] 192.168.31.1
Tcpip\..\Interfaces\{b92df347-225a-4242-bc90-b2daec55e38d}: [NameServer] 209.250.251.37,217.182.206.81
Tcpip\..\Interfaces\{b92df347-225a-4242-bc90-b2daec55e38d}: [DhcpNameServer] 192.168.31.1
Tcpip\..\Interfaces\{d118079d-9af3-4212-929a-a365f73e2d78}: [NameServer] 10.128.62.1
Tcpip\..\Interfaces\{d118079d-9af3-4212-929a-a365f73e2d78}: [DhcpNameServer] 192.168.31.1
Tcpip\..\Interfaces\{d5562602-4af2-4d3f-a0df-062047793184}: [DhcpNameServer] 192.168.31.1
Tcpip\..\Interfaces\{e89205b6-4901-46b2-85e7-8ef4ff7e659f}: [DhcpNameServer] 192.168.31.1
Tcpip\..\Interfaces\{EB2D6FDC-2AA1-476D-9EA0-3457D0E32481}: [DhcpNameServer] 209.58.169.88 209.58.169.90

Internet Explorer:
==================
HKU\S-1-5-21-2953840584-32695445-2838772337-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2020-01-21] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> c:\program files (x86)\real\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2020-03-04] (RealNetworks, Inc. -> RealDownloader)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-01-12] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-02-18] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-02-18] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2020-01-21] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> c:\program files (x86)\real\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2020-03-04] (RealNetworks, Inc. -> RealDownloader)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2020-01-12] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-02-18] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-02-18] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-02-18] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-02-18] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2953840584-32695445-2838772337-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-02-18] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-07] (Microsoft Corporation -> Microsoft Corporation)

Edge:
======
Edge Notifications: HKU\S-1-5-21-2953840584-32695445-2838772337-1001 -> hxxps://www.facebook.com
Edge Extension: (No Name) -> EdgeExtension_TonecIncIDMIntegrationModule_e7b5mm5d3r6v2 => C:\Program Files\WindowsApps\TonecInc.IDMIntegrationModule_6.36.5.0_neutral__e7b5mm5d3r6v2 [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\pvsam\AppData\Local\Microsoft\Edge\User Data\Default [2020-07-11]
Edge Notifications: Default -> hxxps://www.facebook.com
Edge Extension: (IDM Integration Module) - C:\Users\pvsam\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\llbjbkhnmlidjebalopleeepgdfgcpec [2020-07-04]
Edge Extension: (IDM Integration Module) - C:\Users\pvsam\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2020-03-14]
Edge HKU\S-1-5-21-2953840584-32695445-2838772337-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2020-04-17]

FireFox:
========
FF DefaultProfile: 3nnmfxy3.default-1563947810795
FF ProfilePath: C:\Users\pvsam\AppData\Roaming\Mozilla\Firefox\Profiles\3nnmfxy3.default-1563947810795 [2020-07-15]
FF Session Restore: Mozilla\Firefox\Profiles\3nnmfxy3.default-1563947810795 -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\3nnmfxy3.default-1563947810795 -> hxxps://ww1.ouo.today
FF Extension: (Hoxx VPN Proxy) - C:\Users\pvsam\AppData\Roaming\Mozilla\Firefox\Profiles\3nnmfxy3.default-1563947810795\Extensions\@hoxx-vpn.xpi [2020-07-10]
FF Extension: (IDM Integration Module) - C:\Users\pvsam\AppData\Roaming\Mozilla\Firefox\Profiles\3nnmfxy3.default-1563947810795\Extensions\mozilla_cc3@internetdownloadmanager.com.xpi [2020-06-24]
FF Extension: (Cookie-Editor) - C:\Users\pvsam\AppData\Roaming\Mozilla\Firefox\Profiles\3nnmfxy3.default-1563947810795\Extensions\{c3c10168-4186-445c-9c5b-63f12b8e2c87}.xpi [2020-03-16]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2020-07-12] [Legacy]
FF HKU\S-1-5-21-2953840584-32695445-2838772337-1001\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (IDM Integration Module) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2020-03-04]
FF HKU\S-1-5-21-2953840584-32695445-2838772337-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\pvsam\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\pvsam\AppData\Roaming\IDM\idmmzcc5 [2019-04-03] [Legacy] [not signed]
FF HKU\S-1-5-21-2953840584-32695445-2838772337-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_387.dll [2020-06-09] (Adobe Inc. -> )
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.9.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-01-23] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_387.dll [2020-06-09] (Adobe Inc. -> )
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-12-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-01-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.1.20.206 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2020-03-16] (RealNetworks, Inc. -> RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.20.206 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2020-03-16] (RealNetworks, Inc. -> RealPlayer)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-02-18] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-01-23] (Adobe Systems Incorporated -> Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\pvsam\AppData\Local\Google\Chrome\User Data\Default [2020-07-14]
CHR Session Restore: Default -> is enabled.
CHR Extension: (Slides) - C:\Users\pvsam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-04-03]
CHR Extension: (Flash Video Downloader) - C:\Users\pvsam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2020-05-19]
CHR Extension: (Docs) - C:\Users\pvsam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-04-03]
CHR Extension: (Google Drive) - C:\Users\pvsam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-04-03]
CHR Extension: (YouTube) - C:\Users\pvsam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-04-03]
CHR Extension: (UiPath Web Automation) - C:\Users\pvsam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgencfabioofgdmhhjljpkbbchbikbh [2020-05-19]
CHR Extension: (Adobe Acrobat) - C:\Users\pvsam\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-06-25]
CHR Extension: (Sheets) - C:\Users\pvsam\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-04-03]
CHR Extension: (EditThisCookie) - C:\Users\pvsam\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2020-05-05]
CHR Extension: (Google Docs Offline) - C:\Users\pvsam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-06-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\pvsam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-30]
CHR Extension: (Gmail) - C:\Users\pvsam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\pvsam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-06-02]
CHR HKU\S-1-5-21-2953840584-32695445-2838772337-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dkgencfabioofgdmhhjljpkbbchbikbh] - C:\Users\pvsam\AppData\Local\UiPath\app-20.4.0\UiPath\BrowserExtension\uipath_extension_for_chrome.crx [2020-05-09]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-06-09] (Adobe Inc. -> Adobe)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3673680 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3406416 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [10574728 2020-06-23] (Microsoft Corporation -> Microsoft Corporation)
R2 hmevpnsvc; C:\Program Files (x86)\hide.me VPN\hidemesvc.exe [140960 2020-06-20] (eVenture Limited -> eVenture Limited)
S3 InventoriaService; C:\Program Files (x86)\NCH Software\Inventoria\inventoria.exe [1725472 2018-10-17] (NCH Software Pty Ltd -> NCH Software)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6933272 2020-03-08] (Malwarebytes Inc -> Malwarebytes)
R2 NeroBackItUpBackgroundService2021; C:\Program Files (x86)\Nero\Nero 2020\Nero BackItUp\NBService.exe [287000 2019-11-07] (Nero AG -> Nero AG)
R2 RealPlayerUpdateSvc; C:\program files (x86)\real\UpdateService\RealPlayerUpdateSvc.exe [38024 2020-03-04] (RealNetworks, Inc. -> RealNetworks, Inc.)
R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [990856 2020-03-16] (RealNetworks, Inc. -> RealNetworks, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4956856 2020-05-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-09-21] (Synaptics Incorporated -> Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13109776 2020-07-02] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 uSHAREitSvc; C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.Service.exe [33224 2017-09-11] (SHAREit Technologies Co.Ltd -> SHAREit Technologies Co.Ltd)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\NisSrv.exe [2496144 2020-07-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MsMpEng.exe [104192 2020-07-02] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\System32\drivers\athwbx.sys [3892224 2014-03-06] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-04-21] (Malwarebytes Corporation -> Malwarebytes)
R1 hideFirewall; C:\WINDOWS\System32\drivers\hideFirewall.sys [79488 2019-06-21] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [216056 2020-07-13] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-06-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [197264 2020-07-13] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73368 2020-07-13] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-06-03] (Malwarebytes Inc -> Malwarebytes)
S3 MonitorFunction; C:\WINDOWS\System32\drivers\lockscr.sys [24560 2019-01-21] (Remote Utilities LLC -> )
R3 Neo_VPN; C:\WINDOWS\System32\drivers\Neo6_x64_VPN.sys [37824 2019-07-03] (SoftEther Corporation -> SoftEther Corporation)
R3 SFEP; C:\WINDOWS\System32\drivers\SFEP.sys [15360 2013-06-28] (Microsoft Windows Hardware Compatibility Publisher -> Sony Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-09-21] (Synaptics Incorporated -> Synaptics Incorporated)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2019-11-18] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45976 2020-07-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [408816 2020-07-02] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64224 2020-07-02] (Microsoft Windows -> Microsoft Corporation)
S3 BTATH_VDP; \SystemRoot\system32\drivers\btath_vdp.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-07-15 12:31 - 2020-07-15 12:36 - 000035834 _____ C:\Users\pvsam\Desktop\FRST.txt
2020-07-15 12:14 - 2020-07-15 12:34 - 000000000 ____D C:\FRST
2020-07-15 12:09 - 2020-07-15 12:12 - 002292736 _____ (Farbar) C:\Users\pvsam\Desktop\FRST64.exe
2020-07-15 12:05 - 2020-07-15 12:08 - 000899584 _____ C:\Users\pvsam\Desktop\RGSA.exe
2020-07-15 12:05 - 2020-07-15 12:05 - 000001231 _____ C:\Users\pvsam\Downloads\Malware Bytes.txt
2020-07-14 23:24 - 2020-07-14 23:24 - 000000000 ___HD C:\OneDriveTemp
2020-07-14 23:17 - 2020-07-14 23:19 - 000464368 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-07-13 20:01 - 2020-07-13 20:01 - 000002750 _____ C:\Users\pvsam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UiPath Assistant.lnk
2020-07-13 12:08 - 2020-07-13 12:08 - 000216056 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-07-13 12:08 - 2020-07-13 12:08 - 000197264 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2020-07-13 12:08 - 2020-07-13 12:08 - 000073368 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-07-11 10:35 - 2020-07-11 10:37 - 000000000 ____D C:\Users\pvsam\AppData\Roaming\TechSmith
2020-07-11 10:34 - 2019-12-16 13:31 - 000000987 ____R C:\WINDOWS\system32\Drivers\etc\hosts.BAK
2020-07-11 10:30 - 2020-07-11 10:30 - 000000000 ____D C:\Users\pvsam\OneDrive\Documents\Camtasia
2020-07-11 10:30 - 2020-07-11 10:30 - 000000000 ____D C:\Users\pvsam\AppData\Local\TechSmith
2020-07-11 10:29 - 2020-07-11 10:29 - 000001171 _____ C:\Users\Public\Desktop\Camtasia 2019.lnk
2020-07-11 10:29 - 2020-07-11 10:29 - 000001171 _____ C:\ProgramData\Desktop\Camtasia 2019.lnk
2020-07-11 10:29 - 2020-07-11 10:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2020-07-11 10:27 - 2020-07-11 10:28 - 000000000 ____D C:\ProgramData\TechSmith
2020-07-11 10:27 - 2020-07-11 10:27 - 000000000 ____D C:\Program Files\TechSmith
2020-07-11 10:27 - 2020-07-11 10:27 - 000000000 ____D C:\Program Files\Common Files\TechSmith Shared
2020-07-11 10:09 - 2020-07-11 10:09 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2020-07-11 10:09 - 2020-07-11 10:09 - 000000000 ____D C:\Users\pvsam\AppData\Roaming\Skype
2020-07-10 23:02 - 2020-07-10 23:02 - 000000000 ____D C:\Users\pvsam\AppData\LocalLow\uTorrent
2020-07-10 11:26 - 2020-07-11 18:51 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-07-05 21:03 - 2020-07-05 21:03 - 000000000 ____D C:\Users\pvsam\OneDrive\Documents\RPA
2020-07-04 22:54 - 2020-07-04 22:54 - 000000000 ____D C:\Program Files (x86)\Realtek
2020-07-04 22:54 - 2014-02-14 14:18 - 000945880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2020-07-04 22:54 - 2014-02-14 14:06 - 054936576 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2020-07-04 22:54 - 2014-02-13 13:18 - 000747989 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2020-07-04 22:54 - 2014-02-07 14:52 - 002157704 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE.dll
2020-07-04 22:54 - 2014-02-06 11:49 - 002787544 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkAPO64.dll
2020-07-04 22:54 - 2014-02-06 08:58 - 005804772 _____ C:\WINDOWS\system32\Drivers\rtvienna.dat
2020-07-04 22:54 - 2014-02-05 06:53 - 002319960 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO6064.dll
2020-07-04 22:54 - 2014-02-03 22:15 - 028310104 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioVnA64.dll
2020-07-04 22:54 - 2014-02-03 22:15 - 014737496 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek64.dll
2020-07-04 22:54 - 2014-02-03 22:15 - 012793944 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO3064.dll
2020-07-04 22:54 - 2014-02-03 22:15 - 003923032 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioVnN64.dll
2020-07-04 22:54 - 2014-02-03 22:15 - 002101848 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll
2020-07-04 22:54 - 2014-02-03 22:15 - 002037336 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2020-07-04 22:54 - 2014-02-03 22:15 - 001932888 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek264.dll
2020-07-04 22:54 - 2014-02-03 22:15 - 001033304 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll
2020-07-04 22:54 - 2014-01-31 14:58 - 000938608 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO2064.dll
2020-07-04 22:54 - 2014-01-31 14:57 - 001313904 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxSpeechAPO64.dll
2020-07-04 22:54 - 2014-01-31 14:53 - 001419376 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO5064.dll
2020-07-04 22:54 - 2014-01-31 14:52 - 001419376 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO4064.dll
2020-07-04 22:54 - 2014-01-28 09:18 - 001286872 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2020-07-04 22:54 - 2014-01-20 16:41 - 002080472 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
2020-07-04 22:54 - 2014-01-16 23:32 - 000942384 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICAPOSettingsIPC.dll
2020-07-04 22:54 - 2014-01-16 23:29 - 005752072 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICAPOlfx.dll
2020-07-04 22:54 - 2014-01-10 04:22 - 000899320 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2020-07-04 22:54 - 2014-01-10 04:22 - 000724728 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2020-07-04 22:54 - 2014-01-10 04:21 - 001045752 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\slcnt64.dll
2020-07-04 22:54 - 2014-01-10 04:21 - 000245496 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2020-07-04 22:54 - 2014-01-03 13:32 - 001022680 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2020-07-04 22:54 - 2013-12-31 08:46 - 002825432 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2020-07-04 22:54 - 2013-12-27 12:28 - 000624344 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2020-07-04 22:54 - 2013-12-04 13:57 - 001958616 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2020-07-04 22:54 - 2013-10-16 01:13 - 000209096 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2020-07-04 22:54 - 2013-10-11 10:17 - 000113576 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2020-07-04 22:54 - 2013-10-06 21:56 - 000501184 _____ (DTS) C:\WINDOWS\system32\DTSU2PLFX64.dll
2020-07-04 22:54 - 2013-10-06 21:56 - 000487360 _____ (DTS) C:\WINDOWS\system32\DTSU2PGFX64.dll
2020-07-04 22:54 - 2013-10-06 21:56 - 000415680 _____ (DTS) C:\WINDOWS\system32\DTSU2PREC64.dll
2020-07-04 22:54 - 2013-10-01 14:41 - 002770976 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2020-07-04 22:54 - 2013-09-10 01:32 - 006217904 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2020-07-04 22:54 - 2013-09-10 01:32 - 000313520 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2020-07-04 22:54 - 2013-09-10 01:31 - 001938608 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2020-07-04 22:54 - 2013-09-10 01:31 - 000260272 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2020-07-04 22:54 - 2013-08-20 15:07 - 000605496 _____ C:\WINDOWS\system32\audioLibVc.dll
2020-07-04 22:54 - 2013-08-14 13:06 - 000662784 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll
2020-07-04 22:54 - 2013-08-14 13:05 - 000663296 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2020-07-04 22:54 - 2013-07-23 13:09 - 000790272 _____ (Waves Audio Ltd.) C:\WINDOWS\SysWOW64\MaxxAudioAPOShell.dll
2020-07-04 22:54 - 2013-06-25 10:17 - 000871856 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tossaeapo64.dll
2020-07-04 22:54 - 2013-06-25 10:17 - 000162224 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\toseaeapo64.dll
2020-07-04 22:54 - 2013-06-25 10:16 - 000582056 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosasfapo64.dll
2020-07-04 22:54 - 2013-06-21 08:31 - 000109848 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll
2020-07-04 22:54 - 2013-04-30 11:58 - 000916016 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
2020-07-04 22:54 - 2013-04-03 11:43 - 000906800 _____ (Sony Corporation) C:\WINDOWS\system32\MISS_APO.dll
2020-07-04 22:54 - 2012-08-31 16:48 - 007164176 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2020-07-04 22:54 - 2012-08-31 16:47 - 000434960 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2020-07-04 22:54 - 2012-08-31 16:47 - 000141584 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2020-07-04 22:54 - 2012-08-31 16:47 - 000124176 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2020-07-04 22:54 - 2012-08-31 16:47 - 000075024 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2020-07-04 22:54 - 2012-03-08 09:17 - 000108640 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2020-07-04 22:54 - 2012-01-30 09:13 - 000836544 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll
2020-07-04 22:54 - 2012-01-10 07:50 - 000065944 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll
2020-07-04 22:54 - 2011-12-20 13:02 - 000331880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2020-07-04 22:54 - 2011-09-02 11:51 - 000221024 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2020-07-04 22:54 - 2011-09-02 11:51 - 000081248 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2020-07-04 22:54 - 2011-09-02 11:51 - 000078688 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2020-07-04 22:54 - 2011-08-23 14:30 - 000603984 _____ (Knowles Acoustics ) C:\WINDOWS\system32\KAAPORT64.dll
2020-07-04 22:54 - 2011-05-31 07:12 - 001756264 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2020-07-04 22:54 - 2011-05-31 07:12 - 001568360 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2020-07-04 22:54 - 2011-05-31 07:12 - 001486952 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2020-07-04 22:54 - 2011-05-31 07:12 - 000728680 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2020-07-04 22:54 - 2011-05-31 07:12 - 000712296 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2020-07-04 22:54 - 2011-05-31 07:12 - 000693352 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2020-07-04 22:54 - 2011-05-31 07:12 - 000491112 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2020-07-04 22:54 - 2011-05-31 07:12 - 000432744 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2020-07-04 22:54 - 2011-05-31 07:12 - 000428648 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2020-07-04 22:54 - 2011-05-31 07:12 - 000242792 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2020-07-04 22:54 - 2011-05-31 07:12 - 000242792 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2020-07-04 22:54 - 2011-05-31 07:12 - 000241768 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2020-07-04 22:54 - 2011-03-17 09:47 - 001361336 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll
2020-07-04 22:54 - 2011-03-07 14:41 - 000148416 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll
2020-07-04 22:54 - 2010-11-08 05:01 - 000375128 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2020-07-04 22:54 - 2010-11-08 05:01 - 000310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2020-07-04 22:54 - 2010-11-08 05:01 - 000310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2020-07-04 22:54 - 2010-11-08 05:01 - 000204120 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2020-07-04 22:54 - 2010-11-08 05:01 - 000101208 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2020-07-04 22:54 - 2010-11-08 05:01 - 000078680 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2020-07-04 22:54 - 2010-11-03 16:00 - 000149608 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2020-07-04 22:54 - 2010-09-27 07:04 - 000318808 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2020-07-04 22:54 - 2010-07-22 14:18 - 000074064 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2020-07-04 22:54 - 2009-11-24 07:25 - 000518896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2020-07-04 22:54 - 2009-11-24 07:25 - 000211184 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2020-07-04 22:54 - 2009-11-24 07:25 - 000198896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2020-07-04 22:54 - 2009-11-24 07:25 - 000155888 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2020-07-04 22:47 - 2020-07-04 22:56 - 000000000 ___HD C:\Program Files (x86)\Temp
2020-07-04 22:36 - 2020-07-04 22:37 - 000000000 ____D C:\ProgramData\Atheros
2020-07-04 22:36 - 2020-07-04 22:36 - 000000000 ____D C:\Users\pvsam\AppData\Roaming\Atheros
2020-07-04 22:27 - 2020-07-04 22:29 - 000000000 ____D C:\Program Files\Common Files\QCA_Bluetooth
2020-07-03 17:57 - 2020-07-03 17:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mylio
2020-07-03 17:57 - 2020-07-03 17:57 - 000000000 ____D C:\Program Files\Mylio
2020-07-03 17:46 - 2020-07-03 17:47 - 000000000 ____D C:\Users\pvsam\Mylio
2020-07-03 17:45 - 2020-07-03 17:57 - 000000000 ____D C:\Users\pvsam\AppData\Local\Mylio
2020-07-03 13:32 - 2020-07-15 12:23 - 000001192 _____ C:\Users\pvsam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toolkit.lnk
2020-07-03 13:32 - 2020-07-03 13:32 - 000001010 _____ C:\Users\Public\Desktop\Toolkit.lnk
2020-07-03 13:32 - 2020-07-03 13:32 - 000001010 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toolkit.lnk
2020-07-03 13:32 - 2020-07-03 13:32 - 000001010 _____ C:\ProgramData\Desktop\Toolkit.lnk
2020-07-03 13:32 - 2020-07-03 13:32 - 000000000 ____D C:\Program Files (x86)\Toolkit
2020-07-03 13:29 - 2020-07-15 12:34 - 000000000 ____D C:\Users\pvsam\AppData\Roaming\Toolkit

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-07-15 12:28 - 2019-12-07 14:44 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-07-15 12:23 - 2020-05-30 15:07 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-07-15 12:23 - 2019-04-03 16:21 - 000000000 ___RD C:\Users\pvsam\OneDrive
2020-07-15 12:22 - 2019-12-07 14:43 - 000000000 ____D C:\WINDOWS\INF
2020-07-15 12:18 - 2020-05-30 15:22 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-07-15 12:18 - 2020-05-30 14:46 - 000008192 ___SH C:\DumpStack.log.tmp
2020-07-15 12:18 - 2020-05-30 14:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-07-15 12:18 - 2019-12-07 14:44 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-07-15 12:18 - 2019-05-03 10:13 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-07-15 11:37 - 2019-04-03 16:28 - 000000000 ____D C:\Users\pvsam\AppData\LocalLow\Mozilla
2020-07-15 11:33 - 2020-05-30 14:55 - 000000000 ____D C:\Users\pvsam
2020-07-15 09:50 - 2020-03-14 14:02 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-07-15 09:50 - 2020-03-14 14:02 - 000002259 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-07-15 09:50 - 2020-03-14 14:02 - 000002259 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-07-15 09:41 - 2020-05-30 15:22 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{DB785866-6B07-4009-A38C-9F12204A5356}
2020-07-15 09:38 - 2020-05-30 15:22 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2020-07-15 09:37 - 2020-06-07 10:20 - 000000000 ____D C:\Users\pvsam\AppData\Local\CrashDumps
2020-07-14 23:28 - 2019-04-03 16:45 - 000000000 ____D C:\Users\pvsam\AppData\Roaming\DMCache
2020-07-14 23:14 - 2019-04-03 16:51 - 000000000 ____D C:\Users\pvsam\AppData\Roaming\vlc
2020-07-14 20:04 - 2019-05-19 10:27 - 000000000 ____D C:\Users\pvsam\AppData\Local\ElevatedDiagnostics
2020-07-14 20:04 - 2019-04-29 22:28 - 000000000 ____D C:\Users\pvsam\AppData\LocalLow\Temp
2020-07-14 16:04 - 2019-12-07 14:44 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-07-14 13:50 - 2020-05-09 10:30 - 000000000 ____D C:\Users\pvsam\AppData\Roaming\robot-agent
2020-07-13 20:01 - 2019-07-12 10:53 - 000002230 _____ C:\Users\pvsam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UiPath Studio.lnk
2020-07-13 20:01 - 2019-07-12 10:51 - 000000000 ____D C:\Users\pvsam\AppData\Local\UiPath
2020-07-12 22:04 - 2020-05-30 15:22 - 000003478 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-07-12 22:04 - 2020-05-30 15:22 - 000003354 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-07-12 17:14 - 2019-04-03 16:45 - 000000000 ____D C:\Users\pvsam\Downloads\Video
2020-07-12 13:34 - 2019-12-07 14:33 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2020-07-11 19:27 - 2019-04-03 16:34 - 000000000 ____D C:\Users\pvsam\OneDrive\Documents\Bluetooth Folder
2020-07-11 18:51 - 2019-07-24 11:24 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-07-11 18:50 - 2019-12-07 14:33 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2020-07-11 10:51 - 2019-04-03 17:22 - 000000000 ____D C:\Program Files\CCleaner
2020-07-11 10:49 - 2019-04-21 08:59 - 000000000 ____D C:\Users\pvsam\OneDrive\Documents\CC
2020-07-11 10:43 - 2020-04-19 11:53 - 000001553 _____ C:\Users\pvsam\Desktop\Duplicate File Remover.lnk
2020-07-11 10:42 - 2019-04-03 16:45 - 000000000 ____D C:\Users\pvsam\Downloads\Compressed
2020-07-11 10:36 - 2020-01-04 09:28 - 000000000 ____D C:\Program Files\Remo Duplicate File Remover 1.0
2020-07-11 10:25 - 2019-04-26 13:25 - 000000000 ____D C:\ProgramData\Package Cache
2020-07-11 10:08 - 2019-07-24 11:24 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-07-10 23:48 - 2019-04-03 17:28 - 000000000 ____D C:\Users\pvsam\AppData\Roaming\uTorrent
2020-07-10 23:02 - 2019-04-03 17:28 - 000000000 ____D C:\Users\pvsam\AppData\Local\BitTorrentHelper
2020-07-10 15:01 - 2018-09-15 13:01 - 000000155 _____ C:\WINDOWS\win.ini
2020-07-10 11:02 - 2019-12-07 14:44 - 000000000 ___HD C:\Program Files\WindowsApps
2020-07-09 12:46 - 2020-05-30 15:22 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-07-07 13:54 - 2019-04-03 16:14 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2020-07-04 22:55 - 2019-04-03 15:57 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2020-07-04 22:54 - 2020-06-08 12:15 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2020-07-04 22:30 - 2020-06-08 12:15 - 000000000 ____D C:\Program Files (x86)\Qualcomm Atheros
2020-07-04 09:54 - 2019-08-17 14:06 - 000000000 ____D C:\Users\pvsam\OneDrive\Documents\Publications
2020-07-03 13:38 - 2019-04-03 15:54 - 000000000 ____D C:\Users\pvsam\AppData\Local\Packages
2020-07-02 08:42 - 2019-04-04 04:03 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-06-25 19:14 - 2020-05-30 15:22 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2953840584-32695445-2838772337-1001
2020-06-25 19:14 - 2020-05-30 14:55 - 000002363 _____ C:\Users\pvsam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-06-25 09:22 - 2019-04-03 16:31 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-06-25 09:22 - 2019-04-03 16:31 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-06-25 09:22 - 2019-04-03 16:31 - 000002260 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-06-20 13:12 - 2019-12-07 13:03 - 000000000 ____D C:\Program Files (x86)\hide.me VPN
2020-06-19 10:12 - 2019-04-03 16:19 - 000000000 ____D C:\Users\pvsam\AppData\Local\PlaceholderTileLogoFolder
2020-06-18 13:28 - 2019-12-16 12:27 - 000000916 _____ C:\Users\Public\Desktop\VLC media player.lnk
2020-06-18 13:28 - 2019-12-16 12:27 - 000000916 _____ C:\ProgramData\Desktop\VLC media player.lnk

==================== Files in the root of some directories ========

2019-04-06 20:09 - 2019-04-06 20:09 - 000000000 _____ () C:\Users\pvsam\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================



#3 koolsam

koolsam

    SWI Junkie

  • Full Member
  • PipPipPipPip
  • 270 posts

Posted 15 July 2020 - 01:26 AM

Here I am Attaching Additions.txt File

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-07-2020 01
Ran by pvsam (15-07-2020 12:37:12)
Running from C:\Users\pvsam\Desktop
Windows 10 Pro Version 2004 19041.329 (X64) (2020-05-30 09:55:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2953840584-32695445-2838772337-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2953840584-32695445-2838772337-503 - Limited - Disabled)
Guest (S-1-5-21-2953840584-32695445-2838772337-501 - Limited - Disabled)
pvsam (S-1-5-21-2953840584-32695445-2838772337-1001 - Administrator - Enabled) => C:\Users\pvsam
WDAGUtilityAccount (S-1-5-21-2953840584-32695445-2838772337-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2953840584-32695445-2838772337-1001\...\uTorrent) (Version: 3.5.5.45672 - BitTorrent Inc.)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.387 - Adobe)
AllDup 4.4.24 (HKLM-x32\...\AllDup_is1) (Version: 4.4.24 - Michael Thummerer Software Design)
AudioConverter (HKLM-x32\...\Total Audio Converter_is1) (Version:  - Helmsman, Inc.)
Camtasia 2019 (HKLM\...\{FF10C4F0-9186-405F-809D-D2E8D5E39448}) (Version: 19.0.10.17662 - TechSmith Corporation) Hidden
Camtasia 2019 (HKLM-x32\...\{03e048a7-3690-409c-b9c4-27612f78bd68}) (Version: 19.0.10.17662 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.65 - Piriform)
DiskMax 6.02 (HKLM\...\DiskMax) (Version: 6.02 - KoshyJohn.com)
DjVuLibre+DjView (HKLM-x32\...\DjVuLibre+DjView) (Version: 3.5.23b+4.6 - DjVuZone)
Duplicate File Remover (HKLM-x32\...\{5AFA81C6-6DE9-49b0-B2C1-D53763632D59}_is1) (Version: 3.10 - Essential Data Tools)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 83.0.4103.116 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
hide.me VPN 3.4.1 (HKLM-x32\...\{0E00BDA5-7998-4889-BE4B-39A4BBD2EDFB}_is1) (Version: 3.4.1 - eVenture Limited)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Inventoria Stock Manager (HKLM-x32\...\Inventoria) (Version: 4.03 - NCH Software)
iResizer 3.0 (HKLM\...\{FD071DBA-2994-4350-93BB-EC245D0D3C74}_is1) (Version:  - teorex)
JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 83.0.478.64 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.133.5 - )
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.13001.20266 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2953840584-32695445-2838772337-1001\...\OneDriveSetup.exe) (Version: 20.084.0426.0007 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Mozilla Firefox 78.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 78.0.2 (x64 en-US)) (Version: 78.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.0.1 - Mozilla)
Mylio (HKLM\...\{39AF694C-3A58-454D-9A56-BE8DF299604E}) (Version: 3.8.6658.0 - Mylio, LLC) Hidden
Mylio (HKLM-x32\...\{d078fcde-7cae-458a-9e19-e454dc038914}) (Version: 3.8.6658.0 - Mylio, LLC)
Nero 2020 (HKLM-x32\...\{B42E5135-9890-427E-A109-89678F7CBC4D}) (Version: 22.0.01700 - Nero AG)
Nero Core (HKLM-x32\...\{DA8F04F7-D838-4225-BFD3-0B0997A6B2F2}) (Version: 2.0.05500 - Nero AG)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 21.0.1007 - Nero AG)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13001.20144 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13001.20144 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13001.20266 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13001.20144 - Microsoft Corporation) Hidden
Prerequisite installer (HKLM-x32\...\{964E6898-DEF3-445B-BDCE-EF5089DD7574}) (Version: 22.0.0005 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.320 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.31 - Qualcomm Atheros)
RealDownloader (HKLM-x32\...\{F1FFBA3D-C08F-41E4-98B2-07144A4928A9}) (Version: 18.1.20.206 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.20 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7177 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Remo Duplicate File Remover (HKLM\...\{AFD24778-C2B9-41AC-881C-1E0DD7E07A7A}_is1) (Version: 1.0.0.3 - Remo Software)
SHAREit (HKLM-x32\...\www.ushareit.com_is1) (Version: 4.0.6.177 - SHAREit Technologies Co.Ltd)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.15.2 - Synaptics Incorporated)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.7.7 - TeamViewer)
Toolkit (HKLM-x32\...\Toolkit) (Version: 1.8.4.43 - Seagate)
UiPath Studio (HKU\S-1-5-21-2953840584-32695445-2838772337-1001\...\UiPath) (Version: 20.4.3 - UiPath)
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
vc2012_redist (HKLM-x32\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
VisiPics V1.31 (HKLM-x32\...\VisiPics_is1) (Version:  - Ozone)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
WiFi+Transfer (HKLM-x32\...\{9E363AFB-7AA6-49AF-8911-505761B75DC0}) (Version: 1.0.3078 - Nero AG)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23072 - Microsoft Corporation)
Windows Driver Package - IVT Corporation (Btcsrusb) Bluetooth Device  (12/22/2017 6.2.84.276) (HKLM\...\5904AD65D5DEFFD8294BF5DB998020688E567249) (Version: 12/22/2017 6.2.84.276 - IVT Corporation)
Windows Driver Package - Realtek (rt640x64) Net  (12/06/2018 10.032.1206.2018) (HKLM\...\2EED619D04E612310FFD11C95F9B85C9C0F915D7) (Version: 12/06/2018 10.032.1206.2018 - Realtek)
Windows Driver Package - Remote Utilities LLC (MonitorFunction) Monitor  (01/21/2019 16.10.46.576) (HKLM\...\D1A359D7AACFA04424BDDA9BA49C81EB248799E3) (Version: 01/21/2019 16.10.46.576 - Remote Utilities LLC)
Windows Driver Package - Sony Corporation (SFEP) HIDClass  (06/28/2013 8.0.2.5) (HKLM\...\B940BC5DB4B0CF843172EB3A73F4C2EE013A1E63) (Version: 06/28/2013 8.0.2.5 - Sony Corporation)
WinZip 24.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24121}) (Version: 24.0.13618 - Corel Corporation)

Packages:
=========
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.39.4.0_x86__kgqvnymyfvs32 [2020-06-26] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1800.1.0_x86__kgqvnymyfvs32 [2020-06-30] (king.com)
Cooking Fever -> C:\Program Files\WindowsApps\Nordcurrent.CookingFever_8.0.0.4_x86__m9bz608c1b9ra [2020-06-08] (Nordcurrent)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.2.169.0_x64__rz1tebttyb220 [2020-06-08] (Dolby Laboratories)
Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2020-06-08] (Fitbit)
IDM Integration Module -> C:\Program Files\WindowsApps\TonecInc.IDMIntegrationModule_6.38.1.0_neutral__e7b5mm5d3r6v2 [2020-07-03] (Tonec FZE)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-06-08] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-06-08] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-06-08] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-06-08] (Microsoft Corporation) [MS Ad]
Photo Editor | Polarr -> C:\Program Files\WindowsApps\613EBCEA.PolarrPhotoEditorAcademicEdition_5.10.200.0_x64__jb41c8remg0x2 [2020-06-08] (Polarr)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c [2020-07-10] (Skype) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2953840584-32695445-2838772337-1001_Classes\CLSID\{930e604a-cc01-4d06-8d7a-5a07914f3afb}\localserver32 -> C:\Program Files\TechSmith\Camtasia 2019\CamtasiaStudio.exe (TechSmith Corporation -> TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-2953840584-32695445-2838772337-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.WinZipExpressForOffice.dll (Corel Corporation -> )
ShellIconOverlayIdentifiers: [            IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2019-05-02] (Tonec Inc. -> Tonec Inc.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvAppExt.dll [2014-04-02] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
ContextMenuHandlers1-x32: [TotalConverter] -> {280CFDE1-1354-4431-92F3-03073BA593FB} => C:\Program Files (x86)\TotalAudioConverter\axTotalConverter.dll [2005-11-11] () [File not signed]
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2019-08-30] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ShellContextExt.dll [2014-04-02] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcontextmenu.dll [2020-03-16] (RealNetworks, Inc. -> RealNetworks, Inc.)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2019-08-30] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [Fast Explorer] -> {693BE9C0-BEC3-11D2-B4C1-C33BBD3AD64B} => C:\ProgramData\AllDup\FEShlExt.dll [2008-08-21] (Alex Yakovlev) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2019-08-30] (Corel Corporation -> WinZip Computing)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\pvsam\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm

==================== Loaded Modules (Whitelisted) =============

2014-04-02 02:25 - 2014-04-02 02:25 - 000011264 _____ () [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-04-02 02:22 - 2014-04-02 02:22 - 000086016 _____ () [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2020-04-17 22:51 - 2020-04-17 22:51 - 000165376 _____ () [File not signed] C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.2.169.0_x64__rz1tebttyb220\DAXRPCClient.dll
2020-04-17 22:51 - 2020-04-17 22:51 - 037219328 _____ () [File not signed] C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.2.169.0_x64__rz1tebttyb220\DolbyAccess.dll
2020-04-17 22:51 - 2020-04-17 22:51 - 001165824 _____ () [File not signed] C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.2.169.0_x64__rz1tebttyb220\e_sqlite3.dll
2014-04-02 02:29 - 2014-04-02 02:29 - 000033408 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\CommApi.dll
2014-04-02 02:29 - 2014-04-02 02:29 - 000203392 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\FolderViewImpl.dll
2014-04-02 02:29 - 2014-04-02 02:29 - 000085632 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\GattI.dll
2014-04-02 02:29 - 2014-04-02 02:29 - 000126592 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\gatts.DLL
2014-04-02 02:29 - 2014-04-02 02:29 - 000083072 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Handsfree.dll
2014-04-02 02:29 - 2014-04-02 02:29 - 000034432 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ipc.dll
2014-04-02 02:30 - 2014-04-02 02:30 - 000063104 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ModuleManager.dll
2014-04-02 02:30 - 2014-04-02 02:30 - 001067648 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\OutLookLib.dll
2014-04-02 02:30 - 2014-04-02 02:30 - 000130176 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\skypeagent.dll
2014-04-02 02:30 - 2014-04-02 02:30 - 000027264 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\TCPConnection.dll
2014-04-02 02:30 - 2014-04-02 02:30 - 000116352 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\utils.dll
2014-04-02 02:23 - 2014-04-02 02:23 - 000308224 _____ (Qualcomm Atheros Commnucations) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\LE\LE.dll
2014-04-02 02:24 - 2014-04-02 02:24 - 000210432 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Audio\audio.dll
2014-04-02 02:25 - 2014-04-02 02:25 - 000162304 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\BasicPrintProfile\BPP.dll
2014-04-02 02:25 - 2014-04-02 02:25 - 000177152 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\BIP\BIP.dll
2014-04-02 02:22 - 2014-04-02 02:22 - 000018432 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\DID\DId.dll
2014-04-02 02:22 - 2014-04-02 02:22 - 000035840 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\FAX\Fax.dll
2014-04-02 02:24 - 2014-04-02 02:24 - 000421888 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\FileTransfer\FileTransfer.dll
2014-04-02 02:24 - 2014-04-02 02:24 - 000096256 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\GapSdp\GapSdp.dll
2014-04-02 02:19 - 2014-04-02 02:19 - 000097792 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\goep\goep.dll
2014-04-02 02:22 - 2014-04-02 02:22 - 000029696 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\HCRP\Hcrp.dll
2014-04-02 02:23 - 2014-04-02 02:23 - 000142848 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\HealthDevice\HDP.dll
2014-04-02 02:25 - 2014-04-02 02:25 - 000091136 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\L2capLib\l2caplib.dll
2014-04-02 02:19 - 2014-04-02 02:19 - 000181248 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\OppOperation\ObjPush.dll
2014-04-02 02:25 - 2014-04-02 02:25 - 000066048 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\OppOperation\OppOperation.dll
2014-04-02 02:24 - 2014-04-02 02:24 - 000067072 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\pbap\pbap.dll
2014-04-02 02:25 - 2014-04-02 02:25 - 000063488 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\RfcommLib\rfcommlib.dll
2014-04-02 02:24 - 2014-04-02 02:24 - 000097280 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\sap\sap.dll
2014-04-02 02:25 - 2014-04-02 02:25 - 000087552 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\SesMgr\sesmgr.dll
2014-04-02 02:24 - 2014-04-02 02:24 - 000055296 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\spp\spp.dll
2014-04-02 02:23 - 2014-04-02 02:23 - 000064512 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Sync\Sync.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2953840584-32695445-2838772337-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2953840584-32695445-2838772337-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 13:01 - 2020-07-14 23:28 - 000000985 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1       ocsp.globalsign.com
127.0.0.1       ocsp2.globalsign.com
127.0.0.1       iam.nero.com
127.0.0.1       2.19.38.243

2019-04-22 10:51 - 2019-11-16 11:57 - 000000522 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
192.168.137.99 android-231039eee637848a.mshome.net # 2019 11 6 23 6 27 17 38
192.168.137.1 DESKTOP-4RH6A7H.mshome.net # 2024 11 4 14 6 27 17 38

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2953840584-32695445-2838772337-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\pvsam\OneDrive\Pictures\Red Dark Blue Floral Illustration Spring Desktop Wallpaper.png
DNS Servers: 192.168.31.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk"
HKLM\...\StartupApproved\Run: => "WinZip UN"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "RealDownloader"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKU\S-1-5-21-2953840584-32695445-2838772337-1001\...\StartupApproved\Run: => "uTorrent"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{EE44ED0E-C709-431C-A1C7-A827C6700BBE}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
FirewallRules: [{3D7EF99C-5C79-4F27-87B4-2BC6205E5026}] => (Allow) C:\Program Files (x86)\Nero\Transfer\Transfer.exe (Nero AG -> Nero AG)
FirewallRules: [{044F6A0B-C92B-4FA2-9819-A8245313D352}] => (Allow) C:\Program Files (x86)\Nero\Nero 2020\Nero Burning ROM\nero.exe (Nero AG -> Nero AG)
FirewallRules: [{79433D15-748C-4A95-9812-A09B9891A2C5}] => (Allow) C:\Program Files (x86)\Nero\Nero 2020\Nero MediaHome\MediaHome.exe (Nero AG -> Nero AG)
FirewallRules: [{50A22E01-07DD-49A4-9B8F-384D4AF0E642}] => (Allow) C:\Program Files (x86)\Nero\Nero 2020\Nero MediaHome\NMDllHost.exe (Nero AG -> Nero AG)
FirewallRules: [{9F6710F4-6DCE-4CA6-A636-E60ED6CCAB87}] => (Allow) C:\Program Files (x86)\Nero\Nero 2020\Nero Burning ROM\StartNBR.exe (Nero AG -> Nero AG)
FirewallRules: [{BCD311B9-4E2A-441E-BE50-476473DF8251}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BFA2BB71-DE8C-4649-A298-92126980667F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{989FE10D-183F-4993-BAA3-087DDFC4758B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CB9091C6-680A-41C0-A22E-FF80BB8603E2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C3F7788A-B438-4853-AEC5-A4BF8E3F2A45}] => (Allow) C:\Users\pvsam\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{87AC2462-A731-43AD-BF08-A47584A1AFB5}] => (Allow) C:\Users\pvsam\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{8D1A0A4C-0D1E-4B6C-BF6E-7FA20B8D4F4D}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{A30D86CB-13B7-43C9-BBA1-6D36D051F7C1}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{800E414C-C949-4A22-855B-8FB96F622542}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5B3EC049-C85E-4153-B152-873843510262}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7468D9DF-6D16-4CBE-B180-AE68AAC8AECA}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe (SHAREit Technologies Co.Ltd -> SHAREit Technologies Co.Ltd)
FirewallRules: [{C748847D-3817-41D1-BCA7-97B8BE71E2DF}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe (SHAREit Technologies Co.Ltd -> SHAREit Technologies Co.Ltd)
FirewallRules: [{F2036A51-644D-4474-9C65-F1617927344A}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe (SHAREit Technologies Co.Ltd -> SHAREit Technologies Co.Ltd)
FirewallRules: [{AB6F2698-A5C5-45B6-A407-CF033869417C}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe (SHAREit Technologies Co.Ltd -> SHAREit Technologies Co.Ltd)
FirewallRules: [{6D956E48-E34E-4CA8-83D8-CB37DF6E11AB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{5C1064D5-FF70-4859-817A-3FC7C05EC9F0}C:\program files (x86)\toolkit\toolkit.exe] => (Allow) C:\program files (x86)\toolkit\toolkit.exe (SEAGATE TECHNOLOGY LLC -> Seagate Technology LLC)
FirewallRules: [UDP Query User{F633B217-657A-4431-8305-2B490DD51331}C:\program files (x86)\toolkit\toolkit.exe] => (Allow) C:\program files (x86)\toolkit\toolkit.exe (SEAGATE TECHNOLOGY LLC -> Seagate Technology LLC)
FirewallRules: [{03115B89-A6DF-409C-8A3E-AF078899D5E6}] => (Allow) C:\Program Files\Mylio\Mylio.exe (MYLIO, LLC -> Mylio LLC)
FirewallRules: [{CCC1081B-E680-4CBA-B4F5-1B49A7F3F7FD}] => (Allow) C:\Program Files\Mylio\Mylio.exe (MYLIO, LLC -> Mylio LLC)
FirewallRules: [{1F2AD601-B896-4DBC-8A1B-5FC0A268DC7F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{77AFDEA3-6BAF-4794-B3EA-70E6DA702C8D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{43B9E56D-719C-47AE-8739-26B87FAFA64D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8FE7D17E-CEC4-4508-A1E0-A0E0F37F5515}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A4DB0FAC-A2FD-4428-874E-779A024E9B8A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5CCEF870-1E59-4621-8048-CAD452D1C879}] => (Allow) LPort=8320
FirewallRules: [{91C675CD-CE7B-470A-9205-FE3374294AEF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{D52775B4-767E-44BF-9BCC-D22A3C0A9D15}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{9D719437-40E8-49FB-9C62-6D1A8F57D608}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{03233BAB-C93B-4E56-AAB4-22EF91D7AE12}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

==================== Restore Points =========================

13-07-2020 14:04:34 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (07/15/2020 12:41:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.19041.329, time stamp: 0xb584d6c9
Faulting module name: ntdll.dll, version: 10.0.19041.207, time stamp: 0xcad89ab4
Exception code: 0xc0000374
Fault offset: 0x00000000000fdec9
Faulting process id: 0x19bc
Faulting application start time: 0x01d65a742a99dfc5
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: a78d0041-c021-4698-b5a1-52ac915b91ab
Faulting package full name:
Faulting package-relative application ID:

Error: (07/15/2020 12:21:58 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
    The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (07/15/2020 12:21:57 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
    The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (07/15/2020 12:21:57 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (07/15/2020 12:21:56 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (07/15/2020 12:21:51 PM) (Source: Windows Search Service) (EventID: 3057) (User: )
Description: The plug-in manager <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application

Details:
    (HRESULT : 0x8e5e0203) (0x8e5e0203)

Error: (07/15/2020 12:21:48 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
    The content index catalog is corrupt.   0xc0041801 (0xc0041801)

Error: (07/15/2020 12:21:15 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4810 - onecoreuap\base\appmodel\search\search\ytrip\common\util\jetutil.cpp (271)}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
     0x8e5e0203 (0x8e5e0203)


System errors:
=============
Error: (07/15/2020 12:25:05 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.

Error: (07/15/2020 12:22:44 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.

Error: (07/15/2020 12:22:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/15/2020 12:22:00 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with the following service-specific error:
%%2147749126

Error: (07/15/2020 12:18:14 PM) (Source: RtlWlanu) (EventID: 5003) (User: )
Description: TP-Link Wireless USB Adapter #4 : Could not find a network adapter.

Error: (07/15/2020 12:17:49 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.

Error: (07/15/2020 12:18:18 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:12:09 PM on ‎7/‎15/‎2020 was unexpected.

Error: (07/15/2020 12:14:57 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-4RH6A7H)
Description: The server {389510B7-9E58-40D7-98BF-60B911CB0EA9} did not register with DCOM within the required timeout.


==================== Memory info ===========================

BIOS: Insyde Corp. R0200E6 04/02/2012
Motherboard: Sony Corporation VAIO
Processor: Intel® Core™ i3-2370M CPU @ 2.40GHz
Percentage of memory in use: 41%
Total physical RAM: 8092.36 MB
Available physical RAM: 4762.27 MB
Total Virtual: 9372.36 MB
Available Virtual: 6145.94 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:89.2 GB) (Free:38.29 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (New Volume) (Fixed) (Total:58.89 GB) (Free:9.05 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:100 GB) (Free:99.85 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:50 GB) (Free:5.59 GB) NTFS


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 57C7EF15)
Partition 1: (Active) - (Size=89.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=58.9 GB) - (Type=0F Extended)

==================== End of Addition.txt =======================



#4 koolsam

koolsam

    SWI Junkie

  • Full Member
  • PipPipPipPip
  • 270 posts

Posted 15 July 2020 - 01:28 AM

Attaching SALog

 

Result of Security Analysis by Rocket Grannie (x86) Updated: 04th, June 2020
Running from:C:\Users\pvsam\Desktop (12:45:22 - 07/15/2020)
***---------------------------------------------------------***
Microsoft Windows 10 Pro X64
UAC is Enabled
Internet Explorer 11
Default Browser: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
***------------Antivirus - Antispyware - Firewall-----------***
Windows Defender (Disabled - up to Date)
Malwarebytes (Enabled - up to Date)
Windows Defender (Enabled - up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI (32.0.0.387)
CCleaner (5.65) ==> is out of Date
Google Chrome (83.0.4103.116)
Malwarebytes (4.1.0.56)
Mozilla Firefox (78.0.2)

***----------------Analysis Complete-------------------------***



#5 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,376 posts

Posted 15 July 2020 - 05:02 AM

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 
Press the windows key Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
 
start::
 
CreateRestorePoint:
CloseProcesses:
 
IFEO\osppsvc.exe: [Debugger] rundll32.exe SppExtComObjHook.dll,PatcherMain
IFEO\SppExtComObj.exe: [Debugger] rundll32.exe SppExtComObjHook.dll,PatcherMain
CHR HKU\S-1-5-21-2953840584-32695445-2838772337-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Edge Extension: (No Name) -> EdgeExtension_TonecIncIDMIntegrationModule_e7b5mm5d3r6v2 => C:\Program Files\WindowsApps\TonecInc.IDMIntegrationModule_6.36.5.0_neutral__e7b5mm5d3r6v2 [not found]
FF Notifications: Mozilla\Firefox\Profiles\3nnmfxy3.default-1563947810795 -> hxxps://ww1.ouo.today
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
 
IE trusted site: HKU\S-1-5-21-2953840584-32695445-2838772337-1001\...\webcompanion.com -> hxxp://webcompanion.com
 
EmptyTemp:
 
End::
 
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.
 
Run FRST and click Fix only once and wait.
 
The tool will create a log (Fixlog.txt) please post it to your reply.
===
 
Is the problem solved?

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#6 koolsam

koolsam

    SWI Junkie

  • Full Member
  • PipPipPipPip
  • 270 posts

Posted 15 July 2020 - 06:26 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-07-2020 01
Ran by pvsam (15-07-2020 17:26:41) Run:1
Running from C:\Users\pvsam\Desktop
Loaded Profiles: pvsam
Boot Mode: Normal
==============================================

fixlist content:
*****************
 
CreateRestorePoint:
CloseProcesses:
 
IFEO\osppsvc.exe: [Debugger] rundll32.exe SppExtComObjHook.dll,PatcherMain
IFEO\SppExtComObj.exe: [Debugger] rundll32.exe SppExtComObjHook.dll,PatcherMain
CHR HKU\S-1-5-21-2953840584-32695445-2838772337-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Edge Extension: (No Name) -> EdgeExtension_TonecIncIDMIntegrationModule_e7b5mm5d3r6v2 => C:\Program Files\WindowsApps\TonecInc.IDMIntegrationModule_6.36.5.0_neutral__e7b5mm5d3r6v2 [not found]
FF Notifications: Mozilla\Firefox\Profiles\3nnmfxy3.default-1563947810795 -> hxxps://ww1.ouo.today
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
 
IE trusted site: HKU\S-1-5-21-2953840584-32695445-2838772337-1001\...\webcompanion.com -> hxxp://webcompanion.com
 
EmptyTemp:
 

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\osppsvc.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SppExtComObj.exe => removed successfully
HKU\S-1-5-21-2953840584-32695445-2838772337-1001\SOFTWARE\Policies\Google => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\EdgeExtension_TonecIncIDMIntegrationModule_e7b5mm5d3r6v2 => removed successfully
"FF Notifications:" => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.7.1 => removed successfully
HKU\S-1-5-21-2953840584-32695445-2838772337-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 11821056 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17919392 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 12013658 B
Edge => 0 B
Chrome => 87049612 B
Firefox => 1241283396 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 42654 B
NetworkService => 169450 B
pvsam => 16255070 B

RecycleBin => 28769 B
EmptyTemp: => 1.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:32:57 ====



#7 koolsam

koolsam

    SWI Junkie

  • Full Member
  • PipPipPipPip
  • 270 posts

Posted 15 July 2020 - 06:31 AM

System goes into "Not Responding" mode even after fixing

 

Recently as my bluetooth Speaker is not connecting i installed few random drivers and this problem started Is it something to do with the driver installation

 

Where can i get driver updates of the exact device if any



#8 koolsam

koolsam

    SWI Junkie

  • Full Member
  • PipPipPipPip
  • 270 posts

Posted 17 July 2020 - 12:00 AM

Windows Update is failing every time recieving error 0x80070003



#9 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,376 posts

Posted 17 July 2020 - 04:53 AM

Hi,
 
A number of issues can caused this error.
 
Navigate to this page.
 
Windows 10 2004 Update Error
 
Frist do this.
 
Also, Run System file checker Utility to make sure any corrupt missing system files not causing the issue. To do this
 
open command prompt as administrator
type command sfc /scannow and hit the enter key.
After 100% complete the scanning process restart windows to take effect the changes.
===
 
If the problem persists do this.
 
Follow the instructions under this section.
Reset windows update Components
 
After a restart of the computer if the problem persists I suggest you start a new topic in the Windows 10 Forum at BleepingCcomputer.
 
If not a member or the Forum you will have to register.
 
Explain the error message.
 
This is the latest Windows 10 Version and is causing a lot of issues.
 
It's not caused by malware and not my forte.
 
I will leave this topic open for 6 days.
Please return if you need any additional hep.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#10 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,977 posts

Posted 17 July 2020 - 06:41 PM

Hello koolsam

 

As the problem started after installing new drivers you can try to restore the computer to a point before the drivers were installed. This may fix the problem.

 

To restore Windows:

 

 

  • Right click Start button
  • Select Search
  • Type Restore
  • A Create a Restore Point window will open at the top
  • Click on this window
  • A systems properties window will open
  • Click System Restore
  • Click Next
  • Select a restore Point from the available list that is dated earlier to the date you installed the new drivers.
  • Click Next
  • Click Finish on the Confirm your restore point page
  • Click Yes on the Warning Box that opens
  • Wait until Windows 10 restores to the selected restore point and restarts automatically

 

 

Please let me know if this fixed the problem.

 

Rocket Grannie


a5.gif


My help is free however if you wish to make a donation please see Here

#11 koolsam

koolsam

    SWI Junkie

  • Full Member
  • PipPipPipPip
  • 270 posts

Posted 09 August 2020 - 10:03 AM

Tried But Hardluck



#12 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,376 posts

Posted 10 August 2020 - 04:58 AM

Hi,

Now that you have restored the computer please run the Farbar Program one more time and post fresh logs for my review.


nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




Member of UNITE
Support SpywareInfo Forum - click the button