1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Active] HELP Potential computer hacked. Got email from some random person provided my screenshot display

Discussion in 'Spyware, Adware, Viruses and Malware Removal' started by ramesh help, Nov 7, 2022.

  1. ramesh help

    ramesh help Established Techie7 Member

    hi broni. i was shocked to get an email stating of all my passwords & also my computer screen shot display attached in the email & emailed to multiple random people asking for random money. attaching you the logs to advice further of me potentially being hacked



    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-11-2022
    Ran by Work (administrator) on WORK (Dell Inc. XPS 15 9570) (07-11-2022 19:23:21)
    Running from C:\Users\Work\Downloads
    Loaded Profiles: Work
    Platform: Microsoft Windows 10 Home Single Language Version 21H1 19043.1110 (X64) Language: English (United States)
    Default browser: Edge
    Boot Mode: Normal
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    () [File not signed] C:\Program Files (x86)\Minimal ADB and Fastboot\adb.exe
    (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
    (C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
    (C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe ->) (Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
    (C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
    (C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
    (C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
    (C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\MpCopyAccelerator.exe
    (DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxEM.exe
    (ESET, spol. s r.o. -> ESET) C:\Users\Work\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
    (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
    (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
    (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <27>
    (services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
    (services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    (services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
    (services.exe ->) (Greatis Software LLC -> Greatis Software, LLC) C:\Windows\UPDATE\SU10Guard.exe
    (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe
    (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_9196e89091d8bdbb\esif_uf.exe
    (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9cf4db1a1fd1b22d\OneApp.IGCC.WinService.exe
    (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_7df576fcfa9adb45\IntelCpHDCPSvc.exe
    (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_7df576fcfa9adb45\IntelCpHeciSvc.exe
    (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
    (services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_183917c66152901d\lib\SocketHeciServer.exe
    (services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
    (services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_9c788f1d162b1224\RstMwService.exe
    (services.exe ->) (Intel(R) Software Development Products -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_4a7a369b84fff822\aesm_service.exe
    (services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
    (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\MsMpEng.exe
    (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\NisSrv.exe
    (services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvdm.inf_amd64_727392c7e446e087\Display.NvContainer\NVDisplay.Container.exe <2>
    (services.exe ->) (Qualcomm Atheros, Inc. -> ) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
    (services.exe ->) (RDM Corporation -> RDM Corporation) C:\Windows\SysWOW64\RDMSOService.exe
    (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <3>
    (services.exe ->) (Rivet Networks LLC -> Rivet Networks) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe
    (services.exe ->) (Rivet Networks LLC -> Rivet Networks) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe
    (services.exe ->) (Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
    (services.exe ->) (Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
    (services.exe ->) (Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Health\SophosHealth.exe
    (services.exe ->) (Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe
    (services.exe ->) (Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe
    (services.exe ->) (Sophos Ltd -> Sophos Limited) C:\Program Files\Sophos\Endpoint Defense\SEDService.exe
    (services.exe ->) (Sophos Ltd -> Sophos Limited) C:\Program Files\Sophos\Endpoint Defense\SSPService.exe
    (services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    (services.exe ->) (VMware, Inc. -> ) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
    (services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
    (services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
    (services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
    (services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
    (services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo77de.inf_amd64_9220aa0f9500a019\WavesSysSvc64.exe
    (Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe
    (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
    (WhatsApp LLC -> WhatsApp) C:\Users\Work\AppData\Local\WhatsApp\app-2.2242.6\WhatsApp.exe <7>
    ==================== Registry (Whitelisted) ===================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1138416 2020-07-23] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo77de.inf_amd64_9220aa0f9500a019\WavesSvc64.exe [1570400 2019-09-19] (Waves Inc -> Waves Audio Ltd.)
    HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3476184 2022-07-27] (Adobe Inc. -> Adobe Systems, Incorporated)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
    HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1690368 2022-07-22] (Logitech Inc -> Logitech, Inc.)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3951024 2019-10-11] (Microsoft Windows Hardware Compatibility Publisher -> Logitech, Inc.)
    HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [11186400 2022-10-28] (Dropbox, Inc -> Dropbox, Inc.)
    HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [117864 2021-03-25] (VMware, Inc. -> VMware, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [711328 2022-06-16] (Oracle America, Inc. -> Oracle Corporation)
    HKLM-x32\...\Run: [Sophos Home UI] => C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe [7630392 2022-11-07] (Sophos Ltd -> Sophos Limited)
    HKLM\...\Policies\Explorer: [AllowOnlineTips] 0
    HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
    HKLM\...\Policies\Explorer: [NoOnlinePrintsWizard] 1
    HKLM\...\Policies\Explorer: [NoPublishingWizard] 1
    HKLM\...\Policies\Explorer: [NoWebServices] 1
    HKLM\...\Policies\Explorer: [HideSCAMeetNow] 1
    HKU\S-1-5-21-818102952-3989389655-2488786305-1002\...\Run: [MicrosoftEdgeAutoLaunch_9A180726B32CE185149F1B151DF91021] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3891624 2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
    HKU\S-1-5-21-818102952-3989389655-2488786305-1002\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-10-22] (Adobe Inc. -> Adobe Systems Incorporated)
    HKU\S-1-5-21-818102952-3989389655-2488786305-1002\...\Run: [Microsoft Edge Update] => C:\Users\Work\AppData\Local\Microsoft\EdgeUpdate\1.3.167.21\MicrosoftEdgeUpdateCore.exe [253888 2022-08-27] (Microsoft Corporation -> Microsoft Corporation)
    HKU\S-1-5-21-818102952-3989389655-2488786305-1002\...\Run: [com.squirrel.WhatsApp.WhatsApp] => C:\Users\Work\AppData\Local\WhatsApp\Update.exe [2254048 2022-11-04] (WhatsApp LLC -> )
    HKU\S-1-5-21-818102952-3989389655-2488786305-1002\...\MountPoints2: {036bda05-2ada-11ed-8632-9eb6d0c6abd9} - "E:\OnePlus_setup.exe" /s
    HKU\S-1-5-21-818102952-3989389655-2488786305-1002\...\MountPoints2: {5ea3c2fb-538c-11ed-8653-9cb6d0c6abda} - "E:\OnePlus_setup.exe" /s
    HKU\S-1-5-21-818102952-3989389655-2488786305-1002\...\MountPoints2: {86b0b143-43af-11ed-863d-9cb6d0c6abda} - "F:\HiSuiteDownLoader.exe"
    HKLM\...\Windows x64\Print Processors\us015PC: C:\Windows\System32\spool\prtprocs\x64\us015pc.dll [52088 2019-06-21] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
    HKLM\...\Print\Monitors\us008 Langmon: us008lm.dll
    HKLM\...\Print\Monitors\us015 Langmon: C:\Windows\system32\us015lm.dll [31096 2019-06-21] (Microsoft Windows Hardware Compatibility Publisher -> )
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\107.0.5304.88\Installer\chrmstp.exe [2022-11-03] (Google LLC -> Google LLC)
    HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems, Inc.)
    ==================== Scheduled Tasks (Whitelisted) ============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    Task: {02B7AAEB-C0C4-434E-BF47-79AE3DA10211} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\MpCmdRun.exe [1567336 2022-11-01] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {0E61101E-DE4F-4E4D-8932-D91FF9399C87} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\tbtsvc.exe [2302168 2018-12-25] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
    Task: {1E3EC153-CD96-4D2C-A97D-1D6CA9D3CB07} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
    Task: {2537A2B2-A043-4BCA-BDB7-12346B380360} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226008 2018-12-25] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
    Task: {27B56FBA-01BD-439D-AF79-CB8C010D04FE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8576000 2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
    Task: {28817759-0828-4818-8B7E-307B890761D6} - System32\Tasks\Opera scheduled assistant Autoupdate 1590564114 => C:\Users\Work\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Work\AppData\Local\Programs\Opera\assistant" $(Arg0)
    Task: {2F44032F-15C9-4187-9072-CF8E791DAFA6} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-13] (Dropbox, Inc -> Dropbox, Inc.)
    Task: {3064A104-2A7D-485C-BC18-1A116013DC48} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226008 2018-12-25] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
    Task: {39B3E24A-B9AB-42CF-8267-57F182332C0B} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
    Task: {3CCC5EB1-AEAD-415E-8CAD-5772A8445254} - System32\Tasks\Uninstaller_SkipUac_Work => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [7932936 2022-09-02] (IObit CO., LTD -> IObit)
    Task: {678AC72C-1CEE-44D5-8339-4EF128585BA2} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144312 2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
    Task: {7DBC62C2-C113-4B5E-8C40-F6019AC4402D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144312 2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
    Task: {80AAAC9F-CCB2-44B5-B131-EC2890E18581} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [66936 2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
    Task: {88B07102-9BF5-436F-BA9D-8C34DAA03060} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-10] (Google Inc -> Google LLC)
    Task: {8B27104C-1A2B-4A6E-BE91-DB2838D2A7BC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26154960 2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
    Task: {9009F0A2-EF4D-45A8-AEB0-E248B1358D96} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on switch user if service is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226008 2018-12-25] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
    Task: {933F81FD-4888-4F7B-8639-BE5450DBBD4A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\MpCmdRun.exe [1567336 2022-11-01] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {A11F2BBE-5ACC-4158-A9B1-532DFF0E3F43} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8576000 2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
    Task: {A7DAE145-12D3-4881-A500-12DD5803E205} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-10] (Google Inc -> Google LLC)
    Task: {B84ED019-4262-4515-AC2D-3A8426E52911} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26154960 2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
    Task: {C58C9C3F-64B9-4599-8A99-978F78774E8F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1555696 2022-08-03] (Adobe Inc. -> Adobe Inc.)
    Task: {CE86F5E7-90D7-457D-A49A-EFC0E19CF637} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\MpCmdRun.exe [1567336 2022-11-01] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {D2BB5094-0DC4-407F-8B37-DDA1F4FCC666} - System32\Tasks\AdwCleaner_onReboot => E:\Others\Virus Scan\adwcleaner_8.4.0.exe /r (No File)
    Task: {F39862C7-DC48-45F3-8E29-229EFE127E5F} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3476184 2022-07-27] (Adobe Inc. -> Adobe Systems, Incorporated)
    Task: {F3C8DA41-97EF-4CDE-9A91-29FA96A643D5} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-13] (Dropbox, Inc -> Dropbox, Inc.)
    Task: {FFCF56AE-9236-41F5-823D-76E2FE430D88} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    Tcpip\..\Interfaces\{64d3531f-d8a6-4454-b895-6beaec71a488}: [DhcpNameServer] 192.168.1.1
    Edge:
    =======
    Edge DefaultProfile: Default
    Edge Profile: C:\Users\Work\AppData\Local\Microsoft\Edge\User Data\Default [2022-11-07]
    Edge Notifications: Default -> hxxps://shopee.com.my; hxxps://www.facebook.com; hxxps://www.instagram.com
    Edge HomePage: Default -> hxxp://www.google.com/
    Edge Session Restore: Default -> is enabled.
    Edge Extension: (F.B.(FluffBusting)Purity) - C:\Users\Work\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbadpifemeclpdmgelgehgclmeohdoge [2022-10-25]
    Edge Extension: (ShowPassword) - C:\Users\Work\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbiclfnbhommljbjcoelobnnnibemabl [2022-02-14]
    Edge Extension: (Tampermonkey) - C:\Users\Work\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2022-10-17]
    Edge Extension: (ColdInbox for LinkedIn Automation) - C:\Users\Work\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\effolohhmklkhglfifkfemfdofdddaok [2020-10-09]
    Edge Extension: (Save Text to PDF, WORD, EXCEL or Send EMAIL) - C:\Users\Work\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fekmmlpjhkgpmlmgbfmdlngdclmncpke [2022-08-03]
    Edge Extension: (Cookie AutoDelete) - C:\Users\Work\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fhcgjolkccmbidfldomjliifgaodjagh [2022-07-17]
    Edge Extension: (Allow Select And Copy) - C:\Users\Work\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lamaakaemgdclpnfbofmhpkanfnojjch [2020-07-17]
    Edge Extension: (AliPrice Shopping Assistant for Lazada) - C:\Users\Work\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mgibnbelkfjiljlimjcmaomokehnngfl [2022-04-02]
    Edge Extension: (Privacy Badger) - C:\Users\Work\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mkejgcgkdlddbggjhhflekkondicpnop [2022-09-30]
    Edge Extension: (Autofill) - C:\Users\Work\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nlmmgnhgdeffjkdckmikfpnddkbbfkkk [2022-09-13]
    Edge Extension: (AliPrice Shopping Assistant for Shopee) - C:\Users\Work\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\oanlehpljgeknlohgbakodejdbingjpj [2022-10-16]
    Edge Extension: (uBlock Origin) - C:\Users\Work\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2022-09-21]
    FireFox:
    ========
    FF DefaultProfile: e6dmn215.Default User
    FF ProfilePath: C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\e6dmn215.Default User [2022-11-07]
    FF Extension: (Right Links WE) - C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\e6dmn215.Default User\Extensions\{B5F5E8D3-AE31-49A1-AC42-78B7B1CC5CDC}.xpi [2022-09-25]
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-01-23] (Adobe Systems Incorporated -> Adobe Systems)
    FF Plugin-x32: @java.com/DTPlugin,version=11.341.2 -> C:\Program Files (x86)\Java\jre1.8.0_341\bin\dtplugin\npDeployJava1.dll [2022-09-28] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.341.2 -> C:\Program Files (x86)\Java\jre1.8.0_341\bin\plugin2\npjp2.dll [2022-09-28] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-01-23] (Adobe Systems Incorporated -> Adobe Systems)
    Chrome:
    =======
    CHR Profile: C:\Users\Work\AppData\Local\Google\Chrome\User Data\Default [2022-11-06]
    CHR Notifications: Default -> hxxps://deliverynotforme.best
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://google.com/"
    CHR Session Restore: Default -> is enabled.
    CHR Extension: (Old Layout for Facebook) - C:\Users\Work\AppData\Local\Google\Chrome\User Data\Default\Extensions\abmkkackbbimmdbfjdilpnfaegaeagge [2020-12-03]
    CHR Extension: (ShowPassword) - C:\Users\Work\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbiclfnbhommljbjcoelobnnnibemabl [2022-04-17]
    CHR Extension: (uBlock Origin) - C:\Users\Work\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2022-09-25]
    CHR Extension: (ColdInbox for LinkedIn Automation) - C:\Users\Work\AppData\Local\Google\Chrome\User Data\Default\Extensions\effolohhmklkhglfifkfemfdofdddaok [2020-10-09]
    CHR Extension: (Google Docs Offline) - C:\Users\Work\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-09-25]
    CHR Extension: (AdBlock — best ad blocker) - C:\Users\Work\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2022-10-24]
    CHR Extension: (Allow Select And Copy) - C:\Users\Work\AppData\Local\Google\Chrome\User Data\Default\Extensions\lamaakaemgdclpnfbofmhpkanfnojjch [2020-05-27]
    CHR Extension: (AliPrice Shopping Assistant for Lazada) - C:\Users\Work\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgibnbelkfjiljlimjcmaomokehnngfl [2022-04-17]
    CHR Extension: (Fluff Busting Purity) - C:\Users\Work\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkinhboiljjkhaknpaeaicmdjhagpep [2022-10-30]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Work\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-14]
    CHR Extension: (AliPrice Shopping Assistant for Shopee) - C:\Users\Work\AppData\Local\Google\Chrome\User Data\Default\Extensions\oanlehpljgeknlohgbakodejdbingjpj [2022-10-15]
    CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
    ==================== Services (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172264 2022-08-03] (Adobe Inc. -> Adobe Inc.)
    R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3863256 2022-07-27] (Adobe Inc. -> Adobe Systems, Incorporated)
    R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3701464 2022-07-27] (Adobe Inc. -> Adobe Systems, Incorporated)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12516280 2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-13] (Dropbox, Inc -> Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-13] (Dropbox, Inc -> Dropbox, Inc.)
    R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46824 2022-10-28] (Dropbox, Inc -> Dropbox, Inc.)
    S4 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [458960 2022-09-22] (Dell Inc -> Dell Technologies Inc.)
    S4 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [161488 2022-09-22] (Dell Inc -> Dell Technologies Inc.)
    S4 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [484560 2022-09-22] (Dell Inc -> Dell Technologies Inc.)
    S4 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [45784 2022-08-17] (Dell Inc -> )
    S4 DellTechHub; C:\Program Files\Dell\TechHub\Dell.TechHub.exe [156064 2022-08-15] (Dell Inc -> Dell)
    S4 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [167432 2022-08-23] (IObit CO., LTD -> IObit)
    S3 KAPSService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KAPSService.exe [73480 2021-05-31] (Rivet Networks LLC -> Rivet Networks, LLC.)
    R2 Killer Analytics Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe [1775392 2021-05-31] (Rivet Networks LLC -> Rivet Networks)
    R2 Killer Network Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2663208 2021-05-31] (Rivet Networks LLC -> Rivet Networks)
    S3 KNDBWM; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe [73496 2021-05-31] (Rivet Networks LLC -> Rivet Networks, LLC.)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8879024 2022-11-07] (Malwarebytes Inc. -> Malwarebytes)
    R2 QcomWlanSrv; C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe [189776 2022-07-08] (Qualcomm Atheros, Inc. -> )
    R2 RDMSOService; C:\Windows\SysWOW64\RDMSOService.exe [128448 2010-10-01] (RDM Corporation -> RDM Corporation)
    S4 SamsungUPDUtilSvc; C:\WINDOWS\SysWOW64\SecUPDUtilSvc.exe [143664 2015-02-07] (Samsung Electronics CO., LTD. -> )
    R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [772864 2022-11-07] (Sophos Ltd -> Sophos Limited)
    R2 Sophos Endpoint Defense Service; C:\Program Files\Sophos\Endpoint Defense\SEDService.exe [3502064 2022-11-07] (Sophos Ltd -> Sophos Limited)
    R2 Sophos Health Service; C:\Program Files (x86)\Sophos\Health\SophosHealth.exe [1901408 2022-11-07] (Sophos Ltd -> Sophos Limited)
    R2 Sophos MCS Agent; C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe [1586832 2022-11-07] (Sophos Ltd -> Sophos Limited)
    R2 Sophos MCS Client; C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe [1795040 2022-11-07] (Sophos Ltd -> Sophos Limited)
    R2 Sophos System Protection Service; C:\Program Files\Sophos\Endpoint Defense\SSPService.exe [11241240 2022-11-07] (Sophos Ltd -> Sophos Limited)
    R2 SU10Guard; C:\Windows\UPDATE\SU10Guard.exe [72776 2020-05-30] (Greatis Software LLC -> Greatis Software, LLC)
    S4 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [160096 2022-10-04] (Dell Inc -> Dell Inc.)
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [14802240 2022-09-14] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
    R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [15223040 2021-03-25] (VMware, Inc. -> )
    R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\NisSrv.exe [3191224 2022-11-01] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\MsMpEng.exe [133536 2022-11-01] (Microsoft Windows Publisher -> Microsoft Corporation)
    S4 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [269200 2020-06-18] (Wondershare Technology Co.,Ltd -> Wondershare)
    S4 WsAppService3; C:\Program Files (x86)\Wondershare\WAF3\3.0.0.308\WsAppService3.exe [83232 2019-06-26] (Wondershare Technology Co.,Ltd -> Wondershare)
    R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvdm.inf_amd64_727392c7e446e087\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvdm.inf_amd64_727392c7e446e087\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
    ===================== Drivers (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    S3 ampa; C:\WINDOWS\system32\ampa.sys [38320 2017-02-28] (CHENGDU AOMEI Tech Co., Ltd. -> )
    S3 CYUSB3; C:\WINDOWS\System32\Drivers\CYUSB3.sys [62648 2020-03-17] (Cypress Semiconductor Technology India Pvt Ltd. -> Cypress Semiconductor)
    S3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [43400 2021-09-09] (Microsoft Windows Hardware Compatibility Publisher -> Dell Technologies)
    R3 DellInstrumentation; C:\WINDOWS\System32\drivers\DellInstrumentation.sys [37808 2022-05-20] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
    S3 imausbhpal; C:\WINDOWS\System32\drivers\imausbhpal.sys [671224 2017-05-19] (Intel(R) Wireless Connectivity Solutions -> )
    S3 imausbhub; C:\WINDOWS\System32\drivers\imausbhub.sys [479736 2017-05-19] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
    R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [43896 2020-07-31] (IObit Information Technology -> IObit)
    R3 IUProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys [37112 2020-07-31] (IObit Information Technology -> IObit)
    R3 IURegistryFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys [51128 2020-07-31] (IObit Information Technology -> IObit)
    R3 KfeCoSvc; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KfeCo10X64.sys [184400 2021-05-31] (Rivet Networks LLC -> Rivet Networks, LLC.)
    S3 LSI_SAS3; C:\WINDOWS\System32\drivers\lsi_sas3.sys [136224 2018-04-17] (Avago Technologies U.S. Inc. -> Avago Technologies)
    R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-11-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
    S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-11-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-11-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
    S3 megasas35; C:\WINDOWS\System32\drivers\megasas35.sys [87632 2018-10-11] (Avago Technologies U.S. Inc. -> Avago Technologies)
    R3 MpKslb0d1014d; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4B5F4A0C-1B7C-4A13-8471-B5CDB0C1C7CC}\MpKslDrv.sys [228632 2022-11-07] (Microsoft Windows -> Microsoft Corporation)
    S3 percsas3; C:\WINDOWS\System32\drivers\percsas3.sys [75792 2016-09-21] (AVAGO TECHNOLOGIES U.S. INC. -> Avago Technologies)
    S3 qcusbser; C:\WINDOWS\System32\drivers\dellusbser.sys [251880 2018-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
    S3 Rockusb; C:\WINDOWS\System32\drivers\rockusb.sys [69920 2020-03-17] (Fuzhou Rockchip Electronics Co., Ltd. -> Fuzhou Rockchip Electronics Co,Ltd.)
    S2 Sentinel64; C:\WINDOWS\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc. -> SafeNet, Inc.)
    S0 Sophos ELAM; C:\WINDOWS\System32\DRIVERS\SophosEL.sys [28120 2022-11-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Sophos Limited)
    R0 Sophos Endpoint Defense; C:\WINDOWS\System32\DRIVERS\SophosED.sys [2485792 2022-11-07] (Microsoft Windows Hardware Compatibility Publisher -> Sophos Limited)
    R2 SSPORT; C:\WINDOWS\system32\Drivers\SSPORT.sys [14224 2021-04-01] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc)
    S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [213088 2020-02-17] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.(www.devguru.co.kr))
    S3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49008 2020-04-06] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
    S3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [57768 2021-08-29] (Windscribe Limited -> The OpenVPN Project)
    S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [239432 2020-10-16] (Oracle Corporation -> Oracle Corporation)
    S3 VBoxUSB; C:\WINDOWS\System32\Drivers\VBoxUSB.sys [174024 2020-07-11] (Oracle Corporation -> Oracle Corporation)
    R2 VMnetBridge; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [67072 2021-03-25] (VMware, Inc. -> VMware, Inc.)
    R0 vsock; C:\WINDOWS\System32\DRIVERS\vsock.sys [105912 2020-08-11] (VMware, Inc. -> VMware, Inc.)
    R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-x64.sys [54592 2020-08-11] (VMware, Inc. -> VMware, Inc.)
    S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49616 2022-11-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [469280 2022-11-01] (Microsoft Windows -> Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [95520 2022-11-01] (Microsoft Windows -> Microsoft Corporation)
    S3 WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [285696 2018-05-24] (Microsoft Windows Hardware Compatibility Publisher -> Jungo)
    S3 windtun420; C:\WINDOWS\System32\drivers\windtun420.sys [47544 2021-08-29] (Windscribe Limited -> WireGuard LLC)
    U4 NvTelemetryContainer; no ImagePath
    ==================== NetSvcs (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    ==================== One month (created) (Whitelisted) =========
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2022-11-07 19:23 - 2022-11-07 19:23 - 002374656 _____ (Farbar) C:\Users\Work\Downloads\FRST64.exe
    2022-11-07 19:23 - 2022-11-07 19:23 - 000037932 _____ C:\Users\Work\Downloads\FRST.txt
    2022-11-07 19:13 - 2022-11-07 19:14 - 000001377 _____ C:\Users\Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
    2022-11-07 19:13 - 2022-11-07 19:13 - 015274968 _____ (ESET) C:\Users\Work\Downloads\esetonlinescanner.exe
    2022-11-07 19:13 - 2022-11-07 19:13 - 000001271 _____ C:\Users\Work\Desktop\ESET Online Scanner.lnk
    2022-11-07 18:15 - 2022-11-07 18:26 - 000000000 ____D C:\ProgramData\HitmanPro
    2022-11-07 18:13 - 2022-11-07 18:13 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
    2022-11-07 18:10 - 2022-11-07 18:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
    2022-11-07 18:10 - 2022-11-07 18:11 - 000000000 ____D C:\Program Files\Sophos
    2022-11-07 18:10 - 2022-11-07 18:10 - 002485792 _____ (Sophos Limited) C:\WINDOWS\system32\Drivers\SophosED.sys
    2022-11-07 18:10 - 2022-11-07 18:10 - 000055464 _____ (Sophos Limited) C:\WINDOWS\system32\SophosNA.exe
    2022-11-07 18:10 - 2022-11-07 18:10 - 000044662 _____ C:\WINDOWS\system32\Drivers\SophosED.man
    2022-11-07 18:10 - 2022-11-07 18:10 - 000028120 _____ (Sophos Limited) C:\WINDOWS\system32\Drivers\SophosEL.sys
    2022-11-07 18:10 - 2022-11-07 18:10 - 000000000 ____D C:\WINDOWS\SysWOW64\SophosED
    2022-11-07 18:10 - 2022-11-07 18:10 - 000000000 ____D C:\WINDOWS\system32\SophosED
    2022-11-07 18:10 - 2022-11-07 18:10 - 000000000 ____D C:\Program Files\Common Files\Sophos
    2022-11-07 18:04 - 2022-11-07 18:04 - 000002001 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
    2022-11-07 18:03 - 2022-11-07 18:03 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2022-11-07 18:03 - 2022-11-07 18:03 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
    2022-11-07 18:03 - 2022-11-07 18:03 - 000021480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
    2022-11-07 18:03 - 2022-11-07 18:03 - 000000000 ____D C:\ProgramData\Malwarebytes
    2022-11-07 18:03 - 2022-11-07 18:03 - 000000000 ____D C:\Program Files\Malwarebytes
    2022-11-01 07:55 - 2022-11-01 07:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2022-10-29 15:48 - 2022-10-29 15:48 - 000000000 ____D C:\Users\Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
    2022-10-29 12:46 - 2022-10-29 12:46 - 000000000 ____D C:\Users\Work\AppData\Roaming\uad
    2022-10-29 12:46 - 2022-10-29 12:46 - 000000000 ____D C:\Users\Work\AppData\Local\uad
    2022-10-28 14:38 - 2022-10-28 14:38 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
    2022-10-28 14:38 - 2022-10-28 14:38 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
    2022-10-28 14:38 - 2022-10-28 14:38 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
    2022-10-28 14:38 - 2022-10-28 14:38 - 000046824 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
    2022-10-25 18:49 - 2022-11-07 18:05 - 000000000 ____D C:\ProgramData\Garmin
    2022-10-25 18:49 - 2022-10-25 18:49 - 000000000 ____D C:\Users\Work\AppData\Local\Garmin_Ltd._or_its_subsid
    2022-10-25 18:49 - 2022-10-25 18:49 - 000000000 ____D C:\Users\Work\AppData\Local\Garmin
    2022-10-24 19:13 - 2022-10-24 19:18 - 000000000 ____D C:\Users\Work\AppData\Roaming\Imagenomic
    2022-10-24 19:10 - 2022-10-24 19:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Imagenomic
    2022-10-24 19:10 - 2022-10-24 19:10 - 000000000 ____D C:\Program Files\Imagenomic
    2022-10-18 11:03 - 2022-10-18 11:03 - 000000000 ____D C:\MitchellSav1
    2022-10-17 20:35 - 2022-10-25 09:16 - 000000000 ____D C:\ProgramData\ProductData
    2022-10-17 19:00 - 2022-10-17 19:00 - 000000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
    2022-10-17 11:36 - 2022-10-17 18:58 - 000000000 ____D C:\Users\Work\Documents\MEGAsync Downloads
    2022-10-17 09:58 - 2022-10-17 09:58 - 000000000 ____D C:\Users\Work\AppData\Local\Adaware
    2022-10-16 19:22 - 2022-10-16 19:40 - 000434604 _____ C:\WINDOWS\ntbtlog.txt
    2022-10-16 19:22 - 2022-10-16 19:22 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
    2022-10-16 19:08 - 2022-10-16 19:08 - 000003166 _____ C:\WINDOWS\system32\Tasks\AdwCleaner_onReboot
    2022-10-16 08:54 - 2022-10-16 08:54 - 000007603 _____ C:\Users\Work\AppData\Local\Resmon.ResmonCfg
    2022-10-16 08:25 - 2022-10-16 08:25 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2022-10-13 10:53 - 2020-07-30 09:01 - 001168456 _____ (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\IntcOED.sys
    2022-10-13 10:53 - 2020-07-30 09:01 - 000587948 _____ C:\WINDOWS\system32\Drivers\dsp_fw_release.bin
    2022-10-13 09:56 - 2022-10-13 09:56 - 000000000 ____D C:\Users\Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartupBackup
    2022-10-13 08:51 - 2022-10-13 08:51 - 000002057 _____ C:\Users\Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet-Start.lnk
    2022-10-13 00:21 - 2022-10-13 00:21 - 000000000 _____ C:\WINDOWS\invcol.tmp
    2022-10-12 23:59 - 2022-10-12 23:59 - 000000000 ____D C:\Program Files\Goodix
    2022-10-10 13:52 - 2022-10-10 13:58 - 000001024 ____H C:\AMTAG.BIN
    2022-10-10 13:52 - 2021-12-23 01:54 - 002206256 _____ C:\WINDOWS\ampa.exe
    2022-10-10 13:52 - 2017-02-28 20:20 - 000038320 _____ C:\WINDOWS\SysWOW64\ampa.sys
    2022-10-10 13:52 - 2017-02-28 20:20 - 000038320 _____ C:\WINDOWS\system32\ampa.sys
    ==================== One month (modified) ==================
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2022-11-07 19:23 - 2022-09-28 05:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
    2022-11-07 19:23 - 2022-03-28 21:23 - 000000000 ____D C:\FRST
    2022-11-07 19:22 - 2020-05-27 16:11 - 000000000 ____D C:\Users\Work\AppData\Local\ClassicShell
    2022-11-07 19:12 - 2020-05-27 15:54 - 000000000 ____D C:\Program Files (x86)\Google
    2022-11-07 19:08 - 2020-10-26 18:42 - 000000000 ____D C:\Users\Work\AppData\Roaming\WhatsApp
    2022-11-07 18:25 - 2019-12-07 17:14 - 000000000 ___HD C:\Program Files\WindowsApps
    2022-11-07 18:25 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\AppReadiness
    2022-11-07 18:25 - 2019-12-07 17:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2022-11-07 18:21 - 2020-05-30 10:41 - 000000000 ____D C:\Users\Work\AppData\LocalLow\Mozilla
    2022-11-07 18:15 - 2020-11-19 10:30 - 000000000 ____D C:\ProgramData\Sophos
    2022-11-07 18:13 - 2022-03-30 03:54 - 000000000 ____D C:\Program Files (x86)\Sophos
    2022-11-07 18:10 - 2019-12-07 17:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
    2022-11-07 18:05 - 2020-07-28 18:08 - 000000000 ____D C:\Program Files\DIFX
    2022-11-07 18:05 - 2020-06-14 16:55 - 000000000 ____D C:\ProgramData\Package Cache
    2022-11-07 18:05 - 2019-12-07 17:13 - 000000000 ____D C:\WINDOWS\INF
    2022-11-07 15:48 - 2020-10-24 18:05 - 000000000 ____D C:\Users\Work\AppData\Roaming\Telegram Desktop
    2022-11-07 15:05 - 2021-07-14 21:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2022-11-07 14:13 - 2020-08-14 19:31 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
    2022-11-05 19:40 - 2020-09-27 22:53 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
    2022-11-05 09:05 - 2020-05-27 21:11 - 000000000 ____D C:\Users\Work\AppData\Roaming\vlc
    2022-11-04 12:33 - 2021-06-22 22:05 - 000000000 ____D C:\Program Files\Microsoft Office
    2022-11-04 10:39 - 2022-09-30 15:19 - 000000000 ____D C:\Users\Work\AppData\Local\WhatsApp
    2022-11-03 06:13 - 2020-05-27 15:55 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2022-11-01 18:37 - 2021-07-14 21:14 - 000844746 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2022-11-01 12:12 - 2020-09-27 22:51 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2022-11-01 07:55 - 2022-06-09 08:57 - 000000000 ____D C:\Users\Work\AppData\Roaming\DropboxElectron
    2022-11-01 07:55 - 2020-05-27 15:55 - 000000000 ____D C:\Users\Work\AppData\Local\Dropbox
    2022-11-01 07:55 - 2020-05-27 15:55 - 000000000 ____D C:\Program Files (x86)\Dropbox
    2022-10-31 20:15 - 2020-05-27 11:38 - 000000000 ____D C:\Users\Work\AppData\Local\Packages
    2022-10-31 15:44 - 2020-07-06 20:36 - 000000000 ____D C:\Users\Work\AppData\Local\CrashDumps
    2022-10-29 18:42 - 2020-05-27 12:03 - 000000000 ____D C:\Users\Work\AppData\Local\D3DSCache
    2022-10-29 15:48 - 2022-09-28 05:55 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
    2022-10-29 15:48 - 2022-09-25 09:25 - 000000000 ____D C:\Program Files\Mozilla Firefox
    2022-10-29 15:48 - 2020-10-31 18:34 - 000000000 ____D C:\Users\Work\AppData\Roaming\Zoom
    2022-10-29 15:48 - 2020-05-27 15:54 - 000000965 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
    2022-10-29 15:48 - 2020-05-27 15:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2022-10-29 12:50 - 2020-06-16 06:15 - 000000000 ____D C:\adb
    2022-10-29 10:11 - 2020-11-13 14:54 - 000000000 ____D C:\Users\Work\AppData\Roaming\VMware
    2022-10-29 10:11 - 2020-11-13 14:54 - 000000000 ____D C:\Users\Work\AppData\Local\VMware
    2022-10-29 10:03 - 2020-11-13 14:51 - 000000000 ____D C:\ProgramData\VMware
    2022-10-25 15:47 - 2020-05-28 12:05 - 000000000 __SHD C:\Users\Work\IntelGraphicsProfiles
    2022-10-25 15:45 - 2021-07-14 21:09 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2022-10-25 15:45 - 2020-11-18 21:18 - 000000000 ____D C:\WINDOWS\UPDATE
    2022-10-25 15:45 - 2020-09-27 22:50 - 000008192 ___SH C:\DumpStack.log.tmp
    2022-10-25 15:45 - 2020-05-28 11:55 - 000000000 ____D C:\Intel
    2022-10-25 15:45 - 2020-05-27 15:55 - 000000000 ____D C:\Program Files (x86)\TeamViewer
    2022-10-25 15:45 - 2020-05-27 15:05 - 000000000 ____D C:\ProgramData\NVIDIA
    2022-10-25 15:45 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\ServiceState
    2022-10-25 15:44 - 2019-12-07 17:03 - 000262144 _____ C:\WINDOWS\system32\config\BBI
    2022-10-25 09:15 - 2022-09-29 12:27 - 000000000 ____D C:\Users\Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    2022-10-18 11:03 - 2021-08-29 07:48 - 000000000 ____D C:\WINDOWS\system32\Tasks\MEGA
    2022-10-18 11:03 - 2021-02-10 08:38 - 000000000 ____D C:\ProgramData\Mitchell
    2022-10-18 11:03 - 2020-07-06 08:00 - 000000516 _____ C:\WINDOWS\ODBC.INI
    2022-10-17 14:18 - 2020-05-27 11:46 - 000000000 ____D C:\ProgramData\Goodix
    2022-10-17 13:22 - 2022-06-19 13:06 - 000000000 ____D C:\Users\Work\AppData\Roaming\qBittorrent
    2022-10-17 11:34 - 2021-08-29 07:48 - 000000000 ____D C:\Users\Work\AppData\Local\Mega Limited
    2022-10-16 19:32 - 2022-02-05 10:47 - 000000000 ____D C:\WINDOWS\Panther
    2022-10-16 19:08 - 2020-05-27 11:29 - 000000000 ____D C:\ProgramData\Dell
    2022-10-16 09:09 - 2020-11-22 09:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
    2022-10-16 09:09 - 2020-11-22 09:38 - 000000000 ____D C:\Program Files\CrystalDiskInfo
    2022-10-16 09:09 - 2020-05-27 15:55 - 000001100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
    2022-10-16 08:29 - 2022-09-29 20:30 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
    2022-10-15 07:34 - 2021-07-14 21:09 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
    2022-10-15 07:34 - 2021-07-14 21:09 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
    2022-10-13 11:01 - 2020-05-27 11:29 - 000000000 ____D C:\Program Files\Dell
    2022-10-13 10:54 - 2021-07-14 20:36 - 000000000 ____D C:\WINDOWS\system32\Intel
    2022-10-13 10:54 - 2020-05-27 11:55 - 000000000 ___HD C:\Program Files (x86)\Temp
    2022-10-13 10:53 - 2020-05-27 11:55 - 000019632 _____ C:\WINDOWS\SysWOW64\RtkMsgs.dll
    2022-10-13 10:10 - 2020-05-27 11:46 - 000000000 ____D C:\Users\Work\AppData\Local\ElevatedDiagnostics
    2022-10-13 09:57 - 2021-07-14 21:09 - 000003908 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1590564114
    2022-10-13 09:57 - 2021-07-14 21:09 - 000003184 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
    2022-10-13 08:55 - 2020-05-27 15:21 - 000000000 ____D C:\Users\Work\AppData\Roaming\Opera Software
    2022-10-13 08:55 - 2020-05-27 15:21 - 000000000 ____D C:\Users\Work\AppData\Local\Opera Software
    2022-10-13 01:10 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2022-10-13 00:12 - 2021-02-03 13:15 - 000000000 ____D C:\Program Files\dotnet
    2022-10-12 23:59 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2022-10-10 14:01 - 2020-08-17 19:19 - 000010886 _____ C:\WINDOWS\GA_OF.dat
    ==================== Files in the root of some directories ========
    2020-08-12 15:37 - 2015-03-17 17:08 - 000025589 _____ () C:\Program Files (x86)\Berime.htm
    2020-08-12 15:37 - 2015-03-17 17:08 - 000026079 _____ () C:\Program Files (x86)\Leame.htm
    2020-08-12 15:37 - 2015-03-17 17:08 - 000025973 _____ () C:\Program Files (x86)\LeesMij.htm
    2020-08-12 15:37 - 2015-03-17 17:08 - 000026230 _____ () C:\Program Files (x86)\Leggimi.htm
    2020-08-12 15:37 - 2015-03-17 17:08 - 000025616 _____ () C:\Program Files (x86)\LeiaMe.htm
    2020-08-12 15:37 - 2015-03-17 17:08 - 000026450 _____ () C:\Program Files (x86)\Liesmich.htm
    2020-08-12 15:37 - 2015-03-17 17:08 - 000027104 _____ () C:\Program Files (x86)\Lisezmoi.htm
    2020-08-12 15:37 - 2015-03-17 17:08 - 000025665 _____ () C:\Program Files (x86)\LueMinut.htm
    2020-08-12 15:37 - 2015-03-17 17:08 - 000024876 _____ () C:\Program Files (x86)\ReadMe.htm
    2020-08-12 15:37 - 2015-03-17 17:08 - 000024716 _____ () C:\Program Files (x86)\ReadMeCS.htm
    2020-08-12 15:37 - 2015-03-17 17:08 - 000024661 _____ () C:\Program Files (x86)\ReadMeCT.htm
    2020-08-12 15:37 - 2015-03-17 17:08 - 000027559 _____ () C:\Program Files (x86)\ReadMeCZE.htm
    2020-08-12 15:37 - 2015-03-17 17:08 - 000028458 _____ () C:\Program Files (x86)\ReadMeHUN.htm
    2020-08-12 15:37 - 2015-03-17 17:08 - 000027583 _____ () C:\Program Files (x86)\ReadMeJ.htm
    2020-08-12 15:37 - 2015-03-17 17:08 - 000025709 _____ () C:\Program Files (x86)\ReadMeK.htm
    2020-08-12 15:37 - 2015-03-17 17:08 - 000024407 _____ () C:\Program Files (x86)\ReadMeMEA.htm
    2020-08-12 15:37 - 2015-03-17 17:08 - 000024388 _____ () C:\Program Files (x86)\ReadMeMEH.htm
    2020-08-12 15:37 - 2015-03-17 17:08 - 000026073 _____ () C:\Program Files (x86)\ReadMePOL.htm
    2020-08-12 15:37 - 2015-03-17 17:08 - 000025790 _____ () C:\Program Files (x86)\ReadMeRUS.htm
    2020-08-12 15:37 - 2015-03-17 17:08 - 000028250 _____ () C:\Program Files (x86)\ReadMeSKY.htm
    2020-08-12 15:37 - 2015-03-17 17:08 - 000026679 _____ () C:\Program Files (x86)\ReadMeTUR.htm
    2020-08-12 15:37 - 2015-03-17 17:08 - 000025802 _____ () C:\Program Files (x86)\ReadMeUKR.htm
    2020-08-12 15:37 - 2015-03-17 17:08 - 000025463 _____ () C:\Program Files (x86)\Vigtigt.htm
    2020-08-12 15:37 - 2015-03-17 17:08 - 000025419 _____ () C:\Program Files (x86)\Viktig.htm
    2020-08-12 15:37 - 2015-03-17 17:08 - 000025587 _____ () C:\Program Files (x86)\Viktigt.htm
    2020-07-02 18:13 - 2020-07-05 21:22 - 176683216 _____ (fcportables.com) C:\Users\Work\AppData\Roaming\DrFoneToolKit.exe
    2020-10-31 18:57 - 2020-10-31 18:57 - 000000128 ____H () C:\Users\Work\AppData\Roaming\ecf00c38dc807e105d881c433a6b455dd2c606b6
    2020-07-06 19:52 - 2020-07-06 19:52 - 000000600 _____ () C:\Users\Work\AppData\Roaming\winscp.rnd
    2020-08-15 08:39 - 2020-08-15 08:39 - 000000000 _____ () C:\Users\Work\AppData\Local\oobelibMkey.log
    2021-04-25 00:25 - 2021-04-25 00:25 - 000016438 _____ () C:\Users\Work\AppData\Local\partner.bmp
    2020-06-07 14:40 - 2022-09-10 21:56 - 000000128 _____ () C:\Users\Work\AppData\Local\PUTTY.RND
    2022-10-16 08:54 - 2022-10-16 08:54 - 000007603 _____ () C:\Users\Work\AppData\Local\Resmon.ResmonCfg
    ==================== FLock ==============================
    2021-06-22 21:47 C:\ProgramData\amd64_microsoft-windows-wmi-stdprov-provider_31bf3856ad364e35_10.0.18362.1_none_10ebcf1c43c7c480
    ==================== FCheck ================================
    (If an entry is included in the fixlist, the file/folder will be moved.)
    FCheck: C:\WINDOWS\SysWOW64\version_IObitDel.dll [2022-09-28] <==== ATTENTION (zero byte File/Folder)
    ==================== SigCheck ============================
    (There is no automatic fix for files that do not pass verification.)
    ==================== End of FRST.txt ========================
     
  2. ramesh help

    ramesh help Established Techie7 Member

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-11-2022
    Ran by Work (07-11-2022 19:24:05)
    Running from C:\Users\Work\Downloads
    Microsoft Windows 10 Home Single Language Version 21H1 19043.1110 (X64) (2021-07-14 13:09:38)
    Boot Mode: Normal
    ==========================================================
    ==================== Accounts: =============================
    (If an entry is included in the fixlist, it will be removed.)
    Administrator (S-1-5-21-818102952-3989389655-2488786305-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-818102952-3989389655-2488786305-503 - Limited - Disabled)
    Guest (S-1-5-21-818102952-3989389655-2488786305-501 - Limited - Disabled)
    WDAGUtilityAccount (S-1-5-21-818102952-3989389655-2488786305-504 - Limited - Disabled)
    Work (S-1-5-21-818102952-3989389655-2488786305-1002 - Administrator - Enabled) => C:\Users\Work
    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    ==================== Installed Programs ======================
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    Ablebits Ultimate Suite for Microsoft Excel, Business edition (HKLM-x32\...\{937042E0-F999-470E-9CF3-33EF2A88BD65}) (Version: 20.1.2424.506 - Ablebits)
    ADB AppControl version 1.7.6 (HKLM-x32\...\{64A8B963-4FB2-49B5-B2B1-35A333497319}_is1) (Version: 1.7.6 - Cyber.Cat)
    Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.0.0.11 - Adobe Inc.)
    Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_0) (Version: 22.0.0.35 - Adobe Inc.)
    Adobe Reader XI (11.0.23) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
    Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601013}) (Version: 1.8.0 - Adobe Systems Incorporated)
    Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
    CoolUtils Outlook Viewer (HKLM-x32\...\CoolUtils Outlook Viewer_is1) (Version: 2.5 - Softplicity, Inc.)
    CrystalDiskInfo 8.17.8 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.17.8 - Crystal Dew World)
    Dell SupportAssist (HKLM\...\{67EC15BE-1D66-403C-9DE1-D026ED88C94D}) (Version: 3.12.3.5 - Dell Inc.)
    Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{5B678BC6-D551-458B-893D-B442B21ECD21}) (Version: 5.5.4.16189 - Dell Inc.) Hidden
    Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{dc44ee3f-d6c1-444d-a660-b0f1ac90b51d}) (Version: 5.5.4.16189 - Dell Inc.)
    Dropbox (HKLM-x32\...\Dropbox) (Version: 160.4.4703 - Dropbox, Inc.)
    Dynamic Application Loader Host Interface Service (HKLM\...\{9DE7A0A5-C13D-4FDD-B78B-53C744C82F1A}) (Version: 1.0.0.0 - Intel Corporation) Hidden
    Goodix Fingerprint Driver (HKLM\...\{60FAB781-18F2-4D2B-A8E7-B3AADD327955}_is1) (Version: 2.1.32.800 - Goodix, Inc.)
    Google Chrome (HKLM\...\{1575766F-DF02-3577-BF97-708857783AE6}) (Version: 107.0.5304.88 - Google LLC)
    Imagenomic Professional Plugin Suite (build 1739) (HKLM\...\ImagenomicNoisewarePlugin) (Version: - )
    Imagenomic Professional Plugin Suite (build 1739) (HKLM\...\ImagenomicPortraiture3Plugin) (Version: - )
    Imagenomic Professional Plugin Suite (build 1739) (HKLM\...\ImagenomicRealgrainPlugin) (Version: - )
    Intel(R) Icls (HKLM\...\{AE33809B-734E-4A79-BBDC-0DDE03950065}) (Version: 1.0.0.0 - Intel Corporation)
    Intel(R) LMS (HKLM\...\{4479B4B8-D77B-474A-ABC5-1E5A4356F7DE}) (Version: 1.0.0.0 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM\...\{1A9FE6B4-801A-4AF0-AEDB-EA49BD80C9F2}) (Version: 1.0.0.0 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2205.15.0.2623 - Intel Corporation)
    Intel(R) Management Engine Driver (HKLM\...\{F0A3D842-E346-45C5-9546-90FEFD477F6E}) (Version: 1.0.0.0 - Intel Corporation)
    Intel(R) Serial IO (HKLM\...\{531F2CB2-5A78-49E5-A71B-FFF7C7CDC32C}) (Version: 30.100.2020.7 - Intel Corporation)
    Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.2020.7 - Intel Corporation)
    IObit Uninstaller 12 (HKLM-x32\...\IObitUninstall) (Version: 12.0.0.10 - IObit)
    Java 8 Update 271 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
    Java 8 Update 341 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180341F0}) (Version: 8.0.3410.10 - Oracle Corporation)
    Logitech Options (HKLM\...\LogiOptions) (Version: 9.70.68 - Logitech)
    Malwarebytes version 4.5.17.221 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.17.221 - Malwarebytes)
    Microsoft .NET AppHost Pack - 5.0.2 (x64) (HKLM\...\{F5893928-8D80-409F-AC44-46A1EFF89C57}) (Version: 40.8.29611 - Microsoft Corporation)
    Microsoft .NET AppHost Pack - 5.0.2 (x64_arm) (HKLM\...\{8FDC35AE-ED3E-4A91-A10B-29DCF6DBE20C}) (Version: 40.8.29611 - Microsoft Corporation)
    Microsoft .NET AppHost Pack - 5.0.2 (x64_arm64) (HKLM\...\{765C2569-FC6D-4D2D-8A48-B66944240BCC}) (Version: 40.8.29611 - Microsoft Corporation)
    Microsoft .NET AppHost Pack - 5.0.2 (x64_x86) (HKLM\...\{26768E83-3880-4C05-85E9-6D360A6D78ED}) (Version: 40.8.29611 - Microsoft Corporation)
    Microsoft .NET Core 5.0 Templates 5.0.102 (x64) (HKLM\...\{C2DCAC5B-E7F1-44AE-9DD2-04A9898CF117}) (Version: 20.2.63113 - Microsoft Corporation)
    Microsoft .NET Host - 5.0.17 (x64) (HKLM\...\{E663ED1E-899C-40E8-91D0-8D37B95E3C69}) (Version: 40.68.31213 - Microsoft Corporation)
    Microsoft .NET Host - 5.0.2 (x64) (HKLM\...\{8928FF63-BC22-4754-819D-B36FE0906467}) (Version: 40.8.29611 - Microsoft Corporation)
    Microsoft .NET Host - 6.0.9 (x64) (HKLM\...\{C30ABA3F-32C0-43D1-B3B8-9AEFD58A15D9}) (Version: 48.39.47157 - Microsoft Corporation)
    Microsoft .NET Host FX Resolver - 5.0.17 (x64) (HKLM\...\{8BA25391-0BE6-443A-8EBF-86A29BAFC479}) (Version: 40.68.31213 - Microsoft Corporation)
    Microsoft .NET Host FX Resolver - 5.0.2 (x64) (HKLM\...\{8232A2BA-8247-472C-96BE-3B6592DFE713}) (Version: 40.8.29611 - Microsoft Corporation)
    Microsoft .NET Host FX Resolver - 6.0.9 (x64) (HKLM\...\{FD10B803-97FD-4867-9753-8784BC35D2F8}) (Version: 48.39.47157 - Microsoft Corporation)
    Microsoft .NET Runtime - 5.0.17 (x64) (HKLM\...\{5A66E598-37BD-4C8A-A7CB-A71C32ABCD78}) (Version: 40.68.31213 - Microsoft Corporation)
    Microsoft .NET Runtime - 5.0.17 (x64) (HKLM-x32\...\{a699b48e-5748-4980-ad92-0b61b1d9d718}) (Version: 5.0.17.31213 - Microsoft Corporation)
    Microsoft .NET Runtime - 5.0.2 (x64) (HKLM\...\{B94AF321-5E81-424B-BD31-9483ECB90861}) (Version: 40.8.29611 - Microsoft Corporation)
    Microsoft .NET Runtime - 6.0.9 (x64) (HKLM\...\{0B4F742D-2D47-4E95-B756-402822D31C48}) (Version: 48.39.47157 - Microsoft Corporation)
    Microsoft .NET Runtime - 6.0.9 (x64) (HKLM-x32\...\{67950e91-8f8f-4d75-9252-7cca68ccdacc}) (Version: 6.0.9.31619 - Microsoft Corporation)
    Microsoft .NET SDK 5.0.102 (x64) (HKLM-x32\...\{7fdc4bb1-1b7a-4eb0-95e3-7c2ae3fc4462}) (Version: 5.1.220.61417 - Microsoft Corporation)
    Microsoft .NET Standard Targeting Pack - 2.1.0 (x64) (HKLM\...\{A7036CFB-B403-4598-85FF-D397ABB88173}) (Version: 24.0.28113 - Microsoft Corporation)
    Microsoft .NET Targeting Pack - 5.0.0 (x64) (HKLM\...\{678F8AE2-7E5F-4392-9B6D-AED8326FB2AF}) (Version: 40.0.29513 - Microsoft Corporation)
    Microsoft .NET Toolset 5.0.102 (x64) (HKLM\...\{CF41D3E8-DE5E-483E-AA04-552455718537}) (Version: 20.2.63113 - Microsoft Corporation)
    Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft ASP.NET Core 5.0.0 Targeting Pack (x64) (HKLM\...\{7E0C04EC-9D6F-36CD-A821-DC8493EE407F}) (Version: 5.0.0.20526 - Microsoft Corporation) Hidden
    Microsoft ASP.NET Core 5.0.2 Shared Framework (x64) (HKLM\...\{16CF34DE-5F61-3FB1-8E86-C216EF723C97}) (Version: 5.0.2.20613 - Microsoft Corporation) Hidden
    Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 107.0.1418.35 - Microsoft Corporation)
    Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 107.0.1418.35 - Microsoft Corporation)
    Microsoft Edge WebView2 Runtime (HKU\S-1-5-21-818102952-3989389655-2488786305-1002\...\Microsoft EdgeWebView) (Version: 106.0.1370.42 - Microsoft Corporation)
    Microsoft Excel 2019 - en-us (HKLM\...\Excel2019Volume - en-us) (Version: 16.0.15726.20174 - Microsoft Corporation)
    Microsoft Office LTSC Professional Plus 2021 - en-us (HKLM\...\ProPlus2021Volume - en-us) (Version: 16.0.15726.20174 - Microsoft Corporation)
    Microsoft PowerPoint 2019 - en-us (HKLM\...\PowerPoint2019Volume - en-us) (Version: 16.0.15726.20174 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 (HKLM-x32\...\Microsoft SQL Server 10) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 (HKLM-x32\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 RsFx Driver (HKLM-x32\...\{93968FB2-C67A-4A9B-80C2-5D4D9393058E}) (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    Microsoft SQL Server 2008 R2 Setup (English) (HKLM-x32\...\{48B08845-0CB0-45EC-893C-15319ADDA312}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
    Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft Update Health Tools (HKLM\...\{97238E8A-4919-4A1E-965A-C6C36938F4CE}) (Version: 2.68.0.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation)
    Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation)
    Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation)
    Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation)
    Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29016 (HKLM-x32\...\{40d3fee2-b257-46c2-bdc0-cb1088d97327}) (Version: 14.27.29016.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.27.29016 (HKLM-x32\...\{1aaa01ad-3069-4288-9c6f-37a140a8f6c7}) (Version: 14.27.29016.0 - Microsoft Corporation)
    Microsoft Visual C++ 2019 X64 Additional Runtime - 14.27.29016 (HKLM\...\{F07B1E25-5670-4556-9C7F-5A1966C83269}) (Version: 14.27.29016 - Microsoft Corporation)
    Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.27.29016 (HKLM\...\{E493B8F4-E300-43EC-95D0-BDF3711297EA}) (Version: 14.27.29016 - Microsoft Corporation)
    Microsoft Visual C++ 2019 X86 Additional Runtime - 14.27.29016 (HKLM-x32\...\{5CD4E357-9ED6-42AC-B654-F1FC21DD60C9}) (Version: 14.27.29016 - Microsoft Corporation)
    Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.27.29016 (HKLM-x32\...\{E2C131AD-D30F-4D67-ACE9-B3D485E84DA8}) (Version: 14.27.29016 - Microsoft Corporation)
    Microsoft Windows Desktop Runtime - 5.0.2 (x64) (HKLM\...\{36C48524-90A2-4ABD-B176-C0F3A7791942}) (Version: 40.8.29613 - Microsoft Corporation)
    Microsoft Windows Desktop Targeting Pack - 5.0.0 (x64) (HKLM\...\{B7846BB6-4EDE-409B-9147-631286EF7FDD}) (Version: 40.0.29420 - Microsoft Corporation)
    Microsoft Word 2019 - en-us (HKLM\...\Word2019Volume - en-us) (Version: 16.0.15726.20174 - Microsoft Corporation)
    Minimal ADB and Fastboot version 1.4.3 (HKLM-x32\...\{B561660D-8B3C-491D-9E3E-293F14FCAADA}_is1) (Version: 1.4.3 - Samuel Rodberg)
    Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 106.0.2 (x64 en-US)) (Version: 106.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 106.0.2 - Mozilla)
    MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 8.4.6 - Notepad++ Team)
    NVIDIA Graphics Driver 512.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 512.72 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
    Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20096 - Microsoft Corporation)
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20096 - Microsoft Corporation)
    Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation)
    OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation)
    PuTTY release 0.77 (64-bit) (HKLM\...\{E078C644-A120-4668-AD62-02E9FD530190}) (Version: 0.77.0.0 - Simon Tatham)
    qBittorrent 4.4.5 (HKLM-x32\...\qBittorrent) (Version: 4.4.5 - The qBittorrent project)
    Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.1118 - Qualcomm Atheros)
    Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8991.1 - Realtek Semiconductor Corp.)
    RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation)
    Screencast-O-Matic Web Launcher v2.18.1 (JRE14) (HKU\S-1-5-21-818102952-3989389655-2488786305-1002\...\Screencast-O-Matic v2 (WebLauncher-JRE14)) (Version: - Screencast-O-Matic)
    Service Pack 1 for SQL Server 2008 R2 (KB2528583) (HKLM-x32\...\KB2528583) (Version: 10.51.2500.0 - Microsoft Corporation)
    Service Pack 3 for SQL Server 2008 R2 (KB2979597) (64-bit) (HKLM\...\KB2979597) (Version: 10.53.6000.34 - Microsoft Corporation)
    Sophos AutoUpdate XG (HKLM-x32\...\{FA203C29-393F-4247-A69D-6C93E6D685EB}) (Version: 6.13.1014 - Sophos Limited)
    Sophos Diagnostic Utility (HKLM\...\{8078549C-CFF0-48C5-9B77-6BA48A14673D}) (Version: 6.13.1014 - Sophos Limited)
    Sophos Endpoint Defense (HKLM\...\Sophos Endpoint Defense) (Version: 3.1.1.270 - Sophos Limited)
    Sophos Health (HKLM-x32\...\{5E8436D5-3688-4007-94C7-55D017275F89}) (Version: 2.9.152 - Sophos Limited)
    Sophos Home (HKLM\...\Sophos Endpoint Agent) (Version: 4.2.1.1 - Sophos Limited)
    Sophos Home (HKLM-x32\...\{25810587-8966-4834-BBE3-C8141247A1FC}) (Version: 5.3.7.0 - Sophos Limited)
    Sophos Management Communications System (HKLM-x32\...\{2C14E1A2-C4EB-466E-8374-81286D723D3A}) (Version: 4.17.20 - Sophos Limited)
    Sophos ML Engine (HKLM\...\Sophos ML Engine) (Version: 1.8.13.1 - Sophos Limited)
    SPX (HKLM-x32\...\{755C5968-6BBA-4361-823F-4B96F83A9466}) (Version: 3.01.60 - SPX)
    SPX MVCI 3.01.60 (HKLM-x32\...\InstallShield_{755C5968-6BBA-4361-823F-4B96F83A9466}) (Version: 3.01.60 - SPX)
    SQL Server 2008 R2 SP1 Common Files (HKLM-x32\...\{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}) (Version: 10.51.2500.0 - Microsoft Corporation)
    SQL Server 2008 R2 SP1 Common Files (HKLM-x32\...\{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}) (Version: 10.51.2500.0 - Microsoft Corporation)
    SQL Server 2008 R2 SP1 Database Engine Services (HKLM-x32\...\{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}) (Version: 10.51.2500.0 - Microsoft Corporation)
    SQL Server 2008 R2 SP1 Database Engine Services (HKLM-x32\...\{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}) (Version: 10.51.2500.0 - Microsoft Corporation)
    SQL Server 2008 R2 SP1 Database Engine Shared (HKLM-x32\...\{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}) (Version: 10.51.2500.0 - Microsoft Corporation)
    SQL Server 2008 R2 SP1 Database Engine Shared (HKLM-x32\...\{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}) (Version: 10.51.2500.0 - Microsoft Corporation)
    TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.34.4 - TeamViewer)
    Techstream Software (HKLM-x32\...\{937CA58A-0212-431C-8F0B-0D8305225476}) (Version: 14.20.019 - DENSO CORPORATION)
    Telegram Desktop (HKU\S-1-5-21-818102952-3989389655-2488786305-1002\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 4.3 - Telegram FZ-LLC)
    Thunderbolt™ Software (HKLM-x32\...\{30F0067F-DD79-431B-BA5F-6CB4897785A5}) (Version: 17.4.79.510 - Intel Corporation)
    TotalOutlookConverterPro (HKLM-x32\...\Total Outlook Converter Pro_is1) (Version: - Softplicity, Inc.)
    Uninstall Samsung Printer Software (HKLM-x32\...\TotalUninstaller) (Version: 4.0.0.93 - Samsung Electronics CO., LTD.)
    VLC media player (HKLM\...\VLC media player) (Version: 3.0.17.4 - VideoLAN)
    WhatsApp (HKU\S-1-5-21-818102952-3989389655-2488786305-1002\...\WhatsApp) (Version: 2.2242.6 - WhatsApp)
    Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
    WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
    Wondershare Filmora X(Build 10.0.0.94) (HKLM\...\Wondershare Filmora X_is1) (Version: - Wondershare Software)
    Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
    Zoom (HKU\S-1-5-21-818102952-3989389655-2488786305-1002\...\ZoomUMX) (Version: 5.12.3 (9638) - Zoom Video Communications, Inc.)
    Packages:
    =========
    Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2021-07-14] (Microsoft Corporation)
    Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.12.10.0_x64__htrsf667h5kn2 [2022-10-14] (Dell Inc)
    Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.2970.0_x64__8j3eq9eme6ctt [2021-05-05] (INTEL CORP) [Startup Task]
    Killer Control Center -> C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_1.6.2166.0_x64__rh07ty8m5nkag [2020-05-27] (Rivet Networks LLC)
    NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.958.0_x64__56jybvy8sckqj [2020-07-02] (NVIDIA Corp.)
    Waves MaxxAudio Pro for Dell -> C:\Program Files\WindowsApps\WavesAudio.WavesMaxxAudioProforDell_1.1.131.0_x64__fh4rh281wavaa [2020-05-27] (Waves Audio)
    ==================== Custom CLSID (Whitelisted): ==============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{035DC084-07E4-357D-B1B2-EC2765D25EA7}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{07AEC45E-BE60-3F70-9022-D0824CA75B3E}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{0D96C74F-EB37-31C6-AECE-97B897C56838}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{11A877C6-9211-3F25-AAA8-D5001B1A1304}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{1CFC812C-582D-3A53-BFB8-C0AB4F32FFE8}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{2421FA1A-517A-3D35-BBFA-B53E79F69424}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{30E6D2B0-28E4-35B8-A728-43ECB2F90550}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{35E97C8C-28CC-36B5-89BB-9C19D78C9300}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{379424B5-24C8-3688-8580-2473C2AD580D}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{3D617CE6-C7CF-4B1D-86B4-00000000000F}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{41DC3786-C793-3391-9D0F-6A9B34DCAB01}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{47F24829-D92D-3953-9D42-F0B1BC0C2D0C}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{4E04B3F1-9FA0-3602-8477-E656C0459F01}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{4F5C8DC4-EB8C-3F8B-9807-8233C08FC868}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{52378D76-2CCF-354A-9DB9-29F81AB9B947}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{53DF92C5-B91D-39F7-BCD7-724013082BDC}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{54503A82-5AE6-3BAF-92FE-0B49A431F63D}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{5892C67A-EEF0-3B36-844E-883FDF5CF9D1}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{5A709FB2-A96F-3E8B-A0B7-EB4853B4577E}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{5C07B259-F7F3-3E4F-B5C9-E30BCA8C56FD}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{5C8934F4-54E1-3A08-9614-ED0F7ED00628}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{5EA43877-C6D8-4885-B77A-C0BB27E94372}\InprocServer32 -> C:\Users\Work\AppData\Local\Microsoft\EdgeUpdate\1.3.167.21\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{6ED11C7C-4A23-3260-BA7F-84557AF99356}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{7316CCD0-2101-3542-961B-64AD6CCD2DBB}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{7AA3AD1B-225F-36F2-B254-4F9220C321AC}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32 -> C:\Users\Work\AppData\Local\Microsoft\EdgeUpdate\1.3.167.21\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{88B20FC8-EBD6-4181-B5F6-50F45BFF722E}\InprocServer32 -> C:\Users\Work\AppData\Local\Microsoft\EdgeUpdate\1.3.167.21\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{8B660B4C-CC6F-31C1-A7AA-1E6F0077972C}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{8D2E6C55-5C7B-346E-8D05-486CD5B8588B}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{9B889B10-97DD-32F3-AD62-0EE049C6279B}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{A67E7655-418F-3171-88A6-00C2DF2D7488}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{B4D2E01C-0000-BBBB-BD32-BB93B5A90B2E}\localserver32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsLoader.exe (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{BE994F23-6D44-3DB0-91B5-858F942FB2CA}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{BFBE0943-74C5-40E0-9E80-0B808109E95D}\InprocServer32 -> C:\Users\Work\AppData\Local\Microsoft\EdgeUpdate\1.3.163.19\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{C03A4D57-1E7C-3387-894E-34FB6634500A}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{D1CE12B0-2529-4B24-BE8E-189735EA0DC1}\InprocServer32 -> C:\Users\Work\AppData\Local\Microsoft\EdgeUpdate\1.3.165.21\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{D526CD80-D358-3ACC-8CE5-883CBCF18A38}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{D84B46AA-F4AB-34FB-A4F8-D250A74490B1}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{DA7A4CF5-12D1-3E08-9BCF-80310807E0A8}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{DFEE3A2E-94B5-3B33-9DB2-0CD56F119088}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{E21496B9-6681-30A9-84ED-8240CB67FDF4}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Work\Desktop\Dropbox\Dropbox
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{E7341923-C265-3B12-A0CF-A34ACE859F84}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{E88567B9-5B70-30D3-9DD4-03DE240FD305}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{E9F75B6D-65D8-3D2A-B551-C3D7F1322F5C}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{ED3934E1-B80E-3C22-AC0D-8CC7BB972945}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{EE40B9FE-BDBB-38C1-BBE2-4645F1858682}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{EEADD6A9-70B6-31B9-88DB-CF6A195234F9}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{EFF29247-1A75-37BB-A240-1AE6CF96E15D}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    CustomCLSID: HKU\S-1-5-21-818102952-3989389655-2488786305-1002_Classes\CLSID\{FE61CC4F-A063-355D-BF78-5EA4231D014A}\InprocServer32 -> C:\Users\Work\AppData\Local\Ablebits\Ultimate Suite for Microsoft Excel\1D68519866096FF\AblebitsUltimateSuite.DLL (4Bits Ltd. -> Ablebits)
    ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.56.0.dll [2022-10-27] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.56.0.dll [2022-10-27] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.56.0.dll [2022-10-27] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.56.0.dll [2022-10-27] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.56.0.dll [2022-10-27] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.56.0.dll [2022-10-27] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.56.0.dll [2022-10-27] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.56.0.dll [2022-10-27] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.56.0.dll [2022-10-27] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.56.0.dll [2022-10-27] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b31ddd6f2a24807e\OptaneShellExt.dll [2021-02-09] (Intel(R) Rapid Storage Technology -> )
    ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.56.0.dll [2022-10-27] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.56.0.dll [2022-10-27] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.56.0.dll [2022-10-27] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.56.0.dll [2022-10-27] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.56.0.dll [2022-10-27] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.56.0.dll [2022-10-27] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.56.0.dll [2022-10-27] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.56.0.dll [2022-10-27] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.56.0.dll [2022-10-27] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.56.0.dll [2022-10-27] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2022-09-03] (Notepad++ -> )
    ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.56.0.dll [2022-10-27] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers1: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2021-12-14] (IObit CO., LTD -> IObit)
    ContextMenuHandlers1: [SophosHomeShellExt] -> {2FE0F6D6-426A-4728-B435-7CF2FE926449} => C:\Program Files (x86)\Sophos\Sophos Home\SophosHomeShellExtX64.dll [2022-11-07] (Sophos Ltd -> Sophos Limited)
    ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers2: [SophosHomeShellExt] -> {2FE0F6D6-426A-4728-B435-7CF2FE926449} => C:\Program Files (x86)\Sophos\Sophos Home\SophosHomeShellExtX64.dll [2022-11-07] (Sophos Ltd -> Sophos Limited)
    ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2021-03-25] (VMware, Inc. -> VMware, Inc.)
    ContextMenuHandlers2: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2021-03-25] (VMware, Inc. -> VMware, Inc.)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-11-07] (Malwarebytes Inc. -> Malwarebytes)
    ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b31ddd6f2a24807e\OptaneShellExt.dll [2021-02-09] (Intel(R) Rapid Storage Technology -> )
    ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.56.0.dll [2022-10-27] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers4: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2021-12-14] (IObit CO., LTD -> IObit)
    ContextMenuHandlers4: [SophosHomeShellExt] -> {2FE0F6D6-426A-4728-B435-7CF2FE926449} => C:\Program Files (x86)\Sophos\Sophos Home\SophosHomeShellExtX64.dll [2022-11-07] (Sophos Ltd -> Sophos Limited)
    ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.56.0.dll [2022-10-27] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvdm.inf_amd64_727392c7e446e087\nvshext.dll [2022-05-25] (Nvidia Corporation -> NVIDIA Corporation)
    ContextMenuHandlers6: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2021-12-14] (IObit CO., LTD -> IObit)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-11-07] (Malwarebytes Inc. -> Malwarebytes)
    ContextMenuHandlers6: [SophosHomeShellExt] -> {2FE0F6D6-426A-4728-B435-7CF2FE926449} => C:\Program Files (x86)\Sophos\Sophos Home\SophosHomeShellExtX64.dll [2022-11-07] (Sophos Ltd -> Sophos Limited)
    ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
    ==================== Codecs (Whitelisted) ====================
    ==================== Shortcuts & WMI ========================
    (The entries could be listed to be restored or removed.)
    ShortcutWithArgument: C:\Users\Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet-Start.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /c start hxxp://internet-start.net/?utm_source=beatle^&utm_medium=icon^&utm_campaign=pin
    ShortcutWithArgument: C:\Users\Work\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet-Start.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /c start hxxp://internet-start.net/?utm_source=beatle^&utm_medium=icon^&utm_campaign=pin
    ==================== Loaded Modules (Whitelisted) =============
    2022-09-28 05:49 - 2022-09-28 05:48 - 005563392 _____ (ActVer©®™) [File not signed] C:\Program Files (x86)\IObit\IObit Uninstaller\version.dll
    2022-05-04 06:43 - 2022-11-07 19:14 - 001195008 _____ (ESET) [File not signed] C:\Users\Work\AppData\Local\ESET\ESETOnlineScanner\esets_apiW_a.DLL
    2020-05-27 22:39 - 2018-01-11 18:53 - 000097792 _____ (Google, inc) [File not signed] C:\Program Files (x86)\Minimal ADB and Fastboot\AdbWinApi.dll
    2020-05-27 22:39 - 2018-01-11 18:53 - 000062976 _____ (Google, inc) [File not signed] C:\Program Files (x86)\Minimal ADB and Fastboot\AdbWinUsbApi.dll
    2017-08-13 08:49 - 2017-08-13 08:49 - 003664184 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
    2021-07-14 20:51 - 2021-07-14 20:51 - 000097280 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.DLL
    2021-06-22 22:05 - 2021-06-22 22:05 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
    2021-06-22 22:05 - 2021-06-22 22:05 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
    ==================== Alternate Data Streams (Whitelisted) ========
    (If an entry is included in the fixlist, only the ADS will be removed.)
    AlternateDataStreams: C:\ProgramData\TEMP:C7A84F79 [294]
    ==================== Safe Mode (Whitelisted) ==================
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    ==================== Association (Whitelisted) =================
    ==================== Internet Explorer (Whitelisted) ==========
    HKU\S-1-5-21-818102952-3989389655-2488786305-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE
    HKU\S-1-5-21-818102952-3989389655-2488786305-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
    SearchScopes: HKU\S-1-5-21-818102952-3989389655-2488786305-1002 -> DefaultScope {705EA9C9-62D3-4347-87F7-E9BE2DFA6B9F} URL =
    BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2020-01-31] (IObit Information Technology -> IObit)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_341\bin\ssv.dll [2022-09-28] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_341\bin\jp2ssv.dll [2022-09-28] (Oracle America, Inc. -> Oracle Corporation)
    Toolbar: HKU\S-1-5-21-818102952-3989389655-2488786305-1002 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
    Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
    Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
    Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
    (If an entry is included in the fixlist, it will be removed from the registry.)
    IE trusted site: HKU\S-1-5-21-818102952-3989389655-2488786305-1002\...\honda-eu.com -> hxxps://w3.ecom.honda-eu.com
    IE trusted site: HKU\S-1-5-21-818102952-3989389655-2488786305-1002\...\honda.ca -> honda.ca
    IE trusted site: HKU\S-1-5-21-818102952-3989389655-2488786305-1002\...\honda.co.jp -> hxxps://biz.honda.co.jp
    IE trusted site: HKU\S-1-5-21-818102952-3989389655-2488786305-1002\...\honda.com -> hxxps://biz.hm.jp.honda.com
    ==================== Hosts content: =========================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2018-09-15 15:31 - 2022-04-28 05:29 - 000000000 _____ C:\WINDOWS\system32\drivers\etc\hosts
    ==================== Other Areas ===========================
    (Currently there is no automatic fix for this section.)
    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\VMware\VMware Workstation\bin\;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\ProgramData\CAM Commerce Solutions\X-Charge\Application;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files\dotnet\;C:\Program Files\MEGA-X;C:\Program Files\PuTTY\;C:\Users\Work\AppData\Local\Microsoft\WindowsApps;C:\Users\Work\.dotnet\tools;C:\adb
    HKU\S-1-5-21-818102952-3989389655-2488786305-1002\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
    Windows Firewall is enabled.
    Network Binding:
    =============
    Bluetooth Network Connection: VMware Bridge Protocol -> vmware_bridge (enabled)
    VMware Network Adapter VMnet1: VMware Bridge Protocol -> vmware_bridge (disabled)
    Wi-Fi: VMware Bridge Protocol -> vmware_bridge (enabled)
    VMware Network Adapter VMnet8: VMware Bridge Protocol -> vmware_bridge (disabled)
    ==================== MSCONFIG/TASK MANAGER disabled items ==
    (If an entry is included in the fixlist, it will be removed.)
    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: DDVCollectorSvcApi => 2
    MSCONFIG\Services: DDVDataCollector => 2
    MSCONFIG\Services: DDVRulesProcessor => 2
    MSCONFIG\Services: DellClientManagementService => 2
    MSCONFIG\Services: DellTechHub => 2
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: IObitUnSvr => 2
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: SamsungUPDUtilSvc => 2
    MSCONFIG\Services: SupportAssistAgent => 2
    MSCONFIG\Services: Wondershare InstallAssist => 2
    MSCONFIG\Services: WsAppService3 => 2
    HKLM\...\StartupApproved\Run: => "WavesSvc"
    HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
    HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
    HKLM\...\StartupApproved\Run: => "SecurityHealth"
    HKLM\...\StartupApproved\Run32: => "TeamsMachineUninstallerProgramData"
    HKLM\...\StartupApproved\Run32: => "TeamsMachineUninstallerLocalAppData"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    ==================== FirewallRules (Whitelisted) ================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    FirewallRules: [{06591DD6-0BB8-460D-A05F-ADECFF016823}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
    FirewallRules: [{3C01809D-FCB1-453F-88F4-81B1734B1C8A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
    FirewallRules: [{18FA5F92-703B-4F8C-A493-96FC7585736F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
    FirewallRules: [{FA373413-EDC7-4002-82F3-161D85238031}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
    FirewallRules: [{335E87A8-FEBE-453B-B057-E0CCDC388192}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{F409FEDC-4005-4E51-B681-94426EBDEEC1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{D50D0F9E-A7DA-43F6-92C4-2BFA52440A83}] => (Allow) C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
    FirewallRules: [{F63DDD5C-0EE5-451B-A5BD-30ABACB4D88D}] => (Allow) C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
    FirewallRules: [{5F85A82D-C5CD-4D2E-8676-CBA4B6630467}] => (Allow) LPort=5150
    FirewallRules: [{85CC5056-6E9B-4B8E-8E85-13EDBE4E5A3B}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
    FirewallRules: [{236A79F5-D629-4B68-99C9-5CDC4569DC6F}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
    FirewallRules: [{D4D0DE69-7AC6-43C4-8C89-9B77196A3547}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (VMware, Inc. -> )
    FirewallRules: [{2B592C93-C696-452B-91B6-847D83BED070}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (VMware, Inc. -> )
    FirewallRules: [{958F68B1-F378-44C0-8E1B-90CE8CEB82FD}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Printer Center\SamsungPrinterCenter.exe (HP Inc. -> Samsung Electronics Co., Ltd.)
    FirewallRules: [{497B7E56-604E-410D-9F52-E05FC49CA759}] => (Allow) C:\Users\Work\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
    FirewallRules: [{DBE859E0-AE91-41FF-9BAC-29542DED8D0D}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
    FirewallRules: [{26F7AC57-378A-45F3-8FC8-C953C9998BE2}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
    FirewallRules: [{30D2988D-11FE-4BF0-93A1-469C468B1159}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
    FirewallRules: [{0E2A9F04-334D-4DCA-A0A8-C979BA7DFB9A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
    FirewallRules: [{E7B378E3-B179-4E74-A697-195E832ED6C1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
    FirewallRules: [{574EBBC9-E9F1-4EF8-996E-9EF95B16D5AD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
    FirewallRules: [{7273CD06-5A26-4B7A-B850-0F22CEA2F63E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
    FirewallRules: [{0F9FB951-AA62-4C46-9AE3-3D51832515DE}] => (Allow) C:\Users\Work\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
    FirewallRules: [{FF85D551-C413-4B5A-A829-8A2D5E2CA49E}] => (Allow) C:\Users\Work\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
    FirewallRules: [{6E17C003-D137-4264-9ED4-A623FDFC0BC6}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
    FirewallRules: [{49D737B4-7652-4C39-AA1C-860AF8600C4B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
    FirewallRules: [{573A7108-6C4D-4DAB-995B-9B067D01EBC6}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\107.0.1418.35\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
    ==================== Restore Points =========================
    24-10-2022 20:10:27 Scheduled Checkpoint
    25-10-2022 18:48:52 Garmin Express
    25-10-2022 19:30:03 Garmin Express
    02-11-2022 16:44:37 Scheduled Checkpoint
    07-11-2022 16:52:32 Garmin Express
    07-11-2022 18:05:33 Garmin Express
    ==================== Faulty Device Manager Devices ============
    ==================== Event log errors: ========================
    Application errors:
    ==================
    Error: (11/05/2022 04:19:42 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
    Description: Event-ID 12007
    Error: (11/05/2022 04:19:42 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
    Description: Event-ID 0
    Error: (11/04/2022 12:33:17 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: WORK)
    Description: Application or service 'Microsoft Office SDX Helper' could not be shut down.
    Error: (11/04/2022 01:46:01 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: WORK)
    Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
    Error: (11/01/2022 07:55:14 AM) (Source: DbxSvc) (EventID: 281) (User: )
    Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.
    Error: (11/01/2022 07:55:14 AM) (Source: DbxSvc) (EventID: 281) (User: )
    Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.
    Error: (10/31/2022 03:44:25 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: explorer.exe, version: 10.0.19041.1110, time stamp: 0xe86d289e
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x000000000a560fd8
    Faulting process id: 0x1dd0
    Faulting application start time: 0x01d8ec649702be0d
    Faulting application path: C:\WINDOWS\explorer.exe
    Faulting module path: unknown
    Report Id: c17f4062-ae92-4bb4-97d0-bfc881926671
    Faulting package full name:
    Faulting package-relative application ID:
    Error: (10/31/2022 03:44:25 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: explorer.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: exception code c0000005, exception address 000000000A560FD8
    Stack:
    System errors:
    =============
    Error: (11/07/2022 07:23:31 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
    Description: DCOM got error "87" attempting to start the service WaaSMedicSvc with arguments "Unavailable" in order to run the server:
    {9EA82395-E31B-41CA-8DF7-EC1CEE7194DF}
    Error: (11/07/2022 07:23:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Windows Update Medic Service service failed to start due to the following error:
    The parameter is incorrect.
    Error: (11/07/2022 07:22:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The eapihdrv service failed to start due to the following error:
    This driver has been blocked from loading
    Error: (11/07/2022 07:22:41 PM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\Users\Work\AppData\Local\Temp\ehdrv.sys
    Error: (11/07/2022 07:22:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The eapihdrv service failed to start due to the following error:
    This driver has been blocked from loading
    Error: (11/07/2022 07:22:40 PM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\Users\Work\AppData\Local\Temp\ehdrv.sys
    Error: (11/07/2022 07:22:40 PM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\Users\Work\AppData\Local\Temp\ehdrv.sys
    Error: (11/07/2022 07:22:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The eapihdrv service failed to start due to the following error:
    This driver has been blocked from loading
    Windows Defender:
    ================
    Date: 2022-10-16 18:57:17
    Description:
    Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?li...in32/AutoKMS&threatid=2147685180&enterprise=0
    Name: HackTool:Win32/AutoKMS
    Severity: High
    Category: Tool
    Path: amsi:_\Device\HarddiskVolume10\Microsoft Toolkit v2.6.7\Microsoft Toolkit v2.6.7\Microsoft Toolkit.exe
    Detection Origin: Unknown
    Detection Type: Concrete
    Detection Source: AMSI
    Process Name: E:\Microsoft Toolkit v2.6.7\Microsoft Toolkit v2.6.7\Microsoft Toolkit.exe
    Security intelligence Version: AV: 1.377.311.0, AS: 1.377.311.0, NIS: 1.377.311.0
    Engine Version: AM: 1.1.19700.3, NIS: 1.1.19700.3
    Date: 2022-10-16 18:55:56
    Description:
    Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?li...in32/AutoKMS&threatid=2147685180&enterprise=0
    Name: HackTool:Win32/AutoKMS
    Severity: High
    Category: Tool
    Path: amsi:_\Device\HarddiskVolume10\Microsoft Toolkit v2.6.7\Microsoft Toolkit v2.6.7\Microsoft Toolkit.exe
    Detection Origin: Unknown
    Detection Type: Concrete
    Detection Source: AMSI
    Process Name: E:\Microsoft Toolkit v2.6.7\Microsoft Toolkit v2.6.7\Microsoft Toolkit.exe
    Security intelligence Version: AV: 1.377.311.0, AS: 1.377.311.0, NIS: 1.377.311.0
    Engine Version: AM: 1.1.19700.3, NIS: 1.1.19700.3
    Event[0]:
    Date: 2022-10-30 11:50:11
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.377.937.0
    Update Source: Microsoft Malware Protection Center
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.19700.3
    Error code: 0x80072f78
    Error description: The server returned an invalid or unrecognized response
    Date: 2022-10-30 11:50:11
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.377.937.0
    Update Source: Microsoft Malware Protection Center
    Security intelligence Type: AntiSpyware
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.19700.3
    Error code: 0x80072f78
    Error description: The server returned an invalid or unrecognized response
    Date: 2022-10-30 11:50:11
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.377.937.0
    Update Source: Microsoft Malware Protection Center
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.19700.3
    Error code: 0x80072f78
    Error description: The server returned an invalid or unrecognized response
    Date: 2022-10-17 14:28:42
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.377.319.0
    Update Source: Microsoft Malware Protection Center
    Security intelligence Type: AntiSpyware
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.19700.3
    Error code: 0x80072efe
    Error description: The connection with the server was terminated abnormally
    Date: 2022-10-17 14:28:42
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.377.319.0
    Update Source: Microsoft Malware Protection Center
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.19700.3
    Error code: 0x80072efe
    Error description: The connection with the server was terminated abnormally
    CodeIntegrity:
    ===============
    Date: 2022-11-07 14:23:15
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_7df576fcfa9adb45\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
    ==================== Memory info ===========================
    BIOS: Dell Inc. 1.27.0 08/12/2022
    Motherboard: Dell Inc. 0D0T05
    Processor: Intel(R) Core(TM) i7-8750H CPU @ 2.20GHz
    Percentage of memory in use: 53%
    Total physical RAM: 16118.06 MB
    Available physical RAM: 7534.54 MB
    Total Virtual: 20214.06 MB
    Available Virtual: 8687.78 MB
    ==================== Drives ================================
    Drive c: () (Fixed) (Total:454.25 GB) (Free:294.12 GB) (Model: PC SN730 NVMe WDC 512GB) NTFS
    Drive d: (New Volume) (Fixed) (Total:20.65 GB) (Free:20.6 GB) (Model: PC SN730 NVMe WDC 512GB) NTFS
    \\?\Volume{e3f680c3-bc9f-42e1-8812-43ed91c2d1a5}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS
    \\?\Volume{7bf57ea4-72e6-45f2-bf35-38d0e3b0566c}\ () (Fixed) (Total:0.82 GB) (Free:0.17 GB) NTFS
    \\?\Volume{4eec27d9-936f-423b-a4b6-97e6b1a9d2e2}\ () (Fixed) (Total:0.61 GB) (Free:0.59 GB) NTFS
    \\?\Volume{356dd288-f235-406b-899f-2558d3a60e53}\ () (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32
    ==================== MBR & Partition Table ====================
    ==========================================================
    Disk: 0 (Protective MBR) (Size: 476.9 GB) (Disk ID: 00000000)
    Partition: GPT.
    ==================== End of Addition.txt =======================
     
  3. ramesh help

    ramesh help Established Techie7 Member

    7/11/2022 19:27:23 PM
    Files scanned: 6698
    Detected files: 4
    Cleaned files: 4
    Total scan time 00:04:02
    Scan status: Finished
    C:\Program Files (x86)\IObit\IObit Uninstaller\Backup\IObitUninstaler.exe a variant of Win32/IObit.BC potentially unwanted application cleaned by deleting
    C:\Program Files (x86)\IObit\IObit Uninstaller\Pub\spepopud.exe Win32/Adware.IObit.B application cleaned by deleting
    C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe a variant of Win32/IObit.BC potentially unwanted application cleaned by deleting
    C:\Program Files (x86)\IObit\IObit Uninstaller\iush.exe a variant of Win32/IObit.BC potentially unwanted application cleaned by deleting
     
  4. ramesh help

    ramesh help Established Techie7 Member

    Program : RogueKiller Anti-Malware
    Version : 15.6.2.0
    x64 : Yes
    Program Date : Oct 10 2022
    Location : C:\Program Files\RogueKiller\RogueKiller64.exe
    Premium : No
    Company : Adlice Software
    Website : https://www.adlice.com/
    Contact : https://adlice.com/contact/
    Website : https://adlice.com/download/roguekiller/
    Operating System : Windows 10 (10.0.19043) 64-bit
    64-bit OS : Yes
    Startup : 0
    WindowsPE : No
    User : Work
    User is Admin : Yes
    Date : 2022/11/07 11:28:25
    Type : Scan
    Aborted : No
    Scan Mode : Quick
    Duration : 9
    Found items : 0
    Total scanned : 1041
    Signatures Version : 20221101_081719
    Truesight Driver : Yes
    Updates Count : 0
    Arguments : -minimize
    ************************* Warnings *************************
    ************************* Processes *************************
    ************************* Modules *************************
    ************************* Services *************************
    ************************* Scheduled Tasks *************************
    ************************* Registry *************************
    ************************* WMI *************************
    ************************* Hosts File *************************
    is_too_big : No
    hosts_file_path : N/A
    ************************* Filesystem *************************
    ************************* Web Browsers *************************
    ************************* Antirootkit *************************
     
  5. ramesh help

    ramesh help Established Techie7 Member

    # -------------------------------
    # Malwarebytes AdwCleaner 8.4.0.0
    # -------------------------------
    # Build: 08-30-2022
    # Database: 2022-10-10.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start: 11-07-2022
    # Duration: 00:00:02
    # OS: Windows 10 (Build 19043.1110)
    # Cleaned: 5
    # Failed: 0
    ***** [ Services ] *****
    No malicious services cleaned.
    ***** [ Folders ] *****
    No malicious folders cleaned.
    ***** [ Files ] *****
    No malicious files cleaned.
    ***** [ DLL ] *****
    No malicious DLLs cleaned.
    ***** [ WMI ] *****
    No malicious WMI cleaned.
    ***** [ Shortcuts ] *****
    No malicious shortcuts cleaned.
    ***** [ Tasks ] *****
    No malicious tasks cleaned.
    ***** [ Registry ] *****
    No malicious registry entries cleaned.
    ***** [ Chromium (and derivatives) ] *****
    No malicious Chromium entries cleaned.
    ***** [ Chromium URLs ] *****
    No malicious Chromium URLs cleaned.
    ***** [ Firefox (and derivatives) ] *****
    No malicious Firefox entries cleaned.
    ***** [ Firefox URLs ] *****
    No malicious Firefox URLs cleaned.
    ***** [ Hosts File Entries ] *****
    No malicious hosts file entries cleaned.
    ***** [ Preinstalled Software ] *****
    Deleted Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\PLUGIN
    Deleted Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SUPPORTASSISTAGENT
    Deleted Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\DELL\SUPPORTASSIST
    Deleted Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\DELL\UPDATESERVICE
    Deleted Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATESERVICE
    *************************
    [+] Delete Tracing Keys
    [+] Reset Winsock
    *************************
    AdwCleaner[S00].txt - [1957 octets] - [19/11/2020 10:10:02]
    AdwCleaner[C00].txt - [2102 octets] - [19/11/2020 10:10:48]
    AdwCleaner[S01].txt - [1544 octets] - [25/11/2020 11:15:19]
    AdwCleaner[S02].txt - [1605 octets] - [05/01/2021 17:20:00]
    AdwCleaner[S03].txt - [1715 octets] - [23/02/2021 08:13:05]
    AdwCleaner[C03].txt - [1917 octets] - [23/02/2021 08:13:39]
    AdwCleaner[S04].txt - [1838 octets] - [22/06/2021 22:06:08]
    AdwCleaner[C04].txt - [2008 octets] - [22/06/2021 22:06:29]
    AdwCleaner[S05].txt - [3052 octets] - [30/03/2022 03:56:12]
    AdwCleaner[C05].txt - [3710 octets] - [30/03/2022 03:56:47]
    AdwCleaner[S06].txt - [3242 octets] - [05/10/2022 08:55:22]
    AdwCleaner[C06].txt - [3913 octets] - [05/10/2022 08:55:50]
    AdwCleaner[S07].txt - [3460 octets] - [16/10/2022 19:07:55]
    AdwCleaner[C07].txt - [2934 octets] - [16/10/2022 19:08:21]
    AdwCleaner[S08].txt - [2680 octets] - [07/11/2022 19:30:43]
    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C08].txt ##########
     
  6. ramesh help

    ramesh help Established Techie7 Member

    Malwarebytes
    www.malwarebytes.com
    -Log Details-
    Scan Date: 11/7/22
    Scan Time: 7:31 PM
    Log File: ace45f00-5e8f-11ed-ab65-9cb6d0c6abda.json
    -Software Information-
    Version: 4.5.17.221
    Components Version: 1.0.1806
    Update Package Version: 1.0.61982
    License: Free
    -System Information-
    OS: Windows 10 (Build 19043.1110)
    CPU: x64
    File System: NTFS
    User: Work\Work
    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 313936
    Threats Detected: 0
    Threats Quarantined: 0
    Time Elapsed: 1 min, 24 sec
    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect
    -Scan Details-
    Process: 0
    (No malicious items detected)
    Module: 0
    (No malicious items detected)
    Registry Key: 0
    (No malicious items detected)
    Registry Value: 0
    (No malicious items detected)
    Registry Data: 0
    (No malicious items detected)
    Data Stream: 0
    (No malicious items detected)
    Folder: 0
    (No malicious items detected)
    File: 0
    (No malicious items detected)
    Physical Sector: 0
    (No malicious items detected)
    WMI: 0
    (No malicious items detected)
    (end)
     
  7. ramesh help

    ramesh help Established Techie7 Member

    Farbar Service Scanner Version: 13-08-2022 01
    Ran by Work (administrator) on 07-11-2022 at 19:34:12
    Running from "C:\Users\Work\Downloads"
    Windows 10 Home Single Language (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.
    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================
    System Restore:
    ============
    System Restore Policy:
    ========================
    Windows Security:
    ============
    Windows Update:
    ============
    wuauserv Service is not running. Error while attempting to start wuauserv:
    System error 1058 has occurred.
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    Checking service configuration:
    The start type of wuauserv service is set to Disabled. The default start type, depending on the OS, is either Auto or Demand.
    The ImagePath of wuauserv: "%systemroot%\system32\svchost.exe -k netsvcs -p".
    The ServiceDll of wuauserv service is OK.
    WaaSMedicSvc Service is not running. Error while attempting to start WaaSMedicSvc:
    System error 87 has occurred.
    The parameter is incorrect.
    Checking service configuration:
    The start type of WaaSMedicSvc service is set to Disabled. The default start type is Demand.
    The ImagePath of WaaSMedicSvc: "C:\WINDOWS\system32\svchost.exe -k wusvcs -p".
    The ServiceDll of WaaSMedicSvc service is OK.
    Windows Autoupdate Disabled Policy:
    ============================
    Windows Defender:
    ==============
    Other Services:
    ==============
    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\Drivers\netbt.sys => File is digitally signed
    C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\afd.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\SecurityHealthService.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Windows\System32\usosvc.dll => File is digitally signed
    C:\Windows\System32\WaaSMedicSvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    **** End of log ****
     
  8. ramesh help

    ramesh help Established Techie7 Member

    TFC - Temp File Cleaner by OldTimer done
     
  9. ramesh help

    ramesh help Established Techie7 Member

    Code:
    Sophos Scan & Clean
    www.sophos.com
       Computer name . . . . : WORK
       Windows . . . . . . . : 10.0.0.19043.X64/12
       User name . . . . . . : WORK\Work
       UAC . . . . . . . . . : Enabled
       License . . . . . . . : Free
       Scan date . . . . . . : 2022-11-07 19:35:58
       Scan mode . . . . . . : Normal
       Scan duration . . . . : 4m 52s
       Disk access mode  . . : Direct disk access (SRB)
       Cloud . . . . . . . . : Internet
       Reboot  . . . . . . . : No
       Threats . . . . . . . : 0
       Traces  . . . . . . . : 0
       Objects scanned . . . : 2,636,140
       Files scanned . . . . : 138,613
       Remnants scanned  . . : 724,168 files / 1,773,359 keys
    
     
  10. ramesh help

    ramesh help Established Techie7 Member

    Fix result of Farbar Recovery Scan Tool (x64) Version: 06-11-2022
    Ran by Work (07-11-2022 19:52:41) Run:5
    Running from C:\Users\Work\Downloads
    Loaded Profiles: Work
    Boot Mode: Normal
    ==============================================
    fixlist content:
    *****************
    FirewallRules: [{26F7AC57-378A-45F3-8FC8-C953C9998BE2}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
    FirewallRules: [{30D2988D-11FE-4BF0-93A1-469C468B1159}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
    Microsoft SQL Server 2008 R2 RsFx Driver (HKLM-x32\...\{93968FB2-C67A-4A9B-80C2-5D4D9393058E}) (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    Microsoft ASP.NET Core 5.0.0 Targeting Pack (x64) (HKLM\...\{7E0C04EC-9D6F-36CD-A821-DC8493EE407F}) (Version: 5.0.0.20526 - Microsoft Corporation) Hidden
    Microsoft ASP.NET Core 5.0.2 Shared Framework (x64) (HKLM\...\{16CF34DE-5F61-3FB1-8E86-C216EF723C97}) (Version: 5.0.2.20613 - Microsoft Corporation) Hidden
    Dynamic Application Loader Host Interface Service (HKLM\...\{9DE7A0A5-C13D-4FDD-B78B-53C744C82F1A}) (Version: 1.0.0.0 - Intel Corporation) Hidden
    Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{5B678BC6-D551-458B-893D-B442B21ECD21}) (Version: 5.5.4.16189 - Dell Inc.) Hidden
    Task: {D2BB5094-0DC4-407F-8B37-DDA1F4FCC666} - System32\Tasks\AdwCleaner_onReboot => E:\Others\Virus Scan\adwcleaner_8.4.0.exe /r (No File)
    *****************
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{26F7AC57-378A-45F3-8FC8-C953C9998BE2}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{30D2988D-11FE-4BF0-93A1-469C468B1159}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}\\SystemComponent" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}\\SystemComponent" => removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9}\\SystemComponent" => removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}\\SystemComponent" => removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{93968FB2-C67A-4A9B-80C2-5D4D9393058E}\\SystemComponent" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7E0C04EC-9D6F-36CD-A821-DC8493EE407F}\\SystemComponent" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16CF34DE-5F61-3FB1-8E86-C216EF723C97}\\SystemComponent" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9DE7A0A5-C13D-4FDD-B78B-53C744C82F1A}\\SystemComponent" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5B678BC6-D551-458B-893D-B442B21ECD21}\\SystemComponent" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D2BB5094-0DC4-407F-8B37-DDA1F4FCC666}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2BB5094-0DC4-407F-8B37-DDA1F4FCC666}" => removed successfully
    C:\WINDOWS\System32\Tasks\AdwCleaner_onReboot => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdwCleaner_onReboot" => removed successfully
    ==== End of Fixlog 19:52:41 ====
     
  11. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    That email is obviously a fake.
    You shouldn't be creating your own "fixlist". You removed some legit items.
    In any case, I don't see anything malicious there.
     
  12. ramesh help

    ramesh help Established Techie7 Member

    thanks for having a look. i have changed most of my account's passwords because in the email lots of my passwords have been exposed checked in pwnd site shows 5 but, in the email, almost everything has been leaked. what should i be doing restore for the fixlist? i removed it since it says "hidden". not sure what malware is hidden other places.
     
  13. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    fixlist can't be undone, but fortunately, all items you removed are just registry entries, so it shouldn't have any ill effect.