BefuddledB
Posts: 53 +0
Hi Broni,
I have bestprosoft and I also just had another browser incident whereby I was taken to site offering me money for a survey.
I am grateful for your help as ever!
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-11-2021
Ran by User (administrator) on USER-PC (Hewlett-Packard HP Pavilion dv6 Notebook PC) (14-11-2021 23:32:12)
Running from C:\Users\User\Desktop
Loaded Profiles: User
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Default browser: Opera
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files (x86)\MachinerData\Aurora_DVD_Copy.exe
() [File not signed] C:\Users\User\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
() [File not signed] C:\Windows\KMS-R@1n.exe
() [File not signed] C:\Windows\KMS-R@1nHook.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler64.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <4>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <3>
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\135.4.4221\QtWebEngineProcess.exe <3>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <43>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Hewlett-Packard Company -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Temp\OfficeClickToRun.exe.bak
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Mozilla Corporation) [File not signed] C:\Users\User\Desktop\Tor Browser\Browser\firefox.exe <4>
(PowerISO Computing, Inc.) [File not signed] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Renesas Electronics Corporation -> Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Western Digital Technologies, Inc. -> Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc. -> Western Digital) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Western Digital Technologies, Inc. -> Western Digital) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe" (No File)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [134936 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2009-03-15] (PowerISO Computing, Inc.) [File not signed]
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-14] (Renesas Electronics Corporation -> Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [8807712 2021-11-11] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [91683688 2020-06-09] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\Run: [Opera Browser Assistant] => C:\Users\User\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3126296 2020-08-18] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [34508416 2021-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\Policies\Explorer\DisallowRun: [1] 1.exe
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\Policies\Explorer\DisallowRun: [2] irsetup.exe
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\MountPoints2: {23312558-207b-11e9-8379-ac7289c252c1} - "F:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\MountPoints2: {9fb92af0-d822-11e8-aa55-ac7289c252c1} - F:\HiSuiteDownLoader.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\95.0.4638.69\Installer\chrmstp.exe [2021-11-09] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\95.0.12827.70\Installer\chrmstp.exe [2021-11-14] (Avast Software s.r.o. -> AVAST Software)
IFEO\OSPPSVC.EXE: [Debugger] KMS-R@1nHook.exe
IFEO\SppSvc.exe: [Debugger] KMS-R@1nHook.exe
InternetURL: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download Latest Office 2016 Permanent Ultimate Activator.url -> URL: hxxp://bestprosoft.com/category/download-latest-best-professional-software-2016/
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2020-10-08]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01149AF2-91D3-421D-AE37-554601C33FF2} - System32\Tasks\Opera scheduled assistant Autoupdate 1596061853 => C:\Users\User\AppData\Local\Programs\Opera\launcher.exe [46227664 2021-10-20] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\User\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {04E72C72-C482-461C-8E2B-4984AE53DDF2} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4929304 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
Task: {065CBA15-8F23-462C-B9F1-B5E874D68F0D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {0ABAB06E-9E5E-41F4-8E50-8ECC2081F60E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-06-17] (Piriform Software Ltd -> Piriform)
Task: {0C790257-6071-490A-BC56-5543226C2007} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24613248 2021-10-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {14036993-9EAB-43E4-9BAE-B6DF86611222} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-01-31] (Avast Software s.r.o. -> AVAST Software)
Task: {180B8E0B-626D-48AB-A236-50F5E679B3F6} - System32\Tasks\R@1n-KMS\Office16ProjectPro => wmic path OfficeSoftwareProtectionProduct where (ID="4f414197-0fc2-4c01-b68a-86cbb9ac254c") call Activate
Task: {1A6F9DA4-3D1C-4E60-83A8-9A7788D8EDCF} - System32\Tasks\ProtonVPN Update => C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-06-04] (ProtonVPN AG -> )
Task: {1DC69C46-7E58-4336-A944-8AAC00A36E05} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4371888 2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {296BE3F2-8435-4DBD-A973-3F28464DBF50} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [326320 2021-06-16] (HP Inc. -> HP Inc.)
Task: {2F3CCCD3-CF46-4DE2-80F6-4AB549C147E9} - System32\Tasks\{3B953E3C-891C-4131-8CD3-0642DB8D2E73} => C:\Windows\system32\pcalua.exe -a "C:\Users\User\Downloads\Bluetooth hpdv6\sp61617.exe" -d "C:\Users\User\Downloads\Bluetooth hpdv6"
Task: {3045603C-336A-4CF4-82FD-5FEBA05D608C} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {32A88FCA-D3B0-4A19-9140-38373B94969B} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-14] (Dropbox, Inc -> Dropbox, Inc.)
Task: {3F92D4D8-1A15-4D8F-9C39-6C069BB93D5C} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2414739685-3642484520-4203288351-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781} C:\Windows\System32\gameux.dll [2746368 2012-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {482F3F6C-8AA8-43AE-920E-DB0270CC26E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-17] (Google Inc -> Google Inc.)
Task: {5D280EBE-808D-40EE-8C77-1CA92B7ED0C7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {6158DBFF-208A-48BD-80B5-D79BB3671389} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2495608 2021-11-01] (Avast Software s.r.o. -> AVAST Software)
Task: {636EDCF0-DCD4-4012-832C-A9CA1EE6768D} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe /off=act (No File)
Task: {70D7D124-81ED-420D-9C45-3E433CCD5A40} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984 2020-09-17] (HP Inc. -> HP Inc.)
Task: {73B88F1A-4C3F-4A8A-9EAF-17E2CB472599} - System32\Tasks\R@1n-KMS\Office16ProPlus => wmic path OfficeSoftwareProtectionProduct where (ID="d450596f-894d-49e0-966a-fd39ed4c4c64") call Activate
Task: {78AE1C7E-9FA3-42BC-82E9-8ED455813A0E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)
Task: {78B60131-294E-4C13-81FC-8176B89C5989} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115048 2021-10-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {78F30F0D-F5C6-41B1-9703-E31CB9AC7053} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4371888 2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {7B1FDD86-A4F6-48B1-B35A-BF0044BBAE6F} - System32\Tasks\R@1n-KMS\Office16VisioPro => wmic path OfficeSoftwareProtectionProduct where (ID="6bf301c1-b94a-43e9-ba31-d494598c47fb") call Activate
Task: {7BA07AE5-928B-4EF6-8B0C-1E256296976F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28880512 2021-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {7BE16C90-4BF1-41B2-A01A-47D9C98FA39D} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-14] (Dropbox, Inc -> Dropbox, Inc.)
Task: {7C30876A-9D75-4064-AA58-DC8C5E6F9FAC} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2017-09-27] (HP Inc. -> HP Inc.)
Task: {7EF209F5-D4CD-4E02-9271-0D47AAA2A7E6} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [690616 2021-06-16] (Mozilla Corporation -> Mozilla Foundation)
Task: {81790D93-0133-433D-97A9-E7AB3E5C268E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24613248 2021-10-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {96176D95-2445-4C0F-A9EA-3235112F8E9B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)
Task: {9AFF46AF-F292-46E9-9E73-0CBD73DA7ACE} - System32\Tasks\Opera scheduled Autoupdate 1596061835 => C:\Users\User\AppData\Local\Programs\Opera\launcher.exe [46227664 2021-10-20] (Opera Software AS -> Opera Software)
Task: {9DCB4068-A735-4220-B771-24FA6D211758} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115048 2021-10-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {B67D3B71-B1D4-4CEB-A0C9-5FD66D25E0E6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-17] (Google Inc -> Google Inc.)
Task: {C5E06225-6D7F-49B6-9D3F-8B7A1EAA855B} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-01-31] (Avast Software s.r.o. -> AVAST Software)
Task: {C80B29FD-9C63-4D38-85F1-EC78096F1978} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\BingPopup\BingPopup.exe [555640 2021-03-25] (HP Inc. -> HP Inc.)
Task: {D6D1F782-E125-466A-A86C-C2CAABCCC1E4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {DC9FE7DB-0187-4AA1-9E77-08F7018D3338} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {F6C2C10B-D39E-4682-9A03-DC10E5AB0B0A} - System32\Tasks\GoogleUpdateSoftware => C:\Users\User\AppData\Roaming\GoogleUpdater.exe [971264 2021-02-01] (Google LLC) [File not signed] <==== ATTENTION
Task: {FBCC263E-A47B-4D42-A58E-99C91F2ECD95} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984 2020-09-17] (HP Inc. -> HP Inc.)
Task: {FD1DA291-2AB1-4D08-B488-FB1376392910} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2495608 2021-11-01] (Avast Software s.r.o. -> AVAST Software)
Task: {FE82DD8A-B5DE-4227-83C4-8CAEFC4B7F5B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136304 2021-03-30] (HP Inc. -> HP Inc.)
Task: {FFD19AA6-7616-4174-B709-757AC2589C98} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1790184 2021-04-29] (Avast Software s.r.o. -> Avast Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{11E4DE98-3DF0-4B24-8DF3-DC73EEC1F140}: [DhcpNameServer] 192.168.43.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-18]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF DefaultProfile: 1ai3eh1c.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default [2021-09-29]
FF Homepage: Mozilla\Firefox\Profiles\1ai3eh1c.default -> search.yahoo.com
FF NewTab: Mozilla\Firefox\Profiles\1ai3eh1c.default -> hxxps://gr.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__180508__yaff
FF Extension: (anonymoX) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default\Extensions\client@anonymox.net.xpi [2021-01-04]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default\Extensions\sp@avast.com.xpi [2021-09-29]
FF Extension: (Avast Online Security) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default\Extensions\wrc@avast.com.xpi [2021-05-23]
FF Extension: (Mozilla Official) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default\Extensions\{14553439-2741-4e9d-b474-784f336f58c9} [2021-08-18] [not signed]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2021-09-29]
FF Extension: (Video DownloadHelper) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2021-09-29]
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default\searchplugins\yahoo-lavasoft-ff59.xml [2018-05-08]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2021-01-31] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2021-01-31] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2021-11-14]
CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://mail.protonmail.com; hxxps://mail.yahoo.com; hxxps://www.reddit.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/#inbox","hxxps://radindiemedia.com/","hxxps://sudantribune.com/","hxxps://www.lrb.co.uk/","hxxps://lareviewofbooks.org/"
CHR DefaultSearchKeyword: Default -> google.co.jp_
CHR Extension: (Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-17]
CHR Extension: (TheFreeDictionary.com Extension) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\afgabimphpgkjochcoogplolgpcagmap [2018-04-26]
CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-26]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-14]
CHR Extension: (DuckDuckGo) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2021-10-29]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-26]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-09-16]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2021-09-22]
CHR Extension: (Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-17]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-29]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-10-29]
CHR Extension: (Google Calendar) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2021-01-20]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2021-10-29]
CHR Extension: (Video Downloader Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkdmdpdhfaamhgaojpelccmeehpfljgf [2021-05-23]
CHR Extension: (Kindle Cloud Reader) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2018-04-26]
CHR Extension: (anonymoX) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpklikeghomkemdellmmkoifgfbakio [2019-11-07]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-10-29]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2021-10-29]
CHR Extension: (Plugins) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcblfncjaclajmegihojiekebofjcen [2018-04-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-01]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-14]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-07-17]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
Opera:
=======
OPR Profile: C:\Users\User\AppData\Roaming\Opera Software\Opera Stable [2021-11-14]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-11-14]
OPR Extension: (Onion Control (anonymous proxy)) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\knfbgpkbkfebddfbklfpgmdjgolnkkfl [2021-01-03]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8323664 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-01-31] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [630040 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [1639704 2021-10-29] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [377624 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-01-31] (Avast Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\95.0.12827.70\elevation_service.exe [1713640 2021-11-01] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56912 2021-07-09] (Avast Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11137416 2021-10-10] (Microsoft Corporation -> Microsoft Corporation)
S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [90776 2014-03-21] (Microsoft Corporation -> Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [158912 2019-03-28] (Microsoft Dynamic Code Publisher -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-14] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-14] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [44328 2021-11-11] (Dropbox, Inc -> Dropbox, Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.)
R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2021-08-18] () [File not signed]
R2 Main Service; C:\Program Files (x86)\MachinerData\Aurora_DVD_Copy.exe [2961408 2020-02-08] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7462200 2021-07-04] (Malwarebytes Inc -> Malwarebytes)
S3 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [101184 2020-06-04] (ProtonVPN AG -> )
S3 ProtonVPN Update Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-06-04] (ProtonVPN AG -> )
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13684792 2020-12-14] (Adlice -> )
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital Technologies, Inc. -> Western Digital)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-19] (Western Digital Technologies, Inc. -> Western Digital)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital Technologies, Inc. -> Western Digital)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [35720 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [221600 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [369176 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [250408 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [99368 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [41368 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [184640 2021-10-07] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [538480 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2020-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [107864 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [82912 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [851712 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [557152 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [215392 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [328568 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
S3 DSE_USB; C:\Windows\System32\drivers\DSE_USB.sys [336872 2017-10-24] (Jungo Connectivity Ltd. -> Jungo Connectivity)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220752 2021-08-18] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-07-04] (Malwarebytes Inc -> Malwarebytes)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [91648 2011-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [208896 2011-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
S3 ProtonVPNSplitTunnel; C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win7\ProtonVPN.SplitTunnelDriver.sys [22456 2020-06-04] (ProtonVPN AG -> Proton Technologies AG)
R1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [85424 2009-03-15] (Fenghua Lee -> PowerISO Computing, Inc.)
R3 tapprotonvpn; C:\Windows\System32\DRIVERS\tapprotonvpn.sys [39864 2020-04-06] (ProtonVPN AG -> The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2021-10-29] (Adlice -> )
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [14464 2012-09-19] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-11-14 23:32 - 2021-11-14 23:35 - 000036042 _____ C:\Users\User\Desktop\FRST.txt
2021-11-14 21:57 - 2021-11-14 21:57 - 000000000 ____D C:\Users\User\Desktop\FRST-OlderVersion
2021-11-14 21:56 - 2021-11-14 23:33 - 000000000 ____D C:\FRST
2021-11-14 21:55 - 2021-11-14 21:57 - 002311680 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2021-11-14 20:30 - 2021-11-14 20:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-11-11 04:09 - 2021-11-11 04:09 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2021-11-11 04:09 - 2021-11-11 04:09 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2021-11-11 04:09 - 2021-11-11 04:09 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2021-11-11 04:09 - 2021-11-11 04:09 - 000044328 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2021-10-29 18:27 - 2021-10-29 18:27 - 000038032 _____ C:\Windows\system32\Drivers\truesight.sys
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-11-14 23:11 - 2018-04-17 20:22 - 000000000 ____D C:\Program Files (x86)\Google
2021-11-14 22:35 - 2019-11-19 04:08 - 000004168 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2021-11-14 21:29 - 2020-02-20 05:10 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-11-14 21:06 - 2021-01-20 15:25 - 000003732 _____ C:\Windows\system32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2021-11-14 21:06 - 2020-07-01 16:15 - 000002431 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2021-11-14 21:06 - 2020-07-01 16:15 - 000002388 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2021-11-14 21:03 - 2021-01-20 14:35 - 000004040 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1596061835
2021-11-14 20:36 - 2018-05-22 23:59 - 000000000 ____D C:\Users\User\AppData\Local\Dropbox
2021-11-14 20:31 - 2018-05-22 23:59 - 000000000 ____D C:\Program Files (x86)\Dropbox
2021-11-14 20:19 - 2018-05-22 23:59 - 000003902 _____ C:\Windows\system32\Tasks\DropboxUpdateTaskMachineUA
2021-11-14 20:19 - 2018-05-22 23:59 - 000003650 _____ C:\Windows\system32\Tasks\DropboxUpdateTaskMachineCore
2021-11-14 20:19 - 2018-05-22 23:59 - 000000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2021-11-14 20:19 - 2018-05-22 23:59 - 000000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2021-11-14 20:13 - 2018-04-14 14:20 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2021-11-09 12:28 - 2018-04-17 20:49 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-11-09 12:28 - 2018-04-17 20:49 - 000002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-11-05 12:07 - 2009-07-14 08:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2021-11-05 12:07 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
2021-11-01 16:36 - 2009-07-14 07:45 - 000026848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-11-01 16:36 - 2009-07-14 07:45 - 000026848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-11-01 16:15 - 2020-03-14 21:31 - 000002061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-11-01 16:13 - 2018-04-29 17:13 - 000000000 ____D C:\Users\User\AppData\Roaming\qBittorrent
2021-10-29 23:02 - 2021-09-26 23:19 - 000000000 ____D C:\Users\User\Downloads\Star.Trek.Picard.S01.COMPLETE.REPACK.720p.AMZN.WEBRip.x264-GalaxyTV[TGx]
2021-10-29 21:32 - 2018-10-18 00:03 - 000000000 ____D C:\Users\User\Documents\LLB
2021-10-29 20:42 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\system32\NDF
2021-10-29 19:34 - 2020-07-01 16:15 - 000000000 ____D C:\Users\User\AppData\Local\AVAST Software
2021-10-29 18:29 - 2018-04-13 12:00 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-10-29 18:26 - 2019-11-19 04:05 - 000000000 ____D C:\ProgramData\AVAST Software
2021-10-29 18:26 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-10-26 19:47 - 2020-12-18 16:16 - 000000000 ____D C:\Users\User\AppData\Roaming\vlc
2021-10-26 18:15 - 2021-06-13 21:30 - 000000000 ____D C:\Users\User\Documents\Bet
==================== Files in the root of some directories ========
2021-02-01 19:57 - 2021-02-01 19:57 - 000971264 _____ (Google LLC) C:\Users\User\AppData\Roaming\GoogleUpdater.exe
2020-02-20 05:48 - 2020-02-20 05:48 - 000000000 _____ () C:\Users\User\AppData\Local\oobelibMkey.log
2021-09-17 16:38 - 2021-09-17 16:38 - 000000218 _____ () C:\Users\User\AppData\Local\recently-used.xbel
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2021-11-09 13:15
==================== End of FRST.txt ========================
I have bestprosoft and I also just had another browser incident whereby I was taken to site offering me money for a survey.
I am grateful for your help as ever!
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-11-2021
Ran by User (administrator) on USER-PC (Hewlett-Packard HP Pavilion dv6 Notebook PC) (14-11-2021 23:32:12)
Running from C:\Users\User\Desktop
Loaded Profiles: User
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Default browser: Opera
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files (x86)\MachinerData\Aurora_DVD_Copy.exe
() [File not signed] C:\Users\User\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
() [File not signed] C:\Windows\KMS-R@1n.exe
() [File not signed] C:\Windows\KMS-R@1nHook.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler64.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <4>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <3>
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\135.4.4221\QtWebEngineProcess.exe <3>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <43>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Hewlett-Packard Company -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Temp\OfficeClickToRun.exe.bak
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Mozilla Corporation) [File not signed] C:\Users\User\Desktop\Tor Browser\Browser\firefox.exe <4>
(PowerISO Computing, Inc.) [File not signed] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Renesas Electronics Corporation -> Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Western Digital Technologies, Inc. -> Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc. -> Western Digital) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Western Digital Technologies, Inc. -> Western Digital) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe" (No File)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [134936 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2009-03-15] (PowerISO Computing, Inc.) [File not signed]
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-14] (Renesas Electronics Corporation -> Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [8807712 2021-11-11] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [91683688 2020-06-09] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\Run: [Opera Browser Assistant] => C:\Users\User\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3126296 2020-08-18] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [34508416 2021-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\Policies\Explorer\DisallowRun: [1] 1.exe
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\Policies\Explorer\DisallowRun: [2] irsetup.exe
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\MountPoints2: {23312558-207b-11e9-8379-ac7289c252c1} - "F:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\MountPoints2: {9fb92af0-d822-11e8-aa55-ac7289c252c1} - F:\HiSuiteDownLoader.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\95.0.4638.69\Installer\chrmstp.exe [2021-11-09] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\95.0.12827.70\Installer\chrmstp.exe [2021-11-14] (Avast Software s.r.o. -> AVAST Software)
IFEO\OSPPSVC.EXE: [Debugger] KMS-R@1nHook.exe
IFEO\SppSvc.exe: [Debugger] KMS-R@1nHook.exe
InternetURL: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download Latest Office 2016 Permanent Ultimate Activator.url -> URL: hxxp://bestprosoft.com/category/download-latest-best-professional-software-2016/
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2020-10-08]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01149AF2-91D3-421D-AE37-554601C33FF2} - System32\Tasks\Opera scheduled assistant Autoupdate 1596061853 => C:\Users\User\AppData\Local\Programs\Opera\launcher.exe [46227664 2021-10-20] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\User\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {04E72C72-C482-461C-8E2B-4984AE53DDF2} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4929304 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
Task: {065CBA15-8F23-462C-B9F1-B5E874D68F0D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {0ABAB06E-9E5E-41F4-8E50-8ECC2081F60E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-06-17] (Piriform Software Ltd -> Piriform)
Task: {0C790257-6071-490A-BC56-5543226C2007} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24613248 2021-10-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {14036993-9EAB-43E4-9BAE-B6DF86611222} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-01-31] (Avast Software s.r.o. -> AVAST Software)
Task: {180B8E0B-626D-48AB-A236-50F5E679B3F6} - System32\Tasks\R@1n-KMS\Office16ProjectPro => wmic path OfficeSoftwareProtectionProduct where (ID="4f414197-0fc2-4c01-b68a-86cbb9ac254c") call Activate
Task: {1A6F9DA4-3D1C-4E60-83A8-9A7788D8EDCF} - System32\Tasks\ProtonVPN Update => C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-06-04] (ProtonVPN AG -> )
Task: {1DC69C46-7E58-4336-A944-8AAC00A36E05} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4371888 2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {296BE3F2-8435-4DBD-A973-3F28464DBF50} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [326320 2021-06-16] (HP Inc. -> HP Inc.)
Task: {2F3CCCD3-CF46-4DE2-80F6-4AB549C147E9} - System32\Tasks\{3B953E3C-891C-4131-8CD3-0642DB8D2E73} => C:\Windows\system32\pcalua.exe -a "C:\Users\User\Downloads\Bluetooth hpdv6\sp61617.exe" -d "C:\Users\User\Downloads\Bluetooth hpdv6"
Task: {3045603C-336A-4CF4-82FD-5FEBA05D608C} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {32A88FCA-D3B0-4A19-9140-38373B94969B} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-14] (Dropbox, Inc -> Dropbox, Inc.)
Task: {3F92D4D8-1A15-4D8F-9C39-6C069BB93D5C} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2414739685-3642484520-4203288351-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781} C:\Windows\System32\gameux.dll [2746368 2012-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {482F3F6C-8AA8-43AE-920E-DB0270CC26E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-17] (Google Inc -> Google Inc.)
Task: {5D280EBE-808D-40EE-8C77-1CA92B7ED0C7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {6158DBFF-208A-48BD-80B5-D79BB3671389} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2495608 2021-11-01] (Avast Software s.r.o. -> AVAST Software)
Task: {636EDCF0-DCD4-4012-832C-A9CA1EE6768D} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe /off=act (No File)
Task: {70D7D124-81ED-420D-9C45-3E433CCD5A40} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984 2020-09-17] (HP Inc. -> HP Inc.)
Task: {73B88F1A-4C3F-4A8A-9EAF-17E2CB472599} - System32\Tasks\R@1n-KMS\Office16ProPlus => wmic path OfficeSoftwareProtectionProduct where (ID="d450596f-894d-49e0-966a-fd39ed4c4c64") call Activate
Task: {78AE1C7E-9FA3-42BC-82E9-8ED455813A0E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)
Task: {78B60131-294E-4C13-81FC-8176B89C5989} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115048 2021-10-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {78F30F0D-F5C6-41B1-9703-E31CB9AC7053} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4371888 2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {7B1FDD86-A4F6-48B1-B35A-BF0044BBAE6F} - System32\Tasks\R@1n-KMS\Office16VisioPro => wmic path OfficeSoftwareProtectionProduct where (ID="6bf301c1-b94a-43e9-ba31-d494598c47fb") call Activate
Task: {7BA07AE5-928B-4EF6-8B0C-1E256296976F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28880512 2021-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {7BE16C90-4BF1-41B2-A01A-47D9C98FA39D} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-14] (Dropbox, Inc -> Dropbox, Inc.)
Task: {7C30876A-9D75-4064-AA58-DC8C5E6F9FAC} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2017-09-27] (HP Inc. -> HP Inc.)
Task: {7EF209F5-D4CD-4E02-9271-0D47AAA2A7E6} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [690616 2021-06-16] (Mozilla Corporation -> Mozilla Foundation)
Task: {81790D93-0133-433D-97A9-E7AB3E5C268E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24613248 2021-10-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {96176D95-2445-4C0F-A9EA-3235112F8E9B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)
Task: {9AFF46AF-F292-46E9-9E73-0CBD73DA7ACE} - System32\Tasks\Opera scheduled Autoupdate 1596061835 => C:\Users\User\AppData\Local\Programs\Opera\launcher.exe [46227664 2021-10-20] (Opera Software AS -> Opera Software)
Task: {9DCB4068-A735-4220-B771-24FA6D211758} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115048 2021-10-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {B67D3B71-B1D4-4CEB-A0C9-5FD66D25E0E6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-17] (Google Inc -> Google Inc.)
Task: {C5E06225-6D7F-49B6-9D3F-8B7A1EAA855B} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-01-31] (Avast Software s.r.o. -> AVAST Software)
Task: {C80B29FD-9C63-4D38-85F1-EC78096F1978} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\BingPopup\BingPopup.exe [555640 2021-03-25] (HP Inc. -> HP Inc.)
Task: {D6D1F782-E125-466A-A86C-C2CAABCCC1E4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {DC9FE7DB-0187-4AA1-9E77-08F7018D3338} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {F6C2C10B-D39E-4682-9A03-DC10E5AB0B0A} - System32\Tasks\GoogleUpdateSoftware => C:\Users\User\AppData\Roaming\GoogleUpdater.exe [971264 2021-02-01] (Google LLC) [File not signed] <==== ATTENTION
Task: {FBCC263E-A47B-4D42-A58E-99C91F2ECD95} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984 2020-09-17] (HP Inc. -> HP Inc.)
Task: {FD1DA291-2AB1-4D08-B488-FB1376392910} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2495608 2021-11-01] (Avast Software s.r.o. -> AVAST Software)
Task: {FE82DD8A-B5DE-4227-83C4-8CAEFC4B7F5B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136304 2021-03-30] (HP Inc. -> HP Inc.)
Task: {FFD19AA6-7616-4174-B709-757AC2589C98} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1790184 2021-04-29] (Avast Software s.r.o. -> Avast Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{11E4DE98-3DF0-4B24-8DF3-DC73EEC1F140}: [DhcpNameServer] 192.168.43.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-18]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF DefaultProfile: 1ai3eh1c.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default [2021-09-29]
FF Homepage: Mozilla\Firefox\Profiles\1ai3eh1c.default -> search.yahoo.com
FF NewTab: Mozilla\Firefox\Profiles\1ai3eh1c.default -> hxxps://gr.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__180508__yaff
FF Extension: (anonymoX) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default\Extensions\client@anonymox.net.xpi [2021-01-04]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default\Extensions\sp@avast.com.xpi [2021-09-29]
FF Extension: (Avast Online Security) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default\Extensions\wrc@avast.com.xpi [2021-05-23]
FF Extension: (Mozilla Official) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default\Extensions\{14553439-2741-4e9d-b474-784f336f58c9} [2021-08-18] [not signed]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2021-09-29]
FF Extension: (Video DownloadHelper) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2021-09-29]
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default\searchplugins\yahoo-lavasoft-ff59.xml [2018-05-08]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2021-01-31] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2021-01-31] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2021-11-14]
CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://mail.protonmail.com; hxxps://mail.yahoo.com; hxxps://www.reddit.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/#inbox","hxxps://radindiemedia.com/","hxxps://sudantribune.com/","hxxps://www.lrb.co.uk/","hxxps://lareviewofbooks.org/"
CHR DefaultSearchKeyword: Default -> google.co.jp_
CHR Extension: (Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-17]
CHR Extension: (TheFreeDictionary.com Extension) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\afgabimphpgkjochcoogplolgpcagmap [2018-04-26]
CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-26]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-14]
CHR Extension: (DuckDuckGo) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2021-10-29]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-26]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-09-16]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2021-09-22]
CHR Extension: (Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-17]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-29]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-10-29]
CHR Extension: (Google Calendar) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2021-01-20]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2021-10-29]
CHR Extension: (Video Downloader Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkdmdpdhfaamhgaojpelccmeehpfljgf [2021-05-23]
CHR Extension: (Kindle Cloud Reader) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2018-04-26]
CHR Extension: (anonymoX) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpklikeghomkemdellmmkoifgfbakio [2019-11-07]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-10-29]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2021-10-29]
CHR Extension: (Plugins) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcblfncjaclajmegihojiekebofjcen [2018-04-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-01]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-14]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-07-17]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
Opera:
=======
OPR Profile: C:\Users\User\AppData\Roaming\Opera Software\Opera Stable [2021-11-14]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-11-14]
OPR Extension: (Onion Control (anonymous proxy)) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\knfbgpkbkfebddfbklfpgmdjgolnkkfl [2021-01-03]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8323664 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-01-31] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [630040 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [1639704 2021-10-29] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [377624 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-01-31] (Avast Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\95.0.12827.70\elevation_service.exe [1713640 2021-11-01] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56912 2021-07-09] (Avast Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11137416 2021-10-10] (Microsoft Corporation -> Microsoft Corporation)
S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [90776 2014-03-21] (Microsoft Corporation -> Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [158912 2019-03-28] (Microsoft Dynamic Code Publisher -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-14] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-14] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [44328 2021-11-11] (Dropbox, Inc -> Dropbox, Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.)
R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2021-08-18] () [File not signed]
R2 Main Service; C:\Program Files (x86)\MachinerData\Aurora_DVD_Copy.exe [2961408 2020-02-08] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7462200 2021-07-04] (Malwarebytes Inc -> Malwarebytes)
S3 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [101184 2020-06-04] (ProtonVPN AG -> )
S3 ProtonVPN Update Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-06-04] (ProtonVPN AG -> )
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13684792 2020-12-14] (Adlice -> )
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital Technologies, Inc. -> Western Digital)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-19] (Western Digital Technologies, Inc. -> Western Digital)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital Technologies, Inc. -> Western Digital)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [35720 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [221600 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [369176 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [250408 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [99368 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [41368 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [184640 2021-10-07] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [538480 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2020-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [107864 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [82912 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [851712 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [557152 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [215392 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [328568 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
S3 DSE_USB; C:\Windows\System32\drivers\DSE_USB.sys [336872 2017-10-24] (Jungo Connectivity Ltd. -> Jungo Connectivity)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220752 2021-08-18] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-07-04] (Malwarebytes Inc -> Malwarebytes)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [91648 2011-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [208896 2011-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
S3 ProtonVPNSplitTunnel; C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win7\ProtonVPN.SplitTunnelDriver.sys [22456 2020-06-04] (ProtonVPN AG -> Proton Technologies AG)
R1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [85424 2009-03-15] (Fenghua Lee -> PowerISO Computing, Inc.)
R3 tapprotonvpn; C:\Windows\System32\DRIVERS\tapprotonvpn.sys [39864 2020-04-06] (ProtonVPN AG -> The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2021-10-29] (Adlice -> )
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [14464 2012-09-19] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-11-14 23:32 - 2021-11-14 23:35 - 000036042 _____ C:\Users\User\Desktop\FRST.txt
2021-11-14 21:57 - 2021-11-14 21:57 - 000000000 ____D C:\Users\User\Desktop\FRST-OlderVersion
2021-11-14 21:56 - 2021-11-14 23:33 - 000000000 ____D C:\FRST
2021-11-14 21:55 - 2021-11-14 21:57 - 002311680 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2021-11-14 20:30 - 2021-11-14 20:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-11-11 04:09 - 2021-11-11 04:09 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2021-11-11 04:09 - 2021-11-11 04:09 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2021-11-11 04:09 - 2021-11-11 04:09 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2021-11-11 04:09 - 2021-11-11 04:09 - 000044328 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2021-10-29 18:27 - 2021-10-29 18:27 - 000038032 _____ C:\Windows\system32\Drivers\truesight.sys
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-11-14 23:11 - 2018-04-17 20:22 - 000000000 ____D C:\Program Files (x86)\Google
2021-11-14 22:35 - 2019-11-19 04:08 - 000004168 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2021-11-14 21:29 - 2020-02-20 05:10 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-11-14 21:06 - 2021-01-20 15:25 - 000003732 _____ C:\Windows\system32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2021-11-14 21:06 - 2020-07-01 16:15 - 000002431 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2021-11-14 21:06 - 2020-07-01 16:15 - 000002388 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2021-11-14 21:03 - 2021-01-20 14:35 - 000004040 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1596061835
2021-11-14 20:36 - 2018-05-22 23:59 - 000000000 ____D C:\Users\User\AppData\Local\Dropbox
2021-11-14 20:31 - 2018-05-22 23:59 - 000000000 ____D C:\Program Files (x86)\Dropbox
2021-11-14 20:19 - 2018-05-22 23:59 - 000003902 _____ C:\Windows\system32\Tasks\DropboxUpdateTaskMachineUA
2021-11-14 20:19 - 2018-05-22 23:59 - 000003650 _____ C:\Windows\system32\Tasks\DropboxUpdateTaskMachineCore
2021-11-14 20:19 - 2018-05-22 23:59 - 000000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2021-11-14 20:19 - 2018-05-22 23:59 - 000000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2021-11-14 20:13 - 2018-04-14 14:20 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2021-11-09 12:28 - 2018-04-17 20:49 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-11-09 12:28 - 2018-04-17 20:49 - 000002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-11-05 12:07 - 2009-07-14 08:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2021-11-05 12:07 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
2021-11-01 16:36 - 2009-07-14 07:45 - 000026848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-11-01 16:36 - 2009-07-14 07:45 - 000026848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-11-01 16:15 - 2020-03-14 21:31 - 000002061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-11-01 16:13 - 2018-04-29 17:13 - 000000000 ____D C:\Users\User\AppData\Roaming\qBittorrent
2021-10-29 23:02 - 2021-09-26 23:19 - 000000000 ____D C:\Users\User\Downloads\Star.Trek.Picard.S01.COMPLETE.REPACK.720p.AMZN.WEBRip.x264-GalaxyTV[TGx]
2021-10-29 21:32 - 2018-10-18 00:03 - 000000000 ____D C:\Users\User\Documents\LLB
2021-10-29 20:42 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\system32\NDF
2021-10-29 19:34 - 2020-07-01 16:15 - 000000000 ____D C:\Users\User\AppData\Local\AVAST Software
2021-10-29 18:29 - 2018-04-13 12:00 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-10-29 18:26 - 2019-11-19 04:05 - 000000000 ____D C:\ProgramData\AVAST Software
2021-10-29 18:26 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-10-26 19:47 - 2020-12-18 16:16 - 000000000 ____D C:\Users\User\AppData\Roaming\vlc
2021-10-26 18:15 - 2021-06-13 21:30 - 000000000 ____D C:\Users\User\Documents\Bet
==================== Files in the root of some directories ========
2021-02-01 19:57 - 2021-02-01 19:57 - 000971264 _____ (Google LLC) C:\Users\User\AppData\Roaming\GoogleUpdater.exe
2020-02-20 05:48 - 2020-02-20 05:48 - 000000000 _____ () C:\Users\User\AppData\Local\oobelibMkey.log
2021-09-17 16:38 - 2021-09-17 16:38 - 000000218 _____ () C:\Users\User\AppData\Local\recently-used.xbel
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2021-11-09 13:15
==================== End of FRST.txt ========================