Solved My laptops got infected ?

Hi,
It all started with me downloading an attached pdf from an spam email on my laptop. As soon as I realized that this was silly on my part I deleted the pdf and started looking to find clues what kind of damage it had done. I ran windows security scan& malware bytes scan and few more but they couldn't find anything.

However my laptop seemed sluggish. Then I noticed many suspicious looking services running like 'Udk User Service_339e4', 'Clipboard User Service_e39e4', 'MessagingService_e39e4' and many more like that.

I also noticed lot of security audit events in event viewer for 'Credential Manager credentials were read', 'Special privileges assigned to new logon', 'An account was successfully logged on'. It all looks very suspicious.

I have provided logs from running 'Farbar Recovery Scan Tool (FRST) ' below. I will be really grateful if experts here can take a look and provide their help.

==================FRST.txt==============================


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-12-2020
Ran by Chanchal (administrator) on WINDOWS-CAFP9OV (Dell Inc. Latitude 7490) (02-01-2021 17:23:11)
Running from C:\AntiVirusTools\FRST
Loaded Profiles: Chanchal
Platform: Windows 10 Pro Version 2004 19041.685 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <14>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [321096 2017-08-18] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9277944 2019-04-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1515000 2019-04-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [1213736 2018-11-04] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3315280 2019-09-10] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646160 2019-12-11] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1079059935-2040455010-3243201420-1002\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [91701608 2020-07-07] (Skype Software Sarl -> Skype Technologies S.A.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-07] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {171058E2-CA28-4471-A297-6BD484C13FBD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {33F6C3AA-E4CE-4E2F-8136-FEC160036721} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1059336 2020-12-04] (Dell Inc -> Dell Inc.)
Task: {3481E15F-AD76-4380-9AAF-14C7FE781888} - System32\Tasks\Agent Activation Runtime\S-1-5-21-1079059935-2040455010-3243201420-1002 => C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe [13312 2020-12-10] (Microsoft Windows -> )
Task: {46D68B5E-AFB6-478D-9AB4-7866C7339416} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23054216 2020-12-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {4FA19EE8-78A1-4A07-9A36-BDAE2972788D} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe
Task: {60AE28DC-31F5-49F1-84CC-0C57E8AB7D57} - System32\Tasks\G2MUpdateTask-S-1-5-21-1079059935-2040455010-3243201420-1002 => C:\Users\Chanchal\AppData\Local\GoToMeeting\19228\g2mupdate.exe [31320 2020-12-18] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {6435F43C-D8EF-453F-A6C7-4457F727910C} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116584 2020-12-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {66108BF2-95D6-4330-BFED-0B78B024EE24} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7F700FC2-3C94-4ED1-80FA-D0F852F82E93} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {8792E7C4-AE86-43D3-9E80-370E8DFDECB1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {9BE77F2B-F72A-441D-92D7-3E262BEC2F50} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-02-25] (Google LLC -> Google LLC)
Task: {A24F97A8-21C0-4089-8ED6-85B0D5489E7E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A3C9F80A-BA0D-41A7-A109-0F209F983F2A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-02-25] (Google LLC -> Google LLC)
Task: {B48A52EE-EC07-416E-AC1F-AF7DF3657DB8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23054216 2020-12-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {D0975E51-3E85-4E4B-9A04-868F776FBC50} - System32\Tasks\G2MUploadTask-S-1-5-21-1079059935-2040455010-3243201420-1002 => C:\Users\Chanchal\AppData\Local\GoToMeeting\19228\g2mupload.exe [31320 2020-12-18] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {DD7BF700-B69F-4335-A94A-EDA400F77525} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe
Task: {E98658FE-62CC-4DEC-A51A-615F78217F6D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116584 2020-12-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {EC49720A-D531-40A4-BA32-CF02807E8221} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F0CB0420-44C6-47B1-93EB-F2EA3A18DBA9} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [693456 2020-12-17] (Mozilla Corporation -> Mozilla Foundation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1079059935-2040455010-3243201420-1002.job => C:\Users\Chanchal\AppData\Local\GoToMeeting\19228\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1079059935-2040455010-3243201420-1002.job => C:\Users\Chanchal\AppData\Local\GoToMeeting\19228\g2mupload.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{7b735ff1-2cf6-4273-b6d9-192040ce4bdf}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{c38504bf-ced2-4fdb-ad09-6bb6fb697456}: [DhcpNameServer] 192.168.1.1

Edge:
======
DownloadDir: C:\Users\Chanchal\Downloads
Edge DefaultProfile: Default
Edge Profile: C:\Users\Chanchal\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-02]
Edge DownloadDir: C:\Users\Chanchal\Downloads

FireFox:
========
FF DefaultProfile: eknl48xe.default
FF ProfilePath: C:\Users\Chanchal\AppData\Roaming\Mozilla\Firefox\Profiles\eknl48xe.default [2019-07-15]
FF ProfilePath: C:\Users\Chanchal\AppData\Roaming\Mozilla\Firefox\Profiles\nj2i8x77.default-release [2021-01-02]
FF Extension: (LastPass: Free Password Manager) - C:\Users\Chanchal\AppData\Roaming\Mozilla\Firefox\Profiles\nj2i8x77.default-release\Extensions\support@lastpass.com.xpi [2020-12-14]
FF Plugin: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-01-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-01-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Chanchal\AppData\Local\Google\Chrome\User Data\Default [2021-01-02]
CHR Extension: (Slides) - C:\Users\Chanchal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-02-25]
CHR Extension: (Docs) - C:\Users\Chanchal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-02-25]
CHR Extension: (Google Drive) - C:\Users\Chanchal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-20]
CHR Extension: (YouTube) - C:\Users\Chanchal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-02-25]
CHR Extension: (Sheets) - C:\Users\Chanchal\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-02-25]
CHR Extension: (Google Docs Offline) - C:\Users\Chanchal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-17]
CHR Extension: (Xpath Finder) - C:\Users\Chanchal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijaobnmmgonppmablhldddpfmgpklbfh [2020-07-08]
CHR Extension: (ChroPath) - C:\Users\Chanchal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljngjbnaijcbncmcnjfhigebomdlkcjo [2020-10-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chanchal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-02-25]
CHR Extension: (Gmail) - C:\Users\Chanchal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\Chanchal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-09]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S4 ApHidMonitorService; C:\WINDOWS\system32\DellTPad\HidMonitorSvc.exe [894848 2019-12-12] (ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9105800 2020-12-01] (Microsoft Corporation -> Microsoft Corporation)
S4 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [287776 2020-10-25] (Dell Technologies Inc. -> Dell Technologies Inc.)
S4 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3750944 2020-10-25] (Dell Technologies Inc. -> Dell Technologies Inc.)
S4 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [507936 2020-10-25] (Dell Technologies Inc. -> Dell Technologies Inc.)
S4 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7240.285\DSAPI.exe [985584 2020-12-11] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
S4 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38592 2020-10-29] (Dell Inc -> )
S4 ETActiveSteeringHelper; C:\WINDOWS\Ethertronics\EtactistaService.exe [401928 2017-09-21] (Microsoft Windows Hardware Compatibility Publisher -> CloudBees, Inc.)
S4 hostcontrolsvc; C:\Program Files\Broadcom\CV\bin\HostControlService.exe [1038336 2017-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation)
S4 hoststoragesvc; C:\Program Files\Broadcom\CV\bin\HostStorageService.exe [43520 2017-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-01-02] (Malwarebytes Inc -> Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5197552 2020-12-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39432 2020-12-04] (Dell Inc -> Dell Inc.)
S4 ushupgradesvc; C:\Program Files\Broadcom\CV\bin\UshUpgradeService.exe [260096 2017-09-26] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ApHidfiltrService; C:\WINDOWS\System32\drivers\ApHidfiltrSW.sys [372384 2019-12-12] (ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.)
R3 bcmnfcusb; C:\WINDOWS\System32\drivers\bcmnfcusb.sys [46176 2017-09-26] (Broadcom Corporation -> Broadcom Corporation.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [42376 2020-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
R3 ETActiveSteering; C:\WINDOWS\system32\DRIVERS\ETActiveSteering.sys [37560 2017-09-21] (WDKTestCert norikd,131383411497448652 -> Ethertronics I2C driver for ASA)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220160 2021-01-02] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-01-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2021-01-02] (Malwarebytes Inc -> Malwarebytes)
R3 wbfcvusbdrv; C:\WINDOWS\System32\Drivers\wbfcvusbdrv.sys [20064 2017-09-26] (Broadcom Corporation -> Broadcom Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-02 14:40 - 2021-01-02 14:40 - 092274688 _____ C:\WINDOWS\system32\config\SOFTWARE
2021-01-02 11:40 - 2021-01-02 11:40 - 000220160 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-01-02 11:18 - 2021-01-02 11:18 - 000000000 ____D C:\AdwCleaner
2021-01-02 11:15 - 2021-01-02 11:32 - 000000000 ____D C:\Users\Chanchal\Downloads\antiVirusResults
2021-01-02 11:04 - 2021-01-02 11:11 - 000000000 ____D C:\ProgramData\RogueKiller
2021-01-02 10:56 - 2021-01-02 17:23 - 000000000 ____D C:\FRST
2021-01-02 09:56 - 2021-01-02 09:56 - 000002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2021-01-02 09:56 - 2021-01-02 09:56 - 000002775 _____ C:\ProgramData\Desktop\Sophos Virus Removal Tool.lnk
2021-01-02 09:56 - 2021-01-02 09:56 - 000000000 ____D C:\ProgramData\Sophos
2021-01-02 09:56 - 2021-01-02 09:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2021-01-02 09:56 - 2021-01-02 09:56 - 000000000 ____D C:\Program Files (x86)\Sophos
2021-01-02 09:25 - 2021-01-02 11:26 - 000000864 _____ C:\Users\Chanchal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-01-02 09:25 - 2021-01-02 11:25 - 000000736 _____ C:\Users\Chanchal\Desktop\ESET Online Scanner.lnk
2021-01-02 09:25 - 2021-01-02 09:25 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-01-02 09:25 - 2021-01-02 09:25 - 000002035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-01-02 09:25 - 2021-01-02 09:25 - 000002023 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-01-02 09:25 - 2021-01-02 09:25 - 000002023 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-01-02 09:25 - 2021-01-02 09:25 - 000000000 ____D C:\Users\Chanchal\AppData\Local\mbam
2021-01-02 09:25 - 2021-01-02 09:25 - 000000000 ____D C:\Users\Chanchal\AppData\Local\ESET
2021-01-02 09:25 - 2021-01-02 09:24 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-01-02 09:25 - 2021-01-02 09:24 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-01-02 09:24 - 2021-01-02 09:24 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-02 09:24 - 2021-01-02 09:24 - 000000000 ____D C:\Program Files\Malwarebytes
2021-01-02 09:22 - 2021-01-02 11:23 - 000000000 ____D C:\AntiVirusTools
2021-01-02 06:04 - 2021-01-02 14:40 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2021-01-01 20:59 - 2021-01-01 20:59 - 020975616 _____ C:\Users\Chanchal\Downloads\windows_security_logs_1-1-2020-8_59_2020.evtx
2020-12-29 22:34 - 2020-12-29 22:34 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2020-12-27 11:30 - 2020-12-29 16:15 - 000000926 _____ C:\Users\Chanchal\Desktop\Notes.txt
2020-12-19 16:24 - 2020-12-19 16:24 - 000113083 _____ C:\Users\Chanchal\Downloads\Coding Blocks Junior Course access.pdf
2020-12-19 11:55 - 2020-12-19 11:55 - 000000110 _____ C:\Users\Chanchal\Desktop\BlockProgramming_zoom.url
2020-12-19 11:54 - 2020-12-19 11:54 - 000083288 _____ (Zoom Video Communications, Inc.) C:\Users\Chanchal\Downloads\Zoom_cm_fo42anktZ9vvrZo4_mxJF3CJKyHmNERALXfTfok8cHmuzlxhdmyujb@Tc+Atv2Szb4-SVFb_kae195f3d47394530_.exe
2020-12-17 15:25 - 2021-01-01 20:56 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-12-13 11:56 - 2020-12-13 11:56 - 000000000 ____D C:\Users\Chanchal\Documents\Zoom
2020-12-13 11:54 - 2020-12-13 11:55 - 000083288 _____ (Zoom Video Communications, Inc.) C:\Users\Chanchal\Downloads\Zoom_cm_fo42anktZ9vvrZo4_m2ibw9uR-hHyVszONOJmuSek0fNlt9BWWSdxq@T0epyFySFwpZ5HIf_k3795af8e400dbf76_.exe
2020-12-13 11:51 - 2020-12-13 11:51 - 014694648 _____ (Zoom Video Communications, Inc.) C:\Users\Chanchal\Downloads\ZoomInstaller.exe
2020-12-13 11:51 - 2020-12-13 11:51 - 000000000 ____D C:\Users\Chanchal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2020-12-10 15:55 - 2020-12-10 15:55 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2020-12-10 15:55 - 2020-12-10 15:55 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-12-10 15:55 - 2020-12-10 15:55 - 001328392 _____ C:\WINDOWS\system32\FaceTrackerInternal.dll
2020-12-10 15:55 - 2020-12-10 15:55 - 001263104 _____ C:\WINDOWS\system32\FaceProcessor.dll
2020-12-10 15:55 - 2020-12-10 15:55 - 000512856 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2020-12-10 15:55 - 2020-12-10 15:55 - 000164168 _____ C:\WINDOWS\system32\cmdiag.exe
2020-12-10 15:55 - 2020-12-10 15:55 - 000103936 _____ C:\WINDOWS\system32\cmimageworker.exe
2020-12-10 15:55 - 2020-12-10 15:55 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2020-12-10 15:55 - 2020-12-10 15:55 - 000014848 _____ C:\WINDOWS\system32\hnsproxy.dll
2020-12-10 15:55 - 2020-12-10 15:55 - 000010912 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2020-12-10 15:54 - 2020-12-10 15:54 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2020-12-10 15:54 - 2020-12-10 15:54 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-12-10 15:54 - 2020-12-10 15:54 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2020-12-10 15:54 - 2020-12-10 15:54 - 001333248 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2020-12-10 15:54 - 2020-12-10 15:54 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-10 15:54 - 2020-12-10 15:54 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2020-12-10 15:54 - 2020-12-10 15:54 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-10 15:54 - 2020-12-10 15:54 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2020-12-10 15:54 - 2020-12-10 15:54 - 000165376 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2020-12-10 15:54 - 2020-12-10 15:54 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2020-12-10 15:54 - 2020-12-10 15:54 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2020-12-10 15:54 - 2020-12-10 15:54 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2020-12-10 15:54 - 2020-12-10 15:54 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2020-12-10 15:54 - 2020-12-10 15:54 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2020-12-10 15:54 - 2020-12-10 15:54 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2020-12-10 15:54 - 2020-12-10 15:54 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2020-12-10 15:54 - 2020-12-10 15:54 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2020-12-10 15:54 - 2020-12-10 15:54 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2020-12-10 15:49 - 2020-12-10 15:49 - 000000000 ____D C:\Users\Chanchal\AppData\Roaming\Teams
2020-12-10 15:49 - 2020-12-10 15:49 - 000000000 ____D C:\Users\Chanchal\AppData\Local\SquirrelTemp

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-02 17:08 - 2019-07-15 19:44 - 000000000 ____D C:\Users\Chanchal\AppData\LocalLow\Mozilla
2021-01-02 17:05 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-02 17:03 - 2020-07-23 20:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-02 14:54 - 2020-01-27 22:21 - 000000000 ____D C:\Users\Chanchal\.p2
2021-01-02 14:53 - 2020-01-27 22:31 - 000000000 ____D C:\Users\Chanchal\AppData\Local\Eclipse
2021-01-02 14:53 - 2020-01-27 22:28 - 000000000 ____D C:\eclipse
2021-01-02 14:09 - 2019-07-15 19:44 - 000000000 ____D C:\ProgramData\Mozilla
2021-01-02 11:45 - 2020-07-23 20:39 - 000797598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-02 11:45 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2021-01-02 11:40 - 2020-07-23 20:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-02 11:40 - 2020-07-23 20:35 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-02 11:40 - 2020-07-23 20:35 - 000001591 _____ C:\WINDOWS\system32\config\VSMIDK
2021-01-02 11:40 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-01-02 11:37 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-01-02 09:25 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-01-02 03:01 - 2019-04-25 08:56 - 000000000 __SHD C:\Users\Chanchal\IntelGraphicsProfiles
2021-01-01 20:58 - 2019-04-02 07:10 - 000000000 ____D C:\ProgramData\PCDr
2021-01-01 20:56 - 2020-01-27 20:57 - 000000684 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1079059935-2040455010-3243201420-1002.job
2021-01-01 20:56 - 2020-01-27 20:57 - 000000588 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1079059935-2040455010-3243201420-1002.job
2021-01-01 20:56 - 2019-07-15 19:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-01-01 20:56 - 2019-04-02 07:44 - 000000000 ____D C:\Intel
2021-01-01 20:56 - 2019-04-02 06:53 - 000059371 _____ C:\WINDOWS\system32\CVFirmwareUpgradeLog.txt
2020-12-30 21:22 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-12-29 22:34 - 2019-07-15 19:44 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-12-29 22:14 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-12-25 14:47 - 2019-04-02 07:02 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2020-12-23 18:57 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-19 15:24 - 2020-07-23 20:28 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2020-12-19 11:50 - 2020-06-21 23:12 - 000002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-12-19 11:50 - 2020-06-21 23:12 - 000002261 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-12-19 11:50 - 2020-06-21 23:12 - 000002261 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-12-18 15:07 - 2020-07-23 20:39 - 000003860 _____ C:\WINDOWS\system32\Tasks\G2MUploadTask-S-1-5-21-1079059935-2040455010-3243201420-1002
2020-12-18 15:07 - 2020-07-23 20:39 - 000003764 _____ C:\WINDOWS\system32\Tasks\G2MUpdateTask-S-1-5-21-1079059935-2040455010-3243201420-1002
2020-12-18 15:07 - 2020-01-27 20:57 - 000000000 ____D C:\Users\Chanchal\AppData\Local\GoToMeeting
2020-12-16 15:26 - 2020-07-23 20:39 - 000003386 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1079059935-2040455010-3243201420-1002
2020-12-16 15:26 - 2020-07-23 20:28 - 000002378 _____ C:\Users\Chanchal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-12-16 15:26 - 2019-04-25 08:58 - 000000000 ___RD C:\Users\Chanchal\OneDrive
2020-12-13 11:51 - 2020-07-06 18:37 - 000000000 ____D C:\Users\Chanchal\AppData\Roaming\Zoom
2020-12-13 10:42 - 2019-08-31 10:30 - 000000000 ____D C:\Users\Chanchal\Documents\folder
2020-12-11 17:33 - 2019-04-02 07:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2020-12-11 17:32 - 2020-01-05 22:08 - 000000000 ____D C:\ProgramData\Dell
2020-12-11 17:31 - 2020-07-23 20:39 - 000003916 _____ C:\WINDOWS\system32\Tasks\Dell SupportAssistAgent AutoUpdate
2020-12-11 17:25 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Registration
2020-12-11 17:22 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2020-12-11 17:21 - 2020-07-23 20:35 - 000294696 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-12-11 17:20 - 2019-12-07 04:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-12-11 17:20 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-12-11 17:20 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2020-12-11 17:20 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-12-11 17:20 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-12-11 17:20 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-12-11 17:20 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-12-11 17:20 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Windows Defender
2020-12-11 17:20 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2020-12-10 15:59 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-12-09 17:27 - 2020-01-12 18:37 - 000002138 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-12-07 15:46 - 2020-02-25 19:55 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-12-07 15:46 - 2020-02-25 19:55 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-12-07 15:46 - 2020-02-25 19:55 - 000002262 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-12-06 17:30 - 2019-04-25 15:28 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-12-06 17:23 - 2019-04-25 15:28 - 133736600 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-12-04 15:04 - 2019-04-02 08:45 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-12-03 19:45 - 2020-07-23 20:39 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-12-03 19:45 - 2020-07-23 20:39 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
------------------------------------------------------------------------------------------------------------------------------------------------

Addition.txt logs in next post.
 
Logs from Addition.txt
==================== Addition.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2020
Ran by Chanchal (02-01-2021 17:24:39)
Running from C:\AntiVirusTools\FRST
Windows 10 Pro Version 2004 19041.685 (X64) (2020-07-24 01:39:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1079059935-2040455010-3243201420-500 - Administrator - Disabled)
Chanchal (S-1-5-21-1079059935-2040455010-3243201420-1002 - Administrator - Enabled) => C:\Users\Chanchal
DefaultAccount (S-1-5-21-1079059935-2040455010-3243201420-503 - Limited - Disabled)
Guest (S-1-5-21-1079059935-2040455010-3243201420-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1079059935-2040455010-3243201420-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Dell ControlVault Host Components Installer 64 bit (HKLM\...\{54874EC0-CEC5-4BD0-A442-9332BBA7AF89}) (Version: 4.7.26.65 - Broadcom Limited)
Dell SupportAssist (HKLM\...\{684820E8-F6AA-4162-A547-317DA6BED1FB}) (Version: 3.8.0.108 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 10.3201.101.215 - ALPSALPINE CO., LTD.)
Ethertronics Active Steering Antenna (HKLM\...\Etactista) (Version: 1.3.247.2 - Ethertronics, Inc.)
GNU Privacy Guard (HKLM-x32\...\GnuPG) (Version: 2.2.19 - The GnuPG Project)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.88 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
GoTo Opener (HKLM-x32\...\{C0F33C38-345C-4C02-B161-11389350C2A5}) (Version: 1.0.533 - LogMeIn, Inc.)
GoToMeeting 10.15.0.19228 (HKU\S-1-5-21-1079059935-2040455010-3243201420-1002\...\GoToMeeting) (Version: 10.15.0.19228 - LogMeIn, Inc.)
Gpg4win (3.1.11) (HKLM-x32\...\Gpg4win) (Version: 3.1.11 - The Gpg4win Project)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 24.20.100.6286 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.7.5.1025 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000010-0200-1033-84C8-B8D95FA3C8C3}) (Version: 20.10.0 - Intel Corporation)
Java 8 Update 241 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180241F0}) (Version: 8.0.2410.7 - Oracle Corporation)
Java SE Development Kit 8 Update 241 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180241}) (Version: 8.0.2410.7 - Oracle Corporation)
KeePass Password Safe 2.43 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.43 - Dominik Reichl)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9669.4 - Waves Audio Ltd.) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.66 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.13426.20404 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1079059935-2040455010-3243201420-1002\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{143E35D3-F0A4-4E90-96C9-B1B72F11343A}) (Version: 2.70.0.0 - Microsoft Corporation)
Mozilla Firefox 84.0 (x64 en-US) (HKLM\...\Mozilla Firefox 84.0 (x64 en-US)) (Version: 84.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.0 - Mozilla)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.8.3 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13426.20404 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13426.20404 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13426.20404 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13426.20404 - Microsoft Corporation) Hidden
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8622 - Realtek Semiconductor Corp.)
Realtek PC Camera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.15063.11292 - Realtek Semiconductor Corp.)
Skype version 8.62 (HKLM-x32\...\Skype_is1) (Version: 8.62 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.8.0 - Sophos Limited)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Zoom (HKU\S-1-5-21-1079059935-2040455010-3243201420-1002\...\ZoomUMX) (Version: 5.4.6 (59296.1207) - Zoom Video Communications, Inc.)

Packages:
=========
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.49.2.0_x86__kgqvnymyfvs32 [2020-12-14] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1920.1.0_x86__kgqvnymyfvs32 [2020-12-16] (king.com)
Cooking Fever -> C:\Program Files\WindowsApps\NORDCURRENT.COOKINGFEVER_10.0.5.0_x86__m9bz608c1b9ra [2020-11-05] (Nordcurrent)
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.8.8.0_x64__htrsf667h5kn2 [2020-12-11] (Dell Inc)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-04-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-04-25] (Microsoft Corporation) [MS Ad]
Microsoft Defender Application Guard Companion -> C:\Program Files\WindowsApps\Microsoft.WindowsDefenderApplicationGuard_1.0.11.0_x64__8wekyb3d8bbwe [2020-08-26] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-10-25] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0 [2020-12-12] (Spotify AB) [Startup Task]
Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2020-04-19] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1079059935-2040455010-3243201420-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Chanchal\AppData\Local\GoToMeeting\18068\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
CustomCLSID: HKU\S-1-5-21-1079059935-2040455010-3243201420-1002_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Inc -> Waves Audio Ltd)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2020-01-12] (Notepad++ -> )
ContextMenuHandlers1: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2019-12-17] (g10 Code GmbH) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-02] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2019-12-17] (g10 Code GmbH) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_654e79489f2b9f28\igfxDTCM.dll [2020-04-22] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-02] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-12-17 05:47 - 2019-12-17 05:47 - 001043968 _____ (g10 Code GmbH) [File not signed] C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll
2020-01-27 22:28 - 2019-02-21 11:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1079059935-2040455010-3243201420-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-1079059935-2040455010-3243201420-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.com
HKU\S-1-5-21-1079059935-2040455010-3243201420-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxps://www.msn.com/?pc=UE01&ocid=UE01DHP
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_241\bin\ssv.dll [2020-01-27] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_241\bin\jp2ssv.dll [2020-01-27] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-06] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 02:31 - 2018-09-15 02:31 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

2020-01-28 20:33 - 2020-07-23 19:44 - 000000466 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
172.17.240.196 beb57fae-89a3-4d4f-95d3-526e38257e83.mshome.net # 2020 7 5 31 0 44 22 229

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;C:\Windows\System32;C:\Windows;C:\Windows\System32\wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\GnuPG\bin;;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1079059935-2040455010-3243201420-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Theme1\img1.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: ApHidMonitorService => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: cplspcon => 2
MSCONFIG\Services: DDVCollectorSvcApi => 2
MSCONFIG\Services: DDVDataCollector => 2
MSCONFIG\Services: DDVRulesProcessor => 2
MSCONFIG\Services: Dell Hardware Support => 2
MSCONFIG\Services: DellClientManagementService => 2
MSCONFIG\Services: esifsvc => 2
MSCONFIG\Services: ETActiveSteeringHelper => 2
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hostcontrolsvc => 2
MSCONFIG\Services: hoststoragesvc => 2
MSCONFIG\Services: iaStorAfsService => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: igfxCUIService2.0.0.0 => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: Intel(R) TPM Provisioning Service => 2
MSCONFIG\Services: IntelAudioService => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: PIEServiceNew => 3
MSCONFIG\Services: RstMwService => 2
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: SupportAssistAgent => 2
MSCONFIG\Services: ushupgradesvc => 2
MSCONFIG\Services: WavesSysSvc => 2
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "RtHDVBg_PushButton"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "KeePass 2 PreLoad"
HKU\S-1-5-21-1079059935-2040455010-3243201420-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1079059935-2040455010-3243201420-1002\...\StartupApproved\Run: => "Skype for Desktop"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{EE59CB7E-D61C-4E4F-B2E8-C110D975ABFF}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{33CCF412-B401-42F9-8B50-531E4E69744A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{5888C6A1-5877-402F-958A-E8D9AE3C0065}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{CCB2263C-311A-423A-B7C5-2E37A4FB019A}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{ED918ED8-D92C-4C24-93AD-612E4571A595}] => (Block) C:\program files\java\jre1.8.0_241\bin\javaw.exe
FirewallRules: [{D8A10B97-B3C9-4539-82B2-576813EF0195}] => (Block) C:\program files\java\jre1.8.0_241\bin\javaw.exe
FirewallRules: [UDP Query User{FE61DD33-DEA1-4849-833A-7D347F12BCBA}C:\program files\java\jre1.8.0_241\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_241\bin\javaw.exe
FirewallRules: [TCP Query User{C16E2E70-3930-4398-8BC8-B608E3FF1400}C:\program files\java\jre1.8.0_241\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_241\bin\javaw.exe
FirewallRules: [{E3D6240C-6236-4206-8D76-944908470C6D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4B1EB014-5A51-4C98-8D7F-E276508D3535}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [DNS Server Forward Rule - TCP - 60406F3C-C6B9-4E3C-AECF-B3923F9494A0 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - 60406F3C-C6B9-4E3C-AECF-B3923F9494A0 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - TCP - 684905D4-4E1E-4505-AC60-E8A048781715 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - 684905D4-4E1E-4505-AC60-E8A048781715 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - TCP - E72BF88B-C49D-4DB3-8CB2-D3DD5A50E2FD - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - E72BF88B-C49D-4DB3-8CB2-D3DD5A50E2FD - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - TCP - 97D0D373-4DBB-4E1B-A4C5-B1E73CAC57DE - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - 97D0D373-4DBB-4E1B-A4C5-B1E73CAC57DE - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - TCP - 4D707D32-F9FD-479D-8945-6256384B9EC0 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - 4D707D32-F9FD-479D-8945-6256384B9EC0 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - TCP - 852978BB-3D2B-4F12-824E-D40D7C79E8ED - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - 852978BB-3D2B-4F12-824E-D40D7C79E8ED - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - TCP - 5CDBDD1C-E862-4FEB-8E3B-D093FB968901 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - 5CDBDD1C-E862-4FEB-8E3B-D093FB968901 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - TCP - 3FE595B8-C6F8-46E5-8E53-8BA59C41D74A - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - 3FE595B8-C6F8-46E5-8E53-8BA59C41D74A - 0] => (Allow) LPort=53
FirewallRules: [{F03C6861-C88C-4111-8C86-661BB33B01C3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{E757930E-8C3B-4410-BBE9-808BCBD2731C}C:\users\chanchal\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\chanchal\appdata\local\microsoft\teams\current\teams.exe => No File
FirewallRules: [UDP Query User{5D01281C-2C3B-4BB2-8E9E-91A6AFB92653}C:\users\chanchal\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\chanchal\appdata\local\microsoft\teams\current\teams.exe => No File
FirewallRules: [{68F680A4-CC50-48B5-98A7-48F3956A3987}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{11522640-E292-4CA8-A983-C5F063C85480}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8497F169-7815-404C-A609-BB7CA934EE91}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{23DE0FA5-493E-4B72-A2D9-358248421B1A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2FB07CD4-B8CC-4DCD-BE4C-894E095B60D6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5DE9014E-8C8C-4010-BBB3-A80747FDF04F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C21A018B-DE3D-464A-A7B5-E0DDCA93FB73}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{525DA8D3-8612-48C1-B733-89277B31A401}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{535B9170-A565-4D0B-9071-8D3B3E16E401}] => (Allow) C:\Users\Chanchal\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{C91B891B-C67A-445B-8559-BDC697DC7424}] => (Allow) C:\Users\Chanchal\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{A6775782-A564-4AE2-AF0F-4D930E208A9F}] => (Allow) C:\Users\Chanchal\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{0DE2EE19-3813-4FE5-856E-E8BFD6D23837}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{491E30B3-48D6-4142-8FAB-BC8CFBDACC06}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DF70A8A6-F737-4420-9029-3041B7769468}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{59F2C247-729C-422E-B806-21837E6FAFED}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

19-12-2020 14:01:40 Scheduled Checkpoint
26-12-2020 19:41:40 Scheduled Checkpoint
02-01-2021 09:56:20 Installed Sophos Virus Removal Tool.

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/02/2021 03:33:47 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on PortableBaseLayer (C:\ProgramData\Microsoft\Windows\Containers\BaseImages\f8b2f91a-bdc3-4c3f-91b1-137f4060c0a2\BaseLayer) because: The file move failed. (0x89000016)

Error: (01/02/2021 03:33:47 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete slab consolidation on PortableBaseLayer (C:\ProgramData\Microsoft\Windows\Containers\BaseImages\f8b2f91a-bdc3-4c3f-91b1-137f4060c0a2\BaseLayer) because: The slab consolidation operation was aborted because an insufficient number of slabs could be reclaimed (based on the limits specified in the registry). (0x89000028)

Error: (01/01/2021 10:33:06 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (01/01/2021 10:33:06 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/26/2020 07:05:45 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on PortableBaseLayer (C:\ProgramData\Microsoft\Windows\Containers\BaseImages\f8b2f91a-bdc3-4c3f-91b1-137f4060c0a2\BaseLayer) because: The file move failed. (0x89000016)

Error: (12/26/2020 07:05:45 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete slab consolidation on PortableBaseLayer (C:\ProgramData\Microsoft\Windows\Containers\BaseImages\f8b2f91a-bdc3-4c3f-91b1-137f4060c0a2\BaseLayer) because: The slab consolidation operation was aborted because an insufficient number of slabs could be reclaimed (based on the limits specified in the registry). (0x89000028)

Error: (12/19/2020 01:39:50 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on PortableBaseLayer (C:\ProgramData\Microsoft\Windows\Containers\BaseImages\f8b2f91a-bdc3-4c3f-91b1-137f4060c0a2\BaseLayer) because: The file move failed. (0x89000016)

Error: (12/19/2020 01:39:50 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete slab consolidation on PortableBaseLayer (C:\ProgramData\Microsoft\Windows\Containers\BaseImages\f8b2f91a-bdc3-4c3f-91b1-137f4060c0a2\BaseLayer) because: The slab consolidation operation was aborted because an insufficient number of slabs could be reclaimed (based on the limits specified in the registry). (0x89000028)


System errors:
=============
Error: (01/02/2021 11:29:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (01/02/2021 11:29:16 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Chanchal\AppData\Local\Temp\ehdrv.sys

Error: (01/02/2021 11:29:15 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Chanchal\AppData\Local\Temp\ehdrv.sys

Error: (01/02/2021 11:29:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (01/02/2021 11:29:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (01/02/2021 11:29:15 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Chanchal\AppData\Local\Temp\ehdrv.sys

Error: (01/02/2021 11:29:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (01/02/2021 11:29:15 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Chanchal\AppData\Local\Temp\ehdrv.sys


Windows Defender:
===================================
Date: 2021-01-02 03:33:46.3390000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {F3B5B951-D1DB-47DD-9B9B-2EA258694137}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-12-30 21:22:12.7250000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {9D20FFA4-1B59-409A-999B-AF77C7DD7673}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-12-26 18:47:41.9330000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {6C60C9C3-8A1C-438C-812D-264BAC11677A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-12-25 15:08:17.9260000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {2D49BD39-E6E3-49BD-9450-9C767B608C16}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-12-19 15:25:00.3850000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {B074CF8D-FFF5-403D-B4F6-1C6781B462F8}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-02 03:17:30.5740000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.1488.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2021-01-01 21:06:21.9030000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.1488.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

==================== Memory info ===========================

BIOS: Dell Inc. 1.3.3 03/14/2018
Motherboard: Dell Inc.
Processor: Intel(R) Core(TM) i7-8650U CPU @ 1.90GHz
Percentage of memory in use: 29%
Total physical RAM: 16263.34 MB
Available physical RAM: 11514.47 MB
Total Virtual: 18695.34 MB
Available Virtual: 13308.26 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:236.89 GB) (Free:171.22 GB) NTFS

\\?\Volume{2236cf6d-01f6-4cda-bbfb-fe05840be45c}\ (WINRETOOLS) (Fixed) (Total:0.97 GB) (Free:0.38 GB) NTFS
\\?\Volume{629458e4-0000-0000-0000-010000000000}\ (PortableBaseLayer) (Fixed) (Total:8 GB) (Free:7.58 GB) NTFS
\\?\Volume{cdc431f7-ba6e-44f5-bd58-044ad799ed53}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 1B15453C)

Partition: GPT.

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 8 GB) (Disk ID: 629458E4)
Partition 1: (Not Active) - (Size=8 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
 

Broni

Posts: 55,721   +501
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================

So far I don't see much there....

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 
Thanks for helping!
I carried out the steps and the scan logs are:

1. ## RogueKiller ##
RogueKiller Anti-Malware V14.8.2.0 (x64) [Dec 28 2020] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19041) 64 bits
Started in : Normal mode
User : Chanchal [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20210103_083432, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2021/01/03 09:35:19 (Duration : 00:06:24)
Switches : -minimize

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

=======================================================
2. ## Malwarebytes ##

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/3/21
Scan Time: 9:48 AM
Log File: add55f6a-4dd2-11eb-a15b-c8f75036091e.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1130
Update Package Version: 1.0.35223
License: Free

-System Information-
OS: Windows 10 (Build 19041.685)
CPU: x64
File System: NTFS
User: WINDOWS-CAFP9OV\Chanchal

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 287369
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 min, 26 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
==============================================
2. ## AdwCleaner ##

================== AdwCleaner[S02].txt ========================

# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-12-21.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 01-03-2021
# Duration: 00:00:19
# OS: Windows 10 Pro
# Scanned: 31930
# Detected: 13


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SUPPORTASSISTAGENT
Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL\SUPPORTASSIST
Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\SUPPORTASSIST\CLIENT\TECHNICIANTOOLKIT
Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{33F6C3AA-E4CE-4E2F-8136-FEC160036721}
Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33F6C3AA-E4CE-4E2F-8136-FEC160036721}
Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate
Preinstalled.DellSupportAssistAgent Task C:\Windows\System32\Tasks\DELL SUPPORTASSISTAGENT AUTOUPDATE
Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\DELL\UPDATESERVICE
Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATESERVICE
Preinstalled.LenovoThinkVantageToolbox Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD7BF700-B69F-4335-A94A-EDA400F77525}
Preinstalled.LenovoThinkVantageToolbox Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD7BF700-B69F-4335-A94A-EDA400F77525}
Preinstalled.LenovoThinkVantageToolbox Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDoctorBackgroundMonitorTask
Preinstalled.LenovoThinkVantageToolbox Task C:\Windows\System32\Tasks\PCDOCTORBACKGROUNDMONITORTASK


AdwCleaner[S00].txt - [3063 octets] - [02/01/2021 11:18:44]
AdwCleaner[S01].txt - [3124 octets] - [02/01/2021 18:02:31]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########
=============================================================

=============================AdwCleaner[C02].txt================
# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-12-21.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-03-2021
# Duration: 00:00:03
# OS: Windows 10 Pro
# Cleaned: 13
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SUPPORTASSISTAGENT
Deleted Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL\SUPPORTASSIST
Deleted Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\SUPPORTASSIST\CLIENT\TECHNICIANTOOLKIT
Deleted Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{33F6C3AA-E4CE-4E2F-8136-FEC160036721}
Deleted Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33F6C3AA-E4CE-4E2F-8136-FEC160036721}
Deleted Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate
Deleted Preinstalled.DellSupportAssistAgent Task C:\Windows\System32\Tasks\DELL SUPPORTASSISTAGENT AUTOUPDATE
Deleted Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\DELL\UPDATESERVICE
Deleted Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATESERVICE
Deleted Preinstalled.LenovoThinkVantageToolbox Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD7BF700-B69F-4335-A94A-EDA400F77525}
Deleted Preinstalled.LenovoThinkVantageToolbox Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD7BF700-B69F-4335-A94A-EDA400F77525}
Deleted Preinstalled.LenovoThinkVantageToolbox Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDoctorBackgroundMonitorTask
Deleted Preinstalled.LenovoThinkVantageToolbox Task C:\Windows\System32\Tasks\PCDOCTORBACKGROUNDMONITORTASK


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3063 octets] - [02/01/2021 11:18:44]
AdwCleaner[S01].txt - [3124 octets] - [02/01/2021 18:02:31]
AdwCleaner[S02].txt - [3185 octets] - [03/01/2021 09:52:38]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########