ravisunny2
Posts: 1,055 +11
Hi,
My PC seems to be taking longer to boot and shutdown.
Also, it seems to hang occasionally.
In particular, recently, I am having problems with a time-tracker by Upwork LLC.
Also, when I log in to Upwork.com, I am occasionally getting a reCAPTCHA with the following message:
“Please verify you are a human.
“Access to this page has been denied because we believe you are using automation tools to browse the website.
“This may happen as a result of the following:
• javascript is disabled or blocked by an extension (ad blockers for example)
• Your browser does not support cookies
“Please make sure that javascript and cookies are enabled on your browser and that you are not blockIng them from loading.
“Reference ID: #lOfbf98O-d9bc-1 1 eb-9044-1 1 6fdf7el 2f4”
------------------------
I normally use Google Chrome, and JavaScript and cookies are enabled.
I browse the web manually. I do not use any proxy.
I do use an ad-blocker, AdGuard AdBlocker, that has been around for quite some time and has not caused any problems with Upwork earlier.
However, I have disabled the ad-blocker for Upwork.
The Reference ID seems to vary.
About a month ago (when the problem first occurred after several years), I had raised the matter with Upwork, and their tech support had determined that the problem was with their software, not my PC.
However, the reCAPTCHA is occasionally being displayed again for the last two days.
This reCAPTCHA and the sluggish behavior of my PC has led me to suspect that some malware could be involved.
As instructed, I have pasted both the files FRST.txt and Addition.txt
-----------------------------
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2021
Ran by Ravindra K. Banthia (administrator) on DESKTOP-JI0GMVB (BIOSTAR Group H61MLV3) (01-08-2021 00:34:05)
Running from F:\Work\A_Forums\Techspot\01 31 July 2021 Virus removal\Farbar Recovery Scan Tool 64-bit 19.07.2021
Loaded Profiles: Ravindra K. Banthia
Platform: Windows 10 Home Version 20H2 19042.1151 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files (x86)\FastStone Capture\FSCapture.exe
(CHENGDU YIWO Tech Development Co., Ltd. -> ) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(M8 Software) [File not signed] C:\Program Files (x86)\FreeClip\FreeClip.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\Installer\setup.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15C64560-5E96-4F41-808C-083709DAE3FF}\EDGEMITMP_4F121.tmp\setup.exe <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15C64560-5E96-4F41-808C-083709DAE3FF}\MicrosoftEdge_X64_92.0.902.62_92.0.902.55.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe <2>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2106.14307.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.6282.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.6282.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(Quick Heal Technologies Limited -> ) C:\Program Files\Quick Heal\Quick Heal Total Security\BSSISS.EXE
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\ARWSRVC.EXE
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\BDSSVC.exe
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\emlproxy.exe
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\ONLINENT.EXE
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\OPSSVC.EXE
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\QHPISVR.EXE
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\QUHLPSVC.EXE
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\REPRSVC.EXE
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\SCSECSVC.EXE
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Softdeluxe) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe
(Softdeluxe) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe
(SOFTPERFECT PTY. LTD. -> SoftPerfect) C:\Program Files\NetWorx\networx.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [7682888 2016-10-28] (SOFTPERFECT PTY. LTD. -> SoftPerfect)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16475392 2016-05-26] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Quick Heal Core UI] => C:\Program Files\Quick Heal\Quick Heal Total Security\strtupap.exe [265272 2020-03-23] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [24720 2020-05-11] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [2311840 2020-05-29] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TrayProcess] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayProcess.exe [1410184 2020-12-04] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\Run: [Free Download Manager] => C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe [4729344 2020-12-25] (Softdeluxe) [File not signed]
HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\Run: [Upwork] => C:\Users\Ravindra K. Banthia\AppData\Local\Programs\upwork\Upwork.exe [104590560 2020-11-04] (Upwork Global Inc. -> Upwork, Inc.)
HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [114012032 2021-07-20] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\...\Windows x64\Print Processors\HP1020PrintProc: C:\Windows\System32\spool\prtprocs\x64\pphp1020.dll [65024 2012-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\HPLJ1020LM: C:\Windows\system32\zlhp1020.dll [192512 2012-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\novaPDF 10 Port Monitor: C:\Windows\system32\novamn10.dll [18944 2020-12-04] (Softland) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\92.0.4515.107\Installer\chrmstp.exe [2021-07-23] (Google LLC -> Google LLC)
Lsa: [Notification Packages] scecli C:\Windows\system32\ScSecAuth.Dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk [2021-01-07]
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk [2021-01-07]
ShortcutTarget: Adobe Acrobat Synchronizer.lnk -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe (Adobe Systems, Incorporated -> )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FreeClip.lnk [2021-01-07]
ShortcutTarget: FreeClip.lnk -> C:\Program Files (x86)\FreeClip\FreeClip.exe (M8 Software) [File not signed]
Startup: C:\Users\Ravindra K. Banthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2021-01-12]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0E3F85DE-932B-48D7-BA96-32CD014330BB} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [690616 2021-07-01] (Mozilla Corporation -> Mozilla Foundation)
Task: {10269BBC-A835-4661-B46F-DB670F447208} - System32\Tasks\WiseCleaner\WRCSkipUAC => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [10893616 2021-05-20] (Lespeed Technology Co., Ltd -> WiseCleaner.com)
Task: {3C72743C-2729-476E-88FD-79924A95DE41} - System32\Tasks\Quick Heal AntiMalware Scan => C:\Program Files\Quick Heal\Quick Heal Total Security\ASMAIN.EXE [410680 2020-03-13] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
Task: {521400EB-A109-487C-A367-8850DDC20F8F} - System32\Tasks\MyDefrag v4.3.1 Daily => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD [5663 2010-05-21] () [File not signed]
Task: {577D6CAD-7917-4E7A-AD98-1DE03E8188DB} - System32\Tasks\Resume Quickup Download => C:\Program Files\Quick Heal\Quick Heal Total Security\ACAPPAA.EXE [307768 2020-03-23] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
Task: {5E3E52D1-72FD-47C3-9932-C8B5B8D968A2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-12] (Google LLC -> Google LLC)
Task: {7F226E1B-511B-4CDB-962E-100767AE37D5} - System32\Tasks\FreeDownloadManagerHelperService => C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe [144896 2020-12-25] (Softdeluxe) [File not signed]
Task: {95B23FF1-7E38-4669-A290-F672C9A9D3B1} - System32\Tasks\MyDefrag v4.3.1 Monthly => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD [5626 2010-05-21] () [File not signed]
Task: {BF9ABA54-2A82-4DC0-B925-DBF82BFB06C5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-12] (Google LLC -> Google LLC)
Task: {D29530BC-BEBD-4ABD-997A-5E7D01456574} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1907712 2021-02-25] () [File not signed]
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Quick Heal AntiMalware Scan.job => C:\Program Files\Quick Heal\Quick Heal Total Security\ASMAIN.EXE
Task: C:\Windows\Tasks\Resume Quickup Download.job => C:\Program Files\Quick Heal\Quick Heal Total Security\ACAPPAA.EXE
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.225.1
Tcpip\..\Interfaces\{420dcf99-50c0-45e4-8e5a-09f9703857d6}: [DhcpNameServer] 192.168.225.1
Tcpip\..\Interfaces\{95595449-04b6-4c07-922d-491c41c22c8b}: [DhcpNameServer] 192.168.225.1
Tcpip\..\Interfaces\{b2bee865-913d-4997-bd90-e880ad659852}: [DhcpNameServer] 192.168.225.1
Edge:
=======
Edge Profile: C:\Users\Ravindra K. Banthia\AppData\Local\Microsoft\Edge\User Data\Default [2021-07-31]
Edge Extension: (Outlook) - C:\Users\Ravindra K. Banthia\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2021-01-07]
Edge Extension: (Word) - C:\Users\Ravindra K. Banthia\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2021-01-07]
Edge Extension: (Excel) - C:\Users\Ravindra K. Banthia\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2021-01-07]
Edge Extension: (PowerPoint) - C:\Users\Ravindra K. Banthia\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2021-01-07]
FireFox:
========
FF DefaultProfile: r9801z1v.default
FF ProfilePath: C:\Users\Ravindra K. Banthia\AppData\Roaming\Mozilla\Firefox\Profiles\r9801z1v.default [2021-01-16]
FF ProfilePath: C:\Users\Ravindra K. Banthia\AppData\Roaming\Mozilla\Firefox\Profiles\27bfc060.default-release [2021-07-31]
FF Extension: (Free Download Manager) - C:\Users\Ravindra K. Banthia\AppData\Roaming\Mozilla\Firefox\Profiles\27bfc060.default-release\Extensions\fdm_ffext2@freedownloadmanager.org.xpi [2021-04-11]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default [2021-08-01]
CHR Notifications: Default -> hxxps://www.upwork.com
CHR NewTab: Default -> Not-active:"chrome-extension://jekkhdbkcbpelmgeekmdjnfapnecfmha/defaultHomePage.html"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=U501DF&PC=U501&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=U501DF&PC=U501&query={searchTerms}
CHR Extension: (Free Download Manager) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2021-02-15]
CHR Extension: (Privacy Pass) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajhmfdgkijocedmfjonnpjfojldioehi [2021-07-01]
CHR Extension: (AdGuard AdBlocker) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2021-06-04]
CHR Extension: (AutoplayStopper) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddcgojdblidajhngkogefpkknnebdh [2021-07-27]
CHR Extension: (Zotero Connector) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2021-07-23]
CHR Extension: (Read Aloud: A Text to Speech Voice Reader) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhinadidafjejdhmfkjgnolgimiaplp [2021-07-30]
CHR Extension: (Bing) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jekkhdbkcbpelmgeekmdjnfapnecfmha [2021-05-13]
CHR Extension: (Quick Heal Anti-Tracker) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmopofhkmbgdgakogbjcgfkblkdpglnj [2021-04-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Equalizer for YouTube™) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\oggiagogblgafoilijjdhcmflgekfmja [2021-01-07]
CHR Extension: (Chrome Media Router) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-24]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 arwsrvc; C:\Program Files\Quick Heal\Quick Heal Total Security\arwsrvc.exe [85536 2021-01-12] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R2 Behavior Detection System; C:\Program Files\Quick Heal\Quick Heal Total Security\bdssvc.exe [53880 2021-05-31] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R2 Core Mail Protection; C:\Program Files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE [138808 2021-06-21] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R2 Core Scanning Server; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [338576 2019-11-18] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
S3 Core Scanning ServerEx; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [338576 2019-11-18] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [43656 2020-12-04] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2021-01-07] (Macrovision Europe Ltd.) [File not signed]
S2 LmsaWindowsService; C:\Program Files (x86)\Rescue and Smart Assistant\LmsaWindowsService.exe [42624 2021-02-08] (Lenovo -> )
S2 NovaPdf10Server; C:\Program Files\Softland\novaPDF 10\Server\novapdfs.exe [52528 2020-12-04] (Softland SRL -> Microsoft)
R2 Online Protection System; C:\Program Files\Quick Heal\Quick Heal Total Security\opssvc.exe [158264 2020-03-23] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R2 Quick Update Service; C:\Program Files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe [264248 2020-02-24] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R2 RepairService; C:\Program Files\Quick Heal\Quick Heal Total Security\reprsvc.exe [90168 2020-04-09] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R2 ScanWscS; C:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE [438800 2020-05-13] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R2 ScSecSvc; C:\Program Files\Quick Heal\Quick Heal Total Security\ScSecSvc.exe [653968 2019-11-18] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [746688 2021-04-28] (Oracle Corporation -> Oracle Corporation)
R3 VssEaseusProvider; C:\Windows\system32\dllhost.exe /Processid:{0AB6C360-69E3-4A14-9072-36F8B71DE551} [21312 2020-10-10] (Microsoft Windows -> Microsoft Corporation)
S3 WD Backup Drive Helper; C:\Windows\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B} [19256 2020-10-10] (Microsoft Windows -> Microsoft Corporation)
S3 WD Backup Snapshot; C:\Windows\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD} [19256 2020-10-10] (Microsoft Windows -> Microsoft Corporation)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [366720 2020-05-29] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\NisSrv.exe [2665432 2021-07-30] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MsMpEng.exe [136640 2021-07-30] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 arwflt; C:\Windows\System32\DRIVERS\arwflt.sys [181032 2021-01-12] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R3 atkldrvr; C:\Windows\System32\DRIVERS\atkldrvr.sys [57144 2019-11-18] (Quick Heal Technologies Private Limited -> Quick Heal Technologies Ltd.)
R1 bdsflt; C:\Windows\System32\DRIVERS\bdsflt.sys [145920 2021-05-31] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
S4 bdsnm; C:\Windows\system32\DRIVERS\bdsnm.sys [49960 2021-01-12] (Quick Heal Technologies Private Limited -> Quick Heal Technologies Ltd.)
R3 bsfs; C:\Windows\System32\DRIVERS\bsfs.sys [96640 2019-11-18] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R2 catflt; C:\Windows\System32\DRIVERS\catflt.sys [308176 2021-06-02] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
S0 elamdrv; C:\Windows\System32\DRIVERS\elamdrv.sys [36824 2021-03-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Quick Heal Technologies Ltd.)
R2 emlssx; C:\Windows\system32\DRIVERS\emlssx.sys [49752 2020-09-21] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [74296 2020-11-27] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [53304 2020-09-29] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [22784 2020-02-24] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [341760 2020-02-24] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R1 ggc; C:\Windows\System32\DRIVERS\ggc.sys [98136 2020-03-20] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R3 kbfltr; C:\Windows\system32\DRIVERS\kbfltr.sys [39152 2019-11-18] (Quick Heal Technologies Private Limited -> Quick Heal Technologies Ltd.)
S3 llio; C:\Windows\system32\DRIVERS\llio.sys [91200 2019-11-18] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
S0 mscank; C:\Windows\System32\DRIVERS\mscank.sys [62192 2019-11-18] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
S3 mtkmbim; C:\Windows\System32\drivers\mtkmbim7_x64.sys [208896 2012-10-30] (MediaTek Inc.) [File not signed]
R1 networx; C:\Windows\System32\drivers\networx.sys [72632 2016-10-04] (SOFTPERFECT PTY. LTD. -> NetFilterSDK.com)
R3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [239616 2021-04-28] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [249536 2021-04-28] (Oracle Corporation -> Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [174968 2021-01-07] (Oracle Corporation -> Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49560 2021-07-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [425192 2021-07-30] (Microsoft Windows -> Microsoft Corporation)
S3 wdf_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [81408 2013-02-21] (MediaTek Inc.) [File not signed]
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [76008 2021-07-30] (Microsoft Windows -> Microsoft Corporation)
R0 webssx; C:\Windows\System32\drivers\webssx8.sys [109368 2021-06-21] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-08-01 00:32 - 2021-08-01 00:35 - 000000000 ____D C:\FRST
2021-07-31 23:46 - 2021-07-31 23:46 - 000001963 _____ C:\Users\Ravindra K. Banthia\Desktop\PC Health Check.lnk
2021-07-31 23:18 - 2021-07-31 23:46 - 000000000 ___RD C:\Users\Ravindra K. Banthia\AppData\Local\PCHealthCheck
2021-07-31 23:18 - 2021-07-31 23:18 - 000001429 _____ C:\Users\Ravindra K. Banthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-07-31 22:48 - 2021-07-31 22:48 - 000000000 ___HD C:\Users\Ravindra K. Banthia\ScStore
2021-07-31 00:51 - 2021-07-31 00:51 - 000011461 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-07-31 00:50 - 2021-07-31 00:50 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2021-07-31 00:49 - 2021-07-31 00:49 - 001823280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-07-31 00:49 - 2021-07-31 00:49 - 001393480 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-07-31 00:48 - 2021-07-31 00:48 - 000288768 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll
2021-07-30 20:34 - 2021-07-30 20:34 - 000001131 _____ C:\Users\Ravindra K. Banthia\Desktop\HTML - Shortcut.lnk
2021-07-29 22:58 - 2021-07-29 22:58 - 000020584 _____ C:\Users\Ravindra K. Banthia\.sambox.cache
2021-07-29 22:52 - 2021-07-29 22:52 - 000000000 ____D C:\Users\Ravindra K. Banthia\.openjfx
2021-07-27 20:44 - 2021-07-27 20:44 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\LocalLow\Temp
2021-07-24 03:11 - 2021-07-24 03:11 - 000001321 _____ C:\Users\Ravindra K. Banthia\Desktop\02 Epublishing - Shortcut.lnk
2021-07-23 05:21 - 2021-07-23 05:21 - 000001920 _____ C:\Users\Ravindra K. Banthia\Desktop\CCleaner64 - Shortcut.lnk
2021-07-16 02:13 - 2021-07-16 02:13 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsraLegacy.tlb
2021-07-16 02:13 - 2021-07-16 02:13 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
2021-07-16 02:13 - 2021-07-16 02:13 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rendezvousSession.tlb
2021-07-16 02:13 - 2021-07-16 02:13 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\rendezvousSession.tlb
2021-07-13 10:42 - 2021-07-13 10:42 - 000002285 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 4.5.lnk
2021-07-13 10:42 - 2021-07-13 10:42 - 000002273 _____ C:\Users\Public\Desktop\Adobe Digital Editions 4.5.lnk
2021-07-13 10:42 - 2021-07-13 10:42 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Local\Adobe_Systems_Incorporate
2021-07-13 10:42 - 2021-07-13 10:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2021-07-13 10:41 - 2021-07-13 11:13 - 000000000 ____D C:\Users\Ravindra K. Banthia\Documents\My Digital Editions
2021-07-12 19:07 - 2021-07-12 19:07 - 000000886 _____ C:\Users\Ravindra K. Banthia\Desktop\MyCalibre Library - Shortcut.lnk
2021-07-10 04:07 - 2021-07-10 04:07 - 000002376 _____ C:\Users\Ravindra K. Banthia\Desktop\Kindle.lnk
2021-07-10 04:07 - 2021-07-10 04:07 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2021-07-08 03:27 - 2021-07-08 03:27 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Local\DAISY_Consortium
2021-07-05 06:57 - 2021-07-05 06:57 - 000161911 _____ C:\Users\Ravindra K. Banthia\Downloads\a-room-of-ones-own-virginia-woolf-1929 (1).pdf
2021-07-04 22:10 - 2021-07-04 22:13 - 000388308 _____ C:\Users\Ravindra K. Banthia\Documents\02b Client testimonials Fiction children and young adult - writing and editing US.pdf
2021-07-02 05:53 - 2021-07-02 05:53 - 000001286 _____ C:\Users\Ravindra K. Banthia\Desktop\43_July_2021 - Shortcut.lnk
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-08-01 00:35 - 2021-01-07 04:06 - 000000000 ____D C:\Program Files (x86)\Google
2021-08-01 00:35 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\AppReadiness
2021-08-01 00:34 - 2019-12-07 14:44 - 000000000 ___HD C:\Program Files\WindowsApps
2021-08-01 00:34 - 2019-12-07 14:44 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-08-01 00:33 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\registration
2021-08-01 00:32 - 2020-09-27 13:23 - 000002448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-08-01 00:31 - 2021-01-13 12:12 - 000004196 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{0199AFB5-19A7-4371-A282-63D31743729E}
2021-07-31 22:55 - 2021-01-10 00:25 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Local\D3DSCache
2021-07-31 22:55 - 2021-01-07 02:47 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI
2021-07-31 22:55 - 2019-12-07 14:43 - 000000000 ____D C:\Windows\INF
2021-07-31 22:49 - 2021-01-06 23:26 - 000000000 __SHD C:\Users\Ravindra K. Banthia\IntelGraphicsProfiles
2021-07-31 22:48 - 2021-01-07 02:56 - 000000000 ____D C:\Users\Ravindra K. Banthia
2021-07-31 22:47 - 2020-09-27 13:21 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-07-31 22:47 - 2020-09-27 12:20 - 000008192 ___SH C:\DumpStack.log.tmp
2021-07-31 22:46 - 2019-12-07 14:33 - 000524288 _____ C:\Windows\system32\config\BBI
2021-07-31 22:41 - 2021-01-07 04:18 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Roaming\Notepad++
2021-07-31 22:09 - 2020-09-27 12:20 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-07-31 02:30 - 2021-01-19 14:04 - 000000000 ____D C:\temp
2021-07-31 01:22 - 2019-12-07 14:33 - 000032768 _____ C:\Windows\system32\config\ELAM
2021-07-31 01:19 - 2020-09-27 12:20 - 000306816 _____ C:\Windows\system32\FNTCACHE.DAT
2021-07-31 01:13 - 2019-12-07 14:44 - 000000000 ___SD C:\Windows\system32\UNP
2021-07-31 01:13 - 2019-12-07 14:44 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-07-31 01:13 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-07-31 01:13 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\SystemResources
2021-07-31 01:13 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\system32\oobe
2021-07-31 01:13 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\system32\Dism
2021-07-31 01:13 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\ShellComponents
2021-07-31 01:13 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\bcastdvr
2021-07-31 01:13 - 2019-12-07 14:33 - 000000000 ____D C:\Windows\servicing
2021-07-31 01:08 - 2019-12-07 14:33 - 000000000 ____D C:\Windows\CbsTemp
2021-07-31 00:08 - 2021-01-06 23:16 - 000000000 ___HD C:\$WinREAgent
2021-07-30 23:19 - 2020-09-27 13:21 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-07-30 21:54 - 2021-01-12 22:59 - 000000000 ____D C:\Windows\system32\gprodat
2021-07-30 20:23 - 2021-01-12 13:35 - 003593304 _____ C:\Users\Ravindra K. Banthia\Desktop\MS OneNote.one
2021-07-30 10:29 - 2021-01-07 04:05 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\LocalLow\Mozilla
2021-07-30 10:28 - 2021-01-07 04:05 - 000000000 ____D C:\ProgramData\Mozilla
2021-07-30 08:25 - 2020-09-27 13:23 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-07-30 08:25 - 2020-09-27 13:23 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-07-29 10:59 - 2021-03-08 04:23 - 000000000 ____D C:\Users\Ravindra K. Banthia\Documents\My Kindle Content
2021-07-29 03:29 - 2021-02-06 23:00 - 083369984 _____ C:\Windows\system32\config\software.rhk
2021-07-29 03:29 - 2021-02-06 23:00 - 004894720 _____ C:\Users\Ravindra K. Banthia\ntuser.rhk
2021-07-29 03:29 - 2021-02-06 23:00 - 000458752 _____ C:\Windows\system32\config\default.rhk
2021-07-29 03:29 - 2021-02-06 23:00 - 000081920 _____ C:\Windows\system32\config\sam.rhk
2021-07-29 03:29 - 2021-02-06 23:00 - 000049152 _____ C:\Windows\system32\config\security.rhk
2021-07-27 13:57 - 2021-01-19 01:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2021-07-26 20:48 - 2021-01-07 03:01 - 000003408 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1816540855-1781404652-3398414014-1001
2021-07-26 20:48 - 2021-01-07 03:01 - 000000000 ___RD C:\Users\Ravindra K. Banthia\OneDrive
2021-07-26 20:48 - 2021-01-07 02:56 - 000002435 _____ C:\Users\Ravindra K. Banthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-07-23 22:45 - 2021-01-12 22:01 - 000002257 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-07-23 22:45 - 2021-01-12 22:01 - 000002216 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-07-21 12:09 - 2021-01-07 04:03 - 000001314 _____ C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2021-07-21 12:09 - 2021-01-07 04:03 - 000000000 ____D C:\Windows\system32\Tasks\WiseCleaner
2021-07-21 12:09 - 2021-01-07 04:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2021-07-16 04:03 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-07-16 04:03 - 2019-12-07 14:44 - 000000000 ____D C:\Program Files\Common Files\System
2021-07-16 03:30 - 2021-01-12 22:01 - 000003418 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-07-16 03:30 - 2021-01-12 22:01 - 000003294 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-07-14 20:57 - 2021-01-06 23:31 - 000000000 ____D C:\Windows\system32\MRT
2021-07-14 20:46 - 2021-01-06 23:31 - 133422552 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-07-13 10:54 - 2021-01-07 03:44 - 000000000 ____D C:\ProgramData\Package Cache
2021-07-13 10:41 - 2021-01-07 04:24 - 000000000 ____D C:\Program Files (x86)\Adobe
2021-07-13 10:25 - 2021-01-07 22:26 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Local\PlaceholderTileLogoFolder
2021-07-13 10:25 - 2021-01-07 02:57 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Local\Packages
2021-07-12 02:35 - 2021-03-06 08:23 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Local\calibre-cache
2021-07-10 22:21 - 2021-03-06 19:06 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Roaming\calibre
2021-07-10 21:46 - 2021-03-06 19:05 - 000001009 _____ C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
2021-07-10 21:46 - 2021-01-07 04:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2021-07-10 21:45 - 2021-01-07 04:32 - 000000000 ____D C:\Program Files\Calibre2
2021-07-10 04:07 - 2021-01-07 04:33 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Local\Amazon
2021-07-08 12:51 - 2021-01-07 04:20 - 000001089 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2021-07-08 12:51 - 2021-01-07 04:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2021-07-08 11:50 - 2021-07-01 10:58 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-07-08 11:50 - 2021-01-07 04:05 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-07-06 16:39 - 2021-01-12 16:58 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Local\CrashDumps
==================== Files in the root of some directories ========
2021-02-25 03:38 - 2021-02-25 03:38 - 000000059 _____ () C:\Users\Ravindra K. Banthia\AppData\Roaming\Camdata.ini
2021-02-25 03:38 - 2021-02-25 03:38 - 000000408 _____ () C:\Users\Ravindra K. Banthia\AppData\Roaming\CamLayout.ini
2021-02-25 03:38 - 2021-02-25 03:38 - 000000408 _____ () C:\Users\Ravindra K. Banthia\AppData\Roaming\CamShapes.ini
2021-02-25 03:30 - 2021-02-25 03:38 - 000004536 _____ () C:\Users\Ravindra K. Banthia\AppData\Roaming\CamStudio.cfg
2021-02-25 03:20 - 2021-02-25 03:20 - 000000096 _____ () C:\Users\Ravindra K. Banthia\AppData\Roaming\version2.xml
2021-01-08 13:24 - 2021-01-26 22:17 - 000007603 _____ () C:\Users\Ravindra K. Banthia\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
My PC seems to be taking longer to boot and shutdown.
Also, it seems to hang occasionally.
In particular, recently, I am having problems with a time-tracker by Upwork LLC.
Also, when I log in to Upwork.com, I am occasionally getting a reCAPTCHA with the following message:
“Please verify you are a human.
“Access to this page has been denied because we believe you are using automation tools to browse the website.
“This may happen as a result of the following:
• javascript is disabled or blocked by an extension (ad blockers for example)
• Your browser does not support cookies
“Please make sure that javascript and cookies are enabled on your browser and that you are not blockIng them from loading.
“Reference ID: #lOfbf98O-d9bc-1 1 eb-9044-1 1 6fdf7el 2f4”
------------------------
I normally use Google Chrome, and JavaScript and cookies are enabled.
I browse the web manually. I do not use any proxy.
I do use an ad-blocker, AdGuard AdBlocker, that has been around for quite some time and has not caused any problems with Upwork earlier.
However, I have disabled the ad-blocker for Upwork.
The Reference ID seems to vary.
About a month ago (when the problem first occurred after several years), I had raised the matter with Upwork, and their tech support had determined that the problem was with their software, not my PC.
However, the reCAPTCHA is occasionally being displayed again for the last two days.
This reCAPTCHA and the sluggish behavior of my PC has led me to suspect that some malware could be involved.
As instructed, I have pasted both the files FRST.txt and Addition.txt
-----------------------------
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2021
Ran by Ravindra K. Banthia (administrator) on DESKTOP-JI0GMVB (BIOSTAR Group H61MLV3) (01-08-2021 00:34:05)
Running from F:\Work\A_Forums\Techspot\01 31 July 2021 Virus removal\Farbar Recovery Scan Tool 64-bit 19.07.2021
Loaded Profiles: Ravindra K. Banthia
Platform: Windows 10 Home Version 20H2 19042.1151 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files (x86)\FastStone Capture\FSCapture.exe
(CHENGDU YIWO Tech Development Co., Ltd. -> ) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(M8 Software) [File not signed] C:\Program Files (x86)\FreeClip\FreeClip.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\Installer\setup.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15C64560-5E96-4F41-808C-083709DAE3FF}\EDGEMITMP_4F121.tmp\setup.exe <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15C64560-5E96-4F41-808C-083709DAE3FF}\MicrosoftEdge_X64_92.0.902.62_92.0.902.55.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe <2>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2106.14307.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.6282.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.6282.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(Quick Heal Technologies Limited -> ) C:\Program Files\Quick Heal\Quick Heal Total Security\BSSISS.EXE
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\ARWSRVC.EXE
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\BDSSVC.exe
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\emlproxy.exe
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\ONLINENT.EXE
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\OPSSVC.EXE
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\QHPISVR.EXE
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\QUHLPSVC.EXE
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\REPRSVC.EXE
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\SCSECSVC.EXE
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Softdeluxe) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe
(Softdeluxe) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe
(SOFTPERFECT PTY. LTD. -> SoftPerfect) C:\Program Files\NetWorx\networx.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [7682888 2016-10-28] (SOFTPERFECT PTY. LTD. -> SoftPerfect)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16475392 2016-05-26] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Quick Heal Core UI] => C:\Program Files\Quick Heal\Quick Heal Total Security\strtupap.exe [265272 2020-03-23] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [24720 2020-05-11] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [2311840 2020-05-29] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TrayProcess] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayProcess.exe [1410184 2020-12-04] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\Run: [Free Download Manager] => C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe [4729344 2020-12-25] (Softdeluxe) [File not signed]
HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\Run: [Upwork] => C:\Users\Ravindra K. Banthia\AppData\Local\Programs\upwork\Upwork.exe [104590560 2020-11-04] (Upwork Global Inc. -> Upwork, Inc.)
HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [114012032 2021-07-20] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\...\Windows x64\Print Processors\HP1020PrintProc: C:\Windows\System32\spool\prtprocs\x64\pphp1020.dll [65024 2012-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\HPLJ1020LM: C:\Windows\system32\zlhp1020.dll [192512 2012-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\novaPDF 10 Port Monitor: C:\Windows\system32\novamn10.dll [18944 2020-12-04] (Softland) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\92.0.4515.107\Installer\chrmstp.exe [2021-07-23] (Google LLC -> Google LLC)
Lsa: [Notification Packages] scecli C:\Windows\system32\ScSecAuth.Dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk [2021-01-07]
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk [2021-01-07]
ShortcutTarget: Adobe Acrobat Synchronizer.lnk -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe (Adobe Systems, Incorporated -> )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FreeClip.lnk [2021-01-07]
ShortcutTarget: FreeClip.lnk -> C:\Program Files (x86)\FreeClip\FreeClip.exe (M8 Software) [File not signed]
Startup: C:\Users\Ravindra K. Banthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2021-01-12]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0E3F85DE-932B-48D7-BA96-32CD014330BB} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [690616 2021-07-01] (Mozilla Corporation -> Mozilla Foundation)
Task: {10269BBC-A835-4661-B46F-DB670F447208} - System32\Tasks\WiseCleaner\WRCSkipUAC => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [10893616 2021-05-20] (Lespeed Technology Co., Ltd -> WiseCleaner.com)
Task: {3C72743C-2729-476E-88FD-79924A95DE41} - System32\Tasks\Quick Heal AntiMalware Scan => C:\Program Files\Quick Heal\Quick Heal Total Security\ASMAIN.EXE [410680 2020-03-13] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
Task: {521400EB-A109-487C-A367-8850DDC20F8F} - System32\Tasks\MyDefrag v4.3.1 Daily => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD [5663 2010-05-21] () [File not signed]
Task: {577D6CAD-7917-4E7A-AD98-1DE03E8188DB} - System32\Tasks\Resume Quickup Download => C:\Program Files\Quick Heal\Quick Heal Total Security\ACAPPAA.EXE [307768 2020-03-23] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
Task: {5E3E52D1-72FD-47C3-9932-C8B5B8D968A2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-12] (Google LLC -> Google LLC)
Task: {7F226E1B-511B-4CDB-962E-100767AE37D5} - System32\Tasks\FreeDownloadManagerHelperService => C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe [144896 2020-12-25] (Softdeluxe) [File not signed]
Task: {95B23FF1-7E38-4669-A290-F672C9A9D3B1} - System32\Tasks\MyDefrag v4.3.1 Monthly => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD [5626 2010-05-21] () [File not signed]
Task: {BF9ABA54-2A82-4DC0-B925-DBF82BFB06C5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-12] (Google LLC -> Google LLC)
Task: {D29530BC-BEBD-4ABD-997A-5E7D01456574} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1907712 2021-02-25] () [File not signed]
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Quick Heal AntiMalware Scan.job => C:\Program Files\Quick Heal\Quick Heal Total Security\ASMAIN.EXE
Task: C:\Windows\Tasks\Resume Quickup Download.job => C:\Program Files\Quick Heal\Quick Heal Total Security\ACAPPAA.EXE
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.225.1
Tcpip\..\Interfaces\{420dcf99-50c0-45e4-8e5a-09f9703857d6}: [DhcpNameServer] 192.168.225.1
Tcpip\..\Interfaces\{95595449-04b6-4c07-922d-491c41c22c8b}: [DhcpNameServer] 192.168.225.1
Tcpip\..\Interfaces\{b2bee865-913d-4997-bd90-e880ad659852}: [DhcpNameServer] 192.168.225.1
Edge:
=======
Edge Profile: C:\Users\Ravindra K. Banthia\AppData\Local\Microsoft\Edge\User Data\Default [2021-07-31]
Edge Extension: (Outlook) - C:\Users\Ravindra K. Banthia\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2021-01-07]
Edge Extension: (Word) - C:\Users\Ravindra K. Banthia\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2021-01-07]
Edge Extension: (Excel) - C:\Users\Ravindra K. Banthia\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2021-01-07]
Edge Extension: (PowerPoint) - C:\Users\Ravindra K. Banthia\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2021-01-07]
FireFox:
========
FF DefaultProfile: r9801z1v.default
FF ProfilePath: C:\Users\Ravindra K. Banthia\AppData\Roaming\Mozilla\Firefox\Profiles\r9801z1v.default [2021-01-16]
FF ProfilePath: C:\Users\Ravindra K. Banthia\AppData\Roaming\Mozilla\Firefox\Profiles\27bfc060.default-release [2021-07-31]
FF Extension: (Free Download Manager) - C:\Users\Ravindra K. Banthia\AppData\Roaming\Mozilla\Firefox\Profiles\27bfc060.default-release\Extensions\fdm_ffext2@freedownloadmanager.org.xpi [2021-04-11]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default [2021-08-01]
CHR Notifications: Default -> hxxps://www.upwork.com
CHR NewTab: Default -> Not-active:"chrome-extension://jekkhdbkcbpelmgeekmdjnfapnecfmha/defaultHomePage.html"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=U501DF&PC=U501&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=U501DF&PC=U501&query={searchTerms}
CHR Extension: (Free Download Manager) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2021-02-15]
CHR Extension: (Privacy Pass) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajhmfdgkijocedmfjonnpjfojldioehi [2021-07-01]
CHR Extension: (AdGuard AdBlocker) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2021-06-04]
CHR Extension: (AutoplayStopper) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddcgojdblidajhngkogefpkknnebdh [2021-07-27]
CHR Extension: (Zotero Connector) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2021-07-23]
CHR Extension: (Read Aloud: A Text to Speech Voice Reader) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhinadidafjejdhmfkjgnolgimiaplp [2021-07-30]
CHR Extension: (Bing) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jekkhdbkcbpelmgeekmdjnfapnecfmha [2021-05-13]
CHR Extension: (Quick Heal Anti-Tracker) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmopofhkmbgdgakogbjcgfkblkdpglnj [2021-04-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Equalizer for YouTube™) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\oggiagogblgafoilijjdhcmflgekfmja [2021-01-07]
CHR Extension: (Chrome Media Router) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-24]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 arwsrvc; C:\Program Files\Quick Heal\Quick Heal Total Security\arwsrvc.exe [85536 2021-01-12] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R2 Behavior Detection System; C:\Program Files\Quick Heal\Quick Heal Total Security\bdssvc.exe [53880 2021-05-31] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R2 Core Mail Protection; C:\Program Files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE [138808 2021-06-21] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R2 Core Scanning Server; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [338576 2019-11-18] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
S3 Core Scanning ServerEx; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [338576 2019-11-18] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [43656 2020-12-04] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2021-01-07] (Macrovision Europe Ltd.) [File not signed]
S2 LmsaWindowsService; C:\Program Files (x86)\Rescue and Smart Assistant\LmsaWindowsService.exe [42624 2021-02-08] (Lenovo -> )
S2 NovaPdf10Server; C:\Program Files\Softland\novaPDF 10\Server\novapdfs.exe [52528 2020-12-04] (Softland SRL -> Microsoft)
R2 Online Protection System; C:\Program Files\Quick Heal\Quick Heal Total Security\opssvc.exe [158264 2020-03-23] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R2 Quick Update Service; C:\Program Files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe [264248 2020-02-24] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R2 RepairService; C:\Program Files\Quick Heal\Quick Heal Total Security\reprsvc.exe [90168 2020-04-09] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R2 ScanWscS; C:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE [438800 2020-05-13] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R2 ScSecSvc; C:\Program Files\Quick Heal\Quick Heal Total Security\ScSecSvc.exe [653968 2019-11-18] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [746688 2021-04-28] (Oracle Corporation -> Oracle Corporation)
R3 VssEaseusProvider; C:\Windows\system32\dllhost.exe /Processid:{0AB6C360-69E3-4A14-9072-36F8B71DE551} [21312 2020-10-10] (Microsoft Windows -> Microsoft Corporation)
S3 WD Backup Drive Helper; C:\Windows\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B} [19256 2020-10-10] (Microsoft Windows -> Microsoft Corporation)
S3 WD Backup Snapshot; C:\Windows\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD} [19256 2020-10-10] (Microsoft Windows -> Microsoft Corporation)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [366720 2020-05-29] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\NisSrv.exe [2665432 2021-07-30] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MsMpEng.exe [136640 2021-07-30] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 arwflt; C:\Windows\System32\DRIVERS\arwflt.sys [181032 2021-01-12] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R3 atkldrvr; C:\Windows\System32\DRIVERS\atkldrvr.sys [57144 2019-11-18] (Quick Heal Technologies Private Limited -> Quick Heal Technologies Ltd.)
R1 bdsflt; C:\Windows\System32\DRIVERS\bdsflt.sys [145920 2021-05-31] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
S4 bdsnm; C:\Windows\system32\DRIVERS\bdsnm.sys [49960 2021-01-12] (Quick Heal Technologies Private Limited -> Quick Heal Technologies Ltd.)
R3 bsfs; C:\Windows\System32\DRIVERS\bsfs.sys [96640 2019-11-18] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R2 catflt; C:\Windows\System32\DRIVERS\catflt.sys [308176 2021-06-02] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
S0 elamdrv; C:\Windows\System32\DRIVERS\elamdrv.sys [36824 2021-03-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Quick Heal Technologies Ltd.)
R2 emlssx; C:\Windows\system32\DRIVERS\emlssx.sys [49752 2020-09-21] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [74296 2020-11-27] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [53304 2020-09-29] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [22784 2020-02-24] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [341760 2020-02-24] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R1 ggc; C:\Windows\System32\DRIVERS\ggc.sys [98136 2020-03-20] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R3 kbfltr; C:\Windows\system32\DRIVERS\kbfltr.sys [39152 2019-11-18] (Quick Heal Technologies Private Limited -> Quick Heal Technologies Ltd.)
S3 llio; C:\Windows\system32\DRIVERS\llio.sys [91200 2019-11-18] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
S0 mscank; C:\Windows\System32\DRIVERS\mscank.sys [62192 2019-11-18] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
S3 mtkmbim; C:\Windows\System32\drivers\mtkmbim7_x64.sys [208896 2012-10-30] (MediaTek Inc.) [File not signed]
R1 networx; C:\Windows\System32\drivers\networx.sys [72632 2016-10-04] (SOFTPERFECT PTY. LTD. -> NetFilterSDK.com)
R3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [239616 2021-04-28] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [249536 2021-04-28] (Oracle Corporation -> Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [174968 2021-01-07] (Oracle Corporation -> Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49560 2021-07-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [425192 2021-07-30] (Microsoft Windows -> Microsoft Corporation)
S3 wdf_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [81408 2013-02-21] (MediaTek Inc.) [File not signed]
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [76008 2021-07-30] (Microsoft Windows -> Microsoft Corporation)
R0 webssx; C:\Windows\System32\drivers\webssx8.sys [109368 2021-06-21] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-08-01 00:32 - 2021-08-01 00:35 - 000000000 ____D C:\FRST
2021-07-31 23:46 - 2021-07-31 23:46 - 000001963 _____ C:\Users\Ravindra K. Banthia\Desktop\PC Health Check.lnk
2021-07-31 23:18 - 2021-07-31 23:46 - 000000000 ___RD C:\Users\Ravindra K. Banthia\AppData\Local\PCHealthCheck
2021-07-31 23:18 - 2021-07-31 23:18 - 000001429 _____ C:\Users\Ravindra K. Banthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-07-31 22:48 - 2021-07-31 22:48 - 000000000 ___HD C:\Users\Ravindra K. Banthia\ScStore
2021-07-31 00:51 - 2021-07-31 00:51 - 000011461 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-07-31 00:50 - 2021-07-31 00:50 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2021-07-31 00:49 - 2021-07-31 00:49 - 001823280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-07-31 00:49 - 2021-07-31 00:49 - 001393480 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-07-31 00:48 - 2021-07-31 00:48 - 000288768 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll
2021-07-30 20:34 - 2021-07-30 20:34 - 000001131 _____ C:\Users\Ravindra K. Banthia\Desktop\HTML - Shortcut.lnk
2021-07-29 22:58 - 2021-07-29 22:58 - 000020584 _____ C:\Users\Ravindra K. Banthia\.sambox.cache
2021-07-29 22:52 - 2021-07-29 22:52 - 000000000 ____D C:\Users\Ravindra K. Banthia\.openjfx
2021-07-27 20:44 - 2021-07-27 20:44 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\LocalLow\Temp
2021-07-24 03:11 - 2021-07-24 03:11 - 000001321 _____ C:\Users\Ravindra K. Banthia\Desktop\02 Epublishing - Shortcut.lnk
2021-07-23 05:21 - 2021-07-23 05:21 - 000001920 _____ C:\Users\Ravindra K. Banthia\Desktop\CCleaner64 - Shortcut.lnk
2021-07-16 02:13 - 2021-07-16 02:13 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsraLegacy.tlb
2021-07-16 02:13 - 2021-07-16 02:13 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
2021-07-16 02:13 - 2021-07-16 02:13 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rendezvousSession.tlb
2021-07-16 02:13 - 2021-07-16 02:13 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\rendezvousSession.tlb
2021-07-13 10:42 - 2021-07-13 10:42 - 000002285 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 4.5.lnk
2021-07-13 10:42 - 2021-07-13 10:42 - 000002273 _____ C:\Users\Public\Desktop\Adobe Digital Editions 4.5.lnk
2021-07-13 10:42 - 2021-07-13 10:42 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Local\Adobe_Systems_Incorporate
2021-07-13 10:42 - 2021-07-13 10:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2021-07-13 10:41 - 2021-07-13 11:13 - 000000000 ____D C:\Users\Ravindra K. Banthia\Documents\My Digital Editions
2021-07-12 19:07 - 2021-07-12 19:07 - 000000886 _____ C:\Users\Ravindra K. Banthia\Desktop\MyCalibre Library - Shortcut.lnk
2021-07-10 04:07 - 2021-07-10 04:07 - 000002376 _____ C:\Users\Ravindra K. Banthia\Desktop\Kindle.lnk
2021-07-10 04:07 - 2021-07-10 04:07 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2021-07-08 03:27 - 2021-07-08 03:27 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Local\DAISY_Consortium
2021-07-05 06:57 - 2021-07-05 06:57 - 000161911 _____ C:\Users\Ravindra K. Banthia\Downloads\a-room-of-ones-own-virginia-woolf-1929 (1).pdf
2021-07-04 22:10 - 2021-07-04 22:13 - 000388308 _____ C:\Users\Ravindra K. Banthia\Documents\02b Client testimonials Fiction children and young adult - writing and editing US.pdf
2021-07-02 05:53 - 2021-07-02 05:53 - 000001286 _____ C:\Users\Ravindra K. Banthia\Desktop\43_July_2021 - Shortcut.lnk
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-08-01 00:35 - 2021-01-07 04:06 - 000000000 ____D C:\Program Files (x86)\Google
2021-08-01 00:35 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\AppReadiness
2021-08-01 00:34 - 2019-12-07 14:44 - 000000000 ___HD C:\Program Files\WindowsApps
2021-08-01 00:34 - 2019-12-07 14:44 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-08-01 00:33 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\registration
2021-08-01 00:32 - 2020-09-27 13:23 - 000002448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-08-01 00:31 - 2021-01-13 12:12 - 000004196 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{0199AFB5-19A7-4371-A282-63D31743729E}
2021-07-31 22:55 - 2021-01-10 00:25 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Local\D3DSCache
2021-07-31 22:55 - 2021-01-07 02:47 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI
2021-07-31 22:55 - 2019-12-07 14:43 - 000000000 ____D C:\Windows\INF
2021-07-31 22:49 - 2021-01-06 23:26 - 000000000 __SHD C:\Users\Ravindra K. Banthia\IntelGraphicsProfiles
2021-07-31 22:48 - 2021-01-07 02:56 - 000000000 ____D C:\Users\Ravindra K. Banthia
2021-07-31 22:47 - 2020-09-27 13:21 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-07-31 22:47 - 2020-09-27 12:20 - 000008192 ___SH C:\DumpStack.log.tmp
2021-07-31 22:46 - 2019-12-07 14:33 - 000524288 _____ C:\Windows\system32\config\BBI
2021-07-31 22:41 - 2021-01-07 04:18 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Roaming\Notepad++
2021-07-31 22:09 - 2020-09-27 12:20 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-07-31 02:30 - 2021-01-19 14:04 - 000000000 ____D C:\temp
2021-07-31 01:22 - 2019-12-07 14:33 - 000032768 _____ C:\Windows\system32\config\ELAM
2021-07-31 01:19 - 2020-09-27 12:20 - 000306816 _____ C:\Windows\system32\FNTCACHE.DAT
2021-07-31 01:13 - 2019-12-07 14:44 - 000000000 ___SD C:\Windows\system32\UNP
2021-07-31 01:13 - 2019-12-07 14:44 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-07-31 01:13 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-07-31 01:13 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\SystemResources
2021-07-31 01:13 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\system32\oobe
2021-07-31 01:13 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\system32\Dism
2021-07-31 01:13 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\ShellComponents
2021-07-31 01:13 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\bcastdvr
2021-07-31 01:13 - 2019-12-07 14:33 - 000000000 ____D C:\Windows\servicing
2021-07-31 01:08 - 2019-12-07 14:33 - 000000000 ____D C:\Windows\CbsTemp
2021-07-31 00:08 - 2021-01-06 23:16 - 000000000 ___HD C:\$WinREAgent
2021-07-30 23:19 - 2020-09-27 13:21 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-07-30 21:54 - 2021-01-12 22:59 - 000000000 ____D C:\Windows\system32\gprodat
2021-07-30 20:23 - 2021-01-12 13:35 - 003593304 _____ C:\Users\Ravindra K. Banthia\Desktop\MS OneNote.one
2021-07-30 10:29 - 2021-01-07 04:05 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\LocalLow\Mozilla
2021-07-30 10:28 - 2021-01-07 04:05 - 000000000 ____D C:\ProgramData\Mozilla
2021-07-30 08:25 - 2020-09-27 13:23 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-07-30 08:25 - 2020-09-27 13:23 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-07-29 10:59 - 2021-03-08 04:23 - 000000000 ____D C:\Users\Ravindra K. Banthia\Documents\My Kindle Content
2021-07-29 03:29 - 2021-02-06 23:00 - 083369984 _____ C:\Windows\system32\config\software.rhk
2021-07-29 03:29 - 2021-02-06 23:00 - 004894720 _____ C:\Users\Ravindra K. Banthia\ntuser.rhk
2021-07-29 03:29 - 2021-02-06 23:00 - 000458752 _____ C:\Windows\system32\config\default.rhk
2021-07-29 03:29 - 2021-02-06 23:00 - 000081920 _____ C:\Windows\system32\config\sam.rhk
2021-07-29 03:29 - 2021-02-06 23:00 - 000049152 _____ C:\Windows\system32\config\security.rhk
2021-07-27 13:57 - 2021-01-19 01:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2021-07-26 20:48 - 2021-01-07 03:01 - 000003408 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1816540855-1781404652-3398414014-1001
2021-07-26 20:48 - 2021-01-07 03:01 - 000000000 ___RD C:\Users\Ravindra K. Banthia\OneDrive
2021-07-26 20:48 - 2021-01-07 02:56 - 000002435 _____ C:\Users\Ravindra K. Banthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-07-23 22:45 - 2021-01-12 22:01 - 000002257 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-07-23 22:45 - 2021-01-12 22:01 - 000002216 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-07-21 12:09 - 2021-01-07 04:03 - 000001314 _____ C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2021-07-21 12:09 - 2021-01-07 04:03 - 000000000 ____D C:\Windows\system32\Tasks\WiseCleaner
2021-07-21 12:09 - 2021-01-07 04:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2021-07-16 04:03 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-07-16 04:03 - 2019-12-07 14:44 - 000000000 ____D C:\Program Files\Common Files\System
2021-07-16 03:30 - 2021-01-12 22:01 - 000003418 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-07-16 03:30 - 2021-01-12 22:01 - 000003294 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-07-14 20:57 - 2021-01-06 23:31 - 000000000 ____D C:\Windows\system32\MRT
2021-07-14 20:46 - 2021-01-06 23:31 - 133422552 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-07-13 10:54 - 2021-01-07 03:44 - 000000000 ____D C:\ProgramData\Package Cache
2021-07-13 10:41 - 2021-01-07 04:24 - 000000000 ____D C:\Program Files (x86)\Adobe
2021-07-13 10:25 - 2021-01-07 22:26 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Local\PlaceholderTileLogoFolder
2021-07-13 10:25 - 2021-01-07 02:57 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Local\Packages
2021-07-12 02:35 - 2021-03-06 08:23 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Local\calibre-cache
2021-07-10 22:21 - 2021-03-06 19:06 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Roaming\calibre
2021-07-10 21:46 - 2021-03-06 19:05 - 000001009 _____ C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
2021-07-10 21:46 - 2021-01-07 04:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2021-07-10 21:45 - 2021-01-07 04:32 - 000000000 ____D C:\Program Files\Calibre2
2021-07-10 04:07 - 2021-01-07 04:33 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Local\Amazon
2021-07-08 12:51 - 2021-01-07 04:20 - 000001089 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2021-07-08 12:51 - 2021-01-07 04:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2021-07-08 11:50 - 2021-07-01 10:58 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-07-08 11:50 - 2021-01-07 04:05 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-07-06 16:39 - 2021-01-12 16:58 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Local\CrashDumps
==================== Files in the root of some directories ========
2021-02-25 03:38 - 2021-02-25 03:38 - 000000059 _____ () C:\Users\Ravindra K. Banthia\AppData\Roaming\Camdata.ini
2021-02-25 03:38 - 2021-02-25 03:38 - 000000408 _____ () C:\Users\Ravindra K. Banthia\AppData\Roaming\CamLayout.ini
2021-02-25 03:38 - 2021-02-25 03:38 - 000000408 _____ () C:\Users\Ravindra K. Banthia\AppData\Roaming\CamShapes.ini
2021-02-25 03:30 - 2021-02-25 03:38 - 000004536 _____ () C:\Users\Ravindra K. Banthia\AppData\Roaming\CamStudio.cfg
2021-02-25 03:20 - 2021-02-25 03:20 - 000000096 _____ () C:\Users\Ravindra K. Banthia\AppData\Roaming\version2.xml
2021-01-08 13:24 - 2021-01-26 22:17 - 000007603 _____ () C:\Users\Ravindra K. Banthia\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================