Solved Need help with possible infection

ravisunny2

Posts: 1,051   +11
Hi,

My PC seems to be taking longer to boot and shutdown.

Also, it seems to hang occasionally.

In particular, recently, I am having problems with a time-tracker by Upwork LLC.

Also, when I log in to Upwork.com, I am occasionally getting a reCAPTCHA with the following message:

“Please verify you are a human.

“Access to this page has been denied because we believe you are using automation tools to browse the website.

“This may happen as a result of the following:

• javascript is disabled or blocked by an extension (ad blockers for example)
• Your browser does not support cookies

“Please make sure that javascript and cookies are enabled on your browser and that you are not blockIng them from loading.

“Reference ID: #lOfbf98O-d9bc-1 1 eb-9044-1 1 6fdf7el 2f4”
------------------------
I normally use Google Chrome, and JavaScript and cookies are enabled.

I browse the web manually. I do not use any proxy.

I do use an ad-blocker, AdGuard AdBlocker, that has been around for quite some time and has not caused any problems with Upwork earlier.

However, I have disabled the ad-blocker for Upwork.

The Reference ID seems to vary.

About a month ago (when the problem first occurred after several years), I had raised the matter with Upwork, and their tech support had determined that the problem was with their software, not my PC.

However, the reCAPTCHA is occasionally being displayed again for the last two days.

This reCAPTCHA and the sluggish behavior of my PC has led me to suspect that some malware could be involved.

As instructed, I have pasted both the files FRST.txt and Addition.txt

-----------------------------
FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2021
Ran by Ravindra K. Banthia (administrator) on DESKTOP-JI0GMVB (BIOSTAR Group H61MLV3) (01-08-2021 00:34:05)
Running from F:\Work\A_Forums\Techspot\01 31 July 2021 Virus removal\Farbar Recovery Scan Tool 64-bit 19.07.2021
Loaded Profiles: Ravindra K. Banthia
Platform: Windows 10 Home Version 20H2 19042.1151 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\FastStone Capture\FSCapture.exe
(CHENGDU YIWO Tech Development Co., Ltd. -> ) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(M8 Software) [File not signed] C:\Program Files (x86)\FreeClip\FreeClip.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\Installer\setup.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15C64560-5E96-4F41-808C-083709DAE3FF}\EDGEMITMP_4F121.tmp\setup.exe <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15C64560-5E96-4F41-808C-083709DAE3FF}\MicrosoftEdge_X64_92.0.902.62_92.0.902.55.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe <2>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2106.14307.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.6282.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.6282.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(Quick Heal Technologies Limited -> ) C:\Program Files\Quick Heal\Quick Heal Total Security\BSSISS.EXE
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\ARWSRVC.EXE
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\BDSSVC.exe
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\emlproxy.exe
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\ONLINENT.EXE
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\OPSSVC.EXE
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\QHPISVR.EXE
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\QUHLPSVC.EXE
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\REPRSVC.EXE
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\SCSECSVC.EXE
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Softdeluxe) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe
(Softdeluxe) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe
(SOFTPERFECT PTY. LTD. -> SoftPerfect) C:\Program Files\NetWorx\networx.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [7682888 2016-10-28] (SOFTPERFECT PTY. LTD. -> SoftPerfect)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16475392 2016-05-26] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Quick Heal Core UI] => C:\Program Files\Quick Heal\Quick Heal Total Security\strtupap.exe [265272 2020-03-23] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [24720 2020-05-11] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [2311840 2020-05-29] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TrayProcess] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayProcess.exe [1410184 2020-12-04] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\Run: [Free Download Manager] => C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe [4729344 2020-12-25] (Softdeluxe) [File not signed]
HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\Run: [Upwork] => C:\Users\Ravindra K. Banthia\AppData\Local\Programs\upwork\Upwork.exe [104590560 2020-11-04] (Upwork Global Inc. -> Upwork, Inc.)
HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [114012032 2021-07-20] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\...\Windows x64\Print Processors\HP1020PrintProc: C:\Windows\System32\spool\prtprocs\x64\pphp1020.dll [65024 2012-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\HPLJ1020LM: C:\Windows\system32\zlhp1020.dll [192512 2012-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\novaPDF 10 Port Monitor: C:\Windows\system32\novamn10.dll [18944 2020-12-04] (Softland) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\92.0.4515.107\Installer\chrmstp.exe [2021-07-23] (Google LLC -> Google LLC)
Lsa: [Notification Packages] scecli C:\Windows\system32\ScSecAuth.Dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk [2021-01-07]
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk [2021-01-07]
ShortcutTarget: Adobe Acrobat Synchronizer.lnk -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe (Adobe Systems, Incorporated -> )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FreeClip.lnk [2021-01-07]
ShortcutTarget: FreeClip.lnk -> C:\Program Files (x86)\FreeClip\FreeClip.exe (M8 Software) [File not signed]
Startup: C:\Users\Ravindra K. Banthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2021-01-12]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E3F85DE-932B-48D7-BA96-32CD014330BB} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [690616 2021-07-01] (Mozilla Corporation -> Mozilla Foundation)
Task: {10269BBC-A835-4661-B46F-DB670F447208} - System32\Tasks\WiseCleaner\WRCSkipUAC => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [10893616 2021-05-20] (Lespeed Technology Co., Ltd -> WiseCleaner.com)
Task: {3C72743C-2729-476E-88FD-79924A95DE41} - System32\Tasks\Quick Heal AntiMalware Scan => C:\Program Files\Quick Heal\Quick Heal Total Security\ASMAIN.EXE [410680 2020-03-13] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
Task: {521400EB-A109-487C-A367-8850DDC20F8F} - System32\Tasks\MyDefrag v4.3.1 Daily => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD [5663 2010-05-21] () [File not signed]
Task: {577D6CAD-7917-4E7A-AD98-1DE03E8188DB} - System32\Tasks\Resume Quickup Download => C:\Program Files\Quick Heal\Quick Heal Total Security\ACAPPAA.EXE [307768 2020-03-23] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
Task: {5E3E52D1-72FD-47C3-9932-C8B5B8D968A2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-12] (Google LLC -> Google LLC)
Task: {7F226E1B-511B-4CDB-962E-100767AE37D5} - System32\Tasks\FreeDownloadManagerHelperService => C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe [144896 2020-12-25] (Softdeluxe) [File not signed]
Task: {95B23FF1-7E38-4669-A290-F672C9A9D3B1} - System32\Tasks\MyDefrag v4.3.1 Monthly => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD [5626 2010-05-21] () [File not signed]
Task: {BF9ABA54-2A82-4DC0-B925-DBF82BFB06C5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-12] (Google LLC -> Google LLC)
Task: {D29530BC-BEBD-4ABD-997A-5E7D01456574} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1907712 2021-02-25] () [File not signed]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Quick Heal AntiMalware Scan.job => C:\Program Files\Quick Heal\Quick Heal Total Security\ASMAIN.EXE
Task: C:\Windows\Tasks\Resume Quickup Download.job => C:\Program Files\Quick Heal\Quick Heal Total Security\ACAPPAA.EXE

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.225.1
Tcpip\..\Interfaces\{420dcf99-50c0-45e4-8e5a-09f9703857d6}: [DhcpNameServer] 192.168.225.1
Tcpip\..\Interfaces\{95595449-04b6-4c07-922d-491c41c22c8b}: [DhcpNameServer] 192.168.225.1
Tcpip\..\Interfaces\{b2bee865-913d-4997-bd90-e880ad659852}: [DhcpNameServer] 192.168.225.1

Edge:
=======
Edge Profile: C:\Users\Ravindra K. Banthia\AppData\Local\Microsoft\Edge\User Data\Default [2021-07-31]
Edge Extension: (Outlook) - C:\Users\Ravindra K. Banthia\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2021-01-07]
Edge Extension: (Word) - C:\Users\Ravindra K. Banthia\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2021-01-07]
Edge Extension: (Excel) - C:\Users\Ravindra K. Banthia\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2021-01-07]
Edge Extension: (PowerPoint) - C:\Users\Ravindra K. Banthia\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2021-01-07]

FireFox:
========
FF DefaultProfile: r9801z1v.default
FF ProfilePath: C:\Users\Ravindra K. Banthia\AppData\Roaming\Mozilla\Firefox\Profiles\r9801z1v.default [2021-01-16]
FF ProfilePath: C:\Users\Ravindra K. Banthia\AppData\Roaming\Mozilla\Firefox\Profiles\27bfc060.default-release [2021-07-31]
FF Extension: (Free Download Manager) - C:\Users\Ravindra K. Banthia\AppData\Roaming\Mozilla\Firefox\Profiles\27bfc060.default-release\Extensions\fdm_ffext2@freedownloadmanager.org.xpi [2021-04-11]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default [2021-08-01]
CHR Notifications: Default -> hxxps://www.upwork.com
CHR NewTab: Default -> Not-active:"chrome-extension://jekkhdbkcbpelmgeekmdjnfapnecfmha/defaultHomePage.html"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=U501DF&PC=U501&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=U501DF&PC=U501&query={searchTerms}
CHR Extension: (Free Download Manager) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2021-02-15]
CHR Extension: (Privacy Pass) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajhmfdgkijocedmfjonnpjfojldioehi [2021-07-01]
CHR Extension: (AdGuard AdBlocker) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2021-06-04]
CHR Extension: (AutoplayStopper) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddcgojdblidajhngkogefpkknnebdh [2021-07-27]
CHR Extension: (Zotero Connector) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2021-07-23]
CHR Extension: (Read Aloud: A Text to Speech Voice Reader) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhinadidafjejdhmfkjgnolgimiaplp [2021-07-30]
CHR Extension: (Bing) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jekkhdbkcbpelmgeekmdjnfapnecfmha [2021-05-13]
CHR Extension: (Quick Heal Anti-Tracker) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmopofhkmbgdgakogbjcgfkblkdpglnj [2021-04-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Equalizer for YouTube™) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\oggiagogblgafoilijjdhcmflgekfmja [2021-01-07]
CHR Extension: (Chrome Media Router) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-24]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 arwsrvc; C:\Program Files\Quick Heal\Quick Heal Total Security\arwsrvc.exe [85536 2021-01-12] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R2 Behavior Detection System; C:\Program Files\Quick Heal\Quick Heal Total Security\bdssvc.exe [53880 2021-05-31] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R2 Core Mail Protection; C:\Program Files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE [138808 2021-06-21] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R2 Core Scanning Server; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [338576 2019-11-18] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
S3 Core Scanning ServerEx; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [338576 2019-11-18] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [43656 2020-12-04] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2021-01-07] (Macrovision Europe Ltd.) [File not signed]
S2 LmsaWindowsService; C:\Program Files (x86)\Rescue and Smart Assistant\LmsaWindowsService.exe [42624 2021-02-08] (Lenovo -> )
S2 NovaPdf10Server; C:\Program Files\Softland\novaPDF 10\Server\novapdfs.exe [52528 2020-12-04] (Softland SRL -> Microsoft)
R2 Online Protection System; C:\Program Files\Quick Heal\Quick Heal Total Security\opssvc.exe [158264 2020-03-23] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R2 Quick Update Service; C:\Program Files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe [264248 2020-02-24] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R2 RepairService; C:\Program Files\Quick Heal\Quick Heal Total Security\reprsvc.exe [90168 2020-04-09] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R2 ScanWscS; C:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE [438800 2020-05-13] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R2 ScSecSvc; C:\Program Files\Quick Heal\Quick Heal Total Security\ScSecSvc.exe [653968 2019-11-18] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [746688 2021-04-28] (Oracle Corporation -> Oracle Corporation)
R3 VssEaseusProvider; C:\Windows\system32\dllhost.exe /Processid:{0AB6C360-69E3-4A14-9072-36F8B71DE551} [21312 2020-10-10] (Microsoft Windows -> Microsoft Corporation)
S3 WD Backup Drive Helper; C:\Windows\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B} [19256 2020-10-10] (Microsoft Windows -> Microsoft Corporation)
S3 WD Backup Snapshot; C:\Windows\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD} [19256 2020-10-10] (Microsoft Windows -> Microsoft Corporation)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [366720 2020-05-29] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\NisSrv.exe [2665432 2021-07-30] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MsMpEng.exe [136640 2021-07-30] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 arwflt; C:\Windows\System32\DRIVERS\arwflt.sys [181032 2021-01-12] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R3 atkldrvr; C:\Windows\System32\DRIVERS\atkldrvr.sys [57144 2019-11-18] (Quick Heal Technologies Private Limited -> Quick Heal Technologies Ltd.)
R1 bdsflt; C:\Windows\System32\DRIVERS\bdsflt.sys [145920 2021-05-31] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
S4 bdsnm; C:\Windows\system32\DRIVERS\bdsnm.sys [49960 2021-01-12] (Quick Heal Technologies Private Limited -> Quick Heal Technologies Ltd.)
R3 bsfs; C:\Windows\System32\DRIVERS\bsfs.sys [96640 2019-11-18] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R2 catflt; C:\Windows\System32\DRIVERS\catflt.sys [308176 2021-06-02] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
S0 elamdrv; C:\Windows\System32\DRIVERS\elamdrv.sys [36824 2021-03-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Quick Heal Technologies Ltd.)
R2 emlssx; C:\Windows\system32\DRIVERS\emlssx.sys [49752 2020-09-21] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [74296 2020-11-27] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [53304 2020-09-29] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [22784 2020-02-24] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [341760 2020-02-24] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R1 ggc; C:\Windows\System32\DRIVERS\ggc.sys [98136 2020-03-20] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R3 kbfltr; C:\Windows\system32\DRIVERS\kbfltr.sys [39152 2019-11-18] (Quick Heal Technologies Private Limited -> Quick Heal Technologies Ltd.)
S3 llio; C:\Windows\system32\DRIVERS\llio.sys [91200 2019-11-18] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
S0 mscank; C:\Windows\System32\DRIVERS\mscank.sys [62192 2019-11-18] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
S3 mtkmbim; C:\Windows\System32\drivers\mtkmbim7_x64.sys [208896 2012-10-30] (MediaTek Inc.) [File not signed]
R1 networx; C:\Windows\System32\drivers\networx.sys [72632 2016-10-04] (SOFTPERFECT PTY. LTD. -> NetFilterSDK.com)
R3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [239616 2021-04-28] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [249536 2021-04-28] (Oracle Corporation -> Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [174968 2021-01-07] (Oracle Corporation -> Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49560 2021-07-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [425192 2021-07-30] (Microsoft Windows -> Microsoft Corporation)
S3 wdf_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [81408 2013-02-21] (MediaTek Inc.) [File not signed]
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [76008 2021-07-30] (Microsoft Windows -> Microsoft Corporation)
R0 webssx; C:\Windows\System32\drivers\webssx8.sys [109368 2021-06-21] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-08-01 00:32 - 2021-08-01 00:35 - 000000000 ____D C:\FRST
2021-07-31 23:46 - 2021-07-31 23:46 - 000001963 _____ C:\Users\Ravindra K. Banthia\Desktop\PC Health Check.lnk
2021-07-31 23:18 - 2021-07-31 23:46 - 000000000 ___RD C:\Users\Ravindra K. Banthia\AppData\Local\PCHealthCheck
2021-07-31 23:18 - 2021-07-31 23:18 - 000001429 _____ C:\Users\Ravindra K. Banthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-07-31 22:48 - 2021-07-31 22:48 - 000000000 ___HD C:\Users\Ravindra K. Banthia\ScStore
2021-07-31 00:51 - 2021-07-31 00:51 - 000011461 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-07-31 00:50 - 2021-07-31 00:50 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2021-07-31 00:49 - 2021-07-31 00:49 - 001823280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-07-31 00:49 - 2021-07-31 00:49 - 001393480 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-07-31 00:48 - 2021-07-31 00:48 - 000288768 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll
2021-07-30 20:34 - 2021-07-30 20:34 - 000001131 _____ C:\Users\Ravindra K. Banthia\Desktop\HTML - Shortcut.lnk
2021-07-29 22:58 - 2021-07-29 22:58 - 000020584 _____ C:\Users\Ravindra K. Banthia\.sambox.cache
2021-07-29 22:52 - 2021-07-29 22:52 - 000000000 ____D C:\Users\Ravindra K. Banthia\.openjfx
2021-07-27 20:44 - 2021-07-27 20:44 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\LocalLow\Temp
2021-07-24 03:11 - 2021-07-24 03:11 - 000001321 _____ C:\Users\Ravindra K. Banthia\Desktop\02 Epublishing - Shortcut.lnk
2021-07-23 05:21 - 2021-07-23 05:21 - 000001920 _____ C:\Users\Ravindra K. Banthia\Desktop\CCleaner64 - Shortcut.lnk
2021-07-16 02:13 - 2021-07-16 02:13 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsraLegacy.tlb
2021-07-16 02:13 - 2021-07-16 02:13 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
2021-07-16 02:13 - 2021-07-16 02:13 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rendezvousSession.tlb
2021-07-16 02:13 - 2021-07-16 02:13 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\rendezvousSession.tlb
2021-07-13 10:42 - 2021-07-13 10:42 - 000002285 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 4.5.lnk
2021-07-13 10:42 - 2021-07-13 10:42 - 000002273 _____ C:\Users\Public\Desktop\Adobe Digital Editions 4.5.lnk
2021-07-13 10:42 - 2021-07-13 10:42 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Local\Adobe_Systems_Incorporate
2021-07-13 10:42 - 2021-07-13 10:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2021-07-13 10:41 - 2021-07-13 11:13 - 000000000 ____D C:\Users\Ravindra K. Banthia\Documents\My Digital Editions
2021-07-12 19:07 - 2021-07-12 19:07 - 000000886 _____ C:\Users\Ravindra K. Banthia\Desktop\MyCalibre Library - Shortcut.lnk
2021-07-10 04:07 - 2021-07-10 04:07 - 000002376 _____ C:\Users\Ravindra K. Banthia\Desktop\Kindle.lnk
2021-07-10 04:07 - 2021-07-10 04:07 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2021-07-08 03:27 - 2021-07-08 03:27 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Local\DAISY_Consortium
2021-07-05 06:57 - 2021-07-05 06:57 - 000161911 _____ C:\Users\Ravindra K. Banthia\Downloads\a-room-of-ones-own-virginia-woolf-1929 (1).pdf
2021-07-04 22:10 - 2021-07-04 22:13 - 000388308 _____ C:\Users\Ravindra K. Banthia\Documents\02b Client testimonials Fiction children and young adult - writing and editing US.pdf
2021-07-02 05:53 - 2021-07-02 05:53 - 000001286 _____ C:\Users\Ravindra K. Banthia\Desktop\43_July_2021 - Shortcut.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-08-01 00:35 - 2021-01-07 04:06 - 000000000 ____D C:\Program Files (x86)\Google
2021-08-01 00:35 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\AppReadiness
2021-08-01 00:34 - 2019-12-07 14:44 - 000000000 ___HD C:\Program Files\WindowsApps
2021-08-01 00:34 - 2019-12-07 14:44 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-08-01 00:33 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\registration
2021-08-01 00:32 - 2020-09-27 13:23 - 000002448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-08-01 00:31 - 2021-01-13 12:12 - 000004196 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{0199AFB5-19A7-4371-A282-63D31743729E}
2021-07-31 22:55 - 2021-01-10 00:25 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Local\D3DSCache
2021-07-31 22:55 - 2021-01-07 02:47 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI
2021-07-31 22:55 - 2019-12-07 14:43 - 000000000 ____D C:\Windows\INF
2021-07-31 22:49 - 2021-01-06 23:26 - 000000000 __SHD C:\Users\Ravindra K. Banthia\IntelGraphicsProfiles
2021-07-31 22:48 - 2021-01-07 02:56 - 000000000 ____D C:\Users\Ravindra K. Banthia
2021-07-31 22:47 - 2020-09-27 13:21 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-07-31 22:47 - 2020-09-27 12:20 - 000008192 ___SH C:\DumpStack.log.tmp
2021-07-31 22:46 - 2019-12-07 14:33 - 000524288 _____ C:\Windows\system32\config\BBI
2021-07-31 22:41 - 2021-01-07 04:18 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Roaming\Notepad++
2021-07-31 22:09 - 2020-09-27 12:20 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-07-31 02:30 - 2021-01-19 14:04 - 000000000 ____D C:\temp
2021-07-31 01:22 - 2019-12-07 14:33 - 000032768 _____ C:\Windows\system32\config\ELAM
2021-07-31 01:19 - 2020-09-27 12:20 - 000306816 _____ C:\Windows\system32\FNTCACHE.DAT
2021-07-31 01:13 - 2019-12-07 14:44 - 000000000 ___SD C:\Windows\system32\UNP
2021-07-31 01:13 - 2019-12-07 14:44 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-07-31 01:13 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-07-31 01:13 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\SystemResources
2021-07-31 01:13 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\system32\oobe
2021-07-31 01:13 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\system32\Dism
2021-07-31 01:13 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\ShellComponents
2021-07-31 01:13 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\bcastdvr
2021-07-31 01:13 - 2019-12-07 14:33 - 000000000 ____D C:\Windows\servicing
2021-07-31 01:08 - 2019-12-07 14:33 - 000000000 ____D C:\Windows\CbsTemp
2021-07-31 00:08 - 2021-01-06 23:16 - 000000000 ___HD C:\$WinREAgent
2021-07-30 23:19 - 2020-09-27 13:21 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-07-30 21:54 - 2021-01-12 22:59 - 000000000 ____D C:\Windows\system32\gprodat
2021-07-30 20:23 - 2021-01-12 13:35 - 003593304 _____ C:\Users\Ravindra K. Banthia\Desktop\MS OneNote.one
2021-07-30 10:29 - 2021-01-07 04:05 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\LocalLow\Mozilla
2021-07-30 10:28 - 2021-01-07 04:05 - 000000000 ____D C:\ProgramData\Mozilla
2021-07-30 08:25 - 2020-09-27 13:23 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-07-30 08:25 - 2020-09-27 13:23 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-07-29 10:59 - 2021-03-08 04:23 - 000000000 ____D C:\Users\Ravindra K. Banthia\Documents\My Kindle Content
2021-07-29 03:29 - 2021-02-06 23:00 - 083369984 _____ C:\Windows\system32\config\software.rhk
2021-07-29 03:29 - 2021-02-06 23:00 - 004894720 _____ C:\Users\Ravindra K. Banthia\ntuser.rhk
2021-07-29 03:29 - 2021-02-06 23:00 - 000458752 _____ C:\Windows\system32\config\default.rhk
2021-07-29 03:29 - 2021-02-06 23:00 - 000081920 _____ C:\Windows\system32\config\sam.rhk
2021-07-29 03:29 - 2021-02-06 23:00 - 000049152 _____ C:\Windows\system32\config\security.rhk
2021-07-27 13:57 - 2021-01-19 01:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2021-07-26 20:48 - 2021-01-07 03:01 - 000003408 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1816540855-1781404652-3398414014-1001
2021-07-26 20:48 - 2021-01-07 03:01 - 000000000 ___RD C:\Users\Ravindra K. Banthia\OneDrive
2021-07-26 20:48 - 2021-01-07 02:56 - 000002435 _____ C:\Users\Ravindra K. Banthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-07-23 22:45 - 2021-01-12 22:01 - 000002257 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-07-23 22:45 - 2021-01-12 22:01 - 000002216 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-07-21 12:09 - 2021-01-07 04:03 - 000001314 _____ C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2021-07-21 12:09 - 2021-01-07 04:03 - 000000000 ____D C:\Windows\system32\Tasks\WiseCleaner
2021-07-21 12:09 - 2021-01-07 04:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2021-07-16 04:03 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-07-16 04:03 - 2019-12-07 14:44 - 000000000 ____D C:\Program Files\Common Files\System
2021-07-16 03:30 - 2021-01-12 22:01 - 000003418 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-07-16 03:30 - 2021-01-12 22:01 - 000003294 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-07-14 20:57 - 2021-01-06 23:31 - 000000000 ____D C:\Windows\system32\MRT
2021-07-14 20:46 - 2021-01-06 23:31 - 133422552 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-07-13 10:54 - 2021-01-07 03:44 - 000000000 ____D C:\ProgramData\Package Cache
2021-07-13 10:41 - 2021-01-07 04:24 - 000000000 ____D C:\Program Files (x86)\Adobe
2021-07-13 10:25 - 2021-01-07 22:26 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Local\PlaceholderTileLogoFolder
2021-07-13 10:25 - 2021-01-07 02:57 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Local\Packages
2021-07-12 02:35 - 2021-03-06 08:23 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Local\calibre-cache
2021-07-10 22:21 - 2021-03-06 19:06 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Roaming\calibre
2021-07-10 21:46 - 2021-03-06 19:05 - 000001009 _____ C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
2021-07-10 21:46 - 2021-01-07 04:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2021-07-10 21:45 - 2021-01-07 04:32 - 000000000 ____D C:\Program Files\Calibre2
2021-07-10 04:07 - 2021-01-07 04:33 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Local\Amazon
2021-07-08 12:51 - 2021-01-07 04:20 - 000001089 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2021-07-08 12:51 - 2021-01-07 04:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2021-07-08 11:50 - 2021-07-01 10:58 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-07-08 11:50 - 2021-01-07 04:05 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-07-06 16:39 - 2021-01-12 16:58 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Local\CrashDumps

==================== Files in the root of some directories ========

2021-02-25 03:38 - 2021-02-25 03:38 - 000000059 _____ () C:\Users\Ravindra K. Banthia\AppData\Roaming\Camdata.ini
2021-02-25 03:38 - 2021-02-25 03:38 - 000000408 _____ () C:\Users\Ravindra K. Banthia\AppData\Roaming\CamLayout.ini
2021-02-25 03:38 - 2021-02-25 03:38 - 000000408 _____ () C:\Users\Ravindra K. Banthia\AppData\Roaming\CamShapes.ini
2021-02-25 03:30 - 2021-02-25 03:38 - 000004536 _____ () C:\Users\Ravindra K. Banthia\AppData\Roaming\CamStudio.cfg
2021-02-25 03:20 - 2021-02-25 03:20 - 000000096 _____ () C:\Users\Ravindra K. Banthia\AppData\Roaming\version2.xml
2021-01-08 13:24 - 2021-01-26 22:17 - 000007603 _____ () C:\Users\Ravindra K. Banthia\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 

ravisunny2

Posts: 1,051   +11
Hi,

My PC seems to be taking longer to boot and shutdown.

Also, it seems to hang occasionally.

In particular, recently, I am having problems with a time-tracker by Upwork LLC.

Also, when I log in to Upwork.com, I am occasionally getting a reCAPTCHA with the following message:

“Please verify you are a human.

“Access to this page has been denied because we believe you are using automation tools to browse the website.

“This may happen as a result of the following:

• javascript is disabled or blocked by an extension (ad blockers for example)
• Your browser does not support cookies

“Please make sure that javascript and cookies are enabled on your browser and that you are not blockIng them from loading.

“Reference ID: #lOfbf98O-d9bc-1 1 eb-9044-1 1 6fdf7el 2f4”

------------------------

I normally use Google Chrome, and JavaScript and cookies are enabled.

I browse the web manually. I do not use any proxy.

I do use an ad-blocker, AdGuard AdBlocker, that has been around for quite some time and has not caused any problems with Upwork earlier.

However, I have disabled the ad-blocker for Upwork.

The Reference ID seems to vary.

About a month ago (when the problem first occurred after several years), I had raised the matter with Upwork, and their tech support had determined that the problem was with their software, not my PC.

However, the reCAPTCHA is occasionally being displayed again for the last two days.

This reCAPTCHA and the sluggish behavior of my PC has led me to suspect that some malware could be involved.

As instructed, I have pasted both the files FRST.txt and Addition.txt
 

ravisunny2

Posts: 1,051   +11
FRST.txt
-----------

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2021
Ran by Ravindra K. Banthia (administrator) on DESKTOP-JI0GMVB (BIOSTAR Group H61MLV3) (01-08-2021 00:34:05)
Running from F:\Work\A_Forums\Techspot\01 31 July 2021 Virus removal\Farbar Recovery Scan Tool 64-bit 19.07.2021
Loaded Profiles: Ravindra K. Banthia
Platform: Windows 10 Home Version 20H2 19042.1151 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\FastStone Capture\FSCapture.exe
(CHENGDU YIWO Tech Development Co., Ltd. -> ) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(M8 Software) [File not signed] C:\Program Files (x86)\FreeClip\FreeClip.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\Installer\setup.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15C64560-5E96-4F41-808C-083709DAE3FF}\EDGEMITMP_4F121.tmp\setup.exe <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15C64560-5E96-4F41-808C-083709DAE3FF}\MicrosoftEdge_X64_92.0.902.62_92.0.902.55.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe <2>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2106.14307.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.6282.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.6282.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(Quick Heal Technologies Limited -> ) C:\Program Files\Quick Heal\Quick Heal Total Security\BSSISS.EXE
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\ARWSRVC.EXE
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\BDSSVC.exe
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\emlproxy.exe
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\ONLINENT.EXE
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\OPSSVC.EXE
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\QHPISVR.EXE
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\QUHLPSVC.EXE
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\REPRSVC.EXE
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE
(Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\SCSECSVC.EXE
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Softdeluxe) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe
(Softdeluxe) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe
(SOFTPERFECT PTY. LTD. -> SoftPerfect) C:\Program Files\NetWorx\networx.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [7682888 2016-10-28] (SOFTPERFECT PTY. LTD. -> SoftPerfect)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16475392 2016-05-26] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Quick Heal Core UI] => C:\Program Files\Quick Heal\Quick Heal Total Security\strtupap.exe [265272 2020-03-23] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [24720 2020-05-11] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [2311840 2020-05-29] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TrayProcess] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayProcess.exe [1410184 2020-12-04] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\Run: [Free Download Manager] => C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe [4729344 2020-12-25] (Softdeluxe) [File not signed]
HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\Run: [Upwork] => C:\Users\Ravindra K. Banthia\AppData\Local\Programs\upwork\Upwork.exe [104590560 2020-11-04] (Upwork Global Inc. -> Upwork, Inc.)
HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [114012032 2021-07-20] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\...\Windows x64\Print Processors\HP1020PrintProc: C:\Windows\System32\spool\prtprocs\x64\pphp1020.dll [65024 2012-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\HPLJ1020LM: C:\Windows\system32\zlhp1020.dll [192512 2012-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\novaPDF 10 Port Monitor: C:\Windows\system32\novamn10.dll [18944 2020-12-04] (Softland) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\92.0.4515.107\Installer\chrmstp.exe [2021-07-23] (Google LLC -> Google LLC)
Lsa: [Notification Packages] scecli C:\Windows\system32\ScSecAuth.Dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk [2021-01-07]
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk [2021-01-07]
ShortcutTarget: Adobe Acrobat Synchronizer.lnk -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe (Adobe Systems, Incorporated -> )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FreeClip.lnk [2021-01-07]
ShortcutTarget: FreeClip.lnk -> C:\Program Files (x86)\FreeClip\FreeClip.exe (M8 Software) [File not signed]
Startup: C:\Users\Ravindra K. Banthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2021-01-12]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E3F85DE-932B-48D7-BA96-32CD014330BB} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [690616 2021-07-01] (Mozilla Corporation -> Mozilla Foundation)
Task: {10269BBC-A835-4661-B46F-DB670F447208} - System32\Tasks\WiseCleaner\WRCSkipUAC => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [10893616 2021-05-20] (Lespeed Technology Co., Ltd -> WiseCleaner.com)
Task: {3C72743C-2729-476E-88FD-79924A95DE41} - System32\Tasks\Quick Heal AntiMalware Scan => C:\Program Files\Quick Heal\Quick Heal Total Security\ASMAIN.EXE [410680 2020-03-13] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
Task: {521400EB-A109-487C-A367-8850DDC20F8F} - System32\Tasks\MyDefrag v4.3.1 Daily => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD [5663 2010-05-21] () [File not signed]
Task: {577D6CAD-7917-4E7A-AD98-1DE03E8188DB} - System32\Tasks\Resume Quickup Download => C:\Program Files\Quick Heal\Quick Heal Total Security\ACAPPAA.EXE [307768 2020-03-23] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
Task: {5E3E52D1-72FD-47C3-9932-C8B5B8D968A2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-12] (Google LLC -> Google LLC)
Task: {7F226E1B-511B-4CDB-962E-100767AE37D5} - System32\Tasks\FreeDownloadManagerHelperService => C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe [144896 2020-12-25] (Softdeluxe) [File not signed]
Task: {95B23FF1-7E38-4669-A290-F672C9A9D3B1} - System32\Tasks\MyDefrag v4.3.1 Monthly => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD [5626 2010-05-21] () [File not signed]
Task: {BF9ABA54-2A82-4DC0-B925-DBF82BFB06C5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-12] (Google LLC -> Google LLC)
Task: {D29530BC-BEBD-4ABD-997A-5E7D01456574} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1907712 2021-02-25] () [File not signed]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Quick Heal AntiMalware Scan.job => C:\Program Files\Quick Heal\Quick Heal Total Security\ASMAIN.EXE
Task: C:\Windows\Tasks\Resume Quickup Download.job => C:\Program Files\Quick Heal\Quick Heal Total Security\ACAPPAA.EXE

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.225.1
Tcpip\..\Interfaces\{420dcf99-50c0-45e4-8e5a-09f9703857d6}: [DhcpNameServer] 192.168.225.1
Tcpip\..\Interfaces\{95595449-04b6-4c07-922d-491c41c22c8b}: [DhcpNameServer] 192.168.225.1
Tcpip\..\Interfaces\{b2bee865-913d-4997-bd90-e880ad659852}: [DhcpNameServer] 192.168.225.1

Edge:
=======
Edge Profile: C:\Users\Ravindra K. Banthia\AppData\Local\Microsoft\Edge\User Data\Default [2021-07-31]
Edge Extension: (Outlook) - C:\Users\Ravindra K. Banthia\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2021-01-07]
Edge Extension: (Word) - C:\Users\Ravindra K. Banthia\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2021-01-07]
Edge Extension: (Excel) - C:\Users\Ravindra K. Banthia\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2021-01-07]
Edge Extension: (PowerPoint) - C:\Users\Ravindra K. Banthia\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2021-01-07]

FireFox:
========
FF DefaultProfile: r9801z1v.default
FF ProfilePath: C:\Users\Ravindra K. Banthia\AppData\Roaming\Mozilla\Firefox\Profiles\r9801z1v.default [2021-01-16]
FF ProfilePath: C:\Users\Ravindra K. Banthia\AppData\Roaming\Mozilla\Firefox\Profiles\27bfc060.default-release [2021-07-31]
FF Extension: (Free Download Manager) - C:\Users\Ravindra K. Banthia\AppData\Roaming\Mozilla\Firefox\Profiles\27bfc060.default-release\Extensions\fdm_ffext2@freedownloadmanager.org.xpi [2021-04-11]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default [2021-08-01]
CHR Notifications: Default -> hxxps://www.upwork.com
CHR NewTab: Default -> Not-active:"chrome-extension://jekkhdbkcbpelmgeekmdjnfapnecfmha/defaultHomePage.html"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=U501DF&PC=U501&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=U501DF&PC=U501&query={searchTerms}
CHR Extension: (Free Download Manager) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2021-02-15]
CHR Extension: (Privacy Pass) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajhmfdgkijocedmfjonnpjfojldioehi [2021-07-01]
CHR Extension: (AdGuard AdBlocker) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2021-06-04]
CHR Extension: (AutoplayStopper) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddcgojdblidajhngkogefpkknnebdh [2021-07-27]
CHR Extension: (Zotero Connector) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2021-07-23]
CHR Extension: (Read Aloud: A Text to Speech Voice Reader) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhinadidafjejdhmfkjgnolgimiaplp [2021-07-30]
CHR Extension: (Bing) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jekkhdbkcbpelmgeekmdjnfapnecfmha [2021-05-13]
CHR Extension: (Quick Heal Anti-Tracker) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmopofhkmbgdgakogbjcgfkblkdpglnj [2021-04-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Equalizer for YouTube™) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\oggiagogblgafoilijjdhcmflgekfmja [2021-01-07]
CHR Extension: (Chrome Media Router) - C:\Users\Ravindra K. Banthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-24]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 arwsrvc; C:\Program Files\Quick Heal\Quick Heal Total Security\arwsrvc.exe [85536 2021-01-12] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R2 Behavior Detection System; C:\Program Files\Quick Heal\Quick Heal Total Security\bdssvc.exe [53880 2021-05-31] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R2 Core Mail Protection; C:\Program Files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE [138808 2021-06-21] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R2 Core Scanning Server; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [338576 2019-11-18] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
S3 Core Scanning ServerEx; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [338576 2019-11-18] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [43656 2020-12-04] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2021-01-07] (Macrovision Europe Ltd.) [File not signed]
S2 LmsaWindowsService; C:\Program Files (x86)\Rescue and Smart Assistant\LmsaWindowsService.exe [42624 2021-02-08] (Lenovo -> )
S2 NovaPdf10Server; C:\Program Files\Softland\novaPDF 10\Server\novapdfs.exe [52528 2020-12-04] (Softland SRL -> Microsoft)
R2 Online Protection System; C:\Program Files\Quick Heal\Quick Heal Total Security\opssvc.exe [158264 2020-03-23] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R2 Quick Update Service; C:\Program Files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe [264248 2020-02-24] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R2 RepairService; C:\Program Files\Quick Heal\Quick Heal Total Security\reprsvc.exe [90168 2020-04-09] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R2 ScanWscS; C:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE [438800 2020-05-13] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R2 ScSecSvc; C:\Program Files\Quick Heal\Quick Heal Total Security\ScSecSvc.exe [653968 2019-11-18] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [746688 2021-04-28] (Oracle Corporation -> Oracle Corporation)
R3 VssEaseusProvider; C:\Windows\system32\dllhost.exe /Processid:{0AB6C360-69E3-4A14-9072-36F8B71DE551} [21312 2020-10-10] (Microsoft Windows -> Microsoft Corporation)
S3 WD Backup Drive Helper; C:\Windows\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B} [19256 2020-10-10] (Microsoft Windows -> Microsoft Corporation)
S3 WD Backup Snapshot; C:\Windows\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD} [19256 2020-10-10] (Microsoft Windows -> Microsoft Corporation)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [366720 2020-05-29] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\NisSrv.exe [2665432 2021-07-30] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MsMpEng.exe [136640 2021-07-30] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 arwflt; C:\Windows\System32\DRIVERS\arwflt.sys [181032 2021-01-12] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R3 atkldrvr; C:\Windows\System32\DRIVERS\atkldrvr.sys [57144 2019-11-18] (Quick Heal Technologies Private Limited -> Quick Heal Technologies Ltd.)
R1 bdsflt; C:\Windows\System32\DRIVERS\bdsflt.sys [145920 2021-05-31] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
S4 bdsnm; C:\Windows\system32\DRIVERS\bdsnm.sys [49960 2021-01-12] (Quick Heal Technologies Private Limited -> Quick Heal Technologies Ltd.)
R3 bsfs; C:\Windows\System32\DRIVERS\bsfs.sys [96640 2019-11-18] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R2 catflt; C:\Windows\System32\DRIVERS\catflt.sys [308176 2021-06-02] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
S0 elamdrv; C:\Windows\System32\DRIVERS\elamdrv.sys [36824 2021-03-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Quick Heal Technologies Ltd.)
R2 emlssx; C:\Windows\system32\DRIVERS\emlssx.sys [49752 2020-09-21] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [74296 2020-11-27] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [53304 2020-09-29] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [22784 2020-02-24] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [341760 2020-02-24] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R1 ggc; C:\Windows\System32\DRIVERS\ggc.sys [98136 2020-03-20] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
R3 kbfltr; C:\Windows\system32\DRIVERS\kbfltr.sys [39152 2019-11-18] (Quick Heal Technologies Private Limited -> Quick Heal Technologies Ltd.)
S3 llio; C:\Windows\system32\DRIVERS\llio.sys [91200 2019-11-18] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
S0 mscank; C:\Windows\System32\DRIVERS\mscank.sys [62192 2019-11-18] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
S3 mtkmbim; C:\Windows\System32\drivers\mtkmbim7_x64.sys [208896 2012-10-30] (MediaTek Inc.) [File not signed]
R1 networx; C:\Windows\System32\drivers\networx.sys [72632 2016-10-04] (SOFTPERFECT PTY. LTD. -> NetFilterSDK.com)
R3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [239616 2021-04-28] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [249536 2021-04-28] (Oracle Corporation -> Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [174968 2021-01-07] (Oracle Corporation -> Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49560 2021-07-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [425192 2021-07-30] (Microsoft Windows -> Microsoft Corporation)
S3 wdf_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [81408 2013-02-21] (MediaTek Inc.) [File not signed]
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [76008 2021-07-30] (Microsoft Windows -> Microsoft Corporation)
R0 webssx; C:\Windows\System32\drivers\webssx8.sys [109368 2021-06-21] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-08-01 00:32 - 2021-08-01 00:35 - 000000000 ____D C:\FRST
2021-07-31 23:46 - 2021-07-31 23:46 - 000001963 _____ C:\Users\Ravindra K. Banthia\Desktop\PC Health Check.lnk
2021-07-31 23:18 - 2021-07-31 23:46 - 000000000 ___RD C:\Users\Ravindra K. Banthia\AppData\Local\PCHealthCheck
2021-07-31 23:18 - 2021-07-31 23:18 - 000001429 _____ C:\Users\Ravindra K. Banthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-07-31 22:48 - 2021-07-31 22:48 - 000000000 ___HD C:\Users\Ravindra K. Banthia\ScStore
2021-07-31 00:51 - 2021-07-31 00:51 - 000011461 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-07-31 00:50 - 2021-07-31 00:50 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2021-07-31 00:49 - 2021-07-31 00:49 - 001823280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-07-31 00:49 - 2021-07-31 00:49 - 001393480 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-07-31 00:48 - 2021-07-31 00:48 - 000288768 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll
2021-07-30 20:34 - 2021-07-30 20:34 - 000001131 _____ C:\Users\Ravindra K. Banthia\Desktop\HTML - Shortcut.lnk
2021-07-29 22:58 - 2021-07-29 22:58 - 000020584 _____ C:\Users\Ravindra K. Banthia\.sambox.cache
2021-07-29 22:52 - 2021-07-29 22:52 - 000000000 ____D C:\Users\Ravindra K. Banthia\.openjfx
2021-07-27 20:44 - 2021-07-27 20:44 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\LocalLow\Temp
2021-07-24 03:11 - 2021-07-24 03:11 - 000001321 _____ C:\Users\Ravindra K. Banthia\Desktop\02 Epublishing - Shortcut.lnk
2021-07-23 05:21 - 2021-07-23 05:21 - 000001920 _____ C:\Users\Ravindra K. Banthia\Desktop\CCleaner64 - Shortcut.lnk
2021-07-16 02:13 - 2021-07-16 02:13 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsraLegacy.tlb
2021-07-16 02:13 - 2021-07-16 02:13 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
2021-07-16 02:13 - 2021-07-16 02:13 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rendezvousSession.tlb
2021-07-16 02:13 - 2021-07-16 02:13 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\rendezvousSession.tlb
2021-07-13 10:42 - 2021-07-13 10:42 - 000002285 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 4.5.lnk
2021-07-13 10:42 - 2021-07-13 10:42 - 000002273 _____ C:\Users\Public\Desktop\Adobe Digital Editions 4.5.lnk
2021-07-13 10:42 - 2021-07-13 10:42 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Local\Adobe_Systems_Incorporate
2021-07-13 10:42 - 2021-07-13 10:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2021-07-13 10:41 - 2021-07-13 11:13 - 000000000 ____D C:\Users\Ravindra K. Banthia\Documents\My Digital Editions
2021-07-12 19:07 - 2021-07-12 19:07 - 000000886 _____ C:\Users\Ravindra K. Banthia\Desktop\MyCalibre Library - Shortcut.lnk
2021-07-10 04:07 - 2021-07-10 04:07 - 000002376 _____ C:\Users\Ravindra K. Banthia\Desktop\Kindle.lnk
2021-07-10 04:07 - 2021-07-10 04:07 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2021-07-08 03:27 - 2021-07-08 03:27 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Local\DAISY_Consortium
2021-07-05 06:57 - 2021-07-05 06:57 - 000161911 _____ C:\Users\Ravindra K. Banthia\Downloads\a-room-of-ones-own-virginia-woolf-1929 (1).pdf
2021-07-04 22:10 - 2021-07-04 22:13 - 000388308 _____ C:\Users\Ravindra K. Banthia\Documents\02b Client testimonials Fiction children and young adult - writing and editing US.pdf
2021-07-02 05:53 - 2021-07-02 05:53 - 000001286 _____ C:\Users\Ravindra K. Banthia\Desktop\43_July_2021 - Shortcut.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-08-01 00:35 - 2021-01-07 04:06 - 000000000 ____D C:\Program Files (x86)\Google
2021-08-01 00:35 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\AppReadiness
2021-08-01 00:34 - 2019-12-07 14:44 - 000000000 ___HD C:\Program Files\WindowsApps
2021-08-01 00:34 - 2019-12-07 14:44 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-08-01 00:33 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\registration
2021-08-01 00:32 - 2020-09-27 13:23 - 000002448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-08-01 00:31 - 2021-01-13 12:12 - 000004196 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{0199AFB5-19A7-4371-A282-63D31743729E}
2021-07-31 22:55 - 2021-01-10 00:25 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Local\D3DSCache
2021-07-31 22:55 - 2021-01-07 02:47 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI
2021-07-31 22:55 - 2019-12-07 14:43 - 000000000 ____D C:\Windows\INF
2021-07-31 22:49 - 2021-01-06 23:26 - 000000000 __SHD C:\Users\Ravindra K. Banthia\IntelGraphicsProfiles
2021-07-31 22:48 - 2021-01-07 02:56 - 000000000 ____D C:\Users\Ravindra K. Banthia
2021-07-31 22:47 - 2020-09-27 13:21 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-07-31 22:47 - 2020-09-27 12:20 - 000008192 ___SH C:\DumpStack.log.tmp
2021-07-31 22:46 - 2019-12-07 14:33 - 000524288 _____ C:\Windows\system32\config\BBI
2021-07-31 22:41 - 2021-01-07 04:18 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Roaming\Notepad++
2021-07-31 22:09 - 2020-09-27 12:20 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-07-31 02:30 - 2021-01-19 14:04 - 000000000 ____D C:\temp
2021-07-31 01:22 - 2019-12-07 14:33 - 000032768 _____ C:\Windows\system32\config\ELAM
2021-07-31 01:19 - 2020-09-27 12:20 - 000306816 _____ C:\Windows\system32\FNTCACHE.DAT
2021-07-31 01:13 - 2019-12-07 14:44 - 000000000 ___SD C:\Windows\system32\UNP
2021-07-31 01:13 - 2019-12-07 14:44 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-07-31 01:13 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-07-31 01:13 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\SystemResources
2021-07-31 01:13 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\system32\oobe
2021-07-31 01:13 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\system32\Dism
2021-07-31 01:13 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\ShellComponents
2021-07-31 01:13 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\bcastdvr
2021-07-31 01:13 - 2019-12-07 14:33 - 000000000 ____D C:\Windows\servicing
2021-07-31 01:08 - 2019-12-07 14:33 - 000000000 ____D C:\Windows\CbsTemp
2021-07-31 00:08 - 2021-01-06 23:16 - 000000000 ___HD C:\$WinREAgent
2021-07-30 23:19 - 2020-09-27 13:21 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-07-30 21:54 - 2021-01-12 22:59 - 000000000 ____D C:\Windows\system32\gprodat
2021-07-30 20:23 - 2021-01-12 13:35 - 003593304 _____ C:\Users\Ravindra K. Banthia\Desktop\MS OneNote.one
2021-07-30 10:29 - 2021-01-07 04:05 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\LocalLow\Mozilla
2021-07-30 10:28 - 2021-01-07 04:05 - 000000000 ____D C:\ProgramData\Mozilla
2021-07-30 08:25 - 2020-09-27 13:23 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-07-30 08:25 - 2020-09-27 13:23 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-07-29 10:59 - 2021-03-08 04:23 - 000000000 ____D C:\Users\Ravindra K. Banthia\Documents\My Kindle Content
2021-07-29 03:29 - 2021-02-06 23:00 - 083369984 _____ C:\Windows\system32\config\software.rhk
2021-07-29 03:29 - 2021-02-06 23:00 - 004894720 _____ C:\Users\Ravindra K. Banthia\ntuser.rhk
2021-07-29 03:29 - 2021-02-06 23:00 - 000458752 _____ C:\Windows\system32\config\default.rhk
2021-07-29 03:29 - 2021-02-06 23:00 - 000081920 _____ C:\Windows\system32\config\sam.rhk
2021-07-29 03:29 - 2021-02-06 23:00 - 000049152 _____ C:\Windows\system32\config\security.rhk
2021-07-27 13:57 - 2021-01-19 01:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2021-07-26 20:48 - 2021-01-07 03:01 - 000003408 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1816540855-1781404652-3398414014-1001
2021-07-26 20:48 - 2021-01-07 03:01 - 000000000 ___RD C:\Users\Ravindra K. Banthia\OneDrive
2021-07-26 20:48 - 2021-01-07 02:56 - 000002435 _____ C:\Users\Ravindra K. Banthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-07-23 22:45 - 2021-01-12 22:01 - 000002257 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-07-23 22:45 - 2021-01-12 22:01 - 000002216 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-07-21 12:09 - 2021-01-07 04:03 - 000001314 _____ C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2021-07-21 12:09 - 2021-01-07 04:03 - 000000000 ____D C:\Windows\system32\Tasks\WiseCleaner
2021-07-21 12:09 - 2021-01-07 04:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2021-07-16 04:03 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-07-16 04:03 - 2019-12-07 14:44 - 000000000 ____D C:\Program Files\Common Files\System
2021-07-16 03:30 - 2021-01-12 22:01 - 000003418 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-07-16 03:30 - 2021-01-12 22:01 - 000003294 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-07-14 20:57 - 2021-01-06 23:31 - 000000000 ____D C:\Windows\system32\MRT
2021-07-14 20:46 - 2021-01-06 23:31 - 133422552 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-07-13 10:54 - 2021-01-07 03:44 - 000000000 ____D C:\ProgramData\Package Cache
2021-07-13 10:41 - 2021-01-07 04:24 - 000000000 ____D C:\Program Files (x86)\Adobe
2021-07-13 10:25 - 2021-01-07 22:26 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Local\PlaceholderTileLogoFolder
2021-07-13 10:25 - 2021-01-07 02:57 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Local\Packages
2021-07-12 02:35 - 2021-03-06 08:23 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Local\calibre-cache
2021-07-10 22:21 - 2021-03-06 19:06 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Roaming\calibre
2021-07-10 21:46 - 2021-03-06 19:05 - 000001009 _____ C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
2021-07-10 21:46 - 2021-01-07 04:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2021-07-10 21:45 - 2021-01-07 04:32 - 000000000 ____D C:\Program Files\Calibre2
2021-07-10 04:07 - 2021-01-07 04:33 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Local\Amazon
2021-07-08 12:51 - 2021-01-07 04:20 - 000001089 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2021-07-08 12:51 - 2021-01-07 04:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2021-07-08 11:50 - 2021-07-01 10:58 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-07-08 11:50 - 2021-01-07 04:05 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-07-06 16:39 - 2021-01-12 16:58 - 000000000 ____D C:\Users\Ravindra K. Banthia\AppData\Local\CrashDumps

==================== Files in the root of some directories ========

2021-02-25 03:38 - 2021-02-25 03:38 - 000000059 _____ () C:\Users\Ravindra K. Banthia\AppData\Roaming\Camdata.ini
2021-02-25 03:38 - 2021-02-25 03:38 - 000000408 _____ () C:\Users\Ravindra K. Banthia\AppData\Roaming\CamLayout.ini
2021-02-25 03:38 - 2021-02-25 03:38 - 000000408 _____ () C:\Users\Ravindra K. Banthia\AppData\Roaming\CamShapes.ini
2021-02-25 03:30 - 2021-02-25 03:38 - 000004536 _____ () C:\Users\Ravindra K. Banthia\AppData\Roaming\CamStudio.cfg
2021-02-25 03:20 - 2021-02-25 03:20 - 000000096 _____ () C:\Users\Ravindra K. Banthia\AppData\Roaming\version2.xml
2021-01-08 13:24 - 2021-01-26 22:17 - 000007603 _____ () C:\Users\Ravindra K. Banthia\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 

ravisunny2

Posts: 1,051   +11
Addition.txt
--------------

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2021
Ran by Ravindra K. Banthia (01-08-2021 00:40:33)
Running from F:\Work\A_Forums\Techspot\01 31 July 2021 Virus removal\Farbar Recovery Scan Tool 64-bit 19.07.2021
Windows 10 Home Version 20H2 19042.1151 (X64) (2021-01-06 21:13:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1816540855-1781404652-3398414014-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1816540855-1781404652-3398414014-503 - Limited - Disabled)
Guest (S-1-5-21-1816540855-1781404652-3398414014-501 - Limited - Disabled)
Ravindra K. Banthia (S-1-5-21-1816540855-1781404652-3398414014-1001 - Administrator - Enabled) => C:\Users\Ravindra K. Banthia
WDAGUtilityAccount (S-1-5-21-1816540855-1781404652-3398414014-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Quick Heal Total Security (Enabled - Up to date) {01EE101D-F008-6F2B-F147-BD7E5C2CD4BC}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Quick Heal Firewall (Enabled) {39D59138-BA67-6E73-DA18-144BA2FF93C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat 8 Professional - English, Français, Deutsch (HKLM-x32\...\Adobe Acrobat 8 Professional - English, Français, Deutsch) (Version: 8.0.0 - Adobe Systems)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.11 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\Amazon Kindle) (Version: 1.32.0.61109 - Amazon)
Audacity 3.0.2 (HKLM-x32\...\Audacity_is1) (Version: 3.0.2 - Audacity Team)
Belarc Advisor 9.0 (HKLM-x32\...\Belarc Advisor) (Version: 9.0.0.0 - Belarc Inc.)
calibre 64bit (HKLM\...\{0133867D-8A58-4FFF-94C6-F8628F413334}) (Version: 5.23.0 - Kovid Goyal)
doPDF (HKLM\...\{42D4A10B-34C7-41BD-9580-AF04CC5E67AB}) (Version: 10.9.133 - Softland) Hidden
doPDF 10 (HKLM-x32\...\{4191082a-bbb6-441a-af3f-1a151d71c639}) (Version: 10.9.133 - Softland)
doPDF 10 Printer Driver (HKLM\...\{A44E334A-6445-4527-A3B6-1654BD9E19CC}) (Version: 10.9.133 - Softland)
EaseUS Todo Backup Free 13.0 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 13.0 - CHENGDU YIWO Tech Development Co., Ltd)
Excel (HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
FastStone Capture 5.0 (HKLM-x32\...\FastStone Capture) (Version: 5.0 - FastStone Soft)
Free Download Manager (HKLM\...\{0C1D4CF2-5575-4786-834C-B0FC977E9714}}_is1) (Version: 6.13.0.3463 - Softdeluxe)
FreeFileSync 11.9 (HKLM-x32\...\FreeFileSync_is1) (Version: 11.9 - FreeFileSync.org)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 92.0.4515.107 - Google LLC)
HMG version 3.5 (HKLM-x32\...\{EF7B6617-5CE1-4555-B2F7-F996049C236E}_is1) (Version: 3.5 - HMG)
Java(TM) SE Development Kit 15.0.1 (64-bit) (HKLM\...\{E6A95593-92FB-518A-B2D5-5E9EE8CBEA82}) (Version: 15.0.1.0 - Oracle Corporation)
K-Lite Mega Codec Pack 16.0.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 16.0.5 - KLCP)
M8 Free Multi Clipboard (HKLM-x32\...\M8 Free Multi Clipboard) (Version: - )
Mediatek RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.39.173 - MediatekWiFi)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.62 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\OneDriveSetup.exe) (Version: 21.129.0627.0002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.26.28808 (HKLM-x32\...\{78079cc3-1f6e-47f6-b4d6-105f08b89409}) (Version: 14.26.28808.1 - Microsoft Corporation)
Mozilla Firefox 89.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 89.0.2 (x64 en-US)) (Version: 89.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 84.0.1 - Mozilla)
MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)
NetWorx 5.5.5 (HKLM\...\NetWorx_is1) (Version: - Softperfect)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.9.5 - Notepad++ Team)
Oracle VM VirtualBox 6.1.22 (HKLM\...\{573CC601-ED8D-450F-BE6F-A313DD77A4A0}) (Version: 6.1.22 - Oracle Corporation)
Outlook (HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
PDFsam Basic (HKLM\...\{7F18B231-F783-4FBB-9AA7-C40C6A48907C}) (Version: 4.1.4.0 - Sober Lemur S.a.s. di Vacondio Andrea)
PowerPoint (HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
Quick Heal Total Security (HKLM\...\{75DEED91-7B14-49DC-A5F3-B60E633AC4A5}) (Version: 19.00 - Quick Heal) Hidden
Quick Heal Total Security (HKLM\...\Quick Heal Total Security) (Version: 19.00 - Quick Heal Technologies Ltd.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7831 - Realtek Semiconductor Corp.)
Rescue and Smart Assistant (HKLM-x32\...\Rescue and Smart Assistant) (Version: 5.5.0.9 - Lenovo)
Revo Uninstaller 2.2.8 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.2.8 - VS Revo Group, Ltd.)
Skype version 8.74 (HKLM-x32\...\Skype_is1) (Version: 8.74 - Skype Technologies S.A.)
SpywareBlaster 6.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 6.0.0 - BrightFort LLC)
TDM-GCC (HKLM-x32\...\TDM-GCC) (Version: 1.2001.0 - TDM)
Turbo C++ 3.2 (HKLM-x32\...\{16FEECA3-A0BF-44ED-A894-C0E7B29FAA2B}) (Version: 3.2.3.0 - Turbo C++)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Upwork 5.4.9.6 (HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\93035758-0b9f-537e-bffc-381e80344cc8) (Version: 5.4.9 - Upwork, Inc.)
WD Backup (HKLM-x32\...\{2d518703-86c4-46c8-99c1-f3789dd3ecd0}) (Version: 1.9.7435.38388 - Western Digital Technologies, Inc.)
WD Backup (HKLM-x32\...\{5491B486-8812-4202-AB8C-865AB636ACF0}) (Version: 1.9.7435.38388 - Western Digital Technologies, Inc) Hidden
WD Drive Utilities (HKLM-x32\...\{3CF15262-0E5C-4BFE-AA93-D611E8F18D71}) (Version: 2.0.0.76 - Western Digital Technologies, Inc.) Hidden
WD Drive Utilities (HKLM-x32\...\{f7fe19a0-12b9-4318-95fd-0579f21114f0}) (Version: 2.0.0.76 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{965D28B5-3C86-41FD-994E-D6376815C9B3}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{327CA54B-8D15-4BE2-A4D2-868194BF7B97}) (Version: 2.0.0.76 - Western Digital Technologies, Inc.) Hidden
WD Security (HKLM-x32\...\{9629d8ce-7cc4-4142-b7f8-2c003f1c6613}) (Version: 2.0.0.76 - Western Digital Technologies, Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23258 - Microsoft Corporation)
Windows Desktop Gadgets (HKLM\...\Windows Desktop Gadgets_is1) (Version: 2.0 - hxxp://gadgetsrevived.com)
Windows PC Health Check (HKLM\...\{00DC4B60-5FC9-4629-8147-EF81ADF0EEA6}) (Version: 2.3.2106.25001 - Microsoft Corporation)
Wise Registry Cleaner 10.3.5 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 10.3.5 - WiseCleaner.com, Inc.)
Word (HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)
x86_64-8.1.0-posix-seh-rt_v6-rev0 (HKLM-x32\...\x86_64-8.1.0-posix-seh-rt_v6-rev0) (Version: - MinGW-W64)

Packages:
=========
freda epub ebook reader -> C:\Program Files\WindowsApps\5957Turnipsoft.freda_4.39.4.0_x64__ypmq2qh89vmny [2021-07-13] (Turnipsoft)
GIF Maker, Video To GIF - GIF Viewer -> C:\Program Files\WindowsApps\39691Videopix.GIFMakerVideoToGIF-GIFViewer_3.1.12.0_x64__dxz7h1qnd1pge [2021-06-17] (Videopix)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.6151.0_x64__8wekyb3d8bbwe [2021-07-08] (Microsoft Studios) [MS Ad]
Perfect PDF Reader -> C:\Program Files\WindowsApps\softXpansion.PDFXpansionReader_14.1.2.0_x64__v5pctc89tt44g [2021-04-17] (soft Xpansion)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1-x32: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [2006-10-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2020-11-02] (Notepad++ -> )
ContextMenuHandlers1: [DeleteSecurely] -> {13C39C87-76A0-4CD6-A2E8-2984C6B84160} => C:\Program Files\Quick Heal\Quick Heal Total Security\PCTuner\sdshell.dll [2019-11-18] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
ContextMenuHandlers1: [QHFLVLT] -> {5BB5EA17-7B93-426A-99E5-358CF6CDDED1} => C:\Program Files\Quick Heal\Quick Heal Total Security\flvltext.dll [2020-03-13] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
ContextMenuHandlers1: [RCScan] -> {362A3A82-5EF4-422F-817F-A17EBA53E67C} => C:\Program Files\Quick Heal\Quick Heal Total Security\RCSCAN.DLL [2020-03-23] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2020-12-04] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2020-12-04] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DeleteSecurely] -> {13C39C87-76A0-4CD6-A2E8-2984C6B84160} => C:\Program Files\Quick Heal\Quick Heal Total Security\PCTuner\sdshell.dll [2019-11-18] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2020-12-04] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-05-04] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6-x32: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [2006-10-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [DeleteSecurely] -> {13C39C87-76A0-4CD6-A2E8-2984C6B84160} => C:\Program Files\Quick Heal\Quick Heal Total Security\PCTuner\sdshell.dll [2019-11-18] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
ContextMenuHandlers6: [QHFLVLT] -> {5BB5EA17-7B93-426A-99E5-358CF6CDDED1} => C:\Program Files\Quick Heal\Quick Heal Total Security\flvltext.dll [2020-03-13] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
ContextMenuHandlers6: [RCScan] -> {362A3A82-5EF4-422F-817F-A17EBA53E67C} => C:\Program Files\Quick Heal\Quick Heal Total Security\RCSCAN.DLL [2020-03-23] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-08] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [310784 2019-12-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-08] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284160 2019-12-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Ravindra K. Banthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MinGW-W64 project\x86_64-8.1.0-posix-seh-rt_v6-rev0\Run terminal.lnk -> C:\Mingw64\mingw-w64.bat ()
ShortcutWithArgument: C:\Users\Ravindra K. Banthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm
ShortcutWithArgument: C:\Users\Ravindra K. Banthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb
ShortcutWithArgument: C:\Users\Ravindra K. Banthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf
ShortcutWithArgument: C:\Users\Ravindra K. Banthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi

==================== Loaded Modules (Whitelisted) =============

2021-01-15 23:01 - 2020-02-24 13:05 - 001291264 _____ () [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2021-01-15 23:01 - 2020-02-24 13:05 - 000055808 _____ () [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2021-01-07 04:09 - 2016-10-17 16:46 - 000831488 _____ () [File not signed] C:\Program Files\NetWorx\sqlite.dll
2021-01-15 23:01 - 2020-02-24 13:05 - 000892928 _____ (Free Software Foundation) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\iconv.dll
2021-01-07 04:08 - 2019-02-21 21:30 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2021-01-07 04:38 - 2012-07-26 14:19 - 000087552 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Windows Sidebar\sbdrop.dll
2021-01-07 04:04 - 2020-12-25 21:19 - 000078336 _____ (Softdeluxe) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\downloadsbatch.dll
2021-01-07 04:04 - 2020-12-25 21:20 - 003210240 _____ (Softdeluxe) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\downloadsbt.dll
2021-01-07 04:04 - 2020-12-25 21:20 - 000485376 _____ (Softdeluxe) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\downloadsms.dll
2021-01-07 04:04 - 2020-12-25 21:20 - 000271872 _____ (Softdeluxe) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\downloadswww.dll
2021-01-07 04:04 - 2020-12-25 21:17 - 000033792 _____ (Softdeluxe) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\logger.dll
2021-01-07 04:04 - 2020-12-25 21:19 - 000291840 _____ (Softdeluxe) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\vmsclshared.dll
2021-01-07 04:04 - 2020-12-25 21:17 - 000040960 _____ (Softdeluxe) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\winunivappfeatures.dll
2020-12-04 17:01 - 2020-12-04 17:01 - 000018944 _____ (Softland) [File not signed] C:\Windows\System32\novamn10.dll
2021-01-15 23:01 - 2020-02-24 13:06 - 001359872 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\LIBEAY32.dll
2021-01-15 23:01 - 2020-02-24 13:06 - 000365056 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\SSLEAY32.dll
2021-01-07 04:04 - 2020-05-28 03:46 - 002837504 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\libcrypto-1_1-x64.dll
2021-01-07 04:04 - 2020-05-28 03:46 - 000681472 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\libssl-1_1-x64.dll
2021-01-07 04:04 - 2020-12-25 21:20 - 005972464 _____ (The Qt Company Oy -> The Qt Company Ltd.) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\Qt5Core.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [274]
AlternateDataStreams: C:\Users\Ravindra K. Banthia\Downloads\a-room-of-ones-own-virginia-woolf-1929 (1).pdf:SandBoxSafeFile [0]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2019-01-26] (Belarc, Inc. -> Belarc, Inc.)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 14:44 - 2021-07-31 22:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

2021-02-04 02:07 - 2021-02-04 14:03 - 000000442 _____ C:\Windows\system32\drivers\etc\hosts.ics
192.168.225.36 DESKTOP-JI0GMVB.mshome.net # 2026 2 2 3 8 33 58 706

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Calibre2\;C:\Cygwin\bin;;C:\TDM-GCC-64\bin
HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.225.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
WiFi: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Ethernet 2: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
VirtualBox Host-Only Network: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Ethernet: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "Adobe Acrobat Synchronizer.lnk"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "WDAppManager"
HKLM\...\StartupApproved\Run32: => "DriveUtilitiesHelper"
HKLM\...\StartupApproved\Run32: => "WD Quick View"
HKLM\...\StartupApproved\Run32: => "TrayProcess"
HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\StartupApproved\StartupFolder: => "OneNote 2007 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\StartupApproved\Run: => "Free Download Manager"
HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\StartupApproved\Run: => "Skype for Desktop"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E140A385-5AF5-4371-8358-337A77718F30}] => (Allow) C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe (Softdeluxe) [File not signed]
FirewallRules: [{9E437487-47E3-4495-81B7-7F5739E16E68}] => (Allow) C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe (Softdeluxe) [File not signed]
FirewallRules: [{24BA1DF7-2528-4569-933C-ADC96B5C3505}] => (Allow) C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe (Softdeluxe) [File not signed]
FirewallRules: [{C745ACED-A805-4A98-9E0C-36328282C813}] => (Allow) C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe (Softdeluxe) [File not signed]
FirewallRules: [{45D7883E-A50B-4787-A154-F7904AF0C1A2}] => (Allow) C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe (Softdeluxe) [File not signed]
FirewallRules: [{74452541-AF05-405D-A220-789C3D094A57}] => (Allow) C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe (Softdeluxe) [File not signed]
FirewallRules: [{082F69F3-9C82-4804-A4FA-457C107B489A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F8BDAAC0-C193-486F-9C16-76645CD5BC53}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0D730357-192B-48D8-A883-A6D186152853}] => (Allow) C:\Program Files\NetWorx\networx.exe (SOFTPERFECT PTY. LTD. -> SoftPerfect)
FirewallRules: [{BF89D085-D3C2-4C40-87F5-3D0369812DB8}] => (Allow) LPort=8501
FirewallRules: [{191D5F9A-1F39-4B47-BD92-1D8A33D2A5BB}] => (Allow) LPort=8501
FirewallRules: [{57D41C04-CACA-4D4B-BF43-DB703627AED7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{675EAD9F-B7F8-41E2-9125-2367C5CA5FC1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E1927755-ADE4-4DE6-ABDB-1F93B3C9063A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9BEC5DD7-4F75-447D-A967-2DF492F1C71E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{289E9DC5-0D33-4F17-9909-C6F229A8E467}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{8E58194E-765E-4A8D-9EF9-6B6D5589F3B4}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{BCE69BA7-E3E1-45C4-8D89-E87C0F7E29E1}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{06D019FD-8DC5-4ABE-A7CF-E68B6BFD5F44}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{3E216CCB-61E1-4AD6-A84F-66B2DB44F35F}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
FirewallRules: [{97C2C776-AA15-48C5-969B-DA5699525041}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
FirewallRules: [TCP Query User{60FD577B-F01C-4549-8936-0226439F290B}C:\users\ravindra k. banthia\appdata\local\programs\upwork\upwork.exe] => (Allow) C:\users\ravindra k. banthia\appdata\local\programs\upwork\upwork.exe (Upwork Global Inc. -> Upwork, Inc.)
FirewallRules: [UDP Query User{9C730B4F-BC61-4C05-825E-760829A162E2}C:\users\ravindra k. banthia\appdata\local\programs\upwork\upwork.exe] => (Allow) C:\users\ravindra k. banthia\appdata\local\programs\upwork\upwork.exe (Upwork Global Inc. -> Upwork, Inc.)
FirewallRules: [{73A8CC65-CC27-4F10-94DB-CEAAD4EAF122}] => (Block) C:\users\ravindra k. banthia\appdata\local\programs\upwork\upwork.exe (Upwork Global Inc. -> Upwork, Inc.)
FirewallRules: [{C31C88B6-2D94-4C63-92CB-06662320615A}] => (Block) C:\users\ravindra k. banthia\appdata\local\programs\upwork\upwork.exe (Upwork Global Inc. -> Upwork, Inc.)
FirewallRules: [{FA027631-038D-43E6-A92D-7802FB1868DD}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{17D7EEEA-6A18-459F-9247-D0EAFC1736A6}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{78B37312-C81F-40EA-82E8-6E3CDAE18C36}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

30-07-2021 22:54:49 Windows Modules Installer
31-07-2021 00:06:06 Windows Modules Installer
31-07-2021 00:17:31 Windows Modules Installer
31-07-2021 23:17:51 Installed Windows PC Health Check

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (07/31/2021 10:42:49 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (07/31/2021 10:42:49 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (07/31/2021 10:42:49 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (07/31/2021 10:42:49 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (07/31/2021 01:35:06 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (07/31/2021 01:35:06 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (07/31/2021 01:35:06 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (07/31/2021 01:35:06 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]


System errors:
=============
Error: (07/31/2021 10:49:52 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

Error: (07/31/2021 10:48:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LmsaWindowsService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (07/31/2021 10:48:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the LmsaWindowsService service to connect.

Error: (07/31/2021 10:48:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NovaPdf10Server service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (07/31/2021 10:48:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the NovaPdf10Server service to connect.

Error: (07/31/2021 10:48:04 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

Error: (07/31/2021 10:47:42 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

Error: (07/31/2021 10:43:18 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the arwsrvc service.


Windows Defender:
================
Date: 2021-06-21 12:28:27
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-06-20 13:32:59
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-06-19 11:37:09
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-06-18 10:53:52
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-06-17 11:41:33
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-07-30 22:58:54
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.341.1174.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18200.4
Error code: 0x80072f8f
Error description: A security error occurred

Date: 2021-07-30 22:58:54
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.341.1174.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18200.4
Error code: 0x80072f8f
Error description: A security error occurred

Date: 2021-07-30 22:58:54
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.341.1174.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18200.4
Error code: 0x80072f8f
Error description: A security error occurred

Date: 2021-06-22 00:08:38
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.341.1174.0
Previous security intelligence Version: 1.339.1178.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.18200.4
Previous Engine Version: 1.1.18100.6
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2021-06-22 00:08:38
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.341.1174.0
Previous security intelligence Version: 1.339.1178.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.18200.4
Previous Engine Version: 1.1.18100.6
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

CodeIntegrity:
===============
Date: 2021-05-19 06:29:36
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2021-01-31 16:43:41
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 4.6.5 03/20/2014
Motherboard: BIOSTAR Group H61MLV3
Processor: Intel(R) Pentium(R) CPU G2030 @ 3.00GHz
Percentage of memory in use: 74%
Total physical RAM: 3993.54 MB
Available physical RAM: 1022.19 MB
Total Virtual: 8089.54 MB
Available Virtual: 5036.71 MB

==================== Drives ================================

Drive c: (Sam_System) (Fixed) (Total:99.95 GB) (Free:38.62 GB) NTFS
Drive d: (Sam_General) (Fixed) (Total:75 GB) (Free:24.95 GB) NTFS
Drive e: (Sam_Rest) (Fixed) (Total:75 GB) (Free:29.88 GB) NTFS
Drive f: (Sam_Work) (Fixed) (Total:48.08 GB) (Free:20.3 GB) NTFS

\\?\Volume{5f34daa0-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 5F34DAA0)
Partition 1: (Active) - (Size=50 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=99.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=198.1 GB) - (Type=0F Extended)

==================== End of Addition.txt =======================
 

Broni

Posts: 55,829   +503
I still need second log from FRST.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 

ravisunny2

Posts: 1,051   +11
Hi Broni,

Sorry, I'm not sure what went wrong.

I thought I had posted both the text files.

Addition.txt
--------------
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2021
Ran by Ravindra K. Banthia (01-08-2021 00:40:33)
Running from F:\Work\A_Forums\Techspot\01 31 July 2021 Virus removal\Farbar Recovery Scan Tool 64-bit 19.07.2021
Windows 10 Home Version 20H2 19042.1151 (X64) (2021-01-06 21:13:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1816540855-1781404652-3398414014-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1816540855-1781404652-3398414014-503 - Limited - Disabled)
Guest (S-1-5-21-1816540855-1781404652-3398414014-501 - Limited - Disabled)
Ravindra K. Banthia (S-1-5-21-1816540855-1781404652-3398414014-1001 - Administrator - Enabled) => C:\Users\Ravindra K. Banthia
WDAGUtilityAccount (S-1-5-21-1816540855-1781404652-3398414014-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Quick Heal Total Security (Enabled - Up to date) {01EE101D-F008-6F2B-F147-BD7E5C2CD4BC}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Quick Heal Firewall (Enabled) {39D59138-BA67-6E73-DA18-144BA2FF93C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat 8 Professional - English, Français, Deutsch (HKLM-x32\...\Adobe Acrobat 8 Professional - English, Français, Deutsch) (Version: 8.0.0 - Adobe Systems)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.11 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\Amazon Kindle) (Version: 1.32.0.61109 - Amazon)
Audacity 3.0.2 (HKLM-x32\...\Audacity_is1) (Version: 3.0.2 - Audacity Team)
Belarc Advisor 9.0 (HKLM-x32\...\Belarc Advisor) (Version: 9.0.0.0 - Belarc Inc.)
calibre 64bit (HKLM\...\{0133867D-8A58-4FFF-94C6-F8628F413334}) (Version: 5.23.0 - Kovid Goyal)
doPDF (HKLM\...\{42D4A10B-34C7-41BD-9580-AF04CC5E67AB}) (Version: 10.9.133 - Softland) Hidden
doPDF 10 (HKLM-x32\...\{4191082a-bbb6-441a-af3f-1a151d71c639}) (Version: 10.9.133 - Softland)
doPDF 10 Printer Driver (HKLM\...\{A44E334A-6445-4527-A3B6-1654BD9E19CC}) (Version: 10.9.133 - Softland)
EaseUS Todo Backup Free 13.0 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 13.0 - CHENGDU YIWO Tech Development Co., Ltd)
Excel (HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
FastStone Capture 5.0 (HKLM-x32\...\FastStone Capture) (Version: 5.0 - FastStone Soft)
Free Download Manager (HKLM\...\{0C1D4CF2-5575-4786-834C-B0FC977E9714}}_is1) (Version: 6.13.0.3463 - Softdeluxe)
FreeFileSync 11.9 (HKLM-x32\...\FreeFileSync_is1) (Version: 11.9 - FreeFileSync.org)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 92.0.4515.107 - Google LLC)
HMG version 3.5 (HKLM-x32\...\{EF7B6617-5CE1-4555-B2F7-F996049C236E}_is1) (Version: 3.5 - HMG)
Java(TM) SE Development Kit 15.0.1 (64-bit) (HKLM\...\{E6A95593-92FB-518A-B2D5-5E9EE8CBEA82}) (Version: 15.0.1.0 - Oracle Corporation)
K-Lite Mega Codec Pack 16.0.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 16.0.5 - KLCP)
M8 Free Multi Clipboard (HKLM-x32\...\M8 Free Multi Clipboard) (Version: - )
Mediatek RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.39.173 - MediatekWiFi)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.62 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\OneDriveSetup.exe) (Version: 21.129.0627.0002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.26.28808 (HKLM-x32\...\{78079cc3-1f6e-47f6-b4d6-105f08b89409}) (Version: 14.26.28808.1 - Microsoft Corporation)
Mozilla Firefox 89.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 89.0.2 (x64 en-US)) (Version: 89.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 84.0.1 - Mozilla)
MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)
NetWorx 5.5.5 (HKLM\...\NetWorx_is1) (Version: - Softperfect)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.9.5 - Notepad++ Team)
Oracle VM VirtualBox 6.1.22 (HKLM\...\{573CC601-ED8D-450F-BE6F-A313DD77A4A0}) (Version: 6.1.22 - Oracle Corporation)
Outlook (HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
PDFsam Basic (HKLM\...\{7F18B231-F783-4FBB-9AA7-C40C6A48907C}) (Version: 4.1.4.0 - Sober Lemur S.a.s. di Vacondio Andrea)
PowerPoint (HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
Quick Heal Total Security (HKLM\...\{75DEED91-7B14-49DC-A5F3-B60E633AC4A5}) (Version: 19.00 - Quick Heal) Hidden
Quick Heal Total Security (HKLM\...\Quick Heal Total Security) (Version: 19.00 - Quick Heal Technologies Ltd.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7831 - Realtek Semiconductor Corp.)
Rescue and Smart Assistant (HKLM-x32\...\Rescue and Smart Assistant) (Version: 5.5.0.9 - Lenovo)
Revo Uninstaller 2.2.8 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.2.8 - VS Revo Group, Ltd.)
Skype version 8.74 (HKLM-x32\...\Skype_is1) (Version: 8.74 - Skype Technologies S.A.)
SpywareBlaster 6.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 6.0.0 - BrightFort LLC)
TDM-GCC (HKLM-x32\...\TDM-GCC) (Version: 1.2001.0 - TDM)
Turbo C++ 3.2 (HKLM-x32\...\{16FEECA3-A0BF-44ED-A894-C0E7B29FAA2B}) (Version: 3.2.3.0 - Turbo C++)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Upwork 5.4.9.6 (HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\93035758-0b9f-537e-bffc-381e80344cc8) (Version: 5.4.9 - Upwork, Inc.)
WD Backup (HKLM-x32\...\{2d518703-86c4-46c8-99c1-f3789dd3ecd0}) (Version: 1.9.7435.38388 - Western Digital Technologies, Inc.)
WD Backup (HKLM-x32\...\{5491B486-8812-4202-AB8C-865AB636ACF0}) (Version: 1.9.7435.38388 - Western Digital Technologies, Inc) Hidden
WD Drive Utilities (HKLM-x32\...\{3CF15262-0E5C-4BFE-AA93-D611E8F18D71}) (Version: 2.0.0.76 - Western Digital Technologies, Inc.) Hidden
WD Drive Utilities (HKLM-x32\...\{f7fe19a0-12b9-4318-95fd-0579f21114f0}) (Version: 2.0.0.76 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{965D28B5-3C86-41FD-994E-D6376815C9B3}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{327CA54B-8D15-4BE2-A4D2-868194BF7B97}) (Version: 2.0.0.76 - Western Digital Technologies, Inc.) Hidden
WD Security (HKLM-x32\...\{9629d8ce-7cc4-4142-b7f8-2c003f1c6613}) (Version: 2.0.0.76 - Western Digital Technologies, Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23258 - Microsoft Corporation)
Windows Desktop Gadgets (HKLM\...\Windows Desktop Gadgets_is1) (Version: 2.0 - hxxp://gadgetsrevived.com)
Windows PC Health Check (HKLM\...\{00DC4B60-5FC9-4629-8147-EF81ADF0EEA6}) (Version: 2.3.2106.25001 - Microsoft Corporation)
Wise Registry Cleaner 10.3.5 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 10.3.5 - WiseCleaner.com, Inc.)
Word (HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)
x86_64-8.1.0-posix-seh-rt_v6-rev0 (HKLM-x32\...\x86_64-8.1.0-posix-seh-rt_v6-rev0) (Version: - MinGW-W64)

Packages:
=========
freda epub ebook reader -> C:\Program Files\WindowsApps\5957Turnipsoft.freda_4.39.4.0_x64__ypmq2qh89vmny [2021-07-13] (Turnipsoft)
GIF Maker, Video To GIF - GIF Viewer -> C:\Program Files\WindowsApps\39691Videopix.GIFMakerVideoToGIF-GIFViewer_3.1.12.0_x64__dxz7h1qnd1pge [2021-06-17] (Videopix)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.6151.0_x64__8wekyb3d8bbwe [2021-07-08] (Microsoft Studios) [MS Ad]
Perfect PDF Reader -> C:\Program Files\WindowsApps\softXpansion.PDFXpansionReader_14.1.2.0_x64__v5pctc89tt44g [2021-04-17] (soft Xpansion)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1-x32: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [2006-10-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2020-11-02] (Notepad++ -> )
ContextMenuHandlers1: [DeleteSecurely] -> {13C39C87-76A0-4CD6-A2E8-2984C6B84160} => C:\Program Files\Quick Heal\Quick Heal Total Security\PCTuner\sdshell.dll [2019-11-18] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
ContextMenuHandlers1: [QHFLVLT] -> {5BB5EA17-7B93-426A-99E5-358CF6CDDED1} => C:\Program Files\Quick Heal\Quick Heal Total Security\flvltext.dll [2020-03-13] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
ContextMenuHandlers1: [RCScan] -> {362A3A82-5EF4-422F-817F-A17EBA53E67C} => C:\Program Files\Quick Heal\Quick Heal Total Security\RCSCAN.DLL [2020-03-23] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2020-12-04] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2020-12-04] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DeleteSecurely] -> {13C39C87-76A0-4CD6-A2E8-2984C6B84160} => C:\Program Files\Quick Heal\Quick Heal Total Security\PCTuner\sdshell.dll [2019-11-18] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2020-12-04] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-05-04] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6-x32: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [2006-10-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [DeleteSecurely] -> {13C39C87-76A0-4CD6-A2E8-2984C6B84160} => C:\Program Files\Quick Heal\Quick Heal Total Security\PCTuner\sdshell.dll [2019-11-18] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
ContextMenuHandlers6: [QHFLVLT] -> {5BB5EA17-7B93-426A-99E5-358CF6CDDED1} => C:\Program Files\Quick Heal\Quick Heal Total Security\flvltext.dll [2020-03-13] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
ContextMenuHandlers6: [RCScan] -> {362A3A82-5EF4-422F-817F-A17EBA53E67C} => C:\Program Files\Quick Heal\Quick Heal Total Security\RCSCAN.DLL [2020-03-23] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-08] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [310784 2019-12-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-08] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284160 2019-12-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Ravindra K. Banthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MinGW-W64 project\x86_64-8.1.0-posix-seh-rt_v6-rev0\Run terminal.lnk -> C:\Mingw64\mingw-w64.bat ()
ShortcutWithArgument: C:\Users\Ravindra K. Banthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm
ShortcutWithArgument: C:\Users\Ravindra K. Banthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb
ShortcutWithArgument: C:\Users\Ravindra K. Banthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf
ShortcutWithArgument: C:\Users\Ravindra K. Banthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi

==================== Loaded Modules (Whitelisted) =============

2021-01-15 23:01 - 2020-02-24 13:05 - 001291264 _____ () [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2021-01-15 23:01 - 2020-02-24 13:05 - 000055808 _____ () [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2021-01-07 04:09 - 2016-10-17 16:46 - 000831488 _____ () [File not signed] C:\Program Files\NetWorx\sqlite.dll
2021-01-15 23:01 - 2020-02-24 13:05 - 000892928 _____ (Free Software Foundation) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\iconv.dll
2021-01-07 04:08 - 2019-02-21 21:30 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2021-01-07 04:38 - 2012-07-26 14:19 - 000087552 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Windows Sidebar\sbdrop.dll
2021-01-07 04:04 - 2020-12-25 21:19 - 000078336 _____ (Softdeluxe) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\downloadsbatch.dll
2021-01-07 04:04 - 2020-12-25 21:20 - 003210240 _____ (Softdeluxe) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\downloadsbt.dll
2021-01-07 04:04 - 2020-12-25 21:20 - 000485376 _____ (Softdeluxe) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\downloadsms.dll
2021-01-07 04:04 - 2020-12-25 21:20 - 000271872 _____ (Softdeluxe) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\downloadswww.dll
2021-01-07 04:04 - 2020-12-25 21:17 - 000033792 _____ (Softdeluxe) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\logger.dll
2021-01-07 04:04 - 2020-12-25 21:19 - 000291840 _____ (Softdeluxe) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\vmsclshared.dll
2021-01-07 04:04 - 2020-12-25 21:17 - 000040960 _____ (Softdeluxe) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\winunivappfeatures.dll
2020-12-04 17:01 - 2020-12-04 17:01 - 000018944 _____ (Softland) [File not signed] C:\Windows\System32\novamn10.dll
2021-01-15 23:01 - 2020-02-24 13:06 - 001359872 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\LIBEAY32.dll
2021-01-15 23:01 - 2020-02-24 13:06 - 000365056 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\SSLEAY32.dll
2021-01-07 04:04 - 2020-05-28 03:46 - 002837504 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\libcrypto-1_1-x64.dll
2021-01-07 04:04 - 2020-05-28 03:46 - 000681472 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\libssl-1_1-x64.dll
2021-01-07 04:04 - 2020-12-25 21:20 - 005972464 _____ (The Qt Company Oy -> The Qt Company Ltd.) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\Qt5Core.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [274]
AlternateDataStreams: C:\Users\Ravindra K. Banthia\Downloads\a-room-of-ones-own-virginia-woolf-1929 (1).pdf:SandBoxSafeFile [0]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2019-01-26] (Belarc, Inc. -> Belarc, Inc.)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 14:44 - 2021-07-31 22:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

2021-02-04 02:07 - 2021-02-04 14:03 - 000000442 _____ C:\Windows\system32\drivers\etc\hosts.ics
192.168.225.36 DESKTOP-JI0GMVB.mshome.net # 2026 2 2 3 8 33 58 706

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Calibre2\;C:\Cygwin\bin;;C:\TDM-GCC-64\bin
HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.225.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
WiFi: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Ethernet 2: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
VirtualBox Host-Only Network: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Ethernet: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "Adobe Acrobat Synchronizer.lnk"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "WDAppManager"
HKLM\...\StartupApproved\Run32: => "DriveUtilitiesHelper"
HKLM\...\StartupApproved\Run32: => "WD Quick View"
HKLM\...\StartupApproved\Run32: => "TrayProcess"
HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\StartupApproved\StartupFolder: => "OneNote 2007 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\StartupApproved\Run: => "Free Download Manager"
HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1816540855-1781404652-3398414014-1001\...\StartupApproved\Run: => "Skype for Desktop"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E140A385-5AF5-4371-8358-337A77718F30}] => (Allow) C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe (Softdeluxe) [File not signed]
FirewallRules: [{9E437487-47E3-4495-81B7-7F5739E16E68}] => (Allow) C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe (Softdeluxe) [File not signed]
FirewallRules: [{24BA1DF7-2528-4569-933C-ADC96B5C3505}] => (Allow) C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe (Softdeluxe) [File not signed]
FirewallRules: [{C745ACED-A805-4A98-9E0C-36328282C813}] => (Allow) C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe (Softdeluxe) [File not signed]
FirewallRules: [{45D7883E-A50B-4787-A154-F7904AF0C1A2}] => (Allow) C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe (Softdeluxe) [File not signed]
FirewallRules: [{74452541-AF05-405D-A220-789C3D094A57}] => (Allow) C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe (Softdeluxe) [File not signed]
FirewallRules: [{082F69F3-9C82-4804-A4FA-457C107B489A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F8BDAAC0-C193-486F-9C16-76645CD5BC53}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0D730357-192B-48D8-A883-A6D186152853}] => (Allow) C:\Program Files\NetWorx\networx.exe (SOFTPERFECT PTY. LTD. -> SoftPerfect)
FirewallRules: [{BF89D085-D3C2-4C40-87F5-3D0369812DB8}] => (Allow) LPort=8501
FirewallRules: [{191D5F9A-1F39-4B47-BD92-1D8A33D2A5BB}] => (Allow) LPort=8501
FirewallRules: [{57D41C04-CACA-4D4B-BF43-DB703627AED7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{675EAD9F-B7F8-41E2-9125-2367C5CA5FC1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E1927755-ADE4-4DE6-ABDB-1F93B3C9063A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9BEC5DD7-4F75-447D-A967-2DF492F1C71E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{289E9DC5-0D33-4F17-9909-C6F229A8E467}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{8E58194E-765E-4A8D-9EF9-6B6D5589F3B4}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{BCE69BA7-E3E1-45C4-8D89-E87C0F7E29E1}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{06D019FD-8DC5-4ABE-A7CF-E68B6BFD5F44}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{3E216CCB-61E1-4AD6-A84F-66B2DB44F35F}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
FirewallRules: [{97C2C776-AA15-48C5-969B-DA5699525041}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
FirewallRules: [TCP Query User{60FD577B-F01C-4549-8936-0226439F290B}C:\users\ravindra k. banthia\appdata\local\programs\upwork\upwork.exe] => (Allow) C:\users\ravindra k. banthia\appdata\local\programs\upwork\upwork.exe (Upwork Global Inc. -> Upwork, Inc.)
FirewallRules: [UDP Query User{9C730B4F-BC61-4C05-825E-760829A162E2}C:\users\ravindra k. banthia\appdata\local\programs\upwork\upwork.exe] => (Allow) C:\users\ravindra k. banthia\appdata\local\programs\upwork\upwork.exe (Upwork Global Inc. -> Upwork, Inc.)
FirewallRules: [{73A8CC65-CC27-4F10-94DB-CEAAD4EAF122}] => (Block) C:\users\ravindra k. banthia\appdata\local\programs\upwork\upwork.exe (Upwork Global Inc. -> Upwork, Inc.)
FirewallRules: [{C31C88B6-2D94-4C63-92CB-06662320615A}] => (Block) C:\users\ravindra k. banthia\appdata\local\programs\upwork\upwork.exe (Upwork Global Inc. -> Upwork, Inc.)
FirewallRules: [{FA027631-038D-43E6-A92D-7802FB1868DD}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{17D7EEEA-6A18-459F-9247-D0EAFC1736A6}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{78B37312-C81F-40EA-82E8-6E3CDAE18C36}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

30-07-2021 22:54:49 Windows Modules Installer
31-07-2021 00:06:06 Windows Modules Installer
31-07-2021 00:17:31 Windows Modules Installer
31-07-2021 23:17:51 Installed Windows PC Health Check

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (07/31/2021 10:42:49 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (07/31/2021 10:42:49 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (07/31/2021 10:42:49 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (07/31/2021 10:42:49 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (07/31/2021 01:35:06 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (07/31/2021 01:35:06 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (07/31/2021 01:35:06 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (07/31/2021 01:35:06 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]


System errors:
=============
Error: (07/31/2021 10:49:52 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

Error: (07/31/2021 10:48:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LmsaWindowsService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (07/31/2021 10:48:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the LmsaWindowsService service to connect.

Error: (07/31/2021 10:48:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NovaPdf10Server service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (07/31/2021 10:48:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the NovaPdf10Server service to connect.

Error: (07/31/2021 10:48:04 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

Error: (07/31/2021 10:47:42 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

Error: (07/31/2021 10:43:18 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the arwsrvc service.


Windows Defender:
================
Date: 2021-06-21 12:28:27
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-06-20 13:32:59
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-06-19 11:37:09
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-06-18 10:53:52
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-06-17 11:41:33
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-07-30 22:58:54
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.341.1174.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18200.4
Error code: 0x80072f8f
Error description: A security error occurred

Date: 2021-07-30 22:58:54
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.341.1174.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18200.4
Error code: 0x80072f8f
Error description: A security error occurred

Date: 2021-07-30 22:58:54
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.341.1174.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18200.4
Error code: 0x80072f8f
Error description: A security error occurred

Date: 2021-06-22 00:08:38
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.341.1174.0
Previous security intelligence Version: 1.339.1178.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.18200.4
Previous Engine Version: 1.1.18100.6
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2021-06-22 00:08:38
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.341.1174.0
Previous security intelligence Version: 1.339.1178.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.18200.4
Previous Engine Version: 1.1.18100.6
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

CodeIntegrity:
===============
Date: 2021-05-19 06:29:36
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2021-01-31 16:43:41
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 4.6.5 03/20/2014
Motherboard: BIOSTAR Group H61MLV3
Processor: Intel(R) Pentium(R) CPU G2030 @ 3.00GHz
Percentage of memory in use: 74%
Total physical RAM: 3993.54 MB
Available physical RAM: 1022.19 MB
Total Virtual: 8089.54 MB
Available Virtual: 5036.71 MB

==================== Drives ================================

Drive c: (Sam_System) (Fixed) (Total:99.95 GB) (Free:38.62 GB) NTFS
Drive d: (Sam_General) (Fixed) (Total:75 GB) (Free:24.95 GB) NTFS
Drive e: (Sam_Rest) (Fixed) (Total:75 GB) (Free:29.88 GB) NTFS
Drive f: (Sam_Work) (Fixed) (Total:48.08 GB) (Free:20.3 GB) NTFS

\\?\Volume{5f34daa0-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 5F34DAA0)
Partition 1: (Active) - (Size=50 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=99.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=198.1 GB) - (Type=0F Extended)

==================== End of Addition.txt =======================
 

Broni

Posts: 55,829   +503
Yes, you can. Just make sure you avoid registry cleaning.

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 

ravisunny2

Posts: 1,051   +11
RogueKiller Report
-----------------------

RogueKiller Anti-Malware V15.0.8.0 (x64) [Jul 13 2021] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19042) 64-bit
Started in : Normal mode
User : Ravindra K. Banthia [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20210729_115300, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2021/08/01 03:37:30 (Duration : 00:29:53)
Switches : -minimize

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
---------------------------------------------------

Malwarebytes Report
--------------------------

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 01/08/2021
Scan Time: 12:53
Log File: 53a6c6ac-f299-11eb-bc1d-b8975a9c4784.json

-Software Information-
Version: 4.4.4.126
Components Version: 1.0.1404
Update Package Version: 1.0.43788
Licence: Trial

-System Information-
OS: Windows 10 (Build 19042.1151)
CPU: x64
File System: NTFS
User: DESKTOP-JI0GMVB\Ravindra K. Banthia

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 306636
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 8 min, 26 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

------------------------------------------------------------------------

AdwCleaner Reports
---------------------------

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build: 06-29-2021
# Database: 2021-06-29.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 08-01-2021
# Duration: 00:00:18
# OS: Windows 10 Home
# Scanned: 31988
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

----------------------------------------

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build: 06-29-2021
# Database: 2021-06-29.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-01-2021
# Duration: 00:00:16
# OS: Windows 10 Home
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1406 octets] - [01/08/2021 13:21:38]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

Broni

Posts: 55,829   +503
I don't see anything malicious there.
As for your problems, I suggest new topic in Windows forum.
 

ravisunny2

Posts: 1,051   +11
Thank you for your help, Broni.

I will post my problems in a new topic as you have suggested.

Best regards,
Ravindra