PakseFrustration
Posts: 16 +0
Hello,
My laptop will not stay connected to the WiFi anywhere in town for more than a few minutes at a time. Special notes: I am living in a guesthouse in Southern Laos so I do not have access to the router, my cell phone has no issues connecting or staying connected to the WiFi.
Here are the logs from FARBAR:
FRST. txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-08-2020
Ran by SONY (administrator) on SONY-PC (Sony Corporation VGN-NW125J) (12-08-2020 11:44:38)
Running from C:\Users\SONY\Desktop
Loaded Profiles: SONY
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Eltima Software -> Eltima Software) C:\Program Files (x86)\Eltima Software\Recover PDF Password\agent\RPPc.exe
(FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksde.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksdeui.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\avp.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\avpui.exe
(KeepSolid Inc.) [File not signed] C:\Program Files (x86)\VPN Unlimited\vpn-unlimited-daemon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM\ DisallowedCertificates: 1990649205B55EAB5D692E9EDB1BE0DDD3B037DE (Sennheiser) <==== ATTENTION
HKLM\ DisallowedCertificates: C597D4E7FF9CE5BD3EC321C11827FCA9294A6BA1 (DarkMatter CA) <==== ATTENTION
HKU\S-1-5-21-1738186064-958222864-1310178189-1000\...\Run: [Google Update] => C:\Users\SONY\AppData\Local\Google\Update\1.3.35.452\GoogleUpdateCore.exe [217544 2020-03-21] (Google LLC -> Google LLC)
HKU\S-1-5-21-1738186064-958222864-1310178189-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\SYSTEM32\AdobePDF.dll [55432 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb] -> Internet Explorer (Enable DEP)
HKLM\Software\...\AppCompatFlags\InstalledSDB\{a9264802-8a7a-40fe-a135-5c6d204aed7a}: [DatabasePath] -> C:\Windows\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb [2011-12-19]
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2020-05-04] (Adobe Inc. -> Adobe Systems, Inc.)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {15CC6238-46AF-4196-A3A6-1C01E25DBFFD} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1738186064-958222864-1310178189-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781} C:\Windows\System32\gameux.dll [2746368 2019-05-15] (Microsoft Windows -> Microsoft Corporation)
Task: {3297F8F9-9C2F-443D-8F38-B5E161CA62C9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-06-08] (Adobe Inc. -> Adobe)
Task: {46B59945-5228-40B4-BF53-FB0DDB36BFB1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1738186064-958222864-1310178189-1000Core => C:\Users\SONY\AppData\Local\Google\Update\GoogleUpdate.exe [156456 2019-06-18] (Google Inc -> Google LLC)
Task: {5B85198A-9CDE-4E46-B35C-DCE34FCC286C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1738186064-958222864-1310178189-1000UA => C:\Users\SONY\AppData\Local\Google\Update\GoogleUpdate.exe [156456 2019-06-18] (Google Inc -> Google LLC)
Task: {709E935D-D367-409A-95DE-D297EA1E8457} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [123600 2020-08-01] (Mozilla Corporation -> Mozilla Foundation)
Task: {7D277012-2A2B-4AA0-A999-42D676AF6D99} - System32\Tasks\klcp_update => CodecTweakTool.exe
Task: {886452C0-6EAB-4A3E-839E-EE48C828B265} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_344_pepper.exe [1453624 2020-03-11] (Adobe Inc. -> Adobe)
Task: {E447FBFF-FB27-477B-B95F-7FB5C5BECE4E} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [491320 2020-05-12] (Bitdefender SRL -> Bitdefender)
Task: {E71BADFF-7089-4E55-A27A-E2C8F4E50416} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_371_Plugin.exe [1458232 2020-06-08] (Adobe Inc. -> Adobe)
Task: {F8F09A42-CE5C-4982-9A58-C0BB037A550C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1331792 2020-05-07] (Adobe Inc. -> Adobe Inc.)
Task: {FE3A9D98-5056-4B9B-A05F-8A5B56C80858} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}.job => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 183.182.100.1 8.8.4.4
Tcpip\..\Interfaces\{310A450C-2256-4579-ACF9-3D29393C4556}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{4E57A67F-2F45-4C15-9AA6-EAE31389E3C6}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{4E57A67F-2F45-4C15-9AA6-EAE31389E3C6}: [DhcpNameServer] 183.182.100.1 8.8.4.4
Tcpip\..\Interfaces\{CD144B2F-7574-4F66-A738-3DB8C758D9BA}: [NameServer] 10.100.0.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1738186064-958222864-1310178189-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.msn.com/?pc=U453&ocid=U453DHP&osmkt=en-us
HKU\S-1-5-21-1738186064-958222864-1310178189-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1738186064-958222864-1310178189-1000 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
BHO: Kaspersky Protection -> {9F904093-6E18-4536-BF5F-B03689CF00F0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\IEExt\ie_plugin.dll [2020-07-23] (Kaspersky Lab -> AO Kaspersky Lab)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Kaspersky Protection -> {9F904093-6E18-4536-BF5F-B03689CF00F0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\IEExt\ie_plugin.dll [2020-07-23] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-29] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-29] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Kaspersky Protection Toolbar - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\IEExt\ie_plugin.dll [2020-07-23] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-29] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\IEExt\ie_plugin.dll [2020-07-23] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-1738186064-958222864-1310178189-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
FireFox:
========
FF DefaultProfile: ytww0b7u.default
FF ProfilePath: C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\ytww0b7u.default [2020-06-25]
FF Homepage: Mozilla\Firefox\Profiles\ytww0b7u.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10420__191126
FF NewTab: Mozilla\Firefox\Profiles\ytww0b7u.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10420__191126
FF Extension: (Avast Online Security) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\ytww0b7u.default\Extensions\wrc@avast.com.xpi [2020-02-08]
FF ProfilePath: C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\i4fl49ei.default-release [2020-08-12]
FF NewTab: Mozilla\Firefox\Profiles\i4fl49ei.default-release -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10420__191126
FF Extension: (Privacy Badger) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\i4fl49ei.default-release\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2020-07-24]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\i4fl49ei.default-release\Extensions\sp@avast.com.xpi [2020-07-04]
FF Extension: (LastPass: Free Password Manager) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\i4fl49ei.default-release\Extensions\support@lastpass.com.xpi [2020-08-05]
FF Extension: (uBlock Origin) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\i4fl49ei.default-release\Extensions\uBlock0@raymondhill.net.xpi [2020-08-12]
FF Extension: (Avast Online Security) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\i4fl49ei.default-release\Extensions\wrc@avast.com.xpi [2020-06-17]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_371.dll [2020-06-08] (Adobe Inc. -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_371.dll [2020-06-08] (Adobe Inc. -> )
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-04] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2020-07-23] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2020-07-23] <==== ATTENTION
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default [2020-08-12]
CHR DownloadDir: C:\Users\SONY\Desktop
CHR Notifications: Default -> hxxps://166716742877603.webpush.freshchat.com; hxxps://app.slack.com; hxxps://voice.google.com
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Extension: (Docs) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-06-15]
CHR Extension: (Google Drive) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-06-15]
CHR Extension: (YouTube) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-06-15]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-08-08]
CHR Extension: (MozBar) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2019-11-03]
CHR Extension: (Adobe Acrobat) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-08-06]
CHR Extension: (Kaspersky Protection) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\elhpdacimkjpccooodognopfhbdgnpbk [2020-07-23]
CHR Extension: (Google Docs Offline) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-08-07]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2019-06-18]
CHR Extension: (Keywords Everywhere - Keyword Tool) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbapdpeemoojbophdfndmlgdhppljgmp [2020-08-09]
CHR Extension: (Tag Assistant (by Google)) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2020-05-21]
CHR Extension: (Evernote Web) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2019-06-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-05]
CHR Extension: (Gmail) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-06-15]
CHR Extension: (Chrome Media Router) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-07-25]
CHR Profile: C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1 [2020-04-01]
CHR Extension: (Slides) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-06-18]
CHR Extension: (Docs) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2019-06-18]
CHR Extension: (Google Drive) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-06-18]
CHR Extension: (YouTube) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-06-18]
CHR Extension: (Adobe Acrobat) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-03-10]
CHR Extension: (Sheets) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-06-18]
CHR Extension: (Google Docs Offline) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-01-05]
CHR Extension: (Gmail) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-06-18]
CHR Extension: (Chrome Media Router) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-01]
CHR Profile: C:\Users\SONY\AppData\Local\Google\Chrome\User Data\System Profile [2019-06-19]
CHR HKLM\...\Chrome\Extension: [elhpdacimkjpccooodognopfhbdgnpbk] - hxxps://chrome.google.com/webstore/detail/elhpdacimkjpccooodognopfhbdgnpbk
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-11-01]
CHR HKLM-x32\...\Chrome\Extension: [elhpdacimkjpccooodognopfhbdgnpbk] - hxxps://chrome.google.com/webstore/detail/elhpdacimkjpccooodognopfhbdgnpbk
StartMenuInternet: Google Chrome.OZ6TULZGLO2PJGYLWWOESANBQM - C:\Users\SONY\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-06-08] (Adobe Inc. -> Adobe)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3673680 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3406416 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AVP20.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\avp.exe [357416 2019-03-21] (Kaspersky Lab -> AO Kaspersky Lab)
R2 FoxitReaderUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe [1995184 2020-04-29] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
S3 klvssbridge64_20.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\vssbridge64.exe [438928 2019-03-21] (Kaspersky Lab -> AO Kaspersky Lab)
R2 KSDE4.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksde.exe [619752 2019-03-21] (Kaspersky Lab -> AO Kaspersky Lab)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1352120 2020-05-12] (Bitdefender SRL -> Bitdefender)
R2 RppClientService; C:\Program Files (x86)\Eltima Software\Recover PDF Password\agent\RPPc.exe [687104 2012-04-20] (Eltima Software -> Eltima Software)
R2 VPNUnlimitedService; C:\Program Files (x86)\VPN Unlimited\vpn-unlimited-daemon.exe [49664 2020-06-29] (KeepSolid Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2019-05-15] (Microsoft Windows -> Microsoft Corporation)
S3 WireGuardTunnel$VPNUWireguard; C:\Program Files (x86)\VPN Unlimited\WireVPNUImpl.exe [17920 2020-05-21] () [File not signed]
R2 wuauserv; C:\Windows\system32\wuaueng2.dll [2651648 2019-05-16] (Microsoft Corporation) [File not signed]
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [246912 2019-02-16] (Kaspersky Lab -> AO Kaspersky Lab)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [531584 2019-03-18] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [79768 2020-05-19] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [145504 2020-05-19] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [93312 2019-03-12] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [251800 2020-05-19] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klgse; C:\Windows\System32\DRIVERS\klgse.sys [643840 2020-06-26] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [1277704 2020-06-26] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [998296 2020-05-19] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klim6; C:\Windows\System32\DRIVERS\klim6.sys [58192 2019-03-19] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [79760 2020-05-19] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [59512 2019-03-18] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [51328 2019-03-13] (Kaspersky Lab -> AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [48592 2018-03-16] (AnchorFree Inc -> The OpenVPN Project)
R1 klwfp; C:\Windows\System32\DRIVERS\klwfp.sys [105600 2019-03-05] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [211048 2020-05-19] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [232344 2020-05-19] (Kaspersky Lab -> AO Kaspersky Lab)
R2 rimsptsk; C:\Windows\System32\DRIVERS\rimspx64.sys [55296 2009-06-25] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
R3 SFEP; C:\Windows\System32\DRIVERS\SFEP.sys [11392 2007-08-03] (Microsoft Windows Hardware Compatibility Publisher -> Sony Corporation)
S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2019-06-19] (TunnelBear, Inc. -> The OpenVPN Project)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 tapprotonvpn; C:\Windows\System32\DRIVERS\tapprotonvpn.sys [35768 2018-09-07] (ProtonVPN AG -> The OpenVPN Project)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R3 wintun; C:\Windows\System32\DRIVERS\wintun.sys [29576 2019-12-30] (WireGuard LLC -> WireGuard LLC)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [398112 2011-09-14] (Marvell Semiconductor -> Marvell)
S3 ApfiltrService; system32\DRIVERS\Apfiltr.sys [X]
U1 aswbdisk; no ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-08-12 11:44 - 2020-08-12 11:46 - 000027734 _____ C:\Users\SONY\Desktop\FRST.txt
2020-08-12 11:44 - 2020-08-12 11:44 - 000000000 ____D C:\Users\SONY\Desktop\FRST-OlderVersion
2020-08-10 12:13 - 2020-08-10 12:13 - 000527441 _____ C:\Users\SONY\Desktop\Companies-1 (1).csv
2020-08-04 13:01 - 2020-08-12 11:44 - 002296320 _____ (Farbar) C:\Users\SONY\Desktop\FRST64.exe
2020-08-03 16:56 - 2020-08-12 11:43 - 000000000 ____D C:\Users\SONY\Desktop\UK Work
2020-08-03 16:55 - 2020-08-03 19:50 - 000000000 ____D C:\Users\SONY\Desktop\Work
2020-08-01 12:53 - 2020-08-04 18:23 - 000000000 ____D C:\Users\SONY\AppData\LocalLow\uTorrent
2020-08-01 10:49 - 2020-08-01 10:49 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2020-08-01 10:48 - 2020-08-01 10:48 - 000000740 _____ C:\Users\SONY\Desktop\Start Tor Browser.lnk
2020-08-01 10:47 - 2020-08-01 10:47 - 000000000 ____D C:\Users\SONY\Desktop\Tor Browser
2020-08-01 10:44 - 2020-08-01 11:53 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-07-27 12:00 - 2020-07-27 12:00 - 445789999 _____ C:\Windows\MEMORY.DMP
2020-07-23 12:16 - 2020-08-12 11:45 - 000000000 ____D C:\FRST
2020-07-23 09:57 - 2020-07-23 09:57 - 000000318 _____ C:\Windows\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}.job
2020-07-23 09:57 - 2020-07-23 09:57 - 000000000 ____D C:\Program Files\Common Files\AV
2020-07-23 09:55 - 2020-07-23 09:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2020-07-23 09:54 - 2020-07-23 09:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Cloud
2020-07-23 09:53 - 2013-05-06 08:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2020-07-23 09:52 - 2020-08-12 11:45 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2020-07-23 09:52 - 2020-07-23 09:54 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2020-07-23 09:52 - 2020-05-19 09:11 - 000998296 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2020-07-23 09:52 - 2020-05-19 09:11 - 000251800 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2020-07-23 09:44 - 2020-07-23 09:45 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2020-07-17 13:13 - 2020-07-22 13:12 - 000000000 ____D C:\Users\SONY\AppData\Roaming\Slack
2020-07-17 13:12 - 2020-07-17 13:15 - 000000000 ____D C:\Users\SONY\AppData\Local\slack
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-08-12 11:44 - 2020-05-04 13:31 - 000000000 ____D C:\Users\SONY\Desktop\Read Me
2020-08-12 11:40 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\system32\NDF
2020-08-12 11:11 - 2009-07-14 11:45 - 000030112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-08-12 11:11 - 2009-07-14 11:45 - 000030112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-08-12 11:05 - 2020-06-25 11:34 - 000003648 _____ C:\Windows\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2020-08-12 11:02 - 2009-07-14 12:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-08-12 09:38 - 2019-06-18 20:00 - 000000000 ____D C:\Users\SONY\AppData\LocalLow\Mozilla
2020-08-11 15:06 - 2019-10-07 01:58 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-08-11 15:06 - 2019-10-07 01:58 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2020-08-11 15:04 - 2019-11-20 21:36 - 000002374 _____ C:\Users\SONY\Desktop\Google Chrome.lnk
2020-08-11 15:04 - 2019-06-15 19:19 - 000002411 _____ C:\Users\SONY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-08-10 15:26 - 2020-06-04 13:06 - 000001650 _____ C:\Users\SONY\Desktop\Companies-1.csv
2020-08-10 14:26 - 2019-06-29 09:43 - 000000000 ____D C:\Users\SONY\Desktop\ENC
2020-08-05 21:52 - 2019-10-07 01:58 - 000003450 _____ C:\Windows\system32\Tasks\AdobeGCInvoker-1.0
2020-08-04 19:44 - 2019-06-19 19:00 - 000000000 ____D C:\Users\SONY\Desktop\4K Video Downloader
2020-08-04 18:43 - 2019-06-15 20:06 - 000000000 ____D C:\Users\SONY\AppData\Local\ElevatedDiagnostics
2020-08-04 18:17 - 2009-07-14 12:08 - 000032652 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2020-08-04 14:22 - 2019-06-24 17:07 - 000000195 _____ C:\Users\SONY\Desktop\email.txt
2020-08-01 12:54 - 2019-06-18 22:58 - 000000000 ____D C:\Users\SONY\AppData\Local\BitTorrentHelper
2020-08-01 11:53 - 2019-06-18 20:00 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-08-01 10:52 - 2009-07-14 10:20 - 000000000 __RHD C:\Users\Public\Libraries
2020-08-01 10:48 - 2020-05-29 21:52 - 000000788 _____ C:\Users\SONY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2020-08-01 10:16 - 2019-06-25 13:32 - 000001292 _____ C:\Users\SONY\Desktop\measure.txt
2020-07-27 12:29 - 2019-06-15 19:20 - 000000000 ____D C:\Users\SONY\Downloads\Video
2020-07-27 12:15 - 2019-06-15 19:02 - 000000000 ____D C:\Users\SONY
2020-07-26 18:05 - 2020-06-09 12:26 - 000000000 ____D C:\Users\SONY\Downloads\Eyes on the Prize - America's Civil Rights Movement [.x264]
2020-07-23 12:25 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\inf
2020-07-17 13:15 - 2019-11-03 14:50 - 000000000 ____D C:\Users\SONY\AppData\Local\SquirrelTemp
2020-07-17 08:37 - 2019-08-31 14:29 - 000000000 ____D C:\Users\SONY\Desktop\Video Capture and Edit
2020-07-14 17:26 - 2019-06-20 15:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VPN Unlimited
2020-07-14 17:26 - 2019-06-20 15:56 - 000000000 ____D C:\Program Files (x86)\VPN Unlimited
==================== Files in the root of some directories ========
2019-06-22 12:58 - 2019-06-22 12:58 - 000000000 _____ () C:\Users\SONY\AppData\Local\oobelibMkey.log
2020-02-09 20:44 - 2020-02-09 20:44 - 000007597 _____ () C:\Users\SONY\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2020-08-08 19:11
==================== End of FRST.txt ========================
Addition.txt in comment
My laptop will not stay connected to the WiFi anywhere in town for more than a few minutes at a time. Special notes: I am living in a guesthouse in Southern Laos so I do not have access to the router, my cell phone has no issues connecting or staying connected to the WiFi.
Here are the logs from FARBAR:
FRST. txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-08-2020
Ran by SONY (administrator) on SONY-PC (Sony Corporation VGN-NW125J) (12-08-2020 11:44:38)
Running from C:\Users\SONY\Desktop
Loaded Profiles: SONY
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Eltima Software -> Eltima Software) C:\Program Files (x86)\Eltima Software\Recover PDF Password\agent\RPPc.exe
(FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksde.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksdeui.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\avp.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\avpui.exe
(KeepSolid Inc.) [File not signed] C:\Program Files (x86)\VPN Unlimited\vpn-unlimited-daemon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM\ DisallowedCertificates: 1990649205B55EAB5D692E9EDB1BE0DDD3B037DE (Sennheiser) <==== ATTENTION
HKLM\ DisallowedCertificates: C597D4E7FF9CE5BD3EC321C11827FCA9294A6BA1 (DarkMatter CA) <==== ATTENTION
HKU\S-1-5-21-1738186064-958222864-1310178189-1000\...\Run: [Google Update] => C:\Users\SONY\AppData\Local\Google\Update\1.3.35.452\GoogleUpdateCore.exe [217544 2020-03-21] (Google LLC -> Google LLC)
HKU\S-1-5-21-1738186064-958222864-1310178189-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\SYSTEM32\AdobePDF.dll [55432 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb] -> Internet Explorer (Enable DEP)
HKLM\Software\...\AppCompatFlags\InstalledSDB\{a9264802-8a7a-40fe-a135-5c6d204aed7a}: [DatabasePath] -> C:\Windows\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb [2011-12-19]
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2020-05-04] (Adobe Inc. -> Adobe Systems, Inc.)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {15CC6238-46AF-4196-A3A6-1C01E25DBFFD} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1738186064-958222864-1310178189-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781} C:\Windows\System32\gameux.dll [2746368 2019-05-15] (Microsoft Windows -> Microsoft Corporation)
Task: {3297F8F9-9C2F-443D-8F38-B5E161CA62C9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-06-08] (Adobe Inc. -> Adobe)
Task: {46B59945-5228-40B4-BF53-FB0DDB36BFB1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1738186064-958222864-1310178189-1000Core => C:\Users\SONY\AppData\Local\Google\Update\GoogleUpdate.exe [156456 2019-06-18] (Google Inc -> Google LLC)
Task: {5B85198A-9CDE-4E46-B35C-DCE34FCC286C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1738186064-958222864-1310178189-1000UA => C:\Users\SONY\AppData\Local\Google\Update\GoogleUpdate.exe [156456 2019-06-18] (Google Inc -> Google LLC)
Task: {709E935D-D367-409A-95DE-D297EA1E8457} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [123600 2020-08-01] (Mozilla Corporation -> Mozilla Foundation)
Task: {7D277012-2A2B-4AA0-A999-42D676AF6D99} - System32\Tasks\klcp_update => CodecTweakTool.exe
Task: {886452C0-6EAB-4A3E-839E-EE48C828B265} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_344_pepper.exe [1453624 2020-03-11] (Adobe Inc. -> Adobe)
Task: {E447FBFF-FB27-477B-B95F-7FB5C5BECE4E} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [491320 2020-05-12] (Bitdefender SRL -> Bitdefender)
Task: {E71BADFF-7089-4E55-A27A-E2C8F4E50416} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_371_Plugin.exe [1458232 2020-06-08] (Adobe Inc. -> Adobe)
Task: {F8F09A42-CE5C-4982-9A58-C0BB037A550C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1331792 2020-05-07] (Adobe Inc. -> Adobe Inc.)
Task: {FE3A9D98-5056-4B9B-A05F-8A5B56C80858} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}.job => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 183.182.100.1 8.8.4.4
Tcpip\..\Interfaces\{310A450C-2256-4579-ACF9-3D29393C4556}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{4E57A67F-2F45-4C15-9AA6-EAE31389E3C6}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{4E57A67F-2F45-4C15-9AA6-EAE31389E3C6}: [DhcpNameServer] 183.182.100.1 8.8.4.4
Tcpip\..\Interfaces\{CD144B2F-7574-4F66-A738-3DB8C758D9BA}: [NameServer] 10.100.0.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1738186064-958222864-1310178189-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.msn.com/?pc=U453&ocid=U453DHP&osmkt=en-us
HKU\S-1-5-21-1738186064-958222864-1310178189-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1738186064-958222864-1310178189-1000 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
BHO: Kaspersky Protection -> {9F904093-6E18-4536-BF5F-B03689CF00F0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\IEExt\ie_plugin.dll [2020-07-23] (Kaspersky Lab -> AO Kaspersky Lab)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Kaspersky Protection -> {9F904093-6E18-4536-BF5F-B03689CF00F0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\IEExt\ie_plugin.dll [2020-07-23] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-29] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-29] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Kaspersky Protection Toolbar - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\IEExt\ie_plugin.dll [2020-07-23] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-29] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\IEExt\ie_plugin.dll [2020-07-23] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-1738186064-958222864-1310178189-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
FireFox:
========
FF DefaultProfile: ytww0b7u.default
FF ProfilePath: C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\ytww0b7u.default [2020-06-25]
FF Homepage: Mozilla\Firefox\Profiles\ytww0b7u.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10420__191126
FF NewTab: Mozilla\Firefox\Profiles\ytww0b7u.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10420__191126
FF Extension: (Avast Online Security) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\ytww0b7u.default\Extensions\wrc@avast.com.xpi [2020-02-08]
FF ProfilePath: C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\i4fl49ei.default-release [2020-08-12]
FF NewTab: Mozilla\Firefox\Profiles\i4fl49ei.default-release -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10420__191126
FF Extension: (Privacy Badger) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\i4fl49ei.default-release\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2020-07-24]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\i4fl49ei.default-release\Extensions\sp@avast.com.xpi [2020-07-04]
FF Extension: (LastPass: Free Password Manager) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\i4fl49ei.default-release\Extensions\support@lastpass.com.xpi [2020-08-05]
FF Extension: (uBlock Origin) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\i4fl49ei.default-release\Extensions\uBlock0@raymondhill.net.xpi [2020-08-12]
FF Extension: (Avast Online Security) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\i4fl49ei.default-release\Extensions\wrc@avast.com.xpi [2020-06-17]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_371.dll [2020-06-08] (Adobe Inc. -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_371.dll [2020-06-08] (Adobe Inc. -> )
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-04] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2020-07-23] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2020-07-23] <==== ATTENTION
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default [2020-08-12]
CHR DownloadDir: C:\Users\SONY\Desktop
CHR Notifications: Default -> hxxps://166716742877603.webpush.freshchat.com; hxxps://app.slack.com; hxxps://voice.google.com
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Extension: (Docs) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-06-15]
CHR Extension: (Google Drive) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-06-15]
CHR Extension: (YouTube) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-06-15]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-08-08]
CHR Extension: (MozBar) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2019-11-03]
CHR Extension: (Adobe Acrobat) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-08-06]
CHR Extension: (Kaspersky Protection) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\elhpdacimkjpccooodognopfhbdgnpbk [2020-07-23]
CHR Extension: (Google Docs Offline) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-08-07]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2019-06-18]
CHR Extension: (Keywords Everywhere - Keyword Tool) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbapdpeemoojbophdfndmlgdhppljgmp [2020-08-09]
CHR Extension: (Tag Assistant (by Google)) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2020-05-21]
CHR Extension: (Evernote Web) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2019-06-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-05]
CHR Extension: (Gmail) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-06-15]
CHR Extension: (Chrome Media Router) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-07-25]
CHR Profile: C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1 [2020-04-01]
CHR Extension: (Slides) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-06-18]
CHR Extension: (Docs) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2019-06-18]
CHR Extension: (Google Drive) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-06-18]
CHR Extension: (YouTube) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-06-18]
CHR Extension: (Adobe Acrobat) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-03-10]
CHR Extension: (Sheets) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-06-18]
CHR Extension: (Google Docs Offline) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-01-05]
CHR Extension: (Gmail) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-06-18]
CHR Extension: (Chrome Media Router) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-01]
CHR Profile: C:\Users\SONY\AppData\Local\Google\Chrome\User Data\System Profile [2019-06-19]
CHR HKLM\...\Chrome\Extension: [elhpdacimkjpccooodognopfhbdgnpbk] - hxxps://chrome.google.com/webstore/detail/elhpdacimkjpccooodognopfhbdgnpbk
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-11-01]
CHR HKLM-x32\...\Chrome\Extension: [elhpdacimkjpccooodognopfhbdgnpbk] - hxxps://chrome.google.com/webstore/detail/elhpdacimkjpccooodognopfhbdgnpbk
StartMenuInternet: Google Chrome.OZ6TULZGLO2PJGYLWWOESANBQM - C:\Users\SONY\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-06-08] (Adobe Inc. -> Adobe)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3673680 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3406416 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AVP20.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\avp.exe [357416 2019-03-21] (Kaspersky Lab -> AO Kaspersky Lab)
R2 FoxitReaderUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe [1995184 2020-04-29] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
S3 klvssbridge64_20.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\vssbridge64.exe [438928 2019-03-21] (Kaspersky Lab -> AO Kaspersky Lab)
R2 KSDE4.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksde.exe [619752 2019-03-21] (Kaspersky Lab -> AO Kaspersky Lab)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1352120 2020-05-12] (Bitdefender SRL -> Bitdefender)
R2 RppClientService; C:\Program Files (x86)\Eltima Software\Recover PDF Password\agent\RPPc.exe [687104 2012-04-20] (Eltima Software -> Eltima Software)
R2 VPNUnlimitedService; C:\Program Files (x86)\VPN Unlimited\vpn-unlimited-daemon.exe [49664 2020-06-29] (KeepSolid Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2019-05-15] (Microsoft Windows -> Microsoft Corporation)
S3 WireGuardTunnel$VPNUWireguard; C:\Program Files (x86)\VPN Unlimited\WireVPNUImpl.exe [17920 2020-05-21] () [File not signed]
R2 wuauserv; C:\Windows\system32\wuaueng2.dll [2651648 2019-05-16] (Microsoft Corporation) [File not signed]
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [246912 2019-02-16] (Kaspersky Lab -> AO Kaspersky Lab)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [531584 2019-03-18] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [79768 2020-05-19] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [145504 2020-05-19] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [93312 2019-03-12] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [251800 2020-05-19] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klgse; C:\Windows\System32\DRIVERS\klgse.sys [643840 2020-06-26] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [1277704 2020-06-26] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [998296 2020-05-19] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klim6; C:\Windows\System32\DRIVERS\klim6.sys [58192 2019-03-19] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [79760 2020-05-19] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [59512 2019-03-18] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [51328 2019-03-13] (Kaspersky Lab -> AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [48592 2018-03-16] (AnchorFree Inc -> The OpenVPN Project)
R1 klwfp; C:\Windows\System32\DRIVERS\klwfp.sys [105600 2019-03-05] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [211048 2020-05-19] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [232344 2020-05-19] (Kaspersky Lab -> AO Kaspersky Lab)
R2 rimsptsk; C:\Windows\System32\DRIVERS\rimspx64.sys [55296 2009-06-25] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
R3 SFEP; C:\Windows\System32\DRIVERS\SFEP.sys [11392 2007-08-03] (Microsoft Windows Hardware Compatibility Publisher -> Sony Corporation)
S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2019-06-19] (TunnelBear, Inc. -> The OpenVPN Project)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 tapprotonvpn; C:\Windows\System32\DRIVERS\tapprotonvpn.sys [35768 2018-09-07] (ProtonVPN AG -> The OpenVPN Project)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R3 wintun; C:\Windows\System32\DRIVERS\wintun.sys [29576 2019-12-30] (WireGuard LLC -> WireGuard LLC)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [398112 2011-09-14] (Marvell Semiconductor -> Marvell)
S3 ApfiltrService; system32\DRIVERS\Apfiltr.sys [X]
U1 aswbdisk; no ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-08-12 11:44 - 2020-08-12 11:46 - 000027734 _____ C:\Users\SONY\Desktop\FRST.txt
2020-08-12 11:44 - 2020-08-12 11:44 - 000000000 ____D C:\Users\SONY\Desktop\FRST-OlderVersion
2020-08-10 12:13 - 2020-08-10 12:13 - 000527441 _____ C:\Users\SONY\Desktop\Companies-1 (1).csv
2020-08-04 13:01 - 2020-08-12 11:44 - 002296320 _____ (Farbar) C:\Users\SONY\Desktop\FRST64.exe
2020-08-03 16:56 - 2020-08-12 11:43 - 000000000 ____D C:\Users\SONY\Desktop\UK Work
2020-08-03 16:55 - 2020-08-03 19:50 - 000000000 ____D C:\Users\SONY\Desktop\Work
2020-08-01 12:53 - 2020-08-04 18:23 - 000000000 ____D C:\Users\SONY\AppData\LocalLow\uTorrent
2020-08-01 10:49 - 2020-08-01 10:49 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2020-08-01 10:48 - 2020-08-01 10:48 - 000000740 _____ C:\Users\SONY\Desktop\Start Tor Browser.lnk
2020-08-01 10:47 - 2020-08-01 10:47 - 000000000 ____D C:\Users\SONY\Desktop\Tor Browser
2020-08-01 10:44 - 2020-08-01 11:53 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-07-27 12:00 - 2020-07-27 12:00 - 445789999 _____ C:\Windows\MEMORY.DMP
2020-07-23 12:16 - 2020-08-12 11:45 - 000000000 ____D C:\FRST
2020-07-23 09:57 - 2020-07-23 09:57 - 000000318 _____ C:\Windows\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}.job
2020-07-23 09:57 - 2020-07-23 09:57 - 000000000 ____D C:\Program Files\Common Files\AV
2020-07-23 09:55 - 2020-07-23 09:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2020-07-23 09:54 - 2020-07-23 09:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Cloud
2020-07-23 09:53 - 2013-05-06 08:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2020-07-23 09:52 - 2020-08-12 11:45 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2020-07-23 09:52 - 2020-07-23 09:54 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2020-07-23 09:52 - 2020-05-19 09:11 - 000998296 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2020-07-23 09:52 - 2020-05-19 09:11 - 000251800 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2020-07-23 09:44 - 2020-07-23 09:45 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2020-07-17 13:13 - 2020-07-22 13:12 - 000000000 ____D C:\Users\SONY\AppData\Roaming\Slack
2020-07-17 13:12 - 2020-07-17 13:15 - 000000000 ____D C:\Users\SONY\AppData\Local\slack
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-08-12 11:44 - 2020-05-04 13:31 - 000000000 ____D C:\Users\SONY\Desktop\Read Me
2020-08-12 11:40 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\system32\NDF
2020-08-12 11:11 - 2009-07-14 11:45 - 000030112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-08-12 11:11 - 2009-07-14 11:45 - 000030112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-08-12 11:05 - 2020-06-25 11:34 - 000003648 _____ C:\Windows\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2020-08-12 11:02 - 2009-07-14 12:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-08-12 09:38 - 2019-06-18 20:00 - 000000000 ____D C:\Users\SONY\AppData\LocalLow\Mozilla
2020-08-11 15:06 - 2019-10-07 01:58 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-08-11 15:06 - 2019-10-07 01:58 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2020-08-11 15:04 - 2019-11-20 21:36 - 000002374 _____ C:\Users\SONY\Desktop\Google Chrome.lnk
2020-08-11 15:04 - 2019-06-15 19:19 - 000002411 _____ C:\Users\SONY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-08-10 15:26 - 2020-06-04 13:06 - 000001650 _____ C:\Users\SONY\Desktop\Companies-1.csv
2020-08-10 14:26 - 2019-06-29 09:43 - 000000000 ____D C:\Users\SONY\Desktop\ENC
2020-08-05 21:52 - 2019-10-07 01:58 - 000003450 _____ C:\Windows\system32\Tasks\AdobeGCInvoker-1.0
2020-08-04 19:44 - 2019-06-19 19:00 - 000000000 ____D C:\Users\SONY\Desktop\4K Video Downloader
2020-08-04 18:43 - 2019-06-15 20:06 - 000000000 ____D C:\Users\SONY\AppData\Local\ElevatedDiagnostics
2020-08-04 18:17 - 2009-07-14 12:08 - 000032652 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2020-08-04 14:22 - 2019-06-24 17:07 - 000000195 _____ C:\Users\SONY\Desktop\email.txt
2020-08-01 12:54 - 2019-06-18 22:58 - 000000000 ____D C:\Users\SONY\AppData\Local\BitTorrentHelper
2020-08-01 11:53 - 2019-06-18 20:00 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-08-01 10:52 - 2009-07-14 10:20 - 000000000 __RHD C:\Users\Public\Libraries
2020-08-01 10:48 - 2020-05-29 21:52 - 000000788 _____ C:\Users\SONY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2020-08-01 10:16 - 2019-06-25 13:32 - 000001292 _____ C:\Users\SONY\Desktop\measure.txt
2020-07-27 12:29 - 2019-06-15 19:20 - 000000000 ____D C:\Users\SONY\Downloads\Video
2020-07-27 12:15 - 2019-06-15 19:02 - 000000000 ____D C:\Users\SONY
2020-07-26 18:05 - 2020-06-09 12:26 - 000000000 ____D C:\Users\SONY\Downloads\Eyes on the Prize - America's Civil Rights Movement [.x264]
2020-07-23 12:25 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\inf
2020-07-17 13:15 - 2019-11-03 14:50 - 000000000 ____D C:\Users\SONY\AppData\Local\SquirrelTemp
2020-07-17 08:37 - 2019-08-31 14:29 - 000000000 ____D C:\Users\SONY\Desktop\Video Capture and Edit
2020-07-14 17:26 - 2019-06-20 15:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VPN Unlimited
2020-07-14 17:26 - 2019-06-20 15:56 - 000000000 ____D C:\Program Files (x86)\VPN Unlimited
==================== Files in the root of some directories ========
2019-06-22 12:58 - 2019-06-22 12:58 - 000000000 _____ () C:\Users\SONY\AppData\Local\oobelibMkey.log
2020-02-09 20:44 - 2020-02-09 20:44 - 000007597 _____ () C:\Users\SONY\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2020-08-08 19:11
==================== End of FRST.txt ========================
Addition.txt in comment