Inactive-A Windows host file hijacked

Status
Not open for further replies.

Boufeez

Posts: 162   +0
I keep removing the hijacked host but after reboot it keeps coming back . Please help I am ready to follow instructions

Thank you

Dell xps 8700
 

Broni

Posts: 55,918   +506
Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 

Boufeez

Posts: 162   +0
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-04-2022
Ran by Server (administrator) on SERVER-PC (Dell Inc. XPS 8700) (03-05-2022 17:38:02)
Running from C:\Users\Server\Desktop
Loaded Profiles: Server & UpdatusUser & MsDtsServer120 & MSSQLSERVER
Platform: Microsoft Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Default browser: IE
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE ->) (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(C:\Program Files\RogueKiller\RogueKillerSvc.exe ->) (ADLICE -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe
(explorer.exe ->) (EnTech Taiwan -> EnTech Taiwan) C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <15>
(explorer.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP OfficeJet 3830 series\bin\HPScan.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Server\AppData\Local\Microsoft\BingWallpaperApp\BingWallpaperApp.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(nvvsvc.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(services.exe ->) (ADLICE -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Comodo Security Solutions, Inc. -> COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\isesrv.exe
(services.exe ->) (Comodo Security Solutions, Inc. -> COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(services.exe ->) (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(services.exe ->) (Intel Corporation -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(services.exe ->) (Intel Corporation -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(services.exe ->) (Intel Corporation -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\120\DTS\Binn\MsDtsSrvr.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe <2>
(services.exe ->) (Qualcomm Atheros -> Atheros) [File not signed] C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(services.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(svchost.exe ->) (Comodo Security Solutions, Inc. -> COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP OfficeJet 3830 series\Bin\HPNetworkCommunicatorCom.exe
(taskeng.exe ->) (Comodo Security Solutions, Inc. -> COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe <2>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188040 2013-05-10] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [AtherosBtStack] => "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\btvstack.exe" (No File)
HKLM\...\Run: [AthBtTray] => "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\athbttray.exe" (No File)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [4187856 2019-01-29] (Comodo Security Solutions, Inc. -> COMODO)
HKU\S-1-5-21-858829026-1856093188-292686800-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-858829026-1856093188-292686800-1000\...\Run: [BingWallpaperApp] => C:\Users\Server\AppData\Local\Microsoft\BingWallpaperApp\BingWallpaperApp.exe [13990808 2022-04-19] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-858829026-1856093188-292686800-1001\...\Run: [LogMeInRescueCallingCardsx7wouv] => C:\Program Files (x86)\LogMeIn Rescue Calling Card\x7wouv\CallingCard.exe [2272232 2017-10-20] (LogMeIn, Inc. -> LogMeIn, Inc.)
HKU\S-1-5-21-858829026-1856093188-292686800-1001\...\MountPoints2: {86ddb7c7-10a0-11e9-8a4d-806e6f6e6963} - D:\autoRcd.exe
HKU\S-1-5-80-3642287774-1615985598-572449333-1370030010-3123895339\...\Run: [LogMeInRescueCallingCardsx7wouv] => C:\Program Files (x86)\LogMeIn Rescue Calling Card\x7wouv\CallingCard.exe [2272232 2017-10-20] (LogMeIn, Inc. -> LogMeIn, Inc.)
HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\...\Run: [LogMeInRescueCallingCardsx7wouv] => C:\Program Files (x86)\LogMeIn Rescue Calling Card\x7wouv\CallingCard.exe [2272232 2017-10-20] (LogMeIn, Inc. -> LogMeIn, Inc.)
HKLM\...\Windows x64\Print Processors\ssb3mPC: C:\Windows\System32\spool\prtprocs\x64\ssb3mpc.dll [36864 2011-04-18] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Server 2003 DDK provider)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP OfficeJet 3830 series): C:\Windows\system32\HPDiscoPME511.dll [841376 2021-11-15] (HP Inc. -> HP Inc.)
HKLM\...\Print\Monitors\HP E511 Status Monitor: C:\Windows\system32\hpinkstsE511LM.dll [393352 2017-03-09] (Hewlett Packard -> HP Inc.)
HKLM\...\Print\Monitors\ssb3m Langmon: C:\Windows\system32\ssb3ml6.dll [34304 2011-04-14] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\100.0.4896.127\Installer\chrmstp.exe [2022-04-22] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] ->
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Display Manager.lnk [2019-01-11]
ShortcutTarget: Dell Display Manager.lnk -> C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe (EnTech Taiwan -> EnTech Taiwan)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05720D61-7C19-41BC-BDF0-CF082C238407} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [754472 2021-04-05] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {0BD47670-BEBF-4259-BEBF-6D54E7FB6506} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-17] (Adobe Inc. -> Adobe)
Task: {16D359B6-EC02-4D81-913A-F091C06C80B1} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {1EA4C5E4-A987-45B0-9BF1-60ABF8738B86} - System32\Tasks\Opera scheduled Autoupdate 1554446248 => C:\Users\Server\AppData\Local\Programs\Opera\launcher.exe [2469120 2022-04-20] (Opera Software AS -> Opera Software)
Task: {2507D921-3156-402C-92F5-52D9CDB44BD4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-10-04] (Google LLC -> Google LLC)
Task: {2B18273F-A30E-441F-9F3E-C8FACE6F11F4} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
Task: {2EC1FDE0-B728-461A-9AE5-CA4F2DDED012} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Task: {3F479D58-86C3-4674-B060-03EC38F8655E} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {4D99C037-B093-452E-9B6E-E56058914EE2} - System32\Tasks\Opera scheduled assistant Autoupdate 1582726877 => C:\Users\Server\AppData\Local\Programs\Opera\launcher.exe [2469120 2022-04-20] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Server\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {4F21547D-BCA5-4C97-8978-3086F546D3D6} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [13190952 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {6C4D6C55-B7FE-4476-8B55-702F27C725E3} - System32\Tasks\{297BB3C4-4A5F-44A4-AD54-66F31D44A21C} => C:\Windows\system32\pcalua.exe -a C:\Users\Server\Downloads\tonic-v1.0b990.exe -d C:\Users\Server\Downloads
Task: {7153A862-3C71-4509-921D-760E4D704C7A} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {796CD7A3-D972-4DC8-91A4-CC24FAC2661A} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-17] (Adobe Inc. -> Adobe)
Task: {8B83EA16-8EBD-49A6-8662-798D0BF62787} - System32\Tasks\SpitFire Restart => c:\spd enterprise\Batch\RestartServices.bat [3258 2017-06-28] () [File not signed]
Task: {8C10185D-1D89-4CF6-8C9D-7D94A3A08ACE} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {96515E1D-6D5E-4152-A3D3-047EA32C56A1} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Server\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2022-04-10] (ESET, spol. s r.o. -> ESET)
Task: {98B33466-25A4-4B02-A9BD-BD57FE03B77A} - System32\Tasks\kpm_tray.exe => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_tray.exe [629864 2019-12-13] (Kaspersky Lab -> AO Kaspersky Lab)
Task: {A09E8498-0229-423A-947C-1696D545ACAB} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-01-25] (Piriform Software Ltd -> Piriform)
Task: {A8D63BBB-F13F-48AE-B7BE-D5122BBA4281} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {BA0A5F84-C1E4-4E5D-98DF-48DC5834E5AD} - System32\Tasks\CCleanerSkipUAC - Server => C:\Program Files\CCleaner\CCleaner.exe [29453952 2022-01-25] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {C6D6750D-45FD-474A-ADFE-B4DBFF85A48F} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Server\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2022-04-10] (ESET, spol. s r.o. -> ESET)
Task: {C737A258-098F-43C0-AC9F-9C50B49D97BD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-10-04] (Google LLC -> Google LLC)
Task: {C7523E68-07CA-4851-AB57-ACE91D09024B} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
Task: {CE7D9377-5DED-4227-B393-14C45997D17D} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {D24B4989-8335-475F-B227-D20BA40B14A0} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [743488 2021-06-01] (Kaspersky Lab JSC -> AO Kaspersky Lab)
Task: {D35BC232-D0CC-4A1C-9597-4747E5EE51D7} - System32\Tasks\{470AC379-0A92-41D9-8806-A1D01031897B} => C:\Windows\system32\pcalua.exe -a C:\Users\Server\Desktop\LLOP\Setup_MUP.exe -d C:\Users\Server\Desktop\LLOP
Task: {D4FFD47E-3FC8-495F-9657-47B0C7E19D66} - System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [13190952 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {D60CEFC5-735F-4E61-A302-A5EC43CEDA7E} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [410784 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {D89E6015-1C7D-45ED-9E2F-DB4F41C784DF} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
Task: {F20D5891-02F0-4382-A9DB-6400E1BC82B8} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {FEB4F86A-21C9-48E2-AFAC-BD2BEB0C385E} - System32\Tasks\AdwCleaner_onReboot => C:\Users\Server\Downloads\adwcleaner_8.0.2.exe /r (No File)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-31] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C2FD0151-A916-4412-84C6-BA103ABA9908}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Server\AppData\Local\Microsoft\Edge\User Data\Default [2022-05-03]
Edge Notifications: Default -> hxxps://us1.blendr.com; hxxps://www.facebook.com
Edge HomePage: Default -> hxxp://us.yahoo.com/?fr=fp-comodo&type=81_138430010005_90.0.4430.212_u_hp
Edge StartupUrls: Default -> "hxxp://www.google.ca/"
Edge Extension: (Cisco Webex Extension) - C:\Users\Server\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cmihkeafcknlomclapaddfljaeegfbdl [2020-09-02]
Edge Extension: (Kaspersky Protection 20.0) - C:\Users\Server\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\elhpdacimkjpccooodognopfhbdgnpbk [2021-02-05]
Edge HKU\S-1-5-21-858829026-1856093188-292686800-1000\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]
Edge HKU\S-1-5-21-858829026-1856093188-292686800-1000\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [elhpdacimkjpccooodognopfhbdgnpbk]
Edge HKU\S-1-5-21-858829026-1856093188-292686800-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]
Edge HKU\S-1-5-80-3642287774-1615985598-572449333-1370030010-3123895339\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]
Edge HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]
Edge HKLM-x32\...\Edge\Extension: [cmihkeafcknlomclapaddfljaeegfbdl]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: 6s1sz6oo.default
FF ProfilePath: C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\6s1sz6oo.default [2022-04-24]
FF Homepage: Mozilla\Firefox\Profiles\6s1sz6oo.default -> hxxp://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES007&pc=UE06
FF Notifications: Mozilla\Firefox\Profiles\6s1sz6oo.default -> hxxps://www.schedulicity.com
FF Extension: (Cisco WebEx Extension) - C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\6s1sz6oo.default\Extensions\ciscowebexstart1@cisco.com.xpi [2020-09-03]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\6s1sz6oo.default\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2022-01-11]
FF Extension: (uBlock) - C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\6s1sz6oo.default\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2019-07-30]
FF Extension: (Cisco WebEx Extension) - C:\Program Files\Mozilla Firefox\distribution\extensions\ciscowebexstart1@cisco.com.xpi [2020-08-29]
FF HKLM\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-17] (Adobe Inc. -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @360.cn/npaxlogin -> C:\Program Files (x86)\360\360Safe\Utils\npaxlogin.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-17] (Adobe Inc. -> )
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-03-24] (NVIDIA CORPORATION -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-03-24] (NVIDIA CORPORATION -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @webex.com/npatgpc -> C:\Program Files (x86)\Webex\npatgpc.dll [2020-08-29] (Cisco WebEx LLC -> Cisco WebEx LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2019-01-24] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2019-01-24] <==== ATTENTION

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Server\AppData\Local\Google\Chrome\User Data\Default [2022-05-03]
CHR Notifications: Default -> hxxps://web.skype.com; hxxps://www.facebook.com; hxxps://www.reddit.com; hxxps://www.youtube.com
CHR Extension: (Google Docs Offline) - C:\Users\Server\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-04-27]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Server\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-04-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Server\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-10-04]
CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [jlhmfgmfgeifomenelglieieghnjghma]

Opera:
=======
OPR Profile: C:\Users\Server\AppData\Roaming\Opera Software\Opera Stable [2022-03-24]
OPR DownloadDir: C:\Users\Server\Downloads
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\Server\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-08-02]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-17] (Adobe Inc. -> Adobe)
R2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [98208 2009-11-17] (Andrea Electronics -> Andrea Electronics Corporation)
S4 AVP21.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.2\avp.exe [381928 2020-10-22] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S2 AVP21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\avp.exe [184768 2021-08-26] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [90776 2014-03-20] (Microsoft Corporation -> Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [158912 2019-03-28] (Microsoft Dynamic Code Publisher -> Microsoft Corporation)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [11334144 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2675504 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
S4 Cti32svc; C:\Program Files (x86)\CTI32\cti32svc.exe [24576 2018-01-17] (Inventive Labs, LLC) [File not signed]
S2 HmpElements; C:\Program Files\Inventive Labs\Hmp Elements Server\HmpElementsServer.exe [2016248 2018-01-17] (Inventive Labs Corporation -> Inventive Labs, Inc.)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [532968 2018-12-02] (Intel Corporation -> Intel Corporation)
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [1044176 2019-01-29] (Comodo Security Solutions, Inc. -> COMODO)
S3 klvssbridge64_21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\x64\vssbridge64.exe [479280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 kpm_launch_service; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe [354008 2019-02-08] (Kaspersky Lab -> AO Kaspersky Lab)
S3 KSDE3.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe [617016 2018-03-01] (Kaspersky Lab -> AO Kaspersky Lab)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7901368 2022-01-11] (Malwarebytes Inc -> Malwarebytes)
R2 MsDtsServer120; C:\Program Files\Microsoft SQL Server\120\DTS\Binn\MsDtsSrvr.exe [209816 2020-11-01] (Microsoft Corporation -> Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [365464 2020-11-01] (Microsoft Corporation -> Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S4 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [221136 2019-10-29] (TEFINCOM S.A. -> )
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [14419440 2022-03-07] (ADLICE -> )
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S2 Spitfire_BusinessService; C:\SPD Enterprise\SpitFire_BusinessService\Spitfire_BusinessService.exe [7680 2019-07-30] () [File not signed]
S2 Spitfire_DialService; C:\SPD Enterprise\SpitFire_DialService\Spitfire_DialService.exe [6656 2019-08-20] () [File not signed]
S4 Spitfire_LoginService; C:\SPD Enterprise\SpitFire_LoginService\Spitfire_LoginService.exe [7168 2019-03-06] () [File not signed]
S4 Spitfire_RecordingService; C:\SPD Enterprise\SpitFire_RecordingService\Spitfire_RecordingService.exe [7168 2019-05-03] () [File not signed]
S3 SQL Server Distributed Replay Client; C:\Program Files (x86)\Microsoft SQL Server\120\Tools\DReplayClient\DReplayClient.exe [133016 2020-11-01] (Microsoft Corporation -> Microsoft Corporation)
S3 SQL Server Distributed Replay Controller; C:\Program Files (x86)\Microsoft SQL Server\120\Tools\DReplayController\DReplayController.exe [338320 2020-11-01] (Microsoft Corporation -> Microsoft Corporation)
S4 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [606104 2020-11-01] (Microsoft Corporation -> Microsoft Corporation)
S3 WebexService; C:\Program Files (x86)\Webex\Webex\Applications\WebExService.exe [146240 2020-08-29] (Cisco WebEx LLC -> Cisco WebEx LLC)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292480 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2014-05-13] (Qualcomm Atheros -> Atheros) [File not signed]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 athr; C:\Windows\System32\DRIVERS\athrx.sys [4108288 2014-10-17] (Qualcomm Atheros Communications, Inc.) [File not signed]
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [220544 2020-11-25] (Beijing Qihu Technology Co., Ltd. -> 360.cn)
S3 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv.sys [313112 2019-07-29] (Bluestack Systems, Inc. -> Bluestack System Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [156520 2018-10-14] (Intel Corporation -> Motorola Solutions, Inc.)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [29088 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [861592 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [250032 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [41608 2019-05-21] (Techporch Incorporated -> Dell Inc.)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [41208 2019-05-21] (Techporch Incorporated -> Dell Computer Corporation)
R1 isedrv; C:\Windows\system32\drivers\isedrv.sys [51368 2019-01-29] (Comodo Security Solutions, Inc. -> COMODO)
R1 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [110336 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [211704 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [126216 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klflt; C:\Windows\System32\DRIVERS\klflt.sys [514840 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klgse; C:\Windows\System32\DRIVERS\klgse.sys [657696 2021-03-15] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [1400600 2021-03-15] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1042712 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klim6; C:\Windows\System32\DRIVERS\klim6.sys [98040 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [112392 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [112904 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [85256 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [48080 2018-02-12] (AnchorFree Inc -> The OpenVPN Project)
R0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [245752 2021-06-16] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [108576 2021-06-16] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [216576 2021-06-16] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klwfp; C:\Windows\System32\DRIVERS\klwfp.sys [155912 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [327936 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [300808 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2022-01-11] (Malwarebytes Inc -> Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R3 MpKsl98daea2e; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7FBE4F2A-F18A-4897-B088-38B8CD5804C3}\MpKslDrv.sys [48360 2022-05-03] (Microsoft Windows -> Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R1 npcap; C:\Windows\System32\DRIVERS\npcap.sys [71888 2016-12-15] (Insecure.Com LLC -> Insecure.Com LLC.)
S3 npcap_wifi; C:\Windows\System32\DRIVERS\npcap.sys [71888 2016-12-15] (Insecure.Com LLC -> Insecure.Com LLC.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 nusb3hub; C:\Windows\system32\drivers\nusb3hub.sys [80384 2010-09-30] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
S3 nusb3xhc; C:\Windows\system32\drivers\nusb3xhc.sys [180736 2010-09-30] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
S4 RsFx0321; C:\Windows\System32\DRIVERS\RsFx0321.sys [258720 2018-07-25] (Microsoft Corporation -> Microsoft Corporation)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [3821064 2016-10-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 tapnordvpn; C:\Windows\System32\DRIVERS\tapnordvpn.sys [35592 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
S3 usbkey; C:\Windows\System32\DRIVERS\USBKey64.sys [40288 2019-01-09] (Microcomputer Applications Inc -> )
U1 aswbdisk; no ImagePath
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S0 kavbootc; system32\drivers\kavbootc64.sys [X]
S3 ksapi64; \??\C:\Windows\system32\drivers\ksapi64.sys [X]
S1 PCHunter64ao; \??\C:\Users\Server\Desktop\pchunt\PCHunter64ao.sys [X]
U3 TrueSight; \??\C:\Windows\System32\drivers\truesight.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVCx32: dg597 -> no filepath.

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-05-03 17:38 - 2022-05-03 17:38 - 000036395 _____ C:\Users\Server\Desktop\FRST.txt
2022-05-03 17:37 - 2022-05-03 17:37 - 002366976 _____ (Farbar) C:\Users\Server\Desktop\FRST64.exe
2022-05-03 17:27 - 2022-05-03 17:27 - 000616689 _____ C:\Users\Server\Desktop\Maria.Scan.pdf
2022-05-03 03:00 - 2022-05-03 03:00 - 000003768 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onLogOn
2022-05-03 03:00 - 2022-05-03 03:00 - 000003328 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onTime
2022-04-22 23:26 - 2022-04-22 23:26 - 000000000 ____D C:\Users\Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bing Wallpaper
2022-04-10 23:49 - 2022-04-10 23:49 - 000000000 ____D C:\Users\Server\Desktop\FRST-OlderVersion
2022-04-10 23:45 - 2022-04-10 23:46 - 002365440 _____ (Farbar) C:\Users\Server\Downloads\FRST64 (2).exe
2022-04-10 23:33 - 2022-04-11 04:05 - 000006536 _____ C:\Windows\system32\Drivers\fvstore.dat
2022-04-10 23:33 - 2022-04-10 23:47 - 000000000 ____D C:\Users\Server\Downloads\FRST-OlderVersion
2022-04-10 23:33 - 2022-04-10 23:33 - 000000000 ___HD C:\VTRoot
2022-04-10 23:32 - 2022-05-03 17:38 - 000000000 ____D C:\FRST
2022-04-10 22:51 - 2022-04-10 22:51 - 000001945 _____ C:\Windows\epplauncher.mif
2022-04-10 22:46 - 2022-04-10 22:46 - 000002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2022-04-10 22:45 - 2022-04-10 22:46 - 000000000 ____D C:\Program Files\Microsoft Security Client
2022-04-10 22:45 - 2022-04-10 22:45 - 000000000 ____D C:\Program Files (x86)\Microsoft Security Client
2022-04-10 22:40 - 2022-04-10 22:40 - 000000000 ____D C:\Users\Server\Tracing
2022-04-10 22:18 - 2022-04-10 22:18 - 000002486 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2022-04-10 22:05 - 2022-04-10 22:05 - 015274968 _____ (ESET) C:\Users\Server\Downloads\esetonlinescanner (1).exe
2022-04-10 22:02 - 2022-04-10 22:02 - 015274968 _____ (ESET) C:\Users\Server\Downloads\esetonlinescanner.exe
2022-04-10 22:02 - 2022-04-10 22:02 - 000001158 _____ C:\Users\Server\Desktop\ESET Online Scanner.lnk
2022-04-10 22:02 - 2022-04-10 22:02 - 000000000 ____D C:\Users\Server\AppData\Local\ESET
2022-04-10 21:55 - 2022-04-10 21:55 - 017617120 _____ (NortonLifeLock Inc.) C:\Users\Server\Downloads\NPE.exe
2022-04-10 21:55 - 2022-04-10 21:55 - 000000000 ____D C:\Users\Server\AppData\Local\NPE
2022-04-10 21:55 - 2022-04-10 21:55 - 000000000 ____D C:\ProgramData\Norton
2022-04-09 22:46 - 2022-04-09 22:46 - 000049472 _____ C:\Windows\SysWOW64\traffic_stats.db-wal
2022-04-09 22:46 - 2022-04-09 22:46 - 000032768 _____ C:\Windows\SysWOW64\traffic_stats.db-shm
2022-04-09 22:46 - 2022-04-09 22:46 - 000004096 _____ C:\Windows\SysWOW64\traffic_stats.db
2022-04-09 22:08 - 2022-04-09 22:08 - 000000000 ____D C:\Windows\system32\gf2engine
2022-04-09 21:28 - 2022-04-09 21:28 - 2018362525 _____ C:\Windows\MEMORY.DMP

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-05-03 17:33 - 2021-06-09 19:40 - 001474832 _____ C:\Windows\system32\Drivers\sfi.dat
2022-05-03 17:25 - 2020-02-22 19:34 - 000000000 ____D C:\Program Files\CCleaner
2022-05-03 17:24 - 2021-10-04 23:18 - 000000000 ____D C:\Program Files (x86)\Google
2022-05-03 17:23 - 2009-07-14 00:45 - 000035024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2022-05-03 17:23 - 2009-07-14 00:45 - 000035024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2022-05-03 17:20 - 2009-07-14 01:13 - 001040176 _____ C:\Windows\system32\PerfStringBackup.INI
2022-05-03 17:20 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2022-05-03 17:16 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\inetsrv
2022-05-03 17:14 - 2019-01-09 16:25 - 000000000 ____D C:\Users\MSSQLSERVER
2022-05-03 17:14 - 2019-01-09 16:25 - 000000000 ____D C:\Users\MsDtsServer120
2022-05-03 17:14 - 2019-01-04 20:40 - 000000000 ____D C:\Users\UpdatusUser
2022-05-03 17:14 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-05-03 17:13 - 2019-01-04 20:40 - 000000000 ____D C:\ProgramData\NVIDIA
2022-04-30 03:24 - 2019-01-10 19:13 - 000000000 ____D C:\Users\SQLSERVERAGENT
2022-04-30 03:24 - 2019-01-10 01:10 - 000000000 ____D C:\Users\DefaultAppPool
2022-04-30 03:24 - 2019-01-09 16:36 - 000000000 ____D C:\Users\Classic .NET AppPool
2022-04-30 03:08 - 2020-08-01 18:06 - 000002223 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-04-22 23:24 - 2021-10-04 23:19 - 000002170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-04-22 23:19 - 2019-04-05 02:37 - 000004072 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1554446248
2022-04-22 23:18 - 2021-10-04 23:18 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2022-04-22 23:18 - 2021-10-04 23:18 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2022-04-18 05:16 - 2020-02-22 19:34 - 000004128 _____ C:\Windows\system32\Tasks\CCleaner Update
2022-04-15 03:04 - 2019-01-07 19:49 - 000000000 ____D C:\Windows\system32\MRT
2022-04-15 03:00 - 2019-01-07 19:49 - 143823848 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2022-04-14 16:13 - 2019-05-27 15:07 - 000002059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2022-04-14 16:07 - 2022-03-25 00:47 - 000000881 _____ C:\Users\Server\Desktop\JRT.txt
2022-04-11 04:08 - 2022-03-24 22:34 - 000000000 ____D C:\Users\Server\AppData\Local\Avast Software
2022-04-11 04:08 - 2022-03-24 21:59 - 000000000 ____D C:\ProgramData\Avast Software
2022-04-11 03:42 - 2009-07-13 23:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2022-04-11 03:39 - 2019-01-09 16:17 - 000000000 ____D C:\Windows\SysWOW64\1033
2022-04-11 03:39 - 2019-01-09 16:16 - 000000000 ____D C:\Windows\system32\1033
2022-04-11 03:35 - 2019-01-09 16:17 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2022-04-11 03:35 - 2019-01-09 16:13 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2022-04-11 03:17 - 2019-01-04 20:39 - 001032298 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2022-04-10 23:35 - 2020-03-05 17:23 - 000000000 ____D C:\Users\Server\AppData\Roaming\RingCentralMeetings
2022-04-10 22:40 - 2019-02-05 17:26 - 000000000 ____D C:\Users\Server\AppData\Local\Windows Live
2022-04-10 22:40 - 2019-01-04 21:21 - 000000000 ____D C:\Users\Server
2022-04-10 22:18 - 2019-02-05 17:27 - 000000000 ____D C:\Program Files (x86)\Windows Live
2022-04-10 21:01 - 2020-08-01 18:04 - 000003380 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-04-10 21:01 - 2020-08-01 18:04 - 000003252 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-04-10 20:24 - 2020-11-30 11:45 - 000000000 ____D C:\Windows\pss
2022-04-10 20:23 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\NDF
2022-04-09 21:54 - 2019-06-25 23:53 - 000000000 ____D C:\ProgramData\RogueKiller
2022-04-09 21:48 - 2019-01-10 01:36 - 000000000 ____D C:\Users\Server\AppData\Local\ElevatedDiagnostics
2022-04-09 21:28 - 2020-11-30 11:37 - 000000000 ____D C:\Windows\Minidump

==================== Files in the root of some directories ========

2020-03-13 13:35 - 2020-03-13 13:35 - 000007605 _____ () C:\Users\Server\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2022-04-27 20:20
==================== End of FRST.txt ========================
 

Boufeez

Posts: 162   +0
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2022
Ran by Server (03-05-2022 17:41:03)
Running from C:\Users\Server\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X64) (2019-01-05 01:21:32)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-858829026-1856093188-292686800-500 - Administrator - Disabled)
Guest (S-1-5-21-858829026-1856093188-292686800-501 - Limited - Disabled)
Server (S-1-5-21-858829026-1856093188-292686800-1000 - Administrator - Enabled) => C:\Users\Server
UpdatusUser (S-1-5-21-858829026-1856093188-292686800-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AV: COMODO Antivirus (Enabled - Up to date) {05BC7AB5-FF0E-71EC-1054-15DA19B62DC7}
AV: Kaspersky Total Security (Disabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
AS: COMODO Advanced Protection (Enabled - Up to date) {BEDD9B51-D934-7E62-2AE4-2EA86231677A}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Total Security (Disabled - Up to date) {F41710F6-65D1-4F66-2B68-CCCF63D4A09E}
FW: Kaspersky Total Security (Disabled) {774D7037-0984-41B0-3A87-5E88E680AD58}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 22.001.20117 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.12.36 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
Agent App (HKLM-x32\...\AgentApp) (Version: - )
AMD Catalyst Install Manager (HKLM\...\{F62CA14F-AB88-4A97-7752-BF36193B4CC3}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Bing Wallpaper (HKLM-x32\...\{980089C2-9D7D-4438-8DAF-C695E82DF18D}) (Version: 1.0.9.8 - Microsoft Corporation)
BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.120.0.1081 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.89 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco Webex Meetings (HKLM-x32\...\{13218FD6-F824-D4EF-F73A-21A39F1B464D}) (Version: 40.9.3.20 - Cisco Webex LLC)
COMODO Antivirus (HKLM\...\{529CC629-B436-4886-B322-4BE75B97783D}) (Version: 12.2.2.8012 - COMODO Security Solutions Inc.) Hidden
COMODO Antivirus (HKLM\...\COMODO Internet Security) (Version: 12.2.2.8012 - COMODO Security Solutions Inc.)
CTI32 (HKLM-x32\...\{859C79E6-9913-437E-888E-C8891D8D32C5}) (Version: 4.5.0.0 - Inventive Labs, LLC)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Display Manager (HKLM-x32\...\{AC50C05D-9D57-40F5-B2EF-AC402F14312B}_is1) (Version: - EnTech Taiwan)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Diag version 1.6.0.0 (HKLM\...\10DBD048-433A-4BC3-951F-055296F077B3_is1) (Version: 1.6.0.0 - Adlice Software)
GDR 6108 for SQL Server 2014 (KB4505218) (64-bit) (HKLM\...\KB4505218) (Version: 12.3.6108.1 - Microsoft Corporation)
GDR 6118 for SQL Server 2014 (KB4532095) (64-bit) (HKLM\...\KB4532095) (Version: 12.3.6118.4 - Microsoft Corporation)
GDR 6164 for SQL Server 2014 (KB4583463) (64-bit) (HKLM\...\KB4583463) (Version: 12.3.6164.21 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 100.0.4896.127 - Google LLC)
Hmp Elements Server (HKLM\...\{96F71EA5-474F-442B-9F09-0A80EED4E858}) (Version: 1.0.0 - Inventive Labs)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP ePrint SW (HKLM-x32\...\{cdb5f70f-5107-4613-bf69-15de903b5b5d}) (Version: 5.5.22560 - HP Inc.)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP OfficeJet 3830 series Basic Device Software (HKLM\...\{18BABA54-93A8-4C4D-B265-B2DF05E212BF}) (Version: 40.15.1230.21319 - HP Inc.)
HP OfficeJet 3830 series Help (HKLM-x32\...\{1FCCD112-2F27-463D-8C36-1D5C29A3BB3E}) (Version: 35.0.0 - Hewlett Packard)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.6.472587.185 - Comodo)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kaspersky Password Manager (HKLM-x32\...\{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab) Hidden
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab)
Kaspersky Total Security (HKLM-x32\...\{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 - Kaspersky) Hidden
Kaspersky Total Security (HKLM-x32\...\{63129F5E-8EC5-41BA-A4CF-47966CE84953}) (Version: 21.2.16.590 - Kaspersky) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 - Kaspersky)
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{63129F5E-8EC5-41BA-A4CF-47966CE84953}) (Version: 21.2.16.590 - Kaspersky)
LAN Messenger (HKLM-x32\...\LAN Messenger) (Version: 1.2.35 - LAN Messenger)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes version 4.5.0.152 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.0.152 - Malwarebytes)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 101.0.1210.32 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{51528A68-E842-4152-A171-0440D6EA2F9C}) (Version: 12.3.6164.21 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Report Viewer 2014 Runtime (HKLM-x32\...\{327E9C0D-1687-414F-923E-F5979E549548}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{9D93D367-A2CC-4378-BD63-79EF3FE76C78}) (Version: 11.4.7462.6 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version: - Microsoft Corporation)
Microsoft SQL Server 2014 Policies (HKLM-x32\...\{1C30FE7E-8A8C-4492-89D6-10CB20C3B0EB}) (Version: 12.3.6024.0 - Microsoft Corporation)
Microsoft SQL Server 2014 RS Add-in for SharePoint (HKLM\...\{B6744BB7-B212-4FD7-8EF3-A98E7A3AC0A6}) (Version: 12.3.6164.21 - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{D626A6AB-EAFE-4453-B169-3577AB35BBD5}) (Version: 12.3.6164.21 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL Compiler Service (HKLM\...\{A9CAA60A-C8FC-479D-8582-DB15B4077BC1}) (Version: 12.3.6164.21 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{FDB6D282-D17A-422C-9F11-1DB989E76D8A}) (Version: 12.3.6164.21 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (x64) (HKLM\...\{F5C7C3DE-6413-4BB8-A307-734CFC92DBDB}) (Version: 12.3.6164.21 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27033 (HKLM-x32\...\{cc3a7c63-31fb-4129-9024-63ebefd86a95}) (Version: 14.16.27033.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x64 Runtime 3.0 (HKLM\...\{F14401A9-F0A0-33CC-8444-F60823A60DEB}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x86 Runtime 3.0 (HKLM-x32\...\{191A6F65-6878-398D-A272-EF011B80F371}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.3.6024.0 - Microsoft Corporation)
Mozilla Firefox ESR (x64 en-US) (HKLM\...\Mozilla Firefox 91.5.1 ESR (x64 en-US)) (Version: 91.5.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.6.1 - Mozilla)
NordVPN (HKLM-x32\...\{83E46D71-D7E0-4305-AF97-9A15FCFCDD06}) (Version: 6.25.3 - NordVPN) Hidden
NordVPN (HKLM-x32\...\NordVPN 6.25.3) (Version: 6.25.3 - NordVPN)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.8.2 - Notepad++ Team)
Npcap 0.78 r5 (HKLM-x32\...\NpcapInst) (Version: 0.78 r5 - Nmap Project)
NVIDIA 3D Vision Controller Driver 311.47 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 311.47 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 311.47 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.47 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 311.47 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.47 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
Opera Stable 85.0.4341.75 (HKU\S-1-5-21-858829026-1856093188-292686800-1000\...\Opera 85.0.4341.75) (Version: 85.0.4341.75 - Opera Software)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6909 - Realtek Semiconductor Corp.)
RogueKiller version 15.4.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.4.0.0 - Adlice Software)
Samsung Scan Assistant (HKLM-x32\...\Samsung Scan Assistant) (Version: 1.04.22.00 - Samsung Electronics Co., Ltd.)
Service Pack 3 for SQL Server 2014 (KB4022619) (64-bit) (HKLM\...\KB4022619) (Version: 12.3.6024.0 - Microsoft Corporation)
SPD Enterprise (HKLM-x32\...\SPD Enterprise) (Version: - )
Speedtest by Ookla (HKLM\...\{40F608F7-DCBE-4F86-81F7-5FA9F33031AD}) (Version: 1.7.132.001 - Ookla)
SpitFire Online Support (HKLM-x32\...\{C08721E9-4046-3280-BC5A-7CCF6BD49DE6}) (Version: 7.11.760 - LogMeIn, Inc.)
SQL Server 2014 Client Tools (HKLM\...\{2BA1811B-44C0-4C50-8C5A-CE68AB25ED71}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Client Tools (HKLM\...\{B5ECFA5C-AC4F-45A4-A12E-A76ABDD9CCBA}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{BD1CD96B-FE4B-4EAE-83D4-6EF55AB5779C}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{F7012F84-80F5-4C25-852E-B1BA03276FE6}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Data quality client (HKLM\...\{1B61E3E0-7021-47ED-8733-927A31300AE4}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Data quality client (HKLM\...\{DCE60088-65B7-4873-957A-08017D343E9A}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{17531BCD-C627-46A2-9F1E-7CC920E0E94A}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{5082A9F3-AEE5-4639-9BA7-C19661BA7331}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{ACC530B8-B6B4-40D6-B59B-152468CF47D0}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{D1B847A9-B06B-4264-9EF0-78E6E1571E65}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Distributed Replay (HKLM\...\{2D77A365-F019-4EED-BA58-6389CFD73C9D}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Distributed Replay (HKLM\...\{357D53BA-8B5D-4E72-9636-A82E0B1A72D4}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Distributed Replay (HKLM\...\{3D327420-2E9F-4F56-8B15-C2FE5ADE85BF}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Distributed Replay (HKLM\...\{B5D457CD-3E1A-4D6C-8D16-6030E88DAF35}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Documentation Components (HKLM\...\{1D01EDF6-7E93-4FEE-AA09-C5669511100C}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Documentation Components (HKLM\...\{5EACF47D-EB70-4FE0-83DE-9FD9693C24B9}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Documentation Components (HKLM\...\{832D6A7D-13F7-42CB-9AC6-5859800269AE}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Integration Services (HKLM\...\{0FB14E21-7A42-4CD0-8D5C-028B2ACD29E6}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Integration Services (HKLM\...\{327B1B40-2434-4DC5-9D4D-B9B24D4B2EDE}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (HKLM\...\{75A54138-3B98-4705-92E4-F619825B121F}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (HKLM\...\{839EF29A-3055-43DC-ADCE-8E84893798D5}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 RS_SharePoint_SharedService (HKLM\...\{50663FF0-DF81-4DDC-BED0-F92E31488301}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 SQL Data Quality Common (HKLM\...\{2D95D8C0-0DC4-44A6-A729-1E2388D2C03E}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.3.6024.0 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{6476DB81-F263-4C04-8574-AAD31136C304}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 8.0.1038 - SUPERAntiSpyware.com)
Tonic v1.0 (build 990) (HKLM-x32\...\Tonic) (Version: - )
TP-Link Archer T4E (HKLM-x32\...\{F1EBFE32-A5B6-4895-B20C-7C12D702DCA3}) (Version: 2.1.0 - TP-Link)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Wargaming.net Game Center (HKU\S-1-5-21-858829026-1856093188-292686800-1000\...\Wargaming.net Game Center) (Version: 20.1.0.9514 - Wargaming.net)
Windows Driver Package - KEYLOK (usbkey) USB (06/10/2010 64.0.0.0) (HKLM\...\B048A6D4B0188E5A802ADFF30A7C78FA4AD99BE0) (Version: 06/10/2010 64.0.0.0 - KEYLOK)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinZip 25.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2412F}) (Version: 25.0.14273 - Corel Corporation)
Wireshark 3.0.7 64-bit (HKLM-x32\...\Wireshark) (Version: 3.0.7 - The Wireshark developer community, hxxps://www.wireshark.org)
World_of_Warships_NA (HKU\S-1-5-21-858829026-1856093188-292686800-1000\...\WOWS.NA.PRODUCTION) (Version: - Wargaming.net)
Zoiper (HKLM-x32\...\Zoiper) (Version: 3.15 - Securax LTD)
Zoom (HKU\S-1-5-21-858829026-1856093188-292686800-1000\...\ZoomUMX) (Version: 5.6.6 (961) - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-858829026-1856093188-292686800-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.WinZipExpressForOffice.dll (Corel Corporation -> )
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2019-12-03] (Notepad++ -> )
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => -> No File
ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\x64\shellex.dll [2022-03-24] (AO Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-09-25] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers2: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\x64\shellex.dll [2022-03-24] (AO Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-01-31] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\x64\shellex.dll [2022-03-24] (AO Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-09-25] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2013-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
ContextMenuHandlers6: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\x64\shellex.dll [2022-03-24] (AO Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-01-31] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-09-25] (Corel Corporation -> WinZip Computing)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\Server\Desktop\Manager App.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://192.168.2.110/loginapp
ShortcutWithArgument: C:\Users\Server\Desktop\YouTube Music.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=cinhimbnkkaeohfgghhklpknlkffjgod
ShortcutWithArgument: C:\Users\Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube Music.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=cinhimbnkkaeohfgghhklpknlkffjgod
ShortcutWithArgument: C:\Users\Server\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Manager App.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://192.168.2.110/loginapp

==================== Loaded Modules (Whitelisted) =============

2013-04-30 13:25 - 2013-04-30 13:25 - 000286720 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2019-01-04 20:52 - 2013-04-26 11:24 - 000073728 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
2013-04-30 13:25 - 2013-04-30 13:25 - 000531456 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
2019-03-27 23:48 - 2019-03-27 23:48 - 000115200 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
2019-01-10 01:19 - 2019-01-10 01:19 - 000225280 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll
2019-01-09 16:18 - 2019-01-09 16:18 - 000626688 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\MSVCR80.dll
2013-03-24 16:03 - 2013-03-24 16:03 - 001206344 _____ (NVIDIA CORPORATION -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\33004284.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\33004284.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKU\S-1-5-21-858829026-1856093188-292686800-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.yahoo.com/?fr=fp-comodo&type=81_138430010005_90.0.4430.212_u_hp
HKU\S-1-5-21-858829026-1856093188-292686800-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
HKU\S-1-5-21-858829026-1856093188-292686800-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKU\S-1-5-21-858829026-1856093188-292686800-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\120\DTS\Binn\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\ManagementStudio\;C:\Program Files (x86)\Microsoft SQL Server\120\DTS\Binn\;C:\Program Files (x86)\Windows Live\Shared
HKU\S-1-5-21-858829026-1856093188-292686800-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Server\AppData\Local\Microsoft\BingWallpaperApp\WPImages\20211102.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: Cti32svc => 2
MSCONFIG\Services: LanmanServer => 2
MSCONFIG\Services: nordvpn-service => 2
MSCONFIG\Services: Spitfire_LoginService => 2
MSCONFIG\Services: Spitfire_RecordingService => 2
MSCONFIG\Services: SQLSERVERAGENT => 2
MSCONFIG\Services: SQLWriter => 2
MSCONFIG\Services: W3SVC => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Preloader.lnk => C:\Windows\pss\WinZip Preloader.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Reader Synchronizer => "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe"
MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: COMODO Internet Security => "C:\Program Files\COMODO\COMODO Internet Security\cis.exe" --cistrayUI
MSCONFIG\startupreg: HP OfficeJet 3830 series (NET) => "C:\Program Files\HP\HP OfficeJet 3830 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN9AI7Q3RP06VZ:NW" -scfn "HP OfficeJet 3830 series (NET)" -AutoStart 1
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" -f "C:\ProgramData\NVIDIA\Updatus\NvTmru\nvtmru.dat"
MSCONFIG\startupreg: WinZip UN => "C:\Program Files\WinZip\WZUpdateNotifier.exe" -show

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{699901DF-2F29-4828-B7D8-22ABEDDF4266}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{64395F01-071B-44FB-BF8C-A67272D2C9DA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{97CA34CC-7A53-4B2C-96C8-25E22DAD69EA}] => (Allow) C:\Users\Server\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{19B6073F-D612-4767-A5D7-8682347C7756}] => (Allow) C:\Users\Server\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{4D7D9794-47EB-4CEA-B194-18A3F977084C}] => (Allow) C:\Users\Server\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{AD78FEE2-7172-49C9-AEBC-1C5EA7ED0249}] => (Allow) C:\Users\Server\AppData\Local\Temp\7zS7943\HP.EasyStart.exe => No File
FirewallRules: [{67F66373-D38A-4EE6-854E-0929ED687DBC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{214190A8-A703-44CB-819E-3D54184F554C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5DF9E17E-7F2F-4135-B42A-AE7A118948F3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BF8FCA76-33FB-4C98-A5E1-92C038AA81C0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9C7B5A10-B5AD-4F41-A518-0A1814B43501}] => (Allow) C:\Users\Server\AppData\Local\Temp\7zS5212\HP.EasyStart.exe => No File
FirewallRules: [{F2363168-009F-442C-9187-7BB1FCAE8E3A}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\FaxApplications.exe (HP Inc. -> HP Inc.)
FirewallRules: [{FFF8E108-2148-4E88-B808-000C6D019603}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\DigitalWizards.exe (HP Inc. -> HP Inc.)
FirewallRules: [{188F0B8E-68BB-4AEA-8421-FA8B742E0152}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\SendAFax.exe (HP Inc. -> HP Inc.)
FirewallRules: [{4EA80E2C-7223-4119-BB90-FD4E3ADEBFC6}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\FaxPrinterUtility.exe (HP Inc. -> HP Inc.)
FirewallRules: [{71DF56AF-4BC8-40F3-8CD6-4F5B63DC18FD}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\Bin\DeviceSetup.exe (HP Inc. -> HP Inc.)
FirewallRules: [{E17E2C77-B126-4791-B91D-3438E6034449}] => (Allow) LPort=5357
FirewallRules: [{8DA97A81-E230-47AE-BD8E-FB6044CC0558}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc. -> HP Inc.)
FirewallRules: [{E8BE9B73-5123-408A-AA94-0AD4B4C424E0}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{9FC6243C-CBE6-41D0-8FCB-4CF8B52CEA9F}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{1A10D8DD-50C2-46AC-9DCF-12F87A5D1E7F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{194E8030-F077-41CA-8D35-FF51D6520E46}] => (Allow) C:\Users\Server\AppData\Local\Programs\Opera\85.0.4341.60\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{2235CB34-63C0-42E1-8E95-96A00C4EDE9E}] => (Allow) C:\Users\Server\AppData\Local\Programs\Opera\85.0.4341.75\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{DDC26DD2-3D6A-462A-8DB4-636E5A9F296E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

01-04-2022 16:23:26 JRT Pre-Junkware Removal
10-04-2022 20:18:41 JRT Pre-Junkware Removal
10-04-2022 22:17:54 Windows Live Essentials
10-04-2022 22:18:17 WLSetup
10-04-2022 23:01:49 Windows Update
11-04-2022 03:02:32 Windows Update
12-04-2022 03:00:24 Windows Update
14-04-2022 15:56:44 Windows Update
14-04-2022 16:03:38 JRT Pre-Junkware Removal
15-04-2022 03:00:19 Windows Update
16-04-2022 03:00:28 Windows Update
17-04-2022 03:00:20 Windows Update
18-04-2022 03:00:19 Windows Update
22-04-2022 23:11:07 Windows Update
23-04-2022 03:00:10 Windows Update
24-04-2022 03:00:31 Windows Update
25-04-2022 03:00:24 Windows Update
26-04-2022 03:00:33 Windows Update
27-04-2022 19:45:47 Windows Update
28-04-2022 03:00:10 Windows Update
29-04-2022 03:00:22 Windows Update
30-04-2022 03:00:35 Windows Update
01-05-2022 03:00:42 Windows Update
02-05-2022 03:00:30 Windows Update
03-05-2022 03:00:34 Windows Update

==================== Faulty Device Manager Devices ============

Name: Bluetooth Device (Personal Area Network) #3
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Network Controller
Description: Network Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Device (RFCOMM Protocol TDI) #3
Description: Bluetooth Device (RFCOMM Protocol TDI)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RFCOMM
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: PCHunter64ao
Description: PCHunter64ao
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: PCHunter64ao
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: ========================

Application errors:
==================
Error: (05/03/2022 05:15:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/02/2022 03:08:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9002

Error: (05/02/2022 03:08:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9002

Error: (05/02/2022 03:08:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/02/2022 03:08:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8003

Error: (05/02/2022 03:08:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8003

Error: (05/02/2022 03:08:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/02/2022 03:08:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7005


System errors:
=============
Error: (05/03/2022 05:43:57 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.

Error: (05/03/2022 05:37:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (05/03/2022 05:37:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (05/03/2022 05:37:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (05/03/2022 05:37:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (05/03/2022 05:37:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (05/03/2022 05:37:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (05/03/2022 05:27:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Windows Defender:
================
Date: 2022-04-10 22:09:22.114
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:SettingsModifier:Win32/PossibleHostsFileHijack
Severity:Medium
Category:Settings Modifier
Path Found:containerfile:C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\6s1sz6oo.default\extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi;file:C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\6s1sz6oo.default\extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi->assets/thirdparties/someonewhocares.org/hosts/hosts
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:

Date: 2022-03-24 19:54:38.051
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:SettingsModifier:Win32/PossibleHostsFileHijack
Severity:Medium
Category:Settings Modifier
Path Found:containerfile:C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\6s1sz6oo.default\extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi;file:C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\6s1sz6oo.default\extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi->assets/thirdparties/someonewhocares.org/hosts/hosts
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:

Date: 2022-03-08 00:50:44.861
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:SettingsModifier:Win32/PossibleHostsFileHijack
Severity:Medium
Category:Settings Modifier
Path Found:containerfile:C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\6s1sz6oo.default\extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi;file:C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\6s1sz6oo.default\extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi->assets/thirdparties/someonewhocares.org/hosts/hosts
Detection Type:Concrete
Detection Source:User
Status:Unknown
Process Name:C:\Program Files\windows defender\MSASCui.exe

Date: 2022-03-07 23:50:48.622
Description:
Windows Defender scan has been stopped before completion.
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2021-06-03 14:26:50.277
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:SettingsModifier:Win32/PossibleHostsFileHijack
Severity:Medium
Category:Settings Modifier
Path Found:containerfile:C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\6s1sz6oo.default\extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi;file:C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\6s1sz6oo.default\extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi->assets/thirdparties/someonewhocares.org/hosts/hosts
Detection Type:Concrete
Detection Source:User
Status:Unknown
Process Name:C:\Program Files\Windows Defender\MSASCui.exe
Event[0]:

Date: 2020-11-29 01:15:24.374
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.17600.5
Previous Engine Version:1.1.6402.0
Update Source:User
Error Code:0x8050800c
Error description:An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

Date: 2019-10-22 23:34:35.399
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.16500.1
Previous Engine Version:1.1.6402.0
Update Source:User
Error Code:0x8050800c
Error description:An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

Date: 2019-07-12 06:14:22.198
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.16100.4
Previous Engine Version:1.1.6402.0
Update Source:User
Error Code:0x8050800c
Error description:An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

Date: 2019-07-11 11:42:37.629
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.16100.4
Previous Engine Version:1.1.6402.0
Update Source:User
Error Code:0x8050800c
Error description:An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

Date: 2019-07-10 11:42:44.516
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.16100.4
Previous Engine Version:1.1.6402.0
Update Source:User
Error Code:0x8050800c
Error description:An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

==================== Memory info ===========================

BIOS: Dell Inc. A14 05/31/2019
Motherboard: Dell Inc. 0KWVT8
Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 36%
Total physical RAM: 16335.18 MB
Available physical RAM: 10443.07 MB
Total Virtual: 32668.5 MB
Available Virtual: 23999.37 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:688.55 GB) NTFS

\\?\Volume{86ddb7c3-10a0-11e9-8a4d-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: E3F66393)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
 

Broni

Posts: 55,918   +506
redtarget.gif
You're running three AV programs: MSE, Comodo and Kaspersky.
You must uninstall TWO of them.

Then...

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 

Boufeez

Posts: 162   +0
Hi ..I uninstalled comodo , restarted machine , then uninstalled kapersky and keyboard +mouse not working . I'm typing this on my phone

Ugghhh

Please advise !

Thank you
 

Boufeez

Posts: 162   +0
When I push the power button and I do a hard power off and turn the machine back on again and I get the message that windows didn't power off correctly the keyboard works and even in safe mode with networking once windows is active nothing works
 

Boufeez

Posts: 162   +0
No, in regular start up when I'm prompted for password once the machine has booted I have no keyboard or mouse. In safe with with networking or without networking same issue. Should I try a wired mouse and keyboard , I will have to go purchase one. But in the black screen when it says windows did not shut down correctly , boot normally it with sage mode the arrows on the keyboard work I can go up or down
 

Broni

Posts: 55,918   +506
Since this issue is not malware related anymore, I suggest you create new topic in Windows forum to get better help.
Once the issue is resolved, please come back here.
 

Boufeez

Posts: 162   +0
Program : RogueKiller Anti-Malware
Version : 15.5.0.0
x64 : Yes
Program Date : May 2 2022
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : Server
User is Admin : Yes
Date : 2022/05/05 23:21:12
Type : Scan
Aborted : No
Scan Mode : Standard
Duration : 1019
Found items : 0
Total scanned : 102220
Signatures Version : 20220502_072911
Truesight Driver : Yes
Updates Count : 7
Arguments : -minimize

************************* Warnings *************************

************************* Updates *************************
Diag version 1.6.0.0 (64-bit), version 1.6.0.0
[+] Available Version : 2.5.1.0
[+] Size : 91.2 MB
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\Diag\

BlueStacks App Player (64-bit), version 4.120.0.1081
[+] Available Version : 5.7.100.1036
[+] Size : 1.99 GB
[+] Wow6432 : No
[+] Portable : No

CCleaner (64-bit), version 5.89
[+] Available Version : 5.92
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\CCleaner

VLC media player (64-bit), version 3.0.8
[+] Available Version : 3.0.17.4
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\VideoLAN\VLC

Malwarebytes version 4.5.0.152 (64-bit), version 4.5.0.152
[+] Available Version : 4.5.8
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\Malwarebytes\Anti-Malware

Notepad++ (32-bit x86) (32-bit), version 7.8.2
[+] Available Version : 8.4
[+] Size : 11.2 MB
[+] Wow6432 : Yes
[+] Portable : No

Wireshark 3.0.7 64-bit (32-bit), version 3.0.7
[+] Available Version : 3.6.5
[+] Size : 174 MB
[+] Wow6432 : Yes
[+] Portable : No
[+] update_location : C:\Program Files\Wireshark


************************* Processes *************************

************************* Modules *************************

************************* Services *************************

************************* Scheduled Tasks *************************

************************* Registry *************************

************************* WMI *************************

************************* Hosts File *************************
is_too_big : No
hosts_file_path : C:\Windows\System32\drivers\etc\hosts


************************* Filesystem *************************

************************* Web Browsers *************************

************************* Antirootkit *************************
 

Boufeez

Posts: 162   +0
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/5/22
Scan Time: 7:42 PM
Log File: fb6b0db8-cccc-11ec-95b0-f8b156ae9ee4.json

-Software Information-
Version: 4.5.9.198
Components Version: 1.0.1676
Update Package Version: 1.0.54604
License: Free

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Server-PC\Server

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 373140
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 2 min, 57 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 

Boufeez

Posts: 162   +0
# -------------------------------
# Malwarebytes AdwCleaner 8.3.2.0
# -------------------------------
# Build: 03-23-2022
# Database: 2022-04-27.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 05-05-2022
# Duration: 00:00:12
# OS: Windows 7 Professional
# Scanned: 32047
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [1257 octets] - [02/04/2019 21:18:46]
AdwCleaner[S01].txt - [1318 octets] - [30/04/2019 13:24:18]
AdwCleaner[S02].txt - [1379 octets] - [04/06/2019 11:23:05]
AdwCleaner[S03].txt - [1440 octets] - [20/06/2019 20:14:58]
AdwCleaner[S04].txt - [1501 octets] - [25/06/2019 23:42:56]
AdwCleaner[C04].txt - [1687 octets] - [25/06/2019 23:43:18]
AdwCleaner[S05].txt - [1623 octets] - [03/07/2019 23:29:44]
AdwCleaner[S06].txt - [1760 octets] - [16/08/2019 20:35:48]
AdwCleaner[C06].txt - [1948 octets] - [16/08/2019 20:36:01]
AdwCleaner_Debug.log - [34595 octets] - [11/09/2019 16:24:23]
AdwCleaner[S07].txt - [1985 octets] - [11/09/2019 16:24:53]
AdwCleaner[S08].txt - [2046 octets] - [11/09/2019 16:25:28]
AdwCleaner[C08].txt - [2197 octets] - [11/09/2019 16:25:40]
AdwCleaner[S09].txt - [3149 octets] - [07/10/2019 06:10:59]
AdwCleaner[S10].txt - [3121 octets] - [12/10/2019 02:23:10]
AdwCleaner[S11].txt - [2390 octets] - [22/12/2019 02:00:37]
AdwCleaner[C11].txt - [2602 octets] - [22/12/2019 02:01:12]
AdwCleaner[S12].txt - [2372 octets] - [29/12/2019 18:11:50]
AdwCleaner[S13].txt - [2433 octets] - [30/12/2019 14:56:45]
AdwCleaner[S14].txt - [2494 octets] - [13/01/2020 03:15:50]
AdwCleaner[S15].txt - [2555 octets] - [31/01/2020 19:54:08]
AdwCleaner[S16].txt - [2696 octets] - [31/01/2020 20:09:05]
AdwCleaner[S17].txt - [2757 octets] - [10/02/2020 00:27:56]
AdwCleaner[S18].txt - [2818 octets] - [20/02/2020 14:35:09]
AdwCleaner[S19].txt - [2879 octets] - [22/02/2020 18:23:28]
AdwCleaner[S20].txt - [2942 octets] - [24/02/2020 11:59:57]
AdwCleaner[C20].txt - [3112 octets] - [24/02/2020 12:00:26]
AdwCleaner[S21].txt - [3064 octets] - [24/02/2020 12:08:26]
AdwCleaner[C21].txt - [3234 octets] - [24/02/2020 12:08:34]
AdwCleaner[S22].txt - [3184 octets] - [24/02/2020 12:15:15]
AdwCleaner[S23].txt - [3245 octets] - [29/02/2020 09:52:17]
AdwCleaner[S24].txt - [3439 octets] - [10/03/2020 11:07:40]
AdwCleaner[C24].txt - [3609 octets] - [10/03/2020 11:08:00]
AdwCleaner[S25].txt - [3428 octets] - [10/03/2020 11:20:12]
AdwCleaner[S26].txt - [3489 octets] - [13/03/2020 13:02:16]
AdwCleaner[S27].txt - [3550 octets] - [13/03/2020 14:36:13]
AdwCleaner[S28].txt - [3611 octets] - [23/03/2020 03:29:46]
AdwCleaner[S29].txt - [3672 octets] - [02/04/2020 02:29:17]
AdwCleaner[S30].txt - [3733 octets] - [23/04/2020 03:33:30]
AdwCleaner[S31].txt - [3794 octets] - [02/06/2020 15:05:44]
AdwCleaner[S32].txt - [3855 octets] - [18/06/2020 00:36:11]
AdwCleaner[S33].txt - [3916 octets] - [18/06/2020 00:36:41]
AdwCleaner[S34].txt - [3977 octets] - [26/06/2020 13:09:03]
AdwCleaner[S35].txt - [4038 octets] - [09/07/2020 16:57:34]
AdwCleaner[S36].txt - [4099 octets] - [21/07/2020 19:17:44]
AdwCleaner[S37].txt - [4160 octets] - [24/07/2020 19:00:01]
AdwCleaner[S38].txt - [4221 octets] - [01/08/2020 13:58:51]
AdwCleaner[S39].txt - [4282 octets] - [06/08/2020 12:49:13]
AdwCleaner[S40].txt - [4263 octets] - [03/09/2020 11:50:16]
AdwCleaner[S41].txt - [4480 octets] - [01/03/2021 12:17:14]
AdwCleaner[C41].txt - [4650 octets] - [01/03/2021 12:17:34]
AdwCleaner[S42].txt - [4525 octets] - [09/03/2021 22:34:38]
AdwCleaner[C42].txt - [4716 octets] - [09/03/2021 22:34:57]
AdwCleaner[S43].txt - [4648 octets] - [23/03/2021 18:48:44]
AdwCleaner[S44].txt - [4709 octets] - [30/03/2021 20:00:21]
AdwCleaner[S45].txt - [4770 octets] - [18/04/2021 23:39:42]
AdwCleaner[S46].txt - [4831 octets] - [21/05/2021 18:56:01]
AdwCleaner[S47].txt - [4812 octets] - [02/06/2021 00:34:06]
AdwCleaner[S48].txt - [4953 octets] - [26/07/2021 01:48:35]
AdwCleaner[S49].txt - [4934 octets] - [02/08/2021 20:06:34]
AdwCleaner[S50].txt - [5075 octets] - [27/08/2021 01:04:24]
AdwCleaner[S51].txt - [5136 octets] - [30/09/2021 02:00:19]
AdwCleaner[S52].txt - [5117 octets] - [02/11/2021 23:32:48]
AdwCleaner[S53].txt - [5258 octets] - [26/11/2021 22:01:09]
AdwCleaner[S54].txt - [5319 octets] - [08/01/2022 17:21:08]
AdwCleaner[S55].txt - [5380 octets] - [12/01/2022 13:19:44]
AdwCleaner[S56].txt - [5441 octets] - [25/03/2022 00:48:16]
AdwCleaner[S57].txt - [5502 octets] - [01/04/2022 16:27:13]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S58].txt ##########
 

Broni

Posts: 55,918   +506
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 

Boufeez

Posts: 162   +0
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-04-2022
Ran by Server (administrator) on SERVER-PC (Dell Inc. XPS 8700) (06-05-2022 03:50:10)
Running from C:\Users\Server\Desktop
Loaded Profiles: Server & UpdatusUser & MsDtsServer120 & MSSQLSERVER
Platform: Microsoft Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Default browser: IE
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE ->) (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <20>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(nvvsvc.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Comodo Security Solutions, Inc. -> COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\isesrv.exe
(services.exe ->) (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(services.exe ->) (Intel Corporation -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(services.exe ->) (Intel Corporation -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(services.exe ->) (Intel Corporation -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\120\DTS\Binn\MsDtsSrvr.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe <2>
(services.exe ->) (Qualcomm Atheros -> Atheros) [File not signed] C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(services.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188040 2013-05-10] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [AtherosBtStack] => "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\btvstack.exe" (No File)
HKLM\...\Run: [AthBtTray] => "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\athbttray.exe" (No File)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [4187856 2019-01-29] (Comodo Security Solutions, Inc. -> COMODO)
HKLM-x32\...\RunOnce: [wextract_cleanup0] => rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Server\AppData\Local\Temp\IXP000.TMP\" (No File) <==== ATTENTION
HKU\S-1-5-21-858829026-1856093188-292686800-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-858829026-1856093188-292686800-1000\...\Run: [BingWallpaperApp] => C:\Users\Server\AppData\Local\Microsoft\BingWallpaperApp\BingWallpaperApp.exe [13990808 2022-04-19] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-858829026-1856093188-292686800-1001\...\Run: [LogMeInRescueCallingCardsx7wouv] => C:\Program Files (x86)\LogMeIn Rescue Calling Card\x7wouv\CallingCard.exe [2272232 2017-10-20] (LogMeIn, Inc. -> LogMeIn, Inc.)
HKU\S-1-5-21-858829026-1856093188-292686800-1001\...\MountPoints2: {86ddb7c7-10a0-11e9-8a4d-806e6f6e6963} - D:\autoRcd.exe
HKU\S-1-5-80-3642287774-1615985598-572449333-1370030010-3123895339\...\Run: [LogMeInRescueCallingCardsx7wouv] => C:\Program Files (x86)\LogMeIn Rescue Calling Card\x7wouv\CallingCard.exe [2272232 2017-10-20] (LogMeIn, Inc. -> LogMeIn, Inc.)
HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\...\Run: [LogMeInRescueCallingCardsx7wouv] => C:\Program Files (x86)\LogMeIn Rescue Calling Card\x7wouv\CallingCard.exe [2272232 2017-10-20] (LogMeIn, Inc. -> LogMeIn, Inc.)
HKLM\...\Windows x64\Print Processors\ssb3mPC: C:\Windows\System32\spool\prtprocs\x64\ssb3mpc.dll [36864 2011-04-18] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Server 2003 DDK provider)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP OfficeJet 3830 series): C:\Windows\system32\HPDiscoPME511.dll [841376 2021-11-15] (HP Inc. -> HP Inc.)
HKLM\...\Print\Monitors\HP E511 Status Monitor: C:\Windows\system32\hpinkstsE511LM.dll [393352 2017-03-09] (Hewlett Packard -> HP Inc.)
HKLM\...\Print\Monitors\ssb3m Langmon: C:\Windows\system32\ssb3ml6.dll [34304 2011-04-14] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\101.0.4951.54\Installer\chrmstp.exe [2022-05-05] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] ->
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Display Manager.lnk [2019-01-11]
ShortcutTarget: Dell Display Manager.lnk -> C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe (EnTech Taiwan -> EnTech Taiwan)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05720D61-7C19-41BC-BDF0-CF082C238407} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [754472 2021-04-05] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {0BD47670-BEBF-4259-BEBF-6D54E7FB6506} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-17] (Adobe Inc. -> Adobe)
Task: {1EA4C5E4-A987-45B0-9BF1-60ABF8738B86} - System32\Tasks\Opera scheduled Autoupdate 1554446248 => C:\Users\Server\AppData\Local\Programs\Opera\launcher.exe [2469120 2022-04-20] (Opera Software AS -> Opera Software)
Task: {2507D921-3156-402C-92F5-52D9CDB44BD4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-10-04] (Google LLC -> Google LLC)
Task: {2B18273F-A30E-441F-9F3E-C8FACE6F11F4} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
Task: {2EC1FDE0-B728-461A-9AE5-CA4F2DDED012} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Task: {4D99C037-B093-452E-9B6E-E56058914EE2} - System32\Tasks\Opera scheduled assistant Autoupdate 1582726877 => C:\Users\Server\AppData\Local\Programs\Opera\launcher.exe [2469120 2022-04-20] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Server\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {62E55387-773D-48FD-A42E-0355962FFD3E} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [410784 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {6C4D6C55-B7FE-4476-8B55-702F27C725E3} - System32\Tasks\{297BB3C4-4A5F-44A4-AD54-66F31D44A21C} => C:\Windows\system32\pcalua.exe -a C:\Users\Server\Downloads\tonic-v1.0b990.exe -d C:\Users\Server\Downloads
Task: {7153A862-3C71-4509-921D-760E4D704C7A} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {796CD7A3-D972-4DC8-91A4-CC24FAC2661A} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-17] (Adobe Inc. -> Adobe)
Task: {8B83EA16-8EBD-49A6-8662-798D0BF62787} - System32\Tasks\SpitFire Restart => c:\spd enterprise\Batch\RestartServices.bat [3258 2017-06-28] () [File not signed]
Task: {96515E1D-6D5E-4152-A3D3-047EA32C56A1} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Server\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2022-04-10] (ESET, spol. s r.o. -> ESET)
Task: {98B33466-25A4-4B02-A9BD-BD57FE03B77A} - System32\Tasks\kpm_tray.exe => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_tray.exe [629864 2019-12-13] (Kaspersky Lab -> AO Kaspersky Lab)
Task: {A09E8498-0229-423A-947C-1696D545ACAB} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-01-25] (Piriform Software Ltd -> Piriform)
Task: {A8D63BBB-F13F-48AE-B7BE-D5122BBA4281} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {BA0A5F84-C1E4-4E5D-98DF-48DC5834E5AD} - System32\Tasks\CCleanerSkipUAC - Server => C:\Program Files\CCleaner\CCleaner.exe [29453952 2022-01-25] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {C6D6750D-45FD-474A-ADFE-B4DBFF85A48F} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Server\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2022-04-10] (ESET, spol. s r.o. -> ESET)
Task: {C737A258-098F-43C0-AC9F-9C50B49D97BD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-10-04] (Google LLC -> Google LLC)
Task: {C7523E68-07CA-4851-AB57-ACE91D09024B} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
Task: {D24B4989-8335-475F-B227-D20BA40B14A0} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [743488 2021-06-01] (Kaspersky Lab JSC -> AO Kaspersky Lab)
Task: {D35BC232-D0CC-4A1C-9597-4747E5EE51D7} - System32\Tasks\{470AC379-0A92-41D9-8806-A1D01031897B} => C:\Windows\system32\pcalua.exe -a C:\Users\Server\Desktop\LLOP\Setup_MUP.exe -d C:\Users\Server\Desktop\LLOP
Task: {D89E6015-1C7D-45ED-9E2F-DB4F41C784DF} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
Task: {F20D5891-02F0-4382-A9DB-6400E1BC82B8} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {FEB4F86A-21C9-48E2-AFAC-BD2BEB0C385E} - System32\Tasks\AdwCleaner_onReboot => C:\Users\Server\Downloads\adwcleaner_8.0.2.exe /r (No File)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-31] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C2FD0151-A916-4412-84C6-BA103ABA9908}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Server\AppData\Local\Microsoft\Edge\User Data\Default [2022-05-05]
Edge Notifications: Default -> hxxps://us1.blendr.com; hxxps://www.facebook.com
Edge HomePage: Default -> hxxp://us.yahoo.com/?fr=fp-comodo&type=81_138430010005_90.0.4430.212_u_hp
Edge StartupUrls: Default -> "hxxp://www.google.ca/"
Edge Extension: (Cisco Webex Extension) - C:\Users\Server\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cmihkeafcknlomclapaddfljaeegfbdl [2020-09-02]
Edge Extension: (Kaspersky Protection 20.0) - C:\Users\Server\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\elhpdacimkjpccooodognopfhbdgnpbk [2021-02-05]
Edge HKU\S-1-5-21-858829026-1856093188-292686800-1000\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]
Edge HKU\S-1-5-21-858829026-1856093188-292686800-1000\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [elhpdacimkjpccooodognopfhbdgnpbk]
Edge HKU\S-1-5-21-858829026-1856093188-292686800-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]
Edge HKU\S-1-5-80-3642287774-1615985598-572449333-1370030010-3123895339\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]
Edge HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]
Edge HKLM-x32\...\Edge\Extension: [cmihkeafcknlomclapaddfljaeegfbdl]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: 6s1sz6oo.default
FF ProfilePath: C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\6s1sz6oo.default [2022-05-05]
FF Homepage: Mozilla\Firefox\Profiles\6s1sz6oo.default -> hxxp://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES007&pc=UE06
FF Notifications: Mozilla\Firefox\Profiles\6s1sz6oo.default -> hxxps://www.schedulicity.com
FF Extension: (Cisco WebEx Extension) - C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\6s1sz6oo.default\Extensions\ciscowebexstart1@cisco.com.xpi [2020-09-03]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\6s1sz6oo.default\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2022-01-11]
FF Extension: (uBlock) - C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\6s1sz6oo.default\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2019-07-30]
FF Extension: (Cisco WebEx Extension) - C:\Program Files\Mozilla Firefox\distribution\extensions\ciscowebexstart1@cisco.com.xpi [2020-08-29]
FF HKLM\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-17] (Adobe Inc. -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @360.cn/npaxlogin -> C:\Program Files (x86)\360\360Safe\Utils\npaxlogin.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-17] (Adobe Inc. -> )
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-03-24] (NVIDIA CORPORATION -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-03-24] (NVIDIA CORPORATION -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @webex.com/npatgpc -> C:\Program Files (x86)\Webex\npatgpc.dll [2020-08-29] (Cisco WebEx LLC -> Cisco WebEx LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2019-01-24] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2019-01-24] <==== ATTENTION

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Server\AppData\Local\Google\Chrome\User Data\Default [2022-05-06]
CHR Notifications: Default -> hxxps://web.skype.com; hxxps://www.facebook.com; hxxps://www.reddit.com; hxxps://www.youtube.com
CHR Extension: (Google Docs Offline) - C:\Users\Server\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-04-27]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Server\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-04-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Server\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-10-04]
CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [jlhmfgmfgeifomenelglieieghnjghma]

Opera:
=======
OPR Profile: C:\Users\Server\AppData\Roaming\Opera Software\Opera Stable [2022-03-24]
OPR DownloadDir: C:\Users\Server\Downloads
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\Server\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-08-02]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-17] (Adobe Inc. -> Adobe)
R2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [98208 2009-11-17] (Andrea Electronics -> Andrea Electronics Corporation)
S4 AVP21.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.2\avp.exe [381928 2020-10-22] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S2 AVP21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\avp.exe [184768 2021-08-26] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [90776 2014-03-20] (Microsoft Corporation -> Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [158912 2019-03-28] (Microsoft Dynamic Code Publisher -> Microsoft Corporation)
S4 Cti32svc; C:\Program Files (x86)\CTI32\cti32svc.exe [24576 2018-01-17] (Inventive Labs, LLC) [File not signed]
S2 HmpElements; C:\Program Files\Inventive Labs\Hmp Elements Server\HmpElementsServer.exe [2016248 2018-01-17] (Inventive Labs Corporation -> Inventive Labs, Inc.)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [532968 2018-12-02] (Intel Corporation -> Intel Corporation)
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [1044176 2019-01-29] (Comodo Security Solutions, Inc. -> COMODO)
S3 klvssbridge64_21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\x64\vssbridge64.exe [479280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 kpm_launch_service; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe [354008 2019-02-08] (Kaspersky Lab -> AO Kaspersky Lab)
S3 KSDE3.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe [617016 2018-03-01] (Kaspersky Lab -> AO Kaspersky Lab)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8524512 2022-05-05] (Malwarebytes Inc. -> Malwarebytes)
R2 MsDtsServer120; C:\Program Files\Microsoft SQL Server\120\DTS\Binn\MsDtsSrvr.exe [209816 2020-11-01] (Microsoft Corporation -> Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [365464 2020-11-01] (Microsoft Corporation -> Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S4 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [221136 2019-10-29] (TEFINCOM S.A. -> )
S2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [14496296 2022-05-02] (ADLICE -> )
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S2 Spitfire_BusinessService; C:\SPD Enterprise\SpitFire_BusinessService\Spitfire_BusinessService.exe [7680 2019-07-30] () [File not signed]
S2 Spitfire_DialService; C:\SPD Enterprise\SpitFire_DialService\Spitfire_DialService.exe [6656 2019-08-20] () [File not signed]
S4 Spitfire_LoginService; C:\SPD Enterprise\SpitFire_LoginService\Spitfire_LoginService.exe [7168 2019-03-06] () [File not signed]
S4 Spitfire_RecordingService; C:\SPD Enterprise\SpitFire_RecordingService\Spitfire_RecordingService.exe [7168 2019-05-03] () [File not signed]
S3 SQL Server Distributed Replay Client; C:\Program Files (x86)\Microsoft SQL Server\120\Tools\DReplayClient\DReplayClient.exe [133016 2020-11-01] (Microsoft Corporation -> Microsoft Corporation)
S3 SQL Server Distributed Replay Controller; C:\Program Files (x86)\Microsoft SQL Server\120\Tools\DReplayController\DReplayController.exe [338320 2020-11-01] (Microsoft Corporation -> Microsoft Corporation)
S4 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [606104 2020-11-01] (Microsoft Corporation -> Microsoft Corporation)
S3 WebexService; C:\Program Files (x86)\Webex\Webex\Applications\WebExService.exe [146240 2020-08-29] (Cisco WebEx LLC -> Cisco WebEx LLC)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292480 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2014-05-13] (Qualcomm Atheros -> Atheros) [File not signed]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 athr; C:\Windows\System32\DRIVERS\athrx.sys [4108288 2014-10-17] (Qualcomm Atheros Communications, Inc.) [File not signed]
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [220544 2020-11-25] (Beijing Qihu Technology Co., Ltd. -> 360.cn)
S3 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv.sys [313112 2019-07-29] (Bluestack Systems, Inc. -> Bluestack System Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [156520 2018-10-14] (Intel Corporation -> Motorola Solutions, Inc.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [78560 2022-03-24] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [41608 2019-05-21] (Techporch Incorporated -> Dell Inc.)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [41208 2019-05-21] (Techporch Incorporated -> Dell Computer Corporation)
R1 isedrv; C:\Windows\system32\drivers\isedrv.sys [51368 2019-01-29] (Comodo Security Solutions, Inc. -> COMODO)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [644320 2022-03-24] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [110336 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [211704 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [126216 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klflt; C:\Windows\System32\DRIVERS\klflt.sys [78560 2022-03-24] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klgse; C:\Windows\System32\DRIVERS\klgse.sys [657696 2021-03-15] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [1400600 2021-03-15] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 KLIF; C:\Windows\System32\DRIVERS\klif.sys [176864 2022-03-24] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [112392 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [112904 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [85256 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [48080 2018-02-12] (AnchorFree Inc -> The OpenVPN Project)
R1 klwfp; C:\Windows\System32\DRIVERS\klwfp.sys [78560 2022-03-24] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [78560 2022-03-24] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [300808 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239560 2022-05-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R1 npcap; C:\Windows\System32\DRIVERS\npcap.sys [71888 2016-12-15] (Insecure.Com LLC -> Insecure.Com LLC.)
S3 npcap_wifi; C:\Windows\System32\DRIVERS\npcap.sys [71888 2016-12-15] (Insecure.Com LLC -> Insecure.Com LLC.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 nusb3hub; C:\Windows\system32\drivers\nusb3hub.sys [80384 2010-09-30] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
S3 nusb3xhc; C:\Windows\system32\drivers\nusb3xhc.sys [180736 2010-09-30] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
S4 RsFx0321; C:\Windows\System32\DRIVERS\RsFx0321.sys [258720 2018-07-25] (Microsoft Corporation -> Microsoft Corporation)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [3821064 2016-10-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 tapnordvpn; C:\Windows\System32\DRIVERS\tapnordvpn.sys [35592 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
S3 usbkey; C:\Windows\System32\DRIVERS\USBKey64.sys [40288 2019-01-09] (Microcomputer Applications Inc -> )
R3 kldlfmgr; C:\Windows\System32\Drivers\kldlfmgr.sys [24800 2022-03-24] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 kldlfwpk; C:\Windows\System32\Drivers\kldlfwpk.sys [24800 2022-03-24] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 Kldlimpc; C:\Windows\System32\Drivers\Kldlimpc.sys [2524896 2022-03-24] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 kldlksec; C:\Windows\System32\Drivers\kldlksec.sys [24800 2022-03-24] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 kldlndis; C:\Windows\System32\Drivers\kldlndis.sys [24800 2022-03-24] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 kldlnio; C:\Windows\System32\Drivers\kldlnio.sys [24800 2022-03-24] (Kaspersky Lab JSC -> AO Kaspersky Lab)
U1 aswbdisk; no ImagePath
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S0 kavbootc; system32\drivers\kavbootc64.sys [X]
S3 ksapi64; \??\C:\Windows\system32\drivers\ksapi64.sys [X]
S1 PCHunter64ao; \??\C:\Users\Server\Desktop\pchunt\PCHunter64ao.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVCx32: dg597 -> no filepath.

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-05-06 03:50 - 2022-05-06 03:50 - 000032979 _____ C:\Users\Server\Desktop\FRST.txt
2022-05-06 03:50 - 2022-05-06 03:50 - 000000000 ____D C:\Users\Server\Desktop\FRST-OlderVersion
2022-05-05 20:13 - 2022-05-05 20:13 - 000001908 _____ C:\Windows\diagwrn.xml
2022-05-05 20:13 - 2022-05-05 20:13 - 000001908 _____ C:\Windows\diagerr.xml
2022-05-05 20:13 - 2022-05-05 20:13 - 000000000 ___HD C:\$WINDOWS.~BT
2022-05-05 20:00 - 2022-05-05 20:00 - 000165917 _____ C:\Users\Server\Desktop\rBCScan.pdf
2022-05-05 19:46 - 2022-05-05 19:46 - 008551608 _____ (Malwarebytes) C:\Users\Server\Downloads\AdwCleaner.exe
2022-05-05 19:40 - 2022-05-05 19:40 - 000001948 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-05-05 19:38 - 2022-05-05 19:38 - 002443448 _____ (Malwarebytes) C:\Users\Server\Downloads\MBSetup-119181.119181-consumer.exe
2022-05-05 19:37 - 2022-05-05 19:37 - 000006904 _____ C:\Users\Server\Documents\rogue.txt
2022-05-05 19:01 - 2022-05-05 19:01 - 043520560 _____ (Adlice Software ) C:\Users\Server\Downloads\RogueKiller_setup (1).exe
2022-05-03 17:27 - 2022-05-03 17:27 - 000616689 _____ C:\Users\Server\Desktop\Maria.Scan.pdf
2022-05-03 03:00 - 2022-05-03 03:00 - 000003768 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onLogOn
2022-05-03 03:00 - 2022-05-03 03:00 - 000003328 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onTime
2022-04-22 23:26 - 2022-04-22 23:26 - 000000000 ____D C:\Users\Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bing Wallpaper
2022-04-10 23:45 - 2022-05-06 03:50 - 002366976 _____ (Farbar) C:\Users\Server\Desktop\FRST64 (2).exe
2022-04-10 23:33 - 2022-04-10 23:33 - 000000000 ___HD C:\VTRoot
2022-04-10 23:32 - 2022-05-06 03:50 - 000000000 ____D C:\FRST
2022-04-10 22:51 - 2022-04-10 22:51 - 000001945 _____ C:\Windows\epplauncher.mif
2022-04-10 22:46 - 2022-04-10 22:46 - 000002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2022-04-10 22:45 - 2022-04-10 22:46 - 000000000 ____D C:\Program Files\Microsoft Security Client
2022-04-10 22:45 - 2022-04-10 22:45 - 000000000 ____D C:\Program Files (x86)\Microsoft Security Client
2022-04-10 22:40 - 2022-04-10 22:40 - 000000000 ____D C:\Users\Server\Tracing
2022-04-10 22:18 - 2022-04-10 22:18 - 000002486 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2022-04-10 22:05 - 2022-04-10 22:05 - 015274968 _____ (ESET) C:\Users\Server\Downloads\esetonlinescanner (1).exe
2022-04-10 22:02 - 2022-04-10 22:02 - 015274968 _____ (ESET) C:\Users\Server\Downloads\esetonlinescanner.exe
2022-04-10 22:02 - 2022-04-10 22:02 - 000000000 ____D C:\Users\Server\AppData\Local\ESET
2022-04-10 21:55 - 2022-04-10 21:55 - 017617120 _____ (NortonLifeLock Inc.) C:\Users\Server\Downloads\NPE.exe
2022-04-10 21:55 - 2022-04-10 21:55 - 000000000 ____D C:\Users\Server\AppData\Local\NPE
2022-04-10 21:55 - 2022-04-10 21:55 - 000000000 ____D C:\ProgramData\Norton
2022-04-09 22:46 - 2022-04-09 22:46 - 000049472 _____ C:\Windows\SysWOW64\traffic_stats.db-wal
2022-04-09 22:46 - 2022-04-09 22:46 - 000032768 _____ C:\Windows\SysWOW64\traffic_stats.db-shm
2022-04-09 22:46 - 2022-04-09 22:46 - 000004096 _____ C:\Windows\SysWOW64\traffic_stats.db
2022-04-09 22:08 - 2022-04-09 22:08 - 000000000 ____D C:\Windows\system32\gf2engine
2022-04-09 21:28 - 2022-04-09 21:28 - 2018362525 _____ C:\Windows\MEMORY.DMP

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-05-06 03:23 - 2021-10-04 23:18 - 000000000 ____D C:\Program Files (x86)\Google
2022-05-05 23:07 - 2020-02-22 19:34 - 000000000 ____D C:\Program Files\CCleaner
2022-05-05 22:47 - 2021-06-16 18:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2022-05-05 22:47 - 2019-06-25 23:53 - 000000000 ____D C:\ProgramData\RogueKiller
2022-05-05 22:47 - 2019-01-10 19:13 - 000000000 ____D C:\Users\SQLSERVERAGENT
2022-05-05 22:47 - 2019-01-10 01:10 - 000000000 ____D C:\Users\DefaultAppPool
2022-05-05 22:47 - 2019-01-09 16:36 - 000000000 ____D C:\Users\Classic .NET AppPool
2022-05-05 22:47 - 2019-01-08 00:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2022-05-05 22:47 - 2019-01-08 00:45 - 000000000 ____D C:\Program Files\Common Files\AV
2022-05-05 22:47 - 2019-01-08 00:44 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2022-05-05 22:47 - 2019-01-08 00:44 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2022-05-05 22:47 - 2019-01-04 21:21 - 000000000 ____D C:\Users\Server
2022-05-05 22:47 - 2010-11-21 03:16 - 000000000 ___RD C:\Users\Public\Recorded TV
2022-05-05 22:47 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\registration
2022-05-05 20:18 - 2009-07-14 00:45 - 000035024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2022-05-05 20:18 - 2009-07-14 00:45 - 000035024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2022-05-05 20:13 - 2019-01-05 00:14 - 000000000 ____D C:\Windows\Panther
2022-05-05 20:13 - 2009-07-14 01:13 - 001040176 _____ C:\Windows\system32\PerfStringBackup.INI
2022-05-05 20:13 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2022-05-05 20:04 - 2021-10-04 23:15 - 000012288 ___SH C:\Users\Server\Documents\Thumbs.db
2022-05-05 19:40 - 2022-01-11 02:15 - 000239560 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2022-05-05 19:40 - 2022-01-11 02:15 - 000001960 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-05-05 19:40 - 2019-01-10 01:47 - 000000000 ____D C:\Users\Server\AppData\Local\CrashDumps
2022-05-05 19:39 - 2020-01-31 22:17 - 000103888 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2022-05-05 19:38 - 2020-01-31 22:17 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-05-05 19:38 - 2020-01-31 22:15 - 000000000 ____D C:\Program Files\Malwarebytes
2022-05-05 19:02 - 2022-03-08 00:55 - 000000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2022-05-05 19:02 - 2019-06-25 23:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2022-05-05 19:02 - 2019-06-25 23:53 - 000000000 ____D C:\Program Files\RogueKiller
2022-05-05 18:51 - 2021-06-09 19:37 - 000000000 ____D C:\ProgramData\Comodo
2022-05-05 18:51 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\inetsrv
2022-05-05 18:49 - 2019-01-09 16:25 - 000000000 ____D C:\Users\MSSQLSERVER
2022-05-05 18:49 - 2019-01-09 16:25 - 000000000 ____D C:\Users\MsDtsServer120
2022-05-05 18:49 - 2019-01-04 20:40 - 000000000 ____D C:\Users\UpdatusUser
2022-05-05 18:49 - 2019-01-04 20:40 - 000000000 ____D C:\ProgramData\NVIDIA
2022-05-05 18:49 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-05-05 03:10 - 2021-10-04 23:19 - 000002170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-05-03 17:52 - 2021-06-09 19:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2022-04-30 03:08 - 2020-08-01 18:06 - 000002223 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-04-22 23:19 - 2019-04-05 02:37 - 000004072 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1554446248
2022-04-22 23:18 - 2021-10-04 23:18 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2022-04-22 23:18 - 2021-10-04 23:18 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2022-04-18 05:16 - 2020-02-22 19:34 - 000004128 _____ C:\Windows\system32\Tasks\CCleaner Update
2022-04-15 03:04 - 2019-01-07 19:49 - 000000000 ____D C:\Windows\system32\MRT
2022-04-15 03:00 - 2019-01-07 19:49 - 143823848 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2022-04-14 16:13 - 2019-05-27 15:07 - 000002059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2022-04-11 04:08 - 2022-03-24 22:34 - 000000000 ____D C:\Users\Server\AppData\Local\Avast Software
2022-04-11 04:08 - 2022-03-24 21:59 - 000000000 ____D C:\ProgramData\Avast Software
2022-04-11 03:42 - 2009-07-13 23:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2022-04-11 03:39 - 2019-01-09 16:17 - 000000000 ____D C:\Windows\SysWOW64\1033
2022-04-11 03:39 - 2019-01-09 16:16 - 000000000 ____D C:\Windows\system32\1033
2022-04-11 03:35 - 2019-01-09 16:17 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2022-04-11 03:35 - 2019-01-09 16:13 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2022-04-11 03:17 - 2019-01-04 20:39 - 001032298 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2022-04-10 23:35 - 2020-03-05 17:23 - 000000000 ____D C:\Users\Server\AppData\Roaming\RingCentralMeetings
2022-04-10 22:40 - 2019-02-05 17:26 - 000000000 ____D C:\Users\Server\AppData\Local\Windows Live
2022-04-10 22:18 - 2019-02-05 17:27 - 000000000 ____D C:\Program Files (x86)\Windows Live
2022-04-10 21:01 - 2020-08-01 18:04 - 000003380 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-04-10 21:01 - 2020-08-01 18:04 - 000003252 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-04-10 20:24 - 2020-11-30 11:45 - 000000000 ____D C:\Windows\pss
2022-04-10 20:23 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\NDF
2022-04-09 21:48 - 2019-01-10 01:36 - 000000000 ____D C:\Users\Server\AppData\Local\ElevatedDiagnostics
2022-04-09 21:28 - 2020-11-30 11:37 - 000000000 ____D C:\Windows\Minidump

==================== Files in the root of some directories ========

2020-03-13 13:35 - 2020-03-13 13:35 - 000007605 _____ () C:\Users\Server\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2022-04-27 20:20
==================== End of FRST.txt ========================
 

Boufeez

Posts: 162   +0
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2022
Ran by Server (06-05-2022 03:51:02)
Running from C:\Users\Server\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X64) (2019-01-05 01:21:32)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-858829026-1856093188-292686800-500 - Administrator - Disabled)
Guest (S-1-5-21-858829026-1856093188-292686800-501 - Limited - Disabled)
Server (S-1-5-21-858829026-1856093188-292686800-1000 - Administrator - Enabled) => C:\Users\Server
UpdatusUser (S-1-5-21-858829026-1856093188-292686800-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AV: Kaspersky Total Security (Disabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Total Security (Disabled - Up to date) {F41710F6-65D1-4F66-2B68-CCCF63D4A09E}
FW: Kaspersky Total Security (Disabled) {774D7037-0984-41B0-3A87-5E88E680AD58}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 22.001.20117 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.12.36 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
Agent App (HKLM-x32\...\AgentApp) (Version: - )
AMD Catalyst Install Manager (HKLM\...\{F62CA14F-AB88-4A97-7752-BF36193B4CC3}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Bing Wallpaper (HKLM-x32\...\{980089C2-9D7D-4438-8DAF-C695E82DF18D}) (Version: 1.0.9.8 - Microsoft Corporation)
BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.120.0.1081 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.89 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco Webex Meetings (HKLM-x32\...\{13218FD6-F824-D4EF-F73A-21A39F1B464D}) (Version: 40.9.3.20 - Cisco Webex LLC)
CTI32 (HKLM-x32\...\{859C79E6-9913-437E-888E-C8891D8D32C5}) (Version: 4.5.0.0 - Inventive Labs, LLC)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Display Manager (HKLM-x32\...\{AC50C05D-9D57-40F5-B2EF-AC402F14312B}_is1) (Version: - EnTech Taiwan)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Diag version 1.6.0.0 (HKLM\...\10DBD048-433A-4BC3-951F-055296F077B3_is1) (Version: 1.6.0.0 - Adlice Software)
GDR 6108 for SQL Server 2014 (KB4505218) (64-bit) (HKLM\...\KB4505218) (Version: 12.3.6108.1 - Microsoft Corporation)
GDR 6118 for SQL Server 2014 (KB4532095) (64-bit) (HKLM\...\KB4532095) (Version: 12.3.6118.4 - Microsoft Corporation)
GDR 6164 for SQL Server 2014 (KB4583463) (64-bit) (HKLM\...\KB4583463) (Version: 12.3.6164.21 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 101.0.4951.54 - Google LLC)
Hmp Elements Server (HKLM\...\{96F71EA5-474F-442B-9F09-0A80EED4E858}) (Version: 1.0.0 - Inventive Labs)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP ePrint SW (HKLM-x32\...\{cdb5f70f-5107-4613-bf69-15de903b5b5d}) (Version: 5.5.22560 - HP Inc.)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP OfficeJet 3830 series Basic Device Software (HKLM\...\{18BABA54-93A8-4C4D-B265-B2DF05E212BF}) (Version: 40.15.1230.21319 - HP Inc.)
HP OfficeJet 3830 series Help (HKLM-x32\...\{1FCCD112-2F27-463D-8C36-1D5C29A3BB3E}) (Version: 35.0.0 - Hewlett Packard)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.6.472587.185 - Comodo)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kaspersky Password Manager (HKLM-x32\...\{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab) Hidden
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab)
Kaspersky Total Security (HKLM-x32\...\{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 - Kaspersky) Hidden
Kaspersky Total Security (HKLM-x32\...\{63129F5E-8EC5-41BA-A4CF-47966CE84953}) (Version: 21.2.16.590 - Kaspersky) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 - Kaspersky)
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{63129F5E-8EC5-41BA-A4CF-47966CE84953}) (Version: 21.2.16.590 - Kaspersky)
LAN Messenger (HKLM-x32\...\LAN Messenger) (Version: 1.2.35 - LAN Messenger)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes version 4.5.9.198 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.9.198 - Malwarebytes)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 101.0.1210.32 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{51528A68-E842-4152-A171-0440D6EA2F9C}) (Version: 12.3.6164.21 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Report Viewer 2014 Runtime (HKLM-x32\...\{327E9C0D-1687-414F-923E-F5979E549548}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{9D93D367-A2CC-4378-BD63-79EF3FE76C78}) (Version: 11.4.7462.6 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version: - Microsoft Corporation)
Microsoft SQL Server 2014 Policies (HKLM-x32\...\{1C30FE7E-8A8C-4492-89D6-10CB20C3B0EB}) (Version: 12.3.6024.0 - Microsoft Corporation)
Microsoft SQL Server 2014 RS Add-in for SharePoint (HKLM\...\{B6744BB7-B212-4FD7-8EF3-A98E7A3AC0A6}) (Version: 12.3.6164.21 - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{D626A6AB-EAFE-4453-B169-3577AB35BBD5}) (Version: 12.3.6164.21 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL Compiler Service (HKLM\...\{A9CAA60A-C8FC-479D-8582-DB15B4077BC1}) (Version: 12.3.6164.21 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{FDB6D282-D17A-422C-9F11-1DB989E76D8A}) (Version: 12.3.6164.21 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (x64) (HKLM\...\{F5C7C3DE-6413-4BB8-A307-734CFC92DBDB}) (Version: 12.3.6164.21 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27033 (HKLM-x32\...\{cc3a7c63-31fb-4129-9024-63ebefd86a95}) (Version: 14.16.27033.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x64 Runtime 3.0 (HKLM\...\{F14401A9-F0A0-33CC-8444-F60823A60DEB}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x86 Runtime 3.0 (HKLM-x32\...\{191A6F65-6878-398D-A272-EF011B80F371}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.3.6024.0 - Microsoft Corporation)
Mozilla Firefox ESR (x64 en-US) (HKLM\...\Mozilla Firefox 91.5.1 ESR (x64 en-US)) (Version: 91.5.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.6.1 - Mozilla)
NordVPN (HKLM-x32\...\{83E46D71-D7E0-4305-AF97-9A15FCFCDD06}) (Version: 6.25.3 - NordVPN) Hidden
NordVPN (HKLM-x32\...\NordVPN 6.25.3) (Version: 6.25.3 - NordVPN)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.8.2 - Notepad++ Team)
Npcap 0.78 r5 (HKLM-x32\...\NpcapInst) (Version: 0.78 r5 - Nmap Project)
NVIDIA 3D Vision Controller Driver 311.47 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 311.47 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 311.47 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.47 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 311.47 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.47 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
Opera Stable 85.0.4341.75 (HKU\S-1-5-21-858829026-1856093188-292686800-1000\...\Opera 85.0.4341.75) (Version: 85.0.4341.75 - Opera Software)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6909 - Realtek Semiconductor Corp.)
RogueKiller version 15.5.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.5.0.0 - Adlice Software)
Samsung Scan Assistant (HKLM-x32\...\Samsung Scan Assistant) (Version: 1.04.22.00 - Samsung Electronics Co., Ltd.)
Service Pack 3 for SQL Server 2014 (KB4022619) (64-bit) (HKLM\...\KB4022619) (Version: 12.3.6024.0 - Microsoft Corporation)
SPD Enterprise (HKLM-x32\...\SPD Enterprise) (Version: - )
Speedtest by Ookla (HKLM\...\{40F608F7-DCBE-4F86-81F7-5FA9F33031AD}) (Version: 1.7.132.001 - Ookla)
SpitFire Online Support (HKLM-x32\...\{C08721E9-4046-3280-BC5A-7CCF6BD49DE6}) (Version: 7.11.760 - LogMeIn, Inc.)
SQL Server 2014 Client Tools (HKLM\...\{2BA1811B-44C0-4C50-8C5A-CE68AB25ED71}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Client Tools (HKLM\...\{B5ECFA5C-AC4F-45A4-A12E-A76ABDD9CCBA}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{BD1CD96B-FE4B-4EAE-83D4-6EF55AB5779C}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{F7012F84-80F5-4C25-852E-B1BA03276FE6}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Data quality client (HKLM\...\{1B61E3E0-7021-47ED-8733-927A31300AE4}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Data quality client (HKLM\...\{DCE60088-65B7-4873-957A-08017D343E9A}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{17531BCD-C627-46A2-9F1E-7CC920E0E94A}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{5082A9F3-AEE5-4639-9BA7-C19661BA7331}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{ACC530B8-B6B4-40D6-B59B-152468CF47D0}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{D1B847A9-B06B-4264-9EF0-78E6E1571E65}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Distributed Replay (HKLM\...\{2D77A365-F019-4EED-BA58-6389CFD73C9D}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Distributed Replay (HKLM\...\{357D53BA-8B5D-4E72-9636-A82E0B1A72D4}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Distributed Replay (HKLM\...\{3D327420-2E9F-4F56-8B15-C2FE5ADE85BF}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Distributed Replay (HKLM\...\{B5D457CD-3E1A-4D6C-8D16-6030E88DAF35}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Documentation Components (HKLM\...\{1D01EDF6-7E93-4FEE-AA09-C5669511100C}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Documentation Components (HKLM\...\{5EACF47D-EB70-4FE0-83DE-9FD9693C24B9}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Documentation Components (HKLM\...\{832D6A7D-13F7-42CB-9AC6-5859800269AE}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Integration Services (HKLM\...\{0FB14E21-7A42-4CD0-8D5C-028B2ACD29E6}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Integration Services (HKLM\...\{327B1B40-2434-4DC5-9D4D-B9B24D4B2EDE}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (HKLM\...\{75A54138-3B98-4705-92E4-F619825B121F}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (HKLM\...\{839EF29A-3055-43DC-ADCE-8E84893798D5}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 RS_SharePoint_SharedService (HKLM\...\{50663FF0-DF81-4DDC-BED0-F92E31488301}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 SQL Data Quality Common (HKLM\...\{2D95D8C0-0DC4-44A6-A729-1E2388D2C03E}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.3.6024.0 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{6476DB81-F263-4C04-8574-AAD31136C304}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 8.0.1038 - SUPERAntiSpyware.com)
Tonic v1.0 (build 990) (HKLM-x32\...\Tonic) (Version: - )
TP-Link Archer T4E (HKLM-x32\...\{F1EBFE32-A5B6-4895-B20C-7C12D702DCA3}) (Version: 2.1.0 - TP-Link)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Wargaming.net Game Center (HKU\S-1-5-21-858829026-1856093188-292686800-1000\...\Wargaming.net Game Center) (Version: 20.1.0.9514 - Wargaming.net)
Windows Driver Package - KEYLOK (usbkey) USB (06/10/2010 64.0.0.0) (HKLM\...\B048A6D4B0188E5A802ADFF30A7C78FA4AD99BE0) (Version: 06/10/2010 64.0.0.0 - KEYLOK)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinZip 25.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2412F}) (Version: 25.0.14273 - Corel Corporation)
Wireshark 3.0.7 64-bit (HKLM-x32\...\Wireshark) (Version: 3.0.7 - The Wireshark developer community, hxxps://www.wireshark.org)
World_of_Warships_NA (HKU\S-1-5-21-858829026-1856093188-292686800-1000\...\WOWS.NA.PRODUCTION) (Version: - Wargaming.net)
Zoiper (HKLM-x32\...\Zoiper) (Version: 3.15 - Securax LTD)
Zoom (HKU\S-1-5-21-858829026-1856093188-292686800-1000\...\ZoomUMX) (Version: 5.6.6 (961) - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-858829026-1856093188-292686800-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.WinZipExpressForOffice.dll (Corel Corporation -> )
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2019-12-03] (Notepad++ -> )
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => -> No File
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\x64\shellex.dll [2022-03-24] (AO Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-09-25] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers2: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\x64\shellex.dll [2022-03-24] (AO Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-05] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\x64\shellex.dll [2022-03-24] (AO Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-09-25] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2013-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\x64\shellex.dll [2022-03-24] (AO Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-05] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-09-25] (Corel Corporation -> WinZip Computing)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\Server\Desktop\Manager App.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://192.168.2.110/loginapp
ShortcutWithArgument: C:\Users\Server\Desktop\YouTube Music.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=cinhimbnkkaeohfgghhklpknlkffjgod
ShortcutWithArgument: C:\Users\Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube Music.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=cinhimbnkkaeohfgghhklpknlkffjgod
ShortcutWithArgument: C:\Users\Server\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Manager App.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://192.168.2.110/loginapp

==================== Loaded Modules (Whitelisted) =============

2013-04-30 13:25 - 2013-04-30 13:25 - 000286720 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2013-04-30 13:25 - 2013-04-30 13:25 - 000531456 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
2019-01-10 01:19 - 2019-01-10 01:19 - 000225280 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll
2019-01-09 16:18 - 2019-01-09 16:18 - 000626688 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\MSVCR80.dll
2013-03-24 16:03 - 2013-03-24 16:03 - 001206344 _____ (NVIDIA CORPORATION -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\33004284.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\33004284.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKU\S-1-5-21-858829026-1856093188-292686800-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.yahoo.com/?fr=fp-comodo&type=81_138430010005_90.0.4430.212_u_hp
HKU\S-1-5-21-858829026-1856093188-292686800-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
HKU\S-1-5-21-858829026-1856093188-292686800-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKU\S-1-5-21-858829026-1856093188-292686800-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\120\DTS\Binn\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\ManagementStudio\;C:\Program Files (x86)\Microsoft SQL Server\120\DTS\Binn\;C:\Program Files (x86)\Windows Live\Shared
HKU\S-1-5-21-858829026-1856093188-292686800-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Server\AppData\Local\Microsoft\BingWallpaperApp\WPImages\20211102.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: Cti32svc => 2
MSCONFIG\Services: LanmanServer => 2
MSCONFIG\Services: nordvpn-service => 2
MSCONFIG\Services: Spitfire_LoginService => 2
MSCONFIG\Services: Spitfire_RecordingService => 2
MSCONFIG\Services: SQLSERVERAGENT => 2
MSCONFIG\Services: SQLWriter => 2
MSCONFIG\Services: W3SVC => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Preloader.lnk => C:\Windows\pss\WinZip Preloader.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Reader Synchronizer => "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe"
MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: COMODO Internet Security => "C:\Program Files\COMODO\COMODO Internet Security\cis.exe" --cistrayUI
MSCONFIG\startupreg: HP OfficeJet 3830 series (NET) => "C:\Program Files\HP\HP OfficeJet 3830 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN9AI7Q3RP06VZ:NW" -scfn "HP OfficeJet 3830 series (NET)" -AutoStart 1
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" -f "C:\ProgramData\NVIDIA\Updatus\NvTmru\nvtmru.dat"
MSCONFIG\startupreg: WinZip UN => "C:\Program Files\WinZip\WZUpdateNotifier.exe" -show

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{699901DF-2F29-4828-B7D8-22ABEDDF4266}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{64395F01-071B-44FB-BF8C-A67272D2C9DA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{97CA34CC-7A53-4B2C-96C8-25E22DAD69EA}] => (Allow) C:\Users\Server\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{19B6073F-D612-4767-A5D7-8682347C7756}] => (Allow) C:\Users\Server\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{4D7D9794-47EB-4CEA-B194-18A3F977084C}] => (Allow) C:\Users\Server\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{AD78FEE2-7172-49C9-AEBC-1C5EA7ED0249}] => (Allow) C:\Users\Server\AppData\Local\Temp\7zS7943\HP.EasyStart.exe => No File
FirewallRules: [{67F66373-D38A-4EE6-854E-0929ED687DBC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{214190A8-A703-44CB-819E-3D54184F554C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5DF9E17E-7F2F-4135-B42A-AE7A118948F3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BF8FCA76-33FB-4C98-A5E1-92C038AA81C0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9C7B5A10-B5AD-4F41-A518-0A1814B43501}] => (Allow) C:\Users\Server\AppData\Local\Temp\7zS5212\HP.EasyStart.exe => No File
FirewallRules: [{F2363168-009F-442C-9187-7BB1FCAE8E3A}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\FaxApplications.exe (HP Inc. -> HP Inc.)
FirewallRules: [{FFF8E108-2148-4E88-B808-000C6D019603}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\DigitalWizards.exe (HP Inc. -> HP Inc.)
FirewallRules: [{188F0B8E-68BB-4AEA-8421-FA8B742E0152}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\SendAFax.exe (HP Inc. -> HP Inc.)
FirewallRules: [{4EA80E2C-7223-4119-BB90-FD4E3ADEBFC6}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\FaxPrinterUtility.exe (HP Inc. -> HP Inc.)
FirewallRules: [{71DF56AF-4BC8-40F3-8CD6-4F5B63DC18FD}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\Bin\DeviceSetup.exe (HP Inc. -> HP Inc.)
FirewallRules: [{E17E2C77-B126-4791-B91D-3438E6034449}] => (Allow) LPort=5357
FirewallRules: [{8DA97A81-E230-47AE-BD8E-FB6044CC0558}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc. -> HP Inc.)
FirewallRules: [{E8BE9B73-5123-408A-AA94-0AD4B4C424E0}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{9FC6243C-CBE6-41D0-8FCB-4CF8B52CEA9F}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{1A10D8DD-50C2-46AC-9DCF-12F87A5D1E7F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{194E8030-F077-41CA-8D35-FF51D6520E46}] => (Allow) C:\Users\Server\AppData\Local\Programs\Opera\85.0.4341.60\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{2235CB34-63C0-42E1-8E95-96A00C4EDE9E}] => (Allow) C:\Users\Server\AppData\Local\Programs\Opera\85.0.4341.75\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{24411894-8DD6-4DF4-8134-8A0D523224BF}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

01-04-2022 16:23:26 JRT Pre-Junkware Removal
10-04-2022 20:18:41 JRT Pre-Junkware Removal
10-04-2022 22:17:54 Windows Live Essentials
10-04-2022 22:18:17 WLSetup
10-04-2022 23:01:49 Windows Update
11-04-2022 03:02:32 Windows Update
12-04-2022 03:00:24 Windows Update
14-04-2022 15:56:44 Windows Update
14-04-2022 16:03:38 JRT Pre-Junkware Removal
15-04-2022 03:00:19 Windows Update
16-04-2022 03:00:28 Windows Update
17-04-2022 03:00:20 Windows Update
18-04-2022 03:00:19 Windows Update
22-04-2022 23:11:07 Windows Update
23-04-2022 03:00:10 Windows Update
24-04-2022 03:00:31 Windows Update
25-04-2022 03:00:24 Windows Update
26-04-2022 03:00:33 Windows Update
27-04-2022 19:45:47 Windows Update
28-04-2022 03:00:10 Windows Update
29-04-2022 03:00:22 Windows Update
30-04-2022 03:00:35 Windows Update
01-05-2022 03:00:42 Windows Update
02-05-2022 03:00:30 Windows Update
03-05-2022 03:00:34 Windows Update
03-05-2022 17:51:02 Removing COMODO Client - Security
04-05-2022 03:00:20 Windows Update
05-05-2022 03:00:19 Windows Update
05-05-2022 03:19:20 Device Driver Package Install: Kaspersky Lab Network Service
06-05-2022 03:00:10 Windows Update

==================== Faulty Device Manager Devices ============

Name: PCHunter64ao
Description: PCHunter64ao
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: PCHunter64ao
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Bluetooth Device (Personal Area Network) #3
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Network Controller
Description: Network Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Device (RFCOMM Protocol TDI) #3
Description: Bluetooth Device (RFCOMM Protocol TDI)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RFCOMM
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (05/05/2022 07:40:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avpui.exe, version: 21.3.12.434, time stamp: 0x4fa32730
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24545, time stamp: 0x5e0eb7f6
Exception code: 0xe06d7363
Fault offset: 0x0000c5af
Faulting process id: 0x85c
Faulting application start time: 0x01d860d97fb57401
Faulting application path: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\avpui.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: c512dbbe-cccc-11ec-b528-f8b156ae9ee4

Error: (05/05/2022 06:57:38 PM) (Source: MsiInstaller) (EventID: 1013) (User: Server-PC)
Description: Application: Kaspersky Total Security -- Application upgrade is in progress. Removing the application is not allowed now. You are recommended to retry application removal after computer reboot.

Error: (05/05/2022 06:57:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avpui.exe, version: 21.3.12.434, time stamp: 0x4fa32730
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24545, time stamp: 0x5e0eb7f6
Exception code: 0xe06d7363
Fault offset: 0x0000c5af
Faulting process id: 0x270
Faulting application start time: 0x01d860d36d86a0aa
Faulting application path: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\avpui.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: ae6ac7aa-ccc6-11ec-b528-f8b156ae9ee4

Error: (05/05/2022 06:50:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/05/2022 06:23:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/05/2022 03:33:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (05/05/2022 03:27:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/05/2022 03:13:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (05/06/2022 03:53:49 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.

Error: (05/06/2022 03:49:59 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (05/06/2022 03:49:59 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (05/06/2022 03:49:59 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (05/06/2022 03:49:59 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (05/06/2022 03:49:59 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (05/06/2022 03:49:59 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (05/06/2022 03:18:23 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Windows Defender:
================
Date: 2022-04-10 22:09:22.114
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:SettingsModifier:Win32/PossibleHostsFileHijack
Severity:Medium
Category:Settings Modifier
Path Found:containerfile:C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\6s1sz6oo.default\extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi;file:C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\6s1sz6oo.default\extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi->assets/thirdparties/someonewhocares.org/hosts/hosts
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:

Date: 2022-03-24 19:54:38.051
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:SettingsModifier:Win32/PossibleHostsFileHijack
Severity:Medium
Category:Settings Modifier
Path Found:containerfile:C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\6s1sz6oo.default\extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi;file:C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\6s1sz6oo.default\extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi->assets/thirdparties/someonewhocares.org/hosts/hosts
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:

============
 

Boufeez

Posts: 162   +0
Date: 2022-03-08 00:50:44.861
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:SettingsModifier:Win32/PossibleHostsFileHijack
Severity:Medium
Category:Settings Modifier
Path Found:containerfile:C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\6s1sz6oo.default\extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi;file:C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\6s1sz6oo.default\extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi->assets/thirdparties/someonewhocares.org/hosts/hosts
Detection Type:Concrete
Detection Source:User
Status:Unknown
Process Name:C:\Program Files\windows defender\MSASCui.exe

Date: 2022-03-07 23:50:48.622
Description:
Windows Defender scan has been stopped before completion.
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2021-06-03 14:26:50.277
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:SettingsModifier:Win32/PossibleHostsFileHijack
Severity:Medium
Category:Settings Modifier
Path Found:containerfile:C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\6s1sz6oo.default\extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi;file:C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\6s1sz6oo.default\extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi->assets/thirdparties/someonewhocares.org/hosts/hosts
Detection Type:Concrete
Detection Source:User
Status:Unknown
Process Name:C:\Program Files\Windows Defender\MSASCui.exe
Event[0]:

Date: 2020-11-29 01:15:24.374
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.17600.5
Previous Engine Version:1.1.6402.0
Update Source:User
Error Code:0x8050800c
Error description:An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

Date: 2019-10-22 23:34:35.399
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.16500.1
Previous Engine Version:1.1.6402.0
Update Source:User
Error Code:0x8050800c
Error description:An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

Date: 2019-07-12 06:14:22.198
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.16100.4
Previous Engine Version:1.1.6402.0
Update Source:User
Error Code:0x8050800c
Error description:An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

Date: 2019-07-11 11:42:37.629
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.16100.4
Previous Engine Version:1.1.6402.0
Update Source:User
Error Code:0x8050800c
Error description:An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

Date: 2019-07-10 11:42:44.516
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.16100.4
Previous Engine Version:1.1.6402.0
Update Source:User
Error Code:0x8050800c
Error description:An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

==================== Memory info ===========================

BIOS: Dell Inc. A14 05/31/2019
Motherboard: Dell Inc. 0KWVT8
Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 34%
Total physical RAM: 16335.18 MB
Available physical RAM: 10780.7 MB
Total Virtual: 32668.5 MB
Available Virtual: 24300.62 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:680.45 GB) NTFS
Drive I: (ESD-USB) (Fixed) (Total:31.99 GB) (Free:0.99 GB) FAT32 ==>[system with boot components (obtained from drive)]

\\?\Volume{86ddb7c3-10a0-11e9-8a4d-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: E3F66393)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==========================================================
Disk: 5 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 1E618327)
Partition 1: (Active) - (Size=32 GB) - (Type=0C)

==================== End of Addition.txt ===========
 

Broni

Posts: 55,918   +506
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    2.1 KB · Views: 5

Broni

Posts: 55,918   +506
This topic is marked as abandoned and closed due to inactivity.

This member will NOT be eligible to receive any more help in malware removal forum.
 
Status
Not open for further replies.