Please Help, computer may be infected

Please download FRST. It is important FRST is downloaded to your desktop.

Once downloaded right click the FRST desktop icon and select “Run as administrator” from the menu.



If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
Frst will open with two dialogue boxes, accept the disclaimer.


Accept the default whitelist options,
If the additions.txt options box is not checked please select it.
Then select “Scan”



Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.



Please Copy and Paste the contents of these logs in your next post for review by our Security Team

Thank you for the response!

I am out of town and left my computer at home but when I get back I’ll post the FRST file here as requested.

Any update for us @khval94?

jmarket thanks for the follow up! Here are the scan results:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-01-2022 01
Ran by khval (administrator) on LAPTOP-OH5CF8OA (HP HP Pavilion Laptop 15-cs1xxx) (11-01-2022 10:36:52)
Running from C:\Users\khval\OneDrive\Desktop
Loaded Profiles: khval
Platform: Microsoft Windows 10 Home Version 21H1 19043.1415 (X64) Language: English (United States)
Default browser: “C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe” --single-argument %1
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. → Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. → Apple Inc.) C:\Program Files\Blizzard\Bonjour Service\mDNSResponder.exe
(AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
(AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\avgToolsSvc.exe
(AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe <4>
(AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe
(AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Driver Updater\DriverUpdSvc.exe
(AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Driver Updater\DriverUpdUI.exe <4>
(Conexant Systems LLC → Conexant Systems LLC.) C:\Windows\System32\CxAudioSvc.exe
(Conexant Systems LLC → Synaptics Incorporated.) C:\Windows\System32\SynAudSrv.exe
(ELAN MICROELECTRONICS CORPORATION → ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrl.exe
(ELAN MICROELECTRONICS CORPORATION → ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrlHelper.exe
(ELAN MICROELECTRONICS CORPORATION → ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe
(ELAN MICROELECTRONICS CORPORATION → ELAN Microelectronics Corp.) C:\Windows\System32\ETDTouch.exe
(Google LLC → ) C:\Program Files\Google\Drive File Stream\54.0.2.0\crashpad_handler.exe <2>
(Google LLC → Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler. exe
(Google LLC → Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler6 4.exe
(Google LLC → Google, Inc.) C:\Program Files\Google\Drive File Stream\54.0.2.0\GoogleDriveFS.exe <7>
(HP Inc → HP Inc.) C:\Program Files\HP\HP Officejet 5740 series\Bin\HPNetworkCommunicatorCom.exe
(HP Inc → HP Inc.) C:\Program Files\HP\HP Officejet 5740 series\Bin\ScanToPCActivationApp.exe
(HP Inc. → HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc. → HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(HP Inc. → HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(HP Inc. → HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpa nalyticscomp.inf_amd64_87bd97ebe57d6f93\x64\Touchp ointAnalyticsClientService.exe
(HP Inc. → HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpc ustomcapcomp.inf_amd64_c702a0363e0b94e9\x64\AppHel perCap.exe
(HP Inc. → HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpc ustomcapcomp.inf_amd64_c702a0363e0b94e9\x64\DiagsC ap.exe
(HP Inc. → HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpc ustomcapcomp.inf_amd64_c702a0363e0b94e9\x64\Networ kCap.exe
(HP Inc. → HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpc ustomcapcomp.inf_amd64_c702a0363e0b94e9\x64\SysInf oCap.exe
(HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1. 2.11.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSys temEventUtilityHost.exe
(Intel Corporation → Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dpt f_cpu.inf_amd64_4a3ae74cfa6c37d6\esif_uf.exe
(Intel Corporation → Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ias torac.inf_amd64_ba273d0ffb93e225\RstMwService.exe
(Intel Corporation → Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms .inf_amd64_fddb643595e0b8d0\LMS.exe
(Intel Corporation → Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation → Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation → Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe
(Intel Corporation → Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group → Intel Corporation) C:\Windows\System32\jhi_service.exe
(Intel(R) pGFX 2020 → ) C:\Windows\System32\DriverStore\FileRepository\igc c_dch.inf_amd64_dc7a0fe3ada1cbf5\OneApp.IGCC.WinSe rvice.exe
(Intel(R) pGFX 2020 → Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui _dch.inf_amd64_dc2a57d591329a30\igfxCUIService.exe
(Intel(R) pGFX 2020 → Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui _dch.inf_amd64_dc2a57d591329a30\igfxEM.exe
(Intel(R) pGFX 2020 → Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iig d_dch.inf_amd64_a2d86d775f73d911\IntelCpHDCPSvc.ex e
(Intel(R) pGFX 2020 → Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iig d_dch.inf_amd64_a2d86d775f73d911\IntelCpHeciSvc.ex e
(Intel(R) Rapid Storage Technology → Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Rapid Storage Technology → Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel(R) Wireless Connectivity Solutions → Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS. exe
(Intuit, Inc. → Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\axlbridge.exe
(Intuit, Inc. → Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit, Inc. → Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit, Inc. → Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2019\QBW32.EXE
(Intuit, Inc. → SAP SE or an SAP affiliate company) C:\Program Files (x86)\Intuit\QuickBooks 2019\QBDBMgr.exe
(Malwarebytes Inc → Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc → Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation → Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <33>
(Microsoft Corporation → Microsoft Corporation) C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileCoAuth.exe
(Microsoft Corporation → Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.1 4701.20262.0_x86__8wekyb3d8bbwe\Office16\SDXHelper .exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.1 4701.20262.0_x86__8wekyb3d8bbwe\Office16\SDXHelper Bgt.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2 103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxOutlo ok.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxTsr.e xe
(Microsoft Windows → Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows → Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows → Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(Microsoft Windows → Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows → Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Piriform Software Ltd → Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Piriform Software Ltd → Piriform Software) C:\Program Files (x86)\CCleaner Browser\Update\1.8.1187.1\CCleanerBrowserCrashHand ler.exe
(Piriform Software Ltd → Piriform Software) C:\Program Files (x86)\CCleaner Browser\Update\1.8.1187.1\CCleanerBrowserCrashHand ler64.exe
(Propelware → Propelware) C:\Program Files (x86)\LivePlan\LivePlan Sync Manager\Autofy.exe
(Realtek Semiconductor Corp) C:\Program Files\WindowsApps\RealtekSemiconductorCorp.HPAudio Control_1.2.173.0_x64__dt26b99r8h8gj\HPAudioContro l.exe
(Realtek Semiconductor Corp. → Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(SEAGATE TECHNOLOGY LLC → Seagate Technology LLC) C:\Users\khval\AppData\Roaming\Toolkit\SeagateSecu re\SeagateSecureService.exe
(Smart Sound Technology → Intel) C:\Windows\System32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
(Sound Research Corporation → Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(The CefSharp Authors) [File not signed] C:\Program Files (x86)\Intuit\QuickBooks 2019\CefSharp.BrowserSubprocess.exe <2>
(WildTangent Inc → ) C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [319520 2018-07-05] (Intel(R) Rapid Storage Technology → Intel Corporation)
HKLM...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe [525312 2021-08-05] (HP Inc.) [File not signed]
HKLM...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [190904 2021-12-20] (AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.)
HKLM...\Run: [DriverUpdUI.exe] => C:\Program Files\AVG\Driver Updater\DriverUpdUI.exe [5181752 2021-12-16] (AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.)
HKU\S-1-5-19...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\54.0.2.0\GoogleDriveFS.exe [55330648 2021-12-14] (Google LLC → Google, Inc.)
HKU\S-1-5-20...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\54.0.2.0\GoogleDriveFS.exe [55330648 2021-12-14] (Google LLC → Google, Inc.)
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2543992 2021-12-13] (Microsoft Corporation → Microsoft Corporation)
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize (No File)
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001...\Run: [Google Update] => C:\Users\khval\AppData\Local\Google\Update\1.3.36. 112\GoogleUpdateCore.exe [223816 2021-10-01] (Google LLC → Google LLC)
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001...\Run: [HP Officejet 5740 series (NET)] => C:\Program Files\HP\HP Officejet 5740 series\Bin\ScanToPCActivationApp.exe [3769248 2019-03-19] (HP Inc → HP Inc.)
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35373696 2021-12-07] (Piriform Software Ltd → Piriform Software Ltd)
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\54.0.2.0\GoogleDriveFS.exe [55330648 2021-12-14] (Google LLC → Google, Inc.)
HKU\S-1-5-18...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\54.0.2.0\GoogleDriveFS.exe [55330648 2021-12-14] (Google LLC → Google, Inc.)
HKLM...\Print\Monitors\HP CD11 Status Monitor: C:\WINDOWS\system32\hpinkstsCD11LM.dll [391992 2019-03-15] (HP Inc → HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{052EB454-9F19-CB42-7875-807F79F311C4}] → C:\Program Files (x86)\CCleaner Browser\Application\96.1.13589.113\Installer\chrms tp.exe [2021-12-17] (Piriform Software Ltd → Piriform Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] → C:\Program Files (x86)\Google\Chrome\Application\96.0.4664.110\Inst aller\chrmstp.exe [2021-12-13] (Google LLC → Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] → “C:\Program Files (x86)\Google\Chrome\Application\77.0.3865.90\Insta ller\chrmstp.exe” --configure-user-settings --verbose-logging --system-level
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2019-11-11]
ShortcutTarget: Intuit Data Protect.lnk → C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit, Inc. → Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LivePlan Sync Manager.lnk [2020-07-20]
ShortcutTarget: LivePlan Sync Manager.lnk → C:\Program Files (x86)\LivePlan\LivePlan Sync Manager\Autofy.exe (Propelware → Propelware)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2019-11-11]
ShortcutTarget: QuickBooks Update Agent.lnk → C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc. → Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2019-11-11]
ShortcutTarget: QuickBooks_Standard_21.lnk → C:\Program Files (x86)\Intuit\QuickBooks 2019\QBW32.EXE (Intuit, Inc. → Intuit Inc.)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0EA64369-2001-407A-907B-654C30280A5B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChec ker.exe [1144496 2021-12-14] (HP Inc. → HP Inc.)
Task: {3467DB36-0F33-4675-9D16-F459A811B6D3} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2544099675-2571443181-3956208610-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4074344 2021-12-13] (Microsoft Corporation → Microsoft Corporation)
Task: {36FAE56F-B3E9-4F70-B684-2BF6B315179C} - System32\Tasks\AVG\AVG Driver Updater BugReport => C:\Program Files\AVG\Driver Updater\AvBugReport.exe [4760376 2021-12-16] (AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.) → --send “dumps|report” --silent --product 149 --programpath “C:\Program Files\AVG\Driver Updater\Setup..” --configpath “C:\Program Files\AVG\Driver Updater\Setup” --path “C:\ProgramData\AVG\Driver Updater\log” --path “C:\ProgramData\AVG\Icarus\Logs” --guid fedc20b2-5944-49b9-b97b-51b7f3846628
Task: {3FBB1809-E401-4923-BD76-9DBBADF83D67} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-12-07] (Piriform Software Ltd → Piriform)
Task: {458B4077-FA03-44A4-81D0-316612926FDF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-17] (Adobe Inc. → Adobe Inc.)
Task: {520DE8D2-D60C-47E6-B524-24775090B35F} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200600 2021-12-15] (Piriform Software Ltd → Piriform Software)
Task: {5C000DAD-D700-483C-B145-0B2756CCD225} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200600 2021-12-15] (Piriform Software Ltd → Piriform Software)
Task: {5E783EB0-0AD6-4295-B3E6-6E53FB13133B} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [2521976 2021-12-15] (Piriform Software Ltd → Piriform Software)
Task: {5F67B163-4B94-430B-9208-093D03774194} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2544099675-2571443181-3956208610-1001Core => C:\Users\khval\AppData\Local\Google\Update\GoogleU pdate.exe [156104 2020-01-18] (Google LLC → Google LLC)
Task: {650F5752-AFDF-4C68-A498-CECAA9C43F7D} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1821968 2021-07-11] (AVG Technologies USA, LLC → AVG Technologies)
Task: {66086706-C370-4299-A193-DB734EB0DA61} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644472 2019-06-21] (HP Inc. → HP Inc.)
Task: {72C011E9-5866-49B4-A1CE-9DBB8FE8AAF1} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe (No File)
Task: {79CFAADC-2211-4F59-8BBD-A19D52A7D954} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [136368 2021-12-14] (HP Inc. → HP Inc.)
Task: {7FB2A3A8-B01F-460F-AF2E-601ABCFF0E76} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [2521976 2021-12-15] (Piriform Software Ltd → Piriform Software)
Task: {8602D8FE-A09C-4447-BFE5-73DAD2388AA1} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task “308046B0AF4A39CB”
Task: {87B3E4AB-F9D1-493D-A61A-B86844858C0F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH6425X15V => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChec ker.exe [1144496 2021-12-14] (HP Inc. → HP Inc.)
Task: {8CE92A99-18D8-4AD1-8300-5EB560870756} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4074344 2021-12-13] (Microsoft Corporation → Microsoft Corporation)
Task: {91D4832F-BECE-4116-B207-782AAECCC1FD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChec ker.exe [1144496 2021-12-14] (HP Inc. → HP Inc.)
Task: {93C342FA-1411-4F53-A678-B0F277E43240} - System32\Tasks\HPCustParticipation HP Officejet 5740 series => C:\Program Files\HP\HP Officejet 5740 series\Bin\HPCustPartic.exe [6437792 2019-03-19] (HP Inc → HP Inc.)
Task: {97BE0E21-31E8-473B-99D4-AD79226193D4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-02-05] (Google LLC → Google LLC)
Task: {AD1595BE-D334-4005-A63F-C93516AEE4E7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-02-05] (Google LLC → Google LLC)
Task: {BE3B3FCF-C0D9-4B12-BD99-B0895BB17CE6} - System32\Tasks\CCleanerSkipUAC - khval => C:\Program Files\CCleaner\CCleaner.exe [29442688 2021-12-07] (Piriform Software Ltd → Piriform Software Ltd)
Task: {C03E7A5C-D5C1-4979-992C-65CED8CDB60E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2544099675-2571443181-3956208610-1001UA => C:\Users\khval\AppData\Local\Google\Update\GoogleU pdate.exe [156104 2020-01-18] (Google LLC → Google LLC)
Task: {D1E05B97-F38F-4ED3-AD75-8298C9E572B9} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [5002680 2021-12-20] (AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.)
Task: {D3E8DD96-3FA9-4600-85CA-39B038731408} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [314032 2021-12-14] (HP Inc. → HP Inc.)
Task: {D9048952-D505-4E4D-9CF2-4EC03970F60C} - System32\Tasks\AVG\AVG Driver Updater Update => C:\Program Files\Common Files\AVG\Icarus\avg-du\icarus.exe [6500152 2021-12-16] (AVG Technologies USA, LLC → AVG Technologies)
Task: {EB297B3B-B80C-49A2-907B-B4290A54F8AE} - System32\Tasks\RtkAudUService64_BG => C:\windows\system32\RtkAudUService64.exe [838648 2019-06-07] (Realtek Semiconductor Corp. → Realtek Semiconductor)
Task: {F0FD26F3-D080-40D1-BE96-FD2C2909D980} - System32\Tasks\QBScheduledReport => C:\Program Files (x86)\Common Files\Intuit\QuickBooks\ScheduledReports\Scheduled Reports.Scheduler.exe [382672 2021-09-16] (Intuit, Inc. → Intuit Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask .job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip..\Interfaces{7e294a8c-888c-4920-8d9a-f93bee67c64b}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip..\Interfaces{96dd34bf-6f66-4179-8d23-a8116cb9f37a}: [DhcpNameServer] 40.23.1.13
[HEADING=1]Edge:[/HEADING]
DownloadDir: C:\Users\khval\Downloads
Edge HomeButtonPage: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001 → hxxps://www.ecosia.org/
Edge Notifications: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001 → hxxps://mail.google.com
Edge Extension: (No Name) → AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) → BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (Honey) → EdgeExtension_HoneyScienceCorporationHoney_cbe4c63 gm1mzr => C:\Program Files\WindowsApps\HoneyScienceCorporation.Honey_11 .4.2.0_neutral__cbe4c63gm1mzr [2019-08-07]
Edge Extension: (No Name) → LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) → PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\khval\AppData\Local\Microsoft\Edge\User Data\Default [2022-01-11]
Edge DownloadDir: Default → C:\Users\khval\Downloads
Edge Notifications: Default → hxxps://business.facebook.com; hxxps://calendar.google.com; hxxps://direct.chownow.com; hxxps://mail.google.com; hxxps://meet.google.com; hxxps://www.facebook.com
Edge HomePage: Default → hxxps://www.ecosia.org/
Edge StartupUrls: Default → “hxxps://www.ecosia.org/”
Edge Extension: (Honey) - C:\Users\khval\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\amnbcmdbanbkjhnfoeceemmmdi epnbpp [2021-08-23]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\khval\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjj edodee [2021-12-21]
Edge HKLM-x32...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
[HEADING=1]FireFox:[/HEADING]
FF DefaultProfile: xpnyqjre.default-1623777132643
FF ProfilePath: C:\Users\khval\AppData\Roaming\Mozilla\Firefox\Pro files\xpnyqjre.default-1623777132643 [2022-01-11]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\khval\AppData\Roaming\Mozilla\Firefox\Pro files\xpnyqjre.default-1623777132643\Extensions{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2021-12-20]
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=3 → C:\Program Files (x86)\CCleaner Browser\Update\1.8.1187.1\npCCleanerBrowserUpdate3 .dll [2021-12-15] (Piriform Software Ltd → Piriform Software)
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=9 → C:\Program Files (x86)\CCleaner Browser\Update\1.8.1187.1\npCCleanerBrowserUpdate3 .dll [2021-12-15] (Piriform Software Ltd → Piriform Software)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 → C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN → VideoLAN)
FF Plugin-x32: Adobe Reader → C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-12-24] (Adobe Inc. → Adobe Systems Inc.)
[HEADING=1]Chrome:[/HEADING]
CHR Profile: C:\Users\khval\AppData\Local\Google\Chrome\User Data\Default [2021-12-20]
CHR HomePage: Default → hxxp://www.google.com/
CHR StartupUrls: Default → “hxxp://www.google.com/”
CHR DefaultSearchURL: Default → hxxp://www.bing.com/search?pc=COS2&ptag=D110919-N0640A9FCDBB39EF&form=CONBDF&conlogo=CT3335799&q={ searchTerms}
CHR DefaultSearchKeyword: Default → bing®
CHR DefaultNewTabURL: Default → hxxps://www.bing.com/chrome/newtab?pc=COS2&ptag=D110919-N0630A9FCDBB39EF&form=CONMHP&conlogo=CT3335799
CHR DefaultSuggestURL: Default → hxxp://api.bing.com/qsml.aspx?query={searchTerms}
CHR Extension: (Slides) - C:\Users\khval\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2020-03-29]
CHR Extension: (Docs) - C:\Users\khval\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2020-03-29]
CHR Extension: (YouTube) - C:\Users\khval\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2020-03-29]
CHR Extension: (Sheets) - C:\Users\khval\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2020-03-29]
CHR Extension: (Google Docs Offline) - C:\Users\khval\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2021-01-28]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\khval\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmig mmcbeh [2021-01-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\khval\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2021-04-19]
CHR Extension: (Gmail) - C:\Users\khval\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2021-01-28]
CHR HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\SOFTWARE\Google\Chrome\Extensions...\Chrome\E xtension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\khval\AppData\Local\Google\Drive\user_def ault\apdfllckaahabafndbhieahigkjlhalf_live.crx
CHR HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\SOFTWARE\Google\Chrome\Extensions...\Chrome\E xtension: [jdanfkhnfpagoijgfmklhgakdicpnfil]
CHR HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\SOFTWARE\Google\Chrome\Extensions...\Chrome\E xtension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-17] (Adobe Inc. → Adobe Inc.)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [485816 2021-12-20] (AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.)
R2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [485816 2021-12-20] (AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [8517744 2021-12-20] (AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.)
R2 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109480 2021-07-11] (AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.)
R2 Bonjour Service; C:\Program Files\Blizzard\Bonjour Service\mDNSResponder.exe [390504 2020-02-05] (Apple Inc. → Apple Inc.)
S2 ccleaner; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200600 2021-12-15] (Piriform Software Ltd → Piriform Software)
S3 CCleanerBrowserElevationService; C:\Program Files (x86)\CCleaner Browser\Application\96.1.13589.113\elevation_servi ce.exe [1721904 2021-12-15] (Piriform Software Ltd → Piriform Software)
S3 ccleanerm; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200600 2021-12-15] (Piriform Software Ltd → Piriform Software)
R2 DriverUpdSvc; C:\Program Files\AVG\Driver Updater\DriverUpdSvc.exe [7204152 2021-12-16] (AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncHelper.exe [3280760 2021-12-13] (Microsoft Corporation → Microsoft Corporation)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1321608 2018-09-25] (HP Inc. → HP Inc.)
R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpc ustomcapcomp.inf_amd64_c702a0363e0b94e9\x64\AppHel perCap.exe [755720 2021-11-05] (HP Inc. → HP Inc.)
R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpc ustomcapcomp.inf_amd64_c702a0363e0b94e9\x64\DiagsC ap.exe [754168 2021-11-05] (HP Inc. → HP Inc.)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [478056 2018-06-01] (HP Inc. → HP Inc.)
R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpc ustomcapcomp.inf_amd64_c702a0363e0b94e9\x64\Networ kCap.exe [751088 2021-11-05] (HP Inc. → HP Inc.)
R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpc ustomcapcomp.inf_amd64_c702a0363e0b94e9\x64\SysInf oCap.exe [754680 2021-11-05] (HP Inc. → HP Inc.)
R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpa nalyticscomp.inf_amd64_87bd97ebe57d6f93\x64\Touchp ointAnalyticsClientService.exe [494688 2021-09-24] (HP Inc. → HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7901368 2021-12-20] (Malwarebytes Inc → Malwarebytes)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\21.230.1107.0004\OneDriveUpdaterService.e xe [3737976 2021-12-13] (Microsoft Corporation → Microsoft Corporation)
R3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS. exe [65536 2017-11-14] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1537536 2019-06-07] (Intuit Inc.) [File not signed]
R2 SeagateSecure; C:\Users\khval\APPDATA\ROAMING\TOOLKIT\SeagateSecu re\SeagateSecureService.exe [366672 2020-12-01] (SEAGATE TECHNOLOGY LLC → Seagate Technology LLC)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\NisSrv.exe [2665432 2021-07-09] (Microsoft Windows Publisher → Microsoft Corporation)
R2 WildTangentHelper; C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe [1657136 2020-02-12] (WildTangent Inc → )
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MsMpEng.exe [136640 2021-07-09] (Microsoft Windows Publisher → Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\WINDOWS\System32\drivers\Accelerometer.sys [50616 2021-11-24] (WDKTestCert VssAdministrator,132811656475919983 → HP)
S3 AmUStor; C:\WINDOWS\system32\drivers\AmUStor.SYS [108480 2018-06-25] (Alcorlink Corp. → )
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 → Apple Inc.)
R0 avgArDisk; C:\WINDOWS\System32\drivers\avgArDisk.sys [36920 2021-12-20] (AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [222248 2021-12-20] (AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [369288 2021-12-20] (AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [253064 2021-12-20] (AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [100488 2021-12-20] (AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.)
R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [21960 2021-09-24] (Microsoft Windows Early Launch Anti-malware Publisher → AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [42552 2021-12-20] (AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.)
R1 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [186424 2021-12-20] (AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.)
R1 avgNetHub; C:\WINDOWS\System32\drivers\avgNetHub.sys [540192 2021-12-20] (AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [109056 2021-12-20] (AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [84120 2021-12-20] (AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [853944 2021-12-20] (AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [545312 2021-12-20] (AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [215576 2021-12-20] (AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [318904 2021-12-20] (AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.)
R1 googledrivefs3525; C:\WINDOWS\System32\DRIVERS\googledrivefs3525.sys [389640 2021-08-09] (Google LLC → Google, Inc.)
R1 googledrivefs3688; C:\WINDOWS\System32\DRIVERS\googledrivefs3688.sys [381456 2021-12-14] (Microsoft Windows Hardware Compatibility Publisher → Google, Inc.)
R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpc ustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcu stomcapdriver.sys [25592 2021-09-15] (HP Inc. → HP Inc.)
R0 hpdskflt; C:\WINDOWS\System32\drivers\hpdskflt.sys [60448 2021-11-24] (WDKTestCert VssAdministrator,132811656475919983 → HP)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210352 2021-12-20] (Microsoft Windows Hardware Compatibility Publisher → Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-12-20] (Microsoft Windows Early Launch Anti-malware Publisher → Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-12-20] (Malwarebytes Inc → Malwarebytes)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-07-09] (Microsoft Windows Early Launch Anti-malware Publisher → Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [425192 2021-07-09] (Microsoft Windows → Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76008 2021-07-09] (Microsoft Windows → Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64 .sys [37280 2021-11-23] (HP Inc. → HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-01-11 10:32 - 2022-01-11 10:32 - 000000000 ___HD C:$AV_AVG
2022-01-11 10:32 - 2022-01-11 10:32 - 000000000 ____D C:\Users\khval\Downloads\FRST-OlderVersion
2021-12-22 08:56 - 2021-12-14 07:44 - 000381456 _____ (Google, Inc.) C:\WINDOWS\system32\Drivers\googledrivefs3688.sys
2021-12-20 10:23 - 2021-12-20 10:23 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask .job
2021-12-20 10:22 - 2021-12-20 10:35 - 000399444 _____ C:\WINDOWS\ntbtlog.txt
2021-12-20 10:02 - 2021-12-20 10:02 - 000000000 ____D C:\Users\khval\AppData\Local\mbam
2021-12-20 10:01 - 2021-12-20 10:37 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-12-20 10:01 - 2021-12-20 10:23 - 000210352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-12-20 10:01 - 2021-12-20 10:01 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-12-20 10:01 - 2021-12-20 10:01 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-12-20 10:01 - 2021-12-20 10:01 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-12-20 10:01 - 2021-12-20 10:01 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-12-20 10:00 - 2021-12-20 10:00 - 002910904 _____ (Malwarebytes) C:\Users\khval\Downloads\MBSetup.exe
2021-12-20 10:00 - 2021-12-20 10:00 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-12-20 10:00 - 2021-12-20 10:00 - 000000000 ____D C:\Program Files\Malwarebytes
2021-12-20 09:14 - 2021-12-20 09:13 - 000336824 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2021-12-20 09:14 - 2021-12-20 09:13 - 000215576 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2021-12-20 08:59 - 2021-12-20 09:10 - 000000000 ____D C:\Users\khval\AppData\Local\Adobe
2021-12-19 18:38 - 2021-12-19 18:38 - 000000000 ____D C:\WINDOWS\SystemTemp
2021-12-19 09:12 - 2021-12-19 09:12 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-12-19 09:12 - 2021-12-19 09:12 - 000011979 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-12-19 09:11 - 2021-12-19 09:11 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-12-19 09:11 - 2021-12-19 09:11 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-12-19 08:55 - 2021-12-19 08:55 - 000000000 ___HD C:$WinREAgent
2021-12-17 08:44 - 2021-12-17 08:44 - 015108180 _____ C:\Users\khval\Downloads\attachments (3).zip
2021-12-15 08:49 - 2021-12-19 08:52 - 000003104 _____ C:\WINDOWS\system32\Tasks\CCleaner Browser Heartbeat Task (Hourly)
2021-12-15 08:49 - 2021-12-19 08:52 - 000002622 _____ C:\WINDOWS\system32\Tasks\CCleaner Browser Heartbeat Task (Logon)
2021-12-15 08:49 - 2021-12-17 08:40 - 000002394 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner Browser.lnk
2021-12-15 08:49 - 2021-12-17 08:40 - 000002359 _____ C:\Users\Public\Desktop\CCleaner Browser.lnk
2021-12-15 08:49 - 2021-12-15 08:49 - 000000000 ____D C:\Users\khval\AppData\Local\CCleaner Browser
2021-12-15 08:49 - 2021-12-15 08:49 - 000000000 ____D C:\ProgramData\CCleaner Browser
2021-12-15 08:48 - 2021-12-19 08:52 - 000003402 _____ C:\WINDOWS\system32\Tasks\CCleanerUpdateTaskMachin eUA
2021-12-15 08:48 - 2021-12-19 08:52 - 000003178 _____ C:\WINDOWS\system32\Tasks\CCleanerUpdateTaskMachin eCore
2021-12-15 08:48 - 2021-12-17 08:40 - 000000000 ____D C:\Program Files (x86)\CCleaner Browser
2021-12-13 11:28 - 2021-12-19 08:52 - 000003070 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2544099675-2571443181-3956208610-1001

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-01-11 10:37 - 2021-07-11 15:43 - 000000000 ____D C:\FRST
2022-01-11 10:36 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-01-11 10:32 - 2021-07-11 15:43 - 000000479 _____ C:\Users\khval\Downloads\FRST.txt
2022-01-11 10:28 - 2020-02-05 09:24 - 000000000 ____D C:\Program Files (x86)\Google
2022-01-11 09:46 - 2020-11-09 12:26 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-01-11 09:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-01-11 09:26 - 2020-11-09 13:02 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-01-11 09:25 - 2020-03-29 15:40 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2022-01-11 09:24 - 2021-07-11 16:07 - 000000000 ____D C:\Program Files\CCleaner
2022-01-11 09:23 - 2020-07-10 23:43 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-01-11 09:23 - 2020-07-10 23:43 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-01-11 09:22 - 2021-07-11 16:09 - 000004266 _____ C:\WINDOWS\system32\Tasks\Antivirus Emergency Update
2022-01-11 09:22 - 2019-03-14 12:47 - 000000000 ___RD C:\Users\khval\OneDrive
2022-01-08 17:04 - 2019-03-14 13:11 - 000000000 ____D C:\Users\khval\AppData\Roaming\Spotify
2022-01-08 17:01 - 2019-03-14 13:12 - 000000000 ____D C:\Users\khval\AppData\Local\Spotify
2022-01-06 10:46 - 2019-12-07 02:13 - 000000000 ____D C:\WINDOWS\INF
2022-01-05 12:35 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-01-05 11:18 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-01-04 11:14 - 2020-02-05 09:25 - 000000000 ___RD C:\Users\khval\Google Drive
2022-01-04 10:58 - 2020-02-05 09:24 - 000000000 ____D C:\Program Files\Google
2022-01-04 10:58 - 2020-01-18 17:28 - 000000000 ____D C:\Users\khval\AppData\Local\Google
2022-01-04 10:25 - 2019-03-14 12:44 - 000000000 __SHD C:\Users\khval\IntelGraphicsProfiles
2021-12-22 08:59 - 2019-03-15 17:27 - 000000000 ____D C:\Users\khval\AppData\Local\D3DSCache
2021-12-22 08:56 - 2021-09-08 09:30 - 000002064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2021-12-22 08:56 - 2021-09-08 09:30 - 000001906 _____ C:\Users\Default\Desktop\Google Slides.lnk
2021-12-22 08:56 - 2021-09-08 09:30 - 000001906 _____ C:\Users\Default\Desktop\Google Sheets.lnk
2021-12-22 08:56 - 2021-09-08 09:30 - 000001894 _____ C:\Users\Default\Desktop\Google Docs.lnk
2021-12-20 10:43 - 2020-11-09 12:45 - 000847728 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-12-20 10:36 - 2021-07-11 16:07 - 000000000 ____D C:\ProgramData\AVG
2021-12-20 10:36 - 2020-11-09 13:02 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-12-20 10:36 - 2020-11-09 12:25 - 000008192 ___SH C:\DumpStack.log.tmp
2021-12-20 10:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-12-20 10:35 - 2019-12-07 02:03 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2021-12-20 10:03 - 2019-04-14 19:37 - 000000000 ____D C:\Users\khval\AppData\LocalLow\Mozilla
2021-12-20 10:02 - 2021-07-31 10:13 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-12-20 10:01 - 2019-12-07 02:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-12-20 09:14 - 2021-07-11 16:09 - 000318904 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2021-12-20 09:13 - 2021-07-11 16:09 - 000545312 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2021-12-20 09:13 - 2021-07-11 16:09 - 000540192 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgNetHub.sys
2021-12-20 09:13 - 2021-07-11 16:09 - 000253064 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys
2021-12-20 09:13 - 2021-07-11 16:09 - 000222248 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2021-12-20 09:13 - 2021-07-11 16:09 - 000186424 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2021-12-20 09:13 - 2021-07-11 16:09 - 000109056 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2021-12-20 09:13 - 2021-07-11 16:09 - 000100488 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys
2021-12-20 09:13 - 2021-07-11 16:09 - 000084120 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2021-12-20 09:13 - 2021-07-11 16:09 - 000042552 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys
2021-12-20 09:13 - 2021-07-11 16:09 - 000036920 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArDisk.sys
2021-12-20 09:12 - 2021-07-11 16:09 - 000853944 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2021-12-20 09:12 - 2021-07-11 16:09 - 000369288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys
2021-12-19 18:43 - 2020-11-09 12:26 - 000307864 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-12-19 18:39 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-12-19 18:39 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-12-19 18:39 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-12-19 18:39 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-12-19 18:39 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-12-19 18:39 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-12-19 18:39 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-12-19 18:39 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-12-19 18:39 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-12-19 18:39 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-12-19 18:37 - 2020-11-09 12:35 - 000000000 ____D C:\Users\khval
2021-12-19 08:52 - 2021-08-19 07:25 - 000002254 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - khval
2021-12-19 08:52 - 2021-07-24 06:59 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2021-12-19 08:52 - 2021-07-11 16:07 - 000002988 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-12-19 08:52 - 2020-11-30 10:10 - 000003214 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskM achineCore1d6b6d0ca8e983d
2021-12-19 08:52 - 2020-11-09 13:02 - 000003526 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-2544099675-2571443181-3956208610-1001UA
2021-12-19 08:52 - 2020-11-09 13:02 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskM achineUA
2021-12-19 08:52 - 2020-11-09 13:02 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineU A
2021-12-19 08:52 - 2020-11-09 13:02 - 000003258 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-2544099675-2571443181-3956208610-1001Core
2021-12-19 08:52 - 2020-11-09 13:02 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskM achineCore
2021-12-19 08:52 - 2020-11-09 13:02 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineC ore
2021-12-19 08:52 - 2020-11-09 13:02 - 000002856 _____ C:\WINDOWS\system32\Tasks\HPJumpStartLaunch
2021-12-19 08:52 - 2020-11-09 13:02 - 000002766 _____ C:\WINDOWS\system32\Tasks\HPAudioSwitch
2021-12-19 08:52 - 2020-11-09 13:02 - 000002716 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2021-12-19 08:52 - 2020-11-09 13:02 - 000002666 _____ C:\WINDOWS\system32\Tasks\HPCustParticipation HP Officejet 5740 series
2021-12-19 08:52 - 2020-11-09 13:02 - 000002310 _____ C:\WINDOWS\system32\Tasks\RtkAudUService64_BG
2021-12-16 18:57 - 2020-11-09 13:02 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard
2021-12-16 15:44 - 2021-07-22 09:39 - 000000000 ____D C:\Users\khval\AppData\Local\CrashDumps
2021-12-16 15:39 - 2019-03-15 10:47 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-12-16 15:38 - 2019-03-15 10:47 - 137938848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-12-13 17:59 - 2020-03-29 15:42 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-12-13 17:59 - 2020-03-29 15:42 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-12-13 11:29 - 2021-08-21 14:23 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2021-12-13 11:29 - 2019-09-09 16:25 - 000002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
0-00-00 21428:56375 - 2019-01-18 10:05 - 000004664 ____R C:\WINDOWS\system32\Drivers\CxSfPt.DAT

==================== Files in the root of some directories ========

2019-12-08 19:23 - 2019-12-08 19:23 - 000000000 _____ () C:\Users\khval\AppData\Local\D211B1.tmp
2020-08-05 13:09 - 2020-08-05 13:09 - 000000000 _____ () C:\Users\khval\AppData\Local\D21345.tmp
2019-10-05 14:08 - 2019-10-05 14:08 - 000000000 _____ () C:\Users\khval\AppData\Local\D21500.tmp
2019-10-20 13:38 - 2019-10-20 13:38 - 000000000 _____ () C:\Users\khval\AppData\Local\D21690.tmp
2019-09-22 14:56 - 2019-09-22 14:56 - 000000000 _____ () C:\Users\khval\AppData\Local\D216B7.tmp
2020-04-04 13:29 - 2020-04-04 13:29 - 000000000 _____ () C:\Users\khval\AppData\Local\D2173E.tmp
2019-09-07 12:07 - 2019-09-07 12:07 - 000000000 _____ () C:\Users\khval\AppData\Local\D219A0.tmp
2020-08-06 18:02 - 2020-08-06 18:02 - 000000000 _____ () C:\Users\khval\AppData\Local\D21A09.tmp
2020-12-22 17:27 - 2020-12-22 17:27 - 000000000 _____ () C:\Users\khval\AppData\Local\D21B08.tmp
2019-11-30 18:13 - 2019-11-30 18:13 - 000000000 _____ () C:\Users\khval\AppData\Local\D21C5B.tmp
2020-07-31 16:11 - 2020-07-31 16:11 - 000000000 _____ () C:\Users\khval\AppData\Local\D21C97.tmp
2019-08-11 17:55 - 2019-08-11 17:55 - 000000000 _____ () C:\Users\khval\AppData\Local\D21CE.tmp
2019-08-30 09:42 - 2019-08-30 09:42 - 000000000 _____ () C:\Users\khval\AppData\Local\D21D26.tmp
2019-10-05 21:32 - 2019-10-05 21:32 - 000000000 _____ () C:\Users\khval\AppData\Local\D21D81.tmp
2019-09-21 08:44 - 2019-09-21 08:44 - 000000000 _____ () C:\Users\khval\AppData\Local\D21DC2.tmp
2019-12-15 15:06 - 2019-12-15 15:06 - 000000000 _____ () C:\Users\khval\AppData\Local\D21F7E.tmp
2020-08-07 17:20 - 2020-08-07 17:20 - 000000000 _____ () C:\Users\khval\AppData\Local\D22070.tmp
2019-10-20 13:30 - 2019-10-20 13:30 - 000000000 _____ () C:\Users\khval\AppData\Local\D22108.tmp
2019-08-29 21:01 - 2019-08-29 21:01 - 000000000 _____ () C:\Users\khval\AppData\Local\D22156.tmp
2020-12-26 19:40 - 2020-12-26 19:40 - 000000000 _____ () C:\Users\khval\AppData\Local\D223E4.tmp
2019-10-10 19:51 - 2019-10-10 19:51 - 000000000 _____ () C:\Users\khval\AppData\Local\D225D7.tmp
2019-09-04 20:44 - 2019-09-04 20:44 - 000000000 _____ () C:\Users\khval\AppData\Local\D22810.tmp
2020-08-07 19:22 - 2020-08-07 19:22 - 000000000 _____ () C:\Users\khval\AppData\Local\D2290B.tmp
2019-08-11 15:27 - 2019-08-11 15:27 - 000000000 _____ () C:\Users\khval\AppData\Local\D22A6A.tmp
2020-12-20 15:28 - 2020-12-20 15:28 - 000000000 _____ () C:\Users\khval\AppData\Local\D22A80.tmp
2019-12-15 16:32 - 2019-12-15 16:32 - 000000000 _____ () C:\Users\khval\AppData\Local\D22AF7.tmp
2019-08-23 14:10 - 2019-08-23 14:10 - 000000000 _____ () C:\Users\khval\AppData\Local\D22B6.tmp
2020-12-13 16:36 - 2020-12-13 16:36 - 000000000 _____ () C:\Users\khval\AppData\Local\D22D0D.tmp
2019-08-22 18:58 - 2019-08-22 18:58 - 000000000 _____ () C:\Users\khval\AppData\Local\D22D1D.tmp
2019-09-15 19:48 - 2019-09-15 19:48 - 000000000 _____ () C:\Users\khval\AppData\Local\D22F27.tmp
2019-09-28 21:36 - 2019-09-28 21:36 - 000000000 _____ () C:\Users\khval\AppData\Local\D23201.tmp
2020-08-11 10:42 - 2020-08-11 10:42 - 000000000 _____ () C:\Users\khval\AppData\Local\D237FA.tmp
2021-01-10 14:16 - 2021-01-10 14:16 - 000000000 _____ () C:\Users\khval\AppData\Local\D23893.tmp
2019-11-10 15:38 - 2019-11-10 15:38 - 000000000 _____ () C:\Users\khval\AppData\Local\D238C8.tmp
2019-12-20 16:24 - 2019-12-20 16:24 - 000000000 _____ () C:\Users\khval\AppData\Local\D2394E.tmp
2019-11-16 15:53 - 2019-11-16 15:53 - 000000000 _____ () C:\Users\khval\AppData\Local\D23BAC.tmp
2019-08-11 14:30 - 2019-08-11 14:30 - 000000000 _____ () C:\Users\khval\AppData\Local\D23C97.tmp
2019-08-30 13:28 - 2019-08-30 13:28 - 000000000 _____ () C:\Users\khval\AppData\Local\D23EE8.tmp
2019-09-22 10:21 - 2019-09-22 10:21 - 000000000 _____ () C:\Users\khval\AppData\Local\D23F76.tmp
2019-09-11 16:56 - 2019-09-11 16:56 - 000000000 _____ () C:\Users\khval\AppData\Local\D23FAE.tmp
2019-08-25 21:39 - 2019-08-25 21:39 - 000000000 _____ () C:\Users\khval\AppData\Local\D240BF.tmp
2019-09-18 18:33 - 2019-09-18 18:33 - 000000000 _____ () C:\Users\khval\AppData\Local\D241BF.tmp
2020-12-26 18:01 - 2020-12-26 18:01 - 000000000 _____ () C:\Users\khval\AppData\Local\D24201.tmp
2021-01-14 15:53 - 2021-01-14 15:53 - 000000000 _____ () C:\Users\khval\AppData\Local\D24331.tmp
2019-08-08 22:26 - 2019-08-08 22:26 - 000000000 _____ () C:\Users\khval\AppData\Local\D24435.tmp
2019-09-03 17:00 - 2019-09-03 17:00 - 000000000 _____ () C:\Users\khval\AppData\Local\D24637.tmp
2019-09-21 08:38 - 2019-09-21 08:38 - 000000000 _____ () C:\Users\khval\AppData\Local\D24679.tmp
2019-08-19 13:53 - 2019-08-19 13:53 - 000000000 _____ () C:\Users\khval\AppData\Local\D247AC.tmp
2020-08-09 18:28 - 2020-08-09 18:28 - 000000000 _____ () C:\Users\khval\AppData\Local\D247E8.tmp
2019-08-23 15:20 - 2019-08-23 15:20 - 000000000 _____ () C:\Users\khval\AppData\Local\D247F5.tmp
2020-07-31 19:33 - 2020-07-31 19:33 - 000000000 _____ () C:\Users\khval\AppData\Local\D24A10.tmp
2019-09-03 14:29 - 2019-09-03 14:29 - 000000000 _____ () C:\Users\khval\AppData\Local\D24C94.tmp
2019-12-13 22:32 - 2019-12-13 22:32 - 000000000 _____ () C:\Users\khval\AppData\Local\D24E29.tmp
2019-12-23 09:02 - 2019-12-23 09:02 - 000000000 _____ () C:\Users\khval\AppData\Local\D24E74.tmp
2019-10-27 14:53 - 2019-10-27 14:53 - 000000000 _____ () C:\Users\khval\AppData\Local\D24F5E.tmp
2020-12-07 13:59 - 2020-12-07 13:59 - 000000000 _____ () C:\Users\khval\AppData\Local\D24F77.tmp
2019-10-22 17:40 - 2019-10-22 17:40 - 000000000 _____ () C:\Users\khval\AppData\Local\D25438.tmp
2019-11-29 12:13 - 2019-11-29 12:13 - 000000000 _____ () C:\Users\khval\AppData\Local\D254A6.tmp
2020-07-19 14:56 - 2020-07-19 14:56 - 000000000 _____ () C:\Users\khval\AppData\Local\D2568C.tmp
2019-09-22 14:12 - 2019-09-22 14:12 - 000000000 _____ () C:\Users\khval\AppData\Local\D256F3.tmp
2019-08-13 14:40 - 2019-08-13 14:40 - 000000000 _____ () C:\Users\khval\AppData\Local\D257D7.tmp
2019-08-22 12:28 - 2019-08-22 12:28 - 000000000 _____ () C:\Users\khval\AppData\Local\D25984.tmp
2020-04-13 14:52 - 2020-04-13 14:52 - 000000000 _____ () C:\Users\khval\AppData\Local\D25C54.tmp
2019-08-07 19:47 - 2019-08-07 19:47 - 000000000 _____ () C:\Users\khval\AppData\Local\D25D6B.tmp
2019-08-28 13:14 - 2019-08-28 13:14 - 000000000 _____ () C:\Users\khval\AppData\Local\D25E12.tmp
2019-08-20 14:47 - 2019-08-20 14:47 - 000000000 _____ () C:\Users\khval\AppData\Local\D25F8B.tmp
2020-08-03 20:17 - 2020-08-03 20:17 - 000000000 _____ () C:\Users\khval\AppData\Local\D25FAC.tmp
2019-09-17 14:51 - 2019-09-17 14:51 - 000000000 _____ () C:\Users\khval\AppData\Local\D2604E.tmp
2019-10-27 16:43 - 2019-10-27 16:43 - 000000000 _____ () C:\Users\khval\AppData\Local\D263DA.tmp
2019-08-12 12:52 - 2019-08-12 12:52 - 000000000 _____ () C:\Users\khval\AppData\Local\D2642C.tmp
2019-09-25 15:37 - 2019-09-25 15:37 - 000000000 _____ () C:\Users\khval\AppData\Local\D264BE.tmp
2019-09-25 19:56 - 2019-09-25 19:56 - 000000000 _____ () C:\Users\khval\AppData\Local\D266A1.tmp
2019-12-16 15:02 - 2019-12-16 15:02 - 000000000 _____ () C:\Users\khval\AppData\Local\D26876.tmp
2019-11-09 17:54 - 2019-11-09 17:54 - 000000000 _____ () C:\Users\khval\AppData\Local\D2697C.tmp
2019-09-21 08:41 - 2019-09-21 08:41 - 000000000 _____ () C:\Users\khval\AppData\Local\D269D.tmp
2020-08-01 17:03 - 2020-08-01 17:03 - 000000000 _____ () C:\Users\khval\AppData\Local\D26A69.tmp
2020-05-16 17:10 - 2020-05-16 17:10 - 000000000 _____ () C:\Users\khval\AppData\Local\D26CB2.tmp
2019-09-17 21:07 - 2019-09-17 21:07 - 000000000 _____ () C:\Users\khval\AppData\Local\D27005.tmp
2019-09-27 21:12 - 2019-09-27 21:12 - 000000000 _____ () C:\Users\khval\AppData\Local\D2730B.tmp
2019-10-13 13:12 - 2019-10-13 13:12 - 000000000 _____ () C:\Users\khval\AppData\Local\D2776C.tmp
2020-12-30 17:02 - 2020-12-30 17:02 - 000000000 _____ () C:\Users\khval\AppData\Local\D27813.tmp
2019-08-25 13:56 - 2019-08-25 13:56 - 000000000 _____ () C:\Users\khval\AppData\Local\D27868.tmp
2019-09-24 16:10 - 2019-09-24 16:10 - 000000000 _____ () C:\Users\khval\AppData\Local\D27A04.tmp
2019-10-22 13:52 - 2019-10-22 13:52 - 000000000 _____ () C:\Users\khval\AppData\Local\D27A08.tmp
2019-09-06 15:11 - 2019-09-06 15:11 - 000000000 _____ () C:\Users\khval\AppData\Local\D27AC5.tmp
2019-08-19 15:10 - 2019-08-19 15:10 - 000000000 _____ () C:\Users\khval\AppData\Local\D27E57.tmp
2019-10-20 13:01 - 2019-10-20 13:01 - 000000000 _____ () C:\Users\khval\AppData\Local\D27F76.tmp
2020-07-30 15:14 - 2020-07-30 15:14 - 000000000 _____ () C:\Users\khval\AppData\Local\D27FF1.tmp
2020-12-30 14:59 - 2020-12-30 14:59 - 000000000 _____ () C:\Users\khval\AppData\Local\D28102.tmp
2019-09-26 16:29 - 2019-09-26 16:29 - 000000000 _____ () C:\Users\khval\AppData\Local\D281B9.tmp
2019-12-12 10:41 - 2019-12-12 10:41 - 000000000 _____ () C:\Users\khval\AppData\Local\D281D5.tmp
2019-11-03 18:52 - 2019-11-03 18:52 - 000000000 _____ () C:\Users\khval\AppData\Local\D281DA.tmp
2019-09-28 21:16 - 2019-09-28 21:16 - 000000000 _____ () C:\Users\khval\AppData\Local\D282FB.tmp
2019-08-09 15:28 - 2019-08-09 15:28 - 000000000 _____ () C:\Users\khval\AppData\Local\D2833D.tmp
2019-09-15 13:11 - 2019-09-15 13:11 - 000000000 _____ () C:\Users\khval\AppData\Local\D28495.tmp
2019-12-14 20:07 - 2019-12-14 20:07 - 000000000 _____ () C:\Users\khval\AppData\Local\D284B1.tmp
2019-09-26 15:20 - 2019-09-26 15:20 - 000000000 _____ () C:\Users\khval\AppData\Local\D284E6.tmp
2019-09-03 12:34 - 2019-09-03 12:34 - 000000000 _____ () C:\Users\khval\AppData\Local\D287B7.tmp
2019-10-09 16:40 - 2019-10-09 16:40 - 000000000 _____ () C:\Users\khval\AppData\Local\D28961.tmp
2019-09-02 13:14 - 2019-09-02 13:14 - 000000000 _____ () C:\Users\khval\AppData\Local\D28BF8.tmp
2019-10-24 16:29 - 2019-10-24 16:29 - 000000000 _____ () C:\Users\khval\AppData\Local\D28C85.tmp
2020-08-09 16:38 - 2020-08-09 16:38 - 000000000 _____ () C:\Users\khval\AppData\Local\D28E02.tmp
2020-01-05 15:38 - 2020-01-05 15:38 - 000000000 _____ () C:\Users\khval\AppData\Local\D28E08.tmp
2019-09-15 09:12 - 2019-09-15 09:12 - 000000000 _____ () C:\Users\khval\AppData\Local\D28EB0.tmp
2019-09-21 13:19 - 2019-09-21 13:19 - 000000000 _____ () C:\Users\khval\AppData\Local\D28FFE.tmp
2019-12-23 09:09 - 2019-12-23 09:09 - 000000000 _____ () C:\Users\khval\AppData\Local\D29033.tmp
2019-08-14 13:29 - 2019-08-14 13:29 - 000000000 _____ () C:\Users\khval\AppData\Local\D2907C.tmp
2019-08-08 21:09 - 2019-08-08 21:09 - 000000000 _____ () C:\Users\khval\AppData\Local\D2922F.tmp
2019-09-22 20:08 - 2019-09-22 20:08 - 000000000 _____ () C:\Users\khval\AppData\Local\D29504.tmp
2019-09-27 08:12 - 2019-09-27 08:12 - 000000000 _____ () C:\Users\khval\AppData\Local\D29569.tmp
2019-09-04 19:34 - 2019-09-04 19:34 - 000000000 _____ () C:\Users\khval\AppData\Local\D2973C.tmp
2020-08-09 17:44 - 2020-08-09 17:44 - 000000000 _____ () C:\Users\khval\AppData\Local\D297E3.tmp
2019-09-04 12:43 - 2019-09-04 12:43 - 000000000 _____ () C:\Users\khval\AppData\Local\D2987E.tmp
2019-12-08 15:31 - 2019-12-08 15:31 - 000000000 _____ () C:\Users\khval\AppData\Local\D298CF.tmp
2019-08-17 22:29 - 2019-08-17 22:29 - 000000000 _____ () C:\Users\khval\AppData\Local\D298FB.tmp
2021-01-02 16:33 - 2021-01-02 16:33 - 000000000 _____ () C:\Users\khval\AppData\Local\D29C14.tmp
2019-09-20 20:18 - 2019-09-20 20:18 - 000000000 _____ () C:\Users\khval\AppData\Local\D29E6D.tmp
2020-12-27 19:08 - 2020-12-27 19:08 - 000000000 _____ () C:\Users\khval\AppData\Local\D29E8D.tmp
2021-01-12 17:27 - 2021-01-12 17:27 - 000000000 _____ () C:\Users\khval\AppData\Local\D29F72.tmp
2019-09-21 08:43 - 2019-09-21 08:43 - 000000000 _____ () C:\Users\khval\AppData\Local\D29F8E.tmp
2019-11-09 10:05 - 2019-11-09 10:05 - 000000000 _____ () C:\Users\khval\AppData\Local\D29FD5.tmp
2019-08-11 19:11 - 2019-08-11 19:11 - 000000000 _____ () C:\Users\khval\AppData\Local\D2A0EC.tmp
2019-12-16 17:36 - 2019-12-16 17:36 - 000000000 _____ () C:\Users\khval\AppData\Local\D2A12C.tmp
2019-08-15 16:01 - 2019-08-15 16:01 - 000000000 _____ () C:\Users\khval\AppData\Local\D2A211.tmp
2019-09-14 16:07 - 2019-09-14 16:07 - 000000000 _____ () C:\Users\khval\AppData\Local\D2A452.tmp
2019-09-07 16:39 - 2019-09-07 16:39 - 000000000 _____ () C:\Users\khval\AppData\Local\D2A4A4.tmp
2019-09-23 18:27 - 2019-09-23 18:27 - 000000000 _____ () C:\Users\khval\AppData\Local\D2A526.tmp
2019-09-22 10:52 - 2019-09-22 10:52 - 000000000 _____ () C:\Users\khval\AppData\Local\D2A5AB.tmp
2020-07-18 15:08 - 2020-07-18 15:08 - 000000000 _____ () C:\Users\khval\AppData\Local\D2A6D9.tmp
2019-09-14 21:31 - 2019-09-14 21:31 - 000000000 _____ () C:\Users\khval\AppData\Local\D2A71C.tmp
2019-11-30 11:39 - 2019-11-30 11:39 - 000000000 _____ () C:\Users\khval\AppData\Local\D2A7F2.tmp
2019-09-04 14:33 - 2019-09-04 14:33 - 000000000 _____ () C:\Users\khval\AppData\Local\D2A9D8.tmp
2019-08-13 21:58 - 2019-08-13 21:58 - 000000000 _____ () C:\Users\khval\AppData\Local\D2AB2.tmp
2019-08-09 20:40 - 2019-08-09 20:40 - 000000000 _____ () C:\Users\khval\AppData\Local\D2AC23.tmp
2019-09-02 12:09 - 2019-09-02 12:09 - 000000000 _____ () C:\Users\khval\AppData\Local\D2AD11.tmp
2019-09-22 21:51 - 2019-09-22 21:51 - 000000000 _____ () C:\Users\khval\AppData\Local\D2AD18.tmp
2019-08-10 20:58 - 2019-08-10 20:58 - 000000000 _____ () C:\Users\khval\AppData\Local\D2AECA.tmp
2019-12-14 15:54 - 2019-12-14 15:54 - 000000000 _____ () C:\Users\khval\AppData\Local\D2AF06.tmp
2019-08-12 16:16 - 2019-08-12 16:16 - 000000000 _____ () C:\Users\khval\AppData\Local\D2B0F7.tmp
2020-08-02 14:09 - 2020-08-02 14:09 - 000000000 _____ () C:\Users\khval\AppData\Local\D2B2A8.tmp
2019-08-19 19:13 - 2019-08-19 19:13 - 000000000 _____ () C:\Users\khval\AppData\Local\D2B425.tmp
2019-10-05 19:23 - 2019-10-05 19:23 - 000000000 _____ () C:\Users\khval\AppData\Local\D2B83C.tmp
2019-08-13 20:58 - 2019-08-13 20:58 - 000000000 _____ () C:\Users\khval\AppData\Local\D2B942.tmp
2019-09-05 22:39 - 2019-09-05 22:39 - 000000000 _____ () C:\Users\khval\AppData\Local\D2B9D7.tmp
2019-08-26 13:26 - 2019-08-26 13:26 - 000000000 _____ () C:\Users\khval\AppData\Local\D2BBC7.tmp
2019-08-28 09:22 - 2019-08-28 09:22 - 000000000 _____ () C:\Users\khval\AppData\Local\D2BBD9.tmp
2019-08-12 20:45 - 2019-08-12 20:45 - 000000000 _____ () C:\Users\khval\AppData\Local\D2BD9D.tmp
2019-12-15 12:30 - 2019-12-15 12:30 - 000000000 _____ () C:\Users\khval\AppData\Local\D2BF40.tmp
2020-08-08 15:42 - 2020-08-08 15:42 - 000000000 _____ () C:\Users\khval\AppData\Local\D2C19D.tmp
2019-08-22 14:27 - 2019-08-22 14:27 - 000000000 _____ () C:\Users\khval\AppData\Local\D2C25E.tmp
2019-12-16 20:18 - 2019-12-16 20:18 - 000000000 _____ () C:\Users\khval\AppData\Local\D2C3C8.tmp
2019-08-19 16:55 - 2019-08-19 16:55 - 000000000 _____ () C:\Users\khval\AppData\Local\D2C7B2.tmp
2019-12-20 18:18 - 2019-12-20 18:18 - 000000000 _____ () C:\Users\khval\AppData\Local\D2CF1.tmp
2019-10-10 14:44 - 2019-10-10 14:44 - 000000000 _____ () C:\Users\khval\AppData\Local\D2CFF8.tmp
2020-01-15 12:54 - 2020-01-15 12:54 - 000000000 _____ () C:\Users\khval\AppData\Local\D2D17A.tmp
2020-08-05 15:34 - 2020-08-05 15:34 - 000000000 _____ () C:\Users\khval\AppData\Local\D2D1E0.tmp
2019-09-25 21:50 - 2019-09-25 21:50 - 000000000 _____ () C:\Users\khval\AppData\Local\D2D34C.tmp
2019-09-25 22:17 - 2019-09-25 22:17 - 000000000 _____ () C:\Users\khval\AppData\Local\D2D4E.tmp
2019-09-23 11:25 - 2019-09-23 11:25 - 000000000 _____ () C:\Users\khval\AppData\Local\D2DAB7.tmp
2019-12-20 20:16 - 2019-12-20 20:16 - 000000000 _____ () C:\Users\khval\AppData\Local\D2DAC7.tmp
2020-08-11 15:03 - 2020-08-11 15:03 - 000000000 _____ () C:\Users\khval\AppData\Local\D2DB49.tmp
2019-08-15 16:30 - 2019-08-15 16:30 - 000000000 _____ () C:\Users\khval\AppData\Local\D2DCA4.tmp
2019-10-10 14:38 - 2019-10-10 14:38 - 000000000 _____ () C:\Users\khval\AppData\Local\D2DE67.tmp
2019-08-21 21:09 - 2019-08-21 21:09 - 000000000 _____ () C:\Users\khval\AppData\Local\D2DFCB.tmp
2020-12-07 14:36 - 2020-12-07 14:36 - 000000000 _____ () C:\Users\khval\AppData\Local\D2DFFF.tmp
2019-09-07 15:23 - 2019-09-07 15:23 - 000000000 _____ () C:\Users\khval\AppData\Local\D2E1CC.tmp
2020-01-29 13:44 - 2020-01-29 13:44 - 000000000 _____ () C:\Users\khval\AppData\Local\D2E402.tmp
2019-08-07 19:42 - 2019-08-07 19:42 - 000000000 _____ () C:\Users\khval\AppData\Local\D2E456.tmp
2019-08-28 11:59 - 2019-08-28 11:59 - 000000000 _____ () C:\Users\khval\AppData\Local\D2E4C6.tmp
2019-09-07 12:09 - 2019-09-07 12:09 - 000000000 _____ () C:\Users\khval\AppData\Local\D2E567.tmp
2019-09-22 17:49 - 2019-09-22 17:49 - 000000000 _____ () C:\Users\khval\AppData\Local\D2E5B3.tmp
2019-11-25 20:32 - 2019-11-25 20:32 - 000000000 _____ () C:\Users\khval\AppData\Local\D2E972.tmp
2019-10-10 16:49 - 2019-10-10 16:49 - 000000000 _____ () C:\Users\khval\AppData\Local\D2E9FE.tmp
2019-08-28 20:42 - 2019-08-28 20:42 - 000000000 _____ () C:\Users\khval\AppData\Local\D2EC4E.tmp
2020-12-21 17:16 - 2020-12-21 17:16 - 000000000 _____ () C:\Users\khval\AppData\Local\D2ECEE.tmp
2019-09-14 17:37 - 2019-09-14 17:37 - 000000000 _____ () C:\Users\khval\AppData\Local\D2ED10.tmp
2020-09-08 14:44 - 2020-09-08 14:44 - 000000000 _____ () C:\Users\khval\AppData\Local\D2ED1D.tmp
2019-08-13 10:06 - 2019-08-13 10:06 - 000000000 _____ () C:\Users\khval\AppData\Local\D2ED79.tmp
2019-08-26 14:55 - 2019-08-26 14:55 - 000000000 _____ () C:\Users\khval\AppData\Local\D2EDA6.tmp
2020-08-02 18:38 - 2020-08-02 18:38 - 000000000 _____ () C:\Users\khval\AppData\Local\D2EF76.tmp
2019-08-19 10:47 - 2019-08-19 10:47 - 000000000 _____ () C:\Users\khval\AppData\Local\D2F011.tmp
2019-12-13 12:06 - 2019-12-13 12:06 - 000000000 _____ () C:\Users\khval\AppData\Local\D2F019.tmp
2019-12-20 15:58 - 2019-12-20 15:58 - 000000000 _____ () C:\Users\khval\AppData\Local\D2F05E.tmp
2019-08-07 19:13 - 2019-08-07 19:13 - 000000000 _____ () C:\Users\khval\AppData\Local\D2F06F.tmp
2019-09-07 18:17 - 2019-09-07 18:17 - 000000000 _____ () C:\Users\khval\AppData\Local\D2F0BB.tmp
2019-09-21 09:29 - 2019-09-21 09:29 - 000000000 _____ () C:\Users\khval\AppData\Local\D2F254.tmp
2020-12-30 20:19 - 2020-12-30 20:19 - 000000000 _____ () C:\Users\khval\AppData\Local\D2F404.tmp
2019-12-30 11:57 - 2019-12-30 11:57 - 000000000 _____ () C:\Users\khval\AppData\Local\D2F73.tmp
2019-09-14 20:42 - 2019-09-14 20:42 - 000000000 _____ () C:\Users\khval\AppData\Local\D2FB52.tmp
2019-12-20 19:32 - 2019-12-20 19:32 - 000000000 _____ () C:\Users\khval\AppData\Local\D2FBA1.tmp
2019-10-20 19:06 - 2019-10-20 19:06 - 000000000 _____ () C:\Users\khval\AppData\Local\D2FDD5.tmp
2019-12-09 18:38 - 2019-12-09 18:38 - 000000000 _____ () C:\Users\khval\AppData\Local\D2FF6E.tmp
2019-08-11 23:12 - 2019-08-11 23:12 - 000000000 _____ () C:\Users\khval\AppData\Local\D2FFE4.tmp
2021-12-01 16:03 - 2021-12-01 16:03 - 000002276 _____ () C:\Users\khval\AppData\Local\recently-used.xbel
2020-02-23 15:58 - 2020-02-23 15:58 - 000000017 _____ () C:\Users\khval\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

ATTENTION: ==> Could not access BCD. →
==================== End of FRST.txt ========================
[HEADING=1]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-01-2022 01
Ran by khval (11-01-2022 10:39:57)
Running from C:\Users\khval\OneDrive\Desktop
Microsoft Windows 10 Home Version 21H1 19043.1415 (X64) (2020-11-09 20:03:38)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2544099675-2571443181-3956208610-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2544099675-2571443181-3956208610-503 - Limited - Disabled)
Guest (S-1-5-21-2544099675-2571443181-3956208610-501 - Limited - Disabled)
khval (S-1-5-21-2544099675-2571443181-3956208610-1001 - Administrator - Enabled) => C:\Users\khval
WDAGUtilityAccount (S-1-5-21-2544099675-2571443181-3956208610-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
AS: McAfee VirusScan (Enabled - Up to date) {4DE344F8-6897-65B4-CED0-82B3AF2591B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABS PDF Install (HKLM-x32...{C42DD564-7DCD-4555-A7F3-15C0F46221D0}) (Version: 4.2.2 - Atlas Business Solutions, Inc.)
Adobe Acrobat Reader DC (HKLM-x32...{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.011.20039 - Adobe Systems Incorporated)
Astrology for Windows (HKLM-x32...\ST6UNST #1) (Version: - )
AVG AntiVirus FREE (HKLM...\AVG Antivirus) (Version: 21.11.3215 - AVG Technologies)
AVG Driver Updater (HKLM...\AVG Driver Updater) (Version: 21.4.2068.5714 - AVG)
Battle.net (HKLM-x32...\Battle.net) (Version: - Blizzard Entertainment)
Blackmagic RAW Common Components (HKLM...{0F3BD969-5F12-4734-A4EF-91B30FB9B1D5}) (Version: 2.0 - Blackmagic Design)
CCleaner (HKLM...\CCleaner) (Version: 5.88 - Piriform)
CCleaner Browser (HKLM-x32...\CCleaner Browser) (Version: 96.1.13589.113 - Piriform Software)
CCleaner Update Helper (HKLM-x32...{E4EAC0E2-A80B-479F-BA45-DCDA595C9A93}) (Version: 1.8.1187.1 - Piriform Software) Hidden
Diablo II (HKLM-x32...\Diablo II) (Version: 0.0.0.0 - Blizzard Entertainment)
Express Zip File Compression (HKLM-x32...\ExpressZip) (Version: 7.02 - NCH Software)
Fairlight Audio Accelerator Utility (HKLM...\FairlightAudioAccelerator_is1) (Version: 1.0.13 - Blackmagic Design)
GIMP 2.10.28 (HKLM...\GIMP-2_is1) (Version: 2.10.28 - The GIMP Team)
Google Chrome (HKLM-x32...\Google Chrome) (Version: 96.0.4664.110 - Google LLC)
Google Drive (HKLM...{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 54.0.2.0 - Google LLC)
Google Video Support Plugin (HKU\S-1-5-21-2544099675-2571443181-3956208610-1001...{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 19.12.1000.0 - Google, LLC.)
HP Audio Switch (HKLM-x32...{3A5141D4-47DB-4302-9B1C-272BE585BC8A}) (Version: 1.0.179.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32...{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.13.0 - HP Inc.)
HP Documentation (HKLM...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP Dropbox Plugin (HKLM-x32...{C54DEA1F-7A8D-410B-A675-04E0FB562CB0}) (Version: 40.13.54.81239 - HP)
HP Google Drive Plugin (HKLM-x32...{533B4739-13DD-4AAB-9524-070B3F0CE6ED}) (Version: 40.13.54.81239 - HP)
HP JumpStart Apps (HKLM-x32...\HP JumpStart Apps) (Version: 7.0.32 - HP Inc.)
HP JumpStart Bridge (HKLM-x32...{016FBF6D-AEDE-4D33-87B4-DF6815EF674A}) (Version: 1.4.0.485 - HP Inc.)
HP Officejet 5740 series Basic Device Software (HKLM...{8C417009-7889-42BC-8164-C74FFF358CE6}) (Version: 40.13.1176.1978 - HP Inc.)
HP Officejet 5740 series Help (HKLM-x32...{F17D53C7-DCE8-469C-9690-CF8F5903519C}) (Version: 34.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
I.R.I.S. OCR (HKLM-x32...{11ED31EC-7EFA-4D56-B71D-E0214C8984CC}) (Version: 12.3.7.0 - HP)
Intel(R) Rapid Storage Technology (HKLM...{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.5.1.1030 - Intel Corporation)
Intel® Optane™ Pinning Explorer Extensions (HKLM...{88667F43-B63E-4046-AF02-35E5412B8FAF}) (Version: 16.5.1.1030 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32...{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
LivePlan Sync Manager (HKLM-x32...{75970D1C-CAA2-4B14-8872-E5D2F0606F39}) (Version: 19.0.1122.15 - LivePlan)
Malwarebytes version 4.5.0.152 (HKLM...{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.0.152 - Malwarebytes)
Microsoft Edge (HKLM-x32...\Microsoft Edge) (Version: 97.0.1072.55 - Microsoft Corporation)
Microsoft OneDrive (HKLM...\OneDriveSetup.exe) (Version: 21.230.1107.0004 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM...{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32...{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32...{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29325 (HKLM-x32...{33628a12-6787-4b9f-95a1-92449f69fae0}) (Version: 14.28.29325.2 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29325 (HKLM-x32...{d7a6435f-ac9a-4af6-8fdc-ca130d13fac9}) (Version: 14.28.29325.2 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM...\Mozilla Firefox 90.0.2 (x64 en-US)) (Version: 90.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM...\MozillaMaintenanceService) (Version: 89.0 - Mozilla)
PhotoPad Image Editor (HKLM-x32...\PhotoPad) (Version: 5.50 - NCH Software)
Product Improvement Study for HP Officejet 5740 series (HKLM...{D4B37902-C484-4AAC-B3B8-70C203C4FAB3}) (Version: 40.13.1176.1978 - HP Inc.)
Project Diablo 2 (HKLM-x32...{822B3055-5F16-4934-A1FC-378AB0181A66}_is1) (Version: 1.0 - projectdiablo2.com)
QuickBooks (HKLM-x32...{4120AF20-BA58-49D1-8CFA-11F166E73945}) (Version: 29.0.4016.2901 - Intuit Inc.) Hidden
QuickBooks Pro 2019 (HKLM-x32...{FD44271B-DAFF-4C50-8E9B-998AA008606A}) (Version: 29.0.4009.2901 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM...{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Spotify (HKU\S-1-5-21-2544099675-2571443181-3956208610-1001...\Spotify) (Version: 1.1.74.631.g0b24d9ad - Spotify AB)
StarCraft (HKLM-x32...\StarCraft) (Version: - Blizzard Entertainment)
Toolkit (HKLM-x32...\Toolkit) (Version: 1.21.0.38 - Seagate)
VLC media player (HKLM-x32...\VLC media player) (Version: 3.0.8 - VideoLAN)
Windows PC Health Check (HKLM...{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-2544099675-2571443181-3956208610-1001...\ZoomUMX) (Version: 5.2.1 (44052.0816) - Zoom Video Communications, Inc.)
[HEADING=1]Packages:[/HEADING]
Dropbox promotion → C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64 __xbfy0k16fey96 [2020-01-16] (Dropbox Inc.)
ELAN Touchpad Setting → C:\Program Files\WindowsApps\ELANMicroelectronicsCorpo.ELANTo uchpadSetting_11.2.63.0_x64__stws0m115j6hg [2019-04-04] (ELAN Microelectronics Corporation)
Energy Star → C:\Program Files\WindowsApps\AD2F1837.HPInc.EnergyStar_1.2.0. 0_x64__v10z8vjag6ke6 [2019-01-18] (HP Inc.)
Honey → C:\Program Files\WindowsApps\HoneyScienceCorporation.Honey_11 .4.2.0_neutral__cbe4c63gm1mzr [2019-08-07] (Honey Science Corporation)
HP Audio Control → C:\Program Files\WindowsApps\RealtekSemiconductorCorp.HPAudio Control_1.2.173.0_x64__dt26b99r8h8gj [2019-06-07] (Realtek Semiconductor Corp)
HP CoolSense → C:\Program Files\WindowsApps\AD2F1837.HPCoolSense_1.0.6.0_x64 __v10z8vjag6ke6 [2019-01-18] (HP Inc.)
HP JumpStart → C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.4.481.0_x 86__v10z8vjag6ke6 [2019-01-18] (HP Inc.)
HP PC Hardware Diagnostics Windows → C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnostics Windows_1.8.0.0_x64__v10z8vjag6ke6 [2021-10-20] (HP Inc.)
HP Privacy Settings → C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.0.4 2.0_x64__v10z8vjag6ke6 [2021-04-10] (HP Inc.)
HP Smart → C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_133.1. 340.0_x64__v10z8vjag6ke6 [2021-12-13] (HP Inc.)
HP Support Assistant → C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.12 .43.0_x64__v10z8vjag6ke6 [2021-12-20] (HP Inc.)
HP System Event Utility → C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1. 2.11.0_x64__v10z8vjag6ke6 [2021-12-04] (HP Inc.)
Intel® Graphics Command Center → C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1. 100.3407.0_x64__8j3eq9eme6ctt [2021-12-08] (INTEL CORP) [Startup Task]
Intel® Graphics Control Panel → C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_ 3.3.0.0_x64__8j3eq9eme6ctt [2020-02-26] (INTEL CORP)
Intel® Optane™ Memory and Storage Management → C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorag eManagement_18.1.1021.0_x64__8j3eq9eme6ctt [2021-12-03] (INTEL CORP)
LinkedIn → C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1. 7098.0_neutral__w1wdnht996qgy [2019-03-14] (LinkedIn)
Microsoft Access → C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_ 16051.14701.20262.0_x86__8wekyb3d8bbwe [2021-12-20] (Microsoft Corporation)
Microsoft Advertising SDK for XAML → C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x64__8wekyb3d8bbwe [2019-03-14] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML → C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x86__8wekyb3d8bbwe [2019-03-14] (Microsoft Corporation) [MS Ad]
Microsoft Excel → C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_1 6051.14701.20262.0_x86__8wekyb3d8bbwe [2021-12-20] (Microsoft Corporation)
Microsoft Office Desktop Apps → C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.1 4701.20262.0_x86__8wekyb3d8bbwe [2021-12-20] (Microsoft Corporation)
Microsoft Outlook → C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook _16051.14701.20262.0_x86__8wekyb3d8bbwe [2021-12-20] (Microsoft Corporation)
Microsoft PowerPoint → C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPo int_16051.14701.20262.0_x86__8wekyb3d8bbwe [2021-12-20] (Microsoft Corporation)
Microsoft Publisher → C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publish er_16051.14701.20262.0_x86__8wekyb3d8bbwe [2021-12-20] (Microsoft Corporation)
Microsoft Solitaire Collection → C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireColl ection_4.11.12030.0_x64__8wekyb3d8bbwe [2021-12-13] (Microsoft Studios) [MS Ad]
Microsoft Word → C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16 051.14701.20262.0_x86__8wekyb3d8bbwe [2021-12-20] (Microsoft Corporation)
Netflix → C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64_ _mcm4njqhnhss8 [2020-07-16] (Netflix, Inc.)
Photos Media Engine Add-on → C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_ 1.0.0.0_x64__8wekyb3d8bbwe [2020-02-09] (Microsoft Corporation)
Phototastic Collage → C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticColla ge_3.27.5.0_x64__nfy108tqq3p12 [2021-12-19] (Thumbmunkeys Ltd)
Plex → C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam2 8m9va5cke [2019-03-14] (Plex)
Simple Solitaire → C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleS olitaire_7.4.4.0_x64__kx24dqmazqk8j [2021-10-07] (Random Salad Games LLC)
WildTangent Games → C:\Program Files\WindowsApps\WildTangentGames.63435CFB65F55_2 .0.84.0_x64__qt5r5pa5dyg8m [2021-02-28] (WildTangent Games)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{041F9391-C79D-44EE-AA4E-AF4E029C4B47}\InprocServer32 → C:\Users\khval\AppData\Local\Google\Update\1.3.36. 112\psuser_64.dll (Google LLC → Google LLC)
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE}\InprocServer32 → C:\Users\khval\AppData\Local\Google\Update\1.3.35. 442\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}\InprocServer32 → C:\Users\khval\AppData\Local\Google\Update\1.3.35. 423\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{6D264B70-DA18-401D-910C-B202D89670C6}\InprocServer32 → C:\Users\khval\AppData\Local\Google\Update\1.3.36. 32\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{85D8EE2F-794F-41F0-BB03-49D56A23BEF4}\InprocServer32 → C:\Users\khval\AppData\Local\Google\Update\1.3.36. 112\psuser_64.dll (Google LLC → Google LLC)
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{8B480070-D37D-4090-A063-7A429F849652}\InprocServer32 → C:\Users\khval\AppData\Local\Google\Update\1.3.36. 92\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{BE5C2E39-090F-46A2-AFAA-47540743B4FE}\InprocServer32 → C:\Users\khval\AppData\Local\Google\Update\1.3.36. 102\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{CA8FA699-91CD-412F-9D13-9B1222F4370E}\InprocServer32 → C:\Users\khval\AppData\Local\Google\Update\1.3.36. 82\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{CA919489-0396-4164-A6E7-94CDED45A707}\InprocServer32 → C:\Users\khval\AppData\Local\Google\Update\1.3.36. 52\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67}\InprocServer32 → C:\Users\khval\AppData\Local\Google\Update\1.3.36. 72\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 → C:\Users\khval\AppData\Local\Google\Update\1.3.36. 112\psuser_64.dll (Google LLC → Google LLC)
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 → C:\Users\khval\AppData\Local\Google\Update\1.3.35. 452\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] → {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-13] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] → {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-13] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] → {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-13] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] → {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-13] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] → {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-13] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] → {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-13] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] → {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-13] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] → {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\54.0.2.0\drivefsext.dll [2021-12-14] (Google LLC → Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] → {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\54.0.2.0\drivefsext.dll [2021-12-14] (Google LLC → Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] → {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\54.0.2.0\drivefsext.dll [2021-12-14] (Google LLC → Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] → {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\54.0.2.0\drivefsext.dll [2021-12-14] (Google LLC → Google, Inc.)
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] → {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.d ll [2018-06-12] () [File not signed]
ShellIconOverlayIdentifiers: [00avg] → {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-12-20] (AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] → {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-13] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] → {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-13] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] → {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-13] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] → {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-13] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] → {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-13] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] → {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-13] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] → {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-13] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [00avg] → {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-12-20] (AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [ FileSyncEx] → {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-13] (Microsoft Corporation → Microsoft Corporation)
ContextMenuHandlers1: [AVG] → {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-12-20] (AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [DriveFS 28 or later] → {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\54.0.2.0\drivefsext.dll [2021-12-14] (Google LLC → Google, Inc.)
ContextMenuHandlers1: [ExpressZip] → {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2020-02-09] () [File not signed]
ContextMenuHandlers3: [00avg] → {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-12-20] (AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-12-20] (Malwarebytes Corporation → Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] → {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.d ll [2018-06-12] () [File not signed]
ContextMenuHandlers4: [ FileSyncEx] → {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-13] (Microsoft Corporation → Microsoft Corporation)
ContextMenuHandlers4: [DriveFS 28 or later] → {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\54.0.2.0\drivefsext.dll [2021-12-14] (Google LLC → Google, Inc.)
ContextMenuHandlers5: [ FileSyncEx] → {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-13] (Microsoft Corporation → Microsoft Corporation)
ContextMenuHandlers5: [DriveFS 28 or later] → {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\54.0.2.0\drivefsext.dll [2021-12-14] (Google LLC → Google, Inc.)
ContextMenuHandlers6: [AVG] → {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-12-20] (AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [ExpressZip] → {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2020-02-09] () [File not signed]
ContextMenuHandlers6: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-12-20] (Malwarebytes Corporation → Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-02-09 14:47 - 2020-02-09 14:47 - 000105984 _____ () [File not signed] C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll
2021-11-19 10:18 - 2021-11-19 10:18 - 000160768 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRI DGECommon\583798f50694715597421dd6deff86a1\BRIDGEC ommon.ni.dll
2021-10-20 23:47 - 2021-10-20 23:47 - 000125440 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Bri dgeExtension\517d4563e6713f9f29f785c62c355cb9\Brid geExtension.ni.dll
2021-11-19 10:19 - 2021-11-19 10:19 - 000395264 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Cle anStartController\1219309d43759bc709c5c30e62094511 \CleanStartController.ni.dll
2021-10-20 23:48 - 2021-10-20 23:48 - 000138240 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Int erop.IWs06dcaa36#\92637a3c2065a1153c4f965968887fe1 \Interop.IWshRuntimeLibrary.ni.dll
2021-10-20 23:47 - 2021-10-20 23:47 - 000079872 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Nat iveInterop\1163f17ba3397a90506b2508409991b2\Native Interop.ni.dll
2021-10-20 23:47 - 2021-10-20 23:47 - 000145920 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Reg istratio4eabc192#\cfa10861f3b1cc7c2258d939086c8a00 \RegistrationUtilities.ni.dll
2021-10-20 23:48 - 2021-10-20 23:48 - 000134656 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Har dcodet.W6cab32f3#\5f1fd4492ede1ca24611f23f2df7e520 \Hardcodet.Wpf.TaskbarNotification.ni.dll
2020-06-19 23:19 - 2020-06-19 23:19 - 000014336 _____ (HP Inc.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1. 2.11.0_x64__v10z8vjag6ke6\SystemEventUtility\Nativ eRpcClient.DLL
2021-10-20 23:47 - 2021-10-20 23:47 - 000136192 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Com monPortable\943da466a85888702f29d16b3db61ec0\Commo nPortable.ni.dll
2018-06-12 21:01 - 2018-06-12 21:01 - 000125952 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsService Api.dll
2021-10-20 23:48 - 2021-10-20 23:48 - 001701888 _____ (Mark Heath & Contributors) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAu dio\3261e6eb39c8964c36ff26b92e490c1f\NAudio.ni.dll
2017-11-14 14:48 - 2017-11-14 14:48 - 001017856 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\dbghelp.dll
2021-10-20 23:48 - 2021-10-20 23:48 - 003060736 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\New tonsoft.Json\030e697f36d1cf7be451e81623dd8262\Newt onsoft.Json.ni.dll
2021-10-20 23:46 - 2021-10-20 23:46 - 002306560 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\New tonsoft.Json\6315237efcbff0bc3974b0bb2ba7b1a1\Newt onsoft.Json.ni.dll
2019-01-18 10:06 - 2019-01-18 10:06 - 000023040 _____ (Synaptics Incorporated.) [File not signed] C:\Program Files\WindowsApps\RealtekSemiconductorCorp.HPAudio Control_1.2.173.0_x64__dt26b99r8h8gj\SynAudSrvDll. dll
2021-10-20 23:48 - 2021-10-20 23:48 - 000793088 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log 4net\080b5521fcdbb4c7192f671464274f9b\log4net.ni.d ll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\avgSP.sys => “”=“Driver”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\avgSP.sys => “”=“Driver”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => “”=“Service”

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=fes_yfp_chr_nt_yfp2&type=wnf_nptdwxol_20_37_ss g00
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM → {A609F214-C053-4F92-8D20-9C9E3FD4B147} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 → {A609F214-C053-4F92-8D20-9C9E3FD4B147} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001 → {6070aaf0-4487-49b5-9583-c51f7316c6ff} URL = hxxps://securesearch.org?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001 → {A609F214-C053-4F92-8D20-9C9E3FD4B147} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: HP Network Check Helper → {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} → C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckP luginx64.dll [2021-12-14] (HP Inc. → HP Inc.)
BHO-x32: HP Network Check Helper → {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} → C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckP lugin.dll [2021-12-14] (HP Inc. → HP Inc.)
Handler-x32: intu-help-qb12 - {665F2BD4-8216-400B-9706-865D2B771E27} - C:\Program Files (x86)\Intuit\QuickBooks 2019\HelpAsyncPluggableProtocol.dll [2021-09-17] (Intuit, Inc. → Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2019-12-07] (Microsoft Windows → Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU.DEFAULT...\localhost → localhost
IE trusted site: HKU.DEFAULT...\webcompanion.com → hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001...\localhost → localhost
IE trusted site: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001...\webcompanion.com → hxxp://webcompanion.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 00:31 - 2018-09-15 00:31 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Control Panel\Desktop\Wallpaper → C:\Users\khval\OneDrive\Desktop\juniperbooch.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3E44C9FD-AB53-49C0-9375-B005C4E096A1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{73ED9341-0280-4F7B-BF3D-41F548DA3286}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{67DAE8E5-61CE-4072-902C-6FFBA989304D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{72AA2F26-85CB-4B5E-8F6A-8CBD84681421}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{CDC8530E-50D6-4E97-914F-610CA66D9765}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc → HP Inc.)
FirewallRules: [{CAFF5CA6-8465-481A-AFAA-DD1DCE44B5E8}] => (Allow) LPort=5357
FirewallRules: [{C8F0D69D-74C3-4F33-B747-5A3A3612F256}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\Bin\DeviceSetup.exe (HP Inc → HP Inc.)
FirewallRules: [{D27D481C-871C-428D-BA2F-2120D078D4B3}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\bin\FaxPrinterUtility.exe (HP Inc → HP Inc.)
FirewallRules: [{AEBA2185-B3DA-479D-BA25-DF70C707FA39}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\bin\SendAFax.exe (HP Inc → HP Inc.)
FirewallRules: [{6214A0D6-2F85-41FC-92A1-A9069EA65C4D}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\bin\DigitalWizards.exe (HP Inc → HP Inc.)
FirewallRules: [{B7027DBC-D27A-43AD-8579-81DD0FC48C57}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\bin\FaxApplications.exe (HP Inc → HP Inc.)
FirewallRules: [{259A39A7-209E-4255-B7BC-849266D68DC1}] => (Allow) C:\Users\khval\AppData\Roaming\Zoom\bin\airhost.ex e => No File
FirewallRules: [{76B6D491-CFAF-4311-8182-7819837BCED8}] => (Allow) C:\Users\khval\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. → Zoom Video Communications, Inc.)
FirewallRules: [{F1769024-6712-4396-A096-738ABD52E3A1}] => (Block) C:\program files (x86)\starcraft\x86_64\starcraft.exe (Blizzard Entertainment, Inc. → Blizzard Entertainment)
FirewallRules: [{3F67C76D-477C-4D52-95F1-9445419AFEB1}] => (Block) C:\program files (x86)\starcraft\x86_64\starcraft.exe (Blizzard Entertainment, Inc. → Blizzard Entertainment)
FirewallRules: [UDP Query User{8A7BB2C8-5A62-4073-86D5-A05F2AEFEE21}C:\program files (x86)\starcraft\x86_64\starcraft.exe] => (Allow) C:\program files (x86)\starcraft\x86_64\starcraft.exe (Blizzard Entertainment, Inc. → Blizzard Entertainment)
FirewallRules: [TCP Query User{2F25C5D1-AA3A-4AE2-B37B-16F4F4932446}C:\program files (x86)\starcraft\x86_64\starcraft.exe] => (Allow) C:\program files (x86)\starcraft\x86_64\starcraft.exe (Blizzard Entertainment, Inc. → Blizzard Entertainment)
FirewallRules: [{07B5228F-097A-4C2F-91A2-5C984C8CDA5F}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation → )
FirewallRules: [{1DEF9FCD-B668-49FC-831E-1F03EBDBD31C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation → Mozilla Corporation)
FirewallRules: [{014B2C47-683C-4385-93A0-699C14508B70}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation → Mozilla Corporation)
FirewallRules: [TCP Query User{7420BA45-4C8C-474D-AD22-F904F8FC48D3}C:\users\khval\appdata\roaming\spotif y\spotify.exe] => (Allow) C:\users\khval\appdata\roaming\spotify\spotify.exe (Spotify AB → Spotify Ltd)
FirewallRules: [UDP Query User{EA4F6471-2A93-4FD7-87AB-DF7F84251AA6}C:\users\khval\appdata\roaming\spotif y\spotify.exe] => (Allow) C:\users\khval\appdata\roaming\spotify\spotify.exe (Spotify AB → Spotify Ltd)
FirewallRules: [{83591743-BC0A-45D0-B959-DC27946057EA}] => (Block) C:\users\khval\appdata\roaming\spotify\spotify.exe (Spotify AB → Spotify Ltd)
FirewallRules: [{F1E0EFD7-5C5B-40CB-B5F6-506440FD7A93}] => (Block) C:\users\khval\appdata\roaming\spotify\spotify.exe (Spotify AB → Spotify Ltd)
FirewallRules: [TCP Query User{737D3CE6-7DA0-4B88-99DD-879F712D8F25}C:\program files (x86)\toolkit\toolkit.exe] => (Allow) C:\program files (x86)\toolkit\toolkit.exe (SEAGATE TECHNOLOGY LLC → Seagate Technology LLC)
FirewallRules: [UDP Query User{9732A1A1-65B4-401F-8F9D-C701550D754F}C:\program files (x86)\toolkit\toolkit.exe] => (Allow) C:\program files (x86)\toolkit\toolkit.exe (SEAGATE TECHNOLOGY LLC → Seagate Technology LLC)
FirewallRules: [{5487739D-B582-454A-9D35-3D0BA788413D}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe => No File
FirewallRules: [{29FECEAF-B610-4099-9406-643542782D76}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe => No File
FirewallRules: [{281984C2-D197-45AD-88EC-F813A10E2F5F}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DaVinciPanelDaemon.exe => No File
FirewallRules: [{C74CEE7F-2A95-4635-8338-9096A6C0339E}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe => No File
FirewallRules: [{2F75817B-4DCB-4E67-BB88-66640BB87122}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe => No File
FirewallRules: [{764467C8-70FC-44CD-BCF7-749C19C1EE42}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe => No File
FirewallRules: [{7019AD4E-E682-4435-BF50-C289D9B53AEF}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => No File
FirewallRules: [{788E1E32-09F4-4386-A631-42D37F0E9C14}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\fuscript.exe => No File
FirewallRules: [{51CE0DAC-48D5-4452-9474-1E0E0932C8DC}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe => No File
FirewallRules: [{A7FC854F-0061-4B38-9A8E-DB48ABAE2A8F}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe => No File
FirewallRules: [TCP Query User{6A89AA2A-C578-4F5B-B812-79EFAE84122B}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Block) C:\program files\blackmagic design\davinci resolve\resolve.exe => No File
FirewallRules: [UDP Query User{0A835FB1-6A4C-49A1-81E3-E2DA32E998A4}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Block) C:\program files\blackmagic design\davinci resolve\resolve.exe => No File
FirewallRules: [{14B25BCD-6865-4596-93E4-D377BFE96CE6}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2019\CefSharp.BrowserSubprocess.exe (The CefSharp Authors) [File not signed]
FirewallRules: [{1BB51060-12C9-4356-8B9C-2FED1A471D24}] => (Allow) C:\Program Files\AVG\Driver Updater\DriverUpdUI.exe (AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.)
FirewallRules: [{82832C11-D557-4FB7-96AC-3D868F4A96C4}] => (Allow) C:\Program Files\AVG\Driver Updater\DriverUpdUI.exe (AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.)
FirewallRules: [{12789B11-867D-4838-9F40-2C0FC267950E}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.)
FirewallRules: [{376D6B80-627D-4AB3-BEF7-C98F63C25B60}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.)
FirewallRules: [{2B40B7D9-B322-4CBF-9B2B-8DB5C57FB0E5}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2019\CefSharp.BrowserSubprocess.exe (The CefSharp Authors) [File not signed]
FirewallRules: [{9E856D41-21A2-41F9-AF19-594A09C12094}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.)
FirewallRules: [{113CFB63-4162-4DC4-9300-EC42B8A18D6B}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.)
FirewallRules: [{57489B3B-197D-4562-9570-9D51A7FB4DA4}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.)
FirewallRules: [{E60CAD0C-0AE5-4ADE-BDFE-6063998C9F68}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.)
FirewallRules: [{AEB60653-8EBC-4C7A-8D34-E0F161C50E22}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{4A08B513-31B3-4FF9-917C-2A11F0D18098}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{744C25F5-8B25-47F2-A48A-9BBC991856F8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{4A09A2EE-A1CE-479E-AFC0-456D7E4725F4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{57EF2E79-A5BE-404A-8762-2C8F85965C08}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC → Google LLC)
FirewallRules: [{3ED23422-2489-4626-87A9-F7A97CE5364A}] => (Allow) C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe (Piriform Software Ltd → Piriform Software)
FirewallRules: [{DE9FC060-DAA1-422C-8B53-A69DC65C2C54}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.)
FirewallRules: [{9B4EDE75-B507-4F89-B28A-698303C95413}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC → AVG Technologies CZ, s.r.o.)
FirewallRules: [{8FBF5938-8511-4919-B484-9A5C7C338657}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook _16051.14701.20262.0_x86__8wekyb3d8bbwe\Office16\O UTLOOK.exe (Microsoft Corporation → Microsoft Corporation)

==================== Restore Points =========================

19-12-2021 08:58:21 Windows Modules Installer
04-01-2022 10:56:08 Removed Backup and Sync from Google

==================== Faulty Device Manager Devices ============

Name: System Firmware
Description: System Firmware
Class Guid: {f2e7dd72-6468-4e36-b6f1-6488f42c1b52}
Manufacturer: HP Inc.
Service:
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click “Update Driver” to update the drivers for this device.
On the “General Properties” tab of the device, click “Troubleshoot” to start the troubleshooting wizard.

==================== Event log errors: ========================
[HEADING=1]Application errors:[/HEADING]
Error: (01/11/2022 09:31:10 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in “QuickBooks Desktop Pro 2019”:
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:‘src\connpool.cpp’ at line 1042 from function:‘DBMgr:BConnPool::init’

Error: (01/11/2022 09:31:10 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in “QuickBooks Desktop Pro 2019”:
Connection String:CON=QBConnectionPool-Probe-QB_data_engine_29; ;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\C ompany Files\Kundali Kombucha.qbw;ENG=QB_data_engine_29;DBN=7e2af2dad32 540c08c0f70806d747dee

Error: (01/11/2022 09:31:10 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in “QuickBooks Desktop Pro 2019”:
Connection Error:Invalid user ID or password

Error: (01/11/2022 09:31:06 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in “QuickBooks Desktop Pro 2019”:
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:‘src\connpool.cpp’ at line 1042 from function:‘DBMgr:BConnPool::init’

Error: (01/11/2022 09:31:06 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in “QuickBooks Desktop Pro 2019”:
Connection String:CON=QBConnectionPool-Probe-QB_data_engine_29; ;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\C ompany Files\Kundali Kombucha.qbw;ENG=QB_data_engine_29;DBN=fdc68058284 a48d2aa09a5cdd990c1f2

Error: (01/11/2022 09:31:06 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in “QuickBooks Desktop Pro 2019”:
Connection Error:Invalid user ID or password

Error: (01/11/2022 09:22:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname LAPTOP-OH5CF8OA.local already in use; will try LAPTOP-OH5CF8OA-2.local instead

Error: (01/11/2022 09:22:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister 4 LAPTOP-OH5CF8OA.local. Addr 10.0.0.95
[HEADING=1]System errors:[/HEADING]
Error: (01/11/2022 09:36:45 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.

Error: (01/11/2022 09:23:21 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.

Error: (01/11/2022 09:21:41 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPSysInfoCap service.

Error: (01/05/2022 12:35:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.

Error: (01/04/2022 11:14:12 AM) (Source: googledrivefs3525) (EventID: 2) (User: )
Description: The driver version of the disk does not match.

Error: (12/23/2021 03:02:04 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (12/23/2021 03:02:04 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (12/23/2021 03:02:03 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

==================== Memory info ===========================

BIOS: Insyde F.07 12/11/2018
Motherboard: HP 84C0
Processor: Intel(R) Core™ i5-8265U CPU @ 1.60GHz
Percentage of memory in use: 81%
Total physical RAM: 8079.3 MB
Available physical RAM: 1508.2 MB
Total Virtual: 12546.38 MB
Available Virtual: 2284.66 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:930.28 GB) (Free:830.39 GB) NTFS
Drive g: (Google Drive) (Fixed) (Total:15 GB) (Free:10.71 GB) FAT32

\?\Volume{8c56e236-a086-4de7-8ff4-ce3b2b78d37e}\ () (Fixed) (Total:0.96 GB) (Free:0.13 GB) NTFS
\?\Volume{0371b469-1b5f-488d-ad9e-8d94e5d312e0}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32

==================== MBR & Partition Table ====================

================================================== ========
Disk: 0 (Size: 931.5 GB) (Disk ID: D094F5B8)

Partition: GPT.

==================== End of Addition.txt =======================

First thing I would suggest is to remove AVG from your machine. It is known to slow a computer to a crawl.
First remove it from add remove programs. Then run the removal tool.

Make certain to uninstall AVG Driver Updater as well, driver updating tools are essentially snake oil.

Secondly, you have a large amount of unnecessary start ups. Once you have rebooted after running the AVG removal tool, make sure that windows defender is enabled. Then disable startup items with CCleaner, which you already have installed.
[ol]
[li]Download CCleaner from here.[/li][li]After installing click options.[/li][li]Go to monitoring.[/li][li]Uncheck all monitoring items.[/li][li]Go to advanced tab – Click close program after cleaning.[/li][li]Go to settings – Click run Ccleaner when the computer starts.[/li][li]Now that you have Ccleaner installed and set-up:[/li][li]Open the program.[/li][li]Go to Tools[/li][li]Go to Startup[/li][li]Now double click each item. To Disable.[/li][li]Leave only your antivirus enabled & the programs mentioned before.[/li][li]Then disable All items in your Scheduled Task as well.[/li][li]Unless they are related to Windows Defender – Or your Antivirus.[/li]
[/ol]
FRST Fix.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

RogueKiller by Tigzy

[ul]
[li]Download RogueKiller and save it to your desktop[/li][li]Close all running programs[/li][li]Right click on the icon and select Run as Administrator[/li][li]For Windows XP simply double click on the icon[/li][li]The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button[/li][li]Click Scan[/li][li]If, during the scan, you receive a request to upload a file to Virustotal please click Yes[/li][li]A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.[/li][li]If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won’t run, rename it winlogon.exe (or winlogon.com) and try again[/li][li]Copy and paste the contents of the report in your reply[/li][/ul]

[HEADING=1]Fix result of Farbar Recovery Scan Tool (x64) Version: 15-01-2022
Ran by khval (17-01-2022 16:57:59) Run:1
Running from C:\Users\khval\OneDrive\Desktop
Loaded Profiles: khval
Boot Mode: Normal[/HEADING]
fixlist content:

---

HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
SearchScopes: HKLM → {A609F214-C053-4F92-8D20-9C9E3FD4B147} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 → {A609F214-C053-4F92-8D20-9C9E3FD4B147} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
FirewallRules: [{3E44C9FD-AB53-49C0-9375-B005C4E096A1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{73ED9341-0280-4F7B-BF3D-41F548DA3286}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{67DAE8E5-61CE-4072-902C-6FFBA989304D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{72AA2F26-85CB-4B5E-8F6A-8CBD84681421}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{259A39A7-209E-4255-B7BC-849266D68DC1}] => (Allow) C:\Users\khval\AppData\Roaming\Zoom\bin\airhost.ex e => No File
FirewallRules: [{5487739D-B582-454A-9D35-3D0BA788413D}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe => No File
FirewallRules: [{29FECEAF-B610-4099-9406-643542782D76}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe => No File
FirewallRules: [{281984C2-D197-45AD-88EC-F813A10E2F5F}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DaVinciPanelDaemon.exe => No File
FirewallRules: [{C74CEE7F-2A95-4635-8338-9096A6C0339E}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe => No File
FirewallRules: [{2F75817B-4DCB-4E67-BB88-66640BB87122}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe => No File
FirewallRules: [{764467C8-70FC-44CD-BCF7-749C19C1EE42}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe => No File
FirewallRules: [{7019AD4E-E682-4435-BF50-C289D9B53AEF}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => No File
FirewallRules: [{788E1E32-09F4-4386-A631-42D37F0E9C14}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\fuscript.exe => No File
FirewallRules: [{51CE0DAC-48D5-4452-9474-1E0E0932C8DC}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe => No File
FirewallRules: [{A7FC854F-0061-4B38-9A8E-DB48ABAE2A8F}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe => No File
FirewallRules: [TCP Query User{6A89AA2A-C578-4F5B-B812-79EFAE84122B}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Block) C:\program files\blackmagic design\davinci resolve\resolve.exe => No File
FirewallRules: [UDP Query User{0A835FB1-6A4C-49A1-81E3-E2DA32E998A4}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Block) C:\program files\blackmagic design\davinci resolve\resolve.exe => No File

---

HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{A609F214-C053-4F92-8D20-9C9E3FD4B147} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes{A609F214-C053-4F92-8D20-9C9E3FD4B147} => removed successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\{3E44C9 FD-AB53-49C0-9375-B005C4E096A1}” => removed successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\{73ED93 41-0280-4F7B-BF3D-41F548DA3286}” => removed successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\{67DAE8 E5-61CE-4072-902C-6FFBA989304D}” => removed successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\{72AA2F 26-85CB-4B5E-8F6A-8CBD84681421}” => removed successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\{259A39 A7-209E-4255-B7BC-849266D68DC1}” => removed successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\{548773 9D-B582-454A-9D35-3D0BA788413D}” => removed successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\{29FECE AF-B610-4099-9406-643542782D76}” => removed successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\{281984 C2-D197-45AD-88EC-F813A10E2F5F}” => removed successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\{C74CEE 7F-2A95-4635-8338-9096A6C0339E}” => removed successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\{2F7581 7B-4DCB-4E67-BB88-66640BB87122}” => removed successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\{764467 C8-70FC-44CD-BCF7-749C19C1EE42}” => removed successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\{7019AD 4E-E682-4435-BF50-C289D9B53AEF}” => removed successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\{788E1E 32-09F4-4386-A631-42D37F0E9C14}” => removed successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\{51CE0D AC-48D5-4452-9474-1E0E0932C8DC}” => removed successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\{A7FC85 4F-0061-4B38-9A8E-DB48ABAE2A8F}” => removed successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\TCP Query User{6A89AA2A-C578-4F5B-B812-79EFAE84122B}C:\program files\blackmagic design\davinci resolve\resolve.exe” => removed successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\UDP Query User{0A835FB1-6A4C-49A1-81E3-E2DA32E998A4}C:\program files\blackmagic design\davinci resolve\resolve.exe” => removed successfully

==== End of Fixlog 16:57:59 ====

Program : RogueKiller Anti-Malware
Version : 15.1.5.0
x64 : Yes
Program Date : Dec 15 2021
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : Support Form | Contact • Adlice Software
Website : Free Virus Cleaner | RogueKiller AntiMalware • Adlice Software
Operating System : Windows 10 (10.0.19043) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : khval
User is Admin : Yes
Date : 2022/01/18 00:19:08
Type : Removal
Aborted : No
Scan Mode : Standard
Duration : 866
Found items : 5
Total scanned : 68459
Signatures Version : 20220117_133235
Truesight Driver : Yes
Updates Count : 4

************************* Warnings *************************

************************* Removal *************************
[PUP.WinZipDiskTools (Potentially Malicious)] HKEY_USERS.DEFAULT\Software\Nico Mak Computing – → Deleted
[+] scan_what : 2
[+] vendors : PUP.WinZipDiskTools
[+] Name : HKEY_USERS.DEFAULT\Software\Nico Mak Computing
[+] Type : Registry
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 0
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[PUP.WinZipDiskTools (Potentially Malicious)] HKEY_USERS\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\Nico Mak Computing – → Deleted
[+] scan_what : 2
[+] vendors : PUP.WinZipDiskTools
[+] Name : HKEY_USERS\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\Nico Mak Computing
[+] Type : Registry
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 1
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[PUP.WinZipDiskTools (Potentially Malicious)] HKEY_USERS\S-1-5-18\Software\Nico Mak Computing – → Deleted
[+] scan_what : 2
[+] vendors : PUP.WinZipDiskTools
[+] Name : HKEY_USERS\S-1-5-18\Software\Nico Mak Computing
[+] Type : Registry
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 2
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[PUM.SearchEngine (Potentially Malicious)] default_search_provider_data.template_url_data.key word – bing® → Deleted
[+] scan_what : 2
[+] vendors : PUM.SearchEngine
[+] Name : default_search_provider_data.template_url_data.key word
[+] value : bing®
[+] Type : Browser
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 4
[+] id : 3
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[PUM.SearchPage (Potentially Malicious)] default_search_provider_data.template_url_data.sug gestions_url – http://api.bing.com/qsml.aspx?query= {searchTerms} → Deleted
[+] scan_what : 2
[+] vendors : PUM.SearchPage
[+] Name : default_search_provider_data.template_url_data.sug gestions_url
[+] value : http://api.bing.com/qsml.aspx?query= {searchTerms}
[+] Type : Browser
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 4
[+] id : 4
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

How is your machine running now?

Download AdwCleaner and save it to your Desktop
[ul]
[li]Right-click on AdwCleaner.exeand select[/li][IMG alt=“Spcusrh.png”]https://i.imgur.com/Spcusrh.png
Run as Administrator
[li]Accept the EULA (I accept), then click on Scan Now[/li][li]Let the scan complete[/li][li]Once the scan completes, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button[/li][li]Subsequently you may be asked to Run Basic Repair. This is optional. I would suggest holding off on this for now.[/li][li]Once the cleaning process is complete, AdwCleaner will ask you to restart your computer[/li][li]Close all other open windows and allow it to restart[/li][li]After the restart, Notepad will open with the AdwCleaner cleaning log[/li][li]Please copy and paste the contents of that log into your next reply to me[/li][/ul]
HijackThis.

1- Please click HERE to download HijackThis.
2- Run the program.
3- Click on the Main Menu button if not already there.
4- Select Do a system scan and save a logfile.
5- Copy paste the log here.[/IMG]

It’s definitely running a lot better, thank you! Start-up is as it should be and everything else seems to be much faster. No lags except sometimes when opening Microsoft Edge.
[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Malwarebytes AdwCleaner 8.3.1.0[/HEADING]
[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Build: 11-18-2021[/HEADING]
[HEADING=1]Database: 2021-12-02.1 (Cloud)[/HEADING]
[HEADING=1]Support: https://www.malwarebytes.com/support[/HEADING]
[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Mode: Clean[/HEADING]
[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Start: 01-18-2022[/HEADING]
[HEADING=1]Duration: 00:00:28[/HEADING]
[HEADING=1]OS: Windows 10 Home[/HEADING]
[HEADING=1]Cleaned: 49[/HEADING]
[HEADING=1]Failed: 0[/HEADING]
***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\ProgramData\SecuritySuite
Deleted C:\Users\khval\AppData\Roaming\download Manager

***** [ Files ] *****

Deleted C:\Users\khval\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Search Powered by Yahoo!.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes{6070aaf0-4487-49b5-9583-c51f7316c6ff}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run |Web Companion
Deleted HKCU\Software\SSProtect
Deleted HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\c om.totalav.passwordvaultassistant
Deleted HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.tot alav.passwordvaultassistant
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKLM\System\Setup\FirstBoot\Services\WCAssistantSe rvice
Deleted HKU.DEFAULT\Software\Microsoft\Windows\CurrentVers ion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKU.DEFAULT\Software\Mozilla\NativeMessagingHosts\ com.webcompanion.native
Deleted HKU\S-1-5-18\SOFTWARE\Mozilla\NativeMessagingHosts\com.webco mpanion.native
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings\ZoneMap\Domains\webcompanion.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.HPAudioSwitch Folder C:\Program Files (x86)\HP\HPAUDIOSWITCH
Deleted Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{6608670 6-C370-4299-A193-DB734EB0DA61}
Deleted Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPAudioS witch
Deleted Preinstalled.HPAudioSwitch Task C:\Windows\System32\Tasks\HPAUDIOSWITCH
Deleted Preinstalled.HPCleanFLC Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run32|HPSEU_Host_Launcher
Deleted Preinstalled.HPCleanFLC Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run|HPSEU_Host_Launcher
Deleted Preinstalled.HPCleanFLC Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Run |HPSEU_Host_Launcher
Deleted Preinstalled.HPJumpStartApps Folder C:\Program Files (x86)\HP\HP JUMPSTART APPS
Deleted Preinstalled.HPJumpStartApps Registry HKLM\Software\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\HP JumpStart Apps
Deleted Preinstalled.HPJumpStartBridge Folder C:\Program Files (x86)\HP\HP JUMPSTART BRIDGE
Deleted Preinstalled.HPJumpStartLaunch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{72C011E 9-5866-49B4-A1CE-9DBB8FE8AAF1}
Deleted Preinstalled.HPJumpStartLaunch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPJumpSt artLaunch
Deleted Preinstalled.HPJumpStartLaunch Task C:\Windows\System32\Tasks\HPJUMPSTARTLAUNCH
Deleted Preinstalled.HPRegistrationService Folder C:\Program Files (x86)\HP\HP REGISTRATION SERVICE
Deleted Preinstalled.HPRegistrationService Folder C:\ProgramData\HP\HP REGISTRATION SERVICE
Deleted Preinstalled.HPSupportAssistant Folder C:\HP\SUPPORT
Deleted Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\Users\khval\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\Users\khval\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\Classes\CLSID{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{F322B446-B157-4257-B44F-4F22D41F8EDB}
Deleted Preinstalled.HPSureConnect Folder C:\Program Files\HPCOMMRECOVERY
Deleted Preinstalled.HPSureConnect Registry HKLM\Software\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{6468C4A5-E47E-405F-B675-A70A70983EA6}
Deleted Preinstalled.HPTouchpointAnalyticsClient Folder C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT
Deleted Preinstalled.HPTouchpointAnalyticsClient Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uni nstall{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}
Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES

---

[+] Delete Tracing Keys
[+] Reset Winsock

---

AdwCleaner[S00].txt - [6846 octets] - [18/01/2022 12:11:40]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Logfile of HiJackThis Fork by Alex Dragokas v.2.10.0.16

Platform: x64 Windows 10 (Home), 10.0.19043.1466 (ReleaseId: 2009, 21H1), Service Pack: 0
Time: 18.01.2022 - 12:19 (UTC-07:00)
Language: OS: English (0x409). Display: English (0x409). Non-Unicode: English (0x409)
Elevated: Yes
Ran by: khval (group: Administrators) on LAPTOP-OH5CF8OA, FirstRun: yes

Chrome: 97.0.4692.71
Firefox: 95.0.2.8022
Internet Explorer: 11.0.19041.1202
Default: “C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe” --single-argument %1 (CCleaner Browser)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\CCleaner Browser\Update\1.8.1187.1\CCleanerBrowserCrashHand ler.exe
1 C:\Program Files (x86)\CCleaner Browser\Update\1.8.1187.1\CCleanerBrowserCrashHand ler64.exe
1 C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
1 C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
1 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
1 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
1 C:\Program Files\Blizzard\Bonjour Service\mDNSResponder.exe
1 C:\Program Files\CCleaner\CCleaner64.exe
1 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
1 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
1 C:\Program Files\Google\Drive File Stream\54.0.3.0\crashpad_handler.exe
1 C:\Program Files\HP\HP Officejet 5740 series\Bin\HPNetworkCommunicatorCom.exe
1 C:\Program Files\HP\HP Officejet 5740 series\Bin\ScanToPCActivationApp.exe
1 C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
1 C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
1 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
1 C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
1 C:\Program Files\Microsoft OneDrive\21.245.1128.0002\FileCoAuth.exe
1 C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1. 2.11.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSys temEventUtilityHost.exe
1 C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2111.1 2605.0_x64__8wekyb3d8bbwe\Cortana.exe
1 C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2111.1 2605.0_x64__8wekyb3d8bbwe\Win32Bridge.Server.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21113.36.0 _x64__8wekyb3d8bbwe\YourPhone.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21113.36.0 _x64__8wekyb3d8bbwe\YourPhoneServer\YourPhoneServe r.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe
1 C:\Users\khval\AppData\Roaming\Toolkit\SeagateSecu re\SeagateSecureService.exe
1 C:\Users\khval\OneDrive\Desktop\HiJackThis.exe
1 C:\Windows\explorer.exe
1 C:\Windows\ImmersiveControlPanel\SystemSettings.ex e
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\backgroundTaskHost.exe
1 C:\Windows\System32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\CxAudioSvc.exe
2 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\DriverStore\FileRepository\cui _dch.inf_amd64_dc2a57d591329a30\igfxCUIService.exe
1 C:\Windows\System32\DriverStore\FileRepository\cui _dch.inf_amd64_dc2a57d591329a30\igfxEM.exe
1 C:\Windows\System32\DriverStore\FileRepository\dpt f_cpu.inf_amd64_4a3ae74cfa6c37d6\esif_uf.exe
1 C:\Windows\System32\DriverStore\FileRepository\hpa nalyticscomp.inf_amd64_87bd97ebe57d6f93\x64\Touchp ointAnalyticsClientService.exe
1 C:\Windows\System32\DriverStore\FileRepository\hpc ustomcapcomp.inf_amd64_c702a0363e0b94e9\x64\AppHel perCap.exe
2 C:\Windows\System32\DriverStore\FileRepository\hpc ustomcapcomp.inf_amd64_c702a0363e0b94e9\x64\Bridge Communication.exe
1 C:\Windows\System32\DriverStore\FileRepository\hpc ustomcapcomp.inf_amd64_c702a0363e0b94e9\x64\DiagsC ap.exe
1 C:\Windows\System32\DriverStore\FileRepository\hpc ustomcapcomp.inf_amd64_c702a0363e0b94e9\x64\Networ kCap.exe
1 C:\Windows\System32\DriverStore\FileRepository\hpc ustomcapcomp.inf_amd64_c702a0363e0b94e9\x64\SysInf oCap.exe
1 C:\Windows\System32\DriverStore\FileRepository\ias torac.inf_amd64_ba273d0ffb93e225\RstMwService.exe
1 C:\Windows\System32\DriverStore\FileRepository\igc c_dch.inf_amd64_dc7a0fe3ada1cbf5\OneApp.IGCC.WinSe rvice.exe
1 C:\Windows\System32\DriverStore\FileRepository\iig d_dch.inf_amd64_a2d86d775f73d911\IntelCpHDCPSvc.ex e
1 C:\Windows\System32\DriverStore\FileRepository\iig d_dch.inf_amd64_a2d86d775f73d911\IntelCpHeciSvc.ex e
1 C:\Windows\System32\DriverStore\FileRepository\lms .inf_amd64_fddb643595e0b8d0\LMS.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\ETDCtrl.exe
1 C:\Windows\System32\ETDCtrlHelper.exe
1 C:\Windows\System32\ETDService.exe
1 C:\Windows\System32\ETDTouch.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\ibtsiva.exe
1 C:\Windows\System32\jhi_service.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\MoUsoCoreWorker.exe
1 C:\Windows\System32\oobe\UserOOBEBroker.exe
1 C:\Windows\System32\RtkAudUService64.exe
6 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SECOMN64.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\SettingSyncHost.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
82 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\SynAudSrv.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\unsecapp.exe
2 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
2 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txy ewy\LockApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5 n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuE xperienceHost_cw5n1h2txyewy\StartMenuExperienceHos t.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_ cw5n1h2txyewy\InputApp\TextInputHost.exe
1 C:\Windows\SysWOW64\XtuService.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Default_Page_URL] = MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = Yahoo on osa Yahoo-konsernia.
R0 - HKLM\Software\Microsoft\Internet Explorer\Main: [Default_Page_URL] = MSN
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes{A609F214-C053-4F92-8D20-9C9E3FD4B147}: [SuggestionsURL] = http://asp.assoc-amazon.com/suggestions?q= {searchTerms}&t=hp-us2-vsb-20 - Amazon Search Suggestions
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes{A609F214-C053-4F92-8D20-9C9E3FD4B147}: [SuggestionsURL_JSON] = http://completion.amazon.com/search/...=completion&q= {searchTerms}&search-alias=aps&client=amzn-search-suggestions/9fe582406fb5106f343a84083d78795713c12d68&mkt=1 - Amazon Search Suggestions
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes{A609F214-C053-4F92-8D20-9C9E3FD4B147}: https://= <a href="http://www.amazon.... Sign: 㑥ﱜ

Hijack this log is incomplete, please post entire log…after I check that for any issues, are you happy to call this one solved?

I am content thank you very much for your help!

Logfile of HiJackThis Fork by Alex Dragokas v.2.10.0.16

Platform: x64 Windows 10 (Home), 10.0.19043.1466 (ReleaseId: 2009, 21H1), Service Pack: 0
Time: 18.01.2022 - 13:46 (UTC-07:00)
Language: OS: English (0x409). Display: English (0x409). Non-Unicode: English (0x409)
Elevated: Yes
Ran by: khval (group: Administrators) on LAPTOP-OH5CF8OA, FirstRun: no

Chrome: 97.0.4692.71
Firefox: 95.0.2.8022
Internet Explorer: 11.0.19041.1202
Default: “C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe” --single-argument %1 (CCleaner Browser)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\CCleaner Browser\Update\1.8.1187.1\CCleanerBrowserCrashHand ler.exe
1 C:\Program Files (x86)\CCleaner Browser\Update\1.8.1187.1\CCleanerBrowserCrashHand ler64.exe
1 C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
1 C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
1 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
1 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
1 C:\Program Files\Blizzard\Bonjour Service\mDNSResponder.exe
1 C:\Program Files\CCleaner\CCleaner64.exe
1 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
1 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
1 C:\Program Files\Google\Drive File Stream\54.0.3.0\crashpad_handler.exe
1 C:\Program Files\HP\HP Officejet 5740 series\Bin\HPNetworkCommunicatorCom.exe
1 C:\Program Files\HP\HP Officejet 5740 series\Bin\ScanToPCActivationApp.exe
1 C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
1 C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
1 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
1 C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
1 C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1. 2.11.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSys temEventUtilityHost.exe
1 C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2111.1 2605.0_x64__8wekyb3d8bbwe\Cortana.exe
1 C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2111.1 2605.0_x64__8wekyb3d8bbwe\Win32Bridge.Server.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21113.36.0 _x64__8wekyb3d8bbwe\YourPhone.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21113.36.0 _x64__8wekyb3d8bbwe\YourPhoneServer\YourPhoneServe r.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe
1 C:\Users\khval\AppData\Roaming\Toolkit\SeagateSecu re\SeagateSecureService.exe
1 C:\Users\khval\OneDrive\Desktop\HiJackThis.exe
1 C:\Windows\explorer.exe
1 C:\Windows\ImmersiveControlPanel\SystemSettings.ex e
1 C:\Windows\servicing\TrustedInstaller.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\backgroundTaskHost.exe
1 C:\Windows\System32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\CxAudioSvc.exe
2 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\DriverStore\FileRepository\cui _dch.inf_amd64_dc2a57d591329a30\igfxCUIService.exe
1 C:\Windows\System32\DriverStore\FileRepository\cui _dch.inf_amd64_dc2a57d591329a30\igfxEM.exe
1 C:\Windows\System32\DriverStore\FileRepository\dpt f_cpu.inf_amd64_4a3ae74cfa6c37d6\esif_uf.exe
1 C:\Windows\System32\DriverStore\FileRepository\hpa nalyticscomp.inf_amd64_87bd97ebe57d6f93\x64\Touchp ointAnalyticsClientService.exe
1 C:\Windows\System32\DriverStore\FileRepository\hpc ustomcapcomp.inf_amd64_c702a0363e0b94e9\x64\AppHel perCap.exe
1 C:\Windows\System32\DriverStore\FileRepository\hpc ustomcapcomp.inf_amd64_c702a0363e0b94e9\x64\Bridge Communication.exe
1 C:\Windows\System32\DriverStore\FileRepository\hpc ustomcapcomp.inf_amd64_c702a0363e0b94e9\x64\DiagsC ap.exe
1 C:\Windows\System32\DriverStore\FileRepository\hpc ustomcapcomp.inf_amd64_c702a0363e0b94e9\x64\Networ kCap.exe
1 C:\Windows\System32\DriverStore\FileRepository\hpc ustomcapcomp.inf_amd64_c702a0363e0b94e9\x64\SysInf oCap.exe
1 C:\Windows\System32\DriverStore\FileRepository\ias torac.inf_amd64_ba273d0ffb93e225\RstMwService.exe
1 C:\Windows\System32\DriverStore\FileRepository\igc c_dch.inf_amd64_dc7a0fe3ada1cbf5\OneApp.IGCC.WinSe rvice.exe
1 C:\Windows\System32\DriverStore\FileRepository\iig d_dch.inf_amd64_a2d86d775f73d911\IntelCpHDCPSvc.ex e
1 C:\Windows\System32\DriverStore\FileRepository\iig d_dch.inf_amd64_a2d86d775f73d911\IntelCpHeciSvc.ex e
1 C:\Windows\System32\DriverStore\FileRepository\lms .inf_amd64_fddb643595e0b8d0\LMS.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\ETDCtrl.exe
1 C:\Windows\System32\ETDCtrlHelper.exe
1 C:\Windows\System32\ETDService.exe
1 C:\Windows\System32\ETDTouch.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\ibtsiva.exe
1 C:\Windows\System32\jhi_service.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\MoUsoCoreWorker.exe
1 C:\Windows\System32\oobe\UserOOBEBroker.exe
1 C:\Windows\System32\RtkAudUService64.exe
8 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SECOMN64.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\SettingSyncHost.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
83 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\SynAudSrv.exe
2 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\unsecapp.exe
2 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
2 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txy ewy\LockApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5 n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuE xperienceHost_cw5n1h2txyewy\StartMenuExperienceHos t.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_ cw5n1h2txyewy\InputApp\TextInputHost.exe
1 C:\Windows\SysWOW64\XtuService.exe
1 C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1371_no ne_7e1bd7147c8285b0\TiWorker.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Default_Page_URL] = MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = Yahoo on osa Yahoo-konsernia.
R0 - HKLM\Software\Microsoft\Internet Explorer\Main: [Default_Page_URL] = MSN
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes{A609F214-C053-4F92-8D20-9C9E3FD4B147}: [SuggestionsURL] = http://asp.assoc-amazon.com/suggestions?q= {searchTerms}&t=hp-us2-vsb-20 - Amazon Search Suggestions
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes{A609F214-C053-4F92-8D20-9C9E3FD4B147}: [SuggestionsURL_JSON] = http://completion.amazon.com/search/...=completion&q= {searchTerms}&search-alias=aps&client=amzn-search-suggestions/9fe582406fb5106f343a84083d78795713c12d68&mkt=1 - Amazon Search Suggestions
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes{A609F214-C053-4F92-8D20-9C9E3FD4B147}: https://= <a href="http://www.amazon.... Sign: 夯茄

Hmm.. for some reason it alters the text when I copy and paste the Hijack file into this forum. I’ll attach it here.

Start Hijack this as Admin, check the following, then click the fix,
Reboot your machine.

[ICODE] R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://www.yahoo.com/?fr=fes_yfp_chr_nt_yfp2&type=wnf_nptdwxol_20_37_ss g00 R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A609F214-C053-4F92-8D20-9C9E3FD4B147}: [SuggestionsURL_JSON] = http://completion.amazon.com/search/complete?method=completion&q={searchTerms}&search-alias=aps&client=amzn-search-suggestions/9fe582406fb5106f343a84083d78795713c12d68&mkt=1 - Amazon Search Suggestions R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A609F214-C053-4F92-8D20-9C9E3FD4B147}: = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link_code=qs&index=aps&field-keywords={searchTerms} - Amazon Search Suggestions O4 - HKCU\..\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR O4 - HKCU\..\StartupApproved\Run: [Google Update] = C:\Users\khval\AppData\Local\Google\Update\1.3.36. 112\GoogleUpdateCore.exe (2022/01/17) O7 - TroubleShooting: (EV) HKLM\..\Environment: [ComSpec] = %SystemRoot%\system32\cmd.exe (file missing) O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software (empty) O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Active Health (empty) O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HP\HP Support Assistant (empty) O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Intel (empty) O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NCH Software (empty) O22 - Task: \Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice - C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe /show O22 - Task: \Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report - C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe /send O22 - Task: \Hewlett-Packard\HP Support Assistant\WarrantyChecker - C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChec ker.exe O22 - Task: OneDrive Standalone Update Task-S-1-5-21-1808154218-2302733015-1436819364-500 - C:\Users\khval\AppData\Local\Microsoft\OneDrive\On eDriveStandaloneUpdater.exe (file missing) O22 - Task: OneDrive Standalone Update Task-S-1-5-21-2548962678-2227627121-3813296117-500 - C:\Users\khval\AppData\Local\Microsoft\OneDrive\On eDriveStandaloneUpdater.exe (file missing) O22 - Task: OneDrive Standalone Update Task-S-1-5-21-3668721834-2427212400-3023447321-500 - C:\Users\khval\AppData\Local\Microsoft\OneDrive\On eDriveStandaloneUpdater.exe (file missing) O23 - Service S2: HP Comm Recovery - (HP Comm Recover) - C:\Program Files\HPCommRecovery\HPCommRecovery.exe (file missing) O23 - Service S2: HP JumpStart Bridge - (HPJumpStartBridge) - c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe (file missing) O23 - Service S2: WildTangentHelper - C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe (file missing) [/ICODE]

Download KpRM
Save to Desktop
Check Delete Tools’
Delete Restore points
Create Restore point.
Then click run.
I’ll Mark this as solved for you.

Excellent! Thank you very much! My computer is running like a dream