Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04.04.2024 Ran by user (administrator) on WINDOWS-QSS2PM6 (Dell Inc. OptiPlex 7020) (05-04-2024 10:27:19) Running from C:\Users\user\Downloads\FRST64.exe Loaded Profiles: user Platform: Microsoft Windows 10 Pro Version 22H2 19045.4170 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2> (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.16\avp.exe ->) (AO Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.16\avpui.exe (C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.16\ksde.exe ->) (AO Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.16\ksdeui.exe (C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe (C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtWLan.exe (C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe <8> (C:\Program Files\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe (C:\Program Files\WindowsApps\Microsoft.OutlookForWindows_1.2024.319.300_x64__8wekyb3d8bbwe\olk.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.65\msedgewebview2.exe <6> (C:\Windows\runSW.exe ->) (Realtek Semiconductor Corp. -> Realtek) C:\Windows\SwUSB.exe (cmd.exe ->) (AO Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.16\plugins_nms.exe (DriverStore\FileRepository\c0323693.inf_amd64_ea9ec708f5ac1a71\atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe (explorer.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe <2> (explorer.exe ->) (Corel Corporation -> WinZip Computing) C:\Program Files\WinZip\WzPreloader.exe (explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <39> (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE (explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Grammarly, Inc. -> Grammarly) C:\Users\user\AppData\Local\Grammarly\DesktopIntegrations\Grammarly.Desktop.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <11> (MIXBYTE, INC. -> ) C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0323693.inf_amd64_ea9ec708f5ac1a71\atiesrxx.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe (services.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.16\avp.exe <2> (services.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.16\ksde.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (MIXBYTE, INC. -> Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2> (services.exe ->) (Realtek Semiconductor Corp -> ) C:\Windows\runSW.exe (services.exe ->) (Realtek Semiconductor Corp -> Realtek) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe (sihost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.OutlookForWindows_1.2024.319.300_x64__8wekyb3d8bbwe\olk.exe (svchost.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_tray.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\fodhelper.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.4163_none_7e304ec47c735f2e\TiWorker.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8538872 2016-01-13] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1415928 2016-01-13] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [] => [X] HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [3177544 2023-10-05] (Corel Corporation -> Corel Corporation) HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [189320 2022-04-05] (MIXBYTE, INC. -> ) HKLM\...\RunOnce: [msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}] => C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.65\Installer\setup.exe [7146536 2024-03-31] (Microsoft Corporation -> Microsoft Corporation) HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION HKU\S-1-5-21-4082652602-1411793602-943509856-1003\...\Run: [MicrosoftEdgeAutoLaunch_8714F0D917266FE3AFB7F8BB98EEBC18] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4063800 2024-03-27] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-4082652602-1411793602-943509856-1003\...\Run: [Grammarly] => C:\Users\user\AppData\Local\Grammarly\DesktopIntegrations\Grammarly.Desktop.exe [235104 2024-04-04] (Grammarly, Inc. -> Grammarly) HKLM\...\Windows x64\Print Processors\Canon MP280 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAA.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJ Language Monitor MP280 series: C:\windows\system32\CNMLMAA.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJ Language Monitor MP280 series XPS: C:\windows\system32\CNMXLMAA.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\123.0.6312.88\Installer\chrmstp.exe [2024-04-04] (Google LLC -> Google LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2024-02-23] ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (Corel Corporation -> WinZip Computing) ==================== Scheduled Tasks (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {30C20A5F-1FC0-4C5D-8210-E39F0488DF2E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.) Task: {75F2AE22-7FF0-414B-8983-E07E350A32BA} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem125.0.6386.0{FF1A2D81-50E8-467F-A135-9191400FD24C} => C:\Program Files (x86)\Google\GoogleUpdater\125.0.6386.0\updater.exe [4774176 2024-03-29] (Google LLC -> Google LLC) Task: {09A58D2C-BAF6-4D7B-BE46-C7654BC580AC} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky\upgrade_launcher.exe [726952 2024-03-28] (AO Kaspersky Lab -> AO Kaspersky Lab) Task: {0A61D4FD-02FF-4087-897E-0F3D5029A60E} - System32\Tasks\kpm_tray.exe => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_tray.exe [622168 2021-04-28] (Kaspersky Lab JSC -> AO Kaspersky Lab) Task: {563F7CF4-3983-4763-BBB3-28715A923121} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28491744 2024-03-19] (Microsoft Corporation -> Microsoft Corporation) Task: {FE3D4F5A-EC3A-4DC9-8D2F-3E9D4702E5CA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28491744 2024-03-19] (Microsoft Corporation -> Microsoft Corporation) Task: {0463D1D9-E834-47FA-A4DA-A61DE26D75DC} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [220608 2024-03-19] (Microsoft Corporation -> Microsoft Corporation) Task: {55305891-B24F-442C-B8CA-5C682E5A6881} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [220608 2024-03-19] (Microsoft Corporation -> Microsoft Corporation) Task: {ADB73A83-CA3B-4CA5-BB32-127453F0CCC4} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [671136 2024-04-04] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters). Task: {8AF4B0E8-C62B-49D3-AFFC-762EB8B2B1EE} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-4082652602-1411793602-943509856-1003 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [671136 2024-04-04] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters). Task: {12DA0A0E-C556-4D99-B2B1-A2C47BEED24C} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34720 2024-04-04] (Mozilla Corporation -> Mozilla Foundation) Task: {24F7EF9C-5BF1-4C96-8839-BFA640D44285} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [662464 2018-05-08] (NVIDIA Corporation -> NVIDIA Corporation) Task: {CBB85C2F-72D6-41F6-BAFF-402B91C690C6} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [662464 2018-05-08] (NVIDIA Corporation -> NVIDIA Corporation) Task: {A5C4DC84-E078-4A26-94F4-C57A7F2F87DF} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [510912 2018-05-08] (NVIDIA Corporation -> NVIDIA Corporation) Task: {DC0D5F92-29DC-4E37-9E85-DE0F7C22F227} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [757184 2018-05-08] (NVIDIA Corporation -> NVIDIA Corporation) Task: {39961D58-1672-4B2B-B4AF-B0F0994387F9} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [49032 2017-12-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {EFFE27AB-5216-411E-AD7F-D15407263496} - System32\Tasks\WinZip - Deduplicator - Documents - user => C:\Program Files\WinZip\WzBGTToolsManager64.exe [335456 2023-10-05] (Corel Corporation -> WinZip Computing) Task: {9DCA19DE-D941-443B-9DEB-C678BCE3D5C6} - System32\Tasks\WinZip - Deduplicator - Downloads - user => C:\Program Files\WinZip\WzBGTToolsManager64.exe [335456 2023-10-05] (Corel Corporation -> WinZip Computing) Task: {1CCA1BC5-C9D7-448A-8B26-DB633889873B} - System32\Tasks\WinZip - Deduplicator - Pictures - user => C:\Program Files\WinZip\WzBGTToolsManager64.exe [335456 2023-10-05] (Corel Corporation -> WinZip Computing) Task: {39E5F0B4-E10F-447D-8CDE-02882144D8AA} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [3177544 2023-10-05] (Corel Corporation -> Corel Corporation) Task: {6691DAEE-59FD-441A-828B-33ED3F8FC745} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [3177544 2023-10-05] (Corel Corporation -> Corel Corporation) Task: {E8D3E35B-F4AE-4586-ABCE-E38E27C01C45} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [3177544 2023-10-05] (Corel Corporation -> Corel Corporation) Task: {B3CC4650-B560-4C6F-9FAD-15BF16371A10} - System32\Tasks\WinZip Updater - user => C:\Program Files\WinZip\WzUpdater.exe [446560 2023-10-05] (Corel Corporation -> ) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.18.217 Tcpip\..\Interfaces\{db75d996-26ba-4f8f-8f50-aae42c9f688e}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{de451b20-3c38-4792-ae3f-9de8eb56409d}: [DhcpNameServer] 192.168.18.217 Tcpip\..\Interfaces\{de451b20-3c38-4792-ae3f-9de8eb56409d}\14E64627F696461405: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{de451b20-3c38-4792-ae3f-9de8eb56409d}\D6F647F602768283920207F677562702C69647560213438393: [DhcpNameServer] 192.168.43.106 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default [2024-04-05] Edge HomePage: Default -> about:blank Edge DefaultSearchURL: Default -> {bing:baseURL}search?q={searchTerms}&{bing:cvid}{bing:msb}{google:assistedQueryStats} Edge Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-12] Edge Extension: (Edge relevant text changes) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24] FireFox: ======== FF DefaultProfile: oxi23ew0.default FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\oxi23ew0.default [2021-07-06] FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\hatm12ic.default-release [2024-04-04] FF Homepage: Mozilla\Firefox\Profiles\hatm12ic.default-release -> hxxps://mobilisearch.com/?path=firefox/newtab&u=1de1d269f6ed8122&subid=11119&channel=default FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\hatm12ic.default-release\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2024-03-17] FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-03-27] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2024-02-03] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-02-03] (Microsoft Corporation -> Microsoft Corporation) FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2024-03-28] <==== ATTENTION (Points to *.cfg file) FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2024-03-28] <==== ATTENTION Chrome: ======= CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2024-04-05] CHR Extension: (Kaspersky Protection) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2024-03-28] CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-03-15] CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile [2023-10-18] CHR HKU\S-1-5-21-4082652602-1411793602-943509856-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.) R2 AVP21.16; C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.16\avp.exe [32008 2024-01-12] (Kaspersky Lab JSC -> AO Kaspersky Lab) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14097992 2024-03-19] (Microsoft Corporation -> Microsoft Corporation) R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [87432 2022-04-05] (MIXBYTE, INC. -> Freemake) S2 GoogleUpdaterInternalService125.0.6386.0; C:\Program Files (x86)\Google\GoogleUpdater\125.0.6386.0\updater.exe [4774176 2024-03-29] (Google LLC -> Google LLC) S2 GoogleUpdaterService125.0.6386.0; C:\Program Files (x86)\Google\GoogleUpdater\125.0.6386.0\updater.exe [4774176 2024-03-29] (Google LLC -> Google LLC) R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [234968 2024-03-19] (HP Inc. -> HP Inc.) S3 klvssbridge64_21.16; C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.16\x64\vssbridge64.exe [551848 2024-01-12] (AO Kaspersky Lab -> AO Kaspersky Lab) S3 kpm_launch_service; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe [357272 2021-04-28] (Kaspersky Lab JSC -> AO Kaspersky Lab) R2 KSDE5.16; C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.16\ksde.exe [32008 2024-01-12] (Kaspersky Lab JSC -> AO Kaspersky Lab) R2 RealtekWlanU; C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe [48856 2014-10-09] (Realtek Semiconductor Corp -> Realtek) S2 RTLDHCPService; C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe [262360 2014-10-09] (Realtek Semiconductor Corp -> Realtek) R2 RunSwUSB; C:\Windows\runSW.exe [44760 2021-06-02] (Realtek Semiconductor Corp -> ) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522184 2024-03-21] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\NisSrv.exe [3191272 2024-03-14] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MsMpEng.exe [133688 2024-03-14] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed] S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed] R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [245200 2024-01-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R1 klbackupdisk.K4W-21-16; C:\WINDOWS\system32\DRIVERS\K4W-21-16\klbackupdisk.sys [90544 2024-01-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klbackupflt.K4W-21-16; C:\WINDOWS\System32\DRIVERS\K4W-21-16\klbackupflt.sys [235456 2024-01-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 kldisk.K4W-21-16; C:\WINDOWS\system32\DRIVERS\K4W-21-16\kldisk.sys [108576 2024-01-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [53576 2024-01-12] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab) R1 klflt.K4W-21-16; C:\WINDOWS\system32\DRIVERS\K4W-21-16\klflt.sys [646688 2024-01-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klgse.K4W-21-16; C:\WINDOWS\System32\DRIVERS\K4W-21-16\klgse.sys [824528 2024-03-28] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klhk.K4W-21-16; C:\WINDOWS\system32\DRIVERS\K4W-21-16\klhk.sys [1999568 2024-03-28] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R3 klids.K4W-21-16; C:\ProgramData\Kaspersky Lab\AVP21.16\Bases\klids.sys [245144 2024-03-28] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 KLIF.K4W-21-16; C:\WINDOWS\System32\DRIVERS\K4W-21-16\klif.sys [1365024 2024-01-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [88096 2024-01-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klkbdflt.K4W-21-16; C:\WINDOWS\system32\DRIVERS\K4W-21-16\klkbdflt.sys [96280 2024-01-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R3 klmouflt.K4W-21-16; C:\WINDOWS\system32\DRIVERS\K4W-21-16\klmouflt.sys [91168 2024-01-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klpd.K4W-21-16; C:\WINDOWS\System32\DRIVERS\K4W-21-16\klpd.sys [58400 2024-01-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klpnpflt.K4W-21-16; C:\WINDOWS\system32\DRIVERS\K4W-21-16\klpnpflt.sys [84400 2024-01-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R3 kltun; C:\WINDOWS\system32\DRIVERS\kltun.sys [90032 2024-01-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R0 klupd_K4W-21-16_arkmon; C:\WINDOWS\System32\Drivers\klupd_K4W-21-16_arkmon.sys [384656 2024-03-28] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R3 klupd_K4W-21-16_klark; C:\WINDOWS\System32\Drivers\klupd_K4W-21-16_klark.sys [354640 2024-03-28] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R0 klupd_K4W-21-16_klbg; C:\WINDOWS\System32\Drivers\klupd_K4W-21-16_klbg.sys [183120 2024-03-28] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R3 klupd_K4W-21-16_mark; C:\WINDOWS\System32\Drivers\klupd_K4W-21-16_mark.sys [262712 2024-03-28] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klwtp.K4W-21-16; C:\WINDOWS\system32\DRIVERS\K4W-21-16\klwtp.sys [515096 2024-01-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 kneps.K4W-21-16; C:\WINDOWS\system32\DRIVERS\K4W-21-16\kneps.sys [337840 2024-01-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [6737256 2020-08-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R0 stdcfltn; C:\WINDOWS\System32\DRIVERS\stdcfltn.sys [23216 2015-01-09] (STMicroelectronics -> ST Microelectronics) S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [41008 2021-03-30] (McAfee, LLC. -> The OpenVPN Project) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [20928 2024-03-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [603416 2024-03-14] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105752 2024-03-14] (Microsoft Windows -> Microsoft Corporation) S3 cpuz153; \??\C:\WINDOWS\temp\cpuz153\cpuz153_x64.sys [X] <==== ATTENTION ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Three months (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2024-04-05 10:27 - 2024-04-05 10:28 - 000026545 _____ C:\Users\user\Downloads\FRST.txt 2024-04-05 10:25 - 2024-04-05 10:27 - 000000000 ____D C:\FRST 2024-04-05 10:23 - 2024-04-05 10:24 - 002393088 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe 2024-04-05 10:21 - 2024-04-05 10:21 - 002091520 _____ (Farbar) C:\Users\user\Downloads\FRST.exe 2024-04-04 13:33 - 2024-04-04 13:33 - 000016092 _____ C:\Users\user\Downloads\transactions (4).csv 2024-04-04 13:28 - 2024-04-04 13:28 - 000002185 _____ C:\Users\user\Downloads\5435 6830 0118 2093_transaction_04_04_2024.csv 2024-04-04 13:23 - 2024-04-04 13:23 - 000000881 _____ C:\Users\user\Downloads\CSVData (34).csv 2024-04-04 13:22 - 2024-04-04 13:22 - 000008579 _____ C:\Users\user\Downloads\CSVData.csv 2024-04-04 12:37 - 2024-04-04 14:23 - 000000000 ____D C:\Program Files\Mozilla Firefox 2024-04-04 09:48 - 2024-04-04 09:48 - 000000000 ____D C:\WINDOWS\system32\Tasks\GoogleSystem 2024-04-02 20:37 - 2024-04-02 20:37 - 000147763 _____ C:\Users\user\Downloads\invoice (24).pdf 2024-04-02 20:37 - 2024-04-02 20:37 - 000147680 _____ C:\Users\user\Downloads\invoice (23).pdf 2024-04-02 20:37 - 2024-04-02 20:37 - 000147668 _____ C:\Users\user\Downloads\invoice (22).pdf 2024-04-02 20:37 - 2024-04-02 20:37 - 000147651 _____ C:\Users\user\Downloads\invoice (26).pdf 2024-04-02 20:37 - 2024-04-02 20:37 - 000147575 _____ C:\Users\user\Downloads\invoice (21).pdf 2024-04-02 20:37 - 2024-04-02 20:37 - 000147320 _____ C:\Users\user\Downloads\invoice (25).pdf 2024-04-02 20:37 - 2024-04-02 20:37 - 000147244 _____ C:\Users\user\Downloads\invoice (17).pdf 2024-04-02 20:35 - 2024-04-02 20:35 - 000256942 _____ C:\Users\user\Downloads\origin-statement-2024-04-01.pdf 2024-03-28 11:42 - 2024-03-28 11:42 - 000000000 ____D C:\Users\user\AppData\Roaming\McAfee 2024-03-28 11:03 - 2024-04-05 10:17 - 004120032 _____ C:\WINDOWS\SysWOW64\AppRulesStorage-wal 2024-03-28 11:03 - 2024-04-05 10:17 - 000012288 _____ C:\WINDOWS\SysWOW64\AppRulesStorage 2024-03-28 11:03 - 2024-03-28 11:45 - 000032768 _____ C:\WINDOWS\SysWOW64\DnsStorage-shm 2024-03-28 11:03 - 2024-03-28 11:45 - 000032768 _____ C:\WINDOWS\SysWOW64\AppRulesStorage-shm 2024-03-28 11:03 - 2024-03-28 11:03 - 000012288 _____ C:\WINDOWS\SysWOW64\DnsStorage 2024-03-28 11:03 - 2024-03-28 11:03 - 000000000 _____ C:\WINDOWS\SysWOW64\DnsStorage-wal 2024-03-28 11:02 - 2024-03-28 11:02 - 000003384 _____ C:\WINDOWS\system32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} 2024-03-28 11:02 - 2024-03-28 11:02 - 000002428 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky.lnk 2024-03-28 11:02 - 2024-03-28 11:02 - 000002239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky VPN.lnk 2024-03-28 11:01 - 2024-03-28 11:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\K4W-21-16 2024-03-28 10:51 - 2024-03-28 10:52 - 004427640 _____ (Kaspersky) C:\Users\user\Downloads\startup (1).exe 2024-03-26 20:44 - 2024-04-04 09:49 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2024-03-26 20:44 - 2024-04-04 09:49 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2024-03-26 20:42 - 2024-03-26 20:42 - 001376816 _____ (Google LLC) C:\Users\user\Downloads\ChromeSetup(4).exe 2024-03-26 20:39 - 2024-03-26 20:39 - 001376816 _____ (Google LLC) C:\Users\user\Downloads\ChromeSetup(3).exe 2024-03-26 15:24 - 2024-03-26 15:24 - 002678917 _____ C:\Users\user\Desktop\Bus 2024.03.26.pdf 2024-03-26 13:36 - 2024-03-26 13:36 - 000446697 _____ C:\Users\user\Desktop\2024.03.26.pdf 2024-03-24 20:57 - 2024-03-24 20:57 - 000895217 _____ C:\Users\user\Downloads\8268696_6395.pdf 2024-03-24 20:53 - 2024-03-24 20:54 - 000981094 _____ C:\Users\user\Downloads\8268696_8298.pdf 2024-03-21 20:16 - 2024-03-21 20:16 - 000739828 _____ C:\Users\user\Downloads\Australia Post Motor Vehicle Insurance Reinstatement Pack - AP P MVP 7363980.pdf 2024-03-21 10:16 - 2024-03-21 10:16 - 000019530 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json 2024-03-21 10:15 - 2024-03-21 10:15 - 000019530 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json 2024-03-21 10:06 - 2024-03-21 10:06 - 000000000 ___HD C:\$WinREAgent 2024-03-19 17:51 - 2024-03-19 17:51 - 000523402 _____ C:\Users\user\Downloads\Statement and Diagram Form.pdf 2024-03-18 12:37 - 2024-03-18 12:37 - 000134532 _____ C:\Users\user\Downloads\Waterproofing_Certficate.pdf 2024-03-18 12:22 - 2024-03-18 12:22 - 000124407 _____ C:\Users\user\Desktop\Rates.pdf 2024-03-18 11:50 - 2024-03-18 12:24 - 001244423 _____ C:\Users\user\Desktop\BA Lease.pdf 2024-03-18 11:30 - 2024-03-18 11:30 - 000042041 _____ C:\Users\user\Desktop\Payslip 2024.02.28.pdf 2024-03-18 11:29 - 2024-03-18 11:29 - 000041995 _____ C:\Users\user\Desktop\Payslip 2024.03.13.pdf 2024-03-17 16:47 - 2024-03-17 16:47 - 000023497 _____ C:\Users\user\Downloads\CSVData(4).csv 2024-03-17 16:45 - 2024-03-17 16:45 - 000002775 _____ C:\Users\user\Downloads\CSVData(3).csv 2024-03-17 16:17 - 2024-03-17 16:18 - 001376816 _____ (Google LLC) C:\Users\user\Downloads\ChromeSetup(2).exe 2024-03-17 16:17 - 2024-03-17 16:17 - 001376816 _____ (Google LLC) C:\Users\user\Downloads\ChromeSetup(1).exe 2024-03-17 16:08 - 2024-03-17 16:08 - 001376816 _____ (Google LLC) C:\Users\user\Downloads\ChromeSetup.exe 2024-03-12 20:40 - 2024-03-12 20:33 - 000012269 _____ C:\Users\user\Desktop\Ben Hours.xlsx 2024-03-11 15:49 - 2024-03-11 15:49 - 000096605 _____ C:\Users\user\Desktop\Rate Ursime.pdf 2024-03-11 13:56 - 2024-03-11 13:56 - 000203557 _____ C:\Users\user\Downloads\modr-2007en-f.pdf 2024-03-09 19:46 - 2024-03-09 19:46 - 000000726 _____ C:\Users\user\Downloads\CSVData (53).csv 2024-03-09 15:48 - 2024-03-09 15:48 - 000204421 _____ C:\Users\user\Downloads\eStatement_5435-68XX-XXXX-7867_2024-02-14.pdf 2024-03-08 16:45 - 2024-03-08 16:45 - 000536551 _____ C:\Users\user\Desktop\Handwritten_2024-03-08_164544.pdf 2024-03-07 14:25 - 2024-03-07 14:25 - 000030881 _____ C:\Users\user\Downloads\ecf2c940-8839-42c3-84ef-bebb5aba4519.pdf 2024-03-06 10:31 - 2024-03-06 10:31 - 000634540 _____ C:\Users\user\Downloads\output-1_240306_103002.pdf 2024-03-03 20:59 - 2024-03-03 20:59 - 000922800 _____ C:\Users\user\Downloads\Statement20240208.pdf 2024-03-01 13:59 - 2024-03-01 13:59 - 000013156 _____ C:\Users\user\Downloads\transactions (3).csv 2024-03-01 13:57 - 2024-03-01 13:57 - 000007304 _____ C:\Users\user\Downloads\5435 6803 9966 7867_transaction_01_03_2024.csv 2024-03-01 13:54 - 2024-03-01 13:54 - 000008513 _____ C:\Users\user\Downloads\CSVData (51).csv 2024-03-01 13:54 - 2024-03-01 13:54 - 000000730 _____ C:\Users\user\Downloads\CSVData (52).csv 2024-03-01 13:53 - 2024-03-01 13:53 - 000002757 _____ C:\Users\user\Downloads\CSVData (50).csv 2024-03-01 13:05 - 2024-03-01 13:05 - 000147557 _____ C:\Users\user\Downloads\invoice (20).pdf 2024-03-01 13:04 - 2024-03-01 13:04 - 000147600 _____ C:\Users\user\Downloads\invoice (19).pdf 2024-03-01 13:04 - 2024-03-01 13:04 - 000147193 _____ C:\Users\user\Downloads\invoice (18).pdf 2024-03-01 09:47 - 2024-03-01 09:47 - 000003948 _____ C:\WINDOWS\system32\Tasks\WinZip - Deduplicator - Downloads - user 2024-03-01 09:47 - 2024-03-01 09:47 - 000003948 _____ C:\WINDOWS\system32\Tasks\WinZip - Deduplicator - Documents - user 2024-03-01 09:47 - 2024-03-01 09:47 - 000003946 _____ C:\WINDOWS\system32\Tasks\WinZip - Deduplicator - Pictures - user 2024-03-01 09:47 - 2024-03-01 09:47 - 000001203 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinZip Tool Settings.lnk 2024-02-28 18:59 - 2024-02-28 19:00 - 001110771 _____ C:\Users\user\Downloads\Green Slip Certificate.pdf 2024-02-28 18:58 - 2024-02-28 18:58 - 001133388 _____ C:\Users\user\Downloads\CTP Policy Renewal invite.pdf 2024-02-23 21:39 - 2024-02-23 21:39 - 000003764 _____ C:\WINDOWS\system32\Tasks\WinZip Updater - user 2024-02-23 21:39 - 2024-02-23 21:39 - 000003658 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 2 2024-02-23 21:39 - 2024-02-23 21:39 - 000003656 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 3 2024-02-23 21:39 - 2024-02-23 21:39 - 000003656 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 1 2024-02-23 21:39 - 2024-02-23 21:39 - 000002094 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip.lnk 2024-02-23 21:39 - 2024-02-23 21:39 - 000001994 _____ C:\Users\Public\Desktop\WinZip.lnk 2024-02-23 21:39 - 2024-02-23 21:39 - 000001931 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip SafeShare.lnk 2024-02-23 21:39 - 2024-02-23 21:39 - 000001921 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Image Manager.lnk 2024-02-23 21:39 - 2024-02-23 21:39 - 000001917 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip PDF Express.lnk 2024-02-23 21:39 - 2024-02-23 21:39 - 000001905 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Secure Backup.lnk 2024-02-23 21:39 - 2024-02-23 21:39 - 000001893 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Duplicate File Finder.lnk 2024-02-23 21:39 - 2024-02-23 21:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 2024-02-23 21:38 - 2024-03-01 12:00 - 000000000 ____D C:\Users\user\AppData\Local\WinZip 2024-02-23 21:38 - 2024-02-23 21:38 - 000000000 ____D C:\Program Files\WinZip 2024-02-22 20:40 - 2024-02-22 20:41 - 002940640 _____ (WinZip Computing) C:\Users\user\Downloads\winzip28.exe 2024-02-22 10:42 - 2024-02-22 10:42 - 003512361 _____ C:\Users\user\Desktop\TakeBand 1.pdf 2024-02-22 10:30 - 2024-02-22 10:30 - 000452893 _____ C:\Users\user\Desktop\TakeBand.pdf 2024-02-22 10:12 - 2024-02-22 10:12 - 000163376 _____ C:\Users\user\Downloads\Invoice 1762023.pdf 2024-02-15 20:56 - 2024-03-28 11:55 - 000000000 ____D C:\Users\user\Desktop\New folder 2024-02-11 20:50 - 2024-02-11 20:50 - 000000000 ____D C:\Users\user\AppData\Local\McAfee 2024-02-09 18:07 - 2024-02-09 18:07 - 000353340 _____ C:\Users\user\Desktop\IMG_4250-e1515551786130.webp 2024-02-06 19:14 - 2024-02-06 19:14 - 006254747 _____ C:\Users\user\Downloads\2024.02.06 - Child Support Letter (1).pdf 2024-02-06 19:07 - 2024-02-06 19:07 - 000004395 _____ C:\Users\user\Downloads\Acceptance of your Child Support Assessment Application (2).pdf 2024-02-06 19:03 - 2024-02-06 19:03 - 000032585 _____ C:\Users\user\Downloads\Child Support Assessment_DC004332B3.pdf 2024-02-06 18:52 - 2024-02-06 18:52 - 001197834 _____ C:\Users\user\Downloads\2024.02.06 - Child Support Letter.pdf 2024-02-06 18:18 - 2024-02-06 18:18 - 000012238 _____ C:\Users\user\Downloads\06.02.24 SMSF Calculations.xlsx 2024-02-05 19:29 - 2024-02-05 19:29 - 000946893 _____ C:\Users\user\Downloads\Statements20220131 (1).pdf 2024-02-05 19:24 - 2024-02-05 19:24 - 000157049 _____ C:\Users\user\Downloads\CSVData (49).csv 2024-02-05 19:22 - 2024-02-05 19:22 - 000043677 _____ C:\Users\user\Downloads\CSVData (48).csv 2024-02-05 19:17 - 2024-02-05 19:17 - 000945438 _____ C:\Users\user\Desktop\CBA Statement.pdf 2024-02-05 19:15 - 2024-02-05 19:15 - 000946905 _____ C:\Users\user\Downloads\Statements20220131.pdf 2024-02-05 18:38 - 2024-04-01 12:59 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk 2024-02-05 18:38 - 2024-04-01 12:59 - 000002068 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk 2024-02-03 19:39 - 2024-02-03 19:39 - 000594653 _____ C:\Users\user\Downloads\Customer_Notice_02025-00000000-000_2631.pdf 2024-02-03 19:37 - 2024-02-03 19:37 - 000560948 _____ C:\Users\user\Downloads\Customer_Notice_02025-00000000-000_2931.pdf 2024-02-02 17:48 - 2024-02-02 17:48 - 000129721 _____ C:\Users\user\Downloads\Devine Barrett SF 2023 - Invoice.pdf 2024-02-02 17:46 - 2024-02-02 17:46 - 000217454 _____ C:\Users\user\Downloads\Devine Barrett SF 2023 - Management Letter.pdf 2024-02-02 17:44 - 2024-02-02 17:44 - 000113622 _____ C:\Users\user\Downloads\Devine Barrett SF 2023 - ACR.pdf 2024-02-02 17:41 - 2024-02-02 17:41 - 000267172 _____ C:\Users\user\Downloads\Devine Barrett SF 2021 - Management Letter.pdf 2024-02-02 17:40 - 2024-02-02 17:40 - 000129726 _____ C:\Users\user\Downloads\Devine Barrett SF 2021 - Invoice.pdf 2024-02-02 17:39 - 2024-02-02 17:39 - 000130143 _____ C:\Users\user\Downloads\Devine Barrett SF 2020 - Invoice.pdf 2024-02-02 17:38 - 2024-02-02 17:38 - 000193892 _____ C:\Users\user\Downloads\Devine Barrett SF 2020 - Management Letter.pdf 2024-02-02 17:37 - 2024-02-02 17:37 - 000108756 _____ C:\Users\user\Downloads\Devine Barrett SF 2022 - ACR.pdf 2024-02-02 17:35 - 2024-02-02 17:35 - 000129722 _____ C:\Users\user\Downloads\Devine Barrett SF 2022 - Invoice.pdf 2024-02-02 17:34 - 2024-02-02 17:34 - 000267315 _____ C:\Users\user\Downloads\Devine Barrett SF 2022 - Management Letter.pdf 2024-02-02 17:27 - 2024-02-02 17:27 - 000237936 _____ C:\Users\user\Downloads\Devine Barrett SF 2023 - Audit Report.pdf 2024-02-02 17:26 - 2024-02-02 17:26 - 000237906 _____ C:\Users\user\Downloads\Devine Barrett SF 2022 - Audit Report.pdf 2024-02-02 17:16 - 2024-02-02 17:16 - 000238079 _____ C:\Users\user\Downloads\Devine Barrett SF 2021 - Audit Report.pdf 2024-02-02 17:14 - 2024-02-02 17:14 - 000237616 _____ C:\Users\user\Downloads\Devine Barrett SF 2020 - Audit Report.pdf 2024-02-01 21:05 - 2024-02-01 21:05 - 000010759 _____ C:\Users\user\Downloads\transactions (2).csv 2024-02-01 21:01 - 2024-02-01 21:01 - 000006020 _____ C:\Users\user\Downloads\5435 6803 9966 7867_transaction_01_02_2024.csv 2024-02-01 20:59 - 2024-02-01 20:59 - 000003612 _____ C:\Users\user\Downloads\CSVData (47).csv 2024-02-01 20:58 - 2024-02-01 20:58 - 000002753 _____ C:\Users\user\Downloads\CSVData (46).csv 2024-02-01 11:08 - 2024-02-01 11:08 - 000370084 _____ C:\Users\user\Downloads\statement (3).pdf 2024-01-18 16:38 - 2024-01-18 16:38 - 000231431 _____ C:\Users\user\Desktop\Google Maps.pdf 2024-01-18 15:22 - 2024-01-18 15:22 - 000203067 _____ C:\Users\user\Downloads\eStatement_5435-68XX-XXXX-7867_2024-01-15.pdf 2024-01-18 15:22 - 2024-01-18 15:22 - 000203067 _____ C:\Users\user\Downloads\eStatement_5435-68XX-XXXX-7867_2024-01-15 (1).pdf 2024-01-09 10:42 - 2024-01-09 10:42 - 000235057 _____ C:\Users\user\Downloads\origin-statement-2024-01-07.pdf 2024-01-08 12:26 - 2024-01-08 12:26 - 000203544 _____ C:\Users\user\Downloads\35639 Dorvik.pdf ==================== Three months (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2024-04-05 10:14 - 2021-05-26 20:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2024-04-05 09:54 - 2019-12-07 20:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2024-04-04 17:59 - 2021-05-27 10:56 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Excel 2024-04-04 14:23 - 2021-07-06 15:35 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2024-04-04 14:23 - 2021-07-06 15:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2024-04-04 12:37 - 2022-02-18 11:23 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2024-04-04 10:46 - 2019-12-07 20:14 - 000000000 ___HD C:\Program Files\WindowsApps 2024-04-04 10:46 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2024-04-04 09:53 - 2023-09-15 10:17 - 000000000 ____D C:\WINDOWS\SystemTemp 2024-04-04 09:49 - 2022-03-15 16:58 - 000000000 ____D C:\Program Files (x86)\Google 2024-04-04 09:48 - 2021-11-28 13:04 - 000001427 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grammarly.lnk 2024-04-04 09:48 - 2021-11-28 13:04 - 000000000 ____D C:\Users\user\AppData\Local\Grammarly 2024-04-01 13:38 - 2021-06-03 16:09 - 000000000 ____D C:\Users\user\Desktop\Ebay 2024-04-01 12:59 - 2021-05-27 13:51 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task 2024-03-31 10:45 - 2021-09-08 18:07 - 000000000 ____D C:\WINDOWS\Minidump 2024-03-31 10:44 - 2021-05-26 20:34 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2024-03-31 10:44 - 2019-06-26 18:59 - 000000000 ____D C:\Users\user\AppData\Local\Packages 2024-03-28 11:55 - 2023-10-16 17:39 - 000000000 ___RD C:\Users\user\Desktop\214WA 2024-03-28 11:55 - 2023-08-28 12:21 - 000000000 ____D C:\Users\user\Desktop\2023.08.28 - Phone 2024-03-28 11:55 - 2023-07-20 14:03 - 000000000 ____D C:\Users\user\Desktop\Transport NSW 2024-03-28 11:55 - 2023-03-21 20:37 - 000000000 ____D C:\Users\user\Desktop\Windows 2024-03-28 11:55 - 2022-09-20 15:17 - 000000000 ____D C:\Users\user\Desktop\Covid 2024-03-28 11:55 - 2021-11-27 15:18 - 000000000 ____D C:\Users\user\Desktop\La De'vine 2024-03-28 11:55 - 2021-10-03 08:33 - 000000000 ____D C:\Users\user\Desktop\Centrelink 2024-03-28 11:55 - 2021-06-18 20:35 - 000000000 ____D C:\Users\user\Desktop\CAE Devine Trust 2024-03-28 11:55 - 2021-06-11 16:36 - 000000000 ___RD C:\Users\user\Desktop\Devine Barrett Superfund 2024-03-28 11:55 - 2021-06-03 16:09 - 000000000 ____D C:\Users\user\Desktop\Ben 2024-03-28 11:55 - 2021-05-25 14:15 - 000000000 ___RD C:\Users\user\Desktop\6JACK 2024-03-28 11:51 - 2021-05-26 20:41 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2024-03-28 11:51 - 2019-12-07 20:13 - 000000000 ____D C:\WINDOWS\INF 2024-03-28 11:46 - 2021-05-27 13:51 - 000000000 ____D C:\ProgramData\McAfee 2024-03-28 11:44 - 2021-05-26 20:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2024-03-28 11:44 - 2021-05-26 20:33 - 000008192 ___SH C:\DumpStack.log.tmp 2024-03-28 11:44 - 2020-12-16 09:24 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin 2024-03-28 11:44 - 2019-12-07 20:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2024-03-28 11:44 - 2019-05-24 13:42 - 000000000 ____D C:\ProgramData\NVIDIA 2024-03-28 11:38 - 2021-05-25 14:16 - 000034304 _____ C:\Users\user\Desktop\CD.xlsx 2024-03-28 11:02 - 2021-05-26 15:26 - 000000000 ____D C:\Program Files\Common Files\AV 2024-03-28 11:02 - 2021-05-26 15:25 - 000000000 ____D C:\ProgramData\Kaspersky Lab 2024-03-28 11:02 - 2021-05-26 15:25 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab 2024-03-28 11:02 - 2019-12-07 20:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2024-03-28 11:01 - 2019-12-07 20:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2024-03-28 10:52 - 2022-01-12 14:08 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2024-03-27 09:52 - 2021-05-26 20:39 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2024-03-27 09:52 - 2021-05-26 20:39 - 000003442 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d75212e6b1a7f0 2024-03-24 16:15 - 2021-05-26 15:34 - 000000000 ____D C:\WINDOWS\system32\MRT 2024-03-24 16:13 - 2021-05-26 15:34 - 190470136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2024-03-21 22:27 - 2021-05-26 20:33 - 000448752 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2024-03-21 22:26 - 2019-12-07 20:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2024-03-21 22:26 - 2019-12-07 20:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2024-03-21 22:26 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2024-03-21 22:26 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\SystemResources 2024-03-21 22:26 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2024-03-21 22:26 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2024-03-21 22:26 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\ShellExperiences 2024-03-21 22:26 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2024-03-21 22:26 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2024-03-21 22:26 - 2019-12-07 20:03 - 000000000 ____D C:\WINDOWS\servicing 2024-03-21 20:11 - 2023-08-13 14:34 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP 2024-03-21 20:11 - 2023-08-13 14:34 - 000000000 ____D C:\Program Files\HPPrintScanDoctor 2024-03-21 10:19 - 2019-12-07 20:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2024-03-21 10:15 - 2021-05-26 20:38 - 003017216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2024-03-20 21:55 - 2021-06-13 20:46 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2024-03-18 10:50 - 2022-09-14 17:16 - 000000000 ____D C:\Users\user\AppData\Roaming\com.adobe.dunamis 2024-03-17 14:23 - 2022-11-15 09:19 - 000000000 ____D C:\Program Files\RUXIM 2024-03-14 16:33 - 2019-05-25 06:32 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2024-03-14 11:01 - 2021-06-01 13:55 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Word 2024-03-12 20:39 - 2021-05-25 14:15 - 000000000 ____D C:\Users\user\Desktop\Money 2024-03-08 16:35 - 2023-08-19 16:35 - 000001545 _____ C:\Users\user\Desktop\HP Smart.lnk 2024-03-08 13:38 - 2021-10-11 15:30 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla ==================== Files in the root of some directories ======== 2022-02-23 13:08 - 2024-02-05 18:32 - 000000205 _____ () C:\Users\user\AppData\Local\oobelibMkey.log ==================== SigCheckExt ========================= 2021-05-26 20:38 - 2021-05-26 20:38 - 000002278 _____ C:\WINDOWS\system32\Tasks\kpm_tray.exe 2024-04-05 10:21 - 2024-04-05 10:21 - 002091520 _____ (Farbar) C:\Users\user\Downloads\FRST.exe 2024-04-05 10:23 - 2024-04-05 10:24 - 002393088 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe 2022-10-05 14:57 - 2022-10-05 14:57 - 002376439 _____ (Ben Olden-Cooligan ) C:\Users\user\Downloads\naps2-6.1.2-setup.exe 2023-05-29 16:25 - 2023-05-29 16:25 - 002758480 _____ (Kaspersky) C:\Users\user\Downloads\startup.exe ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== BCD ================================ Windows Boot Manager -------------------- identifier {bootmgr} device partition=\Device\HarddiskVolume1 description Windows Boot Manager locale en-US inherit {globalsettings} default {current} resumeobject {38220bfe-be9c-11eb-a019-b20e457fa08b} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Windows Boot Loader ------------------- identifier {current} device partition=C: path \WINDOWS\system32\winload.exe description Windows 10 locale en-US inherit {bootloadersettings} recoverysequence {8b2cd6b1-be05-11eb-b683-e797a1fc1d60} displaymessageoverride Recovery recoveryenabled Yes allowedinmemorysettings 0x15000075 osdevice partition=C: systemroot \WINDOWS resumeobject {38220bfe-be9c-11eb-a019-b20e457fa08b} nx OptIn bootmenupolicy Standard Windows Boot Loader ------------------- identifier {8b2cd6b1-be05-11eb-b683-e797a1fc1d60} device ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{8b2cd6b2-be05-11eb-b683-e797a1fc1d60} path \windows\system32\winload.exe description Windows Recovery Environment locale en-US inherit {bootloadersettings} displaymessage Recovery osdevice ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{8b2cd6b2-be05-11eb-b683-e797a1fc1d60} systemroot \windows nx OptIn bootmenupolicy Standard winpe Yes Windows Boot Loader ------------------- identifier {c9f6a8bc-7e5a-11e9-b672-f8cab8126a93} device ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{c9f6a8bd-7e5a-11e9-b672-f8cab8126a93} path \windows\system32\winload.exe description Windows Recovery Environment locale en-AU inherit {bootloadersettings} displaymessage Recovery osdevice ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{c9f6a8bd-7e5a-11e9-b672-f8cab8126a93} systemroot \windows nx OptIn bootmenupolicy Standard winpe Yes Resume from Hibernate --------------------- identifier {38220bfe-be9c-11eb-a019-b20e457fa08b} device partition=C: path \WINDOWS\system32\winresume.exe description Windows Resume Application locale en-US inherit {resumeloadersettings} recoverysequence {8b2cd6b1-be05-11eb-b683-e797a1fc1d60} recoveryenabled Yes allowedinmemorysettings 0x15000075 filedevice partition=C: filepath \hiberfil.sys bootmenupolicy Standard debugoptionenabled No Windows Memory Tester --------------------- identifier {memdiag} device partition=\Device\HarddiskVolume1 path \boot\memtest.exe description Windows Memory Diagnostic locale en-US inherit {globalsettings} badmemoryaccess Yes EMS Settings ------------ identifier {emssettings} bootems No Debugger Settings ----------------- identifier {dbgsettings} debugtype Local RAM Defects ----------- identifier {badmemory} Global Settings --------------- identifier {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} integrityservices Enable Boot Loader Settings -------------------- identifier {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisor Settings ------------------- identifier {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Resume Loader Settings ---------------------- identifier {resumeloadersettings} inherit {globalsettings} Device options -------------- identifier {8b2cd6b2-be05-11eb-b683-e797a1fc1d60} description Windows Recovery ramdisksdidevice partition=\Device\HarddiskVolume3 ramdisksdipath \Recovery\WindowsRE\boot.sdi Device options -------------- identifier {c9f6a8bd-7e5a-11e9-b672-f8cab8126a93} description Windows Recovery ramdisksdidevice unknown ramdisksdipath \Recovery\WindowsRE\boot.sdi ==================== End of FRST.txt ========================