Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.04.2024 01 Ran by user (administrator) on WINDOWS-QSS2PM6 (Dell Inc. OptiPlex 7020) (08-04-2024 17:50:24) Running from C:\Users\user\Downloads\FRST64.exe Loaded Profiles: user Platform: Microsoft Windows 10 Pro Version 22H2 19045.4170 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2> (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.16\avp.exe ->) (AO Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.16\avpui.exe (C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.16\ksde.exe ->) (AO Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.16\ksdeui.exe (C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtWLan.exe (C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe (C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe (C:\Windows\runSW.exe ->) (Realtek Semiconductor Corp. -> Realtek) C:\Windows\SwUSB.exe (DriverStore\FileRepository\c0323693.inf_amd64_ea9ec708f5ac1a71\atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe (explorer.exe ->) (Corel Corporation -> WinZip Computing) C:\Program Files\WinZip\WzPreloader.exe (explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <14> (explorer.exe ->) (Grammarly, Inc. -> Grammarly) C:\Users\user\AppData\Local\Grammarly\DesktopIntegrations\Grammarly.Desktop.exe (explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <10> (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0323693.inf_amd64_ea9ec708f5ac1a71\atiesrxx.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe (services.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.16\avp.exe <2> (services.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.16\ksde.exe (services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2> (services.exe ->) (Realtek Semiconductor Corp -> ) C:\Windows\runSW.exe (services.exe ->) (Realtek Semiconductor Corp -> Realtek) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe (sihost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2024.11010.23003.0_x64__8wekyb3d8bbwe\PhotosService\PhotosService.exe (svchost.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_tray.exe (svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2024.11010.23003.0_x64__8wekyb3d8bbwe\PhotosApp.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8538872 2016-01-12] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1415928 2016-01-12] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [3177544 2023-10-05] (Corel Corporation -> Corel Corporation) HKU\S-1-5-21-4082652602-1411793602-943509856-1003\...\Run: [MicrosoftEdgeAutoLaunch_8714F0D917266FE3AFB7F8BB98EEBC18] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4063784 2024-04-04] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-4082652602-1411793602-943509856-1003\...\Run: [Grammarly] => C:\Users\user\AppData\Local\Grammarly\DesktopIntegrations\Grammarly.Desktop.exe [235104 2024-04-03] (Grammarly, Inc. -> Grammarly) HKLM\...\Windows x64\Print Processors\Canon MP280 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAA.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJ Language Monitor MP280 series: C:\windows\system32\CNMLMAA.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJ Language Monitor MP280 series XPS: C:\windows\system32\CNMXLMAA.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\chrmstp.exe [2024-04-07] (Google LLC -> Google LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2024-02-23] ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (Corel Corporation -> WinZip Computing) ==================== Scheduled Tasks (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {30C20A5F-1FC0-4C5D-8210-E39F0488DF2E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.) Task: {75F2AE22-7FF0-414B-8983-E07E350A32BA} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem125.0.6386.0{FF1A2D81-50E8-467F-A135-9191400FD24C} => C:\Program Files (x86)\Google\GoogleUpdater\125.0.6386.0\updater.exe [4774176 2024-03-29] (Google LLC -> Google LLC) Task: {09A58D2C-BAF6-4D7B-BE46-C7654BC580AC} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky\upgrade_launcher.exe [726952 2024-03-28] (AO Kaspersky Lab -> AO Kaspersky Lab) Task: {0A61D4FD-02FF-4087-897E-0F3D5029A60E} - System32\Tasks\kpm_tray.exe => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_tray.exe [622168 2021-04-28] (Kaspersky Lab JSC -> AO Kaspersky Lab) Task: {C784EAF0-52B9-4812-9641-1A20F4E17595} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28452976 2024-04-07] (Microsoft Corporation -> Microsoft Corporation) Task: {63EE6377-8421-4753-B20C-51249F1371B6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28452976 2024-04-07] (Microsoft Corporation -> Microsoft Corporation) Task: {53D75D52-BAED-42A7-95EB-3766117236E9} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [221360 2024-04-07] (Microsoft Corporation -> Microsoft Corporation) Task: {03EEB330-F9F1-49EA-B644-93D339998838} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [221360 2024-04-07] (Microsoft Corporation -> Microsoft Corporation) Task: {ADB73A83-CA3B-4CA5-BB32-127453F0CCC4} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [671136 2024-04-04] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters). Task: {8AF4B0E8-C62B-49D3-AFFC-762EB8B2B1EE} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-4082652602-1411793602-943509856-1003 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [671136 2024-04-04] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters). Task: {12DA0A0E-C556-4D99-B2B1-A2C47BEED24C} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34720 2024-04-04] (Mozilla Corporation -> Mozilla Foundation) Task: {24F7EF9C-5BF1-4C96-8839-BFA640D44285} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [662464 2018-05-08] (NVIDIA Corporation -> NVIDIA Corporation) Task: {CBB85C2F-72D6-41F6-BAFF-402B91C690C6} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [662464 2018-05-08] (NVIDIA Corporation -> NVIDIA Corporation) Task: {A5C4DC84-E078-4A26-94F4-C57A7F2F87DF} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [510912 2018-05-08] (NVIDIA Corporation -> NVIDIA Corporation) Task: {DC0D5F92-29DC-4E37-9E85-DE0F7C22F227} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [757184 2018-05-08] (NVIDIA Corporation -> NVIDIA Corporation) Task: {39961D58-1672-4B2B-B4AF-B0F0994387F9} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [49032 2017-12-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {EFFE27AB-5216-411E-AD7F-D15407263496} - System32\Tasks\WinZip - Deduplicator - Documents - user => C:\Program Files\WinZip\WzBGTToolsManager64.exe [335456 2023-10-05] (Corel Corporation -> WinZip Computing) Task: {9DCA19DE-D941-443B-9DEB-C678BCE3D5C6} - System32\Tasks\WinZip - Deduplicator - Downloads - user => C:\Program Files\WinZip\WzBGTToolsManager64.exe [335456 2023-10-05] (Corel Corporation -> WinZip Computing) Task: {1CCA1BC5-C9D7-448A-8B26-DB633889873B} - System32\Tasks\WinZip - Deduplicator - Pictures - user => C:\Program Files\WinZip\WzBGTToolsManager64.exe [335456 2023-10-05] (Corel Corporation -> WinZip Computing) Task: {39E5F0B4-E10F-447D-8CDE-02882144D8AA} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [3177544 2023-10-05] (Corel Corporation -> Corel Corporation) Task: {6691DAEE-59FD-441A-828B-33ED3F8FC745} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [3177544 2023-10-05] (Corel Corporation -> Corel Corporation) Task: {E8D3E35B-F4AE-4586-ABCE-E38E27C01C45} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [3177544 2023-10-05] (Corel Corporation -> Corel Corporation) Task: {B3CC4650-B560-4C6F-9FAD-15BF16371A10} - System32\Tasks\WinZip Updater - user => C:\Program Files\WinZip\WzUpdater.exe [446560 2023-10-05] (Corel Corporation -> ) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.10.42 Tcpip\..\Interfaces\{764bbb2f-1955-4247-85b4-a5b9139ef03d}: [DhcpNameServer] 192.168.223.113 Tcpip\..\Interfaces\{db75d996-26ba-4f8f-8f50-aae42c9f688e}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{de451b20-3c38-4792-ae3f-9de8eb56409d}: [DhcpNameServer] 192.168.10.42 Tcpip\..\Interfaces\{de451b20-3c38-4792-ae3f-9de8eb56409d}\14E64627F696461405: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{de451b20-3c38-4792-ae3f-9de8eb56409d}\D6F647F602768283920207F677562702C69647560213438393: [DhcpNameServer] 192.168.43.106 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default [2024-04-08] Edge HomePage: Default -> about:blank Edge DefaultSearchURL: Default -> {bing:baseURL}search?q={searchTerms}&{bing:cvid}{bing:msb}{google:assistedQueryStats} Edge Extension: (Malwarebytes Browser Guard) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2024-04-07] Edge Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-12] Edge Extension: (Edge relevant text changes) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24] Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn] Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn] FireFox: ======== FF DefaultProfile: oxi23ew0.default FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\oxi23ew0.default [2024-04-06] FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\hatm12ic.default-release [2024-04-06] FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\hatm12ic.default-release\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2024-03-17] FF Extension: (Malwarebytes Browser Guard) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\hatm12ic.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2024-04-06] FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-03-27] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2024-04-07] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-07] (Microsoft Corporation -> Microsoft Corporation) FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2024-03-28] <==== ATTENTION (Points to *.cfg file) FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2024-03-28] <==== ATTENTION Chrome: ======= CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2024-04-08] CHR Extension: (Kaspersky Protection) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2024-03-28] CHR Extension: (Malwarebytes Browser Guard) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-04-06] CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-03-15] CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile [2023-10-18] CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] CHR HKU\S-1-5-21-4082652602-1411793602-943509856-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.) R2 AVP21.16; C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.16\avp.exe [32008 2024-01-12] (Kaspersky Lab JSC -> AO Kaspersky Lab) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14221312 2024-04-07] (Microsoft Corporation -> Microsoft Corporation) S2 GoogleUpdaterInternalService125.0.6386.0; C:\Program Files (x86)\Google\GoogleUpdater\125.0.6386.0\updater.exe [4774176 2024-03-29] (Google LLC -> Google LLC) S2 GoogleUpdaterService125.0.6386.0; C:\Program Files (x86)\Google\GoogleUpdater\125.0.6386.0\updater.exe [4774176 2024-03-29] (Google LLC -> Google LLC) R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [234968 2024-03-19] (HP Inc. -> HP Inc.) S3 klvssbridge64_21.16; C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.16\x64\vssbridge64.exe [551848 2024-01-12] (AO Kaspersky Lab -> AO Kaspersky Lab) S3 kpm_launch_service; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe [357272 2021-04-28] (Kaspersky Lab JSC -> AO Kaspersky Lab) R2 KSDE5.16; C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.16\ksde.exe [32008 2024-01-12] (Kaspersky Lab JSC -> AO Kaspersky Lab) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8884840 2024-04-06] (Malwarebytes Inc. -> Malwarebytes) S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-04-06] (Malwarebytes Inc. -> Malwarebytes) R2 RealtekWlanU; C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe [48856 2014-10-09] (Realtek Semiconductor Corp -> Realtek) S2 RTLDHCPService; C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe [262360 2014-10-09] (Realtek Semiconductor Corp -> Realtek) R2 RunSwUSB; C:\Windows\runSW.exe [44760 2021-06-02] (Realtek Semiconductor Corp -> ) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522184 2024-03-21] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\NisSrv.exe [3191272 2024-03-14] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MsMpEng.exe [133688 2024-03-14] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [245200 2024-01-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2024-04-06] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R1 klbackupdisk.K4W-21-16; C:\WINDOWS\system32\DRIVERS\K4W-21-16\klbackupdisk.sys [90544 2024-01-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klbackupflt.K4W-21-16; C:\WINDOWS\System32\DRIVERS\K4W-21-16\klbackupflt.sys [235456 2024-01-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 kldisk.K4W-21-16; C:\WINDOWS\system32\DRIVERS\K4W-21-16\kldisk.sys [108576 2024-01-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [53576 2024-01-12] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab) R1 klflt.K4W-21-16; C:\WINDOWS\system32\DRIVERS\K4W-21-16\klflt.sys [646688 2024-01-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klgse.K4W-21-16; C:\WINDOWS\System32\DRIVERS\K4W-21-16\klgse.sys [824528 2024-03-28] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klhk.K4W-21-16; C:\WINDOWS\system32\DRIVERS\K4W-21-16\klhk.sys [1999568 2024-03-28] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R3 klids.K4W-21-16; C:\ProgramData\Kaspersky Lab\AVP21.16\Bases\klids.sys [245144 2024-03-28] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 KLIF.K4W-21-16; C:\WINDOWS\System32\DRIVERS\K4W-21-16\klif.sys [1365024 2024-01-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [88096 2024-01-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klkbdflt.K4W-21-16; C:\WINDOWS\system32\DRIVERS\K4W-21-16\klkbdflt.sys [96280 2024-01-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R3 klmouflt.K4W-21-16; C:\WINDOWS\system32\DRIVERS\K4W-21-16\klmouflt.sys [91168 2024-01-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klpd.K4W-21-16; C:\WINDOWS\System32\DRIVERS\K4W-21-16\klpd.sys [58400 2024-01-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klpnpflt.K4W-21-16; C:\WINDOWS\system32\DRIVERS\K4W-21-16\klpnpflt.sys [84400 2024-01-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R3 kltun; C:\WINDOWS\system32\DRIVERS\kltun.sys [90032 2024-01-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R0 klupd_K4W-21-16_arkmon; C:\WINDOWS\System32\Drivers\klupd_K4W-21-16_arkmon.sys [384656 2024-03-28] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R3 klupd_K4W-21-16_klark; C:\WINDOWS\System32\Drivers\klupd_K4W-21-16_klark.sys [354640 2024-03-28] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R0 klupd_K4W-21-16_klbg; C:\WINDOWS\System32\Drivers\klupd_K4W-21-16_klbg.sys [183120 2024-03-28] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R3 klupd_K4W-21-16_mark; C:\WINDOWS\System32\Drivers\klupd_K4W-21-16_mark.sys [262712 2024-03-28] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klwtp.K4W-21-16; C:\WINDOWS\system32\DRIVERS\K4W-21-16\klwtp.sys [515096 2024-01-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 kneps.K4W-21-16; C:\WINDOWS\system32\DRIVERS\K4W-21-16\kneps.sys [337840 2024-01-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223296 2024-04-06] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-04-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [201280 2024-04-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [78400 2024-04-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-04-06] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [188784 2024-04-07] (Malwarebytes Inc. -> Malwarebytes) R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [6737256 2020-08-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R0 stdcfltn; C:\WINDOWS\System32\DRIVERS\stdcfltn.sys [23216 2015-01-09] (STMicroelectronics -> ST Microelectronics) S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [41008 2021-03-30] (McAfee, LLC. -> The OpenVPN Project) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [20928 2024-03-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [603416 2024-03-14] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105752 2024-03-14] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2024-04-08 17:48 - 2024-04-08 17:49 - 002393600 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe 2024-04-08 17:45 - 2024-04-08 17:45 - 000000000 ____D C:\Users\user\AppData\LocalLow\IGDump 2024-04-08 17:37 - 2024-04-08 17:40 - 000000000 ___HD C:\$WinREAgent 2024-04-07 14:27 - 2024-04-07 14:27 - 000188784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2024-04-07 14:11 - 2024-04-07 14:17 - 000000000 ____D C:\Users\user\Desktop\07.04.2024 2024-04-07 14:09 - 2024-04-07 14:09 - 008790880 _____ (Malwarebytes) C:\Users\user\Desktop\adwcleaner(1).exe 2024-04-06 15:32 - 2024-04-06 15:32 - 000004899 _____ C:\Users\user\Downloads\Malwarebytes Scan Report 2024-04-06 161906.txt 2024-04-06 15:32 - 2024-04-06 15:32 - 000001601 _____ C:\Users\user\Downloads\AdwCleanerS00.txt 2024-04-06 15:31 - 2024-04-06 15:31 - 000018782 _____ C:\Users\user\Downloads\Fixlog.txt 2024-04-06 15:24 - 2024-04-06 15:24 - 000004899 _____ C:\Users\user\Desktop\Malwarebytes Scan Report 2024-04-06 161906.txt 2024-04-06 15:04 - 2024-04-08 17:50 - 000000000 ____D C:\Users\user\AppData\Local\Malwarebytes 2024-04-06 15:04 - 2024-04-06 15:16 - 000002100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2024-04-06 15:04 - 2024-04-06 15:16 - 000002088 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2024-04-06 15:02 - 2024-04-06 15:12 - 000000000 ____D C:\ProgramData\Malwarebytes 2024-04-06 15:01 - 2024-04-06 15:12 - 000000000 ____D C:\Program Files\Malwarebytes 2024-04-06 15:01 - 2024-04-06 15:01 - 002589624 _____ (Malwarebytes) C:\Users\user\Desktop\MBSetup.exe 2024-04-06 14:59 - 2024-04-06 14:59 - 000001601 _____ C:\Users\user\Desktop\AdwCleaner[S00].txt 2024-04-06 14:55 - 2024-04-07 14:10 - 000000000 ____D C:\AdwCleaner 2024-04-06 14:55 - 2024-04-06 14:55 - 008790880 _____ (Malwarebytes) C:\Users\user\Downloads\adwcleaner(1).exe 2024-04-06 14:53 - 2024-04-06 14:53 - 008791352 _____ (Malwarebytes) C:\Users\user\Desktop\AdwCleaner.exe 2024-04-06 14:33 - 2024-04-06 14:42 - 000018782 _____ C:\Users\user\Desktop\Fixlog.txt 2024-04-06 14:33 - 2024-04-06 14:33 - 000000000 ____D C:\Users\user\Desktop\FRST-OlderVersion 2024-04-05 14:39 - 2024-04-05 14:39 - 000508208 _____ C:\Users\user\Downloads\origin-statement-2023-06-28 (1).pdf 2024-04-05 14:37 - 2024-04-05 14:37 - 000240327 _____ C:\Users\user\Downloads\origin-statement-2023-09-27 (2).pdf 2024-04-05 14:35 - 2024-04-05 14:35 - 000240327 _____ C:\Users\user\Downloads\origin-statement-2023-09-27 (1).pdf 2024-04-05 09:37 - 2024-04-05 09:37 - 000125478 _____ C:\Users\user\Desktop\05.04.2024.pdf 2024-04-05 09:33 - 2024-04-05 09:33 - 000034472 _____ C:\Users\user\Downloads\Shortcut.txt 2024-04-05 09:32 - 2024-04-05 09:33 - 000035305 _____ C:\Users\user\Downloads\Addition.txt 2024-04-05 09:27 - 2024-04-08 17:51 - 000026484 _____ C:\Users\user\Downloads\FRST.txt 2024-04-05 09:25 - 2024-04-08 17:50 - 000000000 ____D C:\FRST 2024-04-05 09:23 - 2024-04-06 14:33 - 002393600 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe 2024-04-05 09:21 - 2024-04-05 09:21 - 002091520 _____ (Farbar) C:\Users\user\Downloads\FRST.exe 2024-04-04 12:33 - 2024-04-04 12:33 - 000016092 _____ C:\Users\user\Downloads\transactions (4).csv 2024-04-04 12:28 - 2024-04-04 12:28 - 000002185 _____ C:\Users\user\Downloads\5435 6830 0118 2093_transaction_04_04_2024.csv 2024-04-04 12:23 - 2024-04-04 12:23 - 000000881 _____ C:\Users\user\Downloads\CSVData (34).csv 2024-04-04 12:22 - 2024-04-04 12:22 - 000008579 _____ C:\Users\user\Downloads\CSVData.csv 2024-04-04 11:37 - 2024-04-06 14:44 - 000000000 ____D C:\Program Files\Mozilla Firefox 2024-04-04 08:48 - 2024-04-04 08:48 - 000000000 ____D C:\WINDOWS\system32\Tasks\GoogleSystem 2024-04-02 19:37 - 2024-04-02 19:37 - 000147763 _____ C:\Users\user\Downloads\invoice (24).pdf 2024-04-02 19:37 - 2024-04-02 19:37 - 000147680 _____ C:\Users\user\Downloads\invoice (23).pdf 2024-04-02 19:37 - 2024-04-02 19:37 - 000147668 _____ C:\Users\user\Downloads\invoice (22).pdf 2024-04-02 19:37 - 2024-04-02 19:37 - 000147651 _____ C:\Users\user\Downloads\invoice (26).pdf 2024-04-02 19:37 - 2024-04-02 19:37 - 000147575 _____ C:\Users\user\Downloads\invoice (21).pdf 2024-04-02 19:37 - 2024-04-02 19:37 - 000147320 _____ C:\Users\user\Downloads\invoice (25).pdf 2024-04-02 19:37 - 2024-04-02 19:37 - 000147244 _____ C:\Users\user\Downloads\invoice (17).pdf 2024-04-02 19:35 - 2024-04-02 19:35 - 000256942 _____ C:\Users\user\Downloads\origin-statement-2024-04-01.pdf 2024-03-28 10:42 - 2024-03-28 10:42 - 000000000 ____D C:\Users\user\AppData\Roaming\McAfee 2024-03-28 10:03 - 2024-04-08 17:37 - 004120032 _____ C:\WINDOWS\SysWOW64\AppRulesStorage-wal 2024-03-28 10:03 - 2024-04-07 14:27 - 000032768 _____ C:\WINDOWS\SysWOW64\DnsStorage-shm 2024-03-28 10:03 - 2024-04-07 14:27 - 000032768 _____ C:\WINDOWS\SysWOW64\AppRulesStorage-shm 2024-03-28 10:03 - 2024-04-05 09:17 - 000012288 _____ C:\WINDOWS\SysWOW64\AppRulesStorage 2024-03-28 10:03 - 2024-03-28 10:03 - 000012288 _____ C:\WINDOWS\SysWOW64\DnsStorage 2024-03-28 10:03 - 2024-03-28 10:03 - 000000000 _____ C:\WINDOWS\SysWOW64\DnsStorage-wal 2024-03-28 10:02 - 2024-03-28 10:02 - 000003384 _____ C:\WINDOWS\system32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} 2024-03-28 10:02 - 2024-03-28 10:02 - 000002428 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky.lnk 2024-03-28 10:02 - 2024-03-28 10:02 - 000002239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky VPN.lnk 2024-03-28 10:01 - 2024-03-28 10:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\K4W-21-16 2024-03-28 09:51 - 2024-03-28 09:52 - 004427640 _____ (Kaspersky) C:\Users\user\Downloads\startup (1).exe 2024-03-26 19:44 - 2024-04-07 10:42 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2024-03-26 19:44 - 2024-04-07 10:42 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2024-03-26 19:42 - 2024-03-26 19:42 - 001376816 _____ (Google LLC) C:\Users\user\Downloads\ChromeSetup(4).exe 2024-03-26 19:39 - 2024-03-26 19:39 - 001376816 _____ (Google LLC) C:\Users\user\Downloads\ChromeSetup(3).exe 2024-03-26 14:24 - 2024-03-26 14:24 - 002678917 _____ C:\Users\user\Desktop\Bus 2024.03.26.pdf 2024-03-26 12:36 - 2024-03-26 12:36 - 000446697 _____ C:\Users\user\Desktop\2024.03.26.pdf 2024-03-24 19:57 - 2024-03-24 19:57 - 000895217 _____ C:\Users\user\Downloads\8268696_6395.pdf 2024-03-24 19:53 - 2024-03-24 19:54 - 000981094 _____ C:\Users\user\Downloads\8268696_8298.pdf 2024-03-21 19:16 - 2024-03-21 19:16 - 000739828 _____ C:\Users\user\Downloads\Australia Post Motor Vehicle Insurance Reinstatement Pack - AP P MVP 7363980.pdf 2024-03-21 09:16 - 2024-03-21 09:16 - 000019530 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json 2024-03-21 09:15 - 2024-03-21 09:15 - 000019530 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json 2024-03-19 16:51 - 2024-03-19 16:51 - 000523402 _____ C:\Users\user\Downloads\Statement and Diagram Form.pdf 2024-03-18 11:37 - 2024-03-18 11:37 - 000134532 _____ C:\Users\user\Downloads\Waterproofing_Certficate.pdf 2024-03-18 11:22 - 2024-03-18 11:22 - 000124407 _____ C:\Users\user\Desktop\Rates.pdf 2024-03-18 10:50 - 2024-03-18 11:24 - 001244423 _____ C:\Users\user\Desktop\BA Lease.pdf 2024-03-18 10:30 - 2024-03-18 10:30 - 000042041 _____ C:\Users\user\Desktop\Payslip 2024.02.28.pdf 2024-03-18 10:29 - 2024-03-18 10:29 - 000041995 _____ C:\Users\user\Desktop\Payslip 2024.03.13.pdf 2024-03-17 15:47 - 2024-03-17 15:47 - 000023497 _____ C:\Users\user\Downloads\CSVData(4).csv 2024-03-17 15:45 - 2024-03-17 15:45 - 000002775 _____ C:\Users\user\Downloads\CSVData(3).csv 2024-03-17 15:17 - 2024-03-17 15:18 - 001376816 _____ (Google LLC) C:\Users\user\Downloads\ChromeSetup(2).exe 2024-03-17 15:17 - 2024-03-17 15:17 - 001376816 _____ (Google LLC) C:\Users\user\Downloads\ChromeSetup(1).exe 2024-03-17 15:08 - 2024-03-17 15:08 - 001376816 _____ (Google LLC) C:\Users\user\Downloads\ChromeSetup.exe 2024-03-11 14:49 - 2024-03-11 14:49 - 000096605 _____ C:\Users\user\Desktop\Rate Ursime.pdf 2024-03-11 12:56 - 2024-03-11 12:56 - 000203557 _____ C:\Users\user\Downloads\modr-2007en-f.pdf 2024-03-09 18:46 - 2024-03-09 18:46 - 000000726 _____ C:\Users\user\Downloads\CSVData (53).csv 2024-03-09 14:48 - 2024-03-09 14:48 - 000204421 _____ C:\Users\user\Downloads\eStatement_5435-68XX-XXXX-7867_2024-02-14.pdf ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2024-04-08 17:39 - 2019-12-07 19:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2024-04-08 17:34 - 2021-05-26 19:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2024-04-07 20:19 - 2021-06-13 19:46 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2024-04-07 14:32 - 2021-05-26 19:41 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2024-04-07 14:32 - 2019-12-07 19:13 - 000000000 ____D C:\WINDOWS\INF 2024-04-07 14:29 - 2021-05-27 09:56 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Excel 2024-04-07 14:27 - 2021-05-26 19:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2024-04-07 14:27 - 2021-05-26 19:33 - 000008192 ___SH C:\DumpStack.log.tmp 2024-04-07 14:27 - 2019-05-24 12:42 - 000000000 ____D C:\ProgramData\NVIDIA 2024-04-07 14:26 - 2020-12-16 08:24 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin 2024-04-07 14:26 - 2019-12-07 19:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2024-04-07 14:06 - 2022-08-06 17:20 - 000000000 ____D C:\Program Files (x86)\Freemake 2024-04-07 11:36 - 2019-12-07 19:14 - 000000000 ___HD C:\Program Files\WindowsApps 2024-04-07 11:36 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2024-04-07 11:08 - 2021-05-26 19:34 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2024-04-07 10:42 - 2023-09-15 09:17 - 000000000 ____D C:\WINDOWS\SystemTemp 2024-04-06 15:06 - 2022-02-18 10:23 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2024-04-06 15:04 - 2019-12-07 19:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2024-04-06 14:44 - 2021-07-06 14:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2024-04-06 14:42 - 2021-06-09 11:43 - 000000000 ____D C:\Users\user\AppData\LocalLow\Temp 2024-04-06 14:38 - 2019-12-07 19:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2024-04-06 14:29 - 2019-06-26 17:59 - 000000000 ____D C:\Users\user\AppData\Local\Packages 2024-04-05 12:12 - 2021-06-03 15:09 - 000000000 ____D C:\Users\user\Desktop\Ben 2024-04-05 11:22 - 2023-10-16 16:39 - 000000000 ___RD C:\Users\user\Desktop\214WA 2024-04-05 10:19 - 2021-05-25 13:16 - 000034304 _____ C:\Users\user\Desktop\CD.xlsx 2024-04-05 09:58 - 2021-05-26 19:39 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2024-04-05 09:58 - 2021-05-26 19:39 - 000003442 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d75212e6b1a7f0 2024-04-04 13:23 - 2021-07-06 14:35 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2024-04-04 08:49 - 2022-03-15 15:58 - 000000000 ____D C:\Program Files (x86)\Google 2024-04-04 08:48 - 2021-11-28 12:04 - 000001427 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grammarly.lnk 2024-04-04 08:48 - 2021-11-28 12:04 - 000000000 ____D C:\Users\user\AppData\Local\Grammarly 2024-04-01 12:38 - 2021-06-03 15:09 - 000000000 ____D C:\Users\user\Desktop\Ebay 2024-04-01 11:59 - 2024-02-05 17:38 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk 2024-04-01 11:59 - 2024-02-05 17:38 - 000002068 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk 2024-04-01 11:59 - 2021-05-27 12:51 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task 2024-03-31 09:45 - 2021-09-08 17:07 - 000000000 ____D C:\WINDOWS\Minidump 2024-03-28 10:55 - 2024-02-15 19:56 - 000000000 ____D C:\Users\user\Desktop\New folder 2024-03-28 10:55 - 2023-08-28 11:21 - 000000000 ____D C:\Users\user\Desktop\2023.08.28 - Phone 2024-03-28 10:55 - 2023-07-20 13:03 - 000000000 ____D C:\Users\user\Desktop\Transport NSW 2024-03-28 10:55 - 2022-09-20 14:17 - 000000000 ____D C:\Users\user\Desktop\Covid 2024-03-28 10:55 - 2021-11-27 14:18 - 000000000 ____D C:\Users\user\Desktop\La De'vine 2024-03-28 10:55 - 2021-10-03 07:33 - 000000000 ____D C:\Users\user\Desktop\Centrelink 2024-03-28 10:55 - 2021-06-18 19:35 - 000000000 ____D C:\Users\user\Desktop\CAE Devine Trust 2024-03-28 10:55 - 2021-06-11 15:36 - 000000000 ___RD C:\Users\user\Desktop\Devine Barrett Superfund 2024-03-28 10:55 - 2021-05-25 13:15 - 000000000 ___RD C:\Users\user\Desktop\6JACK 2024-03-28 10:46 - 2021-05-27 12:51 - 000000000 ____D C:\ProgramData\McAfee 2024-03-28 10:02 - 2021-05-26 14:26 - 000000000 ____D C:\Program Files\Common Files\AV 2024-03-28 10:02 - 2021-05-26 14:25 - 000000000 ____D C:\ProgramData\Kaspersky Lab 2024-03-28 10:02 - 2021-05-26 14:25 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab 2024-03-28 10:02 - 2019-12-07 19:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2024-03-28 09:52 - 2022-01-12 13:08 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2024-03-24 15:15 - 2021-05-26 14:34 - 000000000 ____D C:\WINDOWS\system32\MRT 2024-03-24 15:13 - 2021-05-26 14:34 - 190470136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2024-03-21 21:27 - 2021-05-26 19:33 - 000448752 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2024-03-21 21:26 - 2019-12-07 19:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2024-03-21 21:26 - 2019-12-07 19:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2024-03-21 21:26 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2024-03-21 21:26 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\SystemResources 2024-03-21 21:26 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2024-03-21 21:26 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2024-03-21 21:26 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\ShellExperiences 2024-03-21 21:26 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2024-03-21 21:26 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2024-03-21 21:26 - 2019-12-07 19:03 - 000000000 ____D C:\WINDOWS\servicing 2024-03-21 19:11 - 2023-08-13 13:34 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP 2024-03-21 19:11 - 2023-08-13 13:34 - 000000000 ____D C:\Program Files\HPPrintScanDoctor 2024-03-21 09:15 - 2021-05-26 19:38 - 003017216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2024-03-18 09:50 - 2022-09-14 16:16 - 000000000 ____D C:\Users\user\AppData\Roaming\com.adobe.dunamis 2024-03-17 13:23 - 2022-11-15 08:19 - 000000000 ____D C:\Program Files\RUXIM 2024-03-14 15:33 - 2019-05-25 05:32 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2024-03-14 10:01 - 2021-06-01 12:55 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Word 2024-03-12 19:39 - 2021-05-25 13:15 - 000000000 ____D C:\Users\user\Desktop\Money ==================== Files in the root of some directories ======== 2022-02-23 12:08 - 2024-02-05 17:32 - 000000205 _____ () C:\Users\user\AppData\Local\oobelibMkey.log ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================