Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    German authorities identify REvil and GangCrab ransomware bosses

Featured Deal: Protect up to 9 devices from ads and tracking for just $16 in this AdGuard deal

Latest Buyer's Guide:     Best VPNs in 2025

Generic User Avatar

Detected: Trojan Leonem

Started by Calyxes , Apr 27 2023 07:48 AM

  • This topic is locked This topic is locked
21 replies to this topic

#1 Calyxes

Calyxes

  • Avatar image
  • Members
  • 35 posts
  • OFFLINE
    •  

Posted 27 April 2023 - 07:48 AM

Hello. I kindly need of an assistance. Please guide me in removing a trojan named Leonem from my laptop. I really need yourhelp. I downloaded a software called VideoProd I think its supposedly to be a video editor or video converter, I think it was from that program so I uninstalled it but Microsoft Defender kept notifying me with Leonem virus. Please help and assist and guide me from removing it. Thank you.

BC AdBot (Login to Remove)

 

#2 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 62,345 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:36 PM

Posted 27 April 2023 - 08:07 AM

Greetings and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
  • It is important to not run any tools or take any steps other than those I will provide for you.
  • Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
  • Please copy and paste all logs into your post unless otherwise requested.
  • When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
  • If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for 64 bit systems and save it to your Desktop. <<< Important
  • If your computer language is other than English right click on the FRST64 icon and rename it to FRST64english
  • Right click on the icon and select Run as administrator
  • Note: If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of each report in separate reply windows
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST.txt
  • Addition.txt

Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come

#3 Calyxes

Calyxes
  • Topic Starter

  • Avatar image
  • Members
  • 35 posts
  • OFFLINE
    •  

Posted 27 April 2023 - 09:17 AM

Hello Gary..attached here are the documents that you requested, thank you so much for assisting me.

Attached Files


Edited by Calyxes, 27 April 2023 - 09:51 AM.

#4 Calyxes

Calyxes
  • Topic Starter

  • Avatar image
  • Members
  • 35 posts
  • OFFLINE
    •  

Posted 27 April 2023 - 10:04 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-04-2023
Ran by Windows10 (administrator) on QAWS-1232 (ASUSTeK COMPUTER INC. X555UB) (27-04-2023 21:51:22)
Running from C:\Users\Windows10\Desktop\FRST64english.exe
Loaded Profiles: Windows10
Platform: Microsoft Windows 10 Home Single Language Version 22H2 19045.2846 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ASUS Cloud Corporation -> ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.5.541\AsusWSPanel.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe ->) (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(C:\Users\Windows10\AppData\Roaming\uTorrent\uTorrent.exe ->) (BitTorrent Inc -> BitTorrent Inc.) C:\Users\Windows10\AppData\Roaming\uTorrent\helper\helper.exe
(C:\Windows\SysWOW64\esif_uf.exe ->) (Intel® Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxEM.exe
(explorer.exe ->) (Adobe Inc. -> Adobe Systems Inc.) [File not signed] C:\Program Files\Adobe\Acrobat DC\Acrobat\acrotray.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <13>
(explorer.exe ->) (Rainberry Inc -> BitTorrent Inc.) C:\Users\Windows10\AppData\Roaming\uTorrent\uTorrent.exe
(explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNMON.EXE
(explorer.exe ->) (Tonec Inc. -> Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.212\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.212\GoogleCrashHandler64.exe
(Lanzhou Itanium Software Technology Co., Ltd. -> Zbshareware Lab) C:\Program Files (x86)\USB Disk Security\USBGuard.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(services.exe ->) (ASUS Cloud Corporation) [File not signed] C:\Program Files (x86)\ASUS\WebStorage\2.2.5.541\AsusWSWinService.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_c2ac023763d5d3ad\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHeciSvc.exe
(services.exe ->) (Intel® Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(services.exe ->) (LAVASOFT SOFTWARE CANADA INC -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(services.exe ->) (Realtek Semiconductor Corp -> ) C:\Program Files (x86)\Realtek\Realtek Bluetooth Filter ONLY\BTDevMgr.exe
(services.exe ->) (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(svchost.exe ->) (ASUS) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(svchost.exe ->) (ASUSTek Computer Inc. -> ASUSTek Computer Inc) C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe <4>
(svchost.exe ->) (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.3261.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.3261.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(svchost.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (No File)
HKLM\...\Run: [UniConverterUpdateHelper] => C:\Program Files\Wondershare\UniConverter 14\WSVCUUpdateHelper.exe (No File)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrotray.exe [6607584 2022-03-07] (Adobe Inc. -> Adobe Systems Inc.) [File not signed]
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.5.541\ASUSWSLoader.exe [63272 2015-10-22] (ASUS Cloud Corporation -> )
HKLM-x32\...\Run: [USB Security] => C:\Program Files (x86)\USB Disk Security\USBGuard.exe [695528 2015-02-03] (Lanzhou Itanium Software Technology Co., Ltd. -> Zbshareware Lab)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (No File)
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\Run: [Chromium] => "c:\users\windows10\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session [1068544 2016-03-18] (The Chromium Authors) [File not signed]
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [8160856 2020-06-24] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft) <==== ATTENTION
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\Run: [EPSDNMON] => C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNMON.EXE [346712 2020-07-27] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\Run: [Discord] => C:\Users\Windows10\AppData\Local\Discord\app-0.0.307\Discord.exe (No File)
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\Run: [Spotify] => C:\Users\Windows10\AppData\Roaming\Spotify\Spotify.exe [20475256 2023-04-23] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\Run: [Adobe Reader Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" (No File)
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\Run: [Viber] => C:\Users\Windows10\AppData\Local\Viber\Viber.exe [60743376 2022-12-14] (Viber Media S.à r.l. -> Viber Media S.à r.l.)
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\Run: [QMxNetworkSync] => C:\Program Files\Common Files\MAGIX Services\Update Notifier\QMxNetworkSync.exe (No File)
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\Run: [NoxMultiPlayer] => "D:\Program Files\Nox\bin\MultiPlayerManager.exe" -startSource:auto_start (No File)
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\Run: [Netmarble Launcher] => "D:\Games\Ni no Kuni Cross Worlds\Netmarble Launcher.exe" (No File)
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\Run: [QNPlus] => [X]
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [5924104 2023-04-06] (Tonec Inc. -> Tonec Inc.)
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\Run: [com.messenger] => "C:\Users\Windows10\AppData\Local\Programs\Messenger\Messenger.exe" messenger://openAtLogin (No File)
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\Run: [MicrosoftEdgeAutoLaunch_CA2D0319CEF85F23FD2F5BC9EAF5B6BA] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4139968 2023-04-21] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe [1049608 2017-07-03] (ASUSTek Computer Inc. -> ASUSTek Computer Inc)
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\Policies\Explorer\DisallowRun: [1] irsetup.exe
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [5249688 2023-04-13] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [203936 2022-03-03] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\EPSON L210 Series 64MonitorBE: C:\Windows\system32\E_YLMI2E.DLL [120320 2015-01-14] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\...\Print\Monitors\EPSON L365 Series 64MonitorBE: C:\Windows\system32\E_YLMBNYE.DLL [180224 2014-03-05] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\112.0.5615.138\Installer\chrmstp.exe [2023-04-21] (Google LLC -> Google LLC)
IFEO\LogTransport2.exe: [Debugger] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2018-12-27]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {001E0777-ABAB-467C-B60A-FCCB9F6FC088} - System32\Tasks\Meta\Messenger-SL-Helper-S-1-5-21-1072221882-492732373-972231997-1001 => C:\Users\Windows10\AppData\Local\Programs\Messenger\MessengerHelper.exe [2161912 2023-04-25] (Facebook, Inc. -> Meta Platforms, Inc.)
Task: {049992B7-C7FE-4109-B953-29F677898297} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-06-14] (Google Inc -> Google LLC)
Task: {081B293B-DE7E-48FF-A24A-667B708FAB0E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MpCmdRun.exe [1645864 2023-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0B0DDDB6-E65E-47F8-8208-D5E92F405AB3} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2172344 2023-04-12] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {17E45D42-AB6C-465E-94F6-E58E37D5F8A8} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [55296 2015-08-26] (ASUS) [File not signed]
Task: {205A83F1-147D-4508-820F-1EA02E972B53} - System32\Tasks\Meta\Messenger-WSP-Helper-S-1-5-21-1072221882-492732373-972231997-1001 => C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1850.5.228.0_x64__8xx8rvfyw5nnt\app\MessengerHelper.exe [2161912 2023-04-26] (6E08453F-9BA7-4311-999C-D22FBA2FB1B8 -> )
Task: {29972FED-15B2-45E1-AE59-A920C0155074} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MpCmdRun.exe [1645864 2023-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3FD420BE-9961-43FF-8214-29A671C075D0} - System32\Tasks\ASUS\ASUS GIFTBOX => C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe [1049608 2017-07-03] (ASUSTek Computer Inc. -> ASUSTek Computer Inc)
Task: {5404DCB3-A950-484F-80A8-CB594D11AB8B} - System32\Tasks\Opera scheduled assistant Autoupdate 1644080022 => C:\Users\Windows10\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Windows10\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {544CE68C-2181-45CC-8043-56F6793A43A6} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16404224 2015-09-25] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {5450E5ED-A62A-4030-9C4E-19EFC513912E} - System32\Tasks\Microsoft\Office\Microsoft Office Touchless Attach Notification => C:\Program Files (x86)\Microsoft Office\Office15\FirstRun.exe [989864 2015-03-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {573891C8-C085-4B49-B007-663352E1068B} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [58832 2023-04-12] (HP Inc. -> HP Inc.)
Task: {5D400315-6495-493F-BB36-E16BE347D48A} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-09-25] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {655E6510-6F64-44FF-93BC-D89744204EBE} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [58832 2023-04-12] (HP Inc. -> HP Inc.)
Task: {6EA6BC80-678B-4ABF-94FE-08286556BE83} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1618080 2015-05-15] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) [File not signed]
Task: {6FC00065-4A94-4AAE-8F09-5B1FAB981F1F} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe (No File)
Task: {79DEC370-308D-43FC-8632-BD1E98B1A72C} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [19782224 2015-05-26] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {85802751-EA84-40B4-AF57-0FBC988DAF1F} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-11] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {87892EF2-14BA-49FE-B032-9BEFC8F23FE7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MpCmdRun.exe [1645864 2023-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9996AC96-4F66-44E8-A8D2-97BC237F942F} - System32\Tasks\HPCustParticipation HP Ink Tank Wireless 410 series => C:\Program Files\HP\HP Ink Tank Wireless 410 series\Bin\HPCustPartic.exe [6660768 2021-11-18] (HP Inc. -> HP Inc.)
Task: {9ABC1F7D-0E2B-4D9E-AC8A-D45DBBC706F2} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [718752 2023-04-19] (Mozilla Corporation -> Mozilla Foundation)
Task: {B1F3D2C2-9991-4161-97F6-5684DCFD3140} - System32\Tasks\Opera scheduled Autoupdate 1644079984 => C:\Users\Windows10\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {BC69AB3D-3795-4895-8A20-C2D9AAB24208} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [149712 2021-10-14] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
Task: {D5199CB7-B39C-48A7-9412-BD4CE4C1C2E9} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [676768 2023-04-19] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {DD1C90BC-1C3B-40BA-862E-2C69771F77C7} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {E6B65E47-D28C-4C58-9796-32E1E6EB3A4D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MpCmdRun.exe [1645864 2023-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EE04DA2D-8F66-4EAA-BB4C-46103E7D8E98} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-11] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {F253DB3A-11A5-44B8-9E0A-A9B95EDA10DC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-06-14] (Google Inc -> Google LLC)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{86ccd9dd-bee8-4d9e-a6a7-e53221fd3742}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8f6af17d-b73c-4331-bcbf-36835a42bd33}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a830d942-0000-4061-ae87-599dfea2b695}: [DhcpNameServer] 114.108.193.201 114.108.195.1
Tcpip\..\Interfaces\{c644b896-b755-432c-8fcb-80c9128d6bd5}: [DhcpNameServer] 114.108.193.201 114.108.195.1
Tcpip\..\Interfaces\{d7f4c1cd-b1d3-4d00-b7ed-96ea464c36d2}: [DhcpNameServer] 114.108.193.201 114.108.195.1
 
Edge: 
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Windows10\AppData\Local\Microsoft\Edge\User Data\Default [2023-04-27]
Edge Extension: (Edge relevant text changes) - C:\Users\Windows10\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-04-24]
Edge HKU\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx [2023-04-06]
 
FireFox:
========
FF DefaultProfile: v0ubdfm9.default
FF ProfilePath: C:\Users\Windows10\AppData\Roaming\Mozilla\Firefox\Profiles\v0ubdfm9.default [2023-04-09]
FF NewTab: Mozilla\Firefox\Profiles\v0ubdfm9.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__180211
FF Extension: (IDM Integration Module) - C:\Users\Windows10\AppData\Roaming\Mozilla\Firefox\Profiles\v0ubdfm9.default\Extensions\mozilla_cc3@internetdownloadmanager.com.xpi [2023-03-28]
FF Extension: (Greasemonkey) - C:\Users\Windows10\AppData\Roaming\Mozilla\Firefox\Profiles\v0ubdfm9.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2018-05-24]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2021-02-01]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2020-08-13] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Windows10\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Windows10\AppData\Roaming\IDM\idmmzcc5 [2022-10-11] [Legacy] [not signed]
FF HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-03-03] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [No File]
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-19] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-19] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-19] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-19] (VideoLAN -> VideoLAN)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin HKU\S-1-5-21-1072221882-492732373-972231997-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin HKU\S-1-5-21-1072221882-492732373-972231997-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin HKU\S-1-5-21-1072221882-492732373-972231997-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default [2023-03-24]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-03-24]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2023-03-24]
CHR Extension: (Google Docs Offline) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-03-10]
CHR Extension: (IDM Integration Module) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2023-03-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-03-10]
CHR Profile: C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-03-11]
CHR Profile: C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-04-27]
CHR HomePage: Profile 1 -> hxxps://ph.search.yahoo.com/?type=407453&fr=yo-yhp-ch
CHR StartupUrls: Profile 1 -> "hxxps://ph.search.yahoo.com/?type=407453&fr=yo-yhp-ch","hxxp://www.google.com/"
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2023-03-23]
CHR Extension: (Google Docs Offline) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-04-20]
CHR Extension: (Cisco Webex Extension) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2023-03-10]
CHR Extension: (IDM Integration Module) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2023-03-10]
CHR Extension: (MetaMask) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2023-04-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-03-10]
CHR Profile: C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 13 [2022-08-11]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-08-11]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-08-11]
CHR Extension: (Google Docs Offline) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-08-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-02-06]
CHR Profile: C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 14 [2022-10-27]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 14\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-10-27]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 14\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-10-02]
CHR Extension: (Google Docs Offline) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 14\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-10-02]
CHR Extension: (IDM Integration Module) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 14\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2022-10-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 14\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-10-10]
CHR Profile: C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 15 [2022-11-30]
CHR Notifications: Profile 15 -> hxxps://www.facebook.com
CHR DefaultSearchURL: Profile 15 -> hxxps://search.yahoo.com/search?fr=mcafee&type=E210US91215G0&p={searchTerms}
CHR DefaultSearchKeyword: Profile 15 -> McAfee
CHR DefaultSuggestURL: Profile 15 -> hxxps://us.search.yahoo.com/sugg/gossip/gossip-us-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 15\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-11-29]
CHR Extension: (Google Docs Offline) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 15\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-11-17]
CHR Extension: (IDM Integration Module) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 15\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2022-11-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 15\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-11-17]
CHR Profile: C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18 [2023-03-07]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-03-07]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2023-03-07]
CHR Extension: (Google Docs Offline) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-03-07]
CHR Extension: (IDM Integration Module) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2023-03-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-03-07]
CHR Profile: C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 3 [2022-06-27]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-06-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-06-26]
CHR Profile: C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 4 [2023-03-10]
CHR Notifications: Profile 4 -> hxxps://en.pixiz.com; hxxps://ethlas.com; hxxps://g4news.biz; hxxps://meet.google.com; hxxps://pomodoro-tracker.com; hxxps://pomodorotimer.online; hxxps://pomofocus.io; hxxps://prcboard.iz.do; hxxps://ro03.biz; hxxps://sload.su
CHR HomePage: Profile 4 -> hxxps://ph.search.yahoo.com/?type=407453&fr=yo-yhp-ch
CHR StartupUrls: Profile 4 -> "hxxps://ph.search.yahoo.com/?type=407453&fr=yo-yhp-ch","hxxp://www.google.com/"
CHR DefaultSearchURL: Profile 4 -> hxxps://search.yahoo.com/search?fr=mcafee&type=E210US91215G0&p={searchTerms}
CHR DefaultSearchKeyword: Profile 4 -> mcafee
CHR DefaultSuggestURL: Profile 4 -> hxxps://us.search.yahoo.com/sugg/gossip/gossip-us-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
CHR Extension: (Butterfly theme) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\dojfkhhdalcndhdcfhpbjidpcjdidegd [2020-10-03]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-02-27]
CHR Extension: (Google Docs Offline) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-02-15]
CHR Extension: (Coinbase Wallet extension) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\hnfanknocfeofbddgcijnmhnfnkdnaad [2023-03-10]
CHR Extension: (Cisco Webex Extension) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2022-07-22]
CHR Extension: (IDM Integration Module) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2022-10-11]
CHR Extension: (MetaMask) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2023-02-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Profile: C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 5 [2021-08-27]
CHR Extension: (Slides) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-03-08]
CHR Extension: (Docs) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aohghmighlieiainnegkcijnfilokake [2021-03-08]
CHR Extension: (Google Drive) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-03-08]
CHR Extension: (YouTube) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-03-08]
CHR Extension: (Adobe Acrobat) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-03-08]
CHR Extension: (Sheets) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-03-08]
CHR Extension: (Google Docs Offline) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-08]
CHR Extension: (Gmail) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-03-08]
CHR Extension: (Chrome Media Router) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-08-27]
CHR Profile: C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 6 [2021-06-03]
CHR Extension: (Slides) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-04-12]
CHR Extension: (Docs) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\aohghmighlieiainnegkcijnfilokake [2021-04-12]
CHR Extension: (Google Drive) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-04-12]
CHR Extension: (YouTube) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-04-12]
CHR Extension: (Adobe Acrobat) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-04-12]
CHR Extension: (Sheets) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-04-12]
CHR Extension: (Google Docs Offline) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-02]
CHR Extension: (IDM Integration Module) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2021-06-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-12]
CHR Extension: (Gmail) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-04-12]
CHR Extension: (Chrome Media Router) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-02]
CHR Profile: C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 7 [2021-07-30]
CHR Extension: (Slides) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-04-12]
CHR Extension: (Docs) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\aohghmighlieiainnegkcijnfilokake [2021-04-12]
CHR Extension: (Google Drive) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-04-12]
CHR Extension: (YouTube) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-04-12]
CHR Extension: (Adobe Acrobat) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-04-12]
CHR Extension: (Sheets) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-04-12]
CHR Extension: (Google Docs Offline) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-12]
CHR Extension: (Gmail) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-04-12]
CHR Extension: (Chrome Media Router) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-30]
CHR Profile: C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 8 [2022-02-26]
CHR Extension: (Slides) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-07-30]
CHR Extension: (Docs) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\aohghmighlieiainnegkcijnfilokake [2021-07-30]
CHR Extension: (Google Drive) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-07-30]
CHR Extension: (YouTube) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-07-30]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-02-26]
CHR Extension: (Sheets) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-07-30]
CHR Extension: (Google Docs Offline) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-02-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-07-30]
CHR Extension: (Gmail) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-07-30]
CHR Profile: C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 9 [2022-08-11]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-08-11]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-08-11]
CHR Extension: (Google Docs Offline) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-08-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-08-13]
CHR Profile: C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\System Profile [2023-03-11]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2023-04-06]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2023-04-06]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-04-03] (Adobe Inc. -> Adobe Inc.)
S4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.5.541\AsusWSWinService.exe [75264 2015-10-22] (ASUS Cloud Corporation) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth Filter ONLY\BTDevMgr.exe [121560 2015-07-21] (Realtek Semiconductor Corp -> )
S3 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [326032 2018-06-05] (ASUSTeK Computer Inc. -> )
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [685496 2020-08-06] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [229328 2023-04-12] (HP Inc. -> HP Inc.)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-20] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-20] () [File not signed]
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [856472 2023-04-06] (McAfee, LLC -> McAfee, LLC)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4362656 2016-02-24] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12720144 2020-11-19] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [29272 2020-06-24] (LAVASOFT SOFTWARE CANADA INC -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\NisSrv.exe [3228400 2023-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MsMpEng.exe [133536 2023-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 rsAssistant; C:\Program Files\RAVAntivirus\rsAssistant.exe [X]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R2 ASMMAP64; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [18048 2015-05-09] (Microsoft Windows Hardware Compatibility Publisher -> ASUS)
R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-09] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32696 2020-11-19] (ASUSTek Computer Inc. -> ASUS)
R2 IDMWFP; C:\WINDOWS\system32\DRIVERS\idmwfp.sys [171512 2023-02-15] (Microsoft Windows Hardware Compatibility Publisher -> Tonec Inc.)
R3 MpKsl9ef31d60; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C5F554B6-44FF-4C51-A17A-4876632343E4}\MpKslDrv.sys [211208 2023-04-27] (Microsoft Windows -> Microsoft Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2023-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [497920 2023-04-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99608 2023-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [2522256 2022-06-20] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 MpKsl72edc48c; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F5BFF280-4238-4A22-86A6-51970BBD54E1}\MpKslDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-04-28 11:54 - 2023-04-28 11:54 - 097255424 _____ C:\WINDOWS\system32\config\SOFTWARE
2023-04-28 11:39 - 2023-04-28 11:54 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2023-04-27 21:51 - 2023-04-27 21:56 - 000050213 _____ C:\Users\Windows10\Desktop\FRST.txt
2023-04-27 21:49 - 2023-04-27 21:54 - 000000000 ____D C:\FRST
2023-04-27 21:12 - 2023-04-27 21:13 - 002382336 _____ (Farbar) C:\Users\Windows10\Desktop\FRST64english.exe
2023-04-27 19:06 - 2023-04-27 19:06 - 000001147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoProc.lnk
2023-04-27 19:06 - 2023-04-27 19:06 - 000000000 ____D C:\Users\Windows10\AppData\Roaming\Digiarty
2023-04-27 19:04 - 2023-04-27 19:34 - 000000000 ____D C:\Program Files (x86)\VideoProc
2023-04-27 19:04 - 2023-04-27 19:04 - 000000000 ____D C:\ProgramData\CyberMania
2023-04-27 11:46 - 2023-04-27 11:46 - 932304096 _____ C:\Users\Windows10\Downloads\drive-download-20230427T034206Z-001.zip
2023-04-24 19:46 - 2023-04-24 19:46 - 000504993 _____ C:\Users\Windows10\Documents\grade 7 grade.pdf
2023-04-24 15:43 - 2023-04-24 15:43 - 000001272 _____ C:\Users\Windows10\Desktop\Telegram.lnk
2023-04-23 20:35 - 2023-04-23 20:35 - 000002086 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2023-04-23 20:35 - 2023-04-23 20:35 - 000002075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2023-04-19 07:12 - 2023-04-27 13:03 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2023-04-18 01:01 - 2023-04-18 01:01 - 000000000 ____D C:\Program Files\chrome_BITS_11780_225505632
2023-04-18 00:25 - 2023-04-18 00:27 - 000000000 ____D C:\ProgramData\GraphicsType14
2023-04-18 00:23 - 2023-04-18 00:38 - 000000000 ____D C:\Users\Windows10\AppData\Roaming\Wondershare
2023-04-18 00:20 - 2023-04-18 01:00 - 000000000 ____D C:\Program Files\Wondershare
2023-04-17 13:15 - 2023-04-17 13:15 - 000609280 _____ C:\Users\Windows10\Documents\CYTOPHYSIOLOGY.ppt
2023-04-15 21:00 - 2023-04-15 21:00 - 000000000 ____D C:\Users\Windows10\Downloads\PATHOMA Lecture Videos
2023-04-15 15:06 - 2023-04-15 15:06 - 000001131 _____ C:\Users\Windows10\Desktop\Movavi Screen Recorder 23.lnk
2023-04-14 21:30 - 2023-04-14 21:35 - 1127441249 _____ C:\Users\Windows10\Downloads\Robbins and Cotran Pathologic Basis of Disease_jp2.zip
2023-04-13 09:25 - 2023-04-13 09:25 - 000000000 ___HD C:\$WinREAgent
2023-04-11 22:52 - 2023-04-11 22:52 - 000000000 ____D C:\Users\Windows10\Downloads\Audiobook Mafia Romance
2023-04-09 15:46 - 2023-04-10 02:31 - 000000000 ____D C:\Users\Windows10\Desktop\Her Yerde Sen
2023-03-31 13:54 - 2023-03-31 13:54 - 000000000 _____ C:\WINDOWS\Minidump\033123-75906-01.dmp
2023-03-31 09:31 - 2023-03-31 09:31 - 000000000 ____D C:\Users\Windows10\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2023-03-30 04:42 - 2023-04-18 18:38 - 000000000 ____D C:\Users\Windows10\Desktop\RANDOM FILES
2023-03-29 23:11 - 2023-03-29 23:11 - 000000000 ___RD C:\Users\Windows10\Documents\Scanned Documents
2023-03-29 23:11 - 2023-03-29 23:11 - 000000000 ____D C:\Users\Windows10\Documents\Fax
2023-03-29 17:44 - 2023-03-29 17:44 - 000115054 _____ C:\Users\Windows10\Downloads\ACFrOgCb-M4yzeZPM_JgfyfQIENRK1ews6Z5QsN6etdoM6wlh9722NeFmOCTtEFfqT1T-WSfB_rTDYYzPrh4zNQ33Yhz2IsU4KZ6_W3zpns5WehZ2UeMQZwV_8EcGEtSSeQiw0xisILNM5d9ZFVg_2.pdf
2023-03-29 17:43 - 2023-03-29 17:43 - 000115054 _____ C:\Users\Windows10\Downloads\ACFrOgCb-M4yzeZPM_JgfyfQIENRK1ews6Z5QsN6etdoM6wlh9722NeFmOCTtEFfqT1T-WSfB_rTDYYzPrh4zNQ33Yhz2IsU4KZ6_W3zpns5WehZ2UeMQZwV_8EcGEtSSeQiw0xisILNM5d9ZFVg.pdf
2023-03-29 15:18 - 2023-03-29 15:18 - 000036882 _____ C:\Users\Windows10\Downloads\Gmail - Fwd_ BDO Online Banking - Send Money to any BDO Account.pdf
2023-03-29 15:18 - 2023-03-29 15:18 - 000036855 _____ C:\Users\Windows10\Downloads\Gmail - Fwd_ BDO Online Banking - Send Money to any BDO Account(1).pdf
2023-03-29 15:12 - 2023-03-29 15:12 - 000197184 _____ C:\Users\Windows10\Downloads\ACFrOgD_VRRR0wRy8pJG-gSPcntlaE-HIeY1URVN4Isiq_antjOxU8PvqC0y_gOwfA4nVDCTOvlPCuq_PGDTiXsZDkKEsZbpRkOKYGyZunjZe1MRYoh78iEx_THFs2M=.pdf
2023-03-28 21:06 - 2023-03-28 21:06 - 000081291 _____ C:\Users\Windows10\Downloads\dropboxconfirmation.pdf
2023-03-28 21:04 - 2023-03-28 21:04 - 000229216 _____ C:\Users\Windows10\Downloads\dropboxconfirmation dominic leyson march 2023.pdf
2023-03-28 18:11 - 2023-03-28 18:11 - 007469722 _____ C:\Users\Windows10\Downloads\KaplanAnatomyColoringBook.pdf
2023-03-28 17:38 - 2023-03-28 17:38 - 004377019 _____ C:\Users\Windows10\Downloads\Anatomy Coloring Workbook ( PDFDrive ).pdf
2023-03-28 15:28 - 2023-03-28 15:28 - 000058546 _____ C:\Users\Windows10\Downloads\ACFrOgD_xcMgSODP5YSAPEwhmnZN0hhepaMyMRzAIRongjehc8k4m6RvByKb1DlozDbSEvL2Gvq6dNUEY2JZo21XBTM6fbrCMZUHWXviH_uq8RhUktODDKCkCjjLOvU=.pdf
2023-03-28 15:25 - 2023-03-28 15:26 - 007469722 _____ C:\Users\Windows10\Downloads\anatomycoloringbook[1].pdf
2023-03-28 15:09 - 2023-03-28 15:09 - 008121007 _____ C:\Users\Windows10\Downloads\https___onlineservices.dmw.gov.ph_OnlineServices_Main_PrintResume(2).pdf
2023-03-28 10:29 - 2023-03-28 10:29 - 000002276 _____ C:\Users\Windows10\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-04-27 22:00 - 2018-02-11 23:30 - 000000000 ____D C:\Users\Windows10\AppData\Roaming\uTorrent
2023-04-27 21:49 - 2020-08-25 02:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-04-27 21:24 - 2019-12-07 17:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-04-27 21:24 - 2016-08-27 10:46 - 000000000 ____D C:\Program Files (x86)\Google
2023-04-27 20:18 - 2016-04-20 11:26 - 000000165 _____ C:\Users\Windows10\AppData\Roaming\sp_data.sys
2023-04-27 20:09 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-04-27 20:07 - 2019-04-29 09:33 - 000000000 ____D C:\Users\Windows10\AppData\Local\BitTorrentHelper
2023-04-27 20:06 - 2023-02-10 22:20 - 000000000 ____D C:\Users\Windows10\AppData\Roaming\Messenger
2023-04-27 20:06 - 2021-07-04 00:43 - 000000000 ____D C:\Users\Windows10\AppData\Local\Messenger
2023-04-27 20:04 - 2016-04-20 11:28 - 000000000 ___RD C:\Users\Windows10\OneDrive
2023-04-27 20:00 - 2016-04-20 11:24 - 000000000 __SHD C:\Users\Windows10\IntelGraphicsProfiles
2023-04-27 19:57 - 2020-08-25 02:39 - 000853712 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-04-27 19:57 - 2016-09-14 23:55 - 000000000 ____D C:\ProgramData\NVIDIA
2023-04-27 19:56 - 2020-04-11 18:11 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2023-04-27 19:55 - 2020-08-25 03:14 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-04-27 19:55 - 2020-08-25 02:39 - 000008192 ___SH C:\DumpStack.log.tmp
2023-04-27 19:55 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\ServiceState
2023-04-27 19:55 - 2016-04-20 10:17 - 000000000 ___HD C:\Intel
2023-04-27 19:38 - 2019-12-07 17:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-04-27 16:20 - 2020-08-25 03:14 - 000004172 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{86D26616-9BF8-40DE-AD3B-FA47FD34F641}
2023-04-27 10:27 - 2016-10-17 23:50 - 000000000 ____D C:\Users\Windows10\AppData\Roaming\Microsoft\Word
2023-04-27 09:45 - 2023-02-10 22:19 - 000002347 _____ C:\Users\Windows10\Desktop\Messenger.lnk
2023-04-27 09:43 - 2021-12-14 19:36 - 000003584 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1072221882-492732373-972231997-1001
2023-04-27 09:43 - 2020-08-25 03:14 - 000003372 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1072221882-492732373-972231997-1001
2023-04-27 09:42 - 2020-08-25 02:44 - 000002393 _____ C:\Users\Windows10\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-04-26 17:27 - 2019-12-07 17:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-04-26 07:19 - 2020-08-25 03:14 - 000003714 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2023-04-26 07:19 - 2020-08-25 03:14 - 000003590 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2023-04-25 23:02 - 2018-11-04 21:02 - 000000000 ____D C:\Users\Windows10\AppData\Local\D3DSCache
2023-04-25 22:57 - 2016-09-10 13:08 - 000000000 ____D C:\Users\Windows10\AppData\Roaming\vlc
2023-04-25 22:38 - 2022-10-11 16:20 - 000000000 ____D C:\Users\Windows10\AppData\Roaming\DMCache
2023-04-24 18:18 - 2021-04-09 18:18 - 000000000 ____D C:\Users\Windows10\Downloads\Telegram Desktop
2023-04-23 20:31 - 2021-09-28 11:32 - 000000000 ____D C:\Program Files\Common Files\Adobe
2023-04-23 20:28 - 2016-11-01 14:01 - 000000000 ____D C:\ProgramData\Adobe
2023-04-23 19:04 - 2020-08-25 02:44 - 000000000 ____D C:\Users\Windows10
2023-04-23 18:52 - 2016-11-01 14:02 - 000000000 ____D C:\Program Files (x86)\Adobe
2023-04-23 18:45 - 2017-12-08 23:37 - 000000000 ____D C:\Users\Windows10\AppData\Local\Packages
2023-04-23 18:26 - 2020-06-10 11:53 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-04-23 18:26 - 2020-06-10 11:53 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-04-23 18:22 - 2016-11-01 14:00 - 000000000 ____D C:\Users\Windows10\AppData\Local\Adobe
2023-04-23 17:11 - 2016-10-17 18:18 - 000000000 ____D C:\Users\Windows10\AppData\Roaming\Microsoft\PowerPoint
2023-04-23 09:11 - 2019-06-28 18:56 - 000000000 ____D C:\Users\Windows10\AppData\Local\Spotify
2023-04-23 09:11 - 2019-06-28 18:55 - 000000000 ____D C:\Users\Windows10\AppData\Roaming\Spotify
2023-04-21 19:21 - 2019-06-14 20:16 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-04-21 19:21 - 2019-06-14 20:16 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-04-21 18:52 - 2020-08-25 03:04 - 001102480 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-04-20 08:34 - 2016-04-20 11:24 - 000000000 ___SD C:\Users\Windows10\AppData\Roaming\Microsoft\Credentials
2023-04-19 08:59 - 2016-08-27 11:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-04-19 08:58 - 2016-08-27 11:18 - 000001230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-04-18 01:02 - 2020-08-24 00:40 - 000000000 ____D C:\Users\Windows10\AppData\Local\Wondershare
2023-04-18 01:00 - 2020-08-24 00:42 - 000000000 ____D C:\ProgramData\Wondershare
2023-04-18 00:59 - 2022-02-05 21:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2023-04-15 10:06 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2023-04-15 09:22 - 2019-12-07 17:13 - 000000000 ____D C:\WINDOWS\INF
2023-04-13 12:19 - 2022-10-11 16:18 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
2023-04-13 12:16 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-04-13 12:16 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-04-13 12:16 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-04-13 12:16 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-04-13 12:16 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-04-13 12:15 - 2019-12-07 17:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-04-13 12:15 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2023-04-13 12:15 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-04-13 12:15 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2023-04-13 12:15 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-04-13 12:15 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-04-13 10:54 - 2019-12-07 17:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-04-13 10:37 - 2020-08-25 02:44 - 003015680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-04-13 09:20 - 2016-08-30 15:00 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-04-13 08:53 - 2022-10-11 16:20 - 000000000 ____D C:\Users\Windows10\AppData\Roaming\IDM
2023-04-13 08:49 - 2016-08-30 15:00 - 156112424 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-04-12 16:10 - 2016-11-21 11:19 - 000000000 ____D C:\Users\Windows10\AppData\LocalLow\Mozilla
2023-04-12 15:08 - 2018-10-31 10:40 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-04-12 07:00 - 2021-10-20 16:34 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2023-04-12 07:00 - 2021-08-31 16:24 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2023-04-06 20:57 - 2016-09-09 10:57 - 000000000 ____D C:\Users\Windows10\AppData\Local\ElevatedDiagnostics
2023-04-06 08:47 - 2020-08-25 03:14 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-04-06 08:47 - 2020-08-25 03:14 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-03-31 13:54 - 2022-09-24 03:15 - 1057237659 _____ C:\WINDOWS\MEMORY.DMP
2023-03-31 13:46 - 2018-12-20 23:27 - 000000000 ____D C:\Users\Windows10\AppData\Local\PlaceholderTileLogoFolder
2023-03-31 09:31 - 2021-02-01 06:04 - 000001945 _____ C:\Users\Windows10\Desktop\Zoom.lnk
2023-03-31 09:31 - 2016-10-04 22:27 - 000000000 ____D C:\Users\Windows10\AppData\Roaming\Zoom
2023-03-29 08:33 - 2022-03-11 23:55 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2023-03-28 12:13 - 2022-02-06 00:54 - 000000000 ____D C:\Users\Windows10\AppData\Local\Opera Software
2023-03-28 12:13 - 2022-02-06 00:52 - 000000000 ____D C:\Users\Windows10\AppData\Roaming\Opera Software
2023-03-28 10:29 - 2022-03-12 21:06 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
 
==================== Files in the root of some directories ========
 
2021-05-30 12:51 - 2021-05-30 13:45 - 000000015 _____ () C:\Users\Windows10\AppData\Roaming\obs-virtualcam.txt
2016-04-20 11:26 - 2023-04-27 20:18 - 000000165 _____ () C:\Users\Windows10\AppData\Roaming\sp_data.sys
2016-08-28 23:50 - 2016-09-03 00:50 - 000000063 _____ () C:\Users\Windows10\AppData\Roaming\WB.CFG
2022-03-09 01:05 - 2022-03-09 01:05 - 000000000 _____ () C:\Users\Windows10\AppData\Local\oobelibMkey.log
2020-12-08 21:27 - 2020-12-08 21:27 - 000016438 _____ () C:\Users\Windows10\AppData\Local\partner.bmp
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-04-2023
Ran by Windows10 (27-04-2023 22:02:15)
Running from C:\Users\Windows10\Desktop
Microsoft Windows 10 Home Single Language Version 22H2 19045.2846 (X64) (2020-08-24 19:16:13)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1072221882-492732373-972231997-500 - Administrator - Disabled)
angel (S-1-5-21-1072221882-492732373-972231997-1002 - Limited - Disabled)
DefaultAccount (S-1-5-21-1072221882-492732373-972231997-503 - Limited - Disabled)
Guest (S-1-5-21-1072221882-492732373-972231997-501 - Limited - Disabled)
rylai (S-1-5-21-1072221882-492732373-972231997-1003 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1072221882-492732373-972231997-504 - Limited - Disabled)
Windows10 (S-1-5-21-1072221882-492732373-972231997-1001 - Administrator - Enabled) => C:\Users\Windows10
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\uTorrent) (Version: 3.6.0.46738 - BitTorrent Inc.)
Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1033-FFFF-7760-BC15014EA700}) (Version: 22.001.20085 - Adobe)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601047}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Anki (HKLM-x32\...\Anki) (Version: 2.1.60 - )
ASUS Device Activation (HKLM-x32\...\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}) (Version: 1.0.4.0 - ASUSTeK COMPUTER INC.)
ASUS GIFTBOX (HKLM-x32\...\ASUS GIFTBOX) (Version: 7.5.24 - ASUSTek Computer Inc)
ASUS HiPost (HKLM-x32\...\{04768366-F421-4BA5-8423-B84F644B5249}) (Version: 1.0.6 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.6.15 - ASUSTeK COMPUTER INC.)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.13.0004 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0040 - ASUS)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.2 - ASUSTek Computer Inc.)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.83.0000 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson L380 User’s Guide (HKLM-x32\...\UsersGuideEpson L380 User’s Guide_is1) (Version: 1.0 - Epson America, Inc.)
Epson Software Updater (HKLM-x32\...\{2359E008-3C32-45B9-B984-39D46CDCA47B}) (Version: 4.6.0 - Seiko Epson Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 112.0.5615.138 - Google LLC)
HP Dropbox Plugin (HKLM-x32\...\{B9A026DA-577F-46D9-B8D6-45888ED06594}) (Version: 36.0.175.0 - HP)
HP EmailSMTP Plugin (HKLM-x32\...\{5485CF4A-7C94-48D7-9507-87A5E1CADEEC}) (Version: 43.0.175.0 - HP)
HP FTP Plugin (HKLM-x32\...\{6CE10FDB-23CC-44E7-A1CE-4029A867A469}) (Version: 43.0.175.0 - HP)
HP Google Drive Plugin (HKLM-x32\...\{F108E43B-67B6-437E-835A-6CEB65CBAD53}) (Version: 36.0.175.0 - HP)
HP Ink Tank Wireless 410 series Basic Device Software (HKLM\...\{FEDFCB8F-3ACE-4E2B-AE90-6A44592FF85B}) (Version: 45.4.2608.21322 - HP Inc.)
HP Ink Tank Wireless 410 series Help (HKLM-x32\...\{A5ED62DF-A160-44AF-955D-560DFED9DFA3}) (Version: 44.0.0 - HP)
HP OneDrive Plugin (HKLM-x32\...\{56C20798-7386-45EC-86C4-A49FF09F81F3}) (Version: 36.0.175.0 - HP)
HP SFTP Plugin (HKLM-x32\...\{6E9B2B7C-1701-4DD3-80F7-B45ECA565DF9}) (Version: 43.0.175.0 - HP)
HP SharePoint Plugin (HKLM-x32\...\{9919E94A-45EC-4983-9D15-16B05873C854}) (Version: 43.0.175.0 - HP)
ImTOO MP4 to MP3 Converter 6 (HKLM-x32\...\ImTOO MP4 to MP3 Converter 6) (Version: 6.8.0.1101 - ImTOO)
Intel® Chipset Device Software (HKLM\...\{8E2CA9DC-9975-468F-90CF-C740109DD2B8}) (Version: 10.1.1.11 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{a2d9fda8-65eb-4c06-81ef-31e0a4daa335}) (Version: 10.1.1.11 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{5BD7E621-9791-4D9F-A620-1BA51153B749}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{A53B7EAB-86BD-4F16-8C44-011B1376326A}) (Version: 11.0.0.1162 - Intel Corporation) Hidden
Intel® ME UninstallLegacy (HKLM\...\{555B1C57-E71B-4775-BC1D-627EEF693F0D}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 26.20.100.7325 - Intel Corporation)
Intel® Serial IO (HKLM\...\{30E935B2-0DAC-455E-AC76-3C8504DC3D18}) (Version: 30.100.1519.07 - Intel Corporation) Hidden
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{7D84E343-A23D-451C-B123-0195B2D903A6}) (Version: 1.42.17.0 - Intel Corporation) Hidden
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: 6.41.11 - Tonec Inc.)
Messenger (HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 185.0.468743899 - Facebook, Inc.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 112.0.1722.58 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 112.0.1722.58 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (HKLM\...\{90140000-0015-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (HKLM\...\{90140000-0117-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (HKLM\...\{90140000-0016-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (HKLM\...\{90140000-00BA-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (HKLM\...\{90140000-0044-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (HKLM\...\{90140000-00A1-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (HKLM\...\{90140000-002C-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (HKLM\...\{90140000-0019-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (HKLM\...\{90140000-0043-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (HKLM\...\{90140000-006E-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (HKLM\...\{90140000-0115-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (HKLM\...\{90140000-001B-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\OneDriveSetup.exe) (Version: 23.076.0409.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{89581302-705F-42C5-99B0-E368A845DAD5}) (Version: 3.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23918 (HKLM-x32\...\{BD9CFD69-EB91-354E-9C98-D439E6091932}) (Version: 14.0.23918 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23918 (HKLM-x32\...\{B5FC62F5-A367-37A5-9FD2-A6E137C0096F}) (Version: 14.0.23918 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29112 (HKLM-x32\...\{0f770e99-3916-4b0c-8f9b-83822826bcbf}) (Version: 14.27.29112.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.27.29112 (HKLM\...\{1B4EDD59-90CE-4BDE-8520-630981088165}) (Version: 14.27.29112 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.27.29112 (HKLM\...\{37BB1766-C587-49AE-B2DB-618FBDEAB88C}) (Version: 14.27.29112 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Movavi Screen Recorder 23 (HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\Movavi Screen Recorder 23) (Version: 23.1.0 - Movavi)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 112.0.1 (x64 en-US)) (Version: 112.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 112.0.1.8504 - Mozilla)
NVIDIA Graphics Driver 388.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.73 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Product Improvement Study for HP Ink Tank Wireless 410 series (HKLM\...\{57173E13-35CD-4541-95DC-FE665D9E1AB2}) (Version: 45.4.2608.21322 - HP Inc.)
REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.3.875.080715 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31233 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.3.723.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7620 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0286 - REALTEK Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C814F7D9-CE9D-45AA-BA7C-88BDD0E1EB7C}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{77A8B979-11B0-4774-8003-574EE8A4BC22}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{05916788-991E-417B-A8F3-77F90A2B8271}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D4D48631-AC28-4250-B882-C956555B0B1D}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F3FAAB68-7697-4B1F-A23A-72312565AEAB}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUS_{944EFCFD-823D-4C0A-9B01-CD76EEAEA1F3}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUS_{58B1AD3E-54D7-42DC-AF42-218AA7C1ED8B}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUS_{58B1AD3E-54D7-42DC-AF42-218AA7C1ED8B}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Spotify (HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\Spotify) (Version: 1.2.9.743.g85d9593d - Spotify AB)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.12.4 - TeamViewer)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{C22F49B1-0F67-47DC-A490-E8B4B6558EA9}) (Version: 8.91.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{F49D6A65-1AB6-4728-9FDA-DB5BAB631CF6}) (Version: 1.23.0.0 - Microsoft Corporation) Hidden
USB Disk Security (HKLM-x32\...\USB Disk Security_is1) (Version:  - Zbshareware Lab)
Viber (HKLM-x32\...\{F7596FEB-11C3-4D44-ADBA-B9CE28D1E78C}) (Version: 13.6.0.58 - Viber Media S.a.r.l) Hidden
Viber (HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\{3b1da0c3-17f6-4d73-aca6-5a2c148c3915}) (Version: 13.6.0.58 - 2010-2020 Viber Media S.a.r.l)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.16 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Web Companion (HKLM-x32\...\{006daeda-5db8-4efd-b33b-fba1c13674c8}) (Version: 6.0.2279.4130 - Lavasoft)
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.810 - McAfee, LLC)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.5.541 - ASUS Cloud Corporation)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.1.0 - ASUS)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\ZoomUMX) (Version: 5.13.11 (13434) - Zoom Video Communications, Inc.)
 
Packages:
=========
Anki Universal -> C:\Program Files\WindowsApps\36558AnkiUniversal.AnkiUniversal_1.4.18.0_x64__qh2hfqm01f5q4 [2022-10-12] (Anki Universal)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_144.1.1068.0_x64__v10z8vjag6ke6 [2023-04-12] (HP Inc.)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.4779.0_x64__8j3eq9eme6ctt [2023-04-15] (INTEL CORP) [Startup Task]
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1850.5.228.0_x64__8xx8rvfyw5nnt [2023-04-26] (Meta) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-06-14] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-06-14] (Microsoft Corporation) [MS Ad]
NoteDex -> C:\Program Files\WindowsApps\07AF453C.NOTEDEX_1.0.3.0_neutral__8d3dhe1xtdz30 [2023-02-08] (Sundaram Applied Technologies Inc.)
Photo Moto -> C:\Program Files\WindowsApps\26531cwalstad.PhotoMoto_1.0.0.6_x64__j4hcq483565gc [2019-06-14] (PhotoMoto)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-14] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-08-17] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.16.3140.0_x64__8wekyb3d8bbwe [2023-03-20] (Microsoft Studios) [MS Ad]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1072221882-492732373-972231997-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1072221882-492732373-972231997-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1072221882-492732373-972231997-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1072221882-492732373-972231997-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1072221882-492732373-972231997-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1072221882-492732373-972231997-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1072221882-492732373-972231997-1001_Classes\CLSID\{14100442-9664-1407-2647-000000000000}\localserver32 -> "C:\Users\Windows10\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe" -ToastActivated => No File
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6670552 2014-05-22] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2014-05-22] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2021-03-03] (Tonec Inc. -> Tonec FZE)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.5.541\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) [File not signed]
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.5.541\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) [File not signed]
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.5.541\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) [File not signed]
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2022-03-03] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\Program Files (x86)\Common Files\AWS\2.2.5.541\ASUSWSContextMenu.dll [2015-10-22] (ASUS Cloud Corporation -> ASUS Cloud Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-19] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2022-03-03] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Windows10\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__falhefbjjkieambfkkahcidggdliooac\NoteDex.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=falhefbjjkieambfkkahcidggdliooac --app-url=hxxps://notedex.app/ --app-launch-source=4
ShortcutWithArgument: C:\Users\Windows10\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\Windows10\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Abadilla (A) - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Windows10\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\48499db33039e897\angela marie (Angel) - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 4"
 
==================== Loaded Modules (Whitelisted) =============
 
2017-07-03 17:51 - 2017-07-03 17:51 - 001937408 _____ () [File not signed] C:\Program Files (x86)\ASUS\Giftbox\ffmpeg.dll
2017-07-03 17:51 - 2017-07-03 17:51 - 000079360 _____ () [File not signed] C:\Program Files (x86)\ASUS\Giftbox\libegl.dll
2017-07-03 17:51 - 2017-07-03 17:51 - 002177536 _____ () [File not signed] C:\Program Files (x86)\ASUS\Giftbox\libglesv2.dll
2017-07-03 17:51 - 2017-07-03 17:51 - 003561984 _____ () [File not signed] C:\Program Files (x86)\ASUS\Giftbox\node.dll
2015-08-26 00:40 - 2015-08-26 00:40 - 000124928 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2015-08-26 00:40 - 2015-08-26 00:40 - 000027648 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2022-11-28 14:37 - 2023-03-10 23:08 - 001403392 _____ () [File not signed] C:\Users\Windows10\AppData\Roaming\uTorrent\datachannel.dll
2015-04-22 21:59 - 2015-04-22 21:59 - 001489920 _____ (ASUS Cloud Corporation.) [File not signed] C:\Program Files (x86)\Common Files\AWS\2.2.5.541\ASUSWSShellExt64.dll
2015-08-26 00:40 - 2015-08-26 00:40 - 001680384 _____ (ASUS TeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ApplyLUT.dll
2015-08-26 00:40 - 2015-08-26 00:40 - 000178688 _____ (ASUS TeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\GenLUT.dll
2015-08-26 00:40 - 2015-08-26 00:40 - 000164864 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ColorU.dll
2016-10-23 22:53 - 2015-01-30 20:44 - 000753664 _____ (BCGSoft Co Ltd) [File not signed] C:\Program Files (x86)\USB Disk Security\BCGPStyle2010Blue150.dll
2016-10-23 22:53 - 2015-02-03 19:59 - 006062080 _____ (BCGSoft Ltd) [File not signed] C:\Program Files (x86)\USB Disk Security\BCGCBPRO1500u80.dll
2020-08-25 02:48 - 2020-08-25 02:48 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2020-08-25 02:48 - 2020-08-25 02:48 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
2018-03-11 18:04 - 2014-03-05 04:06 - 000180224 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\E_YLMBNYE.DLL
2020-08-06 16:53 - 2015-01-14 02:47 - 000120320 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\E_YLMI2E.DLL
2017-07-03 17:51 - 2017-07-03 17:51 - 073507840 _____ (The NWJS Community) [File not signed] C:\Program Files (x86)\ASUS\Giftbox\nw.dll
2017-07-03 17:51 - 2017-07-03 17:51 - 000124928 _____ (The NWJS Community) [File not signed] C:\Program Files (x86)\ASUS\Giftbox\nw_elf.dll
2022-11-28 14:37 - 2023-03-10 23:08 - 003725824 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Users\Windows10\AppData\Roaming\uTorrent\libcrypto-3.dll
2022-11-28 14:37 - 2023-03-10 23:08 - 000619520 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Users\Windows10\AppData\Roaming\uTorrent\libssl-3.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Windows10\Application Data:955d2a2f697b1c9b40c63a2dd2b7d393 [394]
AlternateDataStreams: C:\Users\Windows10\AppData\Roaming:955d2a2f697b1c9b40c63a2dd2b7d393 [394]
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDtCyB0CtBtBzz0E0D0D0AyCyE0C0EtN0D0Tzu0StCyCzyzytN1L2XzutAtFtByEtFyCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDzztAyE0AtAyC0CtGyB0E0FtDtGtBtByBzztGyDtBtDtCtGtDyBzy0BtA0E0DtCzyyCtD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0DtC0C0D0EyBzztG0EyByEtCtGyEzy0C0EtGzz0D0ByCtGtD0A0A0F0D0A0AtA0FtC0F0C2QtN0A0LzuyE%26cr%3D1993188331%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage
HKU\S-1-5-21-1072221882-492732373-972231997-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__180211
HKU\S-1-5-21-1072221882-492732373-972231997-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDtCyB0CtBtBzz0E0D0D0AyCyE0C0EtN0D0Tzu0StCyCzyzytN1L2XzutAtFtByEtFyCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDzztAyE0AtAyC0CtGyB0E0FtDtGtBtByBzztGyDtBtDtCtGtDyBzy0BtA0E0DtCzyyCtD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0DtC0C0D0EyBzztG0EyByEtCtGyEzy0C0EtGzz0D0ByCtGtD0A0A0F0D0A0AtA0FtC0F0C2QtN0A0LzuyE%26cr%3D1993188331%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDtCyB0CtBtBzz0E0D0D0AyCyE0C0EtN0D0Tzu0StCyCzyzytN1L2XzutAtFtByEtFyCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDzztAyE0AtAyC0CtGyB0E0FtDtGtBtByBzztGyDtBtDtCtGtDyBzy0BtA0E0DtCzyyCtD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0DtC0C0D0EyBzztG0EyByEtCtGyEzy0C0EtGzz0D0ByCtGtD0A0A0F0D0A0AtA0FtC0F0C2QtN0A0LzuyE%26cr%3D1993188331%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDtCyB0CtBtBzz0E0D0D0AyCyE0C0EtN0D0Tzu0StCyCzyzytN1L2XzutAtFtByEtFyCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDzztAyE0AtAyC0CtGyB0E0FtDtGtBtByBzztGyDtBtDtCtGtDyBzy0BtA0E0DtCzyyCtD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0DtC0C0D0EyBzztG0EyByEtCtGyEzy0C0EtGzz0D0ByCtGtD0A0A0F0D0A0AtA0FtC0F0C2QtN0A0LzuyE%26cr%3D1993188331%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDtCyB0CtBtBzz0E0D0D0AyCyE0C0EtN0D0Tzu0StCyCzyzytN1L2XzutAtFtByEtFyCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDzztAyE0AtAyC0CtGyB0E0FtDtGtBtByBzztGyDtBtDtCtGtDyBzy0BtA0E0DtCzyyCtD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0DtC0C0D0EyBzztG0EyByEtCtGyEzy0C0EtGzz0D0ByCtGtD0A0A0F0D0A0AtA0FtC0F0C2QtN0A0LzuyE%26cr%3D1993188331%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1072221882-492732373-972231997-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={039FF48C-87C2-4779-954B-EF24CDC6A062}&mid=b25a0edfa7e647cfb2ad19b66e041c4c-2d2237a3295f9b6422042bf98b8cf02e4f3fbdf6&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516pii&pr=fr&d=2016-09-07 12:52:04&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1072221882-492732373-972231997-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10440__180211__yaie&p={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2021-11-09] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2014-05-22] (Microsoft Corporation -> Microsoft Corporation)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2022-03-03] (Adobe Inc. -> Adobe Systems Incorporated)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2022-07-20] (McAfee, LLC -> McAfee, LLC)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2022-03-03] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2021-11-09] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2014-05-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2022-03-03] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2022-07-20] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2022-03-03] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2022-03-03] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2022-03-03] (Adobe Inc. -> Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\webcompanion.com -> hxxp://webcompanion.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 15:24 - 2023-04-18 00:30 - 000003639 _____ C:\WINDOWS\system32\drivers\etc\hosts
109.94.209.70      fitgirlrepacks.co               # Fake FitGirl site
109.94.209.70      fitgirl-repacks.cc              # Fake FitGirl site
109.94.209.70      fitgirl-repack.com              # Fake FitGirl site
109.94.209.70      fitgirl-repacks.website         # Fake FitGirl site
109.94.209.70      www.fitgirlrepacks.co           # Fake FitGirl site
109.94.209.70      www.fitgirl-repacks.cc          # Fake FitGirl site
109.94.209.70      www.fitgirl-repack.com          # Fake FitGirl site
109.94.209.70      www.fitgirl-repacks.website     # Fake FitGirl site
109.94.209.70      ww9.fitgirl-repacks.xyz         # Fake FitGirl site
109.94.209.70      *.fitgirl-repacks.xyz           # Fake FitGirl site
109.94.209.70      fitgirl-repacks.xyz             # Fake FitGirl site
109.94.209.70      fitgirl-repack.net              # Fake FitGirl site
109.94.209.70      www.fitgirl-repack.net          # Fake FitGirl site
109.94.209.70      fitgirlpack.site                # Fake FitGirl site
109.94.209.70      www.fitgirlpack.site            # Fake FitGirl site
127.0.0.1 wondershare.net
127.0.0.1 www.wondershare.net
127.0.0.1 a104-126-254-40.deploy.static.akamaitechnologies.com
127.0.0.1 wondershare.com
127.0.0.1 www.wondershare.com
127.0.0.1 filmora.wondershare.com
127.0.0.1 mobilego.wondershare.com
127.0.0.1 support.wondershare.net
127.0.0.1 support.wondershare.com
127.0.0.1 cbs.wondershare.com
127.0.0.1 cbs.wondershare.net
127.0.0.1 platform.wondershare.com
127.0.0.1 statics.was.wondershare.com
127.0.0.1 resource.wondershare.com
127.0.0.1 myphone-download.wondershare.cc
 
2018-10-26 20:13 - 2021-08-31 16:50 - 000000440 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Cuminas\Document Express DjVu Plug-in\;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\HP\Common\HPDestPlgIn\
HKU\S-1-5-21-1072221882-492732373-972231997-1001\Control Panel\Desktop\\Wallpaper -> c:\users\windows10\downloads\301457593_5149145878548481_5841455750877651641_n.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run32: => "ExpressVPNNotificationService"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\StartupApproved\Run: => "Web Companion"
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\StartupApproved\Run: => "Viber"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{33498B0A-A3E8-459C-8044-CEAD6931C177}C:\users\windows10\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\windows10\appdata\roaming\utorrent\utorrent.exe (Rainberry Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{0B03ACF6-D655-46BC-B49E-CE3BD4E26A18}C:\users\windows10\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\windows10\appdata\roaming\utorrent\utorrent.exe (Rainberry Inc -> BitTorrent Inc.)
 
==================== Restore Points =========================
 
23-04-2023 14:34:54 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (04/27/2023 08:18:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Cortana.exe version 4.2204.13303.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 20fc
 
Start Time: 01d979002168161d
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
 
Report Id: d583bb92-3528-4682-b627-7f310ff4c638
 
Faulting package full name: Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: App
 
Hang type: Quiesce
 
Error: (04/27/2023 08:02:02 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\Windows10\AppData\Local\chromium\Application\chrome.exe".
Dependent Assembly 51.0.2683.0,language="&#x2a;",type="win32",version="51.0.2683.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/27/2023 06:57:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SecHealthUI.exe version 10.0.19041.2075 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 5d0
 
Start Time: 01d978f6e71e7ce6
 
Termination Time: 4294967295
 
Application Path: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
 
Report Id: b8742a0f-2bf2-4ce5-8143-e710b7fd0649
 
Faulting package full name: Microsoft.Windows.SecHealthUI_10.0.19041.1865_neutral__cw5n1h2txyewy
 
Faulting package-relative application ID: SecHealthUI
 
Hang type: Cross-thread
 
Error: (04/27/2023 09:46:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Cortana.exe version 4.2204.13303.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 24a8
 
Start Time: 01d978a8c2eb7002
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
 
Report Id: 3de176e2-6024-4b54-870b-78885082746a
 
Faulting package full name: Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: App
 
Hang type: Quiesce
 
Error: (04/27/2023 09:36:36 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\Windows10\AppData\Local\chromium\Application\chrome.exe".
Dependent Assembly 51.0.2683.0,language="&#x2a;",type="win32",version="51.0.2683.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/26/2023 08:06:58 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Seagate Expansion Drive (I:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Error: (04/26/2023 08:06:53 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on DATA (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Error: (04/26/2023 08:06:03 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on OS (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
 
System errors:
=============
Error: (04/27/2023 08:26:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Security Assist service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (04/27/2023 08:26:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® Security Assist service to connect.
 
Error: (04/27/2023 08:05:53 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The System Guard Runtime Monitor Broker service hung on starting.
 
Error: (04/27/2023 08:03:47 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.
 
Error: (04/27/2023 07:55:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The rsAssistant service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (04/27/2023 07:38:08 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RtkBtManServ service.
 
Error: (04/27/2023 07:36:24 PM) (Source: DCOM) (EventID: 10010) (User: QAWS-1232)
Description: The server {5F7F3F7B-1177-4D4B-B1DB-BC6F671B8F25} did not register with DCOM within the required timeout.
 
Error: (04/27/2023 07:18:17 PM) (Source: DCOM) (EventID: 10010) (User: QAWS-1232)
Description: The server {94269C4E-071A-4116-90E6-52E557067E4E} did not register with DCOM within the required timeout.
 
 
Windows Defender:
================
Date: 2023-04-27 21:20:57
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Full Scan
 
Date: 2023-04-27 20:15:27
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-04-27 19:34:38
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Wacatac.H!ml
Severity: Severe
Category: Trojan
Path: file:_C:\Program Files (x86)\VideoProc\unins000.exe; regkey:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{2F3E0360-3B4A-4162-9CEC-E1D7DAB522BF}_is1; uninstall:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{2F3E0360-3B4A-4162-9CEC-E1D7DAB522BF}_is1
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\SysWOW64\dllhost.exe
Security intelligence Version: AV: 1.387.2357.0, AS: 1.387.2357.0, NIS: 1.387.2357.0
Engine Version: AM: 1.1.20200.4, NIS: 1.1.20200.4
 
Date: 2023-04-27 19:33:29
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Wacatac.H!ml
Severity: Severe
Category: Trojan
Path: file:_C:\Program Files (x86)\VideoProc\unins000.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\SysWOW64\dllhost.exe
Security intelligence Version: AV: 1.387.2357.0, AS: 1.387.2357.0, NIS: 1.387.2357.0
Engine Version: AM: 1.1.20200.4, NIS: 1.1.20200.4
 
Date: 2023-04-27 19:25:05
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Leonem
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Windows10\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\WINDOW~1\AppData\Local\Temp\wih754E.tmp
Security intelligence Version: AV: 1.387.2357.0, AS: 1.387.2357.0, NIS: 1.387.2357.0
Engine Version: AM: 1.1.20200.4, NIS: 1.1.20200.4
Event[0]:
 
Date: 2023-04-27 19:25:07
Description: 
Microsoft Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Leonem
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Windows10\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\WINDOW~1\AppData\Local\Temp\wih754E.tmp
Action: Unknown
Action Status:  No additional actions required
Error Code: 0x80508032
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. 
Security intelligence Version: AV: 1.387.2357.0, AS: 1.387.2357.0, NIS: 1.387.2357.0
Engine Version: AM: 1.1.20200.4, NIS: 1.1.20200.4
 
Date: 2023-04-23 15:21:45
Description: 
Microsoft Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/Keygen
Severity: High
Category: Tool
Path: containerfile:_D:\Downloads\Wondershare UniConverter v14.1.15.171 (x64) + Fix {CracksHash}\Patch Fix\Patch Fix.zip; file:_D:\Downloads\Wondershare UniConverter v14.1.15.171 (x64) + Fix {CracksHash}\Patch Fix\Patch Fix.zip->WUC v12.x Patcher v1.5.exe; webfile:_D:\Downloads\Wondershare UniConverter v14.1.15.171 (x64) + Fix {CracksHash}\Patch Fix\Patch Fix.zip|about:internet|pid:6472,ProcessStart:133267077377203337
Detection Origin: Internet
Detection Type: Concrete
Detection Source: Downloads and attachments
Process Name: Unknown
Action: Quarantine
Action Status:  No additional actions required
Error Code: 0x80070003
Error description: The system cannot find the path specified. 
Security intelligence Version: AV: 1.387.1919.0, AS: 1.387.1919.0, NIS: 1.387.1919.0
Engine Version: AM: 1.1.20200.4, NIS: 1.1.20200.4
 
Date: 2023-04-07 12:04:02
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.385.1937.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.20100.6
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process. 
 
Date: 2023-04-07 12:04:02
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.385.1937.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.20100.6
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process. 
 
Date: 2023-04-07 12:04:02
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.385.1937.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.20100.6
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process. 
 
CodeIntegrity:
===============
Date: 2023-04-24 15:22:27
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2023-03-31 14:34:29
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2023-03-23 13:49:58
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. X555UB.304 04/24/2019
Motherboard: ASUSTeK COMPUTER INC. X555UB
Processor: Intel® Core™ i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 89%
Total physical RAM: 3994.87 MB
Available physical RAM: 421.75 MB
Total Virtual: 7450.87 MB
Available Virtual: 2817.99 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:371.85 GB) (Free:90.94 GB) (Model: HGST HTS541010A9E680) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:558.91 GB) (Free:354.23 GB) (Model: HGST HTS541010A9E680) NTFS
Drive i: (Seagate Expansion Drive) (Fixed) (Total:931.51 GB) (Free:172.99 GB) (Model: Seagate Expansion SCSI Disk Device) NTFS
 
\\?\Volume{7fe90a9b-1a57-4706-b74a-9e893e2179d4}\ () (Fixed) (Total:0.49 GB) (Free:0.05 GB) NTFS
\\?\Volume{3b5cd123-14f7-4eb4-ae69-0639c22d5e96}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 852CEE35)
 
Partition: GPT.
 
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: B8422010)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================

#5 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 62,345 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:36 PM

Posted 27 April 2023 - 07:17 PM

You are quite welcome. Thank you for your patience, there was a lot to review.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Uninstalling Programs Using Revo Uninstaller Free Portable

--------------------
  • Download Revo Uninstaller Free Portable and save it to your Desktop
  • Right click on the folder and select Extract All..., then click Extract
  • Double click on the RevoUninstaller-Portable folder
  • Right click on RevoUPort and select Run as administrator
  • Click OK on the License Agreement
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
Web Companion
WebAdvisor by McAfee
  • If the program's uninstaller appears work through the steps to remove the program(s)
  • Be sure the Advanced option is selected then click Scan
  • For each window that may appear identifying leftover items click Select All, Delete, then confirm the deletion
  • Once done click Finish
  • Reboot your computer
===================================================

Deleting Chrome Notifications

--------------------
  • Launch Chrome
  • In the address bar type chrome://settings/content/notifications and hit Enter
  • Scroll down to Allowed to send notifications
  • For any entry you are not familiar with or do not want click on the 3 horizontal dots to the right and select Remove
===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it to your Desktop
  • Close all open programs and browsers
  • Right click on the icon and select Run as administrator
  • Click Scan now
  • Allow the program to Quarantine what it finds except for Pre-installed applications if you would like to keep those or other entries you would like to keep
  • When completed click View Scan Log File
  • Copy and paste the contents in your reply
  • Click Skip Basic Repair if it appears then close the program
===================================================

Farbar Recovery Scan Tool Fix

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
  • There is no need to paste the information anywhere, FRST will do it for you
Start::
CreateRestorePoint:
CloseProcesses:
cmd: type "C:\WINDOWS\system32\drivers\etc\hosts"
C:\Program Files (x86)\Lavasoft
2023-04-27 19:06 - 2023-04-27 19:06 - 000001147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoProc.lnk
2023-04-27 19:06 - 2023-04-27 19:06 - 000000000 ____D C:\Users\Windows10\AppData\Roaming\Digiarty
2023-04-27 19:04 - 2023-04-27 19:34 - 000000000 ____D C:\Program Files (x86)\VideoProc
2023-04-27 19:04 - 2023-04-27 19:04 - 000000000 ____D C:\ProgramData\CyberMania
C:\Program Files\Common Files\Wondershare
C:\Program Files (x86)\Common Files\Wondershare
2023-04-18 00:25 - 2023-04-18 00:27 - 000000000 ____D C:\ProgramData\GraphicsType14
2023-04-18 00:23 - 2023-04-18 00:38 - 000000000 ____D C:\Users\Windows10\AppData\Roaming\Wondershare
2023-04-18 00:20 - 2023-04-18 01:00 - 000000000 ____D C:\Program Files\Wondershare
2023-04-18 01:00 - 2020-08-24 00:42 - 000000000 ____D C:\ProgramData\Wondershare
2023-04-18 00:59 - 2022-02-05 21:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
C:\Program Files\Common Files\AVG
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [8160856 2020-06-24] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft) <==== ATTENTION 
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [5249688 2023-04-13] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\Run: [QNPlus] => [X] 
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (No File) 
HKLM\...\Run: [UniConverterUpdateHelper] => C:\Program Files\Wondershare\UniConverter 14\WSVCUUpdateHelper.exe (No File) 
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (No File) 
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\Run: [Discord] => C:\Users\Windows10\AppData\Local\Discord\app-0.0.307\Discord.exe (No File) 
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\Run: [Adobe Reader Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" (No File) 
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\Run: [QMxNetworkSync] => C:\Program Files\Common Files\MAGIX Services\Update Notifier\QMxNetworkSync.exe (No File) 
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\Run: [NoxMultiPlayer] => "D:\Program Files\Nox\bin\MultiPlayerManager.exe" -startSource:auto_start (No File) 
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\Run: [Netmarble Launcher] => "D:\Games\Ni no Kuni Cross Worlds\Netmarble Launcher.exe" (No File) 
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\Run: [com.messenger] => "C:\Users\Windows10\AppData\Local\Programs\Messenger\Messenger.exe" messenger://openAtLogin (No File) 
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\StartupApproved\Run: => "Web Companion"
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\Policies\Explorer: [DisallowRun] 1 
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\Policies\Explorer\DisallowRun: [1] irsetup.exe 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDtCyB0CtBtBzz0E0D0D0AyCyE0C0EtN0D0Tzu0StCyCzyzytN1L2XzutAtFtByEtFyCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDzztAyE0AtAyC0CtGyB0E0FtDtGtBtByBzztGyDtBtDtCtGtDyBzy0BtA0E0DtCzyyCtD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0DtC0C0D0EyBzztG0EyByEtCtGyEzy0C0EtGzz0D0ByCtGtD0A0A0F0D0A0AtA0FtC0F0C2QtN0A0LzuyE%26cr%3D1993188331%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage
HKU\S-1-5-21-1072221882-492732373-972231997-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__180211
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDtCyB0CtBtBzz0E0D0D0AyCyE0C0EtN0D0Tzu0StCyCzyzytN1L2XzutAtFtByEtFyCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDzztAyE0AtAyC0CtGyB0E0FtDtGtBtByBzztGyDtBtDtCtGtDyBzy0BtA0E0DtCzyyCtD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0DtC0C0D0EyBzztG0EyByEtCtGyEzy0C0EtGzz0D0ByCtGtD0A0A0F0D0A0AtA0FtC0F0C2QtN0A0LzuyE%26cr%3D1993188331%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDtCyB0CtBtBzz0E0D0D0AyCyE0C0EtN0D0Tzu0StCyCzyzytN1L2XzutAtFtByEtFyCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDzztAyE0AtAyC0CtGyB0E0FtDtGtBtByBzztGyDtBtDtCtGtDyBzy0BtA0E0DtCzyyCtD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0DtC0C0D0EyBzztG0EyByEtCtGyEzy0C0EtGzz0D0ByCtGtD0A0A0F0D0A0AtA0FtC0F0C2QtN0A0LzuyE%26cr%3D1993188331%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDtCyB0CtBtBzz0E0D0D0AyCyE0C0EtN0D0Tzu0StCyCzyzytN1L2XzutAtFtByEtFyCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDzztAyE0AtAyC0CtGyB0E0FtDtGtBtByBzztGyDtBtDtCtGtDyBzy0BtA0E0DtCzyyCtD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0DtC0C0D0EyBzztG0EyByEtCtGyEzy0C0EtGzz0D0ByCtGtD0A0A0F0D0A0AtA0FtC0F0C2QtN0A0LzuyE%26cr%3D1993188331%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDtCyB0CtBtBzz0E0D0D0AyCyE0C0EtN0D0Tzu0StCyCzyzytN1L2XzutAtFtByEtFyCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDzztAyE0AtAyC0CtGyB0E0FtDtGtBtByBzztGyDtBtDtCtGtDyBzy0BtA0E0DtCzyyCtD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0DtC0C0D0EyBzztG0EyByEtCtGyEzy0C0EtGzz0D0ByCtGtD0A0A0F0D0A0AtA0FtC0F0C2QtN0A0LzuyE%26cr%3D1993188331%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1072221882-492732373-972231997-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={039FF48C-87C2-4779-954B-EF24CDC6A062}&mid=b25a0edfa7e647cfb2ad19b66e041c4c-2d2237a3295f9b6422042bf98b8cf02e4f3fbdf6&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516pii&pr=fr&d=2016-09-07 12:52:04&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1072221882-492732373-972231997-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10440__180211__yaie&p={searchTerms}
IFEO\LogTransport2.exe: [Debugger] 0 
S2 rsAssistant; C:\Program Files\RAVAntivirus\rsAssistant.exe [X] 
S3 MpKsl72edc48c; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F5BFF280-4238-4A22-86A6-51970BBD54E1}\MpKslDrv.sys [X] 
Task: {6FC00065-4A94-4AAE-8F09-5B1FAB981F1F} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe (No File) 
Task: {B1F3D2C2-9991-4161-97F6-5684DCFD3140} - System32\Tasks\Opera scheduled Autoupdate 1644079984 => C:\Users\Windows10\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File) 
Task: {DD1C90BC-1C3B-40BA-862E-2C69771F77C7} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION 
Task: {6FC00065-4A94-4AAE-8F09-5B1FAB981F1F} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe (No File) 
Task: {B1F3D2C2-9991-4161-97F6-5684DCFD3140} - System32\Tasks\Opera scheduled Autoupdate 1644079984 => C:\Users\Windows10\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File) 
Task: {0B0DDDB6-E65E-47F8-8208-D5E92F405AB3} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2172344 2023-04-12] (AVG Technologies USA, LLC -> AVG Technologies)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] 
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] 
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] 
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] 
AlternateDataStreams: C:\Users\Windows10\Application Data:955d2a2f697b1c9b40c63a2dd2b7d393 [394] 
AlternateDataStreams: C:\Users\Windows10\AppData\Roaming:955d2a2f697b1c9b40c63a2dd2b7d393 [394] 
C:\Users\Windows10\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpih
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File] 
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File] 
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File] 
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File] 
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [No File] 
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [No File] 
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File] 
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File] 
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File] 
FF Plugin HKU\S-1-5-21-1072221882-492732373-972231997-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File] 
FF Plugin HKU\S-1-5-21-1072221882-492732373-972231997-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File] 
FF Plugin HKU\S-1-5-21-1072221882-492732373-972231997-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File] 
CustomCLSID: HKU\S-1-5-21-1072221882-492732373-972231997-1001_Classes\CLSID\{14100442-9664-1407-2647-000000000000}\localserver32 -> "C:\Users\Windows10\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe" -ToastActivated => No File 
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File 
ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} =>  -> No File 
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File 
cmd: netsh winsock reset catalog
cmd: netsh int ip reset resetlog.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
Emptytemp:
End::
  • Click Fix
  • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program agree to the request.
  • Note: The Emptytemp: command will remove cookies and may result in some websites (like banking) indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.
  • Copy/paste the following in the Search: box
SearchAll: VideoProc;McAfee;Wondershare;Lavasoft
  • Click Search Files button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the report in your reply. If the file is too large zip and upload it here.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Programs uninstall?
  • Review Chrome notifications?
  • AdwCleaner report
  • Fixlog
  • Search.txt

Edited by Oh My!, 28 April 2023 - 08:34 AM.

Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come

#6 Calyxes

Calyxes
  • Topic Starter

  • Avatar image
  • Members
  • 35 posts
  • OFFLINE
    •  

Posted 27 April 2023 - 08:13 PM

Hi. I dont remember using Cryptolocker. And the link for revouninstaller doesn't work. I'm getting "this site can't be reached"...is there another way of downloading it?


#7 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 62,345 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:36 PM

Posted 27 April 2023 - 08:21 PM

CryptoLocker is a type of malware distributed through Peer 2 Peer torrent downloads.

Visit this page and see if you can download the Portable version.
Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come

#8 Calyxes

Calyxes
  • Topic Starter

  • Avatar image
  • Members
  • 35 posts
  • OFFLINE
    •  

Posted 28 April 2023 - 02:53 AM

I was able to download the Revo uninstaller, but I clicked mistakenly on finish, instead of the SELECT ALL DELETE ... is there a way to delete the left overs of what I uninstalled?


#9 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 62,345 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:36 PM

Posted 28 April 2023 - 08:36 AM

That's OK, we are good. I have another step we will take in the instructions above (SearchAll:) that will take care of finding those entries. :thumbsup2:

Edited by Oh My!, 28 April 2023 - 08:36 AM.

Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come

#10 Calyxes

Calyxes
  • Topic Starter

  • Avatar image
  • Members
  • 35 posts
  • OFFLINE
    •  

Posted 29 April 2023 - 01:04 AM

Programs Uninstalled: 
1. Web Companion

2. Web Advisor by McAfee

3. Battle.net

4. Can't remember the other one

 

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2022-10-10.1 (Cloud)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    04-29-2023
# Duration: 00:02:08
# OS:       Windows 10 (Build 19045.2846)
# Scanned:  32092
# Detected: 62
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
PUP.Optional.Elex               C:\Users\Windows10\Downloads\TData
PUP.Optional.Legacy             C:\ProgramData\Tencent
PUP.Optional.Legacy             C:\Users\Windows10\AppData\Local\Tencent
PUP.Optional.Legacy             C:\Users\Windows10\AppData\Roaming\DriverFinder
PUP.Optional.Legacy             C:\Users\Windows10\AppData\Roaming\Tencent
PUP.Optional.Legacy             C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent
PUP.Optional.Walliant           C:\Users\Windows10\AppData\Local\Walliant
 
***** [ Files ] *****
 
PUP.Optional.USBDiskSecurity    C:\Users\Public\Desktop\Web Navigation.lnk
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.InstallCore        HKCU\Software\csastats
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
PUP.Optional.Legacy             HKCU\Software\WebDiscoverBrowser
PUP.Optional.Legacy             HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
PUP.Optional.Legacy             HKLM\Software\WebDiscoverBrowser
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\WebDiscoverBrowser
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
PUP.Optional.Legacy             HKLM\System\Setup\FirstBoot\Services\WCAssistantService
PUP.Optional.MySearch           HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
PUP.Optional.ProductSetup.A     HKCU\Software\PRODUCTSETUP
PUP.Optional.QuickDriverUpdater HKLM\Software\qdu-pr
PUP.Optional.WebCompanion       HKCU\Software\Lavasoft\Web Companion
PUP.Optional.WebCompanion       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
PUP.Optional.WebCompanion       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion       HKU\.DEFAULT\Software\Mozilla\NativeMessagingHosts\com.webcompanion.native
PUP.Optional.WebCompanion       HKU\S-1-5-18\SOFTWARE\Mozilla\NativeMessagingHosts\com.webcompanion.native
PUP.Optional.WebCompanion       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries found.
 
***** [ Preinstalled Software ] *****
 
Preinstalled.ASUSDeviceActivation   Folder   C:\Program Files (x86)\ASUS\ASUS DEVICE ACTIVATION 
Preinstalled.ASUSDeviceActivation   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{9C4B0706-9F9A-47BF-B417-0A111FC52B04} 
Preinstalled.ASUSGiftBox   Folder   C:\Program Files (x86)\ASUS\GIFTBOX 
Preinstalled.ASUSGiftBox   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\ASUS GIFTBOX 
Preinstalled.ASUSLiveUpdate   Folder   C:\Program Files (x86)\ASUS\ASUS LIVE UPDATE 
Preinstalled.ASUSLiveUpdate   Folder   C:\ProgramData\ASUS\ASUS LIVE UPDATE 
Preinstalled.ASUSLiveUpdate   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC69AB3D-3795-4895-8A20-C2D9AAB24208}  
Preinstalled.ASUSLiveUpdate   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update Checker 
Preinstalled.ASUSLiveUpdate   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4} 
Preinstalled.ASUSLiveUpdate   Task   C:\Windows\System32\Tasks\UPDATE CHECKER 
Preinstalled.ASUSProductRegistration   File   C:\Users\Windows10\Desktop\Welcome to ASUS Product Registration.lnk 
Preinstalled.ASUSProductRegistration   Folder   C:\Program Files (x86)\ASUS\APRP 
Preinstalled.ASUSProductRegistration   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{8D6B05E0-F457-408C-9D13-549334D8FAE1} 
Preinstalled.ASUSSmartGesture   Registry   HKLM\Software\Classes\CLSID\{F31B5912-07D6-4895-B4BA-5486CF3B18B1} 
Preinstalled.ASUSSplendid   File   C:\Users\Public\Desktop\Eye Care Switcher.Lnk 
Preinstalled.ASUSSplendid   File   C:\Users\Windows10\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eye Care Switcher.Lnk 
Preinstalled.ASUSSplendid   Folder   C:\Program Files (x86)\ASUS\SPLENDID 
Preinstalled.ASUSSplendid   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17E45D42-AB6C-465E-94F6-E58E37D5F8A8}  
Preinstalled.ASUSSplendid   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Splendid ACMON 
Preinstalled.ASUSSplendid   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{0969AF05-4FF6-4C00-9406-43599238DE0D} 
Preinstalled.ASUSSplendid   Task   C:\Windows\System32\Tasks\ASUS SPLENDID ACMON 
Preinstalled.ASUSWebStorage   File   C:\Users\Public\Desktop\WebStorage.lnk 
Preinstalled.ASUSWebStorage   Folder   C:\Program Files (x86)\ASUS\WEBSTORAGE 
Preinstalled.ASUSWebStorage   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\WEBSTORAGE 
Preinstalled.ASUSWebStorage   Registry   HKLM\Software\Classes\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7191} 
Preinstalled.ASUSWebStorage   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|WebStorage 
Preinstalled.ASUSWebStorage   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|WebStorage 
Preinstalled.ASUSWebStorage   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WebStorage 
Preinstalled.EpsonCustomerResearchParticipation   Folder   C:\Program Files\EPSON\EPSONCUSTOMERRESEARCHPARTICIPATION 
Preinstalled.EpsonCustomerResearchParticipation   Folder   C:\ProgramData\EPSON\EPSONCUSTOMERRESEARCHPARTICIPATION 
Preinstalled.EpsonCustomerResearchParticipation   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B26449A6-6007-4460-B4FE-C4776115BCEA} 
Preinstalled.HPCleanFLC   File   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent wildgames Master Uninstall 
 
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2022-10-10.1 (Cloud)
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-29-2023
# Duration: 00:01:04
# OS:       Windows 10 (Build 19045.2846)
# Cleaned:  58
# Awaiting reboot:1
# Failed:   0
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
Deleted       C:\ProgramData\Tencent
Deleted       C:\Users\Windows10\AppData\Local\Tencent
Deleted       C:\Users\Windows10\AppData\Local\Walliant
Deleted       C:\Users\Windows10\AppData\Roaming\DriverFinder
Deleted       C:\Users\Windows10\AppData\Roaming\Tencent
Deleted       C:\Users\Windows10\Downloads\TData
Deleted       C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent
 
***** [ Files ] *****
 
Deleted       C:\Users\Public\Desktop\Web Navigation.lnk
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
Deleted       HKCU\Software\Lavasoft\Web Companion
Deleted       HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted       HKCU\Software\PRODUCTSETUP
Deleted       HKCU\Software\WebDiscoverBrowser
Deleted       HKCU\Software\csastats
Deleted       HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted       HKLM\Software\WebDiscoverBrowser
Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted       HKLM\Software\Wow6432Node\WebDiscoverBrowser
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted       HKLM\Software\qdu-pr
Deleted       HKLM\System\Setup\FirstBoot\Services\WCAssistantService
Deleted       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKU\.DEFAULT\Software\Mozilla\NativeMessagingHosts\com.webcompanion.native
Deleted       HKU\S-1-5-18\SOFTWARE\Mozilla\NativeMessagingHosts\com.webcompanion.native
Deleted       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs cleaned.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries cleaned.
 
***** [ Preinstalled Software ] *****
 
Deleted       Preinstalled.ASUSDeviceActivation   Folder   C:\Program Files (x86)\ASUS\ASUS DEVICE ACTIVATION
Deleted       Preinstalled.ASUSDeviceActivation   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}
Deleted       Preinstalled.ASUSGiftBox   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\ASUS GIFTBOX
Deleted       Preinstalled.ASUSLiveUpdate   Folder   C:\Program Files (x86)\ASUS\ASUS LIVE UPDATE
Deleted       Preinstalled.ASUSLiveUpdate   Folder   C:\ProgramData\ASUS\ASUS LIVE UPDATE
Deleted       Preinstalled.ASUSLiveUpdate   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC69AB3D-3795-4895-8A20-C2D9AAB24208} 
Deleted       Preinstalled.ASUSLiveUpdate   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update Checker
Deleted       Preinstalled.ASUSLiveUpdate   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}
Deleted       Preinstalled.ASUSLiveUpdate   Task   C:\Windows\System32\Tasks\UPDATE CHECKER
Deleted       Preinstalled.ASUSProductRegistration   File   C:\Users\Windows10\Desktop\Welcome to ASUS Product Registration.lnk
Deleted       Preinstalled.ASUSProductRegistration   Folder   C:\Program Files (x86)\ASUS\APRP
Deleted       Preinstalled.ASUSProductRegistration   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{8D6B05E0-F457-408C-9D13-549334D8FAE1}
Deleted       Preinstalled.ASUSSmartGesture   Registry   HKLM\Software\Classes\CLSID\{F31B5912-07D6-4895-B4BA-5486CF3B18B1}
Deleted       Preinstalled.ASUSSplendid   File   C:\Users\Public\Desktop\Eye Care Switcher.Lnk
Deleted       Preinstalled.ASUSSplendid   File   C:\Users\Windows10\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eye Care Switcher.Lnk
Deleted       Preinstalled.ASUSSplendid   Folder   C:\Program Files (x86)\ASUS\SPLENDID
Deleted       Preinstalled.ASUSSplendid   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17E45D42-AB6C-465E-94F6-E58E37D5F8A8} 
Deleted       Preinstalled.ASUSSplendid   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Splendid ACMON
Deleted       Preinstalled.ASUSSplendid   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{0969AF05-4FF6-4C00-9406-43599238DE0D}
Deleted       Preinstalled.ASUSSplendid   Task   C:\Windows\System32\Tasks\ASUS SPLENDID ACMON
Deleted       Preinstalled.ASUSWebStorage   File   C:\Users\Public\Desktop\WebStorage.lnk
Deleted       Preinstalled.ASUSWebStorage   Folder   C:\Program Files (x86)\ASUS\WEBSTORAGE
Deleted       Preinstalled.ASUSWebStorage   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\WEBSTORAGE
Deleted       Preinstalled.ASUSWebStorage   Registry   HKLM\Software\Classes\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7191}
Deleted       Preinstalled.ASUSWebStorage   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|WebStorage
Deleted       Preinstalled.ASUSWebStorage   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|WebStorage
Deleted       Preinstalled.ASUSWebStorage   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WebStorage
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent wildgames Master Uninstall
Needs Reboot  Preinstalled.ASUSGiftBox   Folder   C:\Program Files (x86)\ASUS\GIFTBOX
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
***** Reboot Required to Complete *****
 
 
***** [ Folders ] *****
 
Cleaning failed   C:\Program Files (x86)\ASUS\GIFTBOX
 
*************************
 
AdwCleaner[S00].txt - [7805 octets] - [29/04/2023 08:50:51]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-04-2023
Ran by Windows10 (29-04-2023 09:19:58) Run:1
Running from C:\Users\Windows10\Desktop
Loaded Profiles: Windows10
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
cmd: type "C:\WINDOWS\system32\drivers\etc\hosts"
C:\Program Files (x86)\Lavasoft
2023-04-27 19:06 - 2023-04-27 19:06 - 000001147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoProc.lnk
2023-04-27 19:06 - 2023-04-27 19:06 - 000000000 ____D C:\Users\Windows10\AppData\Roaming\Digiarty
2023-04-27 19:04 - 2023-04-27 19:34 - 000000000 ____D C:\Program Files (x86)\VideoProc
2023-04-27 19:04 - 2023-04-27 19:04 - 000000000 ____D C:\ProgramData\CyberMania
C:\Program Files\Common Files\Wondershare
C:\Program Files (x86)\Common Files\Wondershare
2023-04-18 00:25 - 2023-04-18 00:27 - 000000000 ____D C:\ProgramData\GraphicsType14
2023-04-18 00:23 - 2023-04-18 00:38 - 000000000 ____D C:\Users\Windows10\AppData\Roaming\Wondershare
2023-04-18 00:20 - 2023-04-18 01:00 - 000000000 ____D C:\Program Files\Wondershare
2023-04-18 01:00 - 2020-08-24 00:42 - 000000000 ____D C:\ProgramData\Wondershare
2023-04-18 00:59 - 2022-02-05 21:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
C:\Program Files\Common Files\AVG
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [8160856 2020-06-24] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft) <==== ATTENTION 
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [5249688 2023-04-13] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\Run: [QNPlus] => [X] 
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (No File) 
HKLM\...\Run: [UniConverterUpdateHelper] => C:\Program Files\Wondershare\UniConverter 14\WSVCUUpdateHelper.exe (No File) 
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (No File) 
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\Run: [Discord] => C:\Users\Windows10\AppData\Local\Discord\app-0.0.307\Discord.exe (No File) 
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\Run: [Adobe Reader Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" (No File) 
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\Run: [QMxNetworkSync] => C:\Program Files\Common Files\MAGIX Services\Update Notifier\QMxNetworkSync.exe (No File) 
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\Run: [NoxMultiPlayer] => "D:\Program Files\Nox\bin\MultiPlayerManager.exe" -startSource:auto_start (No File) 
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\Run: [Netmarble Launcher] => "D:\Games\Ni no Kuni Cross Worlds\Netmarble Launcher.exe" (No File) 
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\Run: [com.messenger] => "C:\Users\Windows10\AppData\Local\Programs\Messenger\Messenger.exe" messenger://openAtLogin (No File) 
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\StartupApproved\Run: => "Web Companion"
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\Policies\Explorer: [DisallowRun] 1 
HKU\S-1-5-21-1072221882-492732373-972231997-1001\...\Policies\Explorer\DisallowRun: [1] irsetup.exe 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDtCyB0CtBtBzz0E0D0D0AyCyE0C0EtN0D0Tzu0StCyCzyzytN1L2XzutAtFtByEtFyCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDzztAyE0AtAyC0CtGyB0E0FtDtGtBtByBzztGyDtBtDtCtGtDyBzy0BtA0E0DtCzyyCtD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0DtC0C0D0EyBzztG0EyByEtCtGyEzy0C0EtGzz0D0ByCtGtD0A0A0F0D0A0AtA0FtC0F0C2QtN0A0LzuyE%26cr%3D1993188331%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage
HKU\S-1-5-21-1072221882-492732373-972231997-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__180211
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDtCyB0CtBtBzz0E0D0D0AyCyE0C0EtN0D0Tzu0StCyCzyzytN1L2XzutAtFtByEtFyCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDzztAyE0AtAyC0CtGyB0E0FtDtGtBtByBzztGyDtBtDtCtGtDyBzy0BtA0E0DtCzyyCtD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0DtC0C0D0EyBzztG0EyByEtCtGyEzy0C0EtGzz0D0ByCtGtD0A0A0F0D0A0AtA0FtC0F0C2QtN0A0LzuyE%26cr%3D1993188331%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDtCyB0CtBtBzz0E0D0D0AyCyE0C0EtN0D0Tzu0StCyCzyzytN1L2XzutAtFtByEtFyCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDzztAyE0AtAyC0CtGyB0E0FtDtGtBtByBzztGyDtBtDtCtGtDyBzy0BtA0E0DtCzyyCtD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0DtC0C0D0EyBzztG0EyByEtCtGyEzy0C0EtGzz0D0ByCtGtD0A0A0F0D0A0AtA0FtC0F0C2QtN0A0LzuyE%26cr%3D1993188331%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDtCyB0CtBtBzz0E0D0D0AyCyE0C0EtN0D0Tzu0StCyCzyzytN1L2XzutAtFtByEtFyCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDzztAyE0AtAyC0CtGyB0E0FtDtGtBtByBzztGyDtBtDtCtGtDyBzy0BtA0E0DtCzyyCtD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0DtC0C0D0EyBzztG0EyByEtCtGyEzy0C0EtGzz0D0ByCtGtD0A0A0F0D0A0AtA0FtC0F0C2QtN0A0LzuyE%26cr%3D1993188331%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDtCyB0CtBtBzz0E0D0D0AyCyE0C0EtN0D0Tzu0StCyCzyzytN1L2XzutAtFtByEtFyCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDzztAyE0AtAyC0CtGyB0E0FtDtGtBtByBzztGyDtBtDtCtGtDyBzy0BtA0E0DtCzyyCtD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0DtC0C0D0EyBzztG0EyByEtCtGyEzy0C0EtGzz0D0ByCtGtD0A0A0F0D0A0AtA0FtC0F0C2QtN0A0LzuyE%26cr%3D1993188331%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1072221882-492732373-972231997-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={039FF48C-87C2-4779-954B-EF24CDC6A062}&mid=b25a0edfa7e647cfb2ad19b66e041c4c-2d2237a3295f9b6422042bf98b8cf02e4f3fbdf6&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516pii&pr=fr&d=2016-09-07 12:52:04&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1072221882-492732373-972231997-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10440__180211__yaie&p={searchTerms}
IFEO\LogTransport2.exe: [Debugger] 0 
S2 rsAssistant; C:\Program Files\RAVAntivirus\rsAssistant.exe [X] 
S3 MpKsl72edc48c; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F5BFF280-4238-4A22-86A6-51970BBD54E1}\MpKslDrv.sys [X] 
Task: {6FC00065-4A94-4AAE-8F09-5B1FAB981F1F} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe (No File) 
Task: {B1F3D2C2-9991-4161-97F6-5684DCFD3140} - System32\Tasks\Opera scheduled Autoupdate 1644079984 => C:\Users\Windows10\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File) 
Task: {DD1C90BC-1C3B-40BA-862E-2C69771F77C7} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION 
Task: {6FC00065-4A94-4AAE-8F09-5B1FAB981F1F} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe (No File) 
Task: {B1F3D2C2-9991-4161-97F6-5684DCFD3140} - System32\Tasks\Opera scheduled Autoupdate 1644079984 => C:\Users\Windows10\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File) 
Task: {0B0DDDB6-E65E-47F8-8208-D5E92F405AB3} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2172344 2023-04-12] (AVG Technologies USA, LLC -> AVG Technologies)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] 
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] 
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] 
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] 
AlternateDataStreams: C:\Users\Windows10\Application Data:955d2a2f697b1c9b40c63a2dd2b7d393 [394] 
AlternateDataStreams: C:\Users\Windows10\AppData\Roaming:955d2a2f697b1c9b40c63a2dd2b7d393 [394] 
C:\Users\Windows10\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpih
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File] 
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File] 
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File] 
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File] 
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [No File] 
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [No File] 
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File] 
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File] 
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File] 
FF Plugin HKU\S-1-5-21-1072221882-492732373-972231997-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File] 
FF Plugin HKU\S-1-5-21-1072221882-492732373-972231997-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File] 
FF Plugin HKU\S-1-5-21-1072221882-492732373-972231997-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File] 
CustomCLSID: HKU\S-1-5-21-1072221882-492732373-972231997-1001_Classes\CLSID\{14100442-9664-1407-2647-000000000000}\localserver32 -> "C:\Users\Windows10\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe" -ToastActivated => No File 
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File 
ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} =>  -> No File 
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File 
cmd: netsh winsock reset catalog
cmd: netsh int ip reset resetlog.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
Emptytemp:
End::
*****************
 
Restore point was successfully created.
Processes closed successfully.
 
========= type "C:\WINDOWS\system32\drivers\etc\hosts" =========
 
# Copyright © 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host
 
# localhost name resolution is handled within DNS itself.
# 127.0.0.1       localhost
# ::1             localhost
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
109.94.209.70      fitgirlrepacks.co               # Fake FitGirl site
109.94.209.70      fitgirl-repacks.cc              # Fake FitGirl site
109.94.209.70      fitgirl-repack.com              # Fake FitGirl site
109.94.209.70      fitgirl-repacks.website         # Fake FitGirl site
109.94.209.70      www.fitgirlrepacks.co           # Fake FitGirl site
109.94.209.70      www.fitgirl-repacks.cc          # Fake FitGirl site
109.94.209.70      www.fitgirl-repack.com          # Fake FitGirl site
109.94.209.70      www.fitgirl-repacks.website     # Fake FitGirl site
109.94.209.70      ww9.fitgirl-repacks.xyz         # Fake FitGirl site
109.94.209.70      *.fitgirl-repacks.xyz           # Fake FitGirl site
109.94.209.70      fitgirl-repacks.xyz             # Fake FitGirl site
109.94.209.70      fitgirl-repack.net              # Fake FitGirl site
109.94.209.70      www.fitgirl-repack.net          # Fake FitGirl site
109.94.209.70      fitgirlpack.site                # Fake FitGirl site
109.94.209.70      www.fitgirlpack.site            # Fake FitGirl site
127.0.0.1 wondershare.net
127.0.0.1 www.wondershare.net
127.0.0.1 a104-126-254-40.deploy.static.akamaitechnologies.com
127.0.0.1 wondershare.com
127.0.0.1 www.wondershare.com
127.0.0.1 filmora.wondershare.com
127.0.0.1 mobilego.wondershare.com
127.0.0.1 support.wondershare.net
127.0.0.1 support.wondershare.com
127.0.0.1 cbs.wondershare.com
127.0.0.1 cbs.wondershare.net
127.0.0.1 platform.wondershare.com
127.0.0.1 statics.was.wondershare.com
127.0.0.1 resource.wondershare.com
127.0.0.1 myphone-download.wondershare.cc
127.0.0.1 antipiracy.wondershare.com
127.0.0.1 cc-antipiracy.wondershare.cc
127.0.0.1 sparrow.wondershare.com
127.0.0.1 dc.wondershare.cc
127.0.0.1 cbs.wondershare.cn
127.0.0.1 api.wondershare.com
127.0.0.1 product-api.wondershare.com
127.0.0.1 myphone-api.wondershare.cc
127.0.0.1 order-api.wondershare.com
127.0.0.1 media.io
127.0.0.1 www.media.io
127.0.0.1 keepvid.cc
127.0.0.1 www.keepvid.cc
127.0.0.1 52.90.fd9f.ip4.static.sl-reverse.com
127.0.0.1 53.90.fd9f.ip4.static.sl-reverse.com
127.0.0.1 srv1.keepvid.cc
127.0.0.1 f3.34.9905.ip4.static.sl-reverse.com
127.0.0.1 pop.wondershare.com
127.0.0.1 a104-123-50-16.deploy.static.akamaitechnologies.com
127.0.0.1 a104-123-50-99.deploy.static.akamaitechnologies.com
127.0.0.1 pop.iskysoft.com
127.0.0.1 pop.aimersoft.com
127.0.0.1 myphone-connect.wondershare.cc
127.0.0.1 ori-myphone-download.wondershare.cc
127.0.0.1 api.300624.com
127.0.0.1 pc-api.300624.com
127.0.0.1 pixcut.wondershare.com.w.kunlunsl.com
127.0.0.1 cloud-api.300624.com
127.0.0.1 wae.wondershare.cc.w.cdngslb.com
127.0.0.1 account.wondershare.com
127.0.0.1 accounts.wondershare.com
 
========= End of CMD: =========
 
"C:\Program Files (x86)\Lavasoft" => not found
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoProc.lnk => moved successfully
C:\Users\Windows10\AppData\Roaming\Digiarty => moved successfully
C:\Program Files (x86)\VideoProc => moved successfully
C:\ProgramData\CyberMania => moved successfully
"C:\Program Files\Common Files\Wondershare" => not found
"C:\Program Files (x86)\Common Files\Wondershare" => not found
C:\ProgramData\GraphicsType14 => moved successfully
C:\Users\Windows10\AppData\Roaming\Wondershare => moved successfully
C:\Program Files\Wondershare => moved successfully
C:\ProgramData\Wondershare => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare => moved successfully
C:\Program Files\Common Files\AVG => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\Wondershare Helper Compact.exe" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Wondershare Helper Compact.exe" => removed successfully
"HKU\S-1-5-21-1072221882-492732373-972231997-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion" => not found
"HKU\S-1-5-21-1072221882-492732373-972231997-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell" => removed successfully
"HKU\S-1-5-21-1072221882-492732373-972231997-1001\Software\Microsoft\Windows\CurrentVersion\Run\\QNPlus" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Wondershare Helper Compact.exe" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\UniConverterUpdateHelper" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Wondershare Helper Compact.exe" => not found
"HKU\S-1-5-21-1072221882-492732373-972231997-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Discord" => removed successfully
"HKU\S-1-5-21-1072221882-492732373-972231997-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Synchronizer" => removed successfully
"HKU\S-1-5-21-1072221882-492732373-972231997-1001\Software\Microsoft\Windows\CurrentVersion\Run\\QMxNetworkSync" => removed successfully
"HKU\S-1-5-21-1072221882-492732373-972231997-1001\Software\Microsoft\Windows\CurrentVersion\Run\\NoxMultiPlayer" => removed successfully
"HKU\S-1-5-21-1072221882-492732373-972231997-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Netmarble Launcher" => removed successfully
"HKU\S-1-5-21-1072221882-492732373-972231997-1001\Software\Microsoft\Windows\CurrentVersion\Run\\com.messenger" => removed successfully
"HKU\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Web Companion" => not found
"HKU\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Web Companion" => not found
"HKU\S-1-5-21-1072221882-492732373-972231997-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisallowRun" => removed successfully
"HKU\S-1-5-21-1072221882-492732373-972231997-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\\1" => removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKU\S-1-5-21-1072221882-492732373-972231997-1001\Software\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKU\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => not found
HKU\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\LogTransport2.exe => removed successfully
HKLM\System\CurrentControlSet\Services\rsAssistant => removed successfully
rsAssistant => service removed successfully
MpKsl72edc48c => service not found.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6FC00065-4A94-4AAE-8F09-5B1FAB981F1F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FC00065-4A94-4AAE-8F09-5B1FAB981F1F}" => removed successfully
C:\WINDOWS\System32\Tasks\Apple Diagnostics => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple Diagnostics" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B1F3D2C2-9991-4161-97F6-5684DCFD3140}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1F3D2C2-9991-4161-97F6-5684DCFD3140}" => removed successfully
C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1644079984 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1644079984" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD1C90BC-1C3B-40BA-862E-2C69771F77C7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD1C90BC-1C3B-40BA-862E-2C69771F77C7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FC00065-4A94-4AAE-8F09-5B1FAB981F1F}" => not found
"C:\WINDOWS\System32\Tasks\Apple Diagnostics" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple Diagnostics" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1F3D2C2-9991-4161-97F6-5684DCFD3140}" => not found
"C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1644079984" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1644079984" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{0B0DDDB6-E65E-47F8-8208-D5E92F405AB3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B0DDDB6-E65E-47F8-8208-D5E92F405AB3}" => removed successfully
C:\WINDOWS\System32\Tasks\AVG\Overseer => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG\Overseer" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
C:\Users\Windows10\Application Data => ":955d2a2f697b1c9b40c63a2dd2b7d393" ADS removed successfully
"C:\Users\Windows10\AppData\Roaming" => ":955d2a2f697b1c9b40c63a2dd2b7d393" ADS not found.
"C:\Users\Windows10\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpih" => not found
HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf => removed successfully
HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf => removed successfully
HKU\.DEFAULT\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf => removed successfully
"C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll" => not found
HKU\.DEFAULT\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf => removed successfully
"C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll" => not found
HKU\.DEFAULT\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf => removed successfully
"C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll" => not found
HKU\S-1-5-21-1072221882-492732373-972231997-1001\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf => removed successfully
"C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll" => not found
HKU\S-1-5-21-1072221882-492732373-972231997-1001\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf => removed successfully
"C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll" => not found
HKU\S-1-5-21-1072221882-492732373-972231997-1001\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf => removed successfully
"C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll" => not found
HKU\S-1-5-21-1072221882-492732373-972231997-1001_Classes\CLSID\{14100442-9664-1407-2647-000000000000} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BtSendToMenuEx => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => removed successfully
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset resetlog.txt =========
 
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright Microsoft Corp.
 
Unable to cancel {739621A8-27FB-4BA7-86BB-C698C95B6F93}.
{9A0FE231-F2EB-4388-8E2A-9D72A918E1CF} canceled.
{CA8F50B0-045B-4316-B20E-F5836F5FB5B1} canceled.
{4DEED7A4-BC2C-4A99-A233-5F7FCFB4D384} canceled.
{14B1254F-57BB-418D-ADB8-621FD9A400BE} canceled.
{60C67052-5AB2-40D8-8223-4006B94C2419} canceled.
{41563870-FFF7-4DE3-8765-AC556AF86459} canceled.
{8112D207-34AD-4CE7-B05B-E779A3EC4E97} canceled.
{3D2B7FC8-64D0-475B-A264-579854D26240} canceled.
{AE784E7F-F862-4C44-8CD3-0E4DCFE02C8B} canceled.
{F5323626-43CE-4ECB-8532-1FA34C953E4C} canceled.
{8F46732B-A1A6-4734-9C25-972DC1EC57F1} canceled.
11 out of 12 jobs canceled.
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
 
 
========= End of RemoveProxy: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 209818371 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 768468344 B
Windows/system/drivers => 38641132 B
Edge => 3255092 B
Chrome => 4660600039 B
Firefox => 1089260595 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 2419871 B
NetworkService => 179894825 B
Windows10 => 9231868788 B
 
RecycleBin => 145718613 B
EmptyTemp: => 15.2 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 09:59:09 ====

#11 Calyxes

Calyxes
  • Topic Starter

  • Avatar image
  • Members
  • 35 posts
  • OFFLINE
    •  

Posted 29 April 2023 - 01:11 AM

Attached here is the search.txt

Thank you

Attached Files


#12 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 62,345 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:36 PM

Posted 29 April 2023 - 03:29 PM

Thank you.

Here is our next step.

===================================================

Farbar Recovery Scan Tool Fix

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
  • There is no need to paste the information anywhere, FRST will do it for you
Start::
CloseProcesses:
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\Lavasoft.WCAssistant.WinService.exe.log
C:\Windows\Prefetch\WINXVIDEOPROCCONVERTER5.5.0.E-1E8421BC.pf
C:\Windows\Prefetch\WONDERSHARE HELPER COMPACT.TM-01761C6D.pf
C:\Windows\Prefetch\WONDERSHARE NATIVEPUSH_14416_-B6140321.pf
C:\Windows\Prefetch\WONDERSHARE UNICONVERTER UPDA-5CF44B5D.pf
C:\Windows\Prefetch\WONDERSHARE UNICONVERTER UPDA-8CFA6282.pf
C:\Users\Windows10\AppData\Roaming\WebStorage\Logs\AWS-Wondershare Filmora9.txt
C:\Users\Windows10\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_Wondershare_Wondershare Filmora Update_Wondershare Filmora Update_exe
C:\Users\Windows10\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_VideoProc_VideoProcConverter_exe
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\mcafee_wa_crypto_learn.js
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\web_advisor\mcafee_brand.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\web_advisor\mcafee_logo.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\web_advisor\mcafee_slogan_white.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\web_advisor\mcafee_webadvisor_logo.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\web_advisor\white_mcafee_icon.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\settings\mcafee-shield-pattern.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\crypto\mcafee-white.png
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\advanced_protection_signals\mcafee-logo.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\html\mcafee_wa_crypto_learn.html
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\css\mcafee_wa_crypto_learn.css
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3111_0\mcafee_wa_crypto_learn.js
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3111_0\sourceMap\mcafee_wa_crypto_learn.js.map
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3111_0\sourceMap\css\mcafee_wa_crypto_learn.css.map
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3111_0\images\web_advisor\mcafee_brand.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3111_0\images\web_advisor\mcafee_logo.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3111_0\images\web_advisor\mcafee_slogan_white.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3111_0\images\web_advisor\mcafee_webadvisor_logo.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3111_0\images\web_advisor\white_mcafee_icon.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3111_0\images\settings\mcafee-shield-pattern.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3111_0\images\crypto\mcafee-white.png
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3111_0\images\advanced_protection_signals\mcafee-logo.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3111_0\html\mcafee_wa_crypto_learn.html
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3111_0\css\mcafee_wa_crypto_learn.css
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 14\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2647_0\mcafee_wa_crypto_learn.js
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 14\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2647_0\images\web_advisor\mcafee_brand.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 14\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2647_0\images\web_advisor\mcafee_logo.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 14\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2647_0\images\web_advisor\mcafee_slogan_white.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 14\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2647_0\images\web_advisor\mcafee_webadvisor_logo.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 14\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2647_0\images\web_advisor\white_mcafee_icon.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 14\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2647_0\images\settings\mcafee-shield-pattern.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 14\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2647_0\images\crypto\mcafee-white.png
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 14\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2647_0\images\advanced_protection_signals\mcafee-logo.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 14\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2647_0\html\mcafee_wa_crypto_learn.html
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 14\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2647_0\css\mcafee_wa_crypto_learn.css
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\mcafee_wa_crypto_learn.js
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\web_advisor\mcafee_brand.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\web_advisor\mcafee_logo.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\web_advisor\mcafee_slogan_white.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\web_advisor\mcafee_webadvisor_logo.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\web_advisor\white_mcafee_icon.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\settings\mcafee-shield-pattern.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\crypto\mcafee-white.png
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\advanced_protection_signals\mcafee-logo.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\html\mcafee_wa_crypto_learn.html
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\css\mcafee_wa_crypto_learn.css
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3218_0\mcafee_wa_crypto_learn.js
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3218_0\images\web_advisor\mcafee_brand.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3218_0\images\web_advisor\mcafee_logo.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3218_0\images\web_advisor\mcafee_slogan_white.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3218_0\images\web_advisor\mcafee_webadvisor_logo.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3218_0\images\web_advisor\white_mcafee_icon.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3218_0\images\settings\mcafee-shield-pattern.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3218_0\images\crypto\mcafee-white.png
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3218_0\images\advanced_protection_signals\mcafee-logo.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3218_0\html\mcafee_wa_crypto_learn.html
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3218_0\css\mcafee_wa_crypto_learn.css
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3168_0\mcafee_wa_crypto_learn.js
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3168_0\images\web_advisor\mcafee_brand.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3168_0\images\web_advisor\mcafee_logo.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3168_0\images\web_advisor\mcafee_slogan_white.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3168_0\images\web_advisor\mcafee_webadvisor_logo.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3168_0\images\web_advisor\white_mcafee_icon.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3168_0\images\settings\mcafee-shield-pattern.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3168_0\images\crypto\mcafee-white.png
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3168_0\images\advanced_protection_signals\mcafee-logo.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3168_0\html\mcafee_wa_crypto_learn.html
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3168_0\css\mcafee_wa_crypto_learn.css
C:\ProgramData\Intel\ShaderCache\Wondershare Filmora X_0
C:\ProgramData\Intel\ShaderCache\Wondershare Filmora X_1
C:\ProgramData\Intel\ShaderCache\Wondershare Filmora9_0
C:\ProgramData\Intel\ShaderCache\Wondershare Filmora9_1
2016-04-20 10:50 - 2016-04-20 10:50 ____A C:\Windows\ASUS\oobeEula\Mcafee
2023-04-27 19:17 - 2023-04-27 19:18 _____ C:\Users\Windows10\Videos\VideoProc Converter
2023-04-27 19:17 - 2023-04-27 19:31 _____ C:\Users\Windows10\Pictures\VideoProc Converter
2023-04-27 19:17 - 2023-04-27 19:18 _____ C:\Users\Windows10\Music\VideoProc Converter
2016-08-26 14:19 - 2016-08-26 14:19 _____ C:\Users\Windows10\AppData\Roaming\Macromedia
2020-08-24 00:40 - 2023-04-18 01:02 _____ C:\Users\Windows10\AppData\Local\Wondershare
2022-01-29 16:03 - 2022-02-05 22:12 _____ C:\Users\Public\Documents\Wondershare
2016-04-20 10:47 - 2023-04-28 15:31 _____ C:\ProgramData\McAfee
2016-11-01 14:14 - 2016-11-01 14:14 _____ C:\Program Files (x86)\McAfee
2016-11-01 14:14 - 2016-11-01 14:14 _____ C:\Program Files (x86)\Common Files\McAfee
2016-11-01 14:14 - 2016-11-01 14:14 _____ C:\Program Files\Common Files\McAfee
2016-11-01 14:14 - 2016-11-01 14:14 _____ C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware
2023-04-18 00:23 - 2023-04-18 00:38 _____ C:\FRST\Quarantine\C\Users\Windows10\AppData\Roaming\Wondershare
2023-04-27 19:06 - 2023-04-27 19:31 _____ C:\FRST\Quarantine\C\Users\Windows10\AppData\Roaming\Digiarty\VideoProc Converter
2020-08-24 00:42 - 2023-04-18 01:00 _____ C:\FRST\Quarantine\C\ProgramData\Wondershare
2022-02-05 21:59 - 2023-04-18 00:59 _____ C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2022-02-05 22:09 - 2022-02-05 22:09 _____ C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare\Wondershare Filmora Update
2023-04-27 19:04 - 2023-04-27 19:34 _____ C:\FRST\Quarantine\C\Program Files (x86)\VideoProc
2023-04-18 00:20 - 2023-04-18 01:00 _____ C:\FRST\Quarantine\C\Program Files\Wondershare
2016-04-20 10:00 - 2016-04-20 10:00 _____ C:\eSupport\eDriver\Software\McAFee
2016-04-20 10:00 - 2016-04-20 10:00 _____ C:\eSupport\eDriver\Software\McAFee\McAfee Internet Security
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{291EE2A7-BFA5-4e9e-A358-C93655556A6C}|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71F96464-78F3-11D0-A18C-00A0C9118956}|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AB0000C-FECE-4D1F-A2AC-A9573530656E}|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{291EE2A7-BFA5-4e9e-A358-C93655556A6C}|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{71F96464-78F3-11D0-A18C-00A0C9118956}|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6AB0000C-FECE-4D1F-A2AC-A9573530656E}|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{a4112d1a-6dfa-476e-bb75-e350d24934e1}\ChannelReferences\0|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{a4112d1a-6dfa-476e-bb75-e350d24934e1}\ChannelReferences\1|""
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\ResourcePolicyStore\ResourceSets\Policies\ExternalResources\BackgroundAudioPlayer|MultimediaVideoProcessor
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\ResourcePolicyStore\ResourceSets\Policies\ExternalResources\EmCreateProcess|MultimediaVideoProcessor
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\ResourcePolicyStore\ResourceSets\Policies\ExternalResources\ExtendedExecution|MultimediaVideoProcessor
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\ResourcePolicyStore\ResourceSets\Policies\ExternalResources\FileProviderTarget|MultimediaVideoProcessor
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\ResourcePolicyStore\ResourceSets\Policies\ExternalResources\Pausing|MultimediaVideoProcessor
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\ResourcePolicyStore\ResourceSets\Policies\ExternalResources\PPLE|MultimediaVideoProcessor
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\ResourcePolicyStore\ResourceSets\Policies\ExternalResources\ResourceIntensive|MultimediaVideoProcessor
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\ResourcePolicyStore\ResourceSets\Policies\ExternalResources\StandardExternalResources|MultimediaVideoProcessor
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\ResourcePolicyStore\ResourceSets\Policies\ExternalResources\UiExtended|MultimediaVideoProcessor
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\ResourcePolicyStore\ResourceSets\Policies\ExternalResources\VoipBackground|MultimediaVideoProcessor
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\ResourcePolicyStore\ResourceSets\Policies\ExternalResources\VoipCall|MultimediaVideoProcessor
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\ResourcePolicyStore\ResourceSets\Policies\ExternalResources\VoipLegacy|MultimediaVideoProcessor
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\ResourcePolicyStore\ResourceSets\Policies\ExternalResources\WebAuthSignIn|MultimediaVideoProcessor
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaInterfaces\{C6E13360-30AC-11d0-A18C-00A0C9118956}|""
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaSets\{C6E13360-30AC-11d0-A18C-00A0C9118956}\PropertyPages\{71F96464-78F3-11d0-A18C-00A0C9118956}|""
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-1072221882-492732373-972231997-1001|\Device\HarddiskVolume3\Program Files (x86)\VideoProc\VideoProcConverter.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\702ca3b4_0|""
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched|{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\VideoProc\VideoProcConverter.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\UFH\SHC|1
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|D:\Downloads\DeleteValue: FTUApps.com] - VideoProc Converter v5.5.0 Multilingual Pre-Activated\WinXVideoProcConverter5.5.0.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files (x86)\VideoProc\VideoProcConverter.exe
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15AF52F6-E83C-4228-95FE-4407687CEFBF}\InprocServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C1CD4CD-9359-4A9D-A0FA-9E809E873CA6}\InprocServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{590AB12E-F706-4BA8-9D08-A1EEC69A687D}\InProcServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84D248DA-52CD-442c-B6AE-28F143DB1E33}\InprocServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D905F5A4-15B0-4B47-99D8-CE0230557148}\LocalServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D905F5A4-15B0-4B47-99D8-CE0230557148}\LocalServer32|ServerExecutable
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA32C9C5-1147-402A-A127-E0E169E9E9B4}\InprocServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E782BE15-9936-4A7F-8DF9-9AB95D229DF1}\LocalServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E782BE15-9936-4A7F-8DF9-9AB95D229DF1}\LocalServer32|ServerExecutable
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{309437E9-DE9F-4005-8C66-B1A74D6A23C2}\1.0\0\win64|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{309437E9-DE9F-4005-8C66-B1A74D6A23C2}\1.0\HELPDIR|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{75C34846-0EA8-41F7-90FD-55B2EC33C97F}\1.0|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{75C34846-0EA8-41F7-90FD-55B2EC33C97F}\1.0\0\win64|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{75C34846-0EA8-41F7-90FD-55B2EC33C97F}\1.0\HELPDIR|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DCAEB2CC-5FB4-4BDA-A835-A7707130400C}\1.0\0\win64|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DCAEB2CC-5FB4-4BDA-A835-A7707130400C}\1.0\HELPDIR|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DDFB9D95-CC5A-455F-9800-361B7C9D1E7E}\1.0\0\win64|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DDFB9D95-CC5A-455F-9800-361B7C9D1E7E}\1.0\HELPDIR|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E3E78E39-3EA4-4E98-A185-999797E3EA0A}\1.0\0\win64|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E3E78E39-3EA4-4E98-A185-999797E3EA0A}\1.0\HELPDIR|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A95B959F-64A9-43E4-A874-C8A77905854A}\InprocServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\webadvisor.mcafee.chrome.extension|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\McInst\InstallSettings|Install Dir
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\UPDMGR\InstallSettings|Install Dir
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\webadvisor.mcafee.chrome.extension|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DAABE21E-DB8C-49b8-9511-9E6547ECBC6F}|AppPath
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder|McAfee Security Scan Plus.lnk
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\NativeMessagingHosts\webadvisor.mcafee.chrome.extension|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Chrome\NativeMessagingHosts\webadvisor.mcafee.chrome.extension|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\McAfee\McInst\InstallSettings|Install Dir
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\McAfee\SharedModules\c:%progra~2%common~1%mcafee%instal~1%mcinst.exe|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\McAfee\UPDMGR\InstallSettings|Install Dir
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Edge\NativeMessagingHosts\webadvisor.mcafee.chrome.extension|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DAABE21E-DB8C-49b8-9511-9E6547ECBC6F}|AppPath
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Mozilla\NativeMessagingHosts\webadvisor.mcafee.chrome.extension|""
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-1072221882-492732373-972231997-1001|\Device\HarddiskVolume3\Program Files\McAfee Security Scan\3.11.1137\McUICnt.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\DownloadManager\1235|owWPage
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\DownloadManager\499|owWPage
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched|{6D809377-6AF0-444B-8957-A3773F02200E}\McAfee\WebAdvisor\uihost.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\ShowJumpView|{6D809377-6AF0-444B-8957-A3773F02200E}\McAfee\WebAdvisor\uihost.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{E563CFF8-2873-448B-956E-483A6CCDC71E}|AppPath
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\mcafee\msc\mcuihost.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\McAfee Security Scan\3.11.681\McUICnt.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\McAfee Security Scan\uninstall.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\McAfee\WebAdvisor\uninstaller.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\McAfee\WebAdvisor\uihost.exe.FriendlyAppName
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\McAfee\WebAdvisor\uihost.exe.ApplicationCompany
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E962A61-DFC4-49B1-B7AE-91FBAFB7191C}\InprocServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{564F2F1E-E001-41D2-8459-9C9B865CC6B0}\InprocServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47d4-9D2C-303115707939}\LocalServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD83011E-01D1-4623-91FD-6B75F183C5A9}\InprocServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{05C2CB2D-A42E-3709-81D5-67C9E7E1C1CF}\1.0.0.0|Class
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{05C2CB2D-A42E-3709-81D5-67C9E7E1C1CF}\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{123AFA2B-32E6-34D9-A628-601053277318}\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{28E2D8EC-DED8-3EEF-AEAF-3F3749C4F0E5}\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{2D424708-228B-37A1-9AAE-BE8A14A8D87F}\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{45698A01-851C-3937-B3FA-54E6EF05C89A}\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{48FB197F-66B3-33FA-9B2F-8E25240818B0}\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{4B904E63-C9F3-3725-8E1F-58B5BFE13A4E}\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{541FB261-F7D3-3C91-BAC9-49CE3F635D6A}\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{7625870B-CC1B-31E0-9DB2-60DB1E5BCB08}\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{8BB41A4A-C64C-328A-A80F-159BFE391EB4}\1.0.0.0|Class
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{8BB41A4A-C64C-328A-A80F-159BFE391EB4}\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{9181627E-CBB5-3401-8A57-163CF4276253}\1.0.0.0|Class
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{9181627E-CBB5-3401-8A57-163CF4276253}\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{9C49D7A2-5D77-39D3-ABF4-6772690D6A71}\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{9D314338-013A-3679-B7F9-D6FD2C1AD5A8}\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{A6E61D83-DC0F-3F2E-9AA1-BACC7CD056CF}\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{A8299CF1-2427-302E-9FC2-CF921D2216FE}\1.0.0.0|Class
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{A8299CF1-2427-302E-9FC2-CF921D2216FE}\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{AB80A9AC-684E-334C-A4D4-C1FDA22AFA40}\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{B171F5B4-0B1D-3EAC-ACB7-665F326E3652}\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{BD0A682A-3D52-3CBC-BC08-5F253F5A4CCE}\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{ECB43121-D1E0-30FF-9EED-684B265CD7A7}\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{F0C6C8C5-1048-3565-B31B-B7D0072CF745}\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4171D4F1-18BA-4CF9-AFDA-AAC12C91BB44}\1.0\0\win32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4171D4F1-18BA-4CF9-AFDA-AAC12C91BB44}\1.0\HELPDIR|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BA975139-E81E-415B-81E0-4F0A129172FC}\1.0\0\win64|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BA975139-E81E-415B-81E0-4F0A129172FC}\1.0\HELPDIR|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C564F43A-83E2-41A9-8655-905AC1E13193}\1.0\0\win32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C564F43A-83E2-41A9-8655-905AC1E13193}\1.0\HELPDIR|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C91DBF93-5FEB-4761-8E72-936C6118C6F6}\3.0\0\win32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C91DBF93-5FEB-4761-8E72-936C6118C6F6}\3.0\HELPDIR|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D7C57A97-4CC2-439C-8D0B-D4700309225D}\1.0\0\win64|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D7C57A97-4CC2-439C-8D0B-D4700309225D}\1.0\HELPDIR|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D85C6069-D628-4276-93C3-9A94E5338D8B}\1.1\0\win32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D85C6069-D628-4276-93C3-9A94E5338D8B}\1.1\HELPDIR|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\UniConverter14.AssocFile.USE\DefaultIcon|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\UniConverter14.AssocFile.USE\shell\open\command|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.BurnProgress|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.BurnProgressData|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.BurnSourceList|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.CDBurnCore|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.ConvertProgress|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.EraseProgress|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.RemoteMediaBurner|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1CB5C1BD-2E68-3CD5-AD84-93D626300220}|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1CB5C1BD-2E68-3CD5-AD84-93D626300220}\InprocServer32|Class
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1CB5C1BD-2E68-3CD5-AD84-93D626300220}\InprocServer32|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1CB5C1BD-2E68-3CD5-AD84-93D626300220}\InprocServer32\1.0.0.0|Class
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1CB5C1BD-2E68-3CD5-AD84-93D626300220}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1CB5C1BD-2E68-3CD5-AD84-93D626300220}\ProgId|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{27354123-7F64-5B0F-8F00-5D77AFBE261E}\InprocServer32|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{27354123-7F64-5B0F-8F00-5D77AFBE261E}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FC6-975B-59BE-A960-9A2A262853A5}\InprocServer32|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FC6-975B-59BE-A960-9A2A262853A5}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FC7-975B-59BE-A960-9A2A262853A5}\InprocServer32|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FC7-975B-59BE-A960-9A2A262853A5}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FC8-975B-59BE-A960-9A2A262853A5}\InprocServer32|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FC8-975B-59BE-A960-9A2A262853A5}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FC9-975B-59BE-A960-9A2A262853A5}\InprocServer32|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FC9-975B-59BE-A960-9A2A262853A5}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FCA-975B-59BE-A960-9A2A262853A5}\InprocServer32|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FCA-975B-59BE-A960-9A2A262853A5}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FCB-975B-59BE-A960-9A2A262853A5}\InprocServer32|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FCB-975B-59BE-A960-9A2A262853A5}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FCC-975B-59BE-A960-9A2A262853A5}\InprocServer32|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FCC-975B-59BE-A960-9A2A262853A5}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{476D46AF-0DCE-3362-B51B-98197FDCDBA9}|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{476D46AF-0DCE-3362-B51B-98197FDCDBA9}\InprocServer32|Class
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{476D46AF-0DCE-3362-B51B-98197FDCDBA9}\InprocServer32|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{476D46AF-0DCE-3362-B51B-98197FDCDBA9}\InprocServer32\1.0.0.0|Class
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{476D46AF-0DCE-3362-B51B-98197FDCDBA9}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{476D46AF-0DCE-3362-B51B-98197FDCDBA9}\ProgId|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{67F088BB-F178-3693-A443-130A0659EA3E}|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{67F088BB-F178-3693-A443-130A0659EA3E}\InprocServer32|Class
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{67F088BB-F178-3693-A443-130A0659EA3E}\InprocServer32|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{67F088BB-F178-3693-A443-130A0659EA3E}\InprocServer32\1.0.0.0|Class
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{67F088BB-F178-3693-A443-130A0659EA3E}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{67F088BB-F178-3693-A443-130A0659EA3E}\ProgId|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B47D9895-FCDB-3B49-AEA9-76D3266605DF}|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B47D9895-FCDB-3B49-AEA9-76D3266605DF}\InprocServer32|Class
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B47D9895-FCDB-3B49-AEA9-76D3266605DF}\InprocServer32|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B47D9895-FCDB-3B49-AEA9-76D3266605DF}\InprocServer32\1.0.0.0|Class
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B47D9895-FCDB-3B49-AEA9-76D3266605DF}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B47D9895-FCDB-3B49-AEA9-76D3266605DF}\ProgId|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C3E5A776-669A-32B8-A8AE-651A059516DE}|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C3E5A776-669A-32B8-A8AE-651A059516DE}\InprocServer32|Class
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C3E5A776-669A-32B8-A8AE-651A059516DE}\InprocServer32|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C3E5A776-669A-32B8-A8AE-651A059516DE}\InprocServer32\1.0.0.0|Class
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C3E5A776-669A-32B8-A8AE-651A059516DE}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C3E5A776-669A-32B8-A8AE-651A059516DE}\ProgId|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9026FCF-C95F-4445-A97E-C1846A7174AC}\LocalServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9026FCF-C95F-4445-A97E-C1846A7174AC}\LocalServer32|ServerExecutable
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DEF255FE-288E-48DE-ADA8-9B60D7ED7A38}|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DEF255FE-288E-48DE-ADA8-9B60D7ED7A38}|LocalizedString
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DEF255FE-288E-48DE-ADA8-9B60D7ED7A38}\LocalServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DEF255FE-288E-48DE-ADA8-9B60D7ED7A38}\ProgId|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EE1B1EFE-DFEA-3FA2-AA4F-08D1BAE8BE84}|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EE1B1EFE-DFEA-3FA2-AA4F-08D1BAE8BE84}\InprocServer32|Class
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EE1B1EFE-DFEA-3FA2-AA4F-08D1BAE8BE84}\InprocServer32|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EE1B1EFE-DFEA-3FA2-AA4F-08D1BAE8BE84}\InprocServer32\1.0.0.0|Class
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EE1B1EFE-DFEA-3FA2-AA4F-08D1BAE8BE84}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EE1B1EFE-DFEA-3FA2-AA4F-08D1BAE8BE84}\ProgId|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Wondershare Filmora9.exe
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Wondershare Filmora X.exe
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Wondershare|ExePath
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Wondershare\846|UninstallJumpPage
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Volatile\00\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{27354128-7F64-5B0F-8F00-5D77AFBE261E}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Volatile\00\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{27354129-7F64-5B0F-8F00-5D77AFBE261E}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Volatile\00\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2735412A-7F64-5B0F-8F00-5D77AFBE261E}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Volatile\00\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2735412B-7F64-5B0F-8F00-5D77AFBE261E}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Volatile\00\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2735412C-7F64-5B0F-8F00-5D77AFBE261E}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Volatile\00\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2735412D-7F64-5B0F-8F00-5D77AFBE261E}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Volatile\00\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2735412E-7F64-5B0F-8F00-5D77AFBE261E}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Volatile\00\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FC5-975B-59BE-A960-9A2A262853A5}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Volatile\00\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FCE-975B-59BE-A960-9A2A262853A5}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Wondershare\Wondershare Helper Compact|DataLastRoom
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Wondershare\Wondershare Helper Compact|DataCurrentRoom
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\DirectInput\MostRecentApplication|Name
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\DirectInput\MostRecentApplication|Id
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\DirectInput\WONDERSHARE FILMORA X.EXE61A4CF40001B3920|Name
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\DirectInput\WONDERSHARE FILMORA X.EXE61AF0B25001B7520|Name
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\bb5841dc_0|""
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\f810f5d5_0|""
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched|{6D809377-6AF0-444B-8957-A3773F02200E}\Wondershare\Filmora9\Wondershare Filmora9.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched|{6D809377-6AF0-444B-8957-A3773F02200E}\Wondershare\Filmora9\EffectsInstaller.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched|C:\Users\Windows10\Downloads\Data\Wondershare Filmora\local\stubexe\0xC7FBA366B8307207\Wondershare Filmora X.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched|{6D809377-6AF0-444B-8957-A3773F02200E}\Wondershare\Wondershare Filmora\Wondershare Filmora X.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched|{6D809377-6AF0-444B-8957-A3773F02200E}\Wondershare\UniConverter 14\VCPlayer.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\ShowJumpView|{6D809377-6AF0-444B-8957-A3773F02200E}\Wondershare\Filmora9\Wondershare Filmora9.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\OpenWithList|e
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\OpenWithList|i
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\OpenWithList|c
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webm\OpenWithList|c
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wfp\OpenWithList|a
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\OpenWithList|b
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|D:\Downloads\Wondershare Filmora 9.1.2.7 (x64) Multilingual Pre-Activated\Filmora.9.1.2.7\Filmora.v9.1.2.7.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\Wondershare\Filmora9\Wondershare Filmora9.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\unins000.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\Wondershare\Filmora9\unins001.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Users\Windows10\Downloads\Wondershare Filmora X 10.7.10.0 Portable\Filmora\Filmora\Wondershare Filmora X.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Users\Windows10\Downloads\Wondershare Filmora X 10.7.10.0 Portable\Filmora\Filmora.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Users\Windows10\Documents\Wondershare\Wondershare Filmora\Filmora.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Users\Windows10\Downloads\Wondershare Filmora X 10.7.10.0 Portable\Filmora\Filmora\Filmora.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Users\Windows10\Downloads\Wondershare Filmora X.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|D:\Downloads\Wondershare Filmora X 10.1.21.0 incl activator DeleteValue: CrackingPatching]\filmora_64bit_full846.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\Wondershare\Wondershare Filmora\unins000.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|D:\Downloads\Wondershare UniConverter v14.1.15.171 (x64) + Fix {CracksHash}\Setup\uniconverter14_64bit_full14204.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\Wondershare\UniConverter 14\VCPlayer.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\Wondershare\UniConverter 14\unins000.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Users\Windows10\AppData\Local\Wondershare\Wondershare NativePush\unins000.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers|C:\Users\Windows10\Downloads\Wondershare Filmora X.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Spoon\SandboxCache\3D407BEB9C5C172A\roaming\modified\@HKLM@\Software\Wondershare\846|UninstallJumpPage
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Wondershare\Wondershare Helper Compact|InstallPath
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Classes\AppUserModelId\Wondershare.NotificationApp|DisplayName
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Classes\AppUserModelId\Wondershare.NotificationApp|IconUri
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Wondershare\Filmora9\Wondershare Filmora9.exe.FriendlyAppName
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Wondershare\Filmora9\Wondershare Filmora9.exe.ApplicationCompany
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Wondershare\UniConverter 14\VCPlayer.exe.FriendlyAppName
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Wondershare\UniConverter 14\VCPlayer.exe.ApplicationCompany
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-1072221882-492732373-972231997-1001|\Device\HarddiskVolume3\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\DownloadManager\1579|FileName
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\DownloadManager\1579|Cookie
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\DownloadManager\1579|Url0
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\DownloadManager\1579|U0_c
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\VideoProcConverter.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\MedaFoundationVideoProc
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\MedaFoundationVideoProcD3D
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\webadvisor.mcafee.chrome.extension
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\McAfee
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\McAfee.com
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\mcafeeupdater
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\webadvisor.mcafee.chrome.extension
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\McAfee Trust
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\NativeMessagingHosts\webadvisor.mcafee.chrome.extension
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Chrome\NativeMessagingHosts\webadvisor.mcafee.chrome.extension
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\McAfee
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\McAfee\SharedModules\c:%progra~2%common~1%mcafee%instal~1%mcinst.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\McAfee.com
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\mcafeeupdater
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Edge\NativeMessagingHosts\webadvisor.mcafee.chrome.extension
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\SystemCertificates\McAfee Trust
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Mozilla\NativeMessagingHosts\webadvisor.mcafee.chrome.extension
DeleteKey: HKEY_USERS\.DEFAULT\Software\McAfee
DeleteKey: HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\McAfee Trust
DeleteKey: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\SystemCertificates\McAfee Trust
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.BurnProgress
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.BurnProgressData
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.BurnSourceList
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.CDBurnCore
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.ConvertProgress
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.EraseProgress
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.RemoteMediaBurner
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\Wondershare Filmora X.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\Wondershare Filmora9.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wondershare
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wondershare\Wondershare Helper Compact
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Wondershare
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Wondershare\Wondershare Filmora
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Wondershare\Wondershare Helper Compact
DeleteKey: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\BugSplat\wondershare_filmora_9_0_win
DeleteKey: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\BugSplat\wondershare_filmora_9_0_win\Wondershare Filmora 9.0
DeleteKey: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\BugSplat\wondershare_filmora_x_win
DeleteKey: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\BugSplat\wondershare_filmora_x_win\Wondershare Filmora X
DeleteKey: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\DirectInput\WONDERSHARE FILMORA X.EXE61A4CF40001B3920
DeleteKey: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\DirectInput\WONDERSHARE FILMORA X.EXE61AF0B25001B7520
DeleteKey: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\microphone\NonPackaged\C:#Program Files#Wondershare#Filmora9#Wondershare Filmora9.exe
DeleteKey: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Spoon\SandboxCache\3D407BEB9C5C172A\roaming\modified\@HKLM@\Software\Wondershare
DeleteKey: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Wondershare
DeleteKey: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Wondershare\Wondershare Helper Compact
DeleteKey: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Classes\AppUserModelId\Wondershare.NotificationApp
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Lavasoft
DeleteKey: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Lavasoft
cmd: net stop bits
Move: C:\ProgramData\Microsoft\Network\Downloader\qmgr*.db C:\ProgramData\Microsoft\Network\Downloader\qmgr*.db.old
cmd: net start bits 
cmd:  bitsadmin /list /allusers
End::
  • Click Fix
  • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • How is the computer running?

Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come

#13 Calyxes

Calyxes
  • Topic Starter

  • Avatar image
  • Members
  • 35 posts
  • OFFLINE
    •  

Posted 29 April 2023 - 06:37 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-04-2023
Ran by Windows10 (30-04-2023 07:28:03) Run:2
Running from C:\Users\Windows10\Desktop
Loaded Profiles: Windows10
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
CloseProcesses:
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\Lavasoft.WCAssistant.WinService.exe.log
C:\Windows\Prefetch\WINXVIDEOPROCCONVERTER5.5.0.E-1E8421BC.pf
C:\Windows\Prefetch\WONDERSHARE HELPER COMPACT.TM-01761C6D.pf
C:\Windows\Prefetch\WONDERSHARE NATIVEPUSH_14416_-B6140321.pf
C:\Windows\Prefetch\WONDERSHARE UNICONVERTER UPDA-5CF44B5D.pf
C:\Windows\Prefetch\WONDERSHARE UNICONVERTER UPDA-8CFA6282.pf
C:\Users\Windows10\AppData\Roaming\WebStorage\Logs\AWS-Wondershare Filmora9.txt
C:\Users\Windows10\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_Wondershare_Wondershare Filmora Update_Wondershare Filmora Update_exe
C:\Users\Windows10\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_VideoProc_VideoProcConverter_exe
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\mcafee_wa_crypto_learn.js
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\web_advisor\mcafee_brand.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\web_advisor\mcafee_logo.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\web_advisor\mcafee_slogan_white.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\web_advisor\mcafee_webadvisor_logo.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\web_advisor\white_mcafee_icon.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\settings\mcafee-shield-pattern.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\crypto\mcafee-white.png
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\advanced_protection_signals\mcafee-logo.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\html\mcafee_wa_crypto_learn.html
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\css\mcafee_wa_crypto_learn.css
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3111_0\mcafee_wa_crypto_learn.js
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3111_0\sourceMap\mcafee_wa_crypto_learn.js.map
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3111_0\sourceMap\css\mcafee_wa_crypto_learn.css.map
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3111_0\images\web_advisor\mcafee_brand.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3111_0\images\web_advisor\mcafee_logo.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3111_0\images\web_advisor\mcafee_slogan_white.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3111_0\images\web_advisor\mcafee_webadvisor_logo.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3111_0\images\web_advisor\white_mcafee_icon.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3111_0\images\settings\mcafee-shield-pattern.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3111_0\images\crypto\mcafee-white.png
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3111_0\images\advanced_protection_signals\mcafee-logo.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3111_0\html\mcafee_wa_crypto_learn.html
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3111_0\css\mcafee_wa_crypto_learn.css
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 14\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2647_0\mcafee_wa_crypto_learn.js
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 14\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2647_0\images\web_advisor\mcafee_brand.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 14\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2647_0\images\web_advisor\mcafee_logo.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 14\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2647_0\images\web_advisor\mcafee_slogan_white.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 14\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2647_0\images\web_advisor\mcafee_webadvisor_logo.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 14\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2647_0\images\web_advisor\white_mcafee_icon.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 14\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2647_0\images\settings\mcafee-shield-pattern.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 14\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2647_0\images\crypto\mcafee-white.png
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 14\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2647_0\images\advanced_protection_signals\mcafee-logo.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 14\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2647_0\html\mcafee_wa_crypto_learn.html
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 14\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2647_0\css\mcafee_wa_crypto_learn.css
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\mcafee_wa_crypto_learn.js
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\web_advisor\mcafee_brand.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\web_advisor\mcafee_logo.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\web_advisor\mcafee_slogan_white.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\web_advisor\mcafee_webadvisor_logo.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\web_advisor\white_mcafee_icon.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\settings\mcafee-shield-pattern.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\crypto\mcafee-white.png
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\advanced_protection_signals\mcafee-logo.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\html\mcafee_wa_crypto_learn.html
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\css\mcafee_wa_crypto_learn.css
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3218_0\mcafee_wa_crypto_learn.js
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3218_0\images\web_advisor\mcafee_brand.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3218_0\images\web_advisor\mcafee_logo.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3218_0\images\web_advisor\mcafee_slogan_white.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3218_0\images\web_advisor\mcafee_webadvisor_logo.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3218_0\images\web_advisor\white_mcafee_icon.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3218_0\images\settings\mcafee-shield-pattern.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3218_0\images\crypto\mcafee-white.png
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3218_0\images\advanced_protection_signals\mcafee-logo.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3218_0\html\mcafee_wa_crypto_learn.html
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3218_0\css\mcafee_wa_crypto_learn.css
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3168_0\mcafee_wa_crypto_learn.js
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3168_0\images\web_advisor\mcafee_brand.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3168_0\images\web_advisor\mcafee_logo.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3168_0\images\web_advisor\mcafee_slogan_white.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3168_0\images\web_advisor\mcafee_webadvisor_logo.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3168_0\images\web_advisor\white_mcafee_icon.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3168_0\images\settings\mcafee-shield-pattern.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3168_0\images\crypto\mcafee-white.png
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3168_0\images\advanced_protection_signals\mcafee-logo.svg
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3168_0\html\mcafee_wa_crypto_learn.html
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3168_0\css\mcafee_wa_crypto_learn.css
C:\ProgramData\Intel\ShaderCache\Wondershare Filmora X_0
C:\ProgramData\Intel\ShaderCache\Wondershare Filmora X_1
C:\ProgramData\Intel\ShaderCache\Wondershare Filmora9_0
C:\ProgramData\Intel\ShaderCache\Wondershare Filmora9_1
2016-04-20 10:50 - 2016-04-20 10:50 ____A C:\Windows\ASUS\oobeEula\Mcafee
2023-04-27 19:17 - 2023-04-27 19:18 _____ C:\Users\Windows10\Videos\VideoProc Converter
2023-04-27 19:17 - 2023-04-27 19:31 _____ C:\Users\Windows10\Pictures\VideoProc Converter
2023-04-27 19:17 - 2023-04-27 19:18 _____ C:\Users\Windows10\Music\VideoProc Converter
2016-08-26 14:19 - 2016-08-26 14:19 _____ C:\Users\Windows10\AppData\Roaming\Macromedia
2020-08-24 00:40 - 2023-04-18 01:02 _____ C:\Users\Windows10\AppData\Local\Wondershare
2022-01-29 16:03 - 2022-02-05 22:12 _____ C:\Users\Public\Documents\Wondershare
2016-04-20 10:47 - 2023-04-28 15:31 _____ C:\ProgramData\McAfee
2016-11-01 14:14 - 2016-11-01 14:14 _____ C:\Program Files (x86)\McAfee
2016-11-01 14:14 - 2016-11-01 14:14 _____ C:\Program Files (x86)\Common Files\McAfee
2016-11-01 14:14 - 2016-11-01 14:14 _____ C:\Program Files\Common Files\McAfee
2016-11-01 14:14 - 2016-11-01 14:14 _____ C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware
2023-04-18 00:23 - 2023-04-18 00:38 _____ C:\FRST\Quarantine\C\Users\Windows10\AppData\Roaming\Wondershare
2023-04-27 19:06 - 2023-04-27 19:31 _____ C:\FRST\Quarantine\C\Users\Windows10\AppData\Roaming\Digiarty\VideoProc Converter
2020-08-24 00:42 - 2023-04-18 01:00 _____ C:\FRST\Quarantine\C\ProgramData\Wondershare
2022-02-05 21:59 - 2023-04-18 00:59 _____ C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2022-02-05 22:09 - 2022-02-05 22:09 _____ C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare\Wondershare Filmora Update
2023-04-27 19:04 - 2023-04-27 19:34 _____ C:\FRST\Quarantine\C\Program Files (x86)\VideoProc
2023-04-18 00:20 - 2023-04-18 01:00 _____ C:\FRST\Quarantine\C\Program Files\Wondershare
2016-04-20 10:00 - 2016-04-20 10:00 _____ C:\eSupport\eDriver\Software\McAFee
2016-04-20 10:00 - 2016-04-20 10:00 _____ C:\eSupport\eDriver\Software\McAFee\McAfee Internet Security
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{291EE2A7-BFA5-4e9e-A358-C93655556A6C}|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71F96464-78F3-11D0-A18C-00A0C9118956}|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AB0000C-FECE-4D1F-A2AC-A9573530656E}|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{291EE2A7-BFA5-4e9e-A358-C93655556A6C}|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{71F96464-78F3-11D0-A18C-00A0C9118956}|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6AB0000C-FECE-4D1F-A2AC-A9573530656E}|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{a4112d1a-6dfa-476e-bb75-e350d24934e1}\ChannelReferences\0|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{a4112d1a-6dfa-476e-bb75-e350d24934e1}\ChannelReferences\1|""
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\ResourcePolicyStore\ResourceSets\Policies\ExternalResources\BackgroundAudioPlayer|MultimediaVideoProcessor
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\ResourcePolicyStore\ResourceSets\Policies\ExternalResources\EmCreateProcess|MultimediaVideoProcessor
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\ResourcePolicyStore\ResourceSets\Policies\ExternalResources\ExtendedExecution|MultimediaVideoProcessor
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\ResourcePolicyStore\ResourceSets\Policies\ExternalResources\FileProviderTarget|MultimediaVideoProcessor
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\ResourcePolicyStore\ResourceSets\Policies\ExternalResources\Pausing|MultimediaVideoProcessor
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\ResourcePolicyStore\ResourceSets\Policies\ExternalResources\PPLE|MultimediaVideoProcessor
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\ResourcePolicyStore\ResourceSets\Policies\ExternalResources\ResourceIntensive|MultimediaVideoProcessor
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\ResourcePolicyStore\ResourceSets\Policies\ExternalResources\StandardExternalResources|MultimediaVideoProcessor
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\ResourcePolicyStore\ResourceSets\Policies\ExternalResources\UiExtended|MultimediaVideoProcessor
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\ResourcePolicyStore\ResourceSets\Policies\ExternalResources\VoipBackground|MultimediaVideoProcessor
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\ResourcePolicyStore\ResourceSets\Policies\ExternalResources\VoipCall|MultimediaVideoProcessor
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\ResourcePolicyStore\ResourceSets\Policies\ExternalResources\VoipLegacy|MultimediaVideoProcessor
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\ResourcePolicyStore\ResourceSets\Policies\ExternalResources\WebAuthSignIn|MultimediaVideoProcessor
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaInterfaces\{C6E13360-30AC-11d0-A18C-00A0C9118956}|""
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaSets\{C6E13360-30AC-11d0-A18C-00A0C9118956}\PropertyPages\{71F96464-78F3-11d0-A18C-00A0C9118956}|""
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-1072221882-492732373-972231997-1001|\Device\HarddiskVolume3\Program Files (x86)\VideoProc\VideoProcConverter.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\702ca3b4_0|""
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched|{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\VideoProc\VideoProcConverter.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\UFH\SHC|1
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|D:\Downloads\DeleteValue: FTUApps.com] - VideoProc Converter v5.5.0 Multilingual Pre-Activated\WinXVideoProcConverter5.5.0.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files (x86)\VideoProc\VideoProcConverter.exe
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15AF52F6-E83C-4228-95FE-4407687CEFBF}\InprocServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C1CD4CD-9359-4A9D-A0FA-9E809E873CA6}\InprocServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{590AB12E-F706-4BA8-9D08-A1EEC69A687D}\InProcServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84D248DA-52CD-442c-B6AE-28F143DB1E33}\InprocServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D905F5A4-15B0-4B47-99D8-CE0230557148}\LocalServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D905F5A4-15B0-4B47-99D8-CE0230557148}\LocalServer32|ServerExecutable
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA32C9C5-1147-402A-A127-E0E169E9E9B4}\InprocServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E782BE15-9936-4A7F-8DF9-9AB95D229DF1}\LocalServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E782BE15-9936-4A7F-8DF9-9AB95D229DF1}\LocalServer32|ServerExecutable
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{309437E9-DE9F-4005-8C66-B1A74D6A23C2}\1.0\0\win64|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{309437E9-DE9F-4005-8C66-B1A74D6A23C2}\1.0\HELPDIR|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{75C34846-0EA8-41F7-90FD-55B2EC33C97F}\1.0|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{75C34846-0EA8-41F7-90FD-55B2EC33C97F}\1.0\0\win64|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{75C34846-0EA8-41F7-90FD-55B2EC33C97F}\1.0\HELPDIR|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DCAEB2CC-5FB4-4BDA-A835-A7707130400C}\1.0\0\win64|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DCAEB2CC-5FB4-4BDA-A835-A7707130400C}\1.0\HELPDIR|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DDFB9D95-CC5A-455F-9800-361B7C9D1E7E}\1.0\0\win64|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DDFB9D95-CC5A-455F-9800-361B7C9D1E7E}\1.0\HELPDIR|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E3E78E39-3EA4-4E98-A185-999797E3EA0A}\1.0\0\win64|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E3E78E39-3EA4-4E98-A185-999797E3EA0A}\1.0\HELPDIR|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A95B959F-64A9-43E4-A874-C8A77905854A}\InprocServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\webadvisor.mcafee.chrome.extension|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\McInst\InstallSettings|Install Dir
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\UPDMGR\InstallSettings|Install Dir
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\webadvisor.mcafee.chrome.extension|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DAABE21E-DB8C-49b8-9511-9E6547ECBC6F}|AppPath
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder|McAfee Security Scan Plus.lnk
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\NativeMessagingHosts\webadvisor.mcafee.chrome.extension|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Chrome\NativeMessagingHosts\webadvisor.mcafee.chrome.extension|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\McAfee\McInst\InstallSettings|Install Dir
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\McAfee\SharedModules\c:%progra~2%common~1%mcafee%instal~1%mcinst.exe|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\McAfee\UPDMGR\InstallSettings|Install Dir
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Edge\NativeMessagingHosts\webadvisor.mcafee.chrome.extension|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DAABE21E-DB8C-49b8-9511-9E6547ECBC6F}|AppPath
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Mozilla\NativeMessagingHosts\webadvisor.mcafee.chrome.extension|""
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-1072221882-492732373-972231997-1001|\Device\HarddiskVolume3\Program Files\McAfee Security Scan\3.11.1137\McUICnt.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\DownloadManager\1235|owWPage
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\DownloadManager\499|owWPage
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched|{6D809377-6AF0-444B-8957-A3773F02200E}\McAfee\WebAdvisor\uihost.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\ShowJumpView|{6D809377-6AF0-444B-8957-A3773F02200E}\McAfee\WebAdvisor\uihost.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{E563CFF8-2873-448B-956E-483A6CCDC71E}|AppPath
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\mcafee\msc\mcuihost.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\McAfee Security Scan\3.11.681\McUICnt.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\McAfee Security Scan\uninstall.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\McAfee\WebAdvisor\uninstaller.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\McAfee\WebAdvisor\uihost.exe.FriendlyAppName
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\McAfee\WebAdvisor\uihost.exe.ApplicationCompany
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E962A61-DFC4-49B1-B7AE-91FBAFB7191C}\InprocServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{564F2F1E-E001-41D2-8459-9C9B865CC6B0}\InprocServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47d4-9D2C-303115707939}\LocalServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD83011E-01D1-4623-91FD-6B75F183C5A9}\InprocServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{05C2CB2D-A42E-3709-81D5-67C9E7E1C1CF}\1.0.0.0|Class
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{05C2CB2D-A42E-3709-81D5-67C9E7E1C1CF}\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{123AFA2B-32E6-34D9-A628-601053277318}\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{28E2D8EC-DED8-3EEF-AEAF-3F3749C4F0E5}\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{2D424708-228B-37A1-9AAE-BE8A14A8D87F}\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{45698A01-851C-3937-B3FA-54E6EF05C89A}\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{48FB197F-66B3-33FA-9B2F-8E25240818B0}\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{4B904E63-C9F3-3725-8E1F-58B5BFE13A4E}\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{541FB261-F7D3-3C91-BAC9-49CE3F635D6A}\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{7625870B-CC1B-31E0-9DB2-60DB1E5BCB08}\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{8BB41A4A-C64C-328A-A80F-159BFE391EB4}\1.0.0.0|Class
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{8BB41A4A-C64C-328A-A80F-159BFE391EB4}\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{9181627E-CBB5-3401-8A57-163CF4276253}\1.0.0.0|Class
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{9181627E-CBB5-3401-8A57-163CF4276253}\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{9C49D7A2-5D77-39D3-ABF4-6772690D6A71}\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{9D314338-013A-3679-B7F9-D6FD2C1AD5A8}\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{A6E61D83-DC0F-3F2E-9AA1-BACC7CD056CF}\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{A8299CF1-2427-302E-9FC2-CF921D2216FE}\1.0.0.0|Class
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{A8299CF1-2427-302E-9FC2-CF921D2216FE}\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{AB80A9AC-684E-334C-A4D4-C1FDA22AFA40}\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{B171F5B4-0B1D-3EAC-ACB7-665F326E3652}\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{BD0A682A-3D52-3CBC-BC08-5F253F5A4CCE}\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{ECB43121-D1E0-30FF-9EED-684B265CD7A7}\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{F0C6C8C5-1048-3565-B31B-B7D0072CF745}\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4171D4F1-18BA-4CF9-AFDA-AAC12C91BB44}\1.0\0\win32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4171D4F1-18BA-4CF9-AFDA-AAC12C91BB44}\1.0\HELPDIR|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BA975139-E81E-415B-81E0-4F0A129172FC}\1.0\0\win64|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BA975139-E81E-415B-81E0-4F0A129172FC}\1.0\HELPDIR|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C564F43A-83E2-41A9-8655-905AC1E13193}\1.0\0\win32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C564F43A-83E2-41A9-8655-905AC1E13193}\1.0\HELPDIR|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C91DBF93-5FEB-4761-8E72-936C6118C6F6}\3.0\0\win32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C91DBF93-5FEB-4761-8E72-936C6118C6F6}\3.0\HELPDIR|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D7C57A97-4CC2-439C-8D0B-D4700309225D}\1.0\0\win64|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D7C57A97-4CC2-439C-8D0B-D4700309225D}\1.0\HELPDIR|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D85C6069-D628-4276-93C3-9A94E5338D8B}\1.1\0\win32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D85C6069-D628-4276-93C3-9A94E5338D8B}\1.1\HELPDIR|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\UniConverter14.AssocFile.USE\DefaultIcon|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\UniConverter14.AssocFile.USE\shell\open\command|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.BurnProgress|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.BurnProgressData|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.BurnSourceList|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.CDBurnCore|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.ConvertProgress|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.EraseProgress|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.RemoteMediaBurner|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1CB5C1BD-2E68-3CD5-AD84-93D626300220}|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1CB5C1BD-2E68-3CD5-AD84-93D626300220}\InprocServer32|Class
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1CB5C1BD-2E68-3CD5-AD84-93D626300220}\InprocServer32|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1CB5C1BD-2E68-3CD5-AD84-93D626300220}\InprocServer32\1.0.0.0|Class
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1CB5C1BD-2E68-3CD5-AD84-93D626300220}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1CB5C1BD-2E68-3CD5-AD84-93D626300220}\ProgId|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{27354123-7F64-5B0F-8F00-5D77AFBE261E}\InprocServer32|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{27354123-7F64-5B0F-8F00-5D77AFBE261E}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FC6-975B-59BE-A960-9A2A262853A5}\InprocServer32|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FC6-975B-59BE-A960-9A2A262853A5}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FC7-975B-59BE-A960-9A2A262853A5}\InprocServer32|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FC7-975B-59BE-A960-9A2A262853A5}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FC8-975B-59BE-A960-9A2A262853A5}\InprocServer32|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FC8-975B-59BE-A960-9A2A262853A5}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FC9-975B-59BE-A960-9A2A262853A5}\InprocServer32|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FC9-975B-59BE-A960-9A2A262853A5}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FCA-975B-59BE-A960-9A2A262853A5}\InprocServer32|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FCA-975B-59BE-A960-9A2A262853A5}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FCB-975B-59BE-A960-9A2A262853A5}\InprocServer32|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FCB-975B-59BE-A960-9A2A262853A5}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FCC-975B-59BE-A960-9A2A262853A5}\InprocServer32|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FCC-975B-59BE-A960-9A2A262853A5}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{476D46AF-0DCE-3362-B51B-98197FDCDBA9}|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{476D46AF-0DCE-3362-B51B-98197FDCDBA9}\InprocServer32|Class
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{476D46AF-0DCE-3362-B51B-98197FDCDBA9}\InprocServer32|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{476D46AF-0DCE-3362-B51B-98197FDCDBA9}\InprocServer32\1.0.0.0|Class
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{476D46AF-0DCE-3362-B51B-98197FDCDBA9}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{476D46AF-0DCE-3362-B51B-98197FDCDBA9}\ProgId|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{67F088BB-F178-3693-A443-130A0659EA3E}|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{67F088BB-F178-3693-A443-130A0659EA3E}\InprocServer32|Class
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{67F088BB-F178-3693-A443-130A0659EA3E}\InprocServer32|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{67F088BB-F178-3693-A443-130A0659EA3E}\InprocServer32\1.0.0.0|Class
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{67F088BB-F178-3693-A443-130A0659EA3E}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{67F088BB-F178-3693-A443-130A0659EA3E}\ProgId|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B47D9895-FCDB-3B49-AEA9-76D3266605DF}|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B47D9895-FCDB-3B49-AEA9-76D3266605DF}\InprocServer32|Class
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B47D9895-FCDB-3B49-AEA9-76D3266605DF}\InprocServer32|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B47D9895-FCDB-3B49-AEA9-76D3266605DF}\InprocServer32\1.0.0.0|Class
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B47D9895-FCDB-3B49-AEA9-76D3266605DF}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B47D9895-FCDB-3B49-AEA9-76D3266605DF}\ProgId|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C3E5A776-669A-32B8-A8AE-651A059516DE}|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C3E5A776-669A-32B8-A8AE-651A059516DE}\InprocServer32|Class
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C3E5A776-669A-32B8-A8AE-651A059516DE}\InprocServer32|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C3E5A776-669A-32B8-A8AE-651A059516DE}\InprocServer32\1.0.0.0|Class
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C3E5A776-669A-32B8-A8AE-651A059516DE}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C3E5A776-669A-32B8-A8AE-651A059516DE}\ProgId|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9026FCF-C95F-4445-A97E-C1846A7174AC}\LocalServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9026FCF-C95F-4445-A97E-C1846A7174AC}\LocalServer32|ServerExecutable
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DEF255FE-288E-48DE-ADA8-9B60D7ED7A38}|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DEF255FE-288E-48DE-ADA8-9B60D7ED7A38}|LocalizedString
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DEF255FE-288E-48DE-ADA8-9B60D7ED7A38}\LocalServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DEF255FE-288E-48DE-ADA8-9B60D7ED7A38}\ProgId|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EE1B1EFE-DFEA-3FA2-AA4F-08D1BAE8BE84}|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EE1B1EFE-DFEA-3FA2-AA4F-08D1BAE8BE84}\InprocServer32|Class
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EE1B1EFE-DFEA-3FA2-AA4F-08D1BAE8BE84}\InprocServer32|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EE1B1EFE-DFEA-3FA2-AA4F-08D1BAE8BE84}\InprocServer32\1.0.0.0|Class
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EE1B1EFE-DFEA-3FA2-AA4F-08D1BAE8BE84}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EE1B1EFE-DFEA-3FA2-AA4F-08D1BAE8BE84}\ProgId|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Wondershare Filmora9.exe
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Wondershare Filmora X.exe
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Wondershare|ExePath
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Wondershare\846|UninstallJumpPage
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Volatile\00\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{27354128-7F64-5B0F-8F00-5D77AFBE261E}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Volatile\00\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{27354129-7F64-5B0F-8F00-5D77AFBE261E}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Volatile\00\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2735412A-7F64-5B0F-8F00-5D77AFBE261E}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Volatile\00\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2735412B-7F64-5B0F-8F00-5D77AFBE261E}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Volatile\00\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2735412C-7F64-5B0F-8F00-5D77AFBE261E}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Volatile\00\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2735412D-7F64-5B0F-8F00-5D77AFBE261E}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Volatile\00\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2735412E-7F64-5B0F-8F00-5D77AFBE261E}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Volatile\00\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FC5-975B-59BE-A960-9A2A262853A5}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Volatile\00\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FCE-975B-59BE-A960-9A2A262853A5}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Wondershare\Wondershare Helper Compact|DataLastRoom
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Wondershare\Wondershare Helper Compact|DataCurrentRoom
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\DirectInput\MostRecentApplication|Name
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\DirectInput\MostRecentApplication|Id
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\DirectInput\WONDERSHARE FILMORA X.EXE61A4CF40001B3920|Name
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\DirectInput\WONDERSHARE FILMORA X.EXE61AF0B25001B7520|Name
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\bb5841dc_0|""
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\f810f5d5_0|""
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched|{6D809377-6AF0-444B-8957-A3773F02200E}\Wondershare\Filmora9\Wondershare Filmora9.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched|{6D809377-6AF0-444B-8957-A3773F02200E}\Wondershare\Filmora9\EffectsInstaller.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched|C:\Users\Windows10\Downloads\Data\Wondershare Filmora\local\stubexe\0xC7FBA366B8307207\Wondershare Filmora X.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched|{6D809377-6AF0-444B-8957-A3773F02200E}\Wondershare\Wondershare Filmora\Wondershare Filmora X.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched|{6D809377-6AF0-444B-8957-A3773F02200E}\Wondershare\UniConverter 14\VCPlayer.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\ShowJumpView|{6D809377-6AF0-444B-8957-A3773F02200E}\Wondershare\Filmora9\Wondershare Filmora9.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\OpenWithList|e
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\OpenWithList|i
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\OpenWithList|c
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webm\OpenWithList|c
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wfp\OpenWithList|a
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\OpenWithList|b
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|D:\Downloads\Wondershare Filmora 9.1.2.7 (x64) Multilingual Pre-Activated\Filmora.9.1.2.7\Filmora.v9.1.2.7.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\Wondershare\Filmora9\Wondershare Filmora9.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\unins000.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\Wondershare\Filmora9\unins001.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Users\Windows10\Downloads\Wondershare Filmora X 10.7.10.0 Portable\Filmora\Filmora\Wondershare Filmora X.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Users\Windows10\Downloads\Wondershare Filmora X 10.7.10.0 Portable\Filmora\Filmora.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Users\Windows10\Documents\Wondershare\Wondershare Filmora\Filmora.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Users\Windows10\Downloads\Wondershare Filmora X 10.7.10.0 Portable\Filmora\Filmora\Filmora.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Users\Windows10\Downloads\Wondershare Filmora X.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|D:\Downloads\Wondershare Filmora X 10.1.21.0 incl activator DeleteValue: CrackingPatching]\filmora_64bit_full846.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\Wondershare\Wondershare Filmora\unins000.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|D:\Downloads\Wondershare UniConverter v14.1.15.171 (x64) + Fix {CracksHash}\Setup\uniconverter14_64bit_full14204.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\Wondershare\UniConverter 14\VCPlayer.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\Wondershare\UniConverter 14\unins000.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Users\Windows10\AppData\Local\Wondershare\Wondershare NativePush\unins000.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers|C:\Users\Windows10\Downloads\Wondershare Filmora X.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Spoon\SandboxCache\3D407BEB9C5C172A\roaming\modified\@HKLM@\Software\Wondershare\846|UninstallJumpPage
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Wondershare\Wondershare Helper Compact|InstallPath
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Classes\AppUserModelId\Wondershare.NotificationApp|DisplayName
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Classes\AppUserModelId\Wondershare.NotificationApp|IconUri
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Wondershare\Filmora9\Wondershare Filmora9.exe.FriendlyAppName
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Wondershare\Filmora9\Wondershare Filmora9.exe.ApplicationCompany
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Wondershare\UniConverter 14\VCPlayer.exe.FriendlyAppName
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Wondershare\UniConverter 14\VCPlayer.exe.ApplicationCompany
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-1072221882-492732373-972231997-1001|\Device\HarddiskVolume3\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\DownloadManager\1579|FileName
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\DownloadManager\1579|Cookie
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\DownloadManager\1579|Url0
DeleteValue: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\DownloadManager\1579|U0_c
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\VideoProcConverter.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\MedaFoundationVideoProc
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\MedaFoundationVideoProcD3D
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\webadvisor.mcafee.chrome.extension
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\McAfee
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\McAfee.com
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\mcafeeupdater
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\webadvisor.mcafee.chrome.extension
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\McAfee Trust
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\NativeMessagingHosts\webadvisor.mcafee.chrome.extension
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Chrome\NativeMessagingHosts\webadvisor.mcafee.chrome.extension
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\McAfee
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\McAfee\SharedModules\c:%progra~2%common~1%mcafee%instal~1%mcinst.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\McAfee.com
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\mcafeeupdater
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Edge\NativeMessagingHosts\webadvisor.mcafee.chrome.extension
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\SystemCertificates\McAfee Trust
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Mozilla\NativeMessagingHosts\webadvisor.mcafee.chrome.extension
DeleteKey: HKEY_USERS\.DEFAULT\Software\McAfee
DeleteKey: HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\McAfee Trust
DeleteKey: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\SystemCertificates\McAfee Trust
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.BurnProgress
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.BurnProgressData
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.BurnSourceList
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.CDBurnCore
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.ConvertProgress
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.EraseProgress
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.RemoteMediaBurner
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\Wondershare Filmora X.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\Wondershare Filmora9.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wondershare
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wondershare\Wondershare Helper Compact
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Wondershare
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Wondershare\Wondershare Filmora
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Wondershare\Wondershare Helper Compact
DeleteKey: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\BugSplat\wondershare_filmora_9_0_win
DeleteKey: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\BugSplat\wondershare_filmora_9_0_win\Wondershare Filmora 9.0
DeleteKey: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\BugSplat\wondershare_filmora_x_win
DeleteKey: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\BugSplat\wondershare_filmora_x_win\Wondershare Filmora X
DeleteKey: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\DirectInput\WONDERSHARE FILMORA X.EXE61A4CF40001B3920
DeleteKey: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\DirectInput\WONDERSHARE FILMORA X.EXE61AF0B25001B7520
DeleteKey: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\microphone\NonPackaged\C:#Program Files#Wondershare#Filmora9#Wondershare Filmora9.exe
DeleteKey: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Spoon\SandboxCache\3D407BEB9C5C172A\roaming\modified\@HKLM@\Software\Wondershare
DeleteKey: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Wondershare
DeleteKey: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Wondershare\Wondershare Helper Compact
DeleteKey: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Classes\AppUserModelId\Wondershare.NotificationApp
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Lavasoft
DeleteKey: HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Lavasoft
cmd: net stop bits
Move: C:\ProgramData\Microsoft\Network\Downloader\qmgr*.db C:\ProgramData\Microsoft\Network\Downloader\qmgr*.db.old
cmd: net start bits 
cmd:  bitsadmin /list /allusers
End::
*****************
 
Processes closed successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\Lavasoft.WCAssistant.WinService.exe.log => moved successfully
C:\Windows\Prefetch\WINXVIDEOPROCCONVERTER5.5.0.E-1E8421BC.pf => moved successfully
C:\Windows\Prefetch\WONDERSHARE HELPER COMPACT.TM-01761C6D.pf => moved successfully
C:\Windows\Prefetch\WONDERSHARE NATIVEPUSH_14416_-B6140321.pf => moved successfully
C:\Windows\Prefetch\WONDERSHARE UNICONVERTER UPDA-5CF44B5D.pf => moved successfully
C:\Windows\Prefetch\WONDERSHARE UNICONVERTER UPDA-8CFA6282.pf => moved successfully
C:\Users\Windows10\AppData\Roaming\WebStorage\Logs\AWS-Wondershare Filmora9.txt => moved successfully
C:\Users\Windows10\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_Wondershare_Wondershare Filmora Update_Wondershare Filmora Update_exe => moved successfully
C:\Users\Windows10\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_VideoProc_VideoProcConverter_exe => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\mcafee_wa_crypto_learn.js => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\web_advisor\mcafee_brand.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\web_advisor\mcafee_logo.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\web_advisor\mcafee_slogan_white.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\web_advisor\mcafee_webadvisor_logo.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\web_advisor\white_mcafee_icon.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\settings\mcafee-shield-pattern.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\crypto\mcafee-white.png => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\advanced_protection_signals\mcafee-logo.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\html\mcafee_wa_crypto_learn.html => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\css\mcafee_wa_crypto_learn.css => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3111_0\mcafee_wa_crypto_learn.js => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3111_0\sourceMap\mcafee_wa_crypto_learn.js.map => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3111_0\sourceMap\css\mcafee_wa_crypto_learn.css.map => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3111_0\images\web_advisor\mcafee_brand.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3111_0\images\web_advisor\mcafee_logo.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3111_0\images\web_advisor\mcafee_slogan_white.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3111_0\images\web_advisor\mcafee_webadvisor_logo.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3111_0\images\web_advisor\white_mcafee_icon.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3111_0\images\settings\mcafee-shield-pattern.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3111_0\images\crypto\mcafee-white.png => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3111_0\images\advanced_protection_signals\mcafee-logo.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3111_0\html\mcafee_wa_crypto_learn.html => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3111_0\css\mcafee_wa_crypto_learn.css => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 14\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2647_0\mcafee_wa_crypto_learn.js => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 14\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2647_0\images\web_advisor\mcafee_brand.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 14\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2647_0\images\web_advisor\mcafee_logo.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 14\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2647_0\images\web_advisor\mcafee_slogan_white.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 14\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2647_0\images\web_advisor\mcafee_webadvisor_logo.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 14\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2647_0\images\web_advisor\white_mcafee_icon.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 14\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2647_0\images\settings\mcafee-shield-pattern.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 14\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2647_0\images\crypto\mcafee-white.png => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 14\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2647_0\images\advanced_protection_signals\mcafee-logo.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 14\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2647_0\html\mcafee_wa_crypto_learn.html => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 14\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2647_0\css\mcafee_wa_crypto_learn.css => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\mcafee_wa_crypto_learn.js => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\web_advisor\mcafee_brand.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\web_advisor\mcafee_logo.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\web_advisor\mcafee_slogan_white.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\web_advisor\mcafee_webadvisor_logo.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\web_advisor\white_mcafee_icon.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\settings\mcafee-shield-pattern.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\crypto\mcafee-white.png => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\images\advanced_protection_signals\mcafee-logo.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\html\mcafee_wa_crypto_learn.html => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.2609_0\css\mcafee_wa_crypto_learn.css => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3218_0\mcafee_wa_crypto_learn.js => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3218_0\images\web_advisor\mcafee_brand.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3218_0\images\web_advisor\mcafee_logo.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3218_0\images\web_advisor\mcafee_slogan_white.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3218_0\images\web_advisor\mcafee_webadvisor_logo.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3218_0\images\web_advisor\white_mcafee_icon.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3218_0\images\settings\mcafee-shield-pattern.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3218_0\images\crypto\mcafee-white.png => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3218_0\images\advanced_protection_signals\mcafee-logo.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3218_0\html\mcafee_wa_crypto_learn.html => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3218_0\css\mcafee_wa_crypto_learn.css => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3168_0\mcafee_wa_crypto_learn.js => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3168_0\images\web_advisor\mcafee_brand.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3168_0\images\web_advisor\mcafee_logo.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3168_0\images\web_advisor\mcafee_slogan_white.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3168_0\images\web_advisor\mcafee_webadvisor_logo.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3168_0\images\web_advisor\white_mcafee_icon.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3168_0\images\settings\mcafee-shield-pattern.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3168_0\images\crypto\mcafee-white.png => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3168_0\images\advanced_protection_signals\mcafee-logo.svg => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3168_0\html\mcafee_wa_crypto_learn.html => moved successfully
C:\Users\Windows10\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.3168_0\css\mcafee_wa_crypto_learn.css => moved successfully
C:\ProgramData\Intel\ShaderCache\Wondershare Filmora X_0 => moved successfully
C:\ProgramData\Intel\ShaderCache\Wondershare Filmora X_1 => moved successfully
C:\ProgramData\Intel\ShaderCache\Wondershare Filmora9_0 => moved successfully
C:\ProgramData\Intel\ShaderCache\Wondershare Filmora9_1 => moved successfully
C:\Windows\ASUS\oobeEula\Mcafee => moved successfully
 
"C:\Users\Windows10\Videos\VideoProc Converter" folder move:
 
Could not move "C:\Users\Windows10\Videos\VideoProc Converter" => Scheduled to move on reboot.
 
 
"C:\Users\Windows10\Pictures\VideoProc Converter" folder move:
 
Could not move "C:\Users\Windows10\Pictures\VideoProc Converter" => Scheduled to move on reboot.
 
 
"C:\Users\Windows10\Music\VideoProc Converter" folder move:
 
Could not move "C:\Users\Windows10\Music\VideoProc Converter" => Scheduled to move on reboot.
 
C:\Users\Windows10\AppData\Roaming\Macromedia => moved successfully
C:\Users\Windows10\AppData\Local\Wondershare => moved successfully
 
"C:\Users\Public\Documents\Wondershare" folder move:
 
Could not move "C:\Users\Public\Documents\Wondershare" => Scheduled to move on reboot.
 
C:\ProgramData\McAfee => moved successfully
C:\Program Files (x86)\McAfee => moved successfully
C:\Program Files (x86)\Common Files\McAfee => moved successfully
C:\Program Files\Common Files\McAfee => moved successfully
C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware => moved successfully
C:\FRST\Quarantine\C\Users\Windows10\AppData\Roaming\Wondershare => moved successfully
C:\FRST\Quarantine\C\Users\Windows10\AppData\Roaming\Digiarty\VideoProc Converter => moved successfully
C:\FRST\Quarantine\C\ProgramData\Wondershare => moved successfully
C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare => moved successfully
"C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare\Wondershare Filmora Update" => not found
C:\FRST\Quarantine\C\Program Files (x86)\VideoProc => moved successfully
C:\FRST\Quarantine\C\Program Files\Wondershare => moved successfully
C:\eSupport\eDriver\Software\McAFee => moved successfully
"C:\eSupport\eDriver\Software\McAFee\McAfee Internet Security" => not found
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{291EE2A7-BFA5-4e9e-A358-C93655556A6C}\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71F96464-78F3-11D0-A18C-00A0C9118956}\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AB0000C-FECE-4D1F-A2AC-A9573530656E}\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{291EE2A7-BFA5-4e9e-A358-C93655556A6C}\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{71F96464-78F3-11D0-A18C-00A0C9118956}\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6AB0000C-FECE-4D1F-A2AC-A9573530656E}\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{a4112d1a-6dfa-476e-bb75-e350d24934e1}\ChannelReferences\0\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{a4112d1a-6dfa-476e-bb75-e350d24934e1}\ChannelReferences\1\\" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\ResourcePolicyStore\ResourceSets\Policies\ExternalResources\BackgroundAudioPlayer\\MultimediaVideoProcessor" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\ResourcePolicyStore\ResourceSets\Policies\ExternalResources\EmCreateProcess\\MultimediaVideoProcessor" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\ResourcePolicyStore\ResourceSets\Policies\ExternalResources\ExtendedExecution\\MultimediaVideoProcessor" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\ResourcePolicyStore\ResourceSets\Policies\ExternalResources\FileProviderTarget\\MultimediaVideoProcessor" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\ResourcePolicyStore\ResourceSets\Policies\ExternalResources\Pausing\\MultimediaVideoProcessor" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\ResourcePolicyStore\ResourceSets\Policies\ExternalResources\PPLE\\MultimediaVideoProcessor" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\ResourcePolicyStore\ResourceSets\Policies\ExternalResources\ResourceIntensive\\MultimediaVideoProcessor" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\ResourcePolicyStore\ResourceSets\Policies\ExternalResources\StandardExternalResources\\MultimediaVideoProcessor" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\ResourcePolicyStore\ResourceSets\Policies\ExternalResources\UiExtended\\MultimediaVideoProcessor" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\ResourcePolicyStore\ResourceSets\Policies\ExternalResources\VoipBackground\\MultimediaVideoProcessor" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\ResourcePolicyStore\ResourceSets\Policies\ExternalResources\VoipCall\\MultimediaVideoProcessor" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\ResourcePolicyStore\ResourceSets\Policies\ExternalResources\VoipLegacy\\MultimediaVideoProcessor" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\ResourcePolicyStore\ResourceSets\Policies\ExternalResources\WebAuthSignIn\\MultimediaVideoProcessor" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaInterfaces\{C6E13360-30AC-11d0-A18C-00A0C9118956}\\" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaSets\{C6E13360-30AC-11d0-A18C-00A0C9118956}\PropertyPages\{71F96464-78F3-11d0-A18C-00A0C9118956}\\" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-1072221882-492732373-972231997-1001\\\Device\HarddiskVolume3\Program Files (x86)\VideoProc\VideoProcConverter.exe" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\702ca3b4_0\\" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\VideoProc\VideoProcConverter.exe" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\UFH\SHC\\1" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\D:\Downloads\DeleteValue: FTUApps.com] - VideoProc Converter v5.5.0 Multilingual Pre-Activated\WinXVideoProcConverter5.5.0.exe" => not found
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Program Files (x86)\VideoProc\VideoProcConverter.exe" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15AF52F6-E83C-4228-95FE-4407687CEFBF}\InprocServer32\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C1CD4CD-9359-4A9D-A0FA-9E809E873CA6}\InprocServer32\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{590AB12E-F706-4BA8-9D08-A1EEC69A687D}\InProcServer32\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84D248DA-52CD-442c-B6AE-28F143DB1E33}\InprocServer32\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D905F5A4-15B0-4B47-99D8-CE0230557148}\LocalServer32\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D905F5A4-15B0-4B47-99D8-CE0230557148}\LocalServer32\\ServerExecutable" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA32C9C5-1147-402A-A127-E0E169E9E9B4}\InprocServer32\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E782BE15-9936-4A7F-8DF9-9AB95D229DF1}\LocalServer32\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E782BE15-9936-4A7F-8DF9-9AB95D229DF1}\LocalServer32\\ServerExecutable" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{309437E9-DE9F-4005-8C66-B1A74D6A23C2}\1.0\0\win64\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{309437E9-DE9F-4005-8C66-B1A74D6A23C2}\1.0\HELPDIR\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{75C34846-0EA8-41F7-90FD-55B2EC33C97F}\1.0\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{75C34846-0EA8-41F7-90FD-55B2EC33C97F}\1.0\0\win64\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{75C34846-0EA8-41F7-90FD-55B2EC33C97F}\1.0\HELPDIR\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DCAEB2CC-5FB4-4BDA-A835-A7707130400C}\1.0\0\win64\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DCAEB2CC-5FB4-4BDA-A835-A7707130400C}\1.0\HELPDIR\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DDFB9D95-CC5A-455F-9800-361B7C9D1E7E}\1.0\0\win64\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DDFB9D95-CC5A-455F-9800-361B7C9D1E7E}\1.0\HELPDIR\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E3E78E39-3EA4-4E98-A185-999797E3EA0A}\1.0\0\win64\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E3E78E39-3EA4-4E98-A185-999797E3EA0A}\1.0\HELPDIR\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A95B959F-64A9-43E4-A874-C8A77905854A}\InprocServer32\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\webadvisor.mcafee.chrome.extension\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\McInst\InstallSettings\\Install Dir" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\UPDMGR\InstallSettings\\Install Dir" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\webadvisor.mcafee.chrome.extension\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DAABE21E-DB8C-49b8-9511-9E6547ECBC6F}\\AppPath" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\McAfee Security Scan Plus.lnk" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\NativeMessagingHosts\webadvisor.mcafee.chrome.extension\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Chrome\NativeMessagingHosts\webadvisor.mcafee.chrome.extension\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\McAfee\McInst\InstallSettings\\Install Dir" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\McAfee\SharedModules\c:%progra~2%common~1%mcafee%instal~1%mcinst.exe\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\McAfee\UPDMGR\InstallSettings\\Install Dir" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Edge\NativeMessagingHosts\webadvisor.mcafee.chrome.extension\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DAABE21E-DB8C-49b8-9511-9E6547ECBC6F}\\AppPath" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Mozilla\NativeMessagingHosts\webadvisor.mcafee.chrome.extension\\" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-1072221882-492732373-972231997-1001\\\Device\HarddiskVolume3\Program Files\McAfee Security Scan\3.11.1137\McUICnt.exe" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\DownloadManager\1235\\owWPage" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\DownloadManager\499\\owWPage" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched\\{6D809377-6AF0-444B-8957-A3773F02200E}\McAfee\WebAdvisor\uihost.exe" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\ShowJumpView\\{6D809377-6AF0-444B-8957-A3773F02200E}\McAfee\WebAdvisor\uihost.exe" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{E563CFF8-2873-448B-956E-483A6CCDC71E}\\AppPath" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Program Files\mcafee\msc\mcuihost.exe" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Program Files\McAfee Security Scan\3.11.681\McUICnt.exe" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Program Files\McAfee Security Scan\uninstall.exe" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Program Files\McAfee\WebAdvisor\uninstaller.exe" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\McAfee\WebAdvisor\uihost.exe.FriendlyAppName" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\McAfee\WebAdvisor\uihost.exe.ApplicationCompany" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E962A61-DFC4-49B1-B7AE-91FBAFB7191C}\InprocServer32\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{564F2F1E-E001-41D2-8459-9C9B865CC6B0}\InprocServer32\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47d4-9D2C-303115707939}\LocalServer32\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD83011E-01D1-4623-91FD-6B75F183C5A9}\InprocServer32\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{05C2CB2D-A42E-3709-81D5-67C9E7E1C1CF}\1.0.0.0\\Class" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{05C2CB2D-A42E-3709-81D5-67C9E7E1C1CF}\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{123AFA2B-32E6-34D9-A628-601053277318}\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{28E2D8EC-DED8-3EEF-AEAF-3F3749C4F0E5}\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{2D424708-228B-37A1-9AAE-BE8A14A8D87F}\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{45698A01-851C-3937-B3FA-54E6EF05C89A}\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{48FB197F-66B3-33FA-9B2F-8E25240818B0}\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{4B904E63-C9F3-3725-8E1F-58B5BFE13A4E}\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{541FB261-F7D3-3C91-BAC9-49CE3F635D6A}\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{7625870B-CC1B-31E0-9DB2-60DB1E5BCB08}\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{8BB41A4A-C64C-328A-A80F-159BFE391EB4}\1.0.0.0\\Class" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{8BB41A4A-C64C-328A-A80F-159BFE391EB4}\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{9181627E-CBB5-3401-8A57-163CF4276253}\1.0.0.0\\Class" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{9181627E-CBB5-3401-8A57-163CF4276253}\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{9C49D7A2-5D77-39D3-ABF4-6772690D6A71}\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{9D314338-013A-3679-B7F9-D6FD2C1AD5A8}\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{A6E61D83-DC0F-3F2E-9AA1-BACC7CD056CF}\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{A8299CF1-2427-302E-9FC2-CF921D2216FE}\1.0.0.0\\Class" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{A8299CF1-2427-302E-9FC2-CF921D2216FE}\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{AB80A9AC-684E-334C-A4D4-C1FDA22AFA40}\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{B171F5B4-0B1D-3EAC-ACB7-665F326E3652}\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{BD0A682A-3D52-3CBC-BC08-5F253F5A4CCE}\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{ECB43121-D1E0-30FF-9EED-684B265CD7A7}\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{F0C6C8C5-1048-3565-B31B-B7D0072CF745}\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4171D4F1-18BA-4CF9-AFDA-AAC12C91BB44}\1.0\0\win32\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4171D4F1-18BA-4CF9-AFDA-AAC12C91BB44}\1.0\HELPDIR\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BA975139-E81E-415B-81E0-4F0A129172FC}\1.0\0\win64\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BA975139-E81E-415B-81E0-4F0A129172FC}\1.0\HELPDIR\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C564F43A-83E2-41A9-8655-905AC1E13193}\1.0\0\win32\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C564F43A-83E2-41A9-8655-905AC1E13193}\1.0\HELPDIR\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C91DBF93-5FEB-4761-8E72-936C6118C6F6}\3.0\0\win32\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C91DBF93-5FEB-4761-8E72-936C6118C6F6}\3.0\HELPDIR\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D7C57A97-4CC2-439C-8D0B-D4700309225D}\1.0\0\win64\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D7C57A97-4CC2-439C-8D0B-D4700309225D}\1.0\HELPDIR\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D85C6069-D628-4276-93C3-9A94E5338D8B}\1.1\0\win32\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D85C6069-D628-4276-93C3-9A94E5338D8B}\1.1\HELPDIR\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\UniConverter14.AssocFile.USE\DefaultIcon\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\UniConverter14.AssocFile.USE\shell\open\command\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.BurnProgress\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.BurnProgressData\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.BurnSourceList\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.CDBurnCore\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.ConvertProgress\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.EraseProgress\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.RemoteMediaBurner\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1CB5C1BD-2E68-3CD5-AD84-93D626300220}\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1CB5C1BD-2E68-3CD5-AD84-93D626300220}\InprocServer32\\Class" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1CB5C1BD-2E68-3CD5-AD84-93D626300220}\InprocServer32\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1CB5C1BD-2E68-3CD5-AD84-93D626300220}\InprocServer32\1.0.0.0\\Class" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1CB5C1BD-2E68-3CD5-AD84-93D626300220}\InprocServer32\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1CB5C1BD-2E68-3CD5-AD84-93D626300220}\ProgId\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{27354123-7F64-5B0F-8F00-5D77AFBE261E}\InprocServer32\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{27354123-7F64-5B0F-8F00-5D77AFBE261E}\InprocServer32\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FC6-975B-59BE-A960-9A2A262853A5}\InprocServer32\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FC6-975B-59BE-A960-9A2A262853A5}\InprocServer32\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FC7-975B-59BE-A960-9A2A262853A5}\InprocServer32\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FC7-975B-59BE-A960-9A2A262853A5}\InprocServer32\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FC8-975B-59BE-A960-9A2A262853A5}\InprocServer32\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FC8-975B-59BE-A960-9A2A262853A5}\InprocServer32\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FC9-975B-59BE-A960-9A2A262853A5}\InprocServer32\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FC9-975B-59BE-A960-9A2A262853A5}\InprocServer32\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FCA-975B-59BE-A960-9A2A262853A5}\InprocServer32\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FCA-975B-59BE-A960-9A2A262853A5}\InprocServer32\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FCB-975B-59BE-A960-9A2A262853A5}\InprocServer32\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FCB-975B-59BE-A960-9A2A262853A5}\InprocServer32\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FCC-975B-59BE-A960-9A2A262853A5}\InprocServer32\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FCC-975B-59BE-A960-9A2A262853A5}\InprocServer32\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{476D46AF-0DCE-3362-B51B-98197FDCDBA9}\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{476D46AF-0DCE-3362-B51B-98197FDCDBA9}\InprocServer32\\Class" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{476D46AF-0DCE-3362-B51B-98197FDCDBA9}\InprocServer32\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{476D46AF-0DCE-3362-B51B-98197FDCDBA9}\InprocServer32\1.0.0.0\\Class" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{476D46AF-0DCE-3362-B51B-98197FDCDBA9}\InprocServer32\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{476D46AF-0DCE-3362-B51B-98197FDCDBA9}\ProgId\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{67F088BB-F178-3693-A443-130A0659EA3E}\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{67F088BB-F178-3693-A443-130A0659EA3E}\InprocServer32\\Class" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{67F088BB-F178-3693-A443-130A0659EA3E}\InprocServer32\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{67F088BB-F178-3693-A443-130A0659EA3E}\InprocServer32\1.0.0.0\\Class" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{67F088BB-F178-3693-A443-130A0659EA3E}\InprocServer32\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{67F088BB-F178-3693-A443-130A0659EA3E}\ProgId\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B47D9895-FCDB-3B49-AEA9-76D3266605DF}\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B47D9895-FCDB-3B49-AEA9-76D3266605DF}\InprocServer32\\Class" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B47D9895-FCDB-3B49-AEA9-76D3266605DF}\InprocServer32\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B47D9895-FCDB-3B49-AEA9-76D3266605DF}\InprocServer32\1.0.0.0\\Class" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B47D9895-FCDB-3B49-AEA9-76D3266605DF}\InprocServer32\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B47D9895-FCDB-3B49-AEA9-76D3266605DF}\ProgId\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C3E5A776-669A-32B8-A8AE-651A059516DE}\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C3E5A776-669A-32B8-A8AE-651A059516DE}\InprocServer32\\Class" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C3E5A776-669A-32B8-A8AE-651A059516DE}\InprocServer32\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C3E5A776-669A-32B8-A8AE-651A059516DE}\InprocServer32\1.0.0.0\\Class" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C3E5A776-669A-32B8-A8AE-651A059516DE}\InprocServer32\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C3E5A776-669A-32B8-A8AE-651A059516DE}\ProgId\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9026FCF-C95F-4445-A97E-C1846A7174AC}\LocalServer32\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9026FCF-C95F-4445-A97E-C1846A7174AC}\LocalServer32\\ServerExecutable" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DEF255FE-288E-48DE-ADA8-9B60D7ED7A38}\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DEF255FE-288E-48DE-ADA8-9B60D7ED7A38}\\LocalizedString" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DEF255FE-288E-48DE-ADA8-9B60D7ED7A38}\LocalServer32\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DEF255FE-288E-48DE-ADA8-9B60D7ED7A38}\ProgId\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EE1B1EFE-DFEA-3FA2-AA4F-08D1BAE8BE84}\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EE1B1EFE-DFEA-3FA2-AA4F-08D1BAE8BE84}\InprocServer32\\Class" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EE1B1EFE-DFEA-3FA2-AA4F-08D1BAE8BE84}\InprocServer32\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EE1B1EFE-DFEA-3FA2-AA4F-08D1BAE8BE84}\InprocServer32\1.0.0.0\\Class" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EE1B1EFE-DFEA-3FA2-AA4F-08D1BAE8BE84}\InprocServer32\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EE1B1EFE-DFEA-3FA2-AA4F-08D1BAE8BE84}\ProgId\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\\Wondershare Filmora9.exe" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\\Wondershare Filmora X.exe" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Wondershare\\ExePath" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Wondershare\846\\UninstallJumpPage" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Volatile\00\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{27354128-7F64-5B0F-8F00-5D77AFBE261E}\InprocServer32\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Volatile\00\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{27354129-7F64-5B0F-8F00-5D77AFBE261E}\InprocServer32\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Volatile\00\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2735412A-7F64-5B0F-8F00-5D77AFBE261E}\InprocServer32\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Volatile\00\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2735412B-7F64-5B0F-8F00-5D77AFBE261E}\InprocServer32\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Volatile\00\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2735412C-7F64-5B0F-8F00-5D77AFBE261E}\InprocServer32\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Volatile\00\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2735412D-7F64-5B0F-8F00-5D77AFBE261E}\InprocServer32\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Volatile\00\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2735412E-7F64-5B0F-8F00-5D77AFBE261E}\InprocServer32\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Volatile\00\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FC5-975B-59BE-A960-9A2A262853A5}\InprocServer32\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Volatile\00\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FCE-975B-59BE-A960-9A2A262853A5}\InprocServer32\1.0.0.0\\CodeBase" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Wondershare\Wondershare Helper Compact\\DataLastRoom" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Wondershare\Wondershare Helper Compact\\DataCurrentRoom" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\DirectInput\MostRecentApplication\\Name" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\DirectInput\MostRecentApplication\\Id" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\DirectInput\WONDERSHARE FILMORA X.EXE61A4CF40001B3920\\Name" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\DirectInput\WONDERSHARE FILMORA X.EXE61AF0B25001B7520\\Name" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\bb5841dc_0\\" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\f810f5d5_0\\" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched\\{6D809377-6AF0-444B-8957-A3773F02200E}\Wondershare\Filmora9\Wondershare Filmora9.exe" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched\\{6D809377-6AF0-444B-8957-A3773F02200E}\Wondershare\Filmora9\EffectsInstaller.exe" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched\\C:\Users\Windows10\Downloads\Data\Wondershare Filmora\local\stubexe\0xC7FBA366B8307207\Wondershare Filmora X.exe" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched\\{6D809377-6AF0-444B-8957-A3773F02200E}\Wondershare\Wondershare Filmora\Wondershare Filmora X.exe" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched\\{6D809377-6AF0-444B-8957-A3773F02200E}\Wondershare\UniConverter 14\VCPlayer.exe" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\ShowJumpView\\{6D809377-6AF0-444B-8957-A3773F02200E}\Wondershare\Filmora9\Wondershare Filmora9.exe" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\OpenWithList\\e" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\OpenWithList\\i" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\OpenWithList\\c" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webm\OpenWithList\\c" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wfp\OpenWithList\\a" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\OpenWithList\\b" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\D:\Downloads\Wondershare Filmora 9.1.2.7 (x64) Multilingual Pre-Activated\Filmora.9.1.2.7\Filmora.v9.1.2.7.exe" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Program Files\Wondershare\Filmora9\Wondershare Filmora9.exe" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\unins000.exe" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Program Files\Wondershare\Filmora9\unins001.exe" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Users\Windows10\Downloads\Wondershare Filmora X 10.7.10.0 Portable\Filmora\Filmora\Wondershare Filmora X.exe" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Users\Windows10\Downloads\Wondershare Filmora X 10.7.10.0 Portable\Filmora\Filmora.exe" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Users\Windows10\Documents\Wondershare\Wondershare Filmora\Filmora.exe" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Users\Windows10\Downloads\Wondershare Filmora X 10.7.10.0 Portable\Filmora\Filmora\Filmora.exe" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Users\Windows10\Downloads\Wondershare Filmora X.exe" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\D:\Downloads\Wondershare Filmora X 10.1.21.0 incl activator DeleteValue: CrackingPatching]\filmora_64bit_full846.exe" => not found
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Program Files\Wondershare\Wondershare Filmora\unins000.exe" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\D:\Downloads\Wondershare UniConverter v14.1.15.171 (x64) + Fix {CracksHash}\Setup\uniconverter14_64bit_full14204.exe" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Program Files\Wondershare\UniConverter 14\VCPlayer.exe" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Program Files\Wondershare\UniConverter 14\unins000.exe" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Users\Windows10\AppData\Local\Wondershare\Wondershare NativePush\unins000.exe" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\\C:\Users\Windows10\Downloads\Wondershare Filmora X.exe" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Spoon\SandboxCache\3D407BEB9C5C172A\roaming\modified\@HKLM@\Software\Wondershare\846\\UninstallJumpPage" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Wondershare\Wondershare Helper Compact\\InstallPath" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Classes\AppUserModelId\Wondershare.NotificationApp\\DisplayName" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Classes\AppUserModelId\Wondershare.NotificationApp\\IconUri" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Wondershare\Filmora9\Wondershare Filmora9.exe.FriendlyAppName" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Wondershare\Filmora9\Wondershare Filmora9.exe.ApplicationCompany" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Wondershare\UniConverter 14\VCPlayer.exe.FriendlyAppName" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Wondershare\UniConverter 14\VCPlayer.exe.ApplicationCompany" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-1072221882-492732373-972231997-1001\\\Device\HarddiskVolume3\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\DownloadManager\1579\\FileName" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\DownloadManager\1579\\Cookie" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\DownloadManager\1579\\Url0" => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\DownloadManager\1579\\U0_c" => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\VideoProcConverter.exe => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\MedaFoundationVideoProc => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\MedaFoundationVideoProcD3D => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\webadvisor.mcafee.chrome.extension => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\McAfee => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\McAfee.com => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\mcafeeupdater => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\webadvisor.mcafee.chrome.extension => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\McAfee Trust => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\NativeMessagingHosts\webadvisor.mcafee.chrome.extension => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Chrome\NativeMessagingHosts\webadvisor.mcafee.chrome.extension => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\McAfee => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\McAfee\SharedModules\c:%progra~2%common~1%mcafee%instal~1%mcinst.exe" => not found
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\McAfee.com => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\mcafeeupdater => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Edge\NativeMessagingHosts\webadvisor.mcafee.chrome.extension => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\SystemCertificates\McAfee Trust => not found
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Mozilla\NativeMessagingHosts\webadvisor.mcafee.chrome.extension => removed successfully
HKEY_USERS\.DEFAULT\Software\McAfee => removed successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\McAfee Trust => removed successfully
HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\SystemCertificates\McAfee Trust => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.BurnProgress => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.BurnProgressData => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.BurnSourceList => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.CDBurnCore => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.ConvertProgress => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.EraseProgress => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wondershare.Burner.RemoteMediaBurner => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\Wondershare Filmora X.exe => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\Wondershare Filmora9.exe => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wondershare => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Wondershare\Wondershare Helper Compact" => not found
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Wondershare => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Wondershare\Wondershare Filmora" => not found
"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Wondershare\Wondershare Helper Compact" => not found
HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\BugSplat\wondershare_filmora_9_0_win => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\BugSplat\wondershare_filmora_9_0_win\Wondershare Filmora 9.0" => not found
HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\BugSplat\wondershare_filmora_x_win => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\BugSplat\wondershare_filmora_x_win\Wondershare Filmora X" => not found
HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\DirectInput\WONDERSHARE FILMORA X.EXE61A4CF40001B3920 => removed successfully
HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\DirectInput\WONDERSHARE FILMORA X.EXE61AF0B25001B7520 => removed successfully
HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\microphone\NonPackaged\C:#Program Files#Wondershare#Filmora9#Wondershare Filmora9.exe => removed successfully
HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Spoon\SandboxCache\3D407BEB9C5C172A\roaming\modified\@HKLM@\Software\Wondershare => removed successfully
HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Wondershare => removed successfully
"HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Wondershare\Wondershare Helper Compact" => not found
HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Classes\AppUserModelId\Wondershare.NotificationApp => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Lavasoft => removed successfully
HKEY_USERS\S-1-5-21-1072221882-492732373-972231997-1001\SOFTWARE\Lavasoft => removed successfully
 
========= net stop bits =========
 
The Background Intelligent Transfer Service service is stopping..
The Background Intelligent Transfer Service service was stopped successfully.
 
 
========= End of CMD: =========
 
"C:\ProgramData\Microsoft\Network\Downloader\qmgr*.db" moved successfully to C:\ProgramData\Microsoft\Network\Downloader\qmgr*.db.old
 
========= net start bits =========
 
The Background Intelligent Transfer Service service is starting.
The Background Intelligent Transfer Service service was started successfully.
 
 
========= End of CMD: =========
 
 
========= bitsadmin /list /allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright Microsoft Corp.
 
Listed 0 job(s).
 
========= End of CMD: =========
 
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 30-04-2023 07:32:54)
 
C:\Users\Windows10\Videos\VideoProc Converter => Is moved successfully
C:\Users\Windows10\Pictures\VideoProc Converter => Is moved successfully
C:\Users\Windows10\Music\VideoProc Converter => Is moved successfully
C:\Users\Public\Documents\Wondershare => Is moved successfully
 
==== End of Fixlog 07:32:55 ====
 
It runs faster now, just not sure if the trojan leonem was already gone. 

#14 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 62,345 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:36 PM

Posted 29 April 2023 - 08:17 PM

What is important is the computer is running well now, regardless of when the malicious software was removed. There was a lot for us to deal with either way.

Please do this.

===================================================

ESET Online Scanner

--------------------

Note: You can expect this process to take a long time, up to several hours or more.
  • Download ESET Free Online Scanner and save it to your Desktop
  • Right click on esetonlinescanner_enu.exe and select Run as administrator
  • Click Computer Scan
  • Click Full scan
  • Select Enable ESET to detect and quarantine potentially unwanted applications
  • Click Start scan
  • Once completed click Save scan log and save it to your Desktop as ESETScan.txt
  • Click Continue then finally click Close
  • Copy and paste the ESETScan.txt file contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET report

Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come

#15 Calyxes

Calyxes
  • Topic Starter

  • Avatar image
  • Members
  • 35 posts
  • OFFLINE
    •  

Posted 30 April 2023 - 12:08 AM

i tried downloading eset unfortunately it crashes, it opens and closes after few seconds


Back to Virus, Trojan, Spyware, and Malware Removal Help


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


  1. BleepingComputer Forums
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·