content copied
content
Start
CreateRestorePoint:
CloseProcesses:
Task: {13301727-9037-4F16-9E93-30AA7A490016} - System32\Tasks\Opera scheduled Autoupdate 1688660961 => C:\Users\ezra1\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
CustomCLSID: HKU\S-1-5-21-3450520940-2535151017-1455022532-1001_Classes\CLSID\{345D3165-3889-4694-AB75-A91A27B217E8}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2022\acad.exe => No File
CustomCLSID: HKU\S-1-5-21-3450520940-2535151017-1455022532-1001_Classes\CLSID\{50726f74-6f6e-2e56-504e-000000000000}\localserver32 -> "C:\Program Files\Proton\VPN\v3.3.2\ProtonVPN.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-3450520940-2535151017-1455022532-1001_Classes\CLSID\{6a27a1a9-7be8-1491-04ca-ee68a211c258}\localserver32 -> "C:\Program Files\Google\Play Games\current\service\Service.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-3450520940-2535151017-1455022532-1001_Classes\CLSID\{8B4929F8-076F-4AEC-AFEE-8928747B7AE3}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2022\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-3450520940-2535151017-1455022532-1001_Classes\CLSID\{AA46BA8A-9825-40FD-8493-0BA3C4D5CEB5}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2022\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-3450520940-2535151017-1455022532-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> "C:\Users\ezra1\AppData\Local\Microsoft\Teams\current\Teams.exe" --toast => No File
CustomCLSID: HKU\S-1-5-21-3450520940-2535151017-1455022532-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2022\en-US\acadficn.dll => No File
ContextMenuHandlers1: [Kaspersky Free 21.15] -> {AE81D5A2-A34B-4D93-8DF8-540DBCE48043} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.15\x64\shellex.dll -> No File
ContextMenuHandlers1: [Kaspersky Free 21.16] -> {AE776072-9FCA-48AF-941C-5759266BB644} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.16\x64\shellex.dll -> No File
ContextMenuHandlers1: [Kaspersky Free 21.17] -> {0F574355-9FBE-40DB-ACB8-81F6612BB909} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.17\x64\shellex.dll -> No File
ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> No File
ContextMenuHandlers2: [Kaspersky Free 21.15] -> {AE81D5A2-A34B-4D93-8DF8-540DBCE48043} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.15\x64\shellex.dll -> No File
ContextMenuHandlers2: [Kaspersky Free 21.16] -> {AE776072-9FCA-48AF-941C-5759266BB644} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.16\x64\shellex.dll -> No File
ContextMenuHandlers2: [Kaspersky Free 21.17] -> {0F574355-9FBE-40DB-ACB8-81F6612BB909} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.17\x64\shellex.dll -> No File
ContextMenuHandlers3: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> No File
ContextMenuHandlers4: [Kaspersky Free 21.15] -> {AE81D5A2-A34B-4D93-8DF8-540DBCE48043} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.15\x64\shellex.dll -> No File
ContextMenuHandlers4: [Kaspersky Free 21.16] -> {AE776072-9FCA-48AF-941C-5759266BB644} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.16\x64\shellex.dll -> No File
ContextMenuHandlers4: [Kaspersky Free 21.17] -> {0F574355-9FBE-40DB-ACB8-81F6612BB909} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.17\x64\shellex.dll -> No File
ContextMenuHandlers6: [Kaspersky Free 21.15] -> {AE81D5A2-A34B-4D93-8DF8-540DBCE48043} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.15\x64\shellex.dll -> No File
ContextMenuHandlers6: [Kaspersky Free 21.16] -> {AE776072-9FCA-48AF-941C-5759266BB644} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.16\x64\shellex.dll -> No File
ContextMenuHandlers6: [Kaspersky Free 21.17] -> {0F574355-9FBE-40DB-ACB8-81F6612BB909} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.17\x64\shellex.dll -> No File
AlternateDataStreams: C:\WINDOWS\system32\.tmp:2B6F90CBEE [3442]
AlternateDataStreams: C:\ProgramData\agent.1689000954.bdinstall.v2.bin:BFBCF7FE4E [4306]
AlternateDataStreams: C:\ProgramData\cl.1689001170.bdinstall.v2.bin:6443BDBBC4 [4306]
AlternateDataStreams: C:\ProgramData\cl.1708393621.bdinstall.v2.bin:DB5D955EF3 [4306]
AlternateDataStreams: C:\ProgramData\cl.kit.1689001168.bdinstall.v2.bin:BFA8C433FA [4306]
AlternateDataStreams: C:\ProgramData\cl.kit.1708393620.bdinstall.v2.bin:6460925D02 [4306]
AlternateDataStreams: C:\ProgramData\cl.uninstall.1708128067.bdinstall.v2.bin:9C5D541B5C [4306]
AlternateDataStreams: C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc:B50D3D4D91 [4306]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\ProgramData\sx.log:17BBAF6ED8 [4306]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk:09A0A90EF3 [4306]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [4306]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Legion Arena.lnk:20903A5BF7 [4306]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Newgrounds Player.lnk:61530B8D4C [4306]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk:60EC9648C0 [4306]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk:F20EF51E1F [4306]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk:1DC1525F34 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Streamlabs Desktop.lnk:578370639A [3442]
AlternateDataStreams: C:\Users\ezra1\GitHubDesktopSetup-x64.exe:BDU [0]
AlternateDataStreams: C:\Users\ezra1\OneDrive\Documents\EpsonScan2_L3210_65280_41_SignedS.exe:BDU [0]
AlternateDataStreams: C:\Users\ezra1\OneDrive\Documents\flashplayer_32_sa.exe:BDU [0]
AlternateDataStreams: C:\Users\ezra1\OneDrive\Documents\OperaGXSetup.exe:MBAM.Zone.Identifier [287]
AlternateDataStreams: C:\Users\ezra1\OneDrive\Documents\pdf_editor_setup.exe:BDU [0]
AlternateDataStreams: C:\Users\ezra1\OneDrive\Documents\winrar-x64-624.exe:BDU [0]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [10328]
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll => No File
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll => No File
File: C:\ProgramData\ASGVIS\Dongle Utilities\startvrlservice.exe
DeleteKey: HKLM\SOFTWARE\Classes\AppID\{9CD2C2AE-A4C8-4DFA-863E-609979849E3A}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\AppID\{9CD2C2AE-A4C8-4DFA-863E-609979849E3A}
2026-05-15 21:53 - 2026-05-19 02:31 - 002301065 ____H C:\Users\ezra1\OneDrive\Documents\~WRL0004.tmp
HKU\S-1-5-21-3450520940-2535151017-1455022532-1001\...\StartupApproved\Run: => "btweb"
Comment: This snippet reverts User Account Control to default
StartRegedit:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000005
"ConsentPromptBehaviorUser"=dword:00000003
"EnableLUA"=dword:00000001
EndRegedit:
EmptyTemp:
End
Warning
Executing a Fixlist on the wrong system may permanently damage it. Continue only if this link was meant for you.
To view the content, acknowledge this warning.