Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-02-2020 Ran by richa (administrator) on LAPTOP-VTU1GR64 (LENOVO 81FB) (29-02-2020 02:10:08) Running from C:\Users\richa\Downloads Loaded Profiles: richa (Available Profiles: richa) Platform: Windows 10 Home Version 1809 17763.914 (X64) Language: English (United States) Default browser: FF Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0336591.inf_amd64_974f1e7a49faae75\B336476\atieclxx.exe (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0336591.inf_amd64_974f1e7a49faae75\B336476\atiesrxx.exe (Dolby Laboratories, Inc. -> ) C:\Windows\System32\dolbyaposvc\DAX3API.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Lenovo -> ) C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\LenovoVantageService.exe (Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe (LENOVO INC) C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.1.4.0_x64__5grkq8ppsgwt4\VFS\ProgramFilesX64\Lenovo\LenovoUtility\utility.exe (McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe (McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe (McAfee, LLC -> McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\servicehost.exe (McAfee, LLC -> McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\uihost.exe (McAfee, LLC -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe (McAfee, LLC -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe (McAfee, LLC. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_19_9\mcapexe.exe (McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\CSP\3.3.122.0\McCSPServiceHost.exe (McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe (McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe (McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe (McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (McAfee, LLC. -> McAfee, LLC.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12228.20410.0_x64__8wekyb3d8bbwe\HxOutlook.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12228.20410.0_x64__8wekyb3d8bbwe\HxTsr.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11912.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe (TEFINCOM S.A. -> ) C:\Program Files (x86)\NordVPN\nordvpn-service.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [816176 2018-09-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6260736 2020-02-19] (Dropbox, Inc -> Dropbox, Inc.) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION GroupPolicy: Restriction ? <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {019CA993-1E20-4FB7-997B-20DA706084D3} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758984 2020-02-11] (Lenovo -> ) Task: {0A055DB9-1965-4A53-A22F-63F628A40413} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.9.577\mcdatrep.exe [1826656 2020-02-05] (McAfee, Inc. -> McAfee, LLC.) Task: {0D641EB7-9D3B-46F8-8CA7-0F0BDFC6C57C} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3273800291-2506861472-1276587386-1001 => C:\Users\richa\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [86824 2019-12-18] (Lenovo (Beijing) Limited -> Lenovo Group Limited) Task: {1538444E-0318-41AB-B822-649D6DBFBCFC} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService Task: {20A0112F-D6F7-4950-9A47-491BF8211147} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4552120 2020-01-06] (McAfee, LLC -> McAfee, LLC.) Task: {20C773DC-5C85-41EB-9C7C-47EC974480E9} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService Task: {2E774FBC-A416-44D0-B432-F22B6A08ADD2} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32 Task: {48254913-87A9-410D-9E90-5094A14D7795} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-12-31] (Dropbox, Inc -> Dropbox, Inc.) Task: {52146537-4DCA-427A-9591-64C4B6AF8D79} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\03e568d2-7056-4ae0-a661-ee464dbf1627 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [77208 2019-09-23] (Lenovo -> Lenovo Group Ltd.) Task: {5863D746-48D4-4497-BD7C-1E4E44E8C407} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1040832 2019-11-14] (McAfee, LLC. -> McAfee, LLC.) Task: {63004B54-5D09-4DB0-AE34-C2A565D09689} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [49032 2018-11-20] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {663A9514-4AAB-4A8C-9AC3-62A3B38C40F6} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [759752 2019-08-14] (McAfee, LLC. -> McAfee, LLC.) Task: {70998A9E-1708-425F-8168-1ECB5546FE8F} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\Windows\system32\ImController.InfInstaller.exe [54144 2019-09-23] (Lenovo -> Lenovo Group Ltd.) Task: {783F3E47-01AB-48D7-94C6-B323205F3081} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\2808eaa6-9d8c-43eb-b999-ba9c52be6e59 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [77208 2019-09-23] (Lenovo -> Lenovo Group Ltd.) Task: {97E57724-176C-493C-A661-462721FCA4BF} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1040832 2019-11-14] (McAfee, LLC. -> McAfee, LLC.) Task: {980A94B6-C0D3-4FD1-BA9B-373AD21AA22B} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\6b81137c-83ed-43c8-98a5-712437307654 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [77208 2019-09-23] (Lenovo -> Lenovo Group Ltd.) Task: {9B9E6193-686E-4721-BA74-1D87DA155E3E} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758984 2020-02-11] (Lenovo -> ) Task: {B923CA10-5AAF-49AF-B4F0-369C2A4D107E} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => "%windir%\system32\WindowsPowerShell\v1.0\PowerShell.exe" "powershell -executionpolicy bypass -file %ProgramData%\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\data\Maintenance.ps1" Task: {CA920EF1-7897-4DED-9376-D69C45493547} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.4.122\DADUpdater.exe [4144776 2020-01-26] (McAfee, Inc. -> McAfee, LLC.) Task: {CEE8F25E-456A-40DC-A556-CC80822309DF} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-12-31] (Dropbox, Inc -> Dropbox, Inc.) Task: {D736337C-1A1B-4EF2-9044-DD739BAEA45F} - System32\Tasks\LenovoUtility Startup => C:\Windows\explorer.exe lenovo-utility:// Task: {F18D2D0D-0354-4E3D-A07B-5188AF86B3D2} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [63880 2018-11-20] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 Tcpip\..\Interfaces\{22fe504c-2a46-4e0e-bbb5-bf64151bea05}: [DhcpNameServer] 150.202.1.2 Tcpip\..\Interfaces\{5b4a8750-c67e-405e-89b2-b5c3989f9086}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3273800291-2506861472-1276587386-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3273800291-2506861472-1276587386-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE HKU\S-1-5-21-3273800291-2506861472-1276587386-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/ BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2020-02-24] (McAfee, LLC -> McAfee, Inc.) BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2020-02-24] (McAfee, LLC -> McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2019-12-03] (McAfee, LLC. -> McAfee, LLC.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2019-12-03] (McAfee, LLC. -> McAfee, LLC.) Edge: ====== DownloadDir: C:\Users\richa\Downloads FireFox: ======== FF DefaultProfile: m4pktfa2.default FF ProfilePath: C:\Users\richa\AppData\Roaming\Mozilla\Firefox\Profiles\m4pktfa2.default [2020-02-03] FF ProfilePath: C:\Users\richa\AppData\Roaming\Mozilla\Firefox\Profiles\aq5mpb3v.default-release [2020-02-29] FF Homepage: Mozilla\Firefox\Profiles\aq5mpb3v.default-release -> hxxps://weboas.is/ FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\richa\AppData\Roaming\Mozilla\Firefox\Profiles\aq5mpb3v.default-release\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2020-01-04] FF Extension: (Page Saver WE) - C:\Users\richa\AppData\Roaming\Mozilla\Firefox\Profiles\aq5mpb3v.default-release\Extensions\pagesaver@pearlcrescent.com.xpi [2020-02-24] FF Extension: (uBlock Origin) - C:\Users\richa\AppData\Roaming\Mozilla\Firefox\Profiles\aq5mpb3v.default-release\Extensions\uBlock0@raymondhill.net.xpi [2020-02-05] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2020-02-24] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2019-12-03] (McAfee, LLC. -> ) FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2019-12-03] (McAfee, LLC. -> ) Chrome: ======= CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD External Events Utility; C:\Windows\System32\DriverStore\FileRepository\u0336591.inf_amd64_974f1e7a49faae75\B336476\atiesrxx.exe [516720 2018-12-04] (Advanced Micro Devices, Inc. -> AMD) R2 AtherosSvc; C:\Windows\System32\drivers\AdminService.exe [409176 2018-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-12-31] (Dropbox, Inc -> Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-12-31] (Dropbox, Inc -> Dropbox, Inc.) R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [44552 2020-02-19] (Dropbox, Inc -> Dropbox, Inc.) R2 DolbyDAXAPI; C:\Windows\system32\dolbyaposvc\DAX3API.exe [602632 2018-08-26] (Dolby Laboratories, Inc. -> ) R2 FMAPOService; C:\Windows\System32\FMService64.exe [306040 2018-08-01] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [77208 2019-09-23] (Lenovo -> Lenovo Group Ltd.) R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\LenovoVantageService.exe [16648 2019-12-04] (Lenovo -> Lenovo Group Ltd.) R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [920656 2020-02-24] (McAfee, LLC -> McAfee, Inc.) R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_19_9\McApExe.exe [748040 2019-11-20] (McAfee, LLC. -> McAfee, LLC) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.3.122.0\\McCSPServiceHost.exe [2685776 2019-10-31] (McAfee, LLC. -> McAfee, LLC.) S3 McSecDashboardService; C:\Program Files\McAfeeDashboard\McSecDashboardService.exe [1270536 2019-02-26] (McAfee, Inc. -> McAfee, Inc.) S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [638536 2019-11-08] (McAfee, Inc. -> McAfee, LLC) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [638536 2019-11-08] (McAfee, Inc. -> McAfee, LLC) R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [638536 2019-11-08] (McAfee, Inc. -> McAfee, LLC) R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1731616 2019-11-14] (McAfee, LLC -> McAfee, LLC.) R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [234528 2020-02-28] (TEFINCOM S.A. -> ) R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1373912 2020-02-03] (McAfee, LLC. -> McAfee, LLC.) R2 QcomWlanSrv; C:\Windows\System32\drivers\QcomWlanSrvx64.exe [191440 2018-09-26] (Qualcomm Atheros -> Qualcomm Technologies Inc.) R2 RtkAudioUniversalService; C:\Windows\System32\RtkAudUService64.exe [816176 2018-09-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3831576 2020-01-03] (Microsoft Corporation -> Microsoft Corporation) S3 wuauserv; C:\Windows\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL) S3 wuauserv; C:\Windows\SysWOW64\svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 amdacpbus; C:\Windows\System32\drivers\amdacpbus.sys [935544 2018-11-22] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices) R3 amdacpksl; C:\Windows\system32\drivers\amdacpksl.sys [359384 2018-09-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices) R3 amdgpio2; C:\Windows\System32\drivers\amdgpio2.sys [34568 2018-11-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc) R3 amdi2c; C:\Windows\System32\drivers\amdi2c.sys [54232 2018-10-02] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc) R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\u0336591.inf_amd64_974f1e7a49faae75\B336476\atikmdag.sys [47558768 2018-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\u0336591.inf_amd64_974f1e7a49faae75\B336476\atikmpag.sys [598120 2018-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) R0 amdpsp; C:\Windows\System32\drivers\amdpsp.sys [137688 2018-10-02] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. ) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [107400 2018-10-02] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices) S3 AX88772; C:\Windows\System32\drivers\ax88772.sys [111616 2018-09-15] (Microsoft Windows -> ASIX Electronics Corp.) R3 BHTPCRDR; C:\Windows\System32\drivers\bhtpcrdr.sys [174768 2018-10-24] (BayHub Technology Inc. -> BayHubTech/O2Micro ) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [75912 2019-11-19] (McAfee, Inc. -> McAfee, LLC) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [217912 2019-06-04] (McAfee, LLC -> McAfee, Inc.) R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [522368 2019-11-19] (McAfee, Inc. -> McAfee, LLC) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [380544 2019-11-19] (McAfee, Inc. -> McAfee, LLC) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [85928 2019-11-19] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [517256 2019-11-19] (McAfee, Inc. -> McAfee, LLC) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [996488 2019-11-19] (McAfee, Inc. -> McAfee, LLC) R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [564144 2019-09-16] (McAfee, Inc. -> McAfee LLC.) S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [107952 2019-09-16] (McAfee, Inc. -> McAfee LLC.) R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [116872 2019-11-19] (McAfee, Inc. -> McAfee, LLC) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [252552 2019-11-19] (McAfee, Inc. -> McAfee, LLC) R3 Qcamain10x64; C:\Windows\System32\drivers\Qcamain10x64.sys [2358736 2018-09-26] (Qualcomm Atheros -> Qualcomm Atheros, Inc.) R3 tapnordvpn; C:\Windows\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project) S3 TDKLIB; C:\Windows\TEMP\TdkLib64.sys [29688 2020-01-13] (Phoenix Technologies Ltd. -> ) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46584 2018-09-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [340008 2018-09-15] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [61992 2018-09-15] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-02-29 01:53 - 2020-02-29 02:07 - 000128778 _____ C:\Users\richa\Downloads\Fixlog.txt 2020-02-28 15:32 - 2020-02-28 15:33 - 000035612 _____ C:\Users\richa\Downloads\Addition.txt 2020-02-28 15:31 - 2020-02-29 02:10 - 000021504 _____ C:\Users\richa\Downloads\FRST.txt 2020-02-28 15:31 - 2020-02-29 02:10 - 000000000 ____D C:\FRST 2020-02-28 15:31 - 2020-02-28 15:31 - 002279424 _____ (Farbar) C:\Users\richa\Downloads\FRST64.exe 2020-02-28 15:01 - 2020-02-28 15:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN 2020-02-28 15:01 - 2020-02-28 15:01 - 000000000 ____D C:\Program Files (x86)\NordVPN 2020-02-28 14:47 - 2020-02-28 15:00 - 000000150 _____ C:\Windows\Reimage.ini 2020-02-28 14:02 - 2020-02-28 14:02 - 000000000 ____D C:\Windows\TempInst 2020-02-28 10:25 - 2020-02-28 10:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lenovo 2020-02-25 18:29 - 2020-02-25 18:29 - 000000000 ____D C:\Users\richa\AppData\Local\Skyrim 2020-02-25 18:28 - 2020-02-25 18:28 - 000001485 _____ C:\Users\Public\Desktop\Elder Scrolls V Skyrim Legenday Edition.lnk 2020-02-25 18:28 - 2020-02-25 18:28 - 000001485 _____ C:\ProgramData\Desktop\Elder Scrolls V Skyrim Legenday Edition.lnk 2020-02-25 18:28 - 2020-02-25 18:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mr DJ 2020-02-25 18:10 - 2020-02-25 18:10 - 000000000 ____D C:\Program Files (x86)\Mr DJ 2020-02-25 15:19 - 2020-02-25 17:46 - 000000000 ____D C:\Users\richa\Downloads\TES V Skyrim repack Mr DJ 2020-02-24 10:42 - 2020-02-24 10:42 - 000296615 _____ C:\Users\richa\Desktop\registration_2020.prn 2020-02-21 05:12 - 2020-02-21 05:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2020-02-19 21:55 - 2020-02-21 05:12 - 000000000 ____D C:\Program Files\Mozilla Firefox 2020-02-19 06:21 - 2020-02-19 06:21 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys 2020-02-19 06:21 - 2020-02-19 06:21 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys 2020-02-19 06:21 - 2020-02-19 06:21 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys 2020-02-19 06:21 - 2020-02-19 06:21 - 000044552 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe 2020-02-18 15:28 - 2020-02-18 16:24 - 000000000 ____D C:\Users\richa\Downloads\TTC - Cognitive Behavioral Therapy_ Techniques for Retraining Your Brain 2020-02-07 06:51 - 2020-02-24 10:55 - 000000000 ____D C:\Users\richa\Documents\POL shit 2020-02-06 20:04 - 2020-02-06 20:07 - 000000000 ____D C:\Users\richa\Documents\Sims 4 Studio 2020-02-06 19:42 - 2020-02-06 19:42 - 000000000 ____D C:\Users\richa\AppData\Local\Peter_L_Jones,_Keyi_Zhang 2020-02-06 19:36 - 2020-02-06 19:36 - 000000000 ____D C:\Users\richa\AppData\Roaming\Peter L Jones, Keyi Zhang 2020-02-06 19:32 - 2020-02-06 19:32 - 000000000 ____D C:\Users\richa\Documents\Add-in Express 2020-02-06 19:31 - 2020-02-06 19:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2020-02-06 19:31 - 2020-02-06 19:31 - 000000000 ____D C:\Program Files\7-Zip 2020-02-06 19:30 - 2020-02-06 19:31 - 001451192 _____ (Igor Pavlov) C:\Users\richa\Downloads\7z1902-x64.exe 2020-02-05 17:30 - 2020-02-05 17:30 - 000002070 _____ C:\Users\Public\Desktop\McAfee LiveSafe.lnk 2020-02-05 17:30 - 2020-02-05 17:30 - 000002070 _____ C:\ProgramData\Desktop\McAfee LiveSafe.lnk 2020-02-05 17:30 - 2020-02-05 17:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2020-02-05 17:28 - 2020-02-05 17:28 - 000003332 _____ C:\Windows\system32\Tasks\McAfeeLogon 2020-02-05 17:28 - 2019-06-04 04:13 - 000217912 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys 2020-02-05 17:27 - 2020-02-29 02:03 - 000000000 ____D C:\Windows\system32\Tasks\McAfee 2020-02-05 17:27 - 2020-02-28 08:43 - 000000000 ____D C:\Program Files (x86)\McAfee 2020-02-05 17:27 - 2020-02-27 22:39 - 000003710 _____ C:\Windows\system32\Tasks\McAfee Remediation (Prepare) 2020-02-05 17:27 - 2020-02-05 17:29 - 000000000 ____D C:\Program Files\McAfee 2020-02-05 17:27 - 2020-02-05 17:27 - 000000000 ____D C:\Program Files\McAfee.com 2020-02-05 17:27 - 2020-02-05 17:27 - 000000000 ____D C:\Program Files\Common Files\AV 2020-02-05 17:26 - 2020-02-27 21:39 - 000000000 ____D C:\ProgramData\McAfee 2020-02-05 17:26 - 2020-02-05 17:28 - 000000000 ____D C:\Program Files\Common Files\McAfee 2020-02-05 17:26 - 2019-11-08 17:15 - 000550152 _____ (McAfee, LLC) C:\Windows\system32\mfevtps.exe 2020-02-05 17:21 - 2020-02-05 17:21 - 000000000 ____D C:\Users\richa\AppData\Roaming\intelsecurity 2020-02-05 17:21 - 2011-06-11 01:15 - 000829264 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_.dll 2020-02-05 17:21 - 2011-06-11 01:15 - 000608080 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100_.dll 2020-02-05 17:21 - 2011-06-11 01:15 - 000158536 _____ (Microsoft Corporation) C:\Windows\system32\atl100_.dll 2020-02-05 17:07 - 2020-02-05 17:07 - 000000000 ____D C:\Users\richa\AppData\Roaming\McAfee 2020-02-04 07:12 - 2020-02-04 07:12 - 000000000 ____D C:\Users\richa\Documents\Electronic Arts 2020-02-04 07:12 - 2020-02-04 07:12 - 000000000 ____D C:\Users\richa\AppData\Local\Origin ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-02-29 02:09 - 2019-11-28 14:39 - 000000000 ____D C:\Windows\system32\Tasks\Lenovo 2020-02-29 02:08 - 2019-12-29 05:32 - 000000000 ____D C:\Users\richa 2020-02-29 02:08 - 2019-12-28 15:29 - 000000000 ____D C:\Users\richa\AppData\LocalLow\Mozilla 2020-02-29 02:08 - 2018-09-19 11:10 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2020-02-29 02:08 - 2018-09-15 00:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2020-02-29 02:08 - 2018-09-14 23:09 - 000786432 _____ C:\Windows\system32\config\BBI 2020-02-29 02:02 - 2019-12-29 05:36 - 000000000 ____D C:\Users\richa\AppData\Local\D3DSCache 2020-02-29 01:59 - 2018-09-15 00:23 - 000000000 ____D C:\Windows\CbsTemp 2020-02-29 01:09 - 2019-12-29 05:36 - 000000000 ____D C:\Users\richa\AppData\Local\AMD 2020-02-28 23:21 - 2018-09-19 11:17 - 000841376 _____ C:\Windows\system32\PerfStringBackup.INI 2020-02-28 23:21 - 2018-09-15 00:31 - 000000000 ____D C:\Windows\INF 2020-02-28 23:17 - 2018-09-19 11:10 - 000000000 ____D C:\Windows\system32\SleepStudy 2020-02-28 15:01 - 2020-01-28 06:15 - 000002050 _____ C:\Users\Public\Desktop\NordVPN.lnk 2020-02-28 15:01 - 2020-01-28 06:15 - 000002050 _____ C:\ProgramData\Desktop\NordVPN.lnk 2020-02-28 15:01 - 2020-01-03 19:21 - 000000000 ____D C:\Users\richa\AppData\Local\NordVPN 2020-02-28 14:02 - 2019-11-28 14:39 - 000000000 ____D C:\ProgramData\Lenovo 2020-02-28 10:25 - 2020-01-03 19:08 - 000000831 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog 2020-02-28 10:25 - 2019-12-28 22:27 - 000000000 ____D C:\Windows\system32\Tasks\TVT 2020-02-28 10:25 - 2019-11-28 14:39 - 000000000 ____D C:\Program Files (x86)\Lenovo 2020-02-28 00:44 - 2020-01-10 21:09 - 000000000 ____D C:\Games 2020-02-28 00:17 - 2020-01-03 19:27 - 000000000 ____D C:\Users\richa\AppData\Roaming\qBittorrent 2020-02-26 21:53 - 2019-12-29 05:32 - 000002378 _____ C:\Users\richa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2020-02-26 21:53 - 2019-12-28 13:38 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3273800291-2506861472-1276587386-1001 2020-02-26 21:53 - 2019-12-28 13:38 - 000000000 ___RD C:\Users\richa\OneDrive 2020-02-25 18:28 - 2020-01-09 19:58 - 000000000 ____D C:\Users\richa\Documents\My Games 2020-02-25 18:10 - 2020-01-10 21:01 - 000000000 ___HD C:\Windows\msdownld.tmp 2020-02-25 18:10 - 2020-01-10 21:01 - 000000000 ____D C:\Windows\SysWOW64\directx 2020-02-24 09:35 - 2018-09-14 23:09 - 000032768 _____ C:\Windows\system32\config\ELAM 2020-02-21 05:13 - 2019-12-31 16:47 - 000000000 ____D C:\Program Files (x86)\Dropbox 2020-02-21 05:12 - 2019-12-28 15:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2020-02-20 08:32 - 2019-12-28 15:29 - 000001016 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2020-02-06 19:32 - 2019-12-31 16:46 - 000000000 ____D C:\ProgramData\WinZip 2020-02-05 17:26 - 2018-09-15 00:33 - 000000000 ___HD C:\Windows\ELAMBKUP 2020-02-05 17:21 - 2018-09-15 00:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2020-02-05 17:19 - 2018-09-15 00:33 - 000000000 ____D C:\Windows\AppReadiness ==================== Files in the root of some directories ======== 2020-01-11 00:32 - 2020-01-13 12:19 - 000007597 _____ () C:\Users\richa\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================