Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" "C:\Program Files\McAfee\TrueKey\McAfeeTrueKeyPasswordFilter" HKU\S-1-5-21-3242380816-148138334-2338840981-1001\...\Run: [btweb] => "C:\Users\HP\AppData\Roaming\BitTorrent Web\btweb.exe" /MINIMIZED C:\Users\HP\AppData\Roaming\uTorrent C:\Users\HP\AppData\Local\Temp\HYD7954.tmp.1598515718_permissionsCopy\uTorrent.exe C:\Users\HP\AppData\Local\Temp\HYD372A.tmp.1598515701_permissionsCopy\uTorrent.exe C:\Users\HP\AppData\Local\BitTorrentHelper C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk CustomCLSID: HKU\S-1-5-21-3242380816-148138334-2338840981-1001_Classes\CLSID\{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.35.442\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3242380816-148138334-2338840981-1001_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.35.422\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3242380816-148138334-2338840981-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3242380816-148138334-2338840981-1001_Classes\CLSID\{84EB3779-151B-4C71-AEF0-A0FEE9481401}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.35.342\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3242380816-148138334-2338840981-1001_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3242380816-148138334-2338840981-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3242380816-148138334-2338840981-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3242380816-148138334-2338840981-1001_Classes\CLSID\{EF076C91-DC9E-43E3-84ED-3D219E065A4F}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.35.301\psuser_64.dll => No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File reg: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\utorrentie.exe reg: reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3242380816-148138334-2338840981-1001 /v "\Device\HarddiskVolume3\Users\HP\AppData\Roaming\uTorrent\uTorrent.exe" reg: reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3242380816-148138334-2338840981-1001 /v "\Device\HarddiskVolume3\Users\HP\AppData\Roaming\uTorrent\helper\helper.exe" reg: reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3242380816-148138334-2338840981-1001 /v "\Device\HarddiskVolume3\Users\HP\AppData\Local\Temp\HYD7954.tmp.1598515718_permissionsCopy\uTorrent.exe" reg: reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3242380816-148138334-2338840981-1001 /v "\Device\HarddiskVolume3\Users\HP\AppData\Local\Temp\HYD372A.tmp.1598515701_permissionsCopy\uTorrent.exe" reg: reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3242380816-148138334-2338840981-1001 /v "\Device\HarddiskVolume3\Users\HP\Downloads\uTorrent.exe" reg: reg delete HKEY_USERS\S-1-5-21-3242380816-148138334-2338840981-1001\Software\Google\Chrome\NativeMessagingHosts\com.utorrent.native reg: reg delete HKEY_USERS\S-1-5-21-3242380816-148138334-2338840981-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts /v "uTorrent_.torrent" reg: reg delete HKEY_USERS\S-1-5-21-3242380816-148138334-2338840981-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts /v "Applications\uTorrent.exe_.torrent" reg: reg delete HKEY_USERS\S-1-5-21-3242380816-148138334-2338840981-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched /v "C:\Users\HP\AppData\Roaming\uTorrent\uTorrent.exe" reg: reg delete HKEY_USERS\S-1-5-21-3242380816-148138334-2338840981-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched /v "C:\Users\HP\AppData\Roaming\uTorrent\updates\3.5.5_45724.exe" reg: reg delete HKEY_USERS\S-1-5-21-3242380816-148138334-2338840981-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\ShowJumpView /v "C:\Users\HP\AppData\Roaming\uTorrent\uTorrent.exe" reg: reg delete HKEY_USERS\S-1-5-21-3242380816-148138334-2338840981-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent reg: reg delete HKEY_USERS\S-1-5-21-3242380816-148138334-2338840981-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /v "c" reg: reg delete HKEY_USERS\S-1-5-21-3242380816-148138334-2338840981-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store /v "C:\Users\HP\AppData\Roaming\uTorrent\uTorrent.exe" reg: reg delete HKEY_USERS\S-1-5-21-3242380816-148138334-2338840981-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache /v "C:\Users\HP\AppData\Roaming\uTorrent\uTorrent.exe.FriendlyAppName" reg: reg delete HKEY_USERS\S-1-5-21-3242380816-148138334-2338840981-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache /v "C:\Users\HP\AppData\Roaming\uTorrent\uTorrent.exe.ApplicationCompany" reg: reg delete HKEY_USERS\S-1-5-21-3242380816-148138334-2338840981-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache /v "C:\users\hp\appdata\roaming\utorrent\updates\3.5.5_45724.exe.FriendlyAppName" reg: reg delete HKEY_USERS\S-1-5-21-3242380816-148138334-2338840981-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache /v "C:\users\hp\appdata\roaming\utorrent\updates\3.5.5_45724.exe.ApplicationCompany" FirewallRules: [{799598AB-1BEF-408D-B728-730F05127F5B}] => (Allow) C:\Users\HP\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{D3AB040F-A2EA-4E04-873C-27EB20BB06DB}] => (Allow) C:\Users\HP\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [TCP Query User{5EDD6C11-0132-4321-9575-08217621739D}C:\users\hp\appdata\roaming\utorrent\updates\3.5.5_45724.exe] => (Allow) C:\users\hp\appdata\roaming\utorrent\updates\3.5.5_45724.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [UDP Query User{023B8DC0-21BC-4303-849B-62D8964D9BEE}C:\users\hp\appdata\roaming\utorrent\updates\3.5.5_45724.exe] => (Allow) C:\users\hp\appdata\roaming\utorrent\updates\3.5.5_45724.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{B8E03A9A-DA1B-4B30-9511-FFA4ABECB540}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => No File FirewallRules: [{64BAD77B-A8C2-4AA5-A950-37CF9237B682}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe => No File FirewallRules: [{553273FB-7F62-4328-98A8-F825E243A705}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe => No File FirewallRules: [{91B02295-7C5C-44ED-A503-DB959AE8D12B}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe => No File FirewallRules: [{D49A6AB7-F3D6-47C9-B03A-429A88CEF853}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe => No File FirewallRules: [{45879592-B753-4659-8313-70D754415F44}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE => No File FirewallRules: [{1D142E13-6AC7-4C4B-827A-C97DB718D336}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File FirewallRules: [{9AEFE381-24AE-45DD-8D0F-CBF78C43C6AB}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File C:\Users\HP\AppData\LocalLow\uTorrent C:\Users\HP\Desktop\µTorrent.lnk CMD: mkdir C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer CMD: mkdir C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database File: C:\Windows\SysWOW64\mshta.exe File: C:\Windows\ImmersiveControlPanel\SystemSettings.exe File: C:\Windows\system32\bfe.dll CMD: sc start bfe CMD: DISM /Online /Cleanup-Image /RestoreHealth CMD: SFC /scannow CMD: findstr /c:"[SR]" \windows\logs\cbs\cbs.log CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" Reboot: