Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-03-2021 Ran by other (administrator) on TERRY-PC (Gigabyte Technology Co., Ltd. P67X-UD3-B3) (05-04-2021 04:30:26) Running from C:\Users\other\Desktop Loaded Profiles: other Platform: Windows 10 Pro Version 1909 18363.1440 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Windows\SysWOW64\UTSCSI.EXE (Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe (Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Binary Fortress Software Ltd -> Binary Fortress Software) A:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software Ltd -> Binary Fortress Software) A:\Program Files (x86)\DisplayFusion\DisplayFusionHookApp32.exe (Binary Fortress Software Ltd -> Binary Fortress Software) A:\Program Files (x86)\DisplayFusion\DisplayFusionHookApp64.exe (Binary Fortress Software Ltd -> Binary Fortress Software) A:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe (Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Elaborate Bytes AG -> Elaborate Bytes AG) A:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <28> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe (KeepSolid Inc.) [File not signed] A:\Program Files (x86)\VPN Unlimited\vpn-unlimited-daemon.exe (Malwarebytes Inc -> Malwarebytes) A:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) A:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2> (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2101.10.0_x64__8wekyb3d8bbwe\Calculator.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe\HxOutlook.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe\HxTsr.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12101.1001.14.0_x64__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CastSrv.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\NisSrv.exe (Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmd.inf_amd64_1408eaf9a25ed64f\Display.NvContainer\NVDisplay.Container.exe <2> (Open-Shell) [File not signed] A:\Program Files\Open-Shell\StartMenu.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor Corp -> Realtek) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) A:\USB Drivers\27_ssconn\conn\ss_conn_service.exe (ShareX Team) [File not signed] A:\Program Files\ShareX\ShareX.exe (Softdeluxe) [File not signed] A:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11776104 2011-02-10] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15642744 2016-03-30] (Logitech Inc -> Logitech Inc.) HKLM\...\Run: [Screen+] => A:\Program Files\Screen+\ScreenLM64.exe [533936 2014-08-08] (AOC International (Europe) BV -> AOC Corps) HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [353400 2021-03-25] (Riot Games, Inc. -> Riot Games, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [Open-Shell Start Menu] => "A:\Program Files\Open-Shell\StartMenu.exe" -autorun HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [7991528 2021-03-30] (Dropbox, Inc -> Dropbox, Inc.) HKLM-x32\...\Run: [VirtualCloneDrive] => "A:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s HKU\S-1-5-21-816131170-1439977655-1545633551-1000\...\Run: [Steam] => "A:\Program Files (x86)\Steam\steam.exe" -silent HKU\S-1-5-21-816131170-1439977655-1545633551-1000\...\Run: [DiscordPTB] => C:\Users\terry\AppData\Local\DiscordPTB\app-0.0.54\DiscordPTB.exe HKU\S-1-5-21-816131170-1439977655-1545633551-1002\...\Run: [uTorrent] => C:\Users\other\AppData\Roaming\uTorrent\uTorrent.exe [2142936 2020-12-22] (BitTorrent Inc -> BitTorrent Inc.) HKU\S-1-5-21-816131170-1439977655-1545633551-1002\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation) [File not signed] HKU\S-1-5-21-816131170-1439977655-1545633551-1002\...\Run: [icq.desktop] => C:\Users\other\AppData\Roaming\ICQ\bin\icq.exe [83598488 2019-12-02] (LLC Mail.Ru -> ) HKU\S-1-5-21-816131170-1439977655-1545633551-1002\...\Run: [DiscordPTB] => C:\Users\other\AppData\Local\DiscordPTB\Update.exe --processStart DiscordPTB.exe HKU\S-1-5-21-816131170-1439977655-1545633551-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [29262520 2020-07-09] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-816131170-1439977655-1545633551-1002\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-10-22] (Adobe Inc. -> Adobe Systems Incorporated) HKU\S-1-5-21-816131170-1439977655-1545633551-1002\...\Run: [DisplayFusion] => A:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [12684224 2020-12-28] (Binary Fortress Software Ltd -> Binary Fortress Software) HKU\S-1-5-21-816131170-1439977655-1545633551-1002\...\Run: [Opera Browser Assistant] => C:\Users\other\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3363480 2021-03-23] (Opera Software AS -> Opera Software) HKU\S-1-5-21-816131170-1439977655-1545633551-1010\...\Run: [Discord] => C:\Users\Person\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.) HKU\S-1-5-21-816131170-1439977655-1545633551-1010\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-816131170-1439977655-1545633551-1010\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-816131170-1439977655-1545633551-1011\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Stlth\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" HKU\S-1-5-21-816131170-1439977655-1545633551-1011\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Stlth\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" HKU\S-1-5-21-816131170-1439977655-1545633551-1011\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-816131170-1439977655-1545633551-1011\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-816131170-1439977655-1545633551-1011\...\Policies\Explorer: [NoRecentDocsHistory] 1 HKLM\...\Windows x64\Print Processors\BJ Print Processor4: C:\Windows\System32\spool\prtprocs\x64\CNBPP4.DLL [84992 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Windows x64\Print Processors\Canon MX490 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDCK.DLL [30208 2014-09-10] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\BJ Language Monitor4: C:\Windows\system32\CNBLM4.DLL [267776 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MX490 series: C:\Windows\system32\CNCALCK.DLL [303104 2014-09-22] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJ Language Monitor MX490 series: C:\Windows\system32\CNMLMCK.DLL [406528 2014-09-10] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\EPSON NX130 Series 64MonitorBA: C:\Windows\system32\E_ILMHJA.DLL [120320 2011-04-20] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION) HKLM\...\Print\Monitors\us008 Langmon: C:\Windows\system32\us008lm.dll [31256 2016-02-15] (Microsoft Windows Hardware Compatibility Publisher -> ) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe [2021-04-01] (Google LLC -> Google LLC) HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\ASUS\Bluetooth Software\\BtwCP.dll [2012-12-06] (Broadcom Corporation -> Broadcom Corporation.) HKLM\Software\...\Authentication\Credential Providers: [{D28973E5-8630-41af-8831-50A15FEB396B}] -> Lsa: [Notification Packages] scecli C:\Program Files\ASUS\Bluetooth Software\BtwProximityCP.dll Startup: C:\Users\other\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClickMonitorDDC.lnk [2020-04-10] ShortcutTarget: ClickMonitorDDC.lnk -> F:\Program Files (x86)\ClickMonitorDDC\ClickMonitorDDC_7_0.exe (ClickMonitorDDC) [File not signed] Startup: C:\Users\other\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2021-03-14] ShortcutTarget: ShareX.lnk -> A:\Program Files\ShareX\ShareX.exe (ShareX Team) [File not signed] ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {04F171BC-4850-4FA4-88CB-EB5D8A4067B4} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [914456 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation) Task: {05E39DD4-02F5-4D9B-AA90-7E5213E52450} - System32\Tasks\ScpUpdater => A:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe [460480 2016-04-12] (Open Source Developer, Benjamin Höglinger-Stelzer -> Nefarius Software Solutions) Task: {0646E4C1-7553-4F72-ACFD-6CDB3E2C0878} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-15] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {0735FDE7-39F3-4A17-B923-13327308C69F} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-816131170-1439977655-1545633551-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [178840 2012-07-27] (RealNetworks, Inc. -> RealNetworks, Inc.) Task: {08BEA2BD-8A6C-479F-9BF7-4E472EF1D7E9} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-01-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {0CCF3C19-9C83-4325-8FD6-AD2E53C58493} - System32\Tasks\{E3A62748-BC16-43D0-B496-D7221CAE8C37} => C:\Windows\system32\pcalua.exe -a E:\Microsoft.Office.2007.Enterprise.Blue.Edition-DiGiTAL\setup.exe -d E:\Microsoft.Office.2007.Enterprise.Blue.Edition-DiGiTAL Task: {13F4356C-B189-48A3-8FCF-263315EA8CB3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.) Task: {259EDD2D-25E1-4C20-8E84-D2258640CA9D} - System32\Tasks\Game_Booster_AutoUpdate => A:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe Task: {28E13C8F-0C2A-47C8-A9F7-6C03B2A0C918} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation) Task: {2CB639E6-981B-4CB2-B747-828E5F241BB7} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1628672 2020-01-17] (Advanced Micro Devices, Inc.) [File not signed] Task: {2FD785B4-5B4E-4F56-AC1C-A000C245271E} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [653848 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation) Task: {30CBD43C-E870-4026-9982-50C5E9DE7B7B} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-816131170-1439977655-1545633551-1000 => C:\Users\terry\AppData\Local\MEGAsync\MEGAupdater.exe Task: {3CCCEA7D-3D91-4CB7-85C2-A14C3912D6AB} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-05] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log Task: {40BE2F67-AC03-4B2A-BDC5-9F56C8D7CDFA} - System32\Tasks\BlueStacksHelper => A:\bs\BlueStacks\Client\Helper\BlueStacksHelper.exe [754104 2021-01-07] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.) Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB} Task: {4956B16D-6C06-4315-B329-BCD664C6F9C0} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation) Task: {4F317246-231A-43D5-B5E2-38B8EE33EF2B} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\other\Desktop\esetonlinescanner.exe [15019488 2021-04-04] (ESET, spol. s r.o. -> ESET spol. s r.o.) Task: {51158ED5-158A-4BD2-9E7A-7D6F79CD8C6A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.) Task: {563F2C93-1DBC-4824-BC57-C5F42E036ED5} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1628672 2020-01-17] (Advanced Micro Devices, Inc.) [File not signed] Task: {5ADA862F-67D7-4294-BD27-44FA8334CA8E} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302880 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation) Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A} Task: {6D4041A7-60F3-4DA5-A2A1-7AC652CAD07E} - System32\Tasks\klcp_update => A:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1723392 2019-08-27] () [File not signed] Task: {6F535160-A520-4275-A72B-514F04145577} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-15] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {71A5FD68-6393-488C-81EF-37DB94085E1F} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation) Task: {736692B9-B840-4C94-9241-FC8702E981C8} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\other\Desktop\esetonlinescanner.exe [15019488 2021-04-04] (ESET, spol. s r.o. -> ESET spol. s r.o.) Task: {739673EE-16FF-4D55-9CD6-4FED915CAF1B} - System32\Tasks\RealCreateProcessScheduledTask372694828S-1-5-21-816131170-1439977655-1545633551-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296096 2012-10-14] (RealNetworks, Inc. -> RealNetworks, Inc.) Task: {77508A04-93E2-467B-9431-B7BBFF6CAFEA} - System32\Tasks\{AF8F8AF2-8F1B-4F4F-87FB-C2104C5E815F} => C:\Windows\system32\pcalua.exe -a "A:\Users\Terry\Downloads\kntsetup (1).exe" -d A:\Users\Terry\Downloads Task: {7E34E5D8-ED36-405E-9F4F-BF156D79103B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.) Task: {80F690A5-CD83-49C7-863A-ABD1B2979E98} - System32\Tasks\AdobeAAMUpdater-1.0-terry-PC-terry => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {821F7C3A-5633-48D2-8040-F2A2529818B5} - System32\Tasks\{3249AD5B-21F9-4BF5-B730-81508D495054} => "c:\users\terry\appdata\local\google\chrome\application\chrome.exe" http://ui.skype.com/ui/0/6.0.0.126/en/abandoninstall?page=tsMain Task: {83B7F89D-7D60-4A1B-8F8B-B4867770AECE} - System32\Tasks\Opera scheduled assistant Autoupdate 1608109099 => C:\Users\other\AppData\Local\Programs\Opera\launcher.exe [1886872 2021-03-23] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\other\AppData\Local\Programs\Opera\assistant" $(Arg0) Task: {896D6A37-564F-4526-9464-B309245404D3} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-816131170-1439977655-1545633551-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [178840 2012-07-27] (RealNetworks, Inc. -> RealNetworks, Inc.) Task: {8BD309E8-1C00-4A31-82C5-6FB0E9F771BA} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} Task: {908D4208-B0EA-451B-986F-EF2B6DD2F40A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-07-09] (Piriform Software Ltd -> Piriform Software Ltd) Task: {926A3058-FD84-490C-8129-DB8FB17267E7} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [1652536 2018-11-05] (Intel(R) Software -> Intel Corporation) Task: {9DF84C08-EEB2-4164-A660-C385C4780C5C} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [1628672 2020-01-17] (Advanced Micro Devices, Inc.) [File not signed] Task: {A2D654AC-3953-45A5-9634-1ACCD36B28FC} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-02-28] (Dropbox, Inc -> Dropbox, Inc.) Task: {A60DE427-9DFC-40B7-AA22-FAE39412927F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.) Task: {A80D4F96-C777-4CF2-9D08-41C15876C347} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61} Task: {A86C6F00-1D0C-498C-AE44-8B2BAAAFBEEA} - System32\Tasks\FreeDownloadManagerHelperService => A:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe [144896 2020-07-03] (Softdeluxe) [File not signed] Task: {A88C7CE6-8F9E-439C-B9F4-47DC1493D5E4} - System32\Tasks\EqualizerPro => A:\Program Files\EqualizerPro\EqualizerPro.exe Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371} Task: {B488B750-EFE5-406E-94D0-352A6C2C1B92} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {B55A9460-435F-4D56-9B69-CE02912B17FC} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316} Task: {BC028CA0-5EA5-43BF-B733-1043FBE0BCB0} - System32\Tasks\Opera scheduled Autoupdate 1608109085 => C:\Users\other\AppData\Local\Programs\Opera\launcher.exe [1886872 2021-03-23] (Opera Software AS -> Opera Software) Task: {BDD5EC23-5E53-49D6-9E7C-10FC6925FD08} - System32\Tasks\{C67D103D-12D9-46B3-8BD4-9CA024D295EA} => "c:\users\terry\appdata\local\google\chrome\application\chrome.exe" http://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsMain Task: {C82E8DC8-5EA1-49E7-AB36-93C47B7E3D4E} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [696816 2021-03-27] (Mozilla Corporation -> Mozilla Foundation) Task: {CAD461A5-08C7-44D5-8867-DB2530FC9216} - System32\Tasks\Razer_Game_Booster_AutoUpdate => A:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe [1135552 2012-11-13] (Razer USA Ltd -> ) Task: {CBCA8E66-31DB-4932-A366-3C58DE048D34} - System32\Tasks\G2MUpdateTask-S-1-5-21-816131170-1439977655-1545633551-1000 => C:\Users\terry\AppData\Local\GoToMeeting\12771\g2mupdate.exe [29768 2019-04-23] (LogMeIn, Inc. -> LogMeIn, Inc.) Task: {CCF812E9-4B60-4C71-B3FA-D35634596912} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {CD7A1286-45BF-4ABD-A768-68891FF8D5F5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [24910520 2020-07-09] (Piriform Software Ltd -> Piriform Software Ltd) Task: {CDCABDF9-EF21-4F4D-852E-8748DD70053A} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969} Task: {D2A6272A-B24F-4868-BD33-D727D77D4E85} - System32\Tasks\G2MUploadTask-S-1-5-21-816131170-1439977655-1545633551-1000 => C:\Users\terry\AppData\Local\GoToMeeting\12771\g2mupload.exe [29768 2019-04-23] (LogMeIn, Inc. -> LogMeIn, Inc.) Task: {D2EAFB9A-CFFE-4E79-84C0-7EDD28A7C667} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-05] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log Task: {D3C0BF34-E811-4C76-AC8B-72C2D501366B} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E} Task: {D630E6A5-EE0A-4621-B727-97136F900F4E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-15] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {DBCFAF1B-722A-42BE-ABD6-0D2804AA6E60} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation) Task: {DCBEF99A-8341-4EAF-B114-E8D12770F8D4} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [914456 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation) Task: {EF9F05BB-6B5A-4E93-8BF2-541249A434E8} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-02-28] (Dropbox, Inc -> Dropbox, Inc.) Task: {F49A9712-AB77-4DBD-9A08-B538CDFF66CD} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-01-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {F60F9058-D15D-4B4A-9FA5-B13F42F0CA0A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-15] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {FD5BAAAC-89E0-4670-9DEB-1F86DBCD467C} - System32\Tasks\AMD ThankingURL => A:\\AMD\CIM\Bin64\Setup.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.171.114 Tcpip\..\Interfaces\{36855C26-5310-4E3D-9255-9BD223ADE5E3}: [DhcpNameServer] 64.59.144.93 64.59.150.139 Tcpip\..\Interfaces\{4D2258B4-D222-4601-9EF8-572F1FF5542E}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{4d3a7831-546a-4743-b55d-9d5ab15ea239}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{4d5902bd-9ba3-4d0a-be93-9c9d270748eb}: [DhcpNameServer] 192.168.1.254 75.153.171.114 Tcpip\..\Interfaces\{62FBDB9F-C653-47CE-BB82-916FE1E5B1AF}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{63D23D4F-BC51-4C6F-A95E-8330DF67186E}: [DhcpNameServer] 64.59.144.93 64.59.150.139 Tcpip\..\Interfaces\{6831C16F-4B1F-456B-B5E1-7C9213935103}: [DhcpNameServer] 64.59.144.93 64.59.150.139 Tcpip\..\Interfaces\{6EA14BF7-0B6D-42B0-883B-086085F737B0}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{759d83ac-f5e0-c89b-38c2-ca581e218a0c}: [NameServer] 10.100.0.1 Tcpip\..\Interfaces\{75E05F4C-EF9D-484C-BCB4-B9BBAFE85C75}: [DhcpNameServer] 64.59.144.91 64.59.150.137 Tcpip\..\Interfaces\{797B3E40-D43F-4B36-8D1F-081F47D6747E}: [DhcpNameServer] 64.59.144.91 64.59.150.137 Tcpip\..\Interfaces\{7DD52480-4008-4E7C-882D-4C46E1700C19}: [DhcpNameServer] 64.59.144.93 64.59.150.139 Tcpip\..\Interfaces\{89298873-670E-4331-81A3-EDD9547DC871}: [DhcpNameServer] 64.59.144.91 64.59.150.137 Tcpip\..\Interfaces\{8F29EE05-137D-4622-80A6-0A604CAA58A3}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{A197249D-539F-4CFA-896B-35B735591FF3}: [NameServer] 1.1.1.1,1.0.0.1 Tcpip\..\Interfaces\{A197249D-539F-4CFA-896B-35B735591FF3}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{C1453C9B-D56F-4719-9997-2F9F10D2A337}: [DhcpNameServer] 192.168.1.254 75.153.176.9 Tcpip\..\Interfaces\{D95BF8A6-F97C-4561-9D37-68EE112D4D99}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{F4ABA8DF-4D33-446E-B028-533D040E2D3F}: [DhcpNameServer] 172.20.10.1 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\other\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-03] FireFox: ======== FF DefaultProfile: t2yi2atm.default-1609753342030 FF ProfilePath: C:\Users\other\AppData\Roaming\Mozilla\Firefox\Profiles\t2yi2atm.default-1609753342030 [2021-04-05] FF Extension: (Image Downloader) - C:\Users\other\AppData\Roaming\Mozilla\Firefox\Profiles\t2yi2atm.default-1609753342030\Extensions\{589e6459-3d56-49b4-9b3d-6e4b7ef16940}.xpi [2021-01-10] FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: (RealPlayer Browser Record Plugin) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-10-14] [Legacy] [not signed] FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - A:\Program Files (x86)\Fiddler2\FiddlerHook FF Extension: (FiddlerHook) - A:\Program Files (x86)\Fiddler2\FiddlerHook [2014-08-31] [Legacy] [not signed] FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com FF Extension: (Wondershare Video Converter Ultimate) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com [2015-05-05] [Legacy] [not signed] FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2013-09-16] (DivX, LLC -> DivX, LLC.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS -> Unity Technologies ApS) FF Plugin: @videolan.org/vlc,version=3.0.6 -> F:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.8 -> F:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> A:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2013-09-16] (DivX, LLC -> DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> A:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-02-18] (DivX, LLC -> DivX, LLC) FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (Electronic Sports Network i Sverige AB -> ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) [File not signed] FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google Inc -> Google) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc. -> Yahoo! Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @raidcall.kr/RCplugin -> C:\Users\terry\AppData\Roaming\RCKR\plugins\nprcplugin.dll [No File] FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2012-10-14] (RealNetworks, Inc. -> RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll [2012-10-14] (RealNetworks, Inc.) [File not signed] FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-10-14] (RealNetworks, Inc.) [File not signed] FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-10-14] (RealNetworks, Inc.) [File not signed] FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2012-10-14] (RealNetworks, Inc. -> RealPlayer) FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2011-05-26] (Research In Motion -> ) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-03-05] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin-x32: BYOND -> A:\Program Files (x86)\BYOND\bin\npbyond.dll [2012-07-15] (BYOND) [File not signed] FF Plugin HKU\S-1-5-21-816131170-1439977655-1545633551-1000: @citrixonline.com/appdetectorplugin -> C:\Users\terry\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-02-12] (Citrix Online -> Citrix Online) FF Plugin HKU\S-1-5-21-816131170-1439977655-1545633551-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\terry\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2018-10-31] (Unity Technologies SF -> Unity Technologies ApS) FF Plugin HKU\S-1-5-21-816131170-1439977655-1545633551-1000: iloen.com/MelOnWebLinker -> C:\Windows\SysWOW64\npMelOnWebLinkerAx.dll [2014-06-12] (LOEN Entertainment) [File not signed] Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\other\AppData\Local\Google\Chrome\User Data\Default [2021-04-05] CHR DownloadDir: F:\Downloads CHR Notifications: Default -> hxxps://meet.google.com; hxxps://voice.google.com; hxxps://www.aliexpress.com CHR StartupUrls: Default -> "hxxp://google.ca/" CHR DefaultSearchURL: Default -> hxxps://ssl.gstatic.com/docs/spreadsheets/favicon3.ico CHR Extension: (Slides) - C:\Users\other\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-09-19] CHR Extension: (BetterTTV) - C:\Users\other\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2021-03-15] CHR Extension: (Docs) - C:\Users\other\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-09-19] CHR Extension: (Google Drive) - C:\Users\other\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24] CHR Extension: (MEGA) - C:\Users\other\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2021-03-31] CHR Extension: (Honey) - C:\Users\other\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2021-03-21] CHR Extension: (Ban Checker for Steam) - C:\Users\other\AppData\Local\Google\Chrome\User Data\Default\Extensions\canbadmphamemnmdfngmcabnjmjgaiki [2020-11-06] CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\other\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-28] CHR Extension: (uBlock Origin) - C:\Users\other\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2021-03-21] CHR Extension: (Image Downloader) - C:\Users\other\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2021-01-05] CHR Extension: (Tampermonkey) - C:\Users\other\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2021-04-04] CHR Extension: (Sheets) - C:\Users\other\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-09-19] CHR Extension: (Google Docs Offline) - C:\Users\other\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-16] CHR Extension: (AdBlock — best ad blocker) - C:\Users\other\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-04-01] CHR Extension: (Bookmark Search) - C:\Users\other\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhmokalkpaiacdofbcddkogifepbaijk [2020-12-17] CHR Extension: (Koala Inspector - Inspect Shopify Shops) - C:\Users\other\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjbfbllnfhppnhjdhhbmjabikmkfekgf [2021-03-25] CHR Extension: (Oberlo - Aliexpress.com Product Importer) - C:\Users\other\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmanipjnbjnhoicdnooapcnfonebefel [2021-04-03] CHR Extension: (Screen Recorder) - C:\Users\other\AppData\Local\Google\Chrome\User Data\Default\Extensions\hniebljpgcogalllopnjokppmgbhaden [2021-04-01] CHR Extension: (Zendrop - AliExpress Product Importer) - C:\Users\other\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoaepbdbkbncfnmplpeecofbnophahah [2020-11-30] CHR Extension: (SimilarWeb - Traffic Rank & Website Analysis) - C:\Users\other\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoklmmgfnpapgjgcpechhaamimifchmp [2021-01-25] CHR Extension: (Egrow.io Amazon Scout Extension) - C:\Users\other\AppData\Local\Google\Chrome\User Data\Default\Extensions\ickcnpogpccagkhpcmibbkmdlnhiepda [2021-02-02] CHR Extension: (Imagus) - C:\Users\other\AppData\Local\Google\Chrome\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2020-09-22] CHR Extension: (Chrome Remote Desktop) - C:\Users\other\AppData\Local\Google\Chrome\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2020-09-19] CHR Extension: (Stream Recorder - download HLS as MP4) - C:\Users\other\AppData\Local\Google\Chrome\User Data\Default\Extensions\iogidnfllpdhagebkblkgbfijkbkjdmm [2021-02-03] CHR Extension: (Reddit Enhancement Suite) - C:\Users\other\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2021-03-30] CHR Extension: (PlushyKicks - Fulfillman - Google Sheets) - C:\Users\other\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemceekagfbifkkpbmklhjabmcedfgkm [2020-12-14] CHR Extension: (Helium 10) - C:\Users\other\AppData\Local\Google\Chrome\User Data\Default\Extensions\njmehopjdpcckochcggncklnlmikcbnb [2021-03-25] CHR Extension: (Chrome Web Store Payments) - C:\Users\other\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-28] CHR Extension: (Messages) - C:\Users\other\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngjipgjhfkaeimbhgmodlbhligdflei [2020-11-06] CHR Extension: (Shopify Theme Detector) - C:\Users\other\AppData\Local\Google\Chrome\User Data\Default\Extensions\npjkomjipdbengebpldgodddlinfjhhm [2020-11-25] CHR Extension: (Web Video Downloader) - C:\Users\other\AppData\Local\Google\Chrome\User Data\Default\Extensions\odecbmmehabeloobkgokmfgldaegiflc [2021-01-05] CHR Extension: (Downloader for OnlyFans.com) - C:\Users\other\AppData\Local\Google\Chrome\User Data\Default\Extensions\oncijbkbmebnjlnghhpjcoeeagokpaal [2020-10-02] CHR Extension: (Gallery Downloader) - C:\Users\other\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooeanhhfalkkenenbllhmlpllnkebgho [2021-03-20] CHR Extension: (Gmail) - C:\Users\other\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22] CHR Extension: (Chrome Media Router) - C:\Users\other\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-14] CHR Profile: C:\Users\other\AppData\Local\Google\Chrome\User Data\System Profile [2021-04-04] CHR HKU\S-1-5-21-816131170-1439977655-1545633551-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bckipplcmnfhblnpibpbehenelnkpecd] - C:\Program Files (x86)\OkayFreedom\okayfreedom.crx [2013-12-05] CHR HKU\S-1-5-21-816131170-1439977655-1545633551-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKU\S-1-5-21-816131170-1439977655-1545633551-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] CHR HKU\S-1-5-21-816131170-1439977655-1545633551-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-10-14] Opera: ======= OPR Profile: C:\Users\other\AppData\Roaming\Opera Software\Opera Stable [2021-04-05] OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding} OPR Extension: (Rich Hints Agent) - C:\Users\other\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-03-27] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated) S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6076936 2018-05-14] (BattlEye Innovations e.K. -> ) S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [387128 2017-05-23] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.) S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-05-23] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.) S4 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [406584 2017-05-23] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.) S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\90.0.4430.26\remoting_host.exe [71280 2021-03-14] (Google LLC -> Google LLC) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-02-28] (Dropbox, Inc -> Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-02-28] (Dropbox, Inc -> Dropbox, Inc.) R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44272 2021-03-30] (Dropbox, Inc -> Dropbox, Inc.) S4 DES2 Service; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [68136 2009-06-17] (Giga-Byte Technology -> ) S3 Disc Soft Ultra Bus Service; C:\Program Files\DAEMON Tools Ultra\DiscSoftBusServiceUltra.exe [5680320 2017-10-26] (Disc Soft Ltd -> Disc Soft Ltd) R2 DisplayFusionService; A:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [10570704 2020-12-28] (Binary Fortress Software Ltd -> Binary Fortress Software) S4 Ds3Service; A:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpService.exe [394944 2016-04-12] (Open Source Developer, Benjamin Höglinger-Stelzer -> Scarlet.Crush Productions) S4 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [775296 2018-04-05] (EasyAntiCheat Oy -> EasyAntiCheat Ltd) S4 Giraffic; C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2245232 2013-05-13] (GIRAFFIC TECHNOLOGIES LTD -> Giraffic) S4 HiPatchService; A:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-07-18] (Hi-Rez Studios) [File not signed] S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed] S4 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-03-30] (Logitech Inc -> Logitech Inc.) R2 MBAMService; A:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-04-03] (Malwarebytes Inc -> Malwarebytes) S4 Nero BackItUp Scheduler 3; A:\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-06-08] (Nero AG -> Nero AG) S4 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-06-24] (Nero AG -> Nero AG) S4 OkayFreedom VPN Starter Service; C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [317792 2013-12-10] (Steganos Software GmbH -> Steganos Software GmbH) S4 Origin Client Service; A:\Program Files (x86)\Origin\OriginClientService.exe [2167056 2019-02-13] (Electronic Arts, Inc. -> Electronic Arts) [File not signed] S4 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed] R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-12-07] (Even Balance, Inc. -> ) S4 ptservice; A:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ptservice.exe [17816 2014-01-20] (OpenVPN Technologies, Inc. -> OpenVPN Technologies, Inc) S4 RaAutoInstSrv_AM10; C:\Program Files (x86)\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe [528512 2010-02-19] (Cisco Consumer Products LLC -> Cisco Consumer Products LLC) R2 RealtekWlanU; C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe [48856 2014-10-09] (Realtek Semiconductor Corp -> Realtek) S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc. -> CACE Technologies, Inc.) S2 RTLDHCPService; C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe [262360 2014-10-09] (Realtek Semiconductor Corp -> Realtek) S4 SbieSvc; A:\Program Files\Sandboxie\SbieSvc.exe [123664 2012-12-16] (SANDBOXIE L.T.D -> SANDBOXIE L.T.D) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6477936 2021-03-11] (Microsoft Windows Publisher -> Microsoft Corporation) S4 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) [File not signed] R2 ss_conn_service; A:\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-15] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed] R2 UTSCSI; C:\Windows\SysWOW64\UTSCSI.EXE [45056 2012-12-18] () [File not signed] S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10359000 2021-03-25] (Riot Games, Inc. -> Riot Games, Inc.) R2 VPNUnlimitedService; A:\Program Files (x86)\VPN Unlimited\vpn-unlimited-daemon.exe [47616 2020-12-24] (KeepSolid Inc.) [File not signed] R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\NisSrv.exe [2483616 2021-03-15] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MsMpEng.exe [128376 2021-03-15] (Microsoft Windows Publisher -> Microsoft Corporation) S3 FOLIKRSV; "C:\Users\other\AppData\Roaming\Follow Liker\mdb\bin\folikrSrv.exe" --defaults-file="C:\Users\other\AppData\Roaming\Follow Liker\mdb\bin\srv.ini" FOLIKRSV R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvmd.inf_amd64_1408eaf9a25ed64f\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvmd.inf_amd64_1408eaf9a25ed64f\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem S4 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin" ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [312480 2020-01-03] (Tages SA -> ) R2 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv_bgp.sys [315976 2020-10-04] (Bluestack Systems, Inc -> Bluestack System Inc.) S3 busenum; C:\WINDOWS\System32\DRIVERS\SteelBus64.sys [112128 2012-05-22] (SteelSeries Corporation) [File not signed] R1 Capsax64Drv0; C:\WINDOWS\System32\Drivers\Capsax64Drv0.sys [35976 2014-08-15] (Colasoft LLC -> Colasoft Co., Ltd.) R3 CMUACWO; C:\WINDOWS\System32\drivers\CMUACWO.sys [357376 2013-02-19] (C-MEDIA ELECTRONICS INC. -> C-Media Inc.) R1 CSN5PDTS82x64; C:\WINDOWS\System32\Drivers\CSN5PDTS82x64.sys [34840 2012-10-24] (Chengdu Colasoft Co., Ltd. -> Colasoft Co., Ltd.) S1 CsNdisLWF; C:\WINDOWS\System32\Drivers\CsNdisLWF.sys [44400 2017-07-11] (Colasoft Co., Ltd -> Windows (R) Win 7 DDK provider) S1 CsNdisLWF; C:\Windows\SysWOW64\Drivers\CsNdisLWF.sys [44400 2017-07-11] (Colasoft Co., Ltd -> Windows (R) Win 7 DDK provider) S3 DFX11_1; C:\WINDOWS\System32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Power Technology -> Windows (R) Win 7 DDK provider) S3 DIRECTIO; A:\Program Files\PerformanceTest\DirectIo64.sys [31160 2014-04-24] (PassMark Software Pty Ltd -> ) R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [271424 2011-12-10] (DT Soft Ltd -> DT Soft Ltd) S3 etdrv; C:\Windows\etdrv.sys [25640 2012-03-11] (Giga-Byte Technology -> Windows (R) Server 2003 DDK provider) R3 EuMusDesignVirtualAudioCableWdm; C:\WINDOWS\System32\drivers\vrtaucbl.sys [90624 2013-09-05] (NTONYX Ltd. -> Eugene V. Muzychenko) S3 gdrv; C:\Windows\gdrv.sys [25640 2018-11-21] (Giga-Byte Technology -> Windows (R) Server 2003 DDK provider) S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-05-15] (GIGA-BYTE TECHNOLOGY CO., LTD -> ) R3 LGBusEnum; C:\WINDOWS\system32\drivers\LGBusEnum.sys [37408 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Logitech Inc.) R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech) R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Logitech Inc.) S3 LGVirHid; C:\WINDOWS\system32\drivers\LGVirHid.sys [26912 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Logitech Inc.) R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [43168 2020-01-03] (Tages SA -> ) S3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [38136 2019-05-04] (Logitech Inc -> Logitech) S3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [66808 2019-05-04] (Logitech Inc -> Logitech) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220616 2021-04-05] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-06-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-04-04] (Malwarebytes Inc -> Malwarebytes) R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2019-11-11] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.) R3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [40664 2014-01-20] (OpenVPN Technologies, Inc. -> The OpenVPN Project) R3 RimVSerPort; C:\WINDOWS\system32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Microsoft Windows Hardware Compatibility Publisher -> Research in Motion Ltd) S3 RTCore64; A:\Program Files (x86)\MSI Afterburner\RTCore64.sys [24000 2019-09-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> ) S3 RtlWlanu; C:\WINDOWS\system32\DRIVERS\rtwlanu.sys [9834072 2019-03-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation) S3 SbieDrv; A:\Program Files\Sandboxie\SbieDrv.sys [202632 2012-12-16] (SANDBOXIE L.T.D -> SANDBOXIE L.T.D) R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2017-06-19] (Bruce James -> Scarlet.Crush Productions) R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project) S3 taphss6; C:\WINDOWS\System32\DRIVERS\taphss6.sys [42184 2014-01-14] (AnchorFree Inc -> Anchorfree Inc.) S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) R1 VBoxUSBMon; C:\WINDOWS\System32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-15] (Duodian Online Technology Co. Ltd. -> BigNox Corporation) S1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [6436768 2021-03-25] (Riot Games, Inc. -> Riot Games, Inc.) S3 vhidmini; C:\WINDOWS\System32\DRIVERS\vHidDev.sys [7552 2009-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) R3 VKbms; C:\WINDOWS\System32\drivers\VKbms.sys [13312 2010-10-01] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-03-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [420072 2021-03-15] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-15] (Microsoft Windows -> Microsoft Corporation) S3 wintun; \SystemRoot\system32\DRIVERS\wintun.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-04-05 04:25 - 2021-04-05 04:25 - 000220616 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2021-04-05 04:25 - 2021-04-05 04:25 - 000000000 ____D C:\Users\terry\AppData\Roaming\Subversion 2021-04-05 04:22 - 2021-04-05 04:26 - 000000000 ____D C:\Users\terry\AppData\Local\OpenShell 2021-04-05 04:22 - 2021-04-05 04:22 - 000002401 _____ C:\Users\terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-04-05 04:22 - 2021-04-05 04:22 - 000000000 ____D C:\Users\terry\AppData\Roaming\OpenShell 2021-04-04 17:57 - 2021-04-04 17:57 - 000003786 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn 2021-04-04 17:57 - 2021-04-04 17:57 - 000003344 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime 2021-04-04 17:56 - 2021-04-04 17:57 - 000018222 _____ C:\Users\other\Desktop\eset.txt 2021-04-04 09:51 - 2021-04-04 09:51 - 015019488 _____ (ESET spol. s r.o.) C:\Users\other\Desktop\esetonlinescanner.exe 2021-04-04 09:51 - 2021-04-04 09:51 - 000000664 _____ C:\Users\other\Desktop\ESET Online Scanner.lnk 2021-04-04 09:43 - 2021-04-04 09:46 - 000000262 _____ C:\Users\other\Desktop\Search.txt 2021-04-04 09:15 - 2021-04-04 09:15 - 000000915 _____ C:\ProgramData\Desktop\Revo Uninstaller.lnk 2021-04-04 09:15 - 2021-04-04 09:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2021-04-04 06:56 - 2021-04-04 06:56 - 000001585 _____ C:\Users\other\Desktop\AdwCleaner[S01].txt 2021-04-04 06:53 - 2021-04-04 06:53 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2021-04-04 06:53 - 2020-06-06 23:34 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2021-04-04 06:51 - 2021-04-04 06:51 - 002084016 _____ (Malwarebytes) C:\Users\other\Desktop\MBSetup.exe 2021-04-04 06:49 - 2021-04-04 06:49 - 008534696 _____ (Malwarebytes) C:\Users\other\Desktop\AdwCleaner.exe 2021-04-04 06:29 - 2021-04-04 09:09 - 000003613 _____ C:\Users\other\Desktop\Fixlog.txt 2021-04-03 13:56 - 2021-04-04 07:54 - 000158867 _____ C:\Users\other\Desktop\Addition.txt 2021-04-03 13:50 - 2021-04-05 04:31 - 000055119 _____ C:\Users\other\Desktop\FRST.txt 2021-04-03 13:49 - 2021-04-03 13:49 - 002298368 _____ (Farbar) C:\Users\other\Desktop\FRST64.exe 2021-04-03 13:19 - 2021-04-03 13:32 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4434D4F0.sys 2021-04-03 13:13 - 2021-04-04 06:53 - 000000978 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-04-01 05:14 - 2021-04-01 05:14 - 000000000 ____D C:\Users\other\AppData\Local\Tempzxpsign6e71dfae148c754e 2021-04-01 05:13 - 2021-04-01 05:13 - 000000000 ____D C:\Users\other\AppData\Local\Tempzxpsignbe6a18345c6b4cee 2021-03-31 21:07 - 2021-03-31 21:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2021-03-30 10:52 - 2021-03-30 10:52 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2021-03-30 10:52 - 2021-03-30 10:52 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys 2021-03-30 10:52 - 2021-03-30 10:52 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys 2021-03-30 10:52 - 2021-03-30 10:52 - 000044272 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe 2021-03-27 16:33 - 2021-03-27 16:33 - 002406648 _____ (Opera Software) C:\Users\other\Downloads\OperaSetup.exe 2021-03-27 16:27 - 2021-03-27 16:27 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2021-03-20 01:59 - 2021-03-20 01:59 - 000001043 _____ C:\ProgramData\Desktop\DisplayFusion.lnk 2021-03-20 01:59 - 2021-03-20 01:59 - 000000000 __SHD C:\Users\other\AppData\Roaming\Common 2021-03-20 01:59 - 2021-03-20 01:59 - 000000000 ____D C:\Users\other\AppData\Local\DisplayFusion 2021-03-20 01:59 - 2021-03-20 01:59 - 000000000 ____D C:\Users\other\AppData\Local\Binary_Fortress_Software 2021-03-20 01:59 - 2021-03-20 01:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DisplayFusion 2021-03-20 01:59 - 2021-03-20 01:59 - 000000000 ____D C:\ProgramData\Binary Fortress Software 2021-03-20 01:23 - 2021-03-20 01:23 - 000000000 ____D C:\Users\other\AppData\Roaming\BID 2021-03-20 01:23 - 2021-03-20 01:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulk Image Downloader 2021-03-20 01:22 - 2021-03-20 01:22 - 000000000 ____D C:\Users\other\AppData\Local\Bulk Image Downloader 2021-03-20 01:18 - 2021-03-20 01:18 - 000000000 ____D C:\Temp 2021-03-20 01:13 - 2021-03-20 01:13 - 000000000 ____D C:\Users\other\AppData\Roaming\wgDownloader 2021-03-17 01:29 - 2021-03-17 01:29 - 000000000 ____D C:\Users\other\AppData\Local\Tempzxpsign98c3298e8a236fa6 2021-03-16 22:27 - 2021-03-16 22:28 - 000003522 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0 2021-03-16 22:26 - 2021-04-04 15:30 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData 2021-03-16 16:53 - 2021-04-04 00:52 - 000000000 ____D C:\Users\other\AppData\Local\CrashDumps 2021-03-15 15:17 - 2021-04-05 04:21 - 000000000 ____D C:\Users\other\AppData\Local\OpenShell 2021-03-15 15:17 - 2021-03-15 15:16 - 000001929 _____ C:\Users\other\AppData\Roaming\Microsoft\Windows\Start Menu\startscreen.lnk 2021-03-15 15:16 - 2021-03-15 15:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open-Shell 2021-03-15 15:09 - 2021-03-15 15:09 - 000000000 ____D C:\Users\other\AppData\Roaming\CrystalIdea Software 2021-03-14 22:27 - 2021-03-14 22:27 - 000000713 _____ C:\Users\other\Desktop\ShareX.lnk 2021-03-14 20:40 - 2021-03-14 20:40 - 000000000 ____D C:\Users\other\Creative Cloud Files 2021-03-14 20:17 - 2021-03-14 20:17 - 000000926 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2017.lnk 2021-03-14 20:17 - 2021-03-14 20:17 - 000000000 ____D C:\ProgramData\Documents\Adobe 2021-03-14 18:44 - 2021-03-14 18:44 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\616EE437.sys 2021-03-14 18:35 - 2021-04-03 14:00 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2021-03-14 08:29 - 2021-03-14 08:29 - 000000000 ____D C:\Users\other\Documents\WonderFox Soft 2021-03-14 08:28 - 2021-03-15 15:20 - 000000000 ____D C:\Users\other\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WonderFox Soft 2021-03-14 08:07 - 2021-03-14 08:07 - 000000000 ____D C:\Users\other\AppData\Roaming\mpv 2021-03-14 08:05 - 2021-03-14 08:05 - 000000851 _____ C:\Users\other\Desktop\MPC-HC.lnk 2021-03-14 08:05 - 2021-03-14 08:05 - 000000839 _____ C:\Users\other\Desktop\MPC-HC x64.lnk 2021-03-14 08:05 - 2021-03-14 08:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64 2021-03-14 08:05 - 2021-03-14 08:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC 2021-03-14 08:05 - 2021-03-14 08:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow x64 2021-03-14 08:05 - 2021-03-14 08:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow 2021-03-14 08:01 - 2021-03-14 08:07 - 000000000 ____D C:\Users\other\AppData\Roaming\SVP4 2021-03-14 08:01 - 2021-03-14 08:01 - 000000776 _____ C:\Users\other\Desktop\SVP 4 Pro.lnk 2021-03-14 08:01 - 2021-03-14 08:01 - 000000748 _____ C:\ProgramData\Desktop\Configure ReClock.lnk 2021-03-14 08:01 - 2021-03-14 08:01 - 000000000 ____D C:\Users\other\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SVP 4 2021-03-14 08:01 - 2021-03-14 08:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReClock 2021-03-14 08:01 - 2021-03-14 08:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters 2021-03-14 08:01 - 2021-03-14 08:01 - 000000000 ____D C:\Program Files (x86)\LAV Filters 2021-03-14 07:57 - 2021-03-15 15:21 - 000000000 ____D C:\Users\other\AppData\Local\Mirillis 2021-03-14 07:57 - 2021-03-14 07:57 - 000000986 _____ C:\Users\other\Desktop\Splash.lnk 2021-03-14 07:57 - 2021-03-14 07:57 - 000000000 ____D C:\Users\other\AppData\Roaming\Mirillis 2021-03-14 07:57 - 2021-03-14 07:57 - 000000000 ____D C:\Users\other\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mirillis 2021-03-14 07:57 - 2021-03-14 07:57 - 000000000 ____D C:\ProgramData\Mirillis 2021-03-14 07:56 - 2021-03-14 07:56 - 000000000 ____D C:\Users\other\AppData\Roaming\Apowersoft 2021-03-14 07:56 - 2019-11-11 21:44 - 000036600 _____ (Riverbed Technology, Inc.) C:\WINDOWS\system32\Drivers\npf.sys 2021-03-14 06:08 - 2021-03-14 06:08 - 001304160 _____ (Google LLC) C:\Users\other\Downloads\ChromeSetup.exe 2021-03-14 05:39 - 2021-03-30 18:24 - 000001018 _____ C:\Users\other\Desktop\Rkill.txt 2021-03-14 05:32 - 2021-03-14 05:35 - 000202326 _____ C:\WINDOWS\ntbtlog.txt 2021-03-12 02:39 - 2021-03-12 02:39 - 000000000 ____D C:\Users\other\AppData\Roaming\4kdownload.com 2021-03-11 00:46 - 2021-03-11 00:46 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2021-03-11 00:46 - 2021-03-11 00:46 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2021-03-11 00:46 - 2021-03-11 00:46 - 001757632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2021-03-11 00:46 - 2021-03-11 00:46 - 001365640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2021-03-11 00:46 - 2021-03-11 00:46 - 001282360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2021-03-11 00:46 - 2021-03-11 00:46 - 000861696 _____ C:\WINDOWS\system32\MBR2GPT.EXE 2021-03-11 00:46 - 2021-03-11 00:46 - 000515584 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll 2021-03-11 00:46 - 2021-03-11 00:46 - 000000357 _____ C:\WINDOWS\system32\DrtmAuth19.bin 2021-03-11 00:46 - 2021-03-11 00:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin 2021-03-11 00:46 - 2021-03-11 00:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin 2021-03-11 00:46 - 2021-03-11 00:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin 2021-03-11 00:46 - 2021-03-11 00:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin 2021-03-11 00:46 - 2021-03-11 00:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin 2021-03-11 00:46 - 2021-03-11 00:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin 2021-03-11 00:46 - 2021-03-11 00:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin 2021-03-11 00:46 - 2021-03-11 00:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin 2021-03-11 00:46 - 2021-03-11 00:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth18.bin 2021-03-11 00:46 - 2021-03-11 00:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth17.bin 2021-03-11 00:46 - 2021-03-11 00:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth16.bin 2021-03-11 00:46 - 2021-03-11 00:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth15.bin 2021-03-11 00:46 - 2021-03-11 00:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin 2021-03-11 00:46 - 2021-03-11 00:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin 2021-03-11 00:46 - 2021-03-11 00:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin 2021-03-11 00:46 - 2021-03-11 00:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-04-05 04:30 - 2019-12-07 20:06 - 001585530 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-04-05 04:30 - 2019-12-07 19:02 - 000517330 _____ C:\WINDOWS\system32\perfh012.dat 2021-04-05 04:30 - 2019-12-07 19:02 - 000149268 _____ C:\WINDOWS\system32\perfc012.dat 2021-04-05 04:30 - 2019-03-18 21:50 - 000000000 ____D C:\WINDOWS\INF 2021-04-05 04:30 - 2016-08-15 05:12 - 000000000 ____D C:\FRST 2021-04-05 04:28 - 2014-01-01 21:37 - 000000000 ____D C:\ProgramData\NVIDIA 2021-04-05 04:26 - 2020-02-11 20:25 - 000003112 _____ C:\WINDOWS\system32\Tasks\AMDInstallLauncher 2021-04-05 04:26 - 2020-02-11 20:25 - 000003098 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate 2021-04-05 04:26 - 2012-03-21 09:31 - 000000000 ____D C:\Users\terry\AppData\Local\TSVNCache 2021-04-05 04:25 - 2019-12-07 20:11 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-04-05 04:25 - 2019-03-18 21:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-04-05 04:25 - 2019-03-18 21:37 - 001048576 _____ C:\WINDOWS\system32\config\BBI 2021-04-05 04:24 - 2019-04-25 18:42 - 000000000 ____D C:\Users\other\Documents\ShareX 2021-04-05 04:24 - 2019-03-18 21:52 - 000000000 ___HD C:\Program Files\WindowsApps 2021-04-05 04:24 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-04-05 04:24 - 2019-02-16 20:51 - 000000000 ____D C:\Users\other\AppData\Roaming\Discord 2021-04-05 04:22 - 2019-12-07 20:11 - 000003364 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-816131170-1439977655-1545633551-1000 2021-04-05 04:22 - 2019-05-04 16:34 - 000000000 ___RD C:\Users\terry\OneDrive 2021-04-05 04:22 - 2019-05-04 16:30 - 000000000 ____D C:\Users\terry\AppData\Local\Packages 2021-04-05 04:22 - 2014-07-29 02:00 - 000000000 ____D C:\Users\terry\AppData\Local\Adobe 2021-04-05 01:45 - 2020-08-03 14:42 - 000000000 ____D C:\Users\other\AppData\Local\ESET 2021-04-04 22:55 - 2019-12-07 19:56 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-04-04 13:54 - 2019-09-11 04:03 - 000000000 ____D C:\Users\other\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Ultra 2021-04-04 13:54 - 2019-09-11 04:03 - 000000000 ____D C:\Program Files\DAEMON Tools Ultra 2021-04-04 09:51 - 2020-08-03 14:42 - 000000810 _____ C:\Users\other\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk 2021-04-04 09:36 - 2012-05-01 18:48 - 000000000 ____D C:\ProgramData\Mozilla 2021-04-04 09:35 - 2019-04-26 00:23 - 000000000 ____D C:\Users\other\AppData\LocalLow\Mozilla 2021-04-04 09:28 - 2013-09-08 12:49 - 000000000 ____D C:\ProgramData\InstallMate 2021-04-04 06:53 - 2019-07-26 22:00 - 000000978 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2021-04-04 06:53 - 2019-03-18 21:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2021-04-04 06:30 - 2011-12-10 07:17 - 000000000 ____D C:\Users\terry\AppData\LocalLow\Temp 2021-04-04 06:29 - 2019-12-07 20:01 - 000000000 ____D C:\Users\other 2021-04-04 06:29 - 2009-07-13 20:20 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy 2021-04-04 06:24 - 2019-03-30 23:05 - 000000000 ____D C:\Users\terry\AppData\Local\DiscordPTB 2021-04-04 06:24 - 2016-08-23 01:38 - 000000000 ____D C:\Users\terry\AppData\Local\Discord 2021-04-04 06:14 - 2013-05-11 00:53 - 000000000 ____D C:\Program Files (x86)\Java 2021-04-04 06:14 - 2013-02-23 01:17 - 000000000 ____D C:\WINDOWS\SysWOW64\Adobe 2021-04-04 06:13 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\Macromed 2021-04-04 06:12 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2021-04-03 20:14 - 2015-10-13 11:21 - 000000000 ____D C:\Users\other\Documents\StarCraft II 2021-04-03 19:30 - 2017-06-09 02:16 - 000000000 ____D C:\ProgramData\BlueStacksSetup 2021-04-03 13:11 - 2019-07-26 22:00 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2021-04-03 08:12 - 2020-05-07 19:13 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-04-03 08:12 - 2020-05-07 19:13 - 000002259 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk 2021-03-31 23:15 - 2019-04-25 03:08 - 000000000 ____D C:\Users\other\AppData\Local\BitTorrentHelper 2021-03-31 23:15 - 2015-12-01 04:45 - 000000000 ____D C:\Users\other\AppData\Roaming\uTorrent 2021-03-31 23:12 - 2014-07-17 15:42 - 000000000 ____D C:\Users\other\AppData\Roaming\vlc 2021-03-31 21:07 - 2019-02-28 21:23 - 000000000 ____D C:\Program Files (x86)\Dropbox 2021-03-31 15:28 - 2020-06-11 20:29 - 000000001 _____ C:\WINDOWS\vgkbootstatus.dat 2021-03-31 05:12 - 2013-02-15 00:38 - 000000000 ____D C:\Users\other\AppData\Local\TSVNCache 2021-03-27 17:48 - 2019-04-10 20:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2021-03-27 17:48 - 2012-05-01 18:48 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2021-03-27 17:46 - 2021-02-08 17:36 - 000000000 ____D C:\Users\other\AppData\Roaming\WhatsApp 2021-03-27 16:33 - 2020-12-16 01:58 - 000004418 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1608109099 2021-03-27 16:33 - 2020-12-16 01:58 - 000004164 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1608109085 2021-03-27 16:33 - 2020-12-16 01:58 - 000001437 _____ C:\Users\other\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk 2021-03-27 16:27 - 2011-12-10 22:33 - 000001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2021-03-26 20:37 - 2021-02-08 17:35 - 000000000 ____D C:\Users\other\AppData\Local\WhatsApp 2021-03-26 19:03 - 2015-12-05 02:46 - 000000000 ____D C:\Users\other\AppData\Roaming\Battle.net 2021-03-25 20:00 - 2019-01-02 18:38 - 000002073 _____ C:\ProgramData\Desktop\Google Slides.lnk 2021-03-25 20:00 - 2019-01-02 18:38 - 000002071 _____ C:\ProgramData\Desktop\Google Sheets.lnk 2021-03-25 20:00 - 2019-01-02 18:38 - 000002061 _____ C:\ProgramData\Desktop\Google Docs.lnk 2021-03-25 20:00 - 2019-01-02 18:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google 2021-03-20 22:50 - 2015-12-05 02:46 - 000000000 ____D C:\Users\other\AppData\Local\Battle.net 2021-03-19 00:07 - 2019-07-21 02:17 - 000000000 ____D C:\Users\other\AppData\Roaming\obs-studio 2021-03-17 16:00 - 2020-07-23 19:15 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2021-03-17 04:41 - 2019-05-02 16:18 - 000000000 ____D C:\Users\other\AppData\Local\Adobe 2021-03-15 15:18 - 2019-05-04 16:16 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2021-03-15 12:40 - 2019-12-07 20:11 - 000003364 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-816131170-1439977655-1545633551-1002 2021-03-15 12:40 - 2019-12-07 20:01 - 000002401 _____ C:\Users\other\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-03-15 12:40 - 2019-05-04 19:18 - 000000000 ___RD C:\Users\other\OneDrive 2021-03-14 22:27 - 2015-09-09 12:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShareX 2021-03-14 20:31 - 2015-12-01 04:46 - 000000000 ____D C:\Users\other\AppData\Roaming\Adobe 2021-03-14 20:14 - 2013-04-19 13:24 - 000000000 ____D C:\ProgramData\Package Cache 2021-03-14 20:07 - 2019-05-04 16:31 - 000000000 ____D C:\Users\terry\AppData\Local\MicrosoftEdge 2021-03-14 20:07 - 2018-05-23 06:29 - 000000000 ____D C:\Users\terry\AppData\Local\MEGAsync 2021-03-14 18:57 - 2020-12-11 16:53 - 000000000 ____D C:\Users\other\AppData\Local\Shift 2021-03-14 18:57 - 2020-12-06 16:07 - 000000000 ____D C:\Users\other\AppData\Local\BlueStacksSetup 2021-03-14 18:44 - 2019-03-16 17:41 - 000000000 ____D C:\ProgramData\Malwarebytes 2021-03-14 15:03 - 2019-03-18 21:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-03-14 08:06 - 2020-11-23 23:35 - 000000000 ____D C:\Users\other\.cache 2021-03-14 08:05 - 2016-10-27 04:24 - 000000000 ____D C:\Program Files (x86)\AviSynth+ 2021-03-14 06:07 - 2020-10-28 02:26 - 000000000 ____D C:\Users\other\AppData\Roaming\Shift 2021-03-14 06:07 - 2019-05-08 15:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2021-03-14 06:07 - 2019-05-08 15:40 - 000000000 ____D C:\Users\other\AppData\Roaming\Samsung 2021-03-14 06:04 - 2013-09-03 13:16 - 000000000 ____D C:\AdwCleaner 2021-03-14 05:53 - 2018-01-19 17:18 - 000000000 ___RD C:\Users\terry\Desktop\new s 2021-03-14 05:28 - 2019-03-30 23:05 - 000000000 ____D C:\Users\terry\AppData\Roaming\discordptb 2021-03-14 05:25 - 2019-05-04 16:30 - 000000000 ___RD C:\Users\terry\3D Objects 2021-03-11 23:54 - 2020-06-05 07:08 - 000000000 ____D C:\Users\other\AppData\Local\SquirrelTemp 2021-03-11 14:00 - 2019-05-04 19:17 - 000000000 ___RD C:\Users\other\3D Objects 2021-03-11 13:59 - 2019-12-07 19:56 - 005218928 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-03-11 13:58 - 2019-03-18 23:23 - 000000000 ___SD C:\WINDOWS\system32\AppV 2021-03-11 13:58 - 2019-03-18 23:23 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2021-03-11 13:58 - 2019-03-18 21:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-03-11 13:58 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2021-03-11 13:58 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2021-03-11 13:58 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv 2021-03-11 13:58 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-03-11 13:58 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\SystemResources 2021-03-11 13:58 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2021-03-11 13:58 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\setup 2021-03-11 13:58 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-03-11 13:58 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\inetsrv 2021-03-11 13:58 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-03-11 13:58 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\ShellExperiences 2021-03-11 13:58 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\Provisioning 2021-03-11 13:58 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2021-03-11 13:58 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-03-11 02:16 - 2020-10-29 00:29 - 000000000 ____D C:\Users\other\AppData\Local\xwalk 2021-03-10 08:43 - 2017-12-19 04:01 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2021-03-10 01:38 - 2019-04-25 01:09 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-03-10 01:27 - 2011-12-10 20:35 - 131005360 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe ==================== Files in the root of some directories ======== 2019-10-20 13:38 - 2020-11-16 22:20 - 000000132 _____ () C:\Users\other\AppData\Roaming\Adobe PNG Format CS5 Prefs 2020-10-29 00:29 - 2020-10-29 00:29 - 000045056 _____ () C:\Users\other\AppData\Roaming\Web Data 2020-10-29 00:29 - 2020-10-29 00:29 - 000000000 _____ () C:\Users\other\AppData\Roaming\Web Data-journal 2020-11-28 16:04 - 2020-11-28 16:04 - 000001456 _____ () C:\Users\other\AppData\Local\Adobe Save for Web 13.0 Prefs 2021-03-17 01:28 - 2021-03-17 01:28 - 000000000 _____ () C:\Users\other\AppData\Local\oobelibMkey.log ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================