Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-06-2021 Ran by hp (administrator) on DESKTOP-ESKAMO (HP HP EliteBook 820 G3) (04-06-2021 12:18:02) Running from C:\Users\hp\Desktop Loaded Profiles: hp Platform: Windows 10 Pro Version 21H1 19043.1023 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Brother Industries, Ltd. -> Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd. -> Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe (Conexant Systems LLC -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\HP-NB-AIO\SmartAudio3.exe (Conexant Systems LLC -> Conexant Systems, Inc.) C:\Windows\CxSvc\CxUtilSvc.exe (Conexant Systems LLC -> Conexant) C:\Windows\System32\MicTray64.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <10> (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe (Intel Corporation -> IntelĀ® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e6daaea9afe1e6f6\igfxCUIService.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e6daaea9afe1e6f6\igfxEM.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e6daaea9afe1e6f6\IntelCpHDCPSvc.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e6daaea9afe1e6f6\IntelCpHeciSvc.exe (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows Hardware Compatibility Publisher -> ) C:\Windows\System32\fpCSEvtSvc.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.3-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.3-0\NisSrv.exe (Synaptics Incorporated -> Conexant Systems, Inc) C:\Windows\CxSvc\CxMonSvc.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [321112 2020-06-30] (Intel(R) Rapid Storage Technology -> Intel Corporation) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [146584 2017-11-07] (Brother Industries, Ltd. -> Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4509184 2012-12-27] (Brother Industries, Ltd.) [File not signed] HKLM-x32\...\Run: [BrStsInd00] => C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe [1885184 2012-12-18] (Brother Industries, Ltd.) [File not signed] HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\Run: [Facebook.MessengerDesktop] => C:\Users\hp\AppData\Local\Programs\Messenger\Messenger.exe [110793432 2021-01-29] (Facebook, Inc. -> Facebook, Inc.) HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\Policies\Explorer: [NoInstrumentation] 1 HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\91.0.4472.77\Installer\chrmstp.exe [2021-06-03] (Google LLC -> Google LLC) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {04556107-BE88-4B5C-A3F4-575022F5A61F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2367296 2021-05-13] (Microsoft Corporation -> Microsoft Corporation) Task: {1DF1C8D7-3684-48C0-91CC-C2C62A74722E} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\osfinstaller.exe [115280 2021-05-13] (Microsoft Corporation -> Microsoft Corporation) Task: {1F65A0C3-4B40-4AE6-801D-ABB187E745B4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.3-0\MpCmdRun.exe [644872 2021-06-02] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {3485E6B5-89C9-4783-B364-83186327B19E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23949600 2019-05-30] (Microsoft Corporation -> Microsoft Corporation) Task: {3C210349-0802-45AD-8E9D-70FFF38AE05C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [3821352 2021-05-13] (Microsoft Corporation -> Microsoft Corporation) Task: {41598EE1-8FCB-4823-B173-AB28F5B8E481} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.3-0\MpCmdRun.exe [644872 2021-06-02] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {5ACC3883-014C-406C-AF91-54823E0F966B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-06-03] (Google LLC -> Google LLC) Task: {9840BFD4-49F0-49D1-80E6-C363E9E138C4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.3-0\MpCmdRun.exe [644872 2021-06-02] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {BE0D4585-FE7C-420F-A80B-C0AE6E68A256} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2367296 2021-05-13] (Microsoft Corporation -> Microsoft Corporation) Task: {CC88242B-D99A-4B31-99B4-42816A2BB5AD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23949600 2019-05-30] (Microsoft Corporation -> Microsoft Corporation) Task: {D1B8EC5E-E024-4571-80EC-99D6F8C627BA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-06-03] (Google LLC -> Google LLC) Task: {DCBAAC95-C84A-45D8-B5EC-695CE62B0192} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [3821352 2021-05-13] (Microsoft Corporation -> Microsoft Corporation) Task: {E4FAEF16-358C-4878-9911-4F5C55DCA29E} - System32\Tasks\Microsoft\Windows\Conexant\SA3 => C:\Program Files\CONEXANT\SA3\HP-NB-AIO\SACpl.exe [1832280 2017-06-07] (Conexant Systems, Inc. -> Conexant Systems, Inc.) Task: {F13F69E7-3ED4-44BC-BF52-DF700FBE9F18} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK Task: {F8001016-E6A6-469D-9303-46D550BAE990} - System32\Tasks\Microsoft\Windows\Conexant\MicTray => C:\Windows\System32\MicTray64.exe [2938448 2020-07-02] (Conexant Systems LLC -> Conexant) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) AutoConfigURL: [{4E59E86F-97EC-4B8F-89BD-98375AE1E5A5}] => hxxp://127.0.0.1:86/ Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{d87f1634-45a9-4d0b-adbc-b27bde739366}: [DhcpNameServer] 192.168.0.1 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\hp\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-02] Edge HomePage: Default -> hxxp://www.google.com Edge Session Restore: Default -> is enabled. Edge Extension: (Popup Blocker (strict)) - C:\Users\hp\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ijhfkkgjgpcplfeajghagkcebakjcpge [2021-05-28] Edge Profile: C:\Users\hp\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2021-06-02] Edge Profile: C:\Users\hp\AppData\Local\Microsoft\Edge\User Data\Profile 2 [2021-06-02] Edge Profile: C:\Users\hp\AppData\Local\Microsoft\Edge\User Data\Profile 3 [2021-06-02] Edge Profile: C:\Users\hp\AppData\Local\Microsoft\Edge\User Data\Profile 4 [2021-06-02] FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-13] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-05-13] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-05-13] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [No File] Chrome: ======= CHR Profile: C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default [2021-06-04] CHR Notifications: Default -> hxxps://linkvertise.com CHR Extension: (Slides) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-06-03] CHR Extension: (Docs) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-06-01] CHR Extension: (Google Drive) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-06-01] CHR Extension: (YouTube) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-06-01] CHR Extension: (Sheets) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-06-03] CHR Extension: (Google Docs Offline) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-03] CHR Extension: (Chrome Web Store Payments) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-06-01] CHR Extension: (Gmail) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-06-01] CHR Extension: (Chrome Media Router) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-03] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed] R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9662544 2019-05-30] (Microsoft Corporation -> Microsoft Corporation) R2 CxMonSvc; C:\WINDOWS\CxSvc\CxMonSvc.exe [56496 2020-09-09] (Synaptics Incorporated -> Conexant Systems, Inc) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [811120 2020-05-27] (EasyAntiCheat Oy -> Epic Games, Inc) R2 fpCsEvtSvc; C:\WINDOWS\System32\fpCSEvtSvc.exe [23912 2019-03-17] (Microsoft Windows Hardware Compatibility Publisher -> ) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7391408 2021-06-04] (Malwarebytes Inc -> Malwarebytes) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5393304 2021-05-30] (Microsoft Windows Publisher -> Microsoft Corporation) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.3-0\NisSrv.exe [2644776 2021-06-02] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.3-0\MsMpEng.exe [136648 2021-06-02] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BTCFilterService; C:\WINDOWS\System32\drivers\motfilt.sys [6144 2013-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Motorola Inc) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-06-04] (Malwarebytes Inc -> Malwarebytes) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-06-04] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-06-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-06-04] (Malwarebytes Inc -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-06-04] (Malwarebytes Inc -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-06-04] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [156880 2021-06-04] (Malwarebytes Inc -> Malwarebytes) S3 motandroidusb; C:\WINDOWS\System32\Drivers\motoandroid.sys [32768 2013-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Motorola) S3 MotoSwitchService; C:\WINDOWS\System32\drivers\motswch.sys [8832 2013-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Motorola) S3 Motousbnet; C:\WINDOWS\System32\drivers\Motousbnet.sys [27648 2013-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Motorola Mobility Inc) S3 MpKsl9226796b; C:\WINDOWS\system32\MpEngineStore\MpKslDrv.sys [107744 2021-06-04] (Microsoft Windows -> Microsoft Corporation) S3 nfcgpiomanager; C:\WINDOWS\System32\drivers\nfcgpiomanager.sys [31232 2017-12-27] (NXP Semiconductors -> Nfc GPIO Driver) S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (The OpenVPN Project) [File not signed] S3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49008 2020-04-06] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2021-06-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [425208 2021-06-02] (Microsoft Windows -> Microsoft Corporation) S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (NGO -> MBB) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76024 2021-06-02] (Microsoft Windows -> Microsoft Corporation) R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-06-04 12:18 - 2021-06-04 12:21 - 000017741 _____ C:\Users\hp\Desktop\FRST.txt 2021-06-04 12:17 - 2021-06-03 14:17 - 002300416 _____ (Farbar) C:\Users\hp\Desktop\FRST64.exe 2021-06-04 12:13 - 2021-06-04 12:13 - 000003161 _____ C:\Users\hp\Desktop\repor again.txt 2021-06-04 12:10 - 2021-06-04 12:10 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2021-06-04 12:09 - 2021-06-04 12:20 - 000000000 ____D C:\WINDOWS\system32\MpEngineStore 2021-06-04 12:09 - 2021-06-04 12:09 - 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2021-06-04 12:09 - 2021-06-04 12:09 - 000156880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2021-06-04 07:53 - 2021-06-04 08:00 - 1300405696 _____ C:\Users\hp\Downloads\PixelExperience_Plus_oneplus3-11.0-20210516-1636-OFFICIAL.zip 2021-06-04 07:28 - 2021-06-04 07:28 - 000003231 _____ C:\Users\hp\Desktop\repor.txt 2021-06-04 07:17 - 2021-06-04 07:31 - 1162084241 _____ C:\Users\hp\Downloads\PixelExperience_Plus_oneplus3-10.0-20201226-1524-OFFICIAL.zip 2021-06-04 07:03 - 2021-06-04 11:36 - 000000000 ____D C:\AdwCleaner 2021-06-04 06:57 - 2021-06-04 06:57 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2021-06-04 06:53 - 2021-06-04 06:53 - 000000000 ____D C:\Users\hp\AppData\Local\mbam 2021-06-04 06:52 - 2021-06-04 11:44 - 000002029 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2021-06-04 06:52 - 2021-06-04 11:44 - 000002029 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2021-06-04 06:52 - 2021-06-04 06:52 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2021-06-04 06:52 - 2021-06-04 06:52 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2021-06-04 06:52 - 2021-06-04 06:52 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2021-06-04 06:52 - 2021-06-04 06:52 - 000002041 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-06-04 06:52 - 2021-06-04 06:52 - 000000000 ____D C:\ProgramData\Malwarebytes 2021-06-04 06:51 - 2021-06-04 06:51 - 000000000 ____D C:\Program Files\Malwarebytes 2021-06-04 06:36 - 2021-06-04 06:36 - 000051387 _____ C:\Users\Public\Desktop\mbst-clean-results.txt 2021-06-04 06:36 - 2021-06-04 06:36 - 000051387 _____ C:\ProgramData\Desktop\mbst-clean-results.txt 2021-06-04 06:23 - 2021-06-04 06:30 - 008534696 _____ (Malwarebytes) C:\Users\hp\Desktop\AdwCleaner.exe 2021-06-04 06:22 - 2021-06-04 06:22 - 011644232 _____ C:\Users\hp\Downloads\mb-support-1.8.4.896.exe 2021-06-04 06:22 - 2021-06-04 06:22 - 002300416 _____ (Farbar) C:\Users\hp\Downloads\FRSTEnglish.exe 2021-06-04 06:22 - 2021-06-04 06:22 - 002080712 _____ (Malwarebytes) C:\Users\hp\Downloads\MBSetup.exe 2021-06-03 22:04 - 2021-06-03 22:07 - 000035246 _____ C:\Users\hp\Downloads\Fixlog.txt 2021-06-03 21:29 - 2021-06-03 21:29 - 000002325 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-06-03 21:29 - 2021-06-03 21:29 - 000002284 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2021-06-03 21:29 - 2021-06-03 21:29 - 000002284 _____ C:\ProgramData\Desktop\Google Chrome.lnk 2021-06-03 21:29 - 2021-06-03 21:29 - 000000000 ____D C:\Program Files\Google 2021-06-03 21:28 - 2021-06-03 21:28 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2021-06-03 21:28 - 2021-06-03 21:28 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2021-06-03 20:41 - 2021-06-03 20:41 - 000000000 ___HD C:\$SysReset 2021-06-03 16:04 - 2021-06-03 16:04 - 000000000 __SHD C:\found.000 2021-06-03 15:41 - 2018-10-04 12:08 - 000013824 _____ (Kephyr) C:\WINDOWS\system32\ffnd.exe 2021-06-03 15:15 - 2021-06-03 15:43 - 000000000 ____D C:\Users\hp\AppData\Local\FreeFixer 2021-06-03 15:15 - 2021-06-03 15:15 - 000000000 ____D C:\Users\hp\AppData\Roaming\FreeFixer 2021-06-03 14:20 - 2021-06-03 20:37 - 000000000 ____D C:\Users\hp\AppData\Local\BitTorrentHelper 2021-06-03 14:18 - 2021-06-04 12:19 - 000000000 ____D C:\FRST 2021-06-03 14:16 - 2021-06-03 14:17 - 002300416 _____ (Farbar) C:\Users\hp\Downloads\FRST64.exe 2021-06-03 13:40 - 2021-06-03 14:09 - 000000000 ____D C:\Users\hp\AppData\Roaming\Code 2021-06-03 12:24 - 2021-06-03 12:24 - 000000000 ____D C:\Users\hp\AppData\Local\AMSDK 2021-06-03 12:19 - 2021-06-04 12:09 - 000000000 ____D C:\Intel 2021-06-03 11:54 - 2021-06-04 12:18 - 000000000 ____D C:\Users\hp\AppData\Local\D3DSCache 2021-06-03 07:11 - 2021-06-03 07:11 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2021-06-02 21:58 - 2021-06-03 11:57 - 000306994 _____ C:\WINDOWS\ntbtlog.txt 2021-06-01 22:03 - 2021-02-12 23:09 - 000205552 _____ (Ray Hinchliffe) C:\WINDOWS\system32\Drivers\SIVX64.sys 2021-06-01 11:53 - 2021-06-02 17:28 - 000290304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\subinacl.exe 2021-06-01 10:33 - 2021-06-01 10:33 - 000000000 ____D C:\WINDOWS\ERUNT 2021-06-01 07:21 - 2021-06-01 07:21 - 000003372 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2123003089-4285120140-3240528571-1001 2021-06-01 07:21 - 2021-06-01 07:21 - 000002358 _____ C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-05-31 22:31 - 2021-06-04 12:06 - 106430464 _____ C:\WINDOWS\system32\config\SOFTWARE 2021-05-31 21:53 - 2021-05-27 11:53 - 000002675 _____ C:\WINDOWS\system32\Drivers\etc\hosts.old 2021-05-30 13:40 - 2021-05-30 13:40 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2021-05-30 13:40 - 2021-05-30 13:40 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2021-05-30 13:39 - 2021-05-30 13:39 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2021-05-30 13:39 - 2021-05-30 13:39 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2021-05-30 13:39 - 2021-05-30 13:39 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2021-05-30 13:39 - 2021-05-30 13:39 - 000011327 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-05-30 13:38 - 2021-05-30 13:38 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll 2021-05-30 13:38 - 2021-05-30 13:38 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll 2021-05-30 13:38 - 2021-05-30 13:38 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2021-05-30 13:38 - 2021-05-30 13:38 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe 2021-05-30 13:37 - 2021-05-30 13:37 - 001823792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2021-05-30 13:37 - 2021-05-30 13:37 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2021-05-30 13:36 - 2021-05-30 13:36 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll 2021-05-30 13:36 - 2021-05-30 13:36 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll 2021-05-30 13:36 - 2021-05-30 13:36 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2021-05-30 13:36 - 2021-05-30 13:36 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll 2021-05-30 13:36 - 2021-05-30 13:36 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe 2021-05-30 13:36 - 2021-05-30 13:36 - 000097280 _____ C:\WINDOWS\system32\Drivers\cimfs.sys 2021-05-29 21:56 - 2021-05-29 21:56 - 000000335 _____ C:\Users\hp\Desktop\computer.lnk 2021-05-29 21:30 - 2021-05-29 21:30 - 000018997 _____ C:\WINDOWS\system32\energy-report.html 2021-05-26 00:05 - 2021-05-26 00:05 - 000000000 ____D C:\Program Files\Common Files\Intel Corporation 2021-05-24 22:50 - 2021-06-04 12:09 - 000008192 ___SH C:\DumpStack.log.tmp 2021-05-24 22:50 - 2021-05-31 21:13 - 000000000 ____D C:\WINDOWS\Minidump 2021-05-24 19:30 - 2021-05-24 19:30 - 000020853 _____ C:\Users\hp\Downloads\Ratio-Analysis-Template.xlsx 2021-05-24 19:26 - 2021-05-24 19:26 - 000033557 _____ C:\Users\hp\Downloads\Assignment - Ratios and Financials.xlsx 2021-05-22 23:09 - 2021-05-23 04:19 - 000000000 ____D C:\Users\hp\Downloads\win7-starter-eng 2021-05-22 23:06 - 2021-05-22 23:06 - 000000000 ____D C:\Users\hp\Downloads\Windows 7 Ultimate SP1 (32 Bit) 2021-05-21 10:37 - 2021-05-21 10:37 - 000000000 ____D C:\Users\hp\AppData\Local\LumaEmu_SteamCloud 2021-05-13 15:27 - 2021-05-13 15:27 - 000000000 ____D C:\Users\hp\Desktop\Share files 2021-05-13 15:04 - 2021-05-13 15:04 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk 2021-05-13 15:04 - 2021-05-13 15:04 - 000002464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk 2021-05-13 15:04 - 2021-05-13 15:04 - 000002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2021-05-13 15:04 - 2021-05-13 15:04 - 000002458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2021-05-13 15:04 - 2021-05-13 15:04 - 000002422 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2021-05-13 15:04 - 2021-05-13 15:04 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2021-05-13 15:04 - 2021-05-13 15:04 - 000002415 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2021-05-13 15:04 - 2021-05-13 15:04 - 000002409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2021-05-13 15:04 - 2021-05-13 15:04 - 000002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2021-05-13 15:04 - 2021-05-13 15:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2021-05-13 14:53 - 2021-06-01 23:13 - 000000000 ____D C:\Program Files\Microsoft Office 2021-05-13 14:53 - 2021-05-13 14:53 - 000000000 ____D C:\Program Files\Microsoft Office 15 2021-05-10 16:53 - 2021-05-18 14:52 - 000000000 ____D C:\WINDOWS\SysWOW64\directx 2021-05-10 14:38 - 2021-06-01 23:21 - 000000000 ____D C:\ProgramData\Intel Package Cache {05BC4EEB-70E9-4FDB-9A33-72482B0B128E} 2021-05-10 14:21 - 2021-06-01 23:21 - 000000000 ____D C:\ProgramData\Intel Package Cache {1CEAC85D-2590-4760-800F-8DE5E91F3700} ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-06-04 12:15 - 2020-10-16 12:55 - 000777600 _____ C:\WINDOWS\system32\perfh007.dat 2021-06-04 12:15 - 2020-10-16 12:55 - 000159232 _____ C:\WINDOWS\system32\perfc007.dat 2021-06-04 12:15 - 2020-10-16 06:53 - 001805662 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-06-04 12:15 - 2019-12-07 14:58 - 000000000 ____D C:\WINDOWS\INF 2021-06-04 12:12 - 2019-12-07 14:59 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-06-04 12:10 - 2018-11-04 16:28 - 000000000 __SHD C:\Users\hp\IntelGraphicsProfiles 2021-06-04 12:09 - 2020-10-16 07:24 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-06-04 12:09 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\ServiceState 2021-06-04 12:09 - 2019-01-21 21:15 - 000000000 ____D C:\ProgramData\Synaptics 2021-06-04 12:06 - 2019-12-07 14:48 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2021-06-04 12:05 - 2020-10-16 06:29 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-06-04 12:05 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-06-04 11:36 - 2020-05-08 11:08 - 000000000 ____D C:\Program Files (x86)\Lavasoft 2021-06-04 11:36 - 2019-01-22 05:25 - 000000000 ____D C:\Users\hp\AppData\Roaming\Hewlett-Packard 2021-06-04 11:36 - 2019-01-21 22:03 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard 2021-06-04 06:52 - 2019-12-07 14:59 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2021-06-03 22:37 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\SystemApps 2021-06-03 22:06 - 2020-10-16 06:40 - 000000000 ____D C:\Users\hp 2021-06-03 21:55 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\Registration 2021-06-03 21:28 - 2019-01-28 18:19 - 000000000 ____D C:\Program Files (x86)\Google 2021-06-03 21:19 - 2019-01-21 21:36 - 000000000 ____D C:\Users\hp\AppData\Local\Packages 2021-06-03 21:01 - 2019-01-21 22:02 - 000000000 ____D C:\Users\hp\AppData\Roaming\uTorrent 2021-06-03 19:44 - 2018-11-04 20:33 - 000000000 ____D C:\Users\hp\Documents\Rockstar Games 2021-06-03 18:13 - 2019-02-02 09:57 - 000000000 ____D C:\Program Files (x86)\Adobe 2021-06-03 12:52 - 2020-05-18 13:35 - 000000000 ____D C:\ProgramData\Oracle 2021-06-03 11:52 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\System 2021-06-03 11:47 - 2019-07-15 21:46 - 000000000 ____D C:\Users\hp\AppData\LocalLow\Temp 2021-06-03 10:24 - 2019-12-07 14:48 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-06-03 07:08 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2021-06-02 21:57 - 2019-12-07 14:59 - 000000000 ___HD C:\Program Files\WindowsApps 2021-06-02 21:38 - 2020-10-16 06:39 - 000000000 ____D C:\Users\DefaultAppPool 2021-06-02 19:12 - 2021-04-12 19:52 - 000000000 ____D C:\Users\hp\Desktop\New folder (3) 2021-06-02 19:12 - 2020-11-05 20:44 - 000000000 ____D C:\Users\hp\AppData\Local\Messenger 2021-06-02 19:12 - 2020-08-07 10:01 - 000000000 ____D C:\Users\hp\AppData\Roaming\Spotify 2021-06-02 19:12 - 2020-06-04 14:00 - 000000000 ____D C:\Users\hp\AppData\Roaming\Telegram Desktop 2021-06-02 19:12 - 2020-05-23 15:54 - 000000000 ____D C:\Users\hp\AppData\Local\DiskDrill 2021-06-02 19:12 - 2019-12-09 21:09 - 000000000 ____D C:\Users\hp\AppData\Roaming\WhatsApp 2021-06-02 19:12 - 2019-12-09 21:09 - 000000000 ____D C:\Users\hp\AppData\Local\WhatsApp 2021-06-02 19:12 - 2019-12-09 21:09 - 000000000 ____D C:\Users\hp\AppData\Local\SquirrelTemp 2021-06-02 19:12 - 2019-12-07 14:59 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files 2021-06-02 19:12 - 2019-11-21 19:55 - 000000000 ____D C:\Users\hp\AppData\Roaming\EasyAntiCheat 2021-06-02 19:12 - 2019-05-05 22:10 - 000000000 ____D C:\Users\hp\AppData\Local\Warframe 2021-06-02 19:12 - 2019-04-12 22:30 - 000000000 ____D C:\Users\hp\AppData\Local\CrashDumps 2021-06-02 19:12 - 2019-01-21 22:06 - 000000000 ____D C:\Users\hp\AppData\Roaming\hpqLog 2021-06-02 16:58 - 2020-10-16 07:24 - 000000000 ____D C:\WINDOWS\system32\Tasks\Intel 2021-06-02 07:08 - 2019-01-21 21:32 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2021-06-01 23:30 - 2018-11-04 16:09 - 000000000 ___RD C:\Users\hp\OneDrive 2021-06-01 23:21 - 2019-01-26 21:49 - 000000000 ____D C:\Program Files (x86)\Intel 2021-06-01 23:21 - 2019-01-22 10:50 - 000000000 ____D C:\Program Files (x86)\HP 2021-06-01 23:21 - 2019-01-21 21:13 - 000000000 ____D C:\ProgramData\Intel 2021-06-01 23:21 - 2018-11-04 21:38 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2021-06-01 23:14 - 2019-01-21 22:07 - 000000000 ____D C:\ProgramData\Hewlett-Packard 2021-06-01 23:14 - 2019-01-21 22:03 - 000000000 ____D C:\Users\hp\AppData\Local\Hewlett-Packard 2021-06-01 23:13 - 2019-12-07 14:59 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2021-06-01 22:15 - 2018-11-04 22:08 - 000000000 ____D C:\Users\hp\Intel 2021-06-01 13:55 - 2018-11-04 16:20 - 000000000 ____D C:\Users\hp\Desktop\BACKUP 2021-06-01 11:33 - 2019-01-28 18:17 - 000000000 ____D C:\Users\hp\AppData\Local\Google 2021-06-01 09:11 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy 2021-06-01 09:11 - 2019-01-22 10:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy 2021-05-31 22:31 - 2019-10-12 12:59 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware 2021-05-31 21:13 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\ModemLogs 2021-05-30 14:48 - 2020-10-16 06:29 - 000491192 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-05-30 14:44 - 2019-12-07 15:39 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2021-05-30 14:44 - 2019-12-07 14:59 - 000000000 ___RD C:\WINDOWS\PrintDialog 2021-05-30 14:44 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV 2021-05-30 14:44 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE 2021-05-30 14:44 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-05-30 14:44 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\SystemResources 2021-05-30 14:44 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-05-30 14:44 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\system32\lv-LV 2021-05-30 14:44 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\system32\et-EE 2021-05-30 14:44 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-05-30 14:44 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2021-05-30 14:44 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-05-26 00:04 - 2020-05-18 14:58 - 000000000 ____D C:\Program Files\Common Files\Intel 2021-05-26 00:04 - 2019-01-21 21:13 - 000000000 ____D C:\Program Files\Intel 2021-05-20 14:09 - 2020-06-16 08:07 - 000000000 ____D C:\Program Files (x86)\Mr DJ 2021-05-20 13:34 - 2021-02-06 18:55 - 000000000 ____D C:\Program Files (x86)\DODI-Repacks 2021-05-13 15:42 - 2019-01-26 15:48 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-05-13 15:35 - 2019-01-26 15:48 - 132732536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2021-05-13 15:30 - 2018-11-04 20:32 - 000000000 ____D C:\Users\hp\Desktop\Momma files 2021-05-13 15:20 - 2019-07-01 19:19 - 000000000 ____D C:\R.G. Catalyst 2021-05-10 15:08 - 2019-01-21 21:36 - 000000000 ____D C:\Users\hp\AppData\Local\Intel 2021-05-10 14:46 - 2020-05-20 10:36 - 000043632 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\pmxdrv.sys 2021-05-10 14:46 - 2019-01-26 20:28 - 000000000 ____D C:\Swsetup 2021-05-10 13:49 - 2020-05-18 14:59 - 005533024 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\IntelWLANdriver.dll 2021-05-10 13:49 - 2020-05-18 11:45 - 000000000 ____D C:\ProgramData\HP ==================== Files in the root of some directories ======== 2020-05-27 20:44 - 2020-05-27 20:44 - 000001536 _____ () C:\Users\hp\AppData\Local\GfxMetrics.cfg 2019-01-28 20:50 - 2019-05-30 21:29 - 000007598 _____ () C:\Users\hp\AppData\Local\resmon.resmoncfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================