Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-04-2021
Ran by naythan (administrator) on ADRI (HP HP Laptop 17-ak0xx) (09-04-2021 06:13:51)
Running from C:\Users\naythan\Downloads
Loaded Profiles: naythan
Platform: Windows 10 Home Version 20H2 19042.870 (X64) Language: Spanish (Spain, International Sort) -> English (United Kingdom)
Default browser: Opera
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(GridinSoft, LLC -> Gridinsoft LLC) C:\Program Files\GridinSoft Anti-Malware\gsam.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MsMpEng.exe
(Opera Software AS -> Opera Software) C:\Users\naythan\AppData\Local\Programs\Opera\75.0.3969.149\opera.exe <16>
(Opera Software AS -> Opera Software) C:\Users\naythan\AppData\Local\Programs\Opera\75.0.3969.149\opera_crashreporter.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3666536 2018-03-15] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [231640 2016-09-20] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
HKLM\...\Run: [RtHDVBg_Session] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493984 2017-10-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235048 2017-10-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [1062392 2017-03-15] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [324488 2016-08-02] (HP Inc. -> HP)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1058512 2018-12-18] (DivX, LLC. -> DivX, LLC)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4233224404-3565021421-2347005065-1001\...\Run: [Opera Browser Assistant] => C:\Users\naythan\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3368600 2021-02-09] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-4233224404-3565021421-2347005065-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [109945728 2021-02-12] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-4233224404-3565021421-2347005065-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [33169992 2021-03-18] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-4233224404-3565021421-2347005065-1001\...\Run: [VoipConnect] => C:\Program Files (x86)\VoipConnect.com\VoipConnect\VoipConnect.exe [42063440 2018-04-09] (FINAREA AG -> VoipConnect)
HKU\S-1-5-21-4233224404-3565021421-2347005065-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5536424 2021-03-06] (Adobe Inc. -> Adobe Systems Incorporated)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe [2021-04-01] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
HKU\S-1-5-21-4233224404-3565021421-2347005065-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {001F943F-74C7-4783-824C-8AE620F48431} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27616328 2021-03-18] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {17D4BAE5-EB38-4108-87FF-02556A315934} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-03-05] (Piriform Software Ltd -> Piriform)
Task: {29E4FE0F-3E3A-4468-80E1-B44B056B95E3} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {2A66D450-F8BA-4C25-B057-3039823DAB5B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2DB95E6F-353A-489B-A57C-1062E1B138E1} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\DivX Update\DivXUpdate.exe [68568 2017-08-02] (DivX, LLC -> DivX, LLC)
Task: {4C28F673-FAE7-4B75-A270-552047CBF4E3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4E97F8E5-F783-49FD-9EF3-210CC5E167D2} - System32\Tasks\SUPERAntiSpyware Scheduled Task aa25120d-43d0-47ca-a714-add509380a3f => C:\Users\naythan\Documents\SUPERAntiSpyware\SASTask.exe [49944 2013-11-07] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) -> "C:\Users\naythan\Documents\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" /TASK:aa25120d-43d0-47ca-a714-add509380a3f
Task: {5D01C5A9-4FE9-4838-8DCD-85D03E0880D5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {619CF8DF-C30D-4BA0-8D68-004C5D6CB50F} - System32\Tasks\GridinSoft Anti-Malware => C:\Program Files\GridinSoft Anti-Malware\gsam.exe [25125640 2021-03-31] (GridinSoft, LLC -> Gridinsoft LLC)
Task: {72FDA6E8-21AD-498A-AD74-4D5B84879F17} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-26] (Adobe Inc. -> Adobe Inc.)
Task: {75D3AB71-EA3C-4550-B3AF-A3E88E5479DF} - System32\Tasks\Opera scheduled assistant Autoupdate 1613301703 => C:\Users\naythan\AppData\Local\Programs\Opera\launcher.exe [1886872 2021-04-01] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\naythan\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {84EEFAF7-3CA8-4933-9F1D-A478403040AC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9A2DE76C-03E6-4BD4-9406-60895D85667D} - System32\Tasks\Opera scheduled Autoupdate 1613301692 => C:\Users\naythan\AppData\Local\Programs\Opera\launcher.exe [1886872 2021-04-01] (Opera Software AS -> Opera Software)
Task: {9D8E2E78-4210-4A59-A56A-47A719847496} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2021-02-20] (Google Inc -> Google LLC)
Task: {9E013F71-1B6A-421D-8F4A-7B3CF7243DD1} - System32\Tasks\StartCN => c:\Program Files\AMD\CNext\CNext\cncmd.exe [52104 2017-03-19] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {DDF4A371-D0DF-418B-BAA4-B2C8F1869EA7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2021-02-20] (Google Inc -> Google LLC)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3b5204e5-dbff-46b7-a471-11dbaf4cc168}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{90bd0ecd-7157-4388-94bb-00acc4836769}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge Profile: C:\Users\naythan\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-08]
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-04-19] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-03-06] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\naythan\AppData\Local\Google\Chrome\User Data\Default [2021-03-30]
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Extension: (Slides) - C:\Users\naythan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-03-29]
CHR Extension: (Docs) - C:\Users\naythan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-03-29]
CHR Extension: (Google Drive) - C:\Users\naythan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-03-29]
CHR Extension: (YouTube) - C:\Users\naythan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-03-29]
CHR Extension: (Sheets) - C:\Users\naythan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-03-29]
CHR Extension: (Google Docs Offline) - C:\Users\naythan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\naythan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-29]
CHR Extension: (Gmail) - C:\Users\naythan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\naythan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-29]
Opera:
=======
OPR Profile: C:\Users\naythan\AppData\Roaming\Opera Software\Opera Stable [2021-04-09]
OPR Notifications: Opera Stable -> hxxps://web.whatsapp.com; hxxps://www.facebook.com
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Browsec VPN - Free VPN for Opera) - C:\Users\naythan\AppData\Roaming\Opera Software\Opera Stable\Extensions\dknfpcdpbkjijldegonllfnnfhabjpde [2021-03-09]
OPR Extension: (Rich Hints Agent) - C:\Users\naythan\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-03-10]
OPR Extension: (Chrome Media Router) - C:\Users\naythan\AppData\Roaming\Opera Software\Opera Stable\Extensions\pphjpkjjljnllpnebififokmoejkeahp [2021-02-16]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-26] (Adobe Inc. -> Adobe Inc.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [125656 2016-09-20] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [630776 2017-02-06] (HP Inc. -> HP Inc.)
R2 tbaseprovisioning; C:\windows\SysWOW64\tbaseprovisioning.exe [51224 2017-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.4-0\NisSrv.exe [2483616 2021-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.4-0\MsMpEng.exe [128376 2021-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 GridinSoftInetSecurityDriver; C:\WINDOWS\system32\DRIVERS\gsInetSecurity.sys [107784 2021-02-20] (GridinSoft, LLC -> GridinSoft LLC)
R3 H2OFFT; C:\WINDOWS\System32\drivers\H2OFFT64.sys [76616 2019-09-26] (INSYDE SOFTWARE CORP. -> Insyde Software)
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [26368 2020-08-21] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 TrojanKillerDriver; C:\WINDOWS\System32\DRIVERS\gtkdrv.sys [38216 2021-02-20] (GridinSoft, LLC -> GridinSoft LLC)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-03-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [420072 2021-03-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-15] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP)
U3 aspnet_state; no ImagePath
S3 MpKsld04be961; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3218A390-ABD8-4A60-BB6C-DF78276EA4D5}\MpKslDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-04-09 06:13 - 2021-04-09 06:15 - 000016666 _____ C:\Users\naythan\Downloads\FRST.txt
2021-04-09 03:23 - 2021-04-09 03:23 - 000000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2021-04-09 03:05 - 2021-04-09 03:05 - 000000112 ___SH C:\bootTel.dat
2021-04-08 19:05 - 2021-04-08 19:06 - 000000000 ____D C:\Users\naythan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Equalizer APO 1.2.1
2021-04-08 17:10 - 2021-04-08 17:15 - 000003376 _____ C:\WINDOWS\system32\Tasks\GridinSoft Anti-Malware
2021-04-08 17:10 - 2021-04-08 17:10 - 000001128 _____ C:\Users\Public\Desktop\GridinSoft Anti-Malware.lnk
2021-04-08 17:06 - 2020-06-23 12:40 - 092866296 _____ (Gridinsoft LLC) C:\Users\naythan\Downloads\gsam-4.1.50-setup.exe
2021-04-08 17:05 - 2021-04-08 17:05 - 092866472 _____ C:\Users\naythan\Downloads\gsam-4.1.50-setup.exe.zip
2021-04-08 13:07 - 2021-04-08 13:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2021-04-08 13:07 - 2021-04-08 13:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2021-04-08 13:06 - 2021-04-08 13:06 - 000000000 ____D C:\WINDOWS\PCHEALTH
2021-04-08 13:06 - 2021-04-08 13:06 - 000000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2021-04-08 13:02 - 2021-04-08 13:07 - 000000000 ____D C:\WINDOWS\SHELLNEW
2021-04-08 13:02 - 2021-04-08 13:02 - 000000000 __RHD C:\MSOCache
2021-04-06 07:27 - 2019-09-26 03:52 - 000076616 _____ (Insyde Software) C:\WINDOWS\system32\Drivers\H2OFFT64.sys
2021-04-06 07:16 - 2021-04-06 07:16 - 000000000 ____D C:\Users\naythan\Downloads\FRST-OlderVersion
2021-04-05 16:22 - 2021-04-05 16:22 - 008534696 _____ (Malwarebytes) C:\Users\naythan\Downloads\adwcleaner_8.2(2).exe
2021-04-05 06:55 - 2021-04-05 06:55 - 000114609 _____ C:\Users\naythan\Documents\ADRI speccy.txt
2021-04-05 06:53 - 2021-04-05 06:53 - 000000844 _____ C:\Users\Public\Desktop\Speccy.lnk
2021-04-05 06:52 - 2021-04-05 06:52 - 008234296 _____ (Piriform Software Ltd) C:\Users\naythan\Desktop\spsetup132 (1).exe
2021-04-05 06:50 - 2021-04-05 06:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2021-04-05 06:50 - 2021-04-05 06:50 - 000000000 ____D C:\Program Files\Speccy
2021-04-03 18:40 - 2021-04-03 18:40 - 000007229 _____ C:\Users\naythan\Desktop\images.jfif
2021-04-03 08:47 - 2021-04-03 08:47 - 000000000 ____D C:\Users\naythan\AppData\Local\OO Software
2021-04-03 08:34 - 2021-04-03 08:34 - 001403760 _____ (O&O Software GmbH) C:\Users\naythan\Downloads\OOSU10.exe
2021-04-02 20:30 - 2021-04-09 06:11 - 000004150 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{1AA75642-4563-45C3-871C-2462372C3509}
2021-04-02 19:15 - 2021-04-05 16:03 - 000001047 _____ C:\Users\naythan\Desktop\LatencyMon.lnk
2021-04-02 19:15 - 2021-04-02 19:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LatencyMon
2021-04-02 19:15 - 2021-04-02 19:15 - 000000000 ____D C:\Program Files\LatencyMon
2021-04-02 19:15 - 2020-08-21 09:36 - 000026368 _____ (Resplendence Software Projects Sp.) C:\WINDOWS\system32\Drivers\rspLLL64.sys
2021-04-02 19:13 - 2021-04-02 19:14 - 002252096 _____ (Resplendence Software Projects Sp. ) C:\Users\naythan\Downloads\LatencyMon.exe
2021-04-02 08:26 - 2021-04-02 08:26 - 008534696 _____ (Malwarebytes) C:\Users\naythan\Downloads\adwcleaner_8.2(1).exe
2021-04-01 15:01 - 2021-04-08 13:06 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-04-01 07:18 - 2021-04-01 07:18 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\6123F6DA.sys
2021-04-01 07:17 - 2021-04-01 07:18 - 000001107 _____ C:\Users\naythan\Desktop\mbar-1.10.3.1001 - Shortcut.lnk
2021-04-01 07:13 - 2021-04-01 07:13 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\563381B2.sys
2021-04-01 07:13 - 2021-04-01 07:13 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-04-01 07:12 - 2021-04-01 08:22 - 000000000 ____D C:\Users\naythan\Desktop\mbar
2021-04-01 07:12 - 2021-04-01 08:22 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2021-04-01 07:12 - 2021-04-01 07:18 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2021-04-01 07:12 - 2021-04-01 07:12 - 014178840 _____ (Malwarebytes Corp.) C:\Users\naythan\Downloads\mbar-1.10.3.1001.exe
2021-03-31 13:10 - 2021-03-31 13:10 - 000755576 _____ (Sysinternals - www.sysinternals.com) C:\Users\naythan\Downloads\autoruns.exe
2021-03-30 07:02 - 2021-03-30 07:02 - 000036200 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2021-03-30 07:00 - 2021-03-30 07:00 - 002798456 _____ (Sysinternals - www.sysinternals.com) C:\Users\naythan\Desktop\procexp.exe
2021-03-29 05:59 - 2021-03-29 05:59 - 000026912 _____ C:\Users\naythan\Downloads\9fed9cf2-2bfb-41aa-a277-32f3e1ec1a97.tmp
2021-03-28 20:37 - 2021-03-29 09:53 - 000007673 _____ C:\Users\naythan\AppData\Local\Resmon.ResmonCfg
2021-03-28 20:29 - 2021-03-28 20:29 - 000014501 _____ C:\junk.txt
2021-03-27 10:24 - 2021-04-09 06:14 - 000000000 ____D C:\FRST
2021-03-27 10:23 - 2021-04-06 07:16 - 002298368 _____ (Farbar) C:\Users\naythan\Downloads\FRST64.exe
2021-03-26 15:36 - 2021-03-25 12:15 - 005147120 _____ C:\Users\naythan\Documents\Install_Win10_10047_03192021.exe
2021-03-26 09:23 - 2021-03-26 09:23 - 101839280 _____ (AO Kaspersky Lab) C:\Users\naythan\Desktop\kvrt (1).exe
2021-03-26 07:49 - 2021-03-26 07:49 - 000892416 _____ (Farbar) C:\Users\naythan\Desktop\MiniToolBox.exe
2021-03-25 13:34 - 2021-03-25 13:34 - 000000000 ___HD C:\ProgramData\temp
2021-03-19 12:30 - 2021-03-19 12:30 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-03-19 09:36 - 2021-03-19 09:36 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-03-19 09:27 - 2021-03-19 09:27 - 000000020 ___SH C:\Users\naythan\ntuser.ini
2021-03-19 09:24 - 2021-04-09 03:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-03-19 09:24 - 2021-04-07 10:43 - 000004156 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1613301692
2021-03-19 09:24 - 2021-03-31 21:08 - 000002238 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2021-03-19 09:24 - 2021-03-31 18:39 - 000003788 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-03-19 09:24 - 2021-03-31 18:37 - 000004548 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-03-19 09:24 - 2021-03-31 18:08 - 000003822 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1613301703
2021-03-19 09:24 - 2021-03-31 18:08 - 000003640 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-03-19 09:24 - 2021-03-31 18:08 - 000003542 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-03-19 09:24 - 2021-03-31 18:08 - 000003416 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-03-19 09:24 - 2021-03-31 18:08 - 000003384 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-03-19 09:24 - 2021-03-31 18:08 - 000003210 _____ C:\WINDOWS\system32\Tasks\SUPERAntiSpyware Scheduled Task aa25120d-43d0-47ca-a714-add509380a3f
2021-03-19 09:24 - 2021-03-31 18:08 - 000002922 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4233224404-3565021421-2347005065-1001
2021-03-19 09:24 - 2021-03-31 18:08 - 000002832 _____ C:\WINDOWS\system32\Tasks\DivXUpdate
2021-03-19 09:24 - 2021-03-31 18:08 - 000002560 _____ C:\WINDOWS\system32\Tasks\HPEA3JOBS
2021-03-19 09:24 - 2021-03-31 18:08 - 000002206 _____ C:\WINDOWS\system32\Tasks\StartCN
2021-03-19 09:24 - 2021-03-19 09:24 - 000000000 ____D C:\WINDOWS\system32\Tasks\OfficeSoftwareProtectionPlatform
2021-03-19 09:24 - 2021-03-19 09:24 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard
2021-03-19 09:22 - 2021-03-19 09:24 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2021-03-19 09:22 - 2021-03-19 09:24 - 000007623 _____ C:\WINDOWS\diagerr.xml
2021-03-19 09:11 - 2021-04-08 19:15 - 001841200 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-03-19 08:57 - 2021-04-08 09:54 - 000000000 ____D C:\Users\naythan
2021-03-19 08:57 - 2021-03-19 08:57 - 000000000 _SHDL C:\Users\naythan\Reciente
2021-03-19 08:57 - 2021-03-19 08:57 - 000000000 _SHDL C:\Users\naythan\Plantillas
2021-03-19 08:57 - 2021-03-19 08:57 - 000000000 _SHDL C:\Users\naythan\Mis documentos
2021-03-19 08:57 - 2021-03-19 08:57 - 000000000 _SHDL C:\Users\naythan\Menú Inicio
2021-03-19 08:57 - 2021-03-19 08:57 - 000000000 _SHDL C:\Users\naythan\Impresoras
2021-03-19 08:57 - 2021-03-19 08:57 - 000000000 _SHDL C:\Users\naythan\Entorno de red
2021-03-19 08:57 - 2021-03-19 08:57 - 000000000 _SHDL C:\Users\naythan\Documents\Mis vídeos
2021-03-19 08:57 - 2021-03-19 08:57 - 000000000 _SHDL C:\Users\naythan\Documents\Mis imágenes
2021-03-19 08:57 - 2021-03-19 08:57 - 000000000 _SHDL C:\Users\naythan\Documents\Mi música
2021-03-19 08:57 - 2021-03-19 08:57 - 000000000 _SHDL C:\Users\naythan\Datos de programa
2021-03-19 08:57 - 2021-03-19 08:57 - 000000000 _SHDL C:\Users\naythan\Configuración local
2021-03-19 08:57 - 2021-03-19 08:57 - 000000000 _SHDL C:\Users\naythan\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2021-03-19 08:57 - 2021-03-19 08:57 - 000000000 _SHDL C:\Users\naythan\AppData\Local\Historial
2021-03-19 08:57 - 2021-03-19 08:57 - 000000000 _SHDL C:\Users\naythan\AppData\Local\Datos de programa
2021-03-19 08:57 - 2021-03-19 08:57 - 000000000 _SHDL C:\Users\naythan\AppData\Local\Archivos temporales de Internet
2021-03-19 08:57 - 2019-12-07 11:10 - 000001105 _____ C:\Users\naythan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-19 08:56 - 2021-03-19 08:56 - 000002063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Control.lnk
2021-03-19 08:56 - 2021-03-19 08:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2021-03-19 08:56 - 2021-03-19 08:56 - 000000000 ____D C:\Program Files (x86)\AMD
2021-03-19 08:49 - 2021-04-09 06:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-03-19 08:49 - 2021-04-09 03:45 - 000008192 ___SH C:\DumpStack.log.tmp
2021-03-19 08:49 - 2021-04-08 19:10 - 000534848 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-03-19 08:41 - 2021-03-19 08:48 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-03-19 08:35 - 2021-03-19 08:40 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-03-19 08:35 - 2021-03-19 08:35 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-03-19 08:30 - 2021-03-19 08:30 - 000000000 ____D C:\ProgramData\ssh
2021-03-19 08:19 - 2021-03-19 08:19 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-03-19 08:19 - 2021-03-19 08:19 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-03-19 08:19 - 2021-03-19 08:19 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2021-03-19 08:19 - 2021-03-19 08:19 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-03-19 08:19 - 2021-03-19 08:19 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-03-19 08:19 - 2021-03-19 08:19 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-03-19 08:18 - 2021-03-19 08:18 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-03-19 08:18 - 2021-03-19 08:18 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-03-19 08:18 - 2021-03-19 08:18 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-03-19 08:18 - 2021-03-19 08:18 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-03-19 08:18 - 2021-03-19 08:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2021-03-19 08:18 - 2021-03-19 08:18 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-03-19 08:18 - 2021-03-19 08:18 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-03-19 08:18 - 2021-03-19 08:18 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-03-19 08:18 - 2021-03-19 08:18 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-03-19 08:18 - 2021-03-19 08:18 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-03-19 08:18 - 2021-03-19 08:18 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll
2021-03-19 08:17 - 2021-03-19 08:17 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2021-03-19 08:17 - 2021-03-19 08:17 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-03-19 08:17 - 2021-03-19 08:17 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-03-19 08:17 - 2021-03-19 08:17 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2021-03-19 08:17 - 2021-03-19 08:17 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2021-03-19 08:17 - 2021-03-19 08:17 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2021-03-19 08:17 - 2021-03-19 08:17 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-03-19 08:17 - 2021-03-19 08:17 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-03-19 08:17 - 2021-03-19 08:17 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-03-19 08:17 - 2021-03-19 08:17 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2021-03-19 08:17 - 2021-03-19 08:17 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-03-19 08:17 - 2021-03-19 08:17 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\activeds.tlb
2021-03-19 08:17 - 2021-03-19 08:17 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2021-03-19 08:17 - 2021-03-19 08:17 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-03-19 08:17 - 2021-03-19 08:17 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-03-19 08:17 - 2021-03-19 08:17 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2021-03-19 08:17 - 2021-03-19 08:17 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2021-03-19 08:16 - 2021-03-19 08:16 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2021-03-19 08:16 - 2021-03-19 08:16 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2021-03-19 08:16 - 2021-03-19 08:16 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-03-19 08:16 - 2021-03-19 08:16 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-03-19 08:16 - 2021-03-19 08:16 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2021-03-19 08:16 - 2021-03-19 08:16 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2021-03-19 08:16 - 2021-03-19 08:16 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-03-19 08:16 - 2021-03-19 08:16 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-03-19 08:16 - 2021-03-19 08:16 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-03-19 08:16 - 2021-03-19 08:16 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-03-19 08:16 - 2021-03-19 08:16 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-03-19 08:16 - 2021-03-19 08:16 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2021-03-19 08:16 - 2021-03-19 08:16 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-03-19 08:16 - 2021-03-19 08:16 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-03-19 08:16 - 2021-03-19 08:16 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2021-03-19 08:16 - 2021-03-19 08:16 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2021-03-19 08:16 - 2021-03-19 08:16 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll
2021-03-19 08:16 - 2021-03-19 08:16 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.drv
2021-03-19 08:16 - 2021-03-19 08:16 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2021-03-19 08:15 - 2021-03-19 08:15 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-03-19 08:15 - 2021-03-19 08:15 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-03-19 08:15 - 2021-03-19 08:15 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-03-19 08:15 - 2021-03-19 08:15 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-03-19 08:15 - 2021-03-19 08:15 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2021-03-19 08:15 - 2021-03-19 08:15 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-03-19 08:15 - 2021-03-19 08:15 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-03-19 08:15 - 2021-03-19 08:15 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-03-19 08:15 - 2021-03-19 08:15 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\activeds.tlb
2021-03-19 08:15 - 2021-03-19 08:15 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-03-19 08:15 - 2021-03-19 08:15 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2021-03-19 08:15 - 2021-03-19 08:15 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2021-03-19 08:14 - 2021-03-19 08:14 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-03-19 08:14 - 2021-03-19 08:14 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-03-19 08:14 - 2021-03-19 08:14 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll
2021-03-19 08:14 - 2021-03-19 08:14 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-03-19 08:14 - 2021-03-19 08:14 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-03-19 08:14 - 2021-03-19 08:14 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-03-19 08:14 - 2021-03-19 08:14 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-03-19 08:14 - 2021-03-19 08:14 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2021-03-19 08:14 - 2021-03-19 08:14 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll
2021-03-19 08:13 - 2021-03-19 08:13 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2021-03-19 08:13 - 2021-03-19 08:13 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-03-19 08:13 - 2021-03-19 08:13 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-03-19 08:13 - 2021-03-19 08:13 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-03-19 08:13 - 2021-03-19 08:13 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-03-19 08:13 - 2021-03-19 08:13 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-03-19 08:13 - 2021-03-19 08:13 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll
2021-03-19 08:13 - 2021-03-19 08:13 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-03-19 08:13 - 2021-03-19 08:13 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2021-03-19 08:13 - 2021-03-19 08:13 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-03-19 08:13 - 2021-03-19 08:13 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-03-19 08:13 - 2021-03-19 08:13 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll
2021-03-19 08:13 - 2021-03-19 08:13 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.drv
2021-03-19 08:13 - 2021-03-19 08:13 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-03-19 07:57 - 2021-03-19 07:57 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2021-03-19 07:57 - 2021-03-19 07:57 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2021-03-19 07:43 - 2021-04-08 13:07 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-03-19 07:43 - 2021-03-19 07:43 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2021-03-19 07:43 - 2021-03-19 07:43 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-03-19 07:43 - 2021-03-19 07:43 - 000000000 ____D C:\Program Files\MSBuild
2021-03-19 07:43 - 2021-03-19 07:43 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-03-18 20:25 - 2021-03-31 14:02 - 000000000 ___DC C:\WINDOWS\Panther
2021-03-17 14:22 - 2021-03-17 14:22 - 000000000 ____D C:\Users\Public\CyberLink
2021-03-16 13:36 - 2021-03-16 13:37 - 101405104 _____ (AO Kaspersky Lab) C:\Users\naythan\Downloads\kvrt (1).exe
2021-03-14 22:32 - 2021-03-14 22:32 - 000124935 _____ C:\Users\naythan\Desktop\WhatsApp Image 2021-03-14 at 17.29.54.jpeg
2021-03-14 20:41 - 2021-03-14 20:42 - 520342267 _____ C:\Users\naythan\Downloads\windows10.0-kb5000802-arm64_5a9e0d3563cf0c86f61c75a58d53eeda7f0fbfc1.msu
2021-03-13 22:33 - 2021-03-13 22:33 - 004698786 _____ C:\Users\naythan\Desktop\So british 01161.mp4
2021-03-11 19:04 - 2021-03-11 19:04 - 000000000 ____D C:\Users\naythan\AppData\LocalLow\Adobe
2021-03-11 19:03 - 2021-03-11 19:07 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-03-11 19:02 - 2021-03-11 19:04 - 000000000 ____D C:\ProgramData\Adobe
2021-03-11 19:02 - 2021-03-11 19:02 - 000000000 ____D C:\Program Files (x86)\Adobe
2021-03-11 19:01 - 2021-03-11 19:04 - 000000000 ____D C:\Users\naythan\AppData\Local\Adobe
2021-03-11 10:00 - 2021-03-11 10:00 - 000000941 _____ C:\Users\naythan\Desktop\VLC media player.lnk
2021-03-10 11:44 - 2018-05-31 09:55 - 003181936 _____ (Alexander Roshal) C:\Users\naythan\Documents\winrar-x64-56b4.exe
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-04-09 03:50 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-09 03:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-04-09 03:43 - 2021-02-08 13:15 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2021-04-09 03:43 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-04-09 03:25 - 2017-03-18 23:03 - 000000199 _____ C:\WINDOWS\win.ini
2021-04-08 23:21 - 2021-02-16 21:58 - 000000000 ____D C:\Users\naythan\AppData\Roaming\vlc
2021-04-08 19:15 - 2019-12-07 16:55 - 000794102 _____ C:\WINDOWS\system32\perfh00A.dat
2021-04-08 19:15 - 2019-12-07 16:55 - 000160262 _____ C:\WINDOWS\system32\perfc00A.dat
2021-04-08 19:14 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-04-08 19:08 - 2021-03-08 13:22 - 000000000 ____D C:\Program Files\EqualizerAPO
2021-04-08 19:08 - 2021-02-14 14:17 - 000000000 ____D C:\Program Files\GridinSoft Anti-Malware
2021-04-08 17:10 - 2021-02-14 14:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Anti-Malware
2021-04-08 16:52 - 2021-02-08 13:52 - 000000000 ____D C:\Users\naythan\AppData\Local\Packages
2021-04-08 16:52 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-04-08 16:52 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-04-08 16:51 - 2021-02-15 17:25 - 000000000 ____D C:\Program Files\CCleaner
2021-04-08 13:04 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-04-08 12:50 - 2021-02-16 10:21 - 000000000 ____D C:\Users\naythan\AppData\Roaming\WhatsApp
2021-04-08 09:53 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-04-08 09:41 - 2019-12-07 16:57 - 000000000 ____D C:\Program Files\Windows Portable Devices
2021-04-08 09:41 - 2019-12-07 16:57 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-04-08 09:41 - 2019-12-07 16:57 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2021-04-08 09:41 - 2019-12-07 16:57 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2021-04-08 09:41 - 2019-12-07 16:57 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-04-08 09:41 - 2019-12-07 16:57 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2021-04-08 09:41 - 2019-12-07 16:55 - 000000000 ____D C:\WINDOWS\SysWOW64\es
2021-04-08 09:41 - 2019-12-07 16:55 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2021-04-08 09:41 - 2019-12-07 16:55 - 000000000 ____D C:\WINDOWS\system32\es
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\dsc
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\InstallShield
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\downlevel
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\IME
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-04-08 09:41 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-04-08 09:41 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\servicing
2021-04-08 09:39 - 2021-03-03 10:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2021-04-08 09:39 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Globalization
2021-04-08 09:39 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Containers
2021-04-08 09:39 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Branding
2021-04-08 09:15 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\registration
2021-04-08 08:50 - 2021-02-08 13:14 - 000000000 ____D C:\ProgramData\Realtek
2021-04-07 11:08 - 2021-03-04 20:17 - 000000000 ____D C:\Users\naythan\AppData\Local\D3DSCache
2021-04-07 10:43 - 2021-02-14 13:21 - 000001410 _____ C:\Users\naythan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera browser.lnk
2021-04-03 21:41 - 2021-02-17 20:14 - 000000000 ____D C:\Users\naythan\AppData\Local\ElevatedDiagnostics
2021-04-02 22:30 - 2021-02-17 07:24 - 000002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-02 03:15 - 2021-03-03 09:20 - 000000000 ____D C:\Users\naythan\AppData\Local\WhatsApp
2021-04-01 15:19 - 2021-02-20 07:30 - 000002252 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-01 15:19 - 2021-02-20 07:30 - 000002211 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-03-28 16:25 - 2021-02-14 12:08 - 000000000 ____D C:\Users\naythan\AppData\Local\PlaceholderTileLogoFolder
2021-03-28 10:32 - 2017-05-10 08:51 - 000000000 ____D C:\Program Files\HP
2021-03-26 19:18 - 2021-02-08 14:06 - 000000000 ____D C:\Users\naythan\AppData\Roaming\hpqLog
2021-03-26 19:17 - 2021-02-08 13:15 - 000000000 ____D C:\ProgramData\Package Cache
2021-03-26 19:16 - 2021-02-14 11:31 - 000000000 ____D C:\Users\naythan\AppData\Local\HP
2021-03-26 13:37 - 2017-06-25 15:36 - 000000000 ____D C:\Program Files (x86)\Realtek
2021-03-26 09:31 - 2021-02-28 11:32 - 000000000 ____D C:\KVRT2020_Data
2021-03-26 09:19 - 2021-02-13 12:50 - 000000000 ____D C:\Users\naythan\AppData\Roaming\Hewlett-Packard
2021-03-26 09:19 - 2021-02-08 14:05 - 000000000 ____D C:\Users\naythan\AppData\Local\Hewlett-Packard
2021-03-26 09:19 - 2017-05-10 08:55 - 000000000 ____D C:\Program Files (x86)\HP Inc
2021-03-26 09:19 - 2017-05-10 08:52 - 000000000 ____D C:\ProgramData\HP
2021-03-26 09:19 - 2017-05-10 08:52 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2021-03-26 09:19 - 2017-05-10 08:51 - 000000000 ____D C:\Program Files (x86)\HP
2021-03-26 09:19 - 2017-05-10 08:51 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2021-03-26 09:19 - 2017-04-18 04:30 - 000000000 ___HD C:\hp
2021-03-25 22:08 - 2021-03-01 11:53 - 000000000 ____D C:\Users\naythan\AppData\Local\Microsoft Help
2021-03-25 16:45 - 2021-02-24 21:09 - 000000000 ____D C:\Users\naythan\Desktop\Antique terms and images
2021-03-24 19:54 - 2021-02-13 12:56 - 000000000 ___RD C:\Users\naythan\OneDrive
2021-03-23 11:50 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-03-23 09:56 - 2021-02-23 17:22 - 000000000 ____D C:\ProgramData\WinaeroTweaker
2021-03-22 13:29 - 2021-03-04 17:14 - 000000000 ____D C:\ProgramData\DivX
2021-03-20 04:12 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\appcompat
2021-03-19 14:09 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-03-19 13:38 - 2021-02-08 12:47 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2021-03-19 11:54 - 2021-02-14 21:30 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-03-19 09:33 - 2021-02-08 13:53 - 000000000 ____D C:\ProgramData\Packages
2021-03-19 09:32 - 2021-02-08 13:52 - 000000000 ___RD C:\Users\naythan\3D Objects
2021-03-19 09:32 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-03-19 09:32 - 2017-03-18 05:53 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-03-19 09:25 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows NT
2021-03-19 09:25 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-03-19 09:24 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-03-19 09:10 - 2021-02-08 13:43 - 000023172 _____ C:\WINDOWS\system32\emptyregdb.dat
2021-03-19 09:09 - 2019-12-07 11:14 - 000000000 __RHD C:\Users\Public\Libraries
2021-03-19 09:02 - 2021-03-04 14:26 - 000000000 ____D C:\Users\naythan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-03-19 08:59 - 2021-02-16 10:21 - 000000000 ____D C:\Users\naythan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2021-03-19 08:56 - 2021-02-08 13:15 - 000000000 ____D C:\Program Files\AMD
2021-03-19 08:55 - 2021-02-08 13:16 - 001975595 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2021-03-19 08:55 - 2021-02-08 13:15 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2021-03-19 08:55 - 2021-02-08 12:47 - 000000000 ____D C:\Program Files\Elantech
2021-03-19 08:54 - 2021-02-08 13:15 - 000000000 ____D C:\AMD
2021-03-19 08:48 - 2021-03-08 10:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2021-03-19 08:48 - 2021-03-04 14:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-03-19 08:48 - 2021-03-03 14:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoipConnect
2021-03-19 08:48 - 2021-02-21 00:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Shredder
2021-03-19 08:48 - 2021-02-15 23:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winaero Tweaker
2021-03-19 08:48 - 2021-02-15 17:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2021-03-19 08:48 - 2021-02-14 14:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2021-03-19 08:48 - 2021-02-14 13:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
2021-03-19 08:48 - 2021-02-14 12:54 - 000000000 ____D C:\Program Files\UNP
2021-03-19 08:48 - 2021-02-08 12:36 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-03-19 08:48 - 2021-02-08 12:36 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-03-19 08:48 - 2019-12-07 11:18 - 000000000 ____D C:\WINDOWS\Setup
2021-03-19 08:48 - 2019-12-07 11:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-03-19 08:48 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-03-19 08:48 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\spool
2021-03-19 08:48 - 2017-06-25 15:53 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2021-03-19 08:48 - 2017-05-10 08:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2021-03-19 08:48 - 2017-03-18 23:03 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-03-19 08:43 - 2021-02-08 13:16 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2021-03-19 08:43 - 2017-05-10 18:34 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2021-03-19 08:43 - 2017-05-10 18:33 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2021-03-19 08:43 - 2017-05-10 18:27 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2021-03-19 08:42 - 2017-05-10 18:34 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2021-03-19 08:42 - 2017-05-10 18:33 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2021-03-19 08:41 - 2021-02-08 13:15 - 000000000 ____D C:\Program Files\Realtek
2021-03-19 08:41 - 2021-02-08 13:15 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2021-03-19 08:41 - 2019-12-07 16:56 - 000000000 ____D C:\WINDOWS\OCR
2021-03-19 08:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Resources
2021-03-19 08:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Help
2021-03-19 08:41 - 2017-05-10 18:27 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2021-03-19 08:30 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-03-19 08:27 - 2019-12-07 16:57 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-03-19 08:27 - 2019-12-07 16:57 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2021-03-19 07:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-03-19 07:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-03-19 07:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-03-19 07:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-03-19 07:53 - 2019-12-07 16:55 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2021-03-19 07:53 - 2019-12-07 16:55 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2021-03-19 07:53 - 2019-12-07 16:55 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2021-03-19 07:53 - 2019-12-07 16:55 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2021-03-19 07:53 - 2019-12-07 16:55 - 000000000 ____D C:\WINDOWS\system32\winrm
2021-03-19 07:53 - 2019-12-07 16:55 - 000000000 ____D C:\WINDOWS\system32\WCN
2021-03-19 07:53 - 2019-12-07 16:55 - 000000000 ____D C:\WINDOWS\system32\slmgr
2021-03-19 07:53 - 2019-12-07 16:55 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2021-03-19 07:43 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2021-03-19 07:43 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\MUI
2021-03-17 14:23 - 2017-06-25 15:52 - 000000000 ____D C:\ProgramData\CyberLink
2021-03-17 10:33 - 2017-06-25 15:41 - 001148904 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2021-03-16 13:28 - 2021-03-04 14:26 - 000000000 ____D C:\Program Files\WinRAR
2021-03-15 21:02 - 2021-02-08 13:44 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-03-12 18:55 - 2021-02-16 10:20 - 000000000 ____D C:\Users\naythan\AppData\Local\SquirrelTemp
2021-03-11 19:04 - 2021-02-08 13:52 - 000000000 ____D C:\Users\naythan\AppData\Roaming\Adobe
2021-03-11 01:06 - 2021-02-14 21:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-03-11 01:02 - 2021-02-14 21:24 - 131005360 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-03-10 12:39 - 2021-03-08 10:44 - 000005120 _____ C:\Users\naythan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
==================== Files in the root of some directories ========
2021-02-08 13:52 - 2021-04-09 03:49 - 000342285 _____ () C:\Users\naythan\AppData\Local\BTServer.log
2021-03-08 10:44 - 2021-03-10 12:39 - 000005120 _____ () C:\Users\naythan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2021-03-28 20:37 - 2021-03-29 09:53 - 000007673 _____ () C:\Users\naythan\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-04-2021
Ran by naythan (09-04-2021 06:22:36)
Running from C:\Users\naythan\Downloads
Windows 10 Home Version 20H2 19042.870 (X64) (2021-03-19 07:26:43)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrador (S-1-5-21-4233224404-3565021421-2347005065-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4233224404-3565021421-2347005065-503 - Limited - Disabled)
Invitado (S-1-5-21-4233224404-3565021421-2347005065-501 - Limited - Disabled)
naythan (S-1-5-21-4233224404-3565021421-2347005065-1001 - Administrator - Enabled) => C:\Users\naythan
WDAGUtilityAccount (S-1-5-21-4233224404-3565021421-2347005065-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.001.20145 - Adobe Systems Incorporated)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2017.0319.1455.26818 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.78 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.6.7221 - CyberLink Corp.)
DivX Setup (HKLM\...\DivX Setup) (Version: 10.8.9.0 - DivX, LLC)
ELAN Touchpad 18.2.22.3_X64_WHQL (HKLM\...\Elantech) (Version: 18.2.22.3 - ELAN Microelectronic Corp.)
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.2.1 - )
FastStone Image Viewer 7.5 (HKLM-x32\...\FastStone Image Viewer) (Version: 7.5 - FastStone Soft)
File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version: - Pow Tools)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.114 - Google LLC)
GridinSoft Anti-Malware (HKLM\...\GridinSoft Anti-Malware) (Version: 4.1.88 - Gridinsoft LLC)
HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{54da9769-2364-4bd3-8139-6400500778b3}) (Version: 5.3.22034 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{23D5C1E8-0442-4D70-9280-927EF36657CB}) (Version: 1.1.0.378 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{81CA40FD-E11B-4DC1-AE33-A71EB044B8B7}) (Version: 1.1.275.0 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{7759F11B-DF54-4726-9A01-61701580D786}) (Version: 12.5.32.203 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{1BB20774-0FA8-4CFF-AB69-7B7AAE2DCE6C}) (Version: 1.4.19 - HP Inc.)
HP Wireless Button Driver (HKLM-x32\...\{099DAD2B-56C5-4919-9F82-418C2A018CAE}) (Version: 1.1.18.1 - HP)
LatencyMon 7.00 (HKLM\...\LatencyMon_is1) (Version: - Resplendence Software Projects Sp.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.68 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4233224404-3565021421-2347005065-1001\...\OneDriveSetup.exe) (Version: 21.030.0211.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Opera Stable 74.0.3911.154 (HKU\S-1-5-21-4233224404-3565021421-2347005065-1001\...\Opera 74.0.3911.154) (Version: 74.0.3911.154 - Opera Software)
Opera Stable 75.0.3969.149 (HKU\S-1-5-21-4233224404-3565021421-2347005065-1001\...\Opera 75.0.3969.149) (Version: 75.0.3969.149 - Opera Software)
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.61 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.31237 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.47.121.2021 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8258 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.84 - REALTEK Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype version 8.69 (HKLM-x32\...\Skype_is1) (Version: 8.69 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.2 - VideoLAN)
VoipConnect (HKLM-x32\...\VoipConnect_is1) (Version: 4.15 build 785 - Finarea S.A. Switzerland)
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.)
WebView2 Runtime de Microsoft Edge (HKLM-x32\...\Microsoft EdgeWebView) (Version: 89.0.774.68 - Microsoft Corporation)
WhatsApp (HKU\S-1-5-21-4233224404-3565021421-2347005065-1001\...\WhatsApp) (Version: 2.2110.12 - WhatsApp)
Winaero Tweaker (HKLM\...\Winaero Tweaker_is1) (Version: 0.19.1.0 - Winaero)
WinRAR 5.60 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.4 - win.rar GmbH)
Packages:
=========
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.378.0_x64__v10z8vjag6ke6 [2021-04-08] (HP Inc.)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-04-08] (Microsoft Studios) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2021-04-08] (Netflix, Inc.)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2021-04-08] (Adobe Systems Incorporated)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.1.3.0_x64__kx24dqmazqk8j [2021-04-08] (Random Salad Games LLC)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0 [2021-04-08] (Spotify AB) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6669000 2013-03-09] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171464 2013-03-09] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [DivXShellExtensionItem] -> {48A8A3B0-57E8-4F2B-A49D-19E02B92377B} => C:\Program Files (x86)\Common Files\DivX Shared\DivXShellExtension64.dll [2018-10-09] (DivX, LLC -> DivX, LLC)
ContextMenuHandlers1: [DivXShellExtensionItem64] -> {6B49A276-0DBA-43F4-BC96-A841AD11B40B} => C:\Program Files (x86)\Common Files\DivX Shared\DivXShellExtension64.dll [2018-10-09] (DivX, LLC -> DivX, LLC)
ContextMenuHandlers1: [GridinSoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} => C:\Program Files\GridinSoft Anti-Malware\shellext.dll [2021-03-31] (GridinSoft, LLC -> Gridinsoft LLC)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-05-29] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-05-29] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [GridinSoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} => C:\Program Files\GridinSoft Anti-Malware\shellext.dll [2021-03-31] (GridinSoft, LLC -> Gridinsoft LLC)
ContextMenuHandlers3: [DeleteFiles] -> {736AF091-C361-49B4-A928-87C586130D33} => C:\Program Files\File Shredder\fsshell.dll [2012-04-01] () [File not signed]
ContextMenuHandlers4: [GridinSoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} => C:\Program Files\GridinSoft Anti-Malware\shellext.dll [2021-03-31] (GridinSoft, LLC -> Gridinsoft LLC)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-03-19] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [GridinSoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} => C:\Program Files\GridinSoft Anti-Malware\shellext.dll [2021-03-31] (GridinSoft, LLC -> Gridinsoft LLC)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-05-29] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-05-29] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-4233224404-3565021421-2347005065-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-4233224404-3565021421-2347005065-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-09] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-09] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-03-18 23:03 - 2017-03-18 23:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4233224404-3565021421-2347005065-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\naythan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKLM\...\StartupApproved\Run32: => "HPRadioMgr"
HKU\S-1-5-21-4233224404-3565021421-2347005065-1001\...\StartupApproved\Run: => "Adobe Reader Synchronizer"
HKU\S-1-5-21-4233224404-3565021421-2347005065-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-4233224404-3565021421-2347005065-1001\...\StartupApproved\Run: => "VoipConnect"
HKU\S-1-5-21-4233224404-3565021421-2347005065-1001\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{4A7F8247-CB26-4107-82CD-61023B9D1932}] => (Block) C:\users\naythan\appdata\local\programs\opera\74.0.3911.218\opera.exe => No File
FirewallRules: [{746725C9-CE6D-42DF-A3A7-35FF020B86D0}] => (Block) C:\users\naythan\appdata\local\programs\opera\74.0.3911.218\opera.exe => No File
FirewallRules: [UDP Query User{22CD2985-E89D-4DF4-A303-881118AB7770}C:\users\naythan\appdata\local\programs\opera\74.0.3911.218\opera.exe] => (Allow) C:\users\naythan\appdata\local\programs\opera\74.0.3911.218\opera.exe => No File
FirewallRules: [TCP Query User{7CD68C67-1E07-430F-9653-141A3DD6BC36}C:\users\naythan\appdata\local\programs\opera\74.0.3911.218\opera.exe] => (Allow) C:\users\naythan\appdata\local\programs\opera\74.0.3911.218\opera.exe => No File
FirewallRules: [UDP Query User{9E488906-CD72-4F67-8FA0-7EF3B3B36C4E}C:\users\naythan\appdata\local\programs\opera\74.0.3911.203\opera.exe] => (Allow) C:\users\naythan\appdata\local\programs\opera\74.0.3911.203\opera.exe => No File
FirewallRules: [TCP Query User{6530CF81-0BF0-4009-80CA-C4BE8A76AE74}C:\users\naythan\appdata\local\programs\opera\74.0.3911.203\opera.exe] => (Allow) C:\users\naythan\appdata\local\programs\opera\74.0.3911.203\opera.exe => No File
FirewallRules: [UDP Query User{433EE138-BCF7-49E6-B081-2EED124E415D}C:\users\naythan\appdata\local\programs\opera\74.0.3911.203\opera.exe] => (Allow) C:\users\naythan\appdata\local\programs\opera\74.0.3911.203\opera.exe => No File
FirewallRules: [TCP Query User{0146A902-032E-4CA7-BB7C-C6D2C7A9ACC3}C:\users\naythan\appdata\local\programs\opera\74.0.3911.203\opera.exe] => (Allow) C:\users\naythan\appdata\local\programs\opera\74.0.3911.203\opera.exe => No File
FirewallRules: [UDP Query User{0BCF5469-C8B8-458C-AD95-9BAA8A2156B1}C:\users\naythan\appdata\local\programs\opera\74.0.3911.160_0\opera.exe] => (Allow) C:\users\naythan\appdata\local\programs\opera\74.0.3911.160_0\opera.exe => No File
FirewallRules: [TCP Query User{8AECBE3F-4D1B-40E1-BE09-27F00FECB553}C:\users\naythan\appdata\local\programs\opera\74.0.3911.160_0\opera.exe] => (Allow) C:\users\naythan\appdata\local\programs\opera\74.0.3911.160_0\opera.exe => No File
FirewallRules: [UDP Query User{A0C50CCA-CB92-465F-88CD-EC893513A7F3}C:\users\naythan\appdata\local\programs\opera\74.0.3911.160_0\opera.exe] => (Allow) C:\users\naythan\appdata\local\programs\opera\74.0.3911.160_0\opera.exe => No File
FirewallRules: [TCP Query User{E13F8BF3-D83A-4CE8-A41C-E582B920D4B9}C:\users\naythan\appdata\local\programs\opera\74.0.3911.160_0\opera.exe] => (Allow) C:\users\naythan\appdata\local\programs\opera\74.0.3911.160_0\opera.exe => No File
FirewallRules: [UDP Query User{11C323A9-232F-4B22-A886-2A4507F4E95A}C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe] => (Allow) C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe (FINAREA AG -> VoipConnect)
FirewallRules: [TCP Query User{8C004264-79C5-4970-9F26-854CD3517CFA}C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe] => (Allow) C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe (FINAREA AG -> VoipConnect)
FirewallRules: [UDP Query User{1447B849-65FB-43E2-BF64-EFCD301C5F25}C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe] => (Allow) C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe (FINAREA AG -> VoipConnect)
FirewallRules: [TCP Query User{FF532473-1980-4895-AB3F-6F96EFA8E3D9}C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe] => (Allow) C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe (FINAREA AG -> VoipConnect)
FirewallRules: [UDP Query User{74C249F9-CECD-4BB8-85D8-CA1D6A345213}G:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe] => (Allow) G:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe => No File
FirewallRules: [TCP Query User{02A84DDB-8872-4756-B894-2BF4DE0769E2}G:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe] => (Allow) G:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe => No File
FirewallRules: [{99042EFF-5CD7-433F-BBF2-9299C0895639}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{2FE5D129-207F-4D85-9F86-43279616CCA6}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FB385930-5A1C-496A-89BB-2B0A17FFBE47}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{BC807DE9-D641-48F1-B9E3-49A5755EA00D}C:\users\naythan\appdata\local\programs\opera\74.0.3911.139\opera.exe] => (Allow) C:\users\naythan\appdata\local\programs\opera\74.0.3911.139\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query User{F0D3A761-3DE1-48CB-A6AA-025DBC9CC924}C:\users\naythan\appdata\local\programs\opera\74.0.3911.139\opera.exe] => (Allow) C:\users\naythan\appdata\local\programs\opera\74.0.3911.139\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{E5071AFF-3072-4F13-91ED-53D33CC7B3BD}G:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) G:\program files (x86)\videolan\vlc\vlc.exe => No File
FirewallRules: [TCP Query User{739765B6-76E7-4700-8967-1660B68A7A8E}G:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) G:\program files (x86)\videolan\vlc\vlc.exe => No File
FirewallRules: [UDP Query User{4AC46B64-4D55-44CB-B4AF-B3419F637AC9}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{F636D968-4069-4708-B466-E75EB44CAD5C}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{50755E74-8AE1-40AA-A32B-0ABE807DDE81}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F8AEEDB4-2BF7-46C8-8D33-5D70F8699760}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3DF0E741-1E68-4432-9E19-9F81B9D4E47F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4E7AAF1C-85F2-4848-9394-25D484DAD16B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{00E7024F-3BFA-4BBF-9D74-7AADC2AC8107}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{E7F27523-D524-44D7-B7A7-5B3465A79C24}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{6AB31727-0863-4093-9C68-A9DA40B90D27}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{0691AA0B-3BD1-40B5-B2DE-D6521D7D0AFF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{79D3295E-2F9B-4C33-89E5-CFF116B6A454}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{D8E23D4A-1A39-45C7-9532-00D9FD4B0518}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe (CyberLink Corp. -> CyberLink)
FirewallRules: [{279483AF-C73C-40CF-97C6-CFAA82B1FBCC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [TCP Query User{BF50AB53-6B69-425E-A4A0-CB67974E3B17}C:\users\naythan\appdata\local\programs\opera\75.0.3969.93\opera.exe] => (Allow) C:\users\naythan\appdata\local\programs\opera\75.0.3969.93\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{B6B205C0-D41E-43B7-84E0-F425C62867BD}C:\users\naythan\appdata\local\programs\opera\75.0.3969.93\opera.exe] => (Allow) C:\users\naythan\appdata\local\programs\opera\75.0.3969.93\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query User{6F6A7B4F-6325-4C0C-8629-2C76C2ABBCC0}C:\users\naythan\appdata\local\programs\opera\75.0.3969.93\opera.exe] => (Allow) C:\users\naythan\appdata\local\programs\opera\75.0.3969.93\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{F9B55561-A171-437A-AB31-2BA4AE5AD8EC}C:\users\naythan\appdata\local\programs\opera\75.0.3969.93\opera.exe] => (Allow) C:\users\naythan\appdata\local\programs\opera\75.0.3969.93\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{19D68E1A-A7F7-4570-BEE0-A534010AB2F6}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{8848EBBB-CE7F-43AF-B727-4DD991060EFC}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\89.0.774.68\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EC9EAB46-E351-472A-B250-D2848C535B48}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7BC1FC36-EF08-4E96-B179-07007E90B2B2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5951E295-7013-4FD2-ADAA-27407FFA59CC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C12115FB-3721-47FB-A2D8-D6125AC9D450}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0341E39F-33C6-42E7-9EF4-9CF18A7206D2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{455CDDB2-A153-47D9-966C-223918EC9E2F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3A6C838A-E9C1-469E-818F-7126303809CC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DF7C0B3A-153E-459C-9FCE-7EB2B2230C2E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
==================== Restore Points =========================
07-04-2021 19:56:17 Instalador de Módulos de Windows
08-04-2021 08:48:36 Restore Operation
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (04/08/2021 10:58:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ShellExperienceHost.exe version 10.0.19041.610 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 1ea8
Start Time: 01d72c5314553290
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Report Id: 7b6dc7d7-3697-4411-902b-c41154e8c3a0
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.19041.610_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
Hang type: Quiesce
Error: (04/08/2021 09:53:35 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3584,R,98) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU00C79.log.
Error: (04/07/2021 08:33:59 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, Se está cerrando el sistema.
.
Error: (04/07/2021 08:33:59 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, Se está cerrando el sistema.
]
Error: (04/07/2021 08:33:59 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, Se está cerrando el sistema.
.
Error: (04/07/2021 08:33:59 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, Se está cerrando el sistema.
]
Error: (04/07/2021 02:14:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ShellExperienceHost.exe version 10.0.19041.610 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 1df8
Start Time: 01d72b91545da641
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Report Id: 44233c7e-ec81-46bf-af1c-058d48c37b62
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.19041.610_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
Hang type: Navigation
Error: (04/07/2021 11:27:18 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, Se está cerrando el sistema.
.
System errors:
=============
Error: (04/09/2021 03:47:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AMD External Events Utility service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (04/09/2021 03:47:04 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the AMD External Events Utility service to connect.
Error: (04/09/2021 03:09:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AMD External Events Utility service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (04/09/2021 03:09:20 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the AMD External Events Utility service to connect.
Error: (04/08/2021 07:10:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AMD External Events Utility service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (04/08/2021 07:10:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the AMD External Events Utility service to connect.
Error: (04/08/2021 01:07:30 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
Error: (04/08/2021 01:07:29 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
Windows Defender:
================
Date: 2021-04-08 09:53:54
Description:
Antivirus de Microsoft Defender has encountered an error trying to load security intelligence and will attempt reverting back to a known-good version.
Security intelligence Attempted: Actual
Error Code: 0x80070003
Error description: El sistema no puede encontrar la ruta especificada.
Security intelligence version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0
CodeIntegrity:
===============
Date: 2021-04-08 09:48:35
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\BthA2dp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
BIOS: Insyde F.14 06/10/2020
Motherboard: HP 8345
Processor: AMD A6-9220 RADEON R4, 5 COMPUTE CORES 2C+3G
Percentage of memory in use: 53%
Total physical RAM: 7645.12 MB
Available physical RAM: 3590.25 MB
Total Virtual: 8861.12 MB
Available Virtual: 4391.62 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:917.24 GB) (Free:828.7 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:13.04 GB) (Free:1.56 GB) NTFS ==>[system with boot components (obtained from drive)]
\\?\Volume{6f9e9e38-8a90-4f0d-b27a-7bc3d0f491a4}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.46 GB) NTFS
\\?\Volume{7c6279e9-1c1c-4355-86c7-318f22f71af6}\ () (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A50E1C7D)
Partition: GPT.
==================== End of Addition.txt =======================
Sign In
Create Account
