I had installed TLauncher to play minecraft and the problem started since then. I have tried several and most of all the scanners, AVs, Tronscript, online scanners, etc. but nothing works. There is this extension that never goes away "yRankNews", it's located in C:\ProgramData\Dpopci which is hidden but the subfolder in it changes it's name every time I delete the folder. I am attaching my FRST, if anyone could help me i wouldn't feel miserable which i have been for few days. I even permanently disabled edge and uninstalled internet explorer but nothing happens, it's gone for 5-10 minutes and boom again it's back.
Thank You
FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-06-2021
Ran by hp (administrator) on DESKTOP-ESKAMO (HP HP EliteBook 820 G3) (03-06-2021 14:19:11)
Running from C:\Users\hp\Downloads
Loaded Profiles: hp & DefaultAppPool
Platform: Windows 10 Pro Version 21H1 19043.1023 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\hp\AppData\Roaming\uTorrent\updates\3.5.5_46010\utorrentie.exe <2>
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\hp\AppData\Roaming\uTorrent\uTorrent.exe
(Brother Industries, Ltd. -> Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd. -> Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe
(Conexant Systems LLC -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\HP-NB-AIO\SmartAudio3.exe
(Conexant Systems LLC -> Conexant Systems, Inc.) C:\Windows\CxSvc\CxUtilSvc.exe
(Conexant Systems LLC -> Conexant) C:\Windows\System32\MicTray64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <23>
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Windows\SysWOW64\XtuService.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e6daaea9afe1e6f6\igfxCUIService.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e6daaea9afe1e6f6\igfxEM.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e6daaea9afe1e6f6\IntelCpHDCPSvc.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e6daaea9afe1e6f6\IntelCpHeciSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe <2>
(Microsoft Windows Hardware Compatibility Publisher -> ) C:\Windows\System32\fpCSEvtSvc.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.3-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.3-0\NisSrv.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <3>
(Synaptics Incorporated -> Conexant Systems, Inc) C:\Windows\CxSvc\CxMonSvc.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(voidtools -> voidtools) C:\Program Files\Everything\Everything.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [321112 2020-06-30] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [146584 2017-11-07] (Brother Industries, Ltd. -> Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4509184 2012-12-27] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsInd00] => C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe [1885184 2012-12-18] (Brother Industries, Ltd.) [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\Run: [uTorrent] => C:\Users\hp\AppData\Roaming\uTorrent\uTorrent.exe [2132520 2021-05-09] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\Run: [Facebook.MessengerDesktop] => C:\Users\hp\AppData\Local\Programs\Messenger\Messenger.exe [110793432 2021-01-29] (Facebook, Inc. -> Facebook, Inc.)
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\Policies\Explorer: [NoInstrumentation] 1
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {04556107-BE88-4B5C-A3F4-575022F5A61F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2367296 2021-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {06F7AFE8-E49D-43AB-AF33-ED5764210FE5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.3-0\MpCmdRun.exe [644872 2021-06-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1DF1C8D7-3684-48C0-91CC-C2C62A74722E} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\osfinstaller.exe [115280 2021-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {2B09CD2C-8F70-499E-BF49-110983D7D974} - no filepath
Task: {3485E6B5-89C9-4783-B364-83186327B19E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23949600 2019-05-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {3C210349-0802-45AD-8E9D-70FFF38AE05C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [3821352 2021-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {513CA0E5-E6FA-49D0-83EF-422739A6328F} - System32\Tasks\AdvancedSystemRepairPro-Maintenance-Autorun => C:\Program Files (x86)\Advanced System Repair Pro 1.7.0.11\AdvancedSystemRepairPro.exe
Task: {A86A2C0F-BA47-4342-B38C-D4BA4BA4407E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.3-0\MpCmdRun.exe [644872 2021-06-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B87F12C4-4C8A-445B-9EE8-4F0A37CEB7C1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-06-01] (Google LLC -> Google LLC)
Task: {BE0D4585-FE7C-420F-A80B-C0AE6E68A256} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2367296 2021-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {CC88242B-D99A-4B31-99B4-42816A2BB5AD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23949600 2019-05-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {D9D89AC6-4ACD-4F2D-8531-D493D384FD5C} - System32\Tasks\Microsoft\Windows\Device Information\CHxReadingStriook => C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe "C:\Program Files (x86)\Common Files\CommandDeveloper\UbilsBzuetooth\rdwsing_l1_17_0.dll"
Task: {DCBAAC95-C84A-45D8-B5EC-695CE62B0192} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [3821352 2021-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {E4FAEF16-358C-4878-9911-4F5C55DCA29E} - System32\Tasks\Microsoft\Windows\Conexant\SA3 => C:\Program Files\CONEXANT\SA3\HP-NB-AIO\SACpl.exe [1832280 2017-06-07] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
Task: {EAF7B668-5618-4CC0-A64F-CFFEC04DB42D} - no filepath
Task: {F13F69E7-3ED4-44BC-BF52-DF700FBE9F18} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {F3E2D8FF-4339-4788-8FE6-41F692A046BF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-06-01] (Google LLC -> Google LLC)
Task: {F8001016-E6A6-469D-9303-46D550BAE990} - System32\Tasks\Microsoft\Windows\Conexant\MicTray => C:\Windows\System32\MicTray64.exe [2938448 2020-07-02] (Conexant Systems LLC -> Conexant)
Task: {F8E31E9C-9661-49B5-9111-19A26077C437} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.3-0\MpCmdRun.exe [644872 2021-06-02] (Microsoft Windows Publisher -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
AutoConfigURL: [HKLM] => hxxp://127.0.0.1:86/
AutoConfigURL: [HKLM-x32] => hxxp://127.0.0.1:86/
AutoConfigURL: [{4E59E86F-97EC-4B8F-89BD-98375AE1E5A5}] => hxxp://127.0.0.1:86/
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{d87f1634-45a9-4d0b-adbc-b27bde739366}: [DhcpNameServer] 192.168.0.1
Edge:
=======
DownloadDir: C:\Users\hp\Downloads
Edge Session Restore: HKU\S-1-5-21-2123003089-4285120140-3240528571-1001 -> is enabled.
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\hp\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-02]
Edge HomePage: Default -> hxxp://www.google.com
Edge Session Restore: Default -> is enabled.
Edge Extension: (Popup Blocker (strict)) - C:\Users\hp\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ijhfkkgjgpcplfeajghagkcebakjcpge [2021-05-28]
Edge Profile: C:\Users\hp\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2021-06-02]
Edge Profile: C:\Users\hp\AppData\Local\Microsoft\Edge\User Data\Profile 2 [2021-06-02]
Edge Profile: C:\Users\hp\AppData\Local\Microsoft\Edge\User Data\Profile 3 [2021-06-02]
Edge Profile: C:\Users\hp\AppData\Local\Microsoft\Edge\User Data\Profile 4 [2021-06-02]
FireFox:
========
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi => not found
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-05-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-05-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
Chrome:
=======
CHR Profile: C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default [2021-06-03]
CHR Notifications: Default -> hxxps://linkvertise.com
CHR Extension: (Slides) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-06-01]
CHR Extension: (Docs) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-06-01]
CHR Extension: (Google Drive) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-06-01]
CHR Extension: (YouTube) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-06-01]
CHR Extension: (Sheets) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-06-01]
CHR Extension: (Google Docs Offline) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-01]
CHR Extension: (Avast Online Security) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2021-06-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-06-01]
CHR Extension: (Gmail) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-06-01]
CHR Extension: (Chrome Media Router) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-01]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9662544 2019-05-30] (Microsoft Corporation -> Microsoft Corporation)
R2 CxMonSvc; C:\WINDOWS\CxSvc\CxMonSvc.exe [56496 2020-09-09] (Synaptics Incorporated -> Conexant Systems, Inc)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [811120 2020-05-27] (EasyAntiCheat Oy -> Epic Games, Inc)
R2 Everything; C:\Program Files\Everything\Everything.exe [2260560 2021-01-25] (voidtools -> voidtools)
R2 fpCsEvtSvc; C:\WINDOWS\System32\fpCSEvtSvc.exe [23912 2019-03-17] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5393304 2021-05-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.3-0\NisSrv.exe [2644776 2021-06-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.3-0\MsMpEng.exe [136648 2021-06-02] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 asrdmon; C:\WINDOWS\system32\drivers\asrdmon.sys [18024 2021-06-02] (Advance System Care, Inc. -> )
S3 BTCFilterService; C:\WINDOWS\System32\drivers\motfilt.sys [6144 2013-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Motorola Inc)
S3 motandroidusb; C:\WINDOWS\System32\Drivers\motoandroid.sys [32768 2013-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Motorola)
S3 MotoSwitchService; C:\WINDOWS\System32\drivers\motswch.sys [8832 2013-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Motorola)
S3 Motousbnet; C:\WINDOWS\System32\drivers\Motousbnet.sys [27648 2013-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Motorola Mobility Inc)
R3 MpKslcdb7e621; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1E693F4C-8296-40A1-A9B3-FDC054F66E56}\MpKslDrv.sys [107744 2021-06-03] (Microsoft Windows -> Microsoft Corporation)
S3 nfcgpiomanager; C:\WINDOWS\System32\drivers\nfcgpiomanager.sys [31232 2017-12-27] (NXP Semiconductors -> Nfc GPIO Driver)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (The OpenVPN Project) [File not signed]
S3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49008 2020-04-06] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 tesrsdt; C:\WINDOWS\system32\drivers\tesrsdt.sys [442128 2019-10-12] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S3 TesSafe; C:\WINDOWS\system32\TesSafe.sys [555064 2019-10-23] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2021-06-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [425208 2021-06-02] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76024 2021-06-02] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP)
S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-06-03 14:20 - 2021-06-03 14:20 - 000000000 ____D C:\Users\hp\AppData\Local\BitTorrentHelper
2021-06-03 14:19 - 2021-06-03 14:20 - 000020943 _____ C:\Users\hp\Downloads\FRST.txt
2021-06-03 14:18 - 2021-06-03 14:19 - 000000000 ____D C:\FRST
2021-06-03 14:16 - 2021-06-03 14:17 - 002300416 _____ (Farbar) C:\Users\hp\Downloads\FRST64.exe
2021-06-03 13:40 - 2021-06-03 14:09 - 000000000 ____D C:\Users\hp\AppData\Roaming\Code
2021-06-03 13:40 - 2021-06-03 13:40 - 000000000 ____D C:\Users\hp\.vscode
2021-06-03 13:39 - 2021-06-03 13:39 - 000000000 ____D C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code
2021-06-03 12:28 - 2021-06-03 12:28 - 000000000 ___HD C:\ProgramData\Dpopci
2021-06-03 12:24 - 2021-06-03 12:24 - 000000000 ____D C:\Users\hp\AppData\Local\AMSDK
2021-06-03 12:19 - 2021-06-03 12:19 - 000038032 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2021-06-03 12:19 - 2021-06-03 12:19 - 000000000 ____D C:\Intel
2021-06-03 12:18 - 2021-06-03 12:23 - 000070283 _____ C:\WINDOWS\ZAM.krnl.trace
2021-06-03 11:54 - 2021-06-03 11:54 - 000000000 ____D C:\Users\hp\AppData\Local\D3DSCache
2021-06-03 07:11 - 2021-06-03 07:11 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-06-02 21:58 - 2021-06-03 11:57 - 000306994 _____ C:\WINDOWS\ntbtlog.txt
2021-06-02 20:48 - 2021-06-02 20:51 - 462712387 _____ (Igor Pavlov) C:\Users\hp\Downloads\Tron+v11.2.0+(2021-05-04).exe
2021-06-02 18:57 - 2021-06-03 07:22 - 000000000 ____D C:\ProgramData\TSRProSettings
2021-06-02 18:57 - 2021-06-02 18:57 - 000018024 _____ C:\WINDOWS\system32\Drivers\asrdmon.sys
2021-06-02 18:57 - 2021-06-02 18:57 - 000003486 _____ C:\WINDOWS\system32\Tasks\AdvancedSystemRepairPro-Maintenance-Autorun
2021-06-02 18:57 - 2021-06-02 18:57 - 000000000 ____D C:\Users\hp\AppData\Local\Everything
2021-06-02 18:27 - 2021-06-02 18:27 - 014793017 _____ C:\Users\hp\Downloads\Advanced System Repair Pro 2020 Full.rar
2021-06-02 18:27 - 2021-06-02 18:27 - 000000000 ____D C:\Users\hp\Downloads\Advanced System Repair Pro 2020 Full
2021-06-02 18:26 - 2021-06-02 18:26 - 000000000 ____D C:\ProgramData\McAfee
2021-06-02 18:25 - 2021-06-02 18:25 - 002712352 _____ ( ) C:\Users\hp\Downloads\Restoro Advanced Cleaner - Linkvertise Downloader_M1tqu-1.exe
2021-06-02 17:43 - 2021-06-02 18:57 - 000000000 ____D C:\Users\hp\AppData\Roaming\Everything
2021-06-02 17:43 - 2021-06-02 17:43 - 000001078 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Everything.lnk
2021-06-02 17:43 - 2021-06-02 17:43 - 000001066 _____ C:\Users\Public\Desktop\Everything.lnk
2021-06-02 17:43 - 2021-06-02 17:43 - 000001066 _____ C:\ProgramData\Desktop\Everything.lnk
2021-06-02 17:43 - 2021-06-02 17:43 - 000000000 ____D C:\Program Files\Everything
2021-06-02 17:15 - 2021-06-02 17:15 - 040488656 _____ (Adlice Software ) C:\Users\hp\Downloads\RogueKiller_setup.exe
2021-06-02 16:57 - 2021-06-02 16:57 - 000000000 ____D C:\Users\hp\AppData\Local\Zemana
2021-06-02 16:43 - 2021-06-02 16:56 - 000000000 ____D C:\Users\hp\Downloads\Zemana AntiMalware Premium 3.2.15 incl Patch [CrackingPatching]
2021-06-02 16:18 - 2021-06-02 16:18 - 000000000 ____D C:\Users\hp\Downloads\SpyHunter.Malware.Security.Suite.v4.25.6.4782.E.Portable.Multilingua-iCV-CreW
2021-06-02 16:01 - 2021-06-03 12:22 - 000000000 ____D C:\Program Files\HitmanPro
2021-06-02 16:01 - 2021-06-02 16:18 - 000000000 ____D C:\ProgramData\HitmanPro
2021-06-02 15:58 - 2021-06-02 16:01 - 120830415 ____R C:\Users\hp\Downloads\SpyHunter.Malware.Security.Suite.v4.25.6.4782.E.Portable.Multilingua-iCV-CreW.rar
2021-06-02 15:58 - 2021-06-02 16:01 - 000000000 ____D C:\Users\hp\Downloads\HitmanPro v3.8.15 Build 306 + Crack
2021-06-02 14:25 - 2021-06-02 14:25 - 000000000 ____D C:\Users\hp\Desktop\Autoruns
2021-06-02 14:21 - 2021-06-03 12:20 - 000000000 ____D C:\Users\hp\AppData\LocalLow\uTorrent
2021-06-02 07:40 - 2021-06-02 07:40 - 000000000 ____D C:\Users\hp\Downloads\IBM SPSS Statistics 25.0 (x64) Multilingual + Crack [SadeemPC]-20210602T015440Z-001
2021-06-02 07:40 - 2021-06-02 07:40 - 000000000 ____D C:\Users\hp\AppData\LocalLow\IObit
2021-06-02 07:40 - 2021-06-02 07:40 - 000000000 ____D C:\Program Files (x86)\IObit
2021-06-02 07:39 - 2021-06-02 07:40 - 000000000 ____D C:\ProgramData\IObit
2021-06-02 04:08 - 2021-06-02 04:08 - 000000000 ____D C:\Users\hp\AppData\Local\OO Software
2021-06-01 23:39 - 2021-06-01 23:39 - 000000000 ____D C:\ProgramData\Sophos
2021-06-01 23:30 - 2021-06-03 11:20 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-06-01 22:03 - 2021-02-12 23:09 - 000205552 _____ (Ray Hinchliffe) C:\WINDOWS\system32\Drivers\SIVX64.sys
2021-06-01 20:42 - 2021-06-01 20:42 - 002728616 _____ (Google LLC) C:\Users\hp\Desktop\chrmstp.exe
2021-06-01 20:42 - 2021-06-01 20:42 - 000002325 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-06-01 20:42 - 2021-06-01 20:42 - 000002284 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-06-01 20:42 - 2021-06-01 20:42 - 000002284 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-06-01 20:42 - 2021-06-01 20:42 - 000000000 ____D C:\Program Files\Google
2021-06-01 20:41 - 2021-06-01 20:41 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-06-01 20:41 - 2021-06-01 20:41 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-06-01 11:53 - 2021-06-02 17:28 - 000290304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\subinacl.exe
2021-06-01 11:53 - 2021-06-01 11:53 - 000000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2021-06-01 11:47 - 2021-06-01 11:47 - 000752296 _____ C:\Users\hp\Downloads\adware-removal-tool-by-tsa.exe
2021-06-01 11:46 - 2021-06-01 11:50 - 011697056 _____ (ESET) C:\Users\hp\Downloads\esetonlinescanner.exe
2021-06-01 10:33 - 2021-06-01 10:33 - 000000000 ____D C:\WINDOWS\ERUNT
2021-06-01 09:14 - 2021-06-01 09:14 - 000000008 __RSH C:\ProgramData\ntuser.pol
2021-06-01 07:21 - 2021-06-01 07:21 - 000003372 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2123003089-4285120140-3240528571-1001
2021-06-01 07:21 - 2021-06-01 07:21 - 000002358 _____ C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-05-31 22:31 - 2021-06-03 11:58 - 112459776 _____ C:\WINDOWS\system32\config\SOFTWARE
2021-05-31 21:53 - 2021-05-27 11:53 - 000002675 _____ C:\WINDOWS\system32\Drivers\etc\hosts.old
2021-05-31 21:47 - 2021-06-01 07:08 - 000000000 ____D C:\Users\hp\Documents\RegRun2
2021-05-31 21:46 - 2021-06-01 07:11 - 000000000 ____D C:\Users\Public\Documents\RegRunInfo
2021-05-31 21:46 - 2021-06-01 07:11 - 000000000 ____D C:\ProgramData\Documents\RegRunInfo
2021-05-31 21:45 - 2021-06-01 07:19 - 000000000 ____D C:\Program Files (x86)\UnHackMe
2021-05-31 20:52 - 2021-05-31 20:52 - 000000000 ____D C:\Users\hp\Documents\recovery regedit
2021-05-31 20:48 - 2021-06-02 08:39 - 000000000 ____D C:\Program Files\Defraggler
2021-05-31 20:48 - 2021-05-31 20:48 - 000001771 _____ C:\Users\Public\Desktop\Defraggler.lnk
2021-05-31 20:48 - 2021-05-31 20:48 - 000001771 _____ C:\ProgramData\Desktop\Defraggler.lnk
2021-05-31 20:48 - 2021-05-31 20:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2021-05-31 19:36 - 2021-05-31 19:36 - 000000000 ____D C:\ProgramData\VS Revo Group
2021-05-31 15:18 - 2021-06-01 13:53 - 000000000 ____D C:\Users\hp\AppData\Roaming\SysInfoTool
2021-05-31 11:01 - 2021-05-31 11:01 - 000001128 _____ C:\Users\Public\Desktop\Inside.lnk
2021-05-31 11:01 - 2021-05-31 11:01 - 000001128 _____ C:\ProgramData\Desktop\Inside.lnk
2021-05-31 11:01 - 2021-05-31 11:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inside
2021-05-31 11:00 - 2021-05-31 11:01 - 000000000 ____D C:\Program Files (x86)\Inside
2021-05-30 13:40 - 2021-05-30 13:40 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-05-30 13:40 - 2021-05-30 13:40 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-05-30 13:39 - 2021-05-30 13:39 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-05-30 13:39 - 2021-05-30 13:39 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-05-30 13:39 - 2021-05-30 13:39 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-05-30 13:39 - 2021-05-30 13:39 - 000011327 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-05-30 13:38 - 2021-05-30 13:38 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2021-05-30 13:38 - 2021-05-30 13:38 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-05-30 13:38 - 2021-05-30 13:38 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-05-30 13:38 - 2021-05-30 13:38 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-05-30 13:37 - 2021-05-30 13:37 - 001823792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-05-30 13:37 - 2021-05-30 13:37 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-05-30 13:36 - 2021-05-30 13:36 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-05-30 13:36 - 2021-05-30 13:36 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-05-30 13:36 - 2021-05-30 13:36 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-05-30 13:36 - 2021-05-30 13:36 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-05-30 13:36 - 2021-05-30 13:36 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-05-30 13:36 - 2021-05-30 13:36 - 000097280 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-05-29 21:56 - 2021-05-29 21:56 - 000000335 _____ C:\Users\hp\Desktop\computer.lnk
2021-05-29 21:30 - 2021-05-29 21:30 - 000018997 _____ C:\WINDOWS\system32\energy-report.html
2021-05-26 00:05 - 2021-05-26 00:05 - 000000000 ____D C:\Program Files\Common Files\Intel Corporation
2021-05-24 23:07 - 2021-05-28 03:59 - 000000000 ____D C:\Users\hp\Documents\VlcpVideoV1.0.1
2021-05-24 22:50 - 2021-06-03 12:19 - 000008192 ___SH C:\DumpStack.log.tmp
2021-05-24 22:50 - 2021-05-31 21:13 - 000000000 ____D C:\WINDOWS\Minidump
2021-05-24 19:30 - 2021-05-24 19:30 - 000020853 _____ C:\Users\hp\Downloads\Ratio-Analysis-Template.xlsx
2021-05-24 19:26 - 2021-05-24 19:26 - 000033557 _____ C:\Users\hp\Downloads\Assignment - Ratios and Financials.xlsx
2021-05-22 23:09 - 2021-05-23 04:19 - 000000000 ____D C:\Users\hp\Downloads\win7-starter-eng
2021-05-22 23:06 - 2021-05-22 23:06 - 000000000 ____D C:\Users\hp\Downloads\Windows 7 Ultimate SP1 (32 Bit)
2021-05-21 10:37 - 2021-05-21 10:37 - 000000000 ____D C:\Users\hp\Documents\My Games
2021-05-21 10:37 - 2021-05-21 10:37 - 000000000 ____D C:\Users\hp\AppData\Local\LumaEmu_SteamCloud
2021-05-20 14:45 - 2021-05-20 14:45 - 000001288 _____ C:\Users\hp\Desktop\NFS14_x86 - Shortcut.lnk
2021-05-19 10:12 - 2021-05-20 13:42 - 000000000 ____D C:\Users\hp\Downloads\Need.For.Speed.Rivals-RELOADED
2021-05-13 15:27 - 2021-05-13 15:27 - 000000000 ____D C:\Users\hp\Desktop\Share files
2021-05-13 15:04 - 2021-05-13 15:04 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2021-05-13 15:04 - 2021-05-13 15:04 - 000002464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2021-05-13 15:04 - 2021-05-13 15:04 - 000002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2021-05-13 15:04 - 2021-05-13 15:04 - 000002458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2021-05-13 15:04 - 2021-05-13 15:04 - 000002422 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2021-05-13 15:04 - 2021-05-13 15:04 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2021-05-13 15:04 - 2021-05-13 15:04 - 000002415 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2021-05-13 15:04 - 2021-05-13 15:04 - 000002409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2021-05-13 15:04 - 2021-05-13 15:04 - 000002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2021-05-13 15:04 - 2021-05-13 15:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-05-13 14:53 - 2021-06-01 23:13 - 000000000 ____D C:\Program Files\Microsoft Office
2021-05-13 14:53 - 2021-05-13 14:53 - 000000000 ____D C:\Program Files\Microsoft Office 15
2021-05-12 07:56 - 2021-05-12 11:37 - 000000000 ____D C:\Users\hp\Downloads\Dragon Ball XenoVerse PC full game + DLC ^^nosTEAM^^
2021-05-12 07:45 - 2021-06-02 16:33 - 000000000 ____D C:\Games
2021-05-12 07:06 - 2021-05-12 07:42 - 000000000 ____D C:\ProgramData\TrackmaniaTurbo
2021-05-12 07:06 - 2021-05-12 07:08 - 000000000 ____D C:\Users\hp\Documents\TrackmaniaTurbo
2021-05-11 23:42 - 2021-05-11 23:42 - 000000000 ____D C:\Users\hp\AppData\Roaming\RenPy
2021-05-11 21:48 - 2021-05-11 23:20 - 000000000 ____D C:\Users\hp\Downloads\Saints Row The Third The Full Package - [DODI Repack]
2021-05-11 21:43 - 2021-05-11 21:43 - 000106496 _____ (PCGameBenchmark) C:\Users\hp\Downloads\PCGameBenchmark_Detector (1).exe
2021-05-10 22:53 - 2021-05-10 22:53 - 000000000 ____D C:\Users\hp\Documents\OpenIV
2021-05-10 22:50 - 2021-05-11 07:15 - 000000000 ____D C:\Users\hp\AppData\Local\New Technology Studio
2021-05-10 18:17 - 2021-05-10 18:17 - 000000000 ____D C:\ProgramData\Steam
2021-05-10 18:17 - 2021-05-10 18:17 - 000000000 ____D C:\ProgramData\Socialclub
2021-05-10 16:53 - 2021-05-18 14:52 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2021-05-10 14:38 - 2021-06-01 23:21 - 000000000 ____D C:\ProgramData\Intel Package Cache {05BC4EEB-70E9-4FDB-9A33-72482B0B128E}
2021-05-10 14:21 - 2021-06-01 23:21 - 000000000 ____D C:\ProgramData\Intel Package Cache {1CEAC85D-2590-4760-800F-8DE5E91F3700}
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-06-03 14:24 - 2019-01-21 22:02 - 000000000 ____D C:\Users\hp\AppData\Roaming\uTorrent
2021-06-03 13:40 - 2020-10-16 06:40 - 000000000 ____D C:\Users\hp
2021-06-03 13:39 - 2020-10-16 06:29 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-06-03 12:58 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-06-03 12:57 - 2019-12-07 14:59 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-06-03 12:52 - 2020-05-18 13:35 - 000000000 ____D C:\ProgramData\Oracle
2021-06-03 12:26 - 2020-10-16 12:55 - 000777600 _____ C:\WINDOWS\system32\perfh007.dat
2021-06-03 12:26 - 2020-10-16 12:55 - 000159232 _____ C:\WINDOWS\system32\perfc007.dat
2021-06-03 12:26 - 2020-10-16 06:53 - 001805662 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-06-03 12:26 - 2019-12-07 14:58 - 000000000 ____D C:\WINDOWS\INF
2021-06-03 12:20 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\Registration
2021-06-03 12:19 - 2020-10-16 07:24 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-06-03 12:19 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\ServiceState
2021-06-03 12:19 - 2019-01-21 21:15 - 000000000 ____D C:\ProgramData\Synaptics
2021-06-03 12:19 - 2018-11-04 16:28 - 000000000 __SHD C:\Users\hp\IntelGraphicsProfiles
2021-06-03 11:58 - 2019-12-07 14:48 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-06-03 11:52 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\System
2021-06-03 11:47 - 2019-07-15 21:46 - 000000000 ____D C:\Users\hp\AppData\LocalLow\Temp
2021-06-03 10:24 - 2019-12-07 14:48 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-06-03 07:08 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-06-02 21:57 - 2019-12-07 14:59 - 000000000 ___HD C:\Program Files\WindowsApps
2021-06-02 21:38 - 2020-10-16 06:39 - 000000000 ____D C:\Users\DefaultAppPool
2021-06-02 19:12 - 2021-04-12 19:52 - 000000000 ____D C:\Users\hp\Desktop\New folder (3)
2021-06-02 19:12 - 2020-11-05 20:44 - 000000000 ____D C:\Users\hp\AppData\Local\Messenger
2021-06-02 19:12 - 2020-08-07 10:01 - 000000000 ____D C:\Users\hp\AppData\Roaming\Spotify
2021-06-02 19:12 - 2020-07-31 12:26 - 000000000 ____D C:\Users\hp\AppData\Roaming\Movavi Video Editor Plus 2020
2021-06-02 19:12 - 2020-07-01 23:08 - 000000000 ____D C:\Users\hp\AppData\Roaming\SafeExamBrowser
2021-06-02 19:12 - 2020-06-04 14:00 - 000000000 ____D C:\Users\hp\AppData\Roaming\Telegram Desktop
2021-06-02 19:12 - 2020-05-23 15:54 - 000000000 ____D C:\Users\hp\AppData\Local\DiskDrill
2021-06-02 19:12 - 2020-02-12 21:41 - 000000000 ____D C:\Users\hp\Downloads\vcomp100
2021-06-02 19:12 - 2019-12-09 21:09 - 000000000 ____D C:\Users\hp\AppData\Roaming\WhatsApp
2021-06-02 19:12 - 2019-12-09 21:09 - 000000000 ____D C:\Users\hp\AppData\Local\WhatsApp
2021-06-02 19:12 - 2019-12-09 21:09 - 000000000 ____D C:\Users\hp\AppData\Local\SquirrelTemp
2021-06-02 19:12 - 2019-12-07 14:59 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2021-06-02 19:12 - 2019-11-21 19:55 - 000000000 ____D C:\Users\hp\AppData\Roaming\EasyAntiCheat
2021-06-02 19:12 - 2019-05-05 22:10 - 000000000 ____D C:\Users\hp\AppData\Local\Warframe
2021-06-02 19:12 - 2019-04-12 22:30 - 000000000 ____D C:\Users\hp\AppData\Local\CrashDumps
2021-06-02 19:12 - 2019-02-12 20:17 - 000000000 ____D C:\Users\hp\Documents\Adobe
2021-06-02 19:12 - 2019-01-21 22:06 - 000000000 ____D C:\Users\hp\AppData\Roaming\hpqLog
2021-06-02 16:58 - 2020-10-16 07:24 - 000000000 ____D C:\WINDOWS\system32\Tasks\Intel
2021-06-02 07:08 - 2019-01-21 21:32 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-06-02 04:02 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\SystemApps
2021-06-01 23:30 - 2019-01-21 21:36 - 000000000 ____D C:\Users\hp\AppData\Local\Packages
2021-06-01 23:30 - 2018-11-04 16:09 - 000000000 ___RD C:\Users\hp\OneDrive
2021-06-01 23:21 - 2019-01-26 21:49 - 000000000 ____D C:\Program Files (x86)\Intel
2021-06-01 23:21 - 2019-01-22 10:50 - 000000000 ____D C:\Program Files (x86)\HP
2021-06-01 23:21 - 2019-01-21 21:13 - 000000000 ____D C:\ProgramData\Intel
2021-06-01 23:21 - 2018-11-04 21:38 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2021-06-01 23:14 - 2019-01-21 22:07 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2021-06-01 23:14 - 2019-01-21 22:03 - 000000000 ____D C:\Users\hp\AppData\Local\Hewlett-Packard
2021-06-01 23:14 - 2019-01-21 22:03 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2021-06-01 23:13 - 2019-12-07 14:59 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-06-01 22:15 - 2020-12-14 08:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2021-06-01 22:15 - 2018-11-04 22:08 - 000000000 ____D C:\Users\hp\Intel
2021-06-01 21:09 - 2019-01-21 22:04 - 000000000 ____D C:\Users\hp\AppData\Local\Opera Software
2021-06-01 21:02 - 2019-01-21 22:02 - 000000000 ____D C:\Users\hp\AppData\Roaming\Opera Software
2021-06-01 20:41 - 2019-01-28 18:19 - 000000000 ____D C:\Program Files (x86)\Google
2021-06-01 19:44 - 2020-04-15 12:36 - 000000000 ____D C:\Users\hp\AppData\Local\ESET
2021-06-01 13:55 - 2018-11-04 16:20 - 000000000 ____D C:\Users\hp\Desktop\BACKUP
2021-06-01 11:33 - 2019-01-28 18:17 - 000000000 ____D C:\Users\hp\AppData\Local\Google
2021-06-01 09:11 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2021-06-01 09:11 - 2019-01-22 10:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-05-31 22:31 - 2019-10-12 12:59 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2021-05-31 21:13 - 2020-05-18 22:03 - 000000000 ____D C:\ProgramData\BlueStacksSetup
2021-05-31 21:13 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\ModemLogs
2021-05-30 14:56 - 2019-12-07 14:59 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-05-30 14:48 - 2020-10-16 06:29 - 000491192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-05-30 14:44 - 2019-12-07 15:39 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-05-30 14:44 - 2019-12-07 14:59 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-05-30 14:44 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-05-30 14:44 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-05-30 14:44 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-05-30 14:44 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\SystemResources
2021-05-30 14:44 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-05-30 14:44 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-05-30 14:44 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-05-30 14:44 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-05-30 14:44 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-05-30 14:44 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-05-29 21:43 - 2019-12-07 14:59 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-05-26 00:04 - 2020-05-18 14:58 - 000000000 ____D C:\Program Files\Common Files\Intel
2021-05-26 00:04 - 2019-01-21 21:13 - 000000000 ____D C:\Program Files\Intel
2021-05-21 08:40 - 2019-09-04 21:33 - 000000000 ____D C:\Users\hp\Documents\Sound recordings
2021-05-20 14:09 - 2020-06-16 08:07 - 000000000 ____D C:\Program Files (x86)\Mr DJ
2021-05-20 13:34 - 2021-02-06 18:55 - 000000000 ____D C:\Program Files (x86)\DODI-Repacks
2021-05-13 15:42 - 2019-01-26 15:48 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-05-13 15:35 - 2019-01-26 15:48 - 132732536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-05-13 15:30 - 2018-11-04 20:32 - 000000000 ____D C:\Users\hp\Desktop\Momma files
2021-05-13 15:20 - 2019-07-01 19:19 - 000000000 ____D C:\R.G. Catalyst
2021-05-13 15:16 - 2020-05-08 11:07 - 000000000 ____D C:\Program Files\YouTube Downloader
2021-05-13 15:14 - 2019-02-02 09:57 - 000000000 ____D C:\ProgramData\Adobe
2021-05-13 15:11 - 2020-08-07 10:01 - 000000000 ____D C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sidify
2021-05-13 15:11 - 2020-08-07 10:01 - 000000000 ____D C:\Program Files (x86)\Sidify
2021-05-10 18:02 - 2019-01-26 20:48 - 000000000 ____D C:\ProgramData\Package Cache
2021-05-10 15:08 - 2019-01-21 21:36 - 000000000 ____D C:\Users\hp\AppData\Local\Intel
2021-05-10 14:46 - 2020-05-20 10:36 - 000043632 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\pmxdrv.sys
2021-05-10 14:46 - 2019-01-26 20:28 - 000000000 ____D C:\Swsetup
2021-05-10 13:49 - 2020-05-18 14:59 - 005533024 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\IntelWLANdriver.dll
2021-05-10 13:49 - 2020-05-18 11:45 - 000000000 ____D C:\ProgramData\HP
2021-05-10 00:57 - 2018-11-04 20:33 - 000000000 ____D C:\Users\hp\Documents\Rockstar Games
==================== Files in the root of some directories ========
2020-05-27 20:44 - 2020-05-27 20:44 - 000001536 _____ () C:\Users\hp\AppData\Local\GfxMetrics.cfg
2019-01-28 20:50 - 2019-05-30 21:29 - 000007598 _____ () C:\Users\hp\AppData\Local\resmon.resmoncfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2021
Ran by hp (03-06-2021 14:25:24)
Running from C:\Users\hp\Downloads
Windows 10 Pro Version 21H1 19043.1023 (X64) (2020-10-16 01:43:18)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2123003089-4285120140-3240528571-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2123003089-4285120140-3240528571-503 - Limited - Disabled)
Guest (S-1-5-21-2123003089-4285120140-3240528571-501 - Limited - Disabled)
hp (S-1-5-21-2123003089-4285120140-3240528571-1001 - Administrator - Enabled) => C:\Users\hp
WDAGUtilityAccount (S-1-5-21-2123003089-4285120140-3240528571-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\uTorrent) (Version: 3.5.5.46010 - BitTorrent Inc.)
Bang & Olufsen Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 9.0.232.70 - Conexant)
Brother MFL-Pro Suite DCP-1510 series (HKLM-x32\...\{90C24B16-9C28-44AB-8C63-BB9822218E18}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform)
Documentation Manager (HKLM\...\{0203C24C-452D-4344-871F-DE3C7B49C328}) (Version: 22.40.0.7 - Intel Corporation) Hidden
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Everything 1.4.1.1005 (x64) (HKLM\...\Everything) (Version: 1.4.1.1005 - voidtools)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.77 - Google LLC)
HP Universal Camera Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1114.25_RS2_WHQL - Sonix)
Inside (HKLM-x32\...\{9BD4503F-F711-491D-984A-AB4ABD66B8C2}_is1) (Version: - Playdead)
Intel® Chipset Device Software (HKLM-x32\...\{f3b1c211-1159-4262-bb97-84150cda9096}) (Version: 10.1.18243.8188 - Intel® Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2044.15.0.1951 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.8.3.1007 - Intel Corporation)
Intel® Trusted Connect Services Client (HKLM-x32\...\{c3964069-17c1-45dd-85a5-949576ceeaa3}) (Version: 1.62.321.1 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{00000040-0220-1033-84C8-B8D95FA3C8C3}) (Version: 22.40.0.2 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{cf961541-ca37-4826-a285-3a9cb22cd5a2}) (Version: 21.40.2 - Intel Corporation)
Intel® Software Installer (HKLM-x32\...\{3933e30f-0de2-4fee-8a5e-28c71ea7f121}) (Version: 22.40.0.7 - Intel Corporation) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Messenger 88.7.120 (HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 88.7.120 - Facebook, Inc.)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.10730.20348 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\OneDriveSetup.exe) (Version: 21.083.0425.0003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61135 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61135 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61135 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61135 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.56.2 - Microsoft Corporation)
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
Need for Speed™ Rivals (HKLM-x32\...\{E0A32336-AA27-4053-99B2-C3380B7B95AC}) (Version: 1.3.0.0 - Electronic Arts)
NXPProximityInstaller (HKLM-x32\...\NXPProximityInstaller) (Version: 3.100140.10443.10 - NXP Semiconductors)
OnePlus USB Drivers 1.00 (HKLM-x32\...\OnePlus USB Drivers 1.00) (Version: 1.00 - OnePlus, Inc)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.151 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.70 - Synaptics Incorporated)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.14 - VideoLAN)
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
WhatsApp (HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\WhatsApp) (Version: 2.2114.9 - WhatsApp)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22925 - Microsoft Corporation)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Windows Driver Package - MediaTek Inc. (usbser) Ports (01/05/2012 2.0000.0.1) (HKLM\...\49D9ABA9270C5BDFD7AE1BEB607D36B26BB90235) (Version: 01/05/2012 2.0000.0.1 - MediaTek Inc.)
Windows Driver Package - MediaTek Inc. (usbser) Ports (12/24/2011 2.0000.0.0) (HKLM\...\D0E6296D177F42BB31C0200E49412003DB6C4633) (Version: 12/24/2011 2.0000.0.0 - MediaTek Inc.)
WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)
Packages:
=========
Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2021-02-05] (Fitbit)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-28] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-28] (Microsoft Corporation) [MS Ad]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2020-08-03] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e6daaea9afe1e6f6\igfxDTCM.dll [2020-11-11] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2020-08-03] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2020-05-18 12:24 - 2009-02-27 16:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2020-05-18 12:51 - 2017-11-07 19:55 - 000137728 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
2020-05-18 12:51 - 2017-08-18 11:23 - 000087552 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
2020-05-18 12:51 - 2017-08-18 11:23 - 017974784 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
2020-05-18 12:51 - 2017-11-07 20:04 - 000087040 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLEng.dll
2020-05-18 13:27 - 2017-11-07 19:55 - 000440832 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\Track.dll
2020-05-18 12:51 - 2008-08-18 18:27 - 000122880 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\brlmw03a.dll
2020-05-18 12:51 - 2012-07-13 13:09 - 000385024 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2020-12-01 09:05 - 2018-07-03 11:14 - 001348608 _____ (Conexant Systems, Inc.) [File not signed] C:\Program Files\Conexant\SA3\HP-NB-AIO\CxHDAudioAPI.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [486]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSVC => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VSS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\w32time => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WUAUSERV => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/?q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/?q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-05-13] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-05-13] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2021-05-13] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-05-13] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-05-13] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-05-13] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-05-13] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2020-10-02 16:34 - 2021-06-03 10:55 - 000004642 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 media-match.com
127.0.0.1 adclick.g.doublecklick.net
127.0.0.1 www.googleadservices.com
127.0.0.1 pagead2.googlesyndication.com
127.0.0.1 googleads.g.doubleclick.net
127.0.0.1 pubads.g.doubleclick.net
127.0.0.1 securepubads.g.doubleclick.net
127.0.0.1 www.omaze.com
127.0.0.1 omaze.com
127.0.0.1 bounceexchange.com
127.0.0.1 core.insightexpressai.com
127.0.0.1 content.bitsontherun.com
127.0.0.1 s0.2mdn.net
127.0.0.1 v.jwpcdn.com
127.0.0.1 d2gi7ultltnc2u.cloudfront.net
127.0.0.1 cs283.wpc.teliasoneracdn.net
127.0.0.1 cs126.wpc.teliasoneracdn.net
127.0.0.1 u.scdn.co
127.0.0.1 cs126.wpc.edgecastcdn.net
127.0.0.1 pagead46.l.doubleclick.net
127.0.0.1 pagead.l.doubleclick.net
127.0.0.1 video-ad-stats.googlesyndication.com
127.0.0.1 pagead-googlehosted.l.google.com
127.0.0.1 partnerad.l.doubleclick.net
127.0.0.1 prod.spotify.map.fastlylb.net
127.0.0.1 adserver.adtechus.com
127.0.0.1 na.gmtdmp.com
127.0.0.1 anycast.pixel.adsafeprotected.com
127.0.0.1 ads.pubmatic.com
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\hp\Pictures\wallpaper.jpg
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\StartupFolder: => "Avast SecureLine.lnk"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "DisplayLinkUI"
HKLM\...\StartupApproved\Run: => "UrbanVPN"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM Tray Agent"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "RazerCortex"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Intel Driver & Support Assistant"
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\StartupApproved\Run: => "FreeYouTubeDownloader"
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\StartupApproved\Run: => "Web Companion"
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\StartupApproved\Run: => "Viber"
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\StartupApproved\Run: => "electron.app.Pi Network"
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\StartupApproved\Run: => "Facebook.MessengerDesktop"
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\StartupApproved\Run: => "waupdat3"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [Microsoft-Windows-Unified-Telemetry-Client] => (Block) C:\WINDOWS\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{4DDF6874-5570-49B5-8583-8FC3A763217B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{57252589-F5ED-459C-9B3E-FC37E0C3CC54}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{09FAECEC-76F4-4E71-873B-461F6C7DD353}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0B5B4923-EE05-441C-93A2-6AECC5F63511}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{C3DB02B0-8F3E-4E1B-B515-3F3FA60014EB}C:\users\hp\downloads\anydesk.exe] => (Allow) C:\users\hp\downloads\anydesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [TCP Query User{4C9AB791-63C2-4831-A181-09BC7784739E}C:\users\hp\downloads\anydesk.exe] => (Allow) C:\users\hp\downloads\anydesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{ABD2A3B4-0EC3-4E37-819C-5BF4B84F921D}] => (Allow) C:\Users\hp\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe => No File
FirewallRules: [{69A3DDE0-DE26-461D-BC77-CF9448EB47D2}] => (Allow) C:\Users\hp\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe => No File
FirewallRules: [{DCCDAB03-6BF3-4E4D-9C2D-6036D3BBC510}] => (Allow) C:\Users\hp\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe => No File
FirewallRules: [{4125549A-90C9-420C-A621-F6B13A06CD9F}] => (Allow) C:\Users\hp\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe => No File
FirewallRules: [{743A70F2-6F8A-42A5-84E3-D2D29DAF2C91}] => (Allow) C:\Users\hp\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{FD9B5B77-F649-4922-9EAC-521C1EC69772}] => (Allow) C:\Users\hp\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{24BE4400-0CFE-49C1-8B72-99672C090E55}] => (Block) E:\Super Meat Boy\SuperMeatBoy.exe () [File not signed]
FirewallRules: [TCP Query User{2C9A4775-3AA0-4442-A729-8FF8BAA8C85D}C:\users\hp\appdata\local\programs\messenger\messenger.exe] => (Allow) C:\users\hp\appdata\local\programs\messenger\messenger.exe (Facebook, Inc. -> Facebook, Inc.)
FirewallRules: [UDP Query User{61C66CEA-D795-4C31-B69E-5055004F6059}C:\users\hp\appdata\local\programs\messenger\messenger.exe] => (Allow) C:\users\hp\appdata\local\programs\messenger\messenger.exe (Facebook, Inc. -> Facebook, Inc.)
FirewallRules: [{A060BD33-EA28-448B-B1ED-E706A66008F3}] => (Allow) LPort=5900
FirewallRules: [{B7BED451-CFBE-4A74-9989-D27243FFE60F}] => (Allow) LPort=5800
FirewallRules: [{CF7C7A01-73E9-414F-8321-D9F758DB0162}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe (uvnc bvba -> UltraVNC)
FirewallRules: [{FADB8A20-0C04-4D22-AA32-700EE21F84A3}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe (uvnc bvba -> UltraVNC)
FirewallRules: [TCP Query User{88646A3F-A6DF-477B-822E-7BF9BA91D838}C:\program files\uvnc bvba\ultravnc\repeater.exe] => (Block) C:\program files\uvnc bvba\ultravnc\repeater.exe (uvnc bvba -> )
FirewallRules: [UDP Query User{F94947A2-A080-4135-B1D5-61548B6DCB93}C:\program files\uvnc bvba\ultravnc\repeater.exe] => (Block) C:\program files\uvnc bvba\ultravnc\repeater.exe (uvnc bvba -> )
FirewallRules: [{81CCE2E1-F521-4565-A355-F1994DC6FC52}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6EC93D95-40D4-4EC5-9981-60211C2DE5B4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2676546E-FE30-4EB5-98C2-D0EC40F451F2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{14CD2B8F-A801-4E03-BF09-AAA1E10FC269}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C8B0FC86-D1AF-4983-A71D-1960677B0DAE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2B7D9D93-6C08-4D70-B191-36D26AD05288}] => (Allow) C:\Games\Need for Speed Rivals\NFS14_x86.exe (Electronic Arts) [File not signed]
FirewallRules: [{546EB478-F1F0-42A7-83F0-3742580BDD15}] => (Allow) C:\Games\Need for Speed Rivals\NFS14_x86.exe (Electronic Arts) [File not signed]
FirewallRules: [{09A48E68-98C8-470B-8C2C-0A53D8A81696}] => (Allow) C:\Games\Need for Speed Rivals\NFS14.exe (Electronic Arts) [File not signed]
FirewallRules: [{ED94F034-8B54-4E78-B54D-F6B5A8E8989A}] => (Allow) C:\Games\Need for Speed Rivals\NFS14.exe (Electronic Arts) [File not signed]
FirewallRules: [TCP Query User{D107B5AA-D456-4AE5-AA65-5BF3DD582A5A}C:\users\hp\downloads\malwarebytes premium v4.2.0.82 + fix (lifetime activation) {crackshash}\activator fix\activator fix\licensemalwarebytes.exe] => (Allow) C:\users\hp\downloads\malwarebytes premium v4.2.0.82 + fix (lifetime activation) {crackshash}\activator fix\activator fix\licensemalwarebytes.exe => No File
FirewallRules: [UDP Query User{FB83D1B1-7562-4588-845E-9067C4656E9A}C:\users\hp\downloads\malwarebytes premium v4.2.0.82 + fix (lifetime activation) {crackshash}\activator fix\activator fix\licensemalwarebytes.exe] => (Allow) C:\users\hp\downloads\malwarebytes premium v4.2.0.82 + fix (lifetime activation) {crackshash}\activator fix\activator fix\licensemalwarebytes.exe => No File
FirewallRules: [{99E7DB49-8B17-462F-BADB-95303760C6D8}] => (Block) C:\users\hp\downloads\malwarebytes premium v4.2.0.82 + fix (lifetime activation) {crackshash}\activator fix\activator fix\licensemalwarebytes.exe => No File
FirewallRules: [{409AAD36-52EB-4CAC-BB3E-83FBB184B2AA}] => (Block) C:\users\hp\downloads\malwarebytes premium v4.2.0.82 + fix (lifetime activation) {crackshash}\activator fix\activator fix\licensemalwarebytes.exe => No File
FirewallRules: [{EEE0D7A6-BFB3-4FC3-92F6-812049B32631}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (06/03/2021 07:05:41 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.
Details:
Could not query the status of the EventSystem service.
System Error:
A system shutdown is in progress.
.
System errors:
=============
Error: (06/03/2021 12:33:23 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.
The exact nature of the corruption is unknown. The file system structures need to be scanned online.
Error: (06/03/2021 12:32:42 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-ESKAMO)
Description: Unable to start a DCOM Server: Microsoft.MicrosoftEdge_44.19041.1023.0_neutral__8wekyb3d8bbwe!MicrosoftEdge as Unavailable/Unavailable. The error:
"2147942402"
Happened while starting this command:
"C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
Error: (06/03/2021 12:31:52 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-ESKAMO)
Description: Unable to start a DCOM Server: Microsoft.MicrosoftEdge_44.19041.1023.0_neutral__8wekyb3d8bbwe!MicrosoftEdge as Unavailable/Unavailable. The error:
"2147942402"
Happened while starting this command:
"C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
Error: (06/03/2021 12:27:53 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (06/03/2021 12:27:49 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (06/03/2021 12:27:44 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (06/03/2021 12:27:41 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (06/03/2021 12:27:37 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Windows Defender:
================
Date: 2021-06-02 18:27:11
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: PUA:Win32/PCClean
Severity: Low
Category: Potentially Unwanted Software
Path: containerfile:_C:\Users\hp\Downloads\Advanced System Repair Pro 2020 Full.rar; file:_C:\Users\hp\Downloads\Advanced System Repair Pro 2020 Full.rar->Setup.exe; webfile:_C:\Users\hp\Downloads\Advanced System Repair Pro 2020 Full.rar|
https://mega.nz/|pid...671113270369810
Detection Origin: Internet
Detection Type: Concrete
Detection Source: Downloads and attachments
Process Name: Unknown
Security intelligence Version: AV: 1.339.1874.0, AS: 1.339.1874.0, NIS: 1.339.1874.0
Engine Version: AM: 1.1.18200.4, NIS: 1.1.18200.4
Date: 2021-06-02 14:05:20
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/MpTamperSrvDisableAV.D
Severity: Severe
Category: Trojan
Path: CmdLine:_C:\Windows\System32\sc.exe stop Diagtrack
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.339.1853.0, AS: 1.339.1853.0, NIS: 1.339.1853.0
Engine Version: AM: 1.1.18200.4, NIS: 1.1.18200.4
Date: 2021-06-02 04:08:13
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/MpTamperSrvDisableAV.D
Severity: Severe
Category: Trojan
Path: CmdLine:_C:\Windows\System32\sc.exe stop Diagtrack
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.339.1822.0, AS: 1.339.1822.0, NIS: 1.339.1822.0
Engine Version: AM: 1.1.18200.4, NIS: 1.1.18200.4
Date: 2021-06-01 20:24:35
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: App:Utorrent_BundleInstaller
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Users\hp\AppData\Roaming\uTorrent\updates\3.5.5_45988.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.339.1822.0, AS: 1.339.1822.0, NIS: 1.339.1822.0
Engine Version: AM: 1.1.18200.4, NIS: 1.1.18200.4
Date: 2021-06-01 20:17:02
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Custom Scan
Date: 2021-06-03 10:55:34
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.339.1889.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18200.4
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Date: 2021-06-03 07:11:09
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2021-06-02 21:09:57
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2021-06-02 21:03:19
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2021-06-02 20:22:51
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
CodeIntegrity:
===============
Date: 2021-05-29 21:43:02
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: HP N75 Ver. 01.49 07/12/2020
Motherboard: HP 807C
Processor: Intel® Core i5-6300U CPU @ 2.40GHz
Percentage of memory in use: 51%
Total physical RAM: 7975.67 MB
Available physical RAM: 3854.3 MB
Total Virtual: 8487.67 MB
Available Virtual: 4033.6 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:524.74 GB) (Free:378.19 GB) NTFS
Drive e: (All) (Fixed) (Total:405.42 GB) (Free:274.96 GB) NTFS
\\?\Volume{dee8ee0f-bf5b-4efe-9179-2ffeaadd76c9}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS
\\?\Volume{05f6a5fd-2967-4dc5-a263-2ddfe33d06c8}\ () (Fixed) (Total:0.75 GB) (Free:0.14 GB) NTFS
\\?\Volume{35c31eec-d925-42ed-9bb0-fb06a7706106}\ () (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 04CA5994)
Partition: GPT.
==================== End of Addition.txt =======================
Edited by sweepe, 03 June 2021 - 03:27 AM.