Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-10-2021 Ran by grand (administrator) on DESKTOP-OIMNL79 (HP HP All-in-One) (08-10-2021 12:57:29) Running from C:\Users\grand\Downloads Loaded Profiles: grand Platform: Windows 10 Home Version 21H1 19043.1266 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe (Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe (Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe (Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPUF.exe (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0368456.inf_amd64_f16f961b152ef3a8\B367348\atieclxx.exe (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0368456.inf_amd64_f16f961b152ef3a8\B367348\atiesrxx.exe (Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe (Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Scan Utility\SETEVENT.exe (CyberLink Corp. -> CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD21\Common\CLMediaServer\clmediaserver.exe (CyberLink Corp. -> CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD21\Common\dynamic_transcode.exe <4> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <10> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.BingWeather_4.46.32012.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20436.0_x64__8wekyb3d8bbwe\HxOutlook.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20436.0_x64__8wekyb3d8bbwe\HxTsr.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\fodhelper.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\pacjsworker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe (Piriform Software Ltd -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Update\1.8.1067.0\CCleanerBrowserCrashHandler.exe (Piriform Software Ltd -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Update\1.8.1067.0\CCleanerBrowserCrashHandler64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe (WildTangent Inc -> ) C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [PowerDVD21Agent] => C:\Program Files\CyberLink\PowerDVD21\PowerDVD21Agent.exe [564904 2021-09-06] (CyberLink Corp. -> CyberLink Corp.) HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1313408 2017-07-05] (Canon Inc. -> CANON INC.) HKLM-x32\...\Run: [YouCam Service9] => C:\Program Files (x86)\CyberLink\YouCam9\YouCamService9.exe [404288 2020-07-27] (CyberLink Corp. -> CyberLink Corp.) HKU\S-1-5-21-552959180-971348328-798598736-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35093120 2021-09-10] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-552959180-971348328-798598736-1001\...\Run: [CyberlinkPowerPlayerMediaServer_PowerDVD21] => C:\Program Files\CyberLink\PowerDVD21\Common\CLMediaServer\clmediaserver.exe [6706856 2021-09-06] (CyberLink Corp. -> CyberLink Corp.) HKU\S-1-5-21-552959180-971348328-798598736-1001\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\HP\HP JumpStart Apps\Hpjumpstartapps.exe [1660040 2017-04-24] (HP Jump Start (HP Inc.) -> HP Inc.) HKLM\...\Windows x64\Print Processors\Canon MG5700 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDCS.DLL [30208 2015-03-15] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJ Language Monitor MG5700 series: C:\WINDOWS\system32\CNMLMCS.DLL [406528 2015-03-15] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{052EB454-9F19-CB42-7875-807F79F311C4}] -> C:\Program Files (x86)\CCleaner Browser\Application\94.0.12309.64\Installer\chrmstp.exe [2021-10-08] (Piriform Software Ltd -> Piriform Software) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\94.0.4606.71\Installer\chrmstp.exe [2021-10-07] (Google LLC -> Google LLC) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{052EB454-9F19-CB42-7875-807F79F311C4}] -> "C:\Program Files (x86)\CCleaner Browser\Application\79.0.3066.82\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level HKLM\Software\...\Authentication\Credential Providers: [{765458F5-7207-46a2-ABD6-A5F11C0D141B}] -> C:\Program Files (x86)\CyberLink\YouCam8\CLCredProv\x64\CLCredProv.dll [2019-05-09] (CyberLink Corp. -> CyberLink) HKLM\Software\...\Authentication\Credential Providers: [{7B4C4849-DFD6-4b88-B58D-9260BC55E2FB}] -> C:\Program Files (x86)\CyberLink\YouCam9\CLCredProv\x64\CLCredProv.dll [2020-07-27] (CyberLink Corp. -> CyberLink) HKLM\Software\...\Authentication\Credential Provider Filters: [{765458F5-7207-46a2-ABD6-A5F11C0D141B}] -> C:\Program Files (x86)\CyberLink\YouCam8\CLCredProv\x64\CLCredProv.dll [2019-05-09] (CyberLink Corp. -> CyberLink) HKLM\Software\...\Authentication\Credential Provider Filters: [{7B4C4849-DFD6-4b88-B58D-9260BC55E2FB}] -> C:\Program Files (x86)\CyberLink\YouCam9\CLCredProv\x64\CLCredProv.dll [2020-07-27] (CyberLink Corp. -> CyberLink) HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {02687CB1-2A4D-435E-86CE-1BCC71499F93} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-12] (Google Inc -> Google LLC) Task: {035548E7-5A0A-43BF-BABF-A1D3833CC347} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs] Task: {2083481A-5231-4554-B46B-C2E90CE1DE6A} - System32\Tasks\CLToast => C:\Program Files (x86)\CyberLink\Shared files\CLToast.exe [2317480 2021-09-06] (CyberLink Corp. -> ) Task: {21EF35BD-2271-4E0E-940C-0D9CF7DC4B16} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11235928 2020-03-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor) Task: {24D9C1F5-D331-433C-894D-DCAC889132DC} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200928 2021-09-04] (Piriform Software Ltd -> Piriform Software) Task: {315E3836-0B3F-43FF-94DB-BF891C67FE25} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-12] (Google Inc -> Google LLC) Task: {3AA18EB4-ACD2-446E-9EB9-3778B1E223DB} - System32\Tasks\CCleanerSkipUAC - grand => C:\Program Files\CCleaner\CCleaner.exe [29155968 2021-09-10] (Piriform Software Ltd -> Piriform Software Ltd) Task: {46CA0462-6462-44A3-A32D-29F782A846ED} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [29155968 2021-09-10] (Piriform Software Ltd -> Piriform Software Ltd) Task: {4B69B8F7-BA7E-4F91-86E4-D9891D2E7390} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [2356696 2021-09-30] (Piriform Software Ltd -> Piriform Software) Task: {5333B817-1661-440C-98A6-C5868BEA9D37} - System32\Tasks\CLToastRun => C:\Program Files (x86)\CyberLink\Shared files\CLToast.exe [2317480 2021-09-06] (CyberLink Corp. -> ) Task: {587A9695-62B4-4EE1-AC31-26E668F12302} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1713952 2021-05-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {58FC02CF-0B02-4EBF-9059-194C8A74642F} - System32\Tasks\StartCNBM => C:\Program Files\AMD\CNext\CNext\cncmd.exe [62752 2021-05-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {60F9F933-750F-4DB9-8E18-D41FC1D4D05E} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [2356696 2021-09-30] (Piriform Software Ltd -> Piriform Software) Task: {6D7C43C3-4142-45E1-8F59-A14C95536DFD} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [268576 2021-05-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {7112A51D-5DE1-46FF-867E-8DCC2316D3D2} - System32\Tasks\HPCeeScheduleForgrand => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: {73BB809E-F870-4DAB-A86D-62031D52739D} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1713952 2021-05-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {747EA81D-0895-4819-AC69-CA1C3464AC59} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-09-10] (Piriform Software Ltd -> Piriform) Task: {7CBA1132-2407-427B-80E8-11A9B0ED33ED} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [134768 2021-04-01] (HP Inc. -> HP Inc.) Task: {8EE2830F-6C91-4F5B-A8C2-53E1B734986B} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [461824 2017-10-07] (HP Inc. -> HP Inc.) Task: {95EE4E11-A4F4-44E1-9902-FDDF63D9D5C3} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [62752 2021-05-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {9F1A10BF-F857-4BAA-9CE4-32A614F650F5} - System32\Tasks\PostponeDeviceSetupToast_S-1-5-21-552959180-971348328-798598736-1001_0 => {5ded83ef-1e99-48cf-bf83-676d2a6db408} C:\Windows\System32\oobe\UserOOBE.dll [421376 2021-10-02] (Microsoft Windows -> Microsoft Corporation) Task: {BA872E57-ADE2-449A-AD85-C7F80907A0F7} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644472 2019-06-21] (HP Inc. -> HP Inc.) Task: {C85D76A2-FFB1-44AA-A9A9-7C10911FEC65} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1713952 2021-05-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {D0C05D16-86BB-4727-9B84-E1E750E25FD5} - System32\Tasks\Microsoft\Windows\WindowsUpdate\RUXIM\RUXIMSync => C:\Program Files\ruxim\ruximics.exe [477512 2021-06-30] (Microsoft Windows -> Microsoft Corporation) Task: {DF249E85-9158-47A7-8FB0-BFADE50B18E8} - System32\Tasks\Microsoft\Windows\WindowsUpdate\RUXIM\RUXIMDisplay => C:\Program Files\ruxim\ruximics.exe [477512 2021-06-30] (Microsoft Windows -> Microsoft Corporation) Task: {ED82D3FC-AC60-43B2-914E-3A0F12723B60} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2021-04-01] (HP Inc. -> HP Inc.) Task: {F3AEBFE4-41A5-42AC-96DC-F9DA7CA4A9B5} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200928 2021-09-04] (Piriform Software Ltd -> Piriform Software) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\HPCeeScheduleForgrand.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{bc91464f-e53c-4252-94d3-b41344c2fa75}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{e12d0fef-c15f-4d71-9147-c88abe158d85}: [DhcpNameServer] 192.168.0.1 Edge: ======= DownloadDir: C:\Users\grand\OneDrive\Desktop Edge Notifications: HKU\S-1-5-21-552959180-971348328-798598736-1001 -> hxxps://www.facebook.com; hxxps://www.youtube.com Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] Edge DefaultProfile: Default Edge Profile: C:\Users\grand\AppData\Local\Microsoft\Edge\User Data\Default [2021-10-07] Edge Notifications: Default -> hxxps://www.ashampoo.com; hxxps://www.facebook.com; hxxps://www.youtube.com Edge Extension: (Malwarebytes Browser Guard) - C:\Users\grand\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-10-07] Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee] FireFox: ======== FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-19] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-19] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-19] (VideoLAN -> VideoLAN) FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2016-04-14] (CANON INC.) [File not signed] FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=3 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1067.0\npCCleanerBrowserUpdate3.dll [2021-09-04] (Piriform Software Ltd -> Piriform Software) FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=9 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1067.0\npCCleanerBrowserUpdate3.dll [2021-09-04] (Piriform Software Ltd -> Piriform Software) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\grand\AppData\Local\Google\Chrome\User Data\Default [2021-10-08] CHR Notifications: Default -> hxxps://australia.trovit.com; hxxps://captchafilter.top; hxxps://directorzone.cyberlink.com; hxxps://elevationmap.net; hxxps://healthyfitpoint.com; hxxps://membership.cyberlink.com; hxxps://news1245ubdates.com; hxxps://theinfinitekitchen.com; hxxps://www.cyberlink.com; hxxps://www.dailymail.co.uk; hxxps://www.facebook.com; hxxps://www.youtube.com CHR Extension: (Google Drive) - C:\Users\grand\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-09-04] CHR Extension: (YouTube) - C:\Users\grand\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-07-29] CHR Extension: (Malwarebytes Browser Guard) - C:\Users\grand\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-10-07] CHR Extension: (Chrome Web Store Payments) - C:\Users\grand\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-09-04] CHR Extension: (Gmail) - C:\Users\grand\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-09-04] CHR Profile: C:\Users\grand\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-10-05] CHR Profile: C:\Users\grand\AppData\Local\Google\Chrome\User Data\System Profile [2021-10-05] CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] Opera: ======= OPR Profile: C:\Users\grand\AppData\Roaming\Opera Software\Opera Stable [2021-09-09] OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com.au/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding} ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AUEPLauncher; C:\Program Files\AMD\CIM\..\Performance Profile Client\AUEPLauncher.exe [60704 2021-05-11] (Advanced Micro Devices, Inc. -> AMD) R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [305664 2017-11-03] (Realtek Semiconductor Corp.) [File not signed] S2 ccleaner; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200928 2021-09-04] (Piriform Software Ltd -> Piriform Software) S3 CCleanerBrowserElevationService; C:\Program Files (x86)\CCleaner Browser\Application\94.0.12309.64\elevation_service.exe [1436280 2021-09-30] (Piriform Software Ltd -> Piriform Software) S3 ccleanerm; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200928 2021-09-04] (Piriform Software Ltd -> Piriform Software) R2 CIJSRegister; C:\Program Files (x86)\Canon\IJ Scan Utility\SETEVENT.exe [144464 2015-02-19] (Canon Inc. -> CANON INC.) R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [477184 2017-10-07] (HP Inc. -> HP Inc.) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [403576 2021-04-01] (HP Inc. -> HP Inc.) R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.) R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [399296 2019-11-28] (Canon Inc. -> ) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7789240 2021-10-07] (Malwarebytes Inc -> Malwarebytes) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\NisSrv.exe [2855512 2021-10-07] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WildTangentHelper; C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe [1732144 2021-09-24] (WildTangent Inc -> ) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MsMpEng.exe [128392 2021-10-07] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AMDSAFD; C:\WINDOWS\System32\DriverStore\FileRepository\amdsafd.inf_amd64_8e2568524f674315\amdsafd.sys [100768 2021-03-30] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices) R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [62056 2020-07-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed] S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed] R2 CLFCL5.21; C:\WINDOWS\System32\drivers\CLFCL5.21\000.fcl [46752 2021-09-06] (CyberLink Corp. -> CyberLink Corp.) S3 clwvd7; C:\WINDOWS\System32\drivers\clwvd7.sys [61184 2017-11-16] (CyberLink Corp. -> CyberLink Corporation) R3 clwvd8; C:\WINDOWS\System32\drivers\clwvd8.sys [61056 2018-08-24] (CyberLink Corp. -> CyberLink Corporation) R3 clwvd9; C:\WINDOWS\System32\drivers\clwvd9.sys [60984 2019-09-09] (CyberLink Corp. -> CyberLink Corporation) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2021-10-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210344 2021-10-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-10-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [193448 2021-10-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2021-10-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-10-07] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [149424 2021-10-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48520 2021-10-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [434424 2021-10-07] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86264 2021-10-07] (Microsoft Windows -> Microsoft Corporation) U3 aspnet_state; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-10-08 12:57 - 2021-10-08 12:59 - 000024358 _____ C:\Users\grand\Downloads\FRST.txt 2021-10-08 12:50 - 2021-10-08 12:50 - 000000000 ____D C:\Users\grand\Downloads\FRST-OlderVersion 2021-10-08 12:49 - 2021-10-08 12:58 - 000000000 ____D C:\FRST 2021-10-08 12:48 - 2021-10-08 12:50 - 002308096 _____ (Farbar) C:\Users\grand\Downloads\FRST64.exe 2021-10-07 23:00 - 2021-10-07 23:00 - 000000342 _____ C:\Users\grand\Documents\balance.txt 2021-10-07 19:33 - 2021-10-07 19:33 - 013471344 _____ C:\Users\grand\Downloads\MB-SupportTool.exe 2021-10-07 18:06 - 2021-10-07 18:06 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2021-10-07 18:05 - 2021-10-07 18:05 - 000193448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2021-10-07 18:05 - 2021-10-07 18:05 - 000149424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2021-10-07 18:03 - 2021-10-07 18:03 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2021-10-07 18:03 - 2021-10-07 18:03 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-10-07 18:03 - 2021-10-07 18:03 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2021-10-07 18:03 - 2021-10-07 18:03 - 000000000 ____D C:\Users\grand\AppData\Local\mbam 2021-10-07 18:03 - 2021-10-07 18:02 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2021-10-07 18:03 - 2021-10-07 18:02 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2021-10-07 18:01 - 2021-10-07 18:01 - 000000000 ____D C:\Program Files\Malwarebytes 2021-10-07 18:00 - 2021-10-07 18:00 - 002101944 _____ (Malwarebytes) C:\Users\grand\Downloads\MBSetup (1).exe 2021-10-07 17:54 - 2021-10-07 17:54 - 002101944 _____ (Malwarebytes) C:\Users\grand\Downloads\MBSetup.exe 2021-10-07 17:32 - 2020-12-10 01:37 - 000046704 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys.20211095149748.av.old 2021-10-07 17:26 - 2021-10-07 17:26 - 056445176 _____ C:\Users\grand\Downloads\TotalAV_Setup (2).exe 2021-10-07 17:16 - 2021-10-07 17:16 - 000004028 _____ C:\WINDOWS\system32\Tasks\PostponeDeviceSetupToast_S-1-5-21-552959180-971348328-798598736-1001_0 2021-10-07 14:18 - 2021-10-07 14:18 - 000002335 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2021-10-07 06:47 - 2021-10-07 06:52 - 000000444 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics 2021-10-07 00:58 - 2021-10-07 01:02 - 000297618 _____ C:\TDSSKiller.3.1.0.28_07.10.2021_00.58.52_log.txt 2021-10-07 00:58 - 2021-10-07 00:58 - 005054744 _____ (AO Kaspersky Lab) C:\Users\grand\Downloads\tdsskiller.exe 2021-10-05 00:49 - 2021-10-08 12:27 - 000000000 ____D C:\Users\grand\AppData\Roaming\Messenger 2021-10-05 00:49 - 2021-10-05 00:49 - 000000000 ____D C:\Users\grand\AppData\Local\Messenger 2021-10-05 00:35 - 2021-10-05 00:35 - 000000097 _____ C:\Users\grand\Documents\xnx.txt 2021-10-04 02:24 - 2021-10-04 02:25 - 000266624 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-10-02 03:24 - 2021-10-02 03:24 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx 2021-10-02 03:24 - 2021-10-02 03:24 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx 2021-10-02 03:23 - 2021-10-02 03:23 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2021-10-02 03:23 - 2021-10-02 03:23 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2021-10-02 03:23 - 2021-10-02 03:23 - 000011453 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-10-02 03:22 - 2021-10-02 03:22 - 001823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2021-10-02 03:22 - 2021-10-02 03:22 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2021-10-02 03:22 - 2021-10-02 03:22 - 000427520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2021-10-02 03:21 - 2021-10-02 03:21 - 000098304 _____ C:\WINDOWS\system32\Drivers\cimfs.sys 2021-10-02 03:20 - 2021-10-02 03:20 - 000567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2021-10-02 03:20 - 2021-10-02 03:20 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll 2021-10-02 02:00 - 2021-10-02 02:08 - 000000000 ___HD C:\$WinREAgent 2021-09-29 09:35 - 2021-09-29 09:35 - 001077923 _____ C:\Users\grand\Downloads\video-1632879279.mp4 2021-09-29 09:33 - 2021-09-29 09:33 - 001186856 _____ C:\Users\grand\Downloads\video-1632879168.mp4 2021-09-29 00:33 - 2021-09-29 00:33 - 000000119 _____ C:\Users\grand\Documents\tracking number 29 sept 2021.txt 2021-09-24 18:10 - 2021-09-24 18:10 - 001103151 _____ C:\Users\grand\Downloads\video-1632376923 (1).mp4 2021-09-24 18:10 - 2021-09-24 18:10 - 001050949 _____ C:\Users\grand\Downloads\video-1632376983.mp4 2021-09-24 12:15 - 2021-09-24 12:15 - 000000000 ____D C:\CyberLink 2021-09-23 17:19 - 2021-09-23 17:19 - 000093863 _____ C:\Users\grand\Downloads\PaymentReceipt (15).pdf 2021-09-23 14:02 - 2021-09-23 14:02 - 001103151 _____ C:\Users\grand\Downloads\video-1632376923.mp4 2021-09-21 12:43 - 2021-09-21 12:43 - 000000155 _____ C:\Users\grand\Documents\Josh wiggins.txt 2021-09-21 12:17 - 2021-09-21 12:17 - 000000042 _____ C:\Users\grand\Documents\Spotlight.txt 2021-09-17 04:44 - 2021-10-07 18:02 - 000000000 ____D C:\ProgramData\Malwarebytes 2021-09-17 04:44 - 2021-09-17 04:44 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\123422F2.sys 2021-09-17 04:42 - 2021-10-07 18:03 - 000210344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2021-09-17 04:42 - 2021-09-17 05:32 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2021-09-17 04:41 - 2021-09-17 04:42 - 014178840 _____ (Malwarebytes Corp.) C:\Users\grand\Downloads\mbar-1.10.3.1001.exe 2021-09-16 15:18 - 2021-10-07 18:24 - 000000000 ____D C:\WINDOWS\system32\Tasks\Outbyte 2021-09-16 15:17 - 2021-10-07 18:24 - 000000000 ____D C:\ProgramData\Outbyte 2021-09-16 15:17 - 2021-10-07 18:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outbyte 2021-09-16 15:17 - 2021-10-07 18:23 - 000000000 ____D C:\Program Files (x86)\Outbyte 2021-09-16 15:01 - 2021-10-07 17:29 - 000000000 ____D C:\Users\grand\AppData\Local\CrashDumps 2021-09-16 09:51 - 2021-10-08 12:26 - 000003078 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate 2021-09-16 06:33 - 2021-09-16 06:33 - 000003618 _____ C:\WINDOWS\system32\Tasks\CLToast 2021-09-16 06:33 - 2021-09-16 06:33 - 000003444 _____ C:\WINDOWS\system32\Tasks\CLToastRun 2021-09-16 06:32 - 2021-09-16 06:32 - 000000000 ____D C:\WINDOWS\system32\Drivers\CLFCL5.21 2021-09-16 06:31 - 2021-09-16 06:32 - 000000000 ____D C:\ProgramData\PDVD 2021-09-16 06:31 - 2021-09-16 06:31 - 000002135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 21.lnk 2021-09-16 06:31 - 2021-09-16 06:31 - 000002123 _____ C:\Users\Public\Desktop\CyberLink PowerDVD 21.lnk 2021-09-16 06:29 - 2021-09-16 06:29 - 000000000 ____D C:\Program Files\CyberLink 2021-09-16 06:26 - 2021-09-16 06:27 - 326923960 _____ C:\Users\grand\Downloads\PowerDVD_21.0.2106.62_Essential_DVD210415-02.exe 2021-09-16 06:22 - 2021-09-16 06:22 - 001161312 _____ (CyberLink) C:\Users\grand\Downloads\CyberLink_PowerDVD_Downloader.exe 2021-09-16 06:00 - 2021-09-16 06:00 - 000000923 _____ C:\Users\Public\Desktop\VLC media player.lnk 2021-09-15 20:06 - 2021-09-15 20:06 - 000812650 _____ C:\Users\grand\Downloads\video-1631707453.mp4 2021-09-15 07:27 - 2021-09-15 07:27 - 001164288 _____ C:\WINDOWS\system32\MBR2GPT.EXE 2021-09-15 07:27 - 2021-09-15 07:27 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx 2021-09-15 07:27 - 2021-09-15 07:27 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx 2021-09-12 12:14 - 2021-09-12 12:15 - 000000209 _____ C:\Users\grand\Documents\telstra complaint.txt 2021-09-10 08:10 - 2021-09-10 08:10 - 000000000 ____D C:\WINDOWS\system32\gf2engine 2021-09-10 08:09 - 2021-09-10 08:09 - 001133696 _____ (Avast Software) C:\Users\grand\Downloads\avast_cleanup_online_setup.exe 2021-09-10 01:33 - 2021-09-10 01:33 - 000000000 ____D C:\Users\grand\AppData\Local\GUI 2021-09-10 01:28 - 2021-09-10 01:28 - 056432520 _____ C:\Users\grand\Downloads\ScanGuard_Setup.exe 2021-09-10 01:26 - 2021-09-10 01:27 - 056393416 _____ C:\Users\grand\Downloads\PCProtect_Setup.exe 2021-09-10 01:17 - 2021-09-10 01:17 - 056445176 _____ C:\Users\grand\Downloads\TotalAV_Setup (1).exe 2021-09-10 01:03 - 2021-09-10 01:03 - 000668896 _____ C:\Users\grand\Downloads\video-1631198828.mp4 2021-09-09 03:24 - 2021-09-09 03:24 - 000000021 _____ C:\Users\grand\Documents\winoptimizer 19 key.txt 2021-09-09 03:17 - 2021-09-09 03:17 - 000001526 _____ C:\Users\Public\Desktop\One-Click-Optimizer (WO19).lnk 2021-09-09 03:17 - 2021-09-09 03:17 - 000001302 _____ C:\Users\Public\Desktop\Ashampoo WinOptimizer 19.lnk 2021-09-09 03:15 - 2021-09-09 03:16 - 028728184 _____ (Ashampoo GmbH & Co. KG ) C:\Users\grand\Downloads\ashampoo_winoptimizer_19_19.00.13_sm.exe 2021-09-08 15:54 - 2021-09-08 15:54 - 000000000 ____D C:\Users\grand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-10-08 12:27 - 2019-07-29 17:45 - 000000000 ____D C:\Program Files (x86)\Google 2021-10-08 12:26 - 2021-09-05 07:25 - 000003126 _____ C:\WINDOWS\system32\Tasks\AMDInstallLauncher 2021-10-08 05:00 - 2019-12-07 17:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-10-08 04:16 - 2019-10-05 05:24 - 000000000 ____D C:\Program Files\CCleaner 2021-10-08 03:53 - 2019-10-05 05:27 - 000002394 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner Browser.lnk 2021-10-08 03:53 - 2019-10-05 05:25 - 000000000 ____D C:\Program Files (x86)\CCleaner Browser 2021-10-07 23:49 - 2021-09-04 21:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-10-07 18:03 - 2019-12-07 17:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2021-10-07 17:54 - 2019-12-07 17:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-10-07 17:49 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-10-07 17:28 - 2019-12-07 17:13 - 000000000 ____D C:\WINDOWS\INF 2021-10-07 14:48 - 2021-09-04 21:59 - 000004162 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{E1751427-51C1-401F-AA37-82BC4A7A5B5E} 2021-10-07 14:18 - 2019-09-12 13:24 - 000002376 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-10-07 08:48 - 2021-09-04 21:59 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-552959180-971348328-798598736-1001 2021-10-07 08:48 - 2021-09-04 21:30 - 000002382 _____ C:\Users\grand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-10-07 06:49 - 2021-09-04 21:42 - 000909000 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-10-07 06:35 - 2019-07-24 22:15 - 000000000 ____D C:\Users\grand\AppData\Local\D3DSCache 2021-10-07 00:49 - 2019-07-25 13:00 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2021-10-05 01:51 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\NDF 2021-10-05 00:41 - 2021-09-04 21:59 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-10-05 00:41 - 2021-09-04 21:24 - 000008192 ___SH C:\DumpStack.log.tmp 2021-10-05 00:40 - 2019-12-07 17:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2021-10-05 00:40 - 2019-07-25 12:37 - 000065536 _____ C:\WINDOWS\psp_storage.bin 2021-10-03 12:09 - 2021-09-05 04:56 - 000000000 ____D C:\Users\grand\AppData\Local\AMD_Common 2021-10-02 20:12 - 2019-08-18 02:13 - 000000000 ____D C:\Users\grand\Documents\YouCam 2021-10-02 19:49 - 2021-09-04 21:28 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-10-02 19:49 - 2021-09-04 21:28 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2021-10-02 03:44 - 2019-12-07 17:14 - 000000000 ___SD C:\WINDOWS\system32\UNP 2021-10-02 03:44 - 2019-12-07 17:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-10-02 03:44 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2021-10-02 03:44 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SystemResources 2021-10-02 03:44 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2021-10-02 03:44 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-10-02 03:44 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2021-10-02 03:44 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\DiagTrack 2021-10-02 03:44 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-10-02 03:39 - 2019-12-07 17:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-10-01 15:20 - 2021-09-04 21:59 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2021-10-01 15:20 - 2021-09-04 21:59 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2021-10-01 06:54 - 2021-09-04 11:59 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2021-09-29 10:12 - 2021-09-05 00:37 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-09-29 10:12 - 2021-09-05 00:37 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d7a193b9588f89 2021-09-28 14:23 - 2019-07-24 23:30 - 000000000 ___RD C:\Users\grand\OneDrive 2021-09-24 08:57 - 2019-07-24 22:14 - 000000000 ____D C:\Users\grand\AppData\Roaming\WildTangent 2021-09-18 00:41 - 2018-01-04 19:01 - 000000000 ____D C:\ProgramData\Hewlett-Packard 2021-09-17 16:16 - 2021-09-04 21:59 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2021-09-17 05:20 - 2018-01-04 19:00 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard 2021-09-17 05:18 - 2021-09-04 21:59 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard 2021-09-17 05:18 - 2019-07-24 22:18 - 000000000 ____D C:\Users\grand\AppData\Roaming\hpqLog 2021-09-17 05:18 - 2019-07-24 22:17 - 000000000 ____D C:\Users\grand\AppData\Local\Hewlett-Packard 2021-09-17 05:18 - 2018-01-04 19:02 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support 2021-09-16 09:35 - 2019-08-13 20:51 - 000000000 ___HD C:\ProgramData\CyberLink 2021-09-16 07:48 - 2021-09-04 08:32 - 000000000 ___DC C:\WINDOWS\Panther 2021-09-16 06:38 - 2019-08-18 02:18 - 000000000 ____D C:\Users\Public\Documents\Cyberlink 2021-09-16 06:36 - 2019-08-13 20:52 - 000000000 ____D C:\Users\grand\Documents\CyberLink 2021-09-16 06:36 - 2019-08-13 20:51 - 000000000 ____D C:\Users\grand\AppData\Local\CyberLink 2021-09-16 06:33 - 2019-08-18 02:10 - 000000000 ____D C:\ProgramData\CLSK 2021-09-16 06:31 - 2019-08-18 02:13 - 000000000 ____D C:\Program Files (x86)\NSIS Uninstall Information 2021-09-16 06:31 - 2018-01-04 19:01 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2021-09-16 06:29 - 2019-08-18 02:10 - 000000000 ____D C:\ProgramData\install_clap 2021-09-16 06:29 - 2019-08-18 02:10 - 000000000 ____D C:\ProgramData\install_backup 2021-09-16 06:11 - 2019-11-22 03:47 - 000000000 ____D C:\Users\grand\AppData\Roaming\vlc 2021-09-16 05:58 - 2019-08-13 20:58 - 000000000 ____D C:\Users\grand\AppData\Roaming\dvdcss 2021-09-15 05:31 - 2019-07-25 01:37 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-09-15 05:18 - 2019-07-25 01:36 - 135637312 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2021-09-15 00:54 - 2021-09-04 11:33 - 000000000 ____D C:\ProgramData\AVG 2021-09-15 00:54 - 2021-09-04 07:59 - 000000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleForgrand.job 2021-09-14 01:58 - 2021-09-04 21:59 - 000003256 _____ C:\WINDOWS\system32\Tasks\HPCeeScheduleForgrand 2021-09-10 08:30 - 2019-07-28 08:48 - 000000000 ____D C:\ProgramData\Avast Software 2021-09-10 08:30 - 2019-07-27 18:18 - 000000000 ____D C:\Users\grand\AppData\Roaming\Avast Software 2021-09-09 09:08 - 2018-03-11 11:41 - 000000000 ____D C:\WINDOWS\HP 2021-09-09 08:57 - 2019-09-12 02:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo 2021-09-09 08:12 - 2021-09-05 07:36 - 000002374 _____ C:\WINDOWS\system32\Tasks\StartCNBM 2021-09-09 08:12 - 2021-09-05 00:28 - 000002202 _____ C:\WINDOWS\system32\Tasks\StartCN 2021-09-09 08:12 - 2021-09-05 00:28 - 000002122 _____ C:\WINDOWS\system32\Tasks\StartDVR 2021-09-09 08:12 - 2021-09-04 21:59 - 000003402 _____ C:\WINDOWS\system32\Tasks\CCleanerUpdateTaskMachineUA 2021-09-09 08:12 - 2021-09-04 21:59 - 000003178 _____ C:\WINDOWS\system32\Tasks\CCleanerUpdateTaskMachineCore 2021-09-09 08:12 - 2021-09-04 21:59 - 000003104 _____ C:\WINDOWS\system32\Tasks\CCleaner Browser Heartbeat Task (Hourly) 2021-09-09 08:12 - 2021-09-04 21:59 - 000002856 _____ C:\WINDOWS\system32\Tasks\HPJumpStartLaunch 2021-09-09 08:12 - 2021-09-04 21:59 - 000002848 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-552959180-971348328-798598736-1004 2021-09-09 08:12 - 2021-09-04 21:59 - 000002766 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task v2 2021-09-09 08:12 - 2021-09-04 21:59 - 000002766 _____ C:\WINDOWS\system32\Tasks\HPAudioSwitch 2021-09-09 08:12 - 2021-09-04 21:59 - 000002672 _____ C:\WINDOWS\system32\Tasks\ModifyLinkUpdate 2021-09-09 08:12 - 2021-09-04 21:59 - 000002622 _____ C:\WINDOWS\system32\Tasks\CCleaner Browser Heartbeat Task (Logon) 2021-09-09 08:12 - 2021-09-04 21:59 - 000002498 _____ C:\WINDOWS\system32\Tasks\HPEA3JOBS 2021-09-09 08:12 - 2021-09-04 21:59 - 000002280 _____ C:\WINDOWS\system32\Tasks\RTKCPL 2021-09-09 08:12 - 2021-09-04 21:59 - 000002248 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - grand 2021-09-09 08:12 - 2021-09-04 21:59 - 000002232 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC 2021-09-09 03:17 - 2019-09-04 09:10 - 000000000 ____D C:\Program Files (x86)\Ashampoo 2021-09-08 23:46 - 2021-09-05 03:49 - 000000000 ____D C:\WINDOWS\Firmware 2021-09-08 21:47 - 2021-09-04 11:59 - 000605520 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll 2021-09-08 21:47 - 2021-09-04 11:59 - 000486736 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll ==================== Files in the root of some directories ======== 2019-09-02 22:59 - 2021-09-05 19:39 - 000007599 _____ () C:\Users\grand\AppData\Local\resmon.resmoncfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================