Jump to content

AS007

Members
  • Content Count

    5
  • Joined

  • Last visited

About AS007

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Dear Nasdaq, Thank you very much! Using a combination of Malwarebytes, manually editing the registry and FRST, I have gotten most of the problems fixed. There are still traces of programs left over, but it is mostly unnoticable. Once again, thank you.
  2. I have been recieving the below error when I tried to send my reply, so I sent it as an image. *** We’re sorry but our system has detected wording in your post consistent with spam, It may be by accident, please try changing the wording and try to post again. If you’re still unable to, then please contact our Helpdesk at the following link: https://support.malwarebytes.com/community/consumer/pages/contact-us Thank you *** Fixlog.txt
  3. Hello, Thank you very much, but this has not helped. I have noticed that after each fixing attempt, when I log in after restarting it takes longer than usual. I think that somehow the malware is being reinstalled during this time. I have attached the fixlist.txt file, and two images showing issues. Also, Auslogics Registry Cleaner is a wanted program. Thank you. Fixlog.txt
  4. Dear Nasdaq, Below is the FRST.txt file. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-03-2020 Ran by Andrew (administrator) on HP-SPECTRE-X360 (HP HP Spectre x360 Convertible 15-ch0xx) (22-03-2020 15:26:45) Running from C:\Users\Andrew\Desktop\FRST Loaded Profiles: Andrew (Available Profiles: Andrew & DevToolsUser) Platform: Windows 10 Home Version 2004 19546.1000 (X64) Language: English (United Kingdom) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AlwaysOnTop.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Beijing Qihu Technology Co., Ltd. -> ) C:\Users\Andrew\AppData\Roaming\BirdWallpaper\Utils\NavPlugin.exe (Beijing Qihu Technology Co., Ltd. -> ) C:\Users\Andrew\AppData\Roaming\BirdWallpaper\wallpaperhelper\guardhp.exe (Chengdu Qilu Technology Co. Ltd. -> ) C:\Users\Andrew\AppData\Roaming\BirdWallpaper\360wpsrv.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.) C:\WINDOWS\System32\DbxSvc.exe (F.lux Software LLC -> f.lux Software LLC) C:\Users\Andrew\AppData\Local\FluxSoftware\Flux\flux.exe (Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe (Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\80.0.3987.18\remoting_host.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\80.0.3987.18\remoting_host.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe (HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe (Intel Corporation -> Intel Corporation) C:\WINDOWS\System32\Intel\DPTF\dptf_helper.exe (Intel Corporation -> Intel Corporation) C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\ki131549.inf_amd64_bd2f201ab4d2a9a8\igfxCUIService.exe (Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\ki131549.inf_amd64_bd2f201ab4d2a9a8\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\ki131549.inf_amd64_bd2f201ab4d2a9a8\IntelCpHDCPSvc.exe (Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\ki131549.inf_amd64_bd2f201ab4d2a9a8\IntelCpHeciSvc.exe (Intel(R) Software Development Products -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_bff7913eb62bbf90\aesm_service.exe (Intel(R) Trust Services -> Intel(R) Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\WINDOWS\System32\ibtsiva.exe (J.onaxh Network Technology Co., Ltd. -> winhost) C:\Users\Andrew\AppData\Local\FLYSVR\winhost.exe (Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\Andrew\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\Andrew\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\Andrew\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\Andrew\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\Andrew\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation -> Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.22010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12003.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.120.3171.0_x64__8wekyb3d8bbwe\GameBar.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20022.81.0_x64__8wekyb3d8bbwe\YourPhoneServer\YourPhoneServer.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.20022.11011.0_x64__8wekyb3d8bbwe\Video.UI.exe (Microsoft Windows -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Scans\MsMpEngCP.exe (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\browser_broker.exe (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\InputMethod\CHS\ChsIME.exe (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\MicrosoftEdgeSH.exe (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\MoUsoCoreWorker.exe (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.6-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.6-0\NisSrv.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe (NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Parsec Cloud, Inc. -> Parsec) C:\Program Files\Parsec\pservice.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (天津速读科技有限公司 -> 天津速读科技有限公司) C:\Program Files (x86)\MasterPDF\pdfServer.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [EzTiltPenSrvc] => C:\Program Files\ELAN\EzTiltPen\EzTiltPenAgent.exe [738816 2017-11-03] (ELAN) [File not signed] HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2814096 2019-08-30] (Corel Corporation -> Corel Corporation) HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2109064 2019-11-27] (Logitech Inc -> Logitech, Inc.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9270560 2019-05-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [CxAgent] => C:\Program Files\Realtek\Audio\HDA\CXAPOAgent64.exe [759736 2019-05-16] (Conexant Systems LLC -> Conexant Systems, Inc.) HKLM\...\Run: [RtHDVBg_Session] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506384 2019-05-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [wpapp] => C:\Users\Andrew\AppData\Roaming\BirdWallpaper\WpTinyTray.exe HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [703312 2017-07-21] (HP Inc. -> HP Inc.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6261248 2020-03-19] (Dropbox, Inc -> Dropbox, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation) HKU\S-1-5-21-2386161698-3706458041-262731239-1001\...\Run: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [1580608 2020-03-10] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-2386161698-3706458041-262731239-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Andrew\AppData\Local\Akamai\netsession_win.exe [4586456 2018-04-17] (Akamai Technologies, Inc. -> Akamai Technologies, Inc.) HKU\S-1-5-21-2386161698-3706458041-262731239-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3365840 2020-02-11] (Valve -> Valve Corporation) HKU\S-1-5-21-2386161698-3706458041-262731239-1001\...\Run: [f.lux] => C:\Users\Andrew\AppData\Local\FluxSoftware\Flux\flux.exe [1385480 2019-08-30] (F.lux Software LLC -> f.lux Software LLC) HKU\S-1-5-21-2386161698-3706458041-262731239-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-10-22] (Adobe Inc. -> Adobe Systems Incorporated) HKU\S-1-5-21-2386161698-3706458041-262731239-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Andrew\AppData\Local\Microsoft\Teams\Update.exe [2336912 2020-03-22] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKU\S-1-5-21-2386161698-3706458041-262731239-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [48214720 2020-02-27] (Google LLC -> ) HKU\S-1-5-21-2386161698-3706458041-262731239-1001\...\Run: [FLYSVR] => C:\Users\Andrew\AppData\Local\FLYSVR\winhost.exe [2274216 2020-03-09] (J.onaxh Network Technology Co., Ltd. -> winhost) HKU\S-1-5-21-2386161698-3706458041-262731239-1001\...\Policies\Explorer: [] HKU\S-1-5-21-2386161698-3706458041-262731239-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\Andrew\AppData\Local\ScreenSaver\默认.scr [1432488 2020-03-09] (默认屏保) [File not signed] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.149\Installer\chrmstp.exe [2020-03-18] (Google LLC -> Google LLC) Lsa: [Authentication Packages] msv1_0 SshdPinAuthLsa Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2019-12-17] ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (Corel Corporation -> WinZip Computing) Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AlwaysOnTop.exe [2020-02-26] () [File not signed] GroupPolicy\User: Restriction ? <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01E8C960-C1E8-4774-940E-838B33F8B100} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.6-0\MpCmdRun.exe [480272 2020-03-20] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {0289DF43-C9D0-4003-9D40-B4E18C4A75B4} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\tbtsvc.exe [2302184 2017-11-30] (Intel(R) Client Connectivity Division SW -> Intel Corporation) Task: {034549F9-F938-48A3-9353-4D87D85E7CBF} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302880 2019-12-09] (NVIDIA Corporation -> NVIDIA Corporation) Task: {05069D9C-479C-422C-AD14-22DDBB20C5EF} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158544 2020-03-14] (Microsoft Corporation -> Microsoft Corporation) Task: {070FF1C4-CE80-4E49-8726-AC9BB4086B30} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226024 2017-11-30] (Intel(R) Client Connectivity Division SW -> Intel Corporation) Task: {0ED0D4FB-9F29-4EA0-AFDE-FA5637112A82} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [653848 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation) Task: {1145750F-8ED2-4441-9700-1B46D841F2F6} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [461824 2017-10-06] (HP Inc. -> HP Inc.) Task: {2208A03B-A3CE-4BCB-85B0-424B03282E10} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1488248 2018-12-10] (HP Inc. -> HP Inc.) Task: {23882046-E10F-4848-9E07-9B0B888EA901} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.6-0\MpCmdRun.exe [480272 2020-03-20] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {28F89018-15CE-4E5D-8273-F576C2C4E260} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\program files (x86)\microsoft visual studio\installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [72848 2019-06-20] (Microsoft Corporation -> Microsoft Corporation) Task: {30F809A1-064A-40E9-875D-3984905DC31B} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226024 2017-11-30] (Intel(R) Client Connectivity Division SW -> Intel Corporation) Task: {43AE4D23-E526-4FA2-AE59-5FBA6BC7F44D} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [745480 2019-04-16] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.) Task: {44567CC7-69AA-45DD-B5EF-AC1B190F3857} - System32\Tasks\LDSGameMaster => C:\MobileEmuMaster\LDSGameHall\LDSGameHall.exe Task: {4609BCAC-8C85-432C-B1B4-FE3F11A8276E} - System32\Tasks\Microsoft\Windows\Application Experience\PcaPatchDbTask => %windir%\system32\rundll32.exe %windir%\system32\PcaSvc.dll,PcaPatchSdbTask Task: {46BDB5B4-8A7C-4300-88E1-F60A4295731C} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2814096 2019-08-30] (Corel Corporation -> Corel Corporation) Task: {470FBC96-3101-4A02-8127-F858522159F7} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2814096 2019-08-30] (Corel Corporation -> Corel Corporation) Task: {471C3E05-096A-4971-8547-5BA5B9172AD4} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-09-25] (Dropbox, Inc -> Dropbox, Inc.) Task: {47854DC9-A45B-426C-87AE-5D830198DE69} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-09-25] (Dropbox, Inc -> Dropbox, Inc.) Task: {49274A2A-17CA-4187-ACE6-BAB05362B1C8} - System32\Tasks\Microsoft\Windows\Diagnosis\RecommendedTroubleshootingScanner => {AD08DCC2-4E35-4486-9D49-547CBD30942D} C:\WINDOWS\System32\MitigationClient.dll [485888 2020-01-11] (Microsoft Windows -> Microsoft Corporation) Task: {4EE9444E-266B-4317-95DB-395143C97645} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation) Task: {52C07618-D073-496B-B9C7-A068647E562E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [14679256 2020-01-09] (Piriform Software Ltd -> Piriform Software Ltd) Task: {533BFF74-6FDA-4309-BA98-F065E7C5E49D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [914456 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation) Task: {53D708C3-6857-4B29-91F0-56D526F6069A} - System32\Tasks\Microsoft\Windows\Shell\UpdateUserPictureTask => {09C5DD34-009D-40FA-BCB9-0165AD0C15D4} C:\Windows\System32\Windows.UI.Immersive.dll [1264128 2020-01-11] (Microsoft Windows -> Microsoft Corporation) Task: {5D8728C2-0437-4C82-9552-482F517096AA} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-05] (NVIDIA Corporation -> NVIDIA Corporation) Task: {5F9E8F38-241B-44BB-88F3-96472D168D42} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2017-09-27] (HP Inc. -> HP Inc.) Task: {81771B94-14F0-42D8-A6FC-C0FF5FCB3A2C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6154584 2020-03-08] (Microsoft Corporation -> Microsoft Corporation) Task: {81A279A8-E3B8-4806-9200-89FEA18D36F2} - System32\Tasks\Agent Activation Runtime\S-1-5-21-2386161698-3706458041-262731239-1001 => C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe [13312 2020-01-11] (Microsoft Windows -> ) Task: {8773161F-CEBE-463F-9EF7-01F835D0BF94} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation) Task: {8FD3EDEF-C3CC-4EE4-BC9D-0ACB3E2019AA} - System32\Tasks\Microsoft\Windows\Input\TouchpadSyncDataAvailable => {378EAB97-EFD6-4ED5-9AD9-E64A6AA1E6FA} C:\Windows\System32\InputCloudStore.dll [157184 2020-01-11] (Microsoft Windows -> Microsoft Corporation) Task: {91B9D60E-F45F-42AC-84DC-C663BBF47D52} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2038568 2020-03-14] (Microsoft Corporation -> Microsoft Corporation) Task: {937DC951-D94F-4165-AEDD-6689FCFA6015} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK Task: {95BDBAC8-0CD1-42E5-BAEE-9F0F628B718A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-25] (Google Inc -> Google Inc.) Task: {9D64213C-52D6-4188-9742-B09A8B6F9B5E} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService Task: {A29E18FE-34D5-4B5A-8481-554792F5990E} - System32\Tasks\Microsoft\Windows\Input\PenSyncDataAvailable => {378EAB97-EFD6-4ED5-9AD9-E64A6AA1E6FA} C:\Windows\System32\InputCloudStore.dll [157184 2020-01-11] (Microsoft Windows -> Microsoft Corporation) Task: {A754AB9F-1BA2-4397-95F8-1642B6DFF1A6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.6-0\MpCmdRun.exe [480272 2020-03-20] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {A78E9CD7-6BE6-49A7-B10B-9375229A098A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6154584 2020-03-08] (Microsoft Corporation -> Microsoft Corporation) Task: {AAA5089D-8290-443F-8F6B-99F57D0B1475} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2020-01-09] (Piriform Software Ltd -> Piriform Software Ltd) Task: {AB60C281-D417-4133-97C2-3930C0A190BE} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2814096 2019-08-30] (Corel Corporation -> Corel Corporation) Task: {B539B66C-BCEB-4647-93B3-CAFB3F8556B1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136056 2019-01-02] (HP Inc. -> HP Inc.) Task: {B53EEB52-7DE2-427F-B067-E999C35F0CB8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [219512 2018-12-24] (HP Inc. -> HP Inc.) Task: {B78E1788-69AD-458D-8135-1964FC67C9F6} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files (x86)\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [2730040 2020-03-10] (Microsoft Corporation -> Microsoft Corporation) Task: {BAAF68A7-3BF0-4121-96B9-E730F08297FB} - System32\Tasks\Microsoft\Windows\International\Synchronize Language Settings => {10D62541-90D0-42FE-848C-0DBC1AC42EDA} C:\Windows\System32\CoreGlobConfig.dll [217984 2020-01-11] (Microsoft Windows -> Microsoft Corporation) Task: {BE346077-7539-4258-909E-2F788D4A5115} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation) Task: {C381D288-67B6-4E52-9025-91BCF8F72057} - System32\Tasks\Microsoft\Windows\Input\LocalUserSyncDataAvailable => {8E7C2AFB-72B9-415C-9AC2-5037693309B7} C:\Windows\System32\InputCloudStore.dll [157184 2020-01-11] (Microsoft Windows -> Microsoft Corporation) Task: {C4EF018B-1702-4797-B8F2-4D5914A8A11C} - System32\Tasks\Opera GX scheduled Autoupdate 1567016949 => C:\Users\Andrew\AppData\Local\Programs\Opera GX\launcher.exe Task: {C57DABD9-EE85-4C4A-A438-12A923147CBD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.6-0\MpCmdRun.exe [480272 2020-03-20] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {D3063296-961C-4F14-AD92-E971713EBA94} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation) Task: {D3959954-57CB-401A-9178-AB04D60206D1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1116024 2020-02-26] (HP Inc. -> HP Inc.) Task: {D794DEEC-A362-403C-8D1E-1A5AB9739311} - System32\Tasks\360wp-srv => C:\Users\Andrew\AppData\Roaming\BirdWallpaper\360wpsrv.exe [5112808 2019-12-03] (Chengdu Qilu Technology Co. Ltd. -> ) Task: {DA871ECC-B011-4930-BD52-9C607A141DBB} - System32\Tasks\Microsoft\Windows\Input\MouseSyncDataAvailable => {378EAB97-EFD6-4ED5-9AD9-E64A6AA1E6FA} C:\Windows\System32\InputCloudStore.dll [157184 2020-01-11] (Microsoft Windows -> Microsoft Corporation) Task: {DBA45AEA-B8EA-4056-82EC-73FAFAE2FD08} - System32\Tasks\Microsoft\Windows\WwanSvc\OobeDiscovery => {C93CF9D5-031B-4AAA-AB0B-EF802347B381} C:\Windows\System32\MBMediaManager.dll [674816 2020-01-11] (Microsoft Windows -> Microsoft Corporation) Task: {DC58F8BE-110E-4694-A9F0-B344E00F59CD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1488248 2018-12-10] (HP Inc. -> HP Inc.) Task: {DDDA532C-18B9-4B9C-B749-3066091BFB0D} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs] Task: {E61C3A3B-07FC-4937-9DC6-BC1B9309C258} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-25] (Google Inc -> Google Inc.) Task: {E6B9BCD8-9F5B-4906-AF30-4D360F9E163A} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-05] (NVIDIA Corporation -> NVIDIA Corporation) Task: {EB7CB41C-6AD6-483A-8A53-62B828B7F878} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158544 2020-03-14] (Microsoft Corporation -> Microsoft Corporation) Task: {EE6A5A73-3FCD-43DC-A315-CE031171C0C9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24600440 2020-03-05] (Microsoft Corporation -> Microsoft Corporation) Task: {F30C5AF2-7D7D-4B82-B045-4F817008A409} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on switch user if service is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226024 2017-11-30] (Intel(R) Client Connectivity Division SW -> Intel Corporation) Task: {F6423471-6999-49B2-8AFA-876570BBE5B9} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24600440 2020-03-05] (Microsoft Corporation -> Microsoft Corporation) Task: {F6969848-A576-4D64-8D57-2F0B212E66B4} - System32\Tasks\HPCeeScheduleForAndrew => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [97656 2018-09-11] (HP Inc. -> HP Inc.) Task: {F70DF54E-F0A8-4D2F-9FC9-F8A81266D99C} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [914456 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation) Task: {F99DD5B2-7206-44FA-8E48-2B46A724FA0C} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644960 2017-02-02] (HP Inc. -> HP Inc.) Task: {FA85A9F1-2156-46F6-926E-EE3D500B8E9A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [651632 2017-09-27] (HP Inc. -> HP Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleForAndrew.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\netload.dll [292864 2019-05-09] (Beijing Qihu Technology Co., Ltd. -> 成都奇鲁科技有限公司) Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\netload.dll [292864 2019-05-09] (Beijing Qihu Technology Co., Ltd. -> 成都奇鲁科技有限公司) Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\netload.dll [292864 2019-05-09] (Beijing Qihu Technology Co., Ltd. -> 成都奇鲁科技有限公司) Winsock: Catalog9 18 C:\WINDOWS\SysWOW64\netload.dll [292864 2019-05-09] (Beijing Qihu Technology Co., Ltd. -> 成都奇鲁科技有限公司) Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100 Tcpip\..\Interfaces\{1674856b-b4e8-4e3f-b284-7a45086fa499}: [DhcpNameServer] 10.3.1.121 10.5.1.121 Tcpip\..\Interfaces\{2846c0cd-81a0-4b78-8bcf-3acb7be751d2}: [DhcpNameServer] 10.3.1.121 10.5.1.121 Tcpip\..\Interfaces\{87727f1f-3f25-4b9b-bcf7-a89cceb5786a}: [DhcpNameServer] 194.168.4.100 194.168.8.100 Tcpip\..\Interfaces\{87cf572d-cc2e-43dc-bc57-9a1a11ae430e}: [DhcpNameServer] 8.8.8.8 Tcpip\..\Interfaces\{d0962129-0091-41fc-8ec3-8c6948d02093}: [DhcpNameServer] 10.3.1.121 10.5.1.121 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE HKU\S-1-5-21-2386161698-3706458041-262731239-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE HKU\S-1-5-21-2386161698-3706458041-262731239-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2020-02-05] (Microsoft Corporation -> Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_221\bin\ssv.dll [2019-08-30] (Oracle America, Inc. -> Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-08-30] (Oracle America, Inc. -> Oracle Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-09-27] (HP Inc. -> HP Inc.) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-02-05] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: No Name -> {3D9B8BD6-E646-44B4-AA01-F4CA817E928A} -> No File BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-09-27] (HP Inc. -> HP Inc.) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-08] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-03-08] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-08] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-03-08] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-08] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-03-08] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-08] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-03-08] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-08-30] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-08-30] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-02-05] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-02-05] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-02-05] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @qq.com/npQQGameAssist -> C:\Program Files (x86)\Tencent\QQGAME\npQQGameAssistPlugin.dll [No File] FF Plugin HKU\.DEFAULT: @1.qq.com/npqqwebgame -> C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Tencent\WebGamePlugin\1.0.5.2\npqqwebgame.dll [No File] FF Plugin HKU\S-1-5-21-2386161698-3706458041-262731239-1001: @1.qq.com/npqqwebgame -> C:\Users\Andrew\AppData\Roaming\Tencent\WebGamePlugin\1.0.5.2\npqqwebgame.dll [No File] Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default [2020-03-22] CHR Notifications: Default -> hxxps://mail.google.com; hxxps://messages.google.com; hxxps://musescore.com; hxxps://outlook.office.com CHR HomePage: Default -> hxxps://www.google.co.uk/ CHR StartupUrls: Default -> "hxxp://homepage-web.com/?s=acer&m=start" CHR Session Restore: Default -> is enabled. CHR Extension: (Slides) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-25] CHR Extension: (Google Drive) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aghbiahbpaijignceidepookljebhfak [2020-03-18] CHR Extension: (Docs) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-25] CHR Extension: (Tampermonkey) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2019-12-06] CHR Extension: (Web Paint) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\emeokgokialpjadjaoeiplmnkjoaegng [2020-03-18] CHR Extension: (Outlook) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\faolnafnngnfdaknnbpnkhgohbobgegn [2019-10-03] CHR Extension: (Sheets) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-25] CHR Extension: (Chrome Remote Desktop) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2019-07-23] CHR Extension: (Google Docs Offline) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-03-12] CHR Extension: (Vysor) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gidgenkbbabolejbgbpnhbimgjbffefm [2020-02-13] CHR Extension: (AdBlock — best ad blocker) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-03-17] CHR Extension: (Picture-in-Picture Extension (by Google)) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgfoiooedgoejojocmhlaklaeopbecg [2020-03-16] CHR Extension: (2048) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijkmjnaahlnmdjjlbhbjbhlnmadmmlgg [2019-10-16] CHR Extension: (Chrome Remote Desktop) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2020-01-03] CHR Extension: (Volume Master) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghecgabfgfdldnmbfkhmffcabddioke [2020-01-30] CHR Extension: (Grammarly for Chrome) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2020-03-22] CHR Extension: (The Great Suspender) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2020-02-13] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2020-03-18] CHR Extension: (Chrome Web Store Payments) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03] CHR Extension: (MathStudio) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpedkecdcnobiheblbhgleenlbdoknp [2018-09-25] CHR Extension: (Gmail) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-23] CHR Extension: (Chrome Media Router) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-03-20] CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-03-12] CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Profile 1 [2020-02-28] CHR DefaultSearchURL: Profile 1 -> hxxps://ow2.res.office365.com/assets/mail/pwa/v1/pngs/Outlook.48x48x32.png CHR Extension: (Slides) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-10-29] CHR Extension: (Docs) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2019-10-29] CHR Extension: (Google Drive) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-10-29] CHR Extension: (YouTube) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-10-29] CHR Extension: (Sheets) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-10-29] CHR Extension: (Google Docs Offline) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-10-29] CHR Extension: (Calculator) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\joodangkbfjnajiiifokapkpmhfnpleo [2019-10-29] CHR Extension: (ScanQR) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nihhbejdflkeingkkpakffdlmepaeaah [2019-10-29] CHR Extension: (Chrome Web Store Payments) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-29] CHR Extension: (Gmail) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-10-29] CHR Extension: (Outlook) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkooggnaalmfkidjmlhoelhdllpphaga [2019-10-29] CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\System Profile [2020-02-28] CHR HKU\S-1-5-21-2386161698-3706458041-262731239-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Andrew\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2020-03-18] CHR HKU\S-1-5-21-2386161698-3706458041-262731239-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AESMService; C:\WINDOWS\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_bff7913eb62bbf90\aesm_service.exe [2353392 2020-03-05] (Intel(R) Software Development Products -> Intel Corporation) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7356680 2018-11-03] (BattlEye Innovations e.K. -> ) R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\80.0.3987.18\remoting_host.exe [73200 2019-12-17] (Google LLC -> Google Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11091224 2020-03-05] (Microsoft Corporation -> Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-09-25] (Dropbox, Inc -> Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-09-25] (Dropbox, Inc -> Dropbox, Inc.) R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44552 2020-03-19] (Dropbox, Inc -> Dropbox, Inc.) R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1892512 2018-12-14] (Intel Corporation -> Intel Corporation) S3 FileSyncHelper; C:\Program Files (x86)\Microsoft OneDrive\FileSyncHelper.exe [2142264 2020-03-10] (Microsoft Corporation -> Microsoft Corporation) R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1321608 2018-09-25] (HP Inc. -> HP Inc.) R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [477184 2017-10-06] (HP Inc. -> HP Inc.) S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.) R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.) R2 ibtsiva; C:\WINDOWS\System32\ibtsiva.exe [529912 2018-12-21] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) R3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe [743728 2017-11-16] (Intel(R) Trust Services -> Intel(R) Corporation) S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe [720184 2017-11-16] (Intel(R) Trust Services -> Intel(R) Corporation) S2 IntelAudioService; C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe [345208 2019-03-29] (Microsoft Windows Hardware Compatibility Publisher -> Intel) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [205968 2017-12-03] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) R2 masterPDF_Server; C:\Program Files (x86)\MasterPDF\pdfServer.exe [242128 2020-03-20] (天津速读科技有限公司 -> 天津速读科技有限公司) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6933272 2020-03-20] (Malwarebytes Inc -> Malwarebytes) S3 MixedRealityOpenXRSvc; C:\WINDOWS\System32\MixedRealityRuntime.dll [132240 2020-01-11] (Microsoft Windows -> Microsoft Corporation) S3 MixedRealityOpenXRSvc; C:\WINDOWS\SysWOW64\MixedRealityRuntime.dll [106352 2020-01-11] (Microsoft Windows -> Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2018-09-05] (Intel Corporation -> ) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-05] (NVIDIA Corporation -> NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-05] (NVIDIA Corporation -> NVIDIA Corporation) S3 OneDrive Updater Service; C:\Program Files (x86)\Microsoft OneDrive\OneDriveUpdaterService.exe [2501184 2020-03-10] (Microsoft Corporation -> Microsoft Corporation) R2 Parsec; C:\Program Files\Parsec\pservice.exe [362568 2020-02-18] (Parsec Cloud, Inc. -> Parsec) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [267552 2019-05-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor) U2 SpSvc; C:\MobileEmuMaster\Utils\SpSvc.dll [430592 2019-03-04] (Beijing Qihu Technology Co., Ltd. -> ) S3 sshd; C:\WINDOWS\System32\OpenSSH\sshd.exe [974848 2019-03-22] (Microsoft Windows -> ) S3 SshdBroker; C:\WINDOWS\System32\SshdBroker.dll [300544 2020-01-10] (Microsoft Windows -> Microsoft Corporation) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [360872 2018-09-21] (Synaptics Incorporated -> Synaptics Incorporated) S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [2302184 2017-11-30] (Intel(R) Client Connectivity Division SW -> Intel Corporation) S3 UdkUserSvc; C:\WINDOWS\System32\windowsudk.shellcommon.dll [2029056 2020-01-11] (Microsoft Windows -> Microsoft Corporation) S3 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [6453328 2018-07-02] (RealVNC Ltd -> RealVNC Ltd) S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [147392 2019-04-30] (Microsoft Corporation -> Microsoft Corporation) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.6-0\NisSrv.exe [3294680 2020-03-20] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.6-0\MsMpEng.exe [103168 2020-03-20] (Microsoft Windows Publisher -> Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4059744 2018-09-05] (Intel Corporation -> Intel® Corporation) R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv.sys [313112 2019-10-21] (Bluestack Systems, Inc. -> Bluestack System Inc. ) R1 CimFS; C:\Windows\System32\Drivers\CimFS.sys [91136 2020-01-11] (Microsoft Windows -> ) R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [78832 2018-12-14] (Intel Corporation -> Intel Corporation) R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [75248 2018-12-14] (Intel Corporation -> Intel Corporation) R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [403440 2018-12-14] (Intel Corporation -> Intel Corporation) R3 EzTouchFilter; C:\WINDOWS\System32\drivers\EzTouchFilter.sys [46672 2018-01-30] (ELAN Microelectronics Corporation -> ELAN) R1 HardwareProtectWp; C:\Users\Andrew\AppData\Roaming\BirdWallpaper\wallpaperhelper\HardwareProtect_x64.sys [1313344 2019-10-31] (Chengdu Qilu Technology Co. Ltd. -> ) R3 HID_PCI; C:\WINDOWS\System32\DriverStore\FileRepository\hid_pci.inf_amd64_4602c21a151b7c57\HID_PCI.sys [33976 2018-10-29] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel) R3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [98760 2018-10-26] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [207384 2018-07-06] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) R3 ISH; C:\WINDOWS\System32\DriverStore\FileRepository\ish.inf_amd64_64d16427c75175b1\ISH.sys [157160 2018-10-29] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel) R3 ISH_BusDriver; C:\WINDOWS\System32\DriverStore\FileRepository\ish_busdriver.inf_amd64_35d1c93e780e6195\ISH_BusDriver.sys [84648 2018-10-30] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2020-03-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MsQuic; C:\WINDOWS\System32\drivers\msquic.sys [312608 2020-01-11] (Microsoft Windows -> Microsoft Corporation) S3 Netwtw06; C:\WINDOWS\System32\drivers\Netwtw06.sys [8810336 2018-05-13] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) R3 Netwtw08; C:\WINDOWS\System32\drivers\Netwtw08.sys [9278240 2019-09-05] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhm.inf_amd64_62951455fb2f3b63\nvlddmkm.sys [23243704 2020-03-09] (NVIDIA Corporation -> NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-12-07] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [75600 2019-08-22] (NVIDIA Corporation -> NVIDIA Corporation) U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [90168 2020-03-22] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com) R3 RTSPER; C:\WINDOWS\System32\drivers\RtsPer.sys [946368 2019-01-09] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation) S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [45144 2018-01-26] (Synaptics Incorporated -> Synaptics Incorporated) R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55400 2018-09-21] (Synaptics Incorporated -> Synaptics Incorporated) S3 spaceparser; C:\WINDOWS\System32\drivers\spaceparser.sys [26624 2020-01-11] (Microsoft Windows -> Microsoft Corporation) S3 sparkocam; C:\WINDOWS\system32\DRIVERS\sparkocam.sys [37712 2018-03-17] (Sparkosoft Inc -> Sparkosoft) S3 sparkocammic; C:\WINDOWS\system32\drivers\sparkocammic.sys [34640 2018-01-10] (Sparkosoft Inc -> Sparkosoft) R1 SpDrv; C:\MobileEmuMaster\Utils\SpDrv_amd64.sys [1291600 2019-01-28] (Chengdu Qilu Technology Co. Ltd. -> www.ludashi.com) R2 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software) R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project) R0 Telemetry; C:\WINDOWS\System32\drivers\IntelTA.sys [22336 2020-01-11] (Microsoft Windows Hardware Abstraction Layer Publisher -> Microsoft Corporation) R3 VBAudioVACMME; C:\WINDOWS\System32\drivers\vbaudio_cable64_win7.sys [41192 2019-06-11] (Vincent Burel -> Windows (R) Win 7 DDK provider) R3 VBoxNetAdp; C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [216088 2019-04-12] (Oracle Corporation -> Oracle Corporation) R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [227016 2019-04-12] (Oracle Corporation -> Oracle Corporation) R3 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [69168 2020-01-10] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer) R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [41560 2017-11-07] (Intel(R) Software -> Intel Corporation) S3 VirtualRender; C:\WINDOWS\System32\DriverStore\FileRepository\vrd.inf_amd64_571b246d73a3d322\vrd.sys [11264 2020-01-11] (Microsoft Windows -> Microsoft Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45960 2020-03-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [391392 2020-03-20] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59104 2020-03-20] (Microsoft Windows -> Microsoft Corporation) S3 WifiCx; C:\WINDOWS\System32\drivers\WifiCx.sys [669184 2020-01-11] (Microsoft Windows -> Microsoft Corporation) R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2019-11-15] (HP Inc. -> HP) S3 YMIDUSBW; C:\WINDOWS\system32\drivers\ymidusbx64.sys [43744 2015-07-28] (Yamaha Corporation -> Yamaha Corporation) U4 2345Base; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) NETSVCx32: SpSvc -> C:\MobileEmuMaster\Utils\SpSvc.dll () NETSVCx32: HpSvc -> no filepath. NETSVCx32: WpSvc -> no filepath. ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-03-22 15:26 - 2020-03-22 15:26 - 000000000 ____D C:\Users\Andrew\Desktop\FRST 2020-03-22 15:24 - 2020-03-22 15:27 - 000000000 ____D C:\FRST 2020-03-22 10:55 - 2020-03-22 10:55 - 000000000 ____D C:\run_extention 2020-03-22 10:42 - 2020-03-22 10:45 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\Ludashi 2020-03-22 10:42 - 2020-03-22 10:43 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\lockhomepage 2020-03-22 10:33 - 2020-03-22 10:33 - 000002376 _____ C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk 2020-03-22 09:48 - 2020-03-22 09:48 - 000090168 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON24.SYS 2020-03-22 09:32 - 2020-03-22 09:32 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\navplugin 2020-03-22 09:32 - 2020-03-22 09:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\手机模拟大师 2020-03-22 09:31 - 2020-03-22 09:31 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\360Login 2020-03-22 09:31 - 2020-03-22 09:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\小鸟壁纸 2020-03-22 09:29 - 2020-03-22 10:08 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\360wp 2020-03-22 09:29 - 2020-03-22 09:29 - 000000000 ____D C:\Program Files (x86)\360 2020-03-20 22:56 - 2020-03-20 22:56 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2020-03-20 22:56 - 2020-03-20 22:56 - 000002028 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2020-03-20 22:53 - 2020-03-22 09:54 - 145489920 _____ C:\WINDOWS\system32\config\SOFTWARE 2020-03-20 22:49 - 2020-03-20 22:53 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware 2020-03-20 22:48 - 2020-03-20 22:48 - 000000000 ____D C:\WINDOWS\system32\wslog 2020-03-20 22:30 - 2020-03-20 22:30 - 000003448 _____ C:\WINDOWS\system32\Tasks\360wp-srv 2020-03-20 22:30 - 2020-03-20 22:30 - 000003442 _____ C:\WINDOWS\system32\Tasks\LDSGameMaster 2020-03-20 22:16 - 2020-03-20 22:18 - 000000000 ____D C:\Users\Andrew\AppData\Local\File Viewer Plus 3 2020-03-20 22:16 - 2020-03-20 22:16 - 000000000 ____D C:\Users\Public\File Viewer Plus 2020-03-20 22:16 - 2020-03-20 22:16 - 000000000 ____D C:\Users\Andrew\AppData\Local\Sharpened_Productions 2020-03-20 21:32 - 2020-03-20 22:12 - 000000000 ____D C:\Program Files (x86)\Rich4 2020-03-20 21:23 - 2020-03-22 11:18 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\LDSGameCenter 2020-03-20 21:23 - 2020-03-22 09:37 - 000000000 ____D C:\Program Files (x86)\MasterPDF 2020-03-20 21:23 - 2020-03-20 21:24 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\MasterPDFData 2020-03-20 21:23 - 2020-03-20 21:23 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\ttmpdll 2020-03-20 21:23 - 2020-03-20 21:23 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\MiniPage_2345 2020-03-20 21:23 - 2020-03-20 21:23 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\LDSGameCenterSpecLog 2020-03-20 21:23 - 2020-03-20 21:23 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\D10B9980-8A16-4595-89C0-FD6EF580FAAA 2020-03-20 21:23 - 2020-03-20 21:23 - 000000000 ____D C:\Users\Andrew\AppData\Local\WeiDuan 2020-03-20 21:23 - 2019-05-09 05:54 - 000292864 _____ (成都奇鲁科技有限公司) C:\WINDOWS\SysWOW64\netload.dll 2020-03-20 21:22 - 2020-03-22 10:55 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\BirdWallpaper 2020-03-20 21:22 - 2020-03-22 09:33 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\LDSGameMaster 2020-03-20 21:22 - 2020-03-22 09:31 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\lds 2020-03-20 21:22 - 2020-03-20 21:28 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\360se6 2020-03-20 21:22 - 2020-03-20 21:23 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\2345DomainMon 2020-03-20 21:22 - 2020-03-20 21:23 - 000000000 ____D C:\ProgramData\{8A57FE28-84D9-4966-9ED1-25BA09A4D405}.tmp 2020-03-20 21:22 - 2020-03-20 21:22 - 000000000 ____D C:\Users\Andrew\Documents\手机模拟大师 2020-03-20 21:22 - 2020-03-20 21:22 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\Shield_2345Explorer 2020-03-20 21:22 - 2020-03-20 21:22 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\Sap 2020-03-20 21:22 - 2020-03-20 21:22 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\Osa 2020-03-20 21:22 - 2020-03-20 21:22 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\HY 2020-03-20 21:22 - 2020-03-20 21:22 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\2345PCSafe 2020-03-20 21:22 - 2020-03-20 21:22 - 000000000 ____D C:\ProgramData\{18B78A70-5AF2-427c-8D12-D3E4486EF6C6}.tmp 2020-03-20 21:22 - 2020-03-20 21:22 - 000000000 ____D C:\HYLiteResources 2020-03-20 21:21 - 2020-03-22 09:44 - 000000000 ____D C:\MobileEmuMaster 2020-03-20 21:21 - 2020-03-20 22:30 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\GameHall_2345 2020-03-20 21:21 - 2020-03-20 21:42 - 000000000 ____D C:\Users\Andrew\AppData\Local\ScreenSaver 2020-03-20 21:21 - 2020-03-20 21:25 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 2020-03-20 21:21 - 2020-03-20 21:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件 2020-03-20 21:21 - 2020-03-20 21:24 - 000000000 ____D C:\Users\Andrew\AppData\Local\HYLite 2020-03-20 21:21 - 2020-03-20 21:24 - 000000000 ____D C:\Users\Andrew\AppData\Local\HYFastSide 2020-03-20 21:21 - 2020-03-20 21:24 - 000000000 ____D C:\Program Files (x86)\HYLite 2020-03-20 21:21 - 2020-03-20 21:22 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\InsLogicCfg 2020-03-20 21:21 - 2020-03-20 21:22 - 000000000 ____D C:\Users\Andrew\AppData\Local\LDSGameMaster 2020-03-20 21:21 - 2020-03-20 21:22 - 000000000 ____D C:\Users\Andrew\AppData\Local\FLYSVR 2020-03-20 21:21 - 2020-03-20 21:21 - 000000000 ____D C:\Users\Andrew\AppData\Local\2345Explorer 2020-03-20 21:20 - 2020-03-20 21:25 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\Tencent 2020-03-20 21:19 - 2020-03-20 21:19 - 000000000 ____D C:\Users\Andrew\UIDowner 2020-03-20 19:30 - 2020-03-20 19:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2020-03-20 17:24 - 2020-03-20 17:24 - 000000015 _____ C:\Users\Andrew\Desktop\(ง'̀-'́)ง.txt 2020-03-19 18:19 - 2020-03-19 18:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2020-03-19 18:19 - 2020-03-19 18:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys 2020-03-19 18:19 - 2020-03-19 18:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys 2020-03-19 18:19 - 2020-03-19 18:19 - 000044552 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe 2020-03-18 20:39 - 2020-03-18 20:43 - 000001641 _____ C:\Users\Andrew\Desktop\ .lnk 2020-03-18 20:31 - 2020-03-20 16:38 - 000000000 ____D C:\Users\Andrew\Google Drive 2020-03-18 20:27 - 2020-03-18 20:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google 2020-03-18 20:27 - 2020-03-18 20:27 - 000000000 ____D C:\Program Files\Google 2020-03-18 10:37 - 2020-03-18 10:41 - 000000000 ____D C:\Users\Andrew\Downloads\Autoit 123 2020-03-18 10:27 - 2020-03-18 10:27 - 000000000 ____D C:\Users\Andrew\AppData\Local\AutoIt v3 2020-03-18 10:26 - 2020-03-18 10:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3 2020-03-18 10:26 - 2020-03-18 10:42 - 000000000 ____D C:\Program Files (x86)\AutoIt3 2020-03-17 19:05 - 2020-03-09 22:37 - 011828832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll 2020-03-17 19:05 - 2020-03-09 22:37 - 010156472 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll 2020-03-17 19:05 - 2020-03-09 22:37 - 001729448 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe 2020-03-17 19:05 - 2020-03-09 22:37 - 001729448 _____ C:\WINDOWS\system32\vulkaninfo.exe 2020-03-17 19:05 - 2020-03-09 22:37 - 001329576 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe 2020-03-17 19:05 - 2020-03-09 22:37 - 001329576 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe 2020-03-17 19:05 - 2020-03-09 22:36 - 040501992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll 2020-03-17 19:05 - 2020-03-09 22:36 - 013317520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2020-03-17 19:05 - 2020-03-09 22:36 - 011313552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2020-03-17 19:05 - 2020-03-09 22:36 - 005377464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2020-03-17 19:05 - 2020-03-09 22:36 - 004715920 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2020-03-17 19:05 - 2020-03-09 22:36 - 002068592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2020-03-17 19:05 - 2020-03-09 22:36 - 001719408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6444253.dll 2020-03-17 19:05 - 2020-03-09 22:36 - 001561552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2020-03-17 19:05 - 2020-03-09 22:36 - 001483192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6444253.dll 2020-03-17 19:05 - 2020-03-09 22:36 - 001476536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2020-03-17 19:05 - 2020-03-09 22:36 - 001358800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll 2020-03-17 19:05 - 2020-03-09 22:36 - 001138824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2020-03-17 19:05 - 2020-03-09 22:36 - 001056184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll 2020-03-17 19:05 - 2020-03-09 22:36 - 000678000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll 2020-03-17 19:05 - 2020-03-09 22:36 - 000669928 _____ C:\WINDOWS\system32\nvofapi64.dll 2020-03-17 19:05 - 2020-03-09 22:36 - 000550328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll 2020-03-17 19:05 - 2020-03-09 22:36 - 000538552 _____ C:\WINDOWS\SysWOW64\nvofapi.dll 2020-03-17 19:05 - 2020-03-09 22:35 - 035371240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll 2020-03-17 19:05 - 2020-03-09 19:34 - 004232424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll 2020-03-12 19:54 - 2020-03-12 19:54 - 000000000 ____D C:\Program Files\Yamaha 2020-03-08 18:05 - 2020-03-20 22:34 - 000000368 _____ C:\WINDOWS\Tasks\HPCeeScheduleForAndrew.job 2020-03-08 18:05 - 2020-03-20 18:30 - 000003264 _____ C:\WINDOWS\system32\Tasks\HPCeeScheduleForAndrew 2020-03-05 18:56 - 2020-03-05 18:56 - 000843496 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_epid.dll 2020-03-05 18:56 - 2020-03-05 18:56 - 000841456 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_quote_ex.dll 2020-03-05 18:56 - 2020-03-05 18:56 - 000839408 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_launch.dll 2020-03-05 18:56 - 2020-03-05 18:56 - 000712944 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_epid.dll 2020-03-05 18:56 - 2020-03-05 18:56 - 000711432 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_quote_ex.dll 2020-03-05 18:56 - 2020-03-05 18:56 - 000708848 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_launch.dll 2020-03-05 18:56 - 2020-03-05 18:56 - 000130288 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_urts.dll 2020-03-05 18:56 - 2020-03-05 18:56 - 000109296 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_urts.dll 2020-03-05 18:56 - 2020-03-05 18:56 - 000069872 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_enclave_common.dll 2020-03-05 18:56 - 2020-03-05 18:56 - 000059632 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_enclave_common.dll 2020-03-05 18:56 - 2020-03-05 18:56 - 000054536 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_platform.dll 2020-03-05 18:56 - 2020-03-05 18:56 - 000048368 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_platform.dll 2020-03-05 18:56 - 2020-03-05 18:56 - 000038128 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_uae_service.dll 2020-03-05 18:56 - 2020-03-05 18:56 - 000037616 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_uae_service.dll 2020-03-03 17:32 - 2020-03-17 19:05 - 000000000 ____D C:\WINDOWS\LastGood 2020-03-02 16:51 - 2020-03-20 21:34 - 000000000 ____D C:\WINDOWS\Minidump 2020-03-01 11:38 - 2020-03-01 11:40 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\Parsec 2020-03-01 11:38 - 2020-03-01 11:38 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Parsec 2020-03-01 11:38 - 2020-03-01 11:38 - 000000000 ____D C:\Program Files\Parsec 2020-02-28 08:25 - 2020-02-28 08:25 - 052123443 _____ C:\Users\Andrew\Downloads\Cars.mp4 2020-02-26 17:45 - 2020-02-26 17:45 - 000000000 ___HD C:\OneDriveTemp 2020-02-24 18:31 - 2020-03-13 17:10 - 000000000 ____D C:\Program Files (x86)\SpeedFan 2020-02-24 18:31 - 2020-02-24 18:31 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-03-22 15:22 - 2020-01-22 18:57 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2020-03-22 15:22 - 2020-01-11 10:00 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase 2020-03-22 12:29 - 2020-01-11 10:00 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2020-03-22 11:20 - 2020-01-11 10:00 - 000000000 ___HD C:\Program Files\WindowsApps 2020-03-22 11:20 - 2020-01-11 10:00 - 000000000 ____D C:\WINDOWS\AppReadiness 2020-03-22 10:47 - 2020-01-22 19:09 - 002389328 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2020-03-22 10:47 - 2020-01-22 18:43 - 000432918 _____ C:\WINDOWS\system32\prfh0804.dat 2020-03-22 10:47 - 2020-01-22 18:43 - 000137496 _____ C:\WINDOWS\system32\prfc0804.dat 2020-03-22 10:47 - 2020-01-22 18:42 - 000776754 _____ C:\WINDOWS\system32\perfh019.dat 2020-03-22 10:47 - 2020-01-22 18:42 - 000156332 _____ C:\WINDOWS\system32\perfc019.dat 2020-03-22 10:47 - 2020-01-11 09:58 - 000000000 ____D C:\WINDOWS\INF 2020-03-22 10:44 - 2018-07-05 07:51 - 000000000 ____D C:\ProgramData\NVIDIA 2020-03-22 10:42 - 2020-01-22 19:05 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2020-03-22 10:42 - 2020-01-11 10:00 - 000000000 ____D C:\WINDOWS\ServiceState 2020-03-22 10:42 - 2018-09-30 08:31 - 000000000 ___RD C:\Users\Andrew\OneDrive - Erskine Stewart's Melville Schools 2020-03-22 10:42 - 2018-09-25 18:25 - 000000000 ___RD C:\Users\Andrew\OneDrive 2020-03-22 10:42 - 2018-09-25 18:23 - 000000000 __SHD C:\Users\Andrew\IntelGraphicsProfiles 2020-03-22 10:41 - 2020-01-22 18:57 - 000016384 ___SH C:\DumpStack.log.tmp 2020-03-22 10:34 - 2019-06-13 12:28 - 000000000 ____D C:\Users\Andrew\AppData\Local\SquirrelTemp 2020-03-22 10:33 - 2019-06-13 12:28 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Corporation 2020-03-22 09:54 - 2020-01-11 09:49 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2020-03-22 09:34 - 2020-01-22 19:05 - 000004168 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{108EF013-C19E-48FB-9AB3-5AF875793EFF} 2020-03-22 09:32 - 2020-01-22 19:05 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2020-03-22 09:32 - 2020-01-22 19:05 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2020-03-20 22:55 - 2019-09-09 10:57 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2020-03-20 22:55 - 2019-09-09 10:56 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2020-03-20 22:34 - 2020-01-22 18:57 - 000557080 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2020-03-20 22:26 - 2019-06-10 16:37 - 000000000 ____D C:\Users\Andrew\AppData\Local\CrashDumps 2020-03-20 21:34 - 2018-09-27 17:47 - 000000000 ____D C:\Users\Andrew\AppData\Local\D3DSCache 2020-03-20 21:19 - 2020-01-22 18:59 - 000000000 ____D C:\Users\Andrew 2020-03-20 21:10 - 2018-09-27 15:18 - 000000000 ____D C:\Users\Andrew\AppData\Local\ElevatedDiagnostics 2020-03-20 19:30 - 2018-09-25 18:29 - 000000000 ____D C:\Program Files (x86)\Dropbox 2020-03-20 16:23 - 2019-06-13 18:57 - 000000000 ____D C:\Users\Andrew\.atom 2020-03-20 14:07 - 2019-06-13 18:56 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc 2020-03-20 14:07 - 2019-06-13 18:56 - 000000000 ____D C:\Users\Andrew\AppData\Local\atom 2020-03-20 14:03 - 2019-06-13 18:56 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\Atom 2020-03-20 13:57 - 2020-01-23 07:53 - 000000000 ____D C:\Users\Andrew\AppData\Local\Deployment 2020-03-20 13:53 - 2018-09-26 17:54 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2020-03-20 12:00 - 2020-01-22 19:05 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2020-03-19 08:30 - 2019-09-09 18:58 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\.minecraft 2020-03-18 20:27 - 2018-09-25 18:30 - 000000000 ____D C:\Users\Andrew\AppData\Local\Google 2020-03-18 20:23 - 2018-09-25 18:32 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps 2020-03-18 10:26 - 2019-10-01 19:23 - 000000000 ____D C:\WINDOWS\ShellNew 2020-03-18 10:18 - 2020-01-21 20:08 - 000001342 _____ C:\Users\Andrew\Desktop\test.bat.lnk 2020-03-18 10:17 - 2020-01-22 19:05 - 000003658 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask 2020-03-18 10:00 - 2019-06-13 18:32 - 000000000 ____D C:\Users\Andrew\AppData\Local\Package Cache 2020-03-18 09:59 - 2020-02-05 18:26 - 000002403 _____ C:\Users\Public\Desktop\ .lnk 2020-03-18 09:59 - 2020-02-05 18:26 - 000002403 _____ C:\ProgramData\Desktop\ .lnk 2020-03-18 09:56 - 2020-02-05 18:26 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2020-03-17 19:06 - 2020-01-11 10:00 - 000000000 ____D C:\WINDOWS\Help 2020-03-17 19:06 - 2018-07-05 07:51 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2020-03-17 19:06 - 2018-07-05 07:51 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2020-03-16 18:14 - 2019-10-20 18:18 - 000001107 _____ C:\Users\Andrew\Desktop\WinDirStat.lnk 2020-03-14 11:24 - 2020-01-11 10:00 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2020-03-14 11:20 - 2018-10-02 18:14 - 000000000 ____D C:\Program Files\Microsoft Office 2020-03-13 17:03 - 2019-09-23 18:12 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive 2020-03-12 19:54 - 2018-02-02 13:05 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2020-03-12 19:53 - 2019-07-26 17:27 - 000000000 ____D C:\Users\Andrew\AppData\Local\Downloaded Installations 2020-03-10 17:18 - 2020-01-22 19:05 - 000003206 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task 2020-03-10 17:18 - 2019-09-23 18:13 - 000002181 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2020-03-09 22:36 - 2019-12-11 18:34 - 023243704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys 2020-03-09 19:34 - 2019-12-11 18:34 - 004965992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll 2020-03-09 19:14 - 2019-12-11 18:34 - 000055923 _____ C:\WINDOWS\system32\nvinfo.pb 2020-03-01 11:37 - 2018-09-25 18:23 - 000000000 ____D C:\Users\Andrew\AppData\Local\NVIDIA Corporation 2020-03-01 11:37 - 2018-07-05 07:51 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2020-02-29 20:50 - 2018-12-25 09:52 - 000000000 ____D C:\ProgramData\Logishrd 2020-02-28 13:47 - 2020-01-22 18:10 - 000000000 ___DC C:\WINDOWS\Panther 2020-02-28 13:47 - 2019-03-20 19:39 - 000000000 ____D C:\Program Files (x86)\Steam 2020-02-27 19:26 - 2018-09-26 17:45 - 000000000 ____D C:\WINDOWS\system32\MRT 2020-02-27 19:23 - 2018-09-26 17:44 - 120407888 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2020-02-26 20:38 - 2020-01-30 21:20 - 000000354 _____ C:\Users\Andrew\Documents\AlwaysOnTop.ahk 2020-02-26 18:58 - 2018-09-25 18:40 - 000000000 ____D C:\Users\Andrew\AppData\Local\PlaceholderTileLogoFolder 2020-02-26 18:58 - 2018-09-25 18:23 - 000000000 ____D C:\Users\Andrew\AppData\Local\Packages 2020-02-26 17:57 - 2019-10-24 15:49 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\Visions of Chaos 2020-02-26 17:56 - 2019-10-24 15:51 - 000001132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visions of Chaos.lnk 2020-02-26 17:56 - 2019-10-24 15:51 - 000001120 _____ C:\Users\Andrew\Desktop\Visions of Chaos.lnk 2020-02-26 17:56 - 2019-10-24 15:50 - 000000000 ____D C:\Program Files (x86)\Visions of Chaos 2020-02-26 10:46 - 2018-07-05 07:51 - 005572072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll 2020-02-26 10:46 - 2018-07-05 07:51 - 002632168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll 2020-02-26 10:46 - 2018-07-05 07:51 - 001760232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll 2020-02-26 10:46 - 2018-07-05 07:51 - 000661992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll 2020-02-26 10:46 - 2018-07-05 07:51 - 000447464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll 2020-02-26 10:46 - 2018-07-05 07:51 - 000121144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll 2020-02-26 10:46 - 2018-07-05 07:51 - 000075752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll 2020-02-26 10:36 - 2018-07-05 07:51 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat 2020-02-24 18:31 - 2019-11-09 08:22 - 000000045 _____ C:\WINDOWS\SysWOW64\initdebug.nfo ==================== Files in the root of some directories ======== 2019-01-27 11:33 - 2019-12-12 19:40 - 000007607 _____ () C:\Users\Andrew\AppData\Local\Resmon.ResmonCfg 2020-01-01 13:08 - 2020-01-01 13:13 - 000000066 _____ () C:\Users\Andrew\AppData\Local\uts.ini ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== I have attached the Addition.txt file. Thank you very much! Addition.txt
  5. Hello, I have got an issue with an infection. I have run Malwarebytes multiple times, every time it prompts me to restart to finish the quarantining process, but every time I click on "restart", my computer freezes, forcing me to force shutdown [see attachment]. I am running Windows 10. This is my first time posting on the forum, so I do not know what other information you will need, but if you need anything else, please let me know. Thank you very much! freeze (1).mp4
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.