Jump to content
AS007

PC is infected, but can't quarantine

Recommended Posts

Hello,

I have got an issue with an infection. I have run Malwarebytes multiple times, every time it prompts me to restart to finish the quarantining process, but every time I click on "restart", my computer freezes, forcing me to force shutdown [see attachment]. I am running Windows 10. This is my first time posting on the forum, so I do not know what other information you will need, but if you need anything else, please let me know.

Thank you very much!

Share this post


Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Let's check further.

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file:
In the Reply section in the bottom of the topic Select Click the Choose a File.
Navigate to the location of the File.
Click the file. It will appear in section.
Click the Saving button.

Please attach the logs for my review.

Wait for further instructions
====

p.s.
Do not execute Malwarebytes before I had a chance to look at your logs and reply.

Share this post


Link to post
Share on other sites

Dear Nasdaq,

Below is the FRST.txt file.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-03-2020
Ran by Andrew (administrator) on HP-SPECTRE-X360 (HP HP Spectre x360 Convertible 15-ch0xx) (22-03-2020 15:26:45)
Running from C:\Users\Andrew\Desktop\FRST
Loaded Profiles: Andrew (Available Profiles: Andrew & DevToolsUser)
Platform: Windows 10 Home Version 2004 19546.1000 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AlwaysOnTop.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Beijing Qihu Technology Co., Ltd. -> ) C:\Users\Andrew\AppData\Roaming\BirdWallpaper\Utils\NavPlugin.exe
(Beijing Qihu Technology Co., Ltd. -> ) C:\Users\Andrew\AppData\Roaming\BirdWallpaper\wallpaperhelper\guardhp.exe
(Chengdu Qilu Technology Co. Ltd. -> ) C:\Users\Andrew\AppData\Roaming\BirdWallpaper\360wpsrv.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\WINDOWS\System32\DbxSvc.exe
(F.lux Software LLC -> f.lux Software LLC) C:\Users\Andrew\AppData\Local\FluxSoftware\Flux\flux.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\80.0.3987.18\remoting_host.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\80.0.3987.18\remoting_host.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(Intel Corporation -> Intel Corporation) C:\WINDOWS\System32\Intel\DPTF\dptf_helper.exe
(Intel Corporation -> Intel Corporation) C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\ki131549.inf_amd64_bd2f201ab4d2a9a8\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\ki131549.inf_amd64_bd2f201ab4d2a9a8\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\ki131549.inf_amd64_bd2f201ab4d2a9a8\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\ki131549.inf_amd64_bd2f201ab4d2a9a8\IntelCpHeciSvc.exe
(Intel(R) Software Development Products -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_bff7913eb62bbf90\aesm_service.exe
(Intel(R) Trust Services -> Intel(R) Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\WINDOWS\System32\ibtsiva.exe
(J.onaxh Network Technology Co., Ltd. -> winhost) C:\Users\Andrew\AppData\Local\FLYSVR\winhost.exe
(Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe
(Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Andrew\AppData\Local\Microsoft\Teams\current\Teams.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Andrew\AppData\Local\Microsoft\Teams\current\Teams.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Andrew\AppData\Local\Microsoft\Teams\current\Teams.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Andrew\AppData\Local\Microsoft\Teams\current\Teams.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Andrew\AppData\Local\Microsoft\Teams\current\Teams.exe
(Microsoft Corporation -> Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.22010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12003.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.120.3171.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20022.81.0_x64__8wekyb3d8bbwe\YourPhoneServer\YourPhoneServer.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.20022.11011.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Scans\MsMpEngCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\InputMethod\CHS\ChsIME.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.6-0\NisSrv.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Parsec Cloud, Inc. -> Parsec) C:\Program Files\Parsec\pservice.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(天津速读科技有限公司 -> 天津速读科技有限公司) C:\Program Files (x86)\MasterPDF\pdfServer.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EzTiltPenSrvc] => C:\Program Files\ELAN\EzTiltPen\EzTiltPenAgent.exe [738816 2017-11-03] (ELAN) [File not signed]
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2814096 2019-08-30] (Corel Corporation -> Corel Corporation)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2109064 2019-11-27] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9270560 2019-05-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [CxAgent] => C:\Program Files\Realtek\Audio\HDA\CXAPOAgent64.exe [759736 2019-05-16] (Conexant Systems LLC -> Conexant Systems, Inc.)
HKLM\...\Run: [RtHDVBg_Session] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506384 2019-05-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [wpapp] => C:\Users\Andrew\AppData\Roaming\BirdWallpaper\WpTinyTray.exe
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [703312 2017-07-21] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6261248 2020-03-19] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2386161698-3706458041-262731239-1001\...\Run: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [1580608 2020-03-10] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2386161698-3706458041-262731239-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Andrew\AppData\Local\Akamai\netsession_win.exe [4586456 2018-04-17] (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
HKU\S-1-5-21-2386161698-3706458041-262731239-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3365840 2020-02-11] (Valve -> Valve Corporation)
HKU\S-1-5-21-2386161698-3706458041-262731239-1001\...\Run: [f.lux] => C:\Users\Andrew\AppData\Local\FluxSoftware\Flux\flux.exe [1385480 2019-08-30] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-2386161698-3706458041-262731239-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-10-22] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-2386161698-3706458041-262731239-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Andrew\AppData\Local\Microsoft\Teams\Update.exe [2336912 2020-03-22] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-2386161698-3706458041-262731239-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [48214720 2020-02-27] (Google LLC -> )
HKU\S-1-5-21-2386161698-3706458041-262731239-1001\...\Run: [FLYSVR] => C:\Users\Andrew\AppData\Local\FLYSVR\winhost.exe [2274216 2020-03-09] (J.onaxh Network Technology Co., Ltd. -> winhost)
HKU\S-1-5-21-2386161698-3706458041-262731239-1001\...\Policies\Explorer: [] 
HKU\S-1-5-21-2386161698-3706458041-262731239-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\Andrew\AppData\Local\ScreenSaver\默认.scr [1432488 2020-03-09] (默认屏保) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.149\Installer\chrmstp.exe [2020-03-18] (Google LLC -> Google LLC)
Lsa: [Authentication Packages] msv1_0 SshdPinAuthLsa
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2019-12-17]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (Corel Corporation -> WinZip Computing)
Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AlwaysOnTop.exe [2020-02-26] () [File not signed]
GroupPolicy\User: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01E8C960-C1E8-4774-940E-838B33F8B100} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.6-0\MpCmdRun.exe [480272 2020-03-20] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0289DF43-C9D0-4003-9D40-B4E18C4A75B4} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\tbtsvc.exe [2302184 2017-11-30] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {034549F9-F938-48A3-9353-4D87D85E7CBF} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302880 2019-12-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {05069D9C-479C-422C-AD14-22DDBB20C5EF} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158544 2020-03-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {070FF1C4-CE80-4E49-8726-AC9BB4086B30} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226024 2017-11-30] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {0ED0D4FB-9F29-4EA0-AFDE-FA5637112A82} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [653848 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1145750F-8ED2-4441-9700-1B46D841F2F6} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [461824 2017-10-06] (HP Inc. -> HP Inc.)
Task: {2208A03B-A3CE-4BCB-85B0-424B03282E10} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1488248 2018-12-10] (HP Inc. -> HP Inc.)
Task: {23882046-E10F-4848-9E07-9B0B888EA901} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.6-0\MpCmdRun.exe [480272 2020-03-20] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {28F89018-15CE-4E5D-8273-F576C2C4E260} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\program files (x86)\microsoft visual studio\installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [72848 2019-06-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {30F809A1-064A-40E9-875D-3984905DC31B} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226024 2017-11-30] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {43AE4D23-E526-4FA2-AE59-5FBA6BC7F44D} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [745480 2019-04-16] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {44567CC7-69AA-45DD-B5EF-AC1B190F3857} - System32\Tasks\LDSGameMaster => C:\MobileEmuMaster\LDSGameHall\LDSGameHall.exe
Task: {4609BCAC-8C85-432C-B1B4-FE3F11A8276E} - System32\Tasks\Microsoft\Windows\Application Experience\PcaPatchDbTask => %windir%\system32\rundll32.exe %windir%\system32\PcaSvc.dll,PcaPatchSdbTask
Task: {46BDB5B4-8A7C-4300-88E1-F60A4295731C} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2814096 2019-08-30] (Corel Corporation -> Corel Corporation)
Task: {470FBC96-3101-4A02-8127-F858522159F7} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2814096 2019-08-30] (Corel Corporation -> Corel Corporation)
Task: {471C3E05-096A-4971-8547-5BA5B9172AD4} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-09-25] (Dropbox, Inc -> Dropbox, Inc.)
Task: {47854DC9-A45B-426C-87AE-5D830198DE69} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-09-25] (Dropbox, Inc -> Dropbox, Inc.)
Task: {49274A2A-17CA-4187-ACE6-BAB05362B1C8} - System32\Tasks\Microsoft\Windows\Diagnosis\RecommendedTroubleshootingScanner => {AD08DCC2-4E35-4486-9D49-547CBD30942D} C:\WINDOWS\System32\MitigationClient.dll [485888 2020-01-11] (Microsoft Windows -> Microsoft Corporation)
Task: {4EE9444E-266B-4317-95DB-395143C97645} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {52C07618-D073-496B-B9C7-A068647E562E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [14679256 2020-01-09] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {533BFF74-6FDA-4309-BA98-F065E7C5E49D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [914456 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {53D708C3-6857-4B29-91F0-56D526F6069A} - System32\Tasks\Microsoft\Windows\Shell\UpdateUserPictureTask => {09C5DD34-009D-40FA-BCB9-0165AD0C15D4} C:\Windows\System32\Windows.UI.Immersive.dll [1264128 2020-01-11] (Microsoft Windows -> Microsoft Corporation)
Task: {5D8728C2-0437-4C82-9552-482F517096AA} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5F9E8F38-241B-44BB-88F3-96472D168D42} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2017-09-27] (HP Inc. -> HP Inc.)
Task: {81771B94-14F0-42D8-A6FC-C0FF5FCB3A2C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6154584 2020-03-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {81A279A8-E3B8-4806-9200-89FEA18D36F2} - System32\Tasks\Agent Activation Runtime\S-1-5-21-2386161698-3706458041-262731239-1001 => C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe [13312 2020-01-11] (Microsoft Windows -> )
Task: {8773161F-CEBE-463F-9EF7-01F835D0BF94} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8FD3EDEF-C3CC-4EE4-BC9D-0ACB3E2019AA} - System32\Tasks\Microsoft\Windows\Input\TouchpadSyncDataAvailable => {378EAB97-EFD6-4ED5-9AD9-E64A6AA1E6FA} C:\Windows\System32\InputCloudStore.dll [157184 2020-01-11] (Microsoft Windows -> Microsoft Corporation)
Task: {91B9D60E-F45F-42AC-84DC-C663BBF47D52} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2038568 2020-03-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {937DC951-D94F-4165-AEDD-6689FCFA6015} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {95BDBAC8-0CD1-42E5-BAEE-9F0F628B718A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-25] (Google Inc -> Google Inc.)
Task: {9D64213C-52D6-4188-9742-B09A8B6F9B5E} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {A29E18FE-34D5-4B5A-8481-554792F5990E} - System32\Tasks\Microsoft\Windows\Input\PenSyncDataAvailable => {378EAB97-EFD6-4ED5-9AD9-E64A6AA1E6FA} C:\Windows\System32\InputCloudStore.dll [157184 2020-01-11] (Microsoft Windows -> Microsoft Corporation)
Task: {A754AB9F-1BA2-4397-95F8-1642B6DFF1A6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.6-0\MpCmdRun.exe [480272 2020-03-20] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A78E9CD7-6BE6-49A7-B10B-9375229A098A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6154584 2020-03-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {AAA5089D-8290-443F-8F6B-99F57D0B1475} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2020-01-09] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {AB60C281-D417-4133-97C2-3930C0A190BE} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2814096 2019-08-30] (Corel Corporation -> Corel Corporation)
Task: {B539B66C-BCEB-4647-93B3-CAFB3F8556B1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136056 2019-01-02] (HP Inc. -> HP Inc.)
Task: {B53EEB52-7DE2-427F-B067-E999C35F0CB8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [219512 2018-12-24] (HP Inc. -> HP Inc.)
Task: {B78E1788-69AD-458D-8135-1964FC67C9F6} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files (x86)\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [2730040 2020-03-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {BAAF68A7-3BF0-4121-96B9-E730F08297FB} - System32\Tasks\Microsoft\Windows\International\Synchronize Language Settings => {10D62541-90D0-42FE-848C-0DBC1AC42EDA} C:\Windows\System32\CoreGlobConfig.dll [217984 2020-01-11] (Microsoft Windows -> Microsoft Corporation)
Task: {BE346077-7539-4258-909E-2F788D4A5115} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C381D288-67B6-4E52-9025-91BCF8F72057} - System32\Tasks\Microsoft\Windows\Input\LocalUserSyncDataAvailable => {8E7C2AFB-72B9-415C-9AC2-5037693309B7} C:\Windows\System32\InputCloudStore.dll [157184 2020-01-11] (Microsoft Windows -> Microsoft Corporation)
Task: {C4EF018B-1702-4797-B8F2-4D5914A8A11C} - System32\Tasks\Opera GX scheduled Autoupdate 1567016949 => C:\Users\Andrew\AppData\Local\Programs\Opera GX\launcher.exe
Task: {C57DABD9-EE85-4C4A-A438-12A923147CBD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.6-0\MpCmdRun.exe [480272 2020-03-20] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D3063296-961C-4F14-AD92-E971713EBA94} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D3959954-57CB-401A-9178-AB04D60206D1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1116024 2020-02-26] (HP Inc. -> HP Inc.)
Task: {D794DEEC-A362-403C-8D1E-1A5AB9739311} - System32\Tasks\360wp-srv => C:\Users\Andrew\AppData\Roaming\BirdWallpaper\360wpsrv.exe [5112808 2019-12-03] (Chengdu Qilu Technology Co. Ltd. -> )
Task: {DA871ECC-B011-4930-BD52-9C607A141DBB} - System32\Tasks\Microsoft\Windows\Input\MouseSyncDataAvailable => {378EAB97-EFD6-4ED5-9AD9-E64A6AA1E6FA} C:\Windows\System32\InputCloudStore.dll [157184 2020-01-11] (Microsoft Windows -> Microsoft Corporation)
Task: {DBA45AEA-B8EA-4056-82EC-73FAFAE2FD08} - System32\Tasks\Microsoft\Windows\WwanSvc\OobeDiscovery => {C93CF9D5-031B-4AAA-AB0B-EF802347B381} C:\Windows\System32\MBMediaManager.dll [674816 2020-01-11] (Microsoft Windows -> Microsoft Corporation)
Task: {DC58F8BE-110E-4694-A9F0-B344E00F59CD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1488248 2018-12-10] (HP Inc. -> HP Inc.)
Task: {DDDA532C-18B9-4B9C-B749-3066091BFB0D} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {E61C3A3B-07FC-4937-9DC6-BC1B9309C258} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-25] (Google Inc -> Google Inc.)
Task: {E6B9BCD8-9F5B-4906-AF30-4D360F9E163A} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EB7CB41C-6AD6-483A-8A53-62B828B7F878} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158544 2020-03-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {EE6A5A73-3FCD-43DC-A315-CE031171C0C9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24600440 2020-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {F30C5AF2-7D7D-4B82-B045-4F817008A409} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on switch user if service is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226024 2017-11-30] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {F6423471-6999-49B2-8AFA-876570BBE5B9} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24600440 2020-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {F6969848-A576-4D64-8D57-2F0B212E66B4} - System32\Tasks\HPCeeScheduleForAndrew => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [97656 2018-09-11] (HP Inc. -> HP Inc.)
Task: {F70DF54E-F0A8-4D2F-9FC9-F8A81266D99C} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [914456 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F99DD5B2-7206-44FA-8E48-2B46A724FA0C} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644960 2017-02-02] (HP Inc. -> HP Inc.)
Task: {FA85A9F1-2156-46F6-926E-EE3D500B8E9A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [651632 2017-09-27] (HP Inc. -> HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForAndrew.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\netload.dll [292864 2019-05-09] (Beijing Qihu Technology Co., Ltd. -> 成都奇鲁科技有限公司)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\netload.dll [292864 2019-05-09] (Beijing Qihu Technology Co., Ltd. -> 成都奇鲁科技有限公司)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\netload.dll [292864 2019-05-09] (Beijing Qihu Technology Co., Ltd. -> 成都奇鲁科技有限公司)
Winsock: Catalog9 18 C:\WINDOWS\SysWOW64\netload.dll [292864 2019-05-09] (Beijing Qihu Technology Co., Ltd. -> 成都奇鲁科技有限公司)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{1674856b-b4e8-4e3f-b284-7a45086fa499}: [DhcpNameServer] 10.3.1.121 10.5.1.121
Tcpip\..\Interfaces\{2846c0cd-81a0-4b78-8bcf-3acb7be751d2}: [DhcpNameServer] 10.3.1.121 10.5.1.121
Tcpip\..\Interfaces\{87727f1f-3f25-4b9b-bcf7-a89cceb5786a}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{87cf572d-cc2e-43dc-bc57-9a1a11ae430e}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{d0962129-0091-41fc-8ec3-8c6948d02093}: [DhcpNameServer] 10.3.1.121 10.5.1.121

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2386161698-3706458041-262731239-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2386161698-3706458041-262731239-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2020-02-05] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_221\bin\ssv.dll [2019-08-30] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-08-30] (Oracle America, Inc. -> Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-09-27] (HP Inc. -> HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-02-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: No Name -> {3D9B8BD6-E646-44B4-AA01-F4CA817E928A} -> No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-09-27] (HP Inc. -> HP Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-03-08] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-08-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-08-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-02-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-02-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-02-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @qq.com/npQQGameAssist -> C:\Program Files (x86)\Tencent\QQGAME\npQQGameAssistPlugin.dll [No File]
FF Plugin HKU\.DEFAULT: @1.qq.com/npqqwebgame -> C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Tencent\WebGamePlugin\1.0.5.2\npqqwebgame.dll [No File]
FF Plugin HKU\S-1-5-21-2386161698-3706458041-262731239-1001: @1.qq.com/npqqwebgame -> C:\Users\Andrew\AppData\Roaming\Tencent\WebGamePlugin\1.0.5.2\npqqwebgame.dll [No File]

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default [2020-03-22]
CHR Notifications: Default -> hxxps://mail.google.com; hxxps://messages.google.com; hxxps://musescore.com; hxxps://outlook.office.com
CHR HomePage: Default -> hxxps://www.google.co.uk/
CHR StartupUrls: Default -> "hxxp://homepage-web.com/?s=acer&m=start"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Slides) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-25]
CHR Extension: (Google Drive) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aghbiahbpaijignceidepookljebhfak [2020-03-18]
CHR Extension: (Docs) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-25]
CHR Extension: (Tampermonkey) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2019-12-06]
CHR Extension: (Web Paint) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\emeokgokialpjadjaoeiplmnkjoaegng [2020-03-18]
CHR Extension: (Outlook) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\faolnafnngnfdaknnbpnkhgohbobgegn [2019-10-03]
CHR Extension: (Sheets) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-25]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2019-07-23]
CHR Extension: (Google Docs Offline) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-03-12]
CHR Extension: (Vysor) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gidgenkbbabolejbgbpnhbimgjbffefm [2020-02-13]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-03-17]
CHR Extension: (Picture-in-Picture Extension (by Google)) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgfoiooedgoejojocmhlaklaeopbecg [2020-03-16]
CHR Extension: (2048) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijkmjnaahlnmdjjlbhbjbhlnmadmmlgg [2019-10-16]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2020-01-03]
CHR Extension: (Volume Master) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghecgabfgfdldnmbfkhmffcabddioke [2020-01-30]
CHR Extension: (Grammarly for Chrome) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2020-03-22]
CHR Extension: (The Great Suspender) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2020-02-13]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2020-03-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
CHR Extension: (MathStudio) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpedkecdcnobiheblbhgleenlbdoknp [2018-09-25]
CHR Extension: (Gmail) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-23]
CHR Extension: (Chrome Media Router) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-03-20]
CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-03-12]
CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Profile 1 [2020-02-28]
CHR DefaultSearchURL: Profile 1 -> hxxps://ow2.res.office365.com/assets/mail/pwa/v1/pngs/Outlook.48x48x32.png
CHR Extension: (Slides) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-10-29]
CHR Extension: (Docs) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2019-10-29]
CHR Extension: (Google Drive) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-10-29]
CHR Extension: (YouTube) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-10-29]
CHR Extension: (Sheets) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-10-29]
CHR Extension: (Google Docs Offline) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-10-29]
CHR Extension: (Calculator) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\joodangkbfjnajiiifokapkpmhfnpleo [2019-10-29]
CHR Extension: (ScanQR) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nihhbejdflkeingkkpakffdlmepaeaah [2019-10-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-29]
CHR Extension: (Gmail) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-10-29]
CHR Extension: (Outlook) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkooggnaalmfkidjmlhoelhdllpphaga [2019-10-29]
CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\System Profile [2020-02-28]
CHR HKU\S-1-5-21-2386161698-3706458041-262731239-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Andrew\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2020-03-18]
CHR HKU\S-1-5-21-2386161698-3706458041-262731239-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESMService; C:\WINDOWS\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_bff7913eb62bbf90\aesm_service.exe [2353392 2020-03-05] (Intel(R) Software Development Products -> Intel Corporation)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7356680 2018-11-03] (BattlEye Innovations e.K. -> )
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\80.0.3987.18\remoting_host.exe [73200 2019-12-17] (Google LLC -> Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11091224 2020-03-05] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-09-25] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-09-25] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44552 2020-03-19] (Dropbox, Inc -> Dropbox, Inc.)
R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1892512 2018-12-14] (Intel Corporation -> Intel Corporation)
S3 FileSyncHelper; C:\Program Files (x86)\Microsoft OneDrive\FileSyncHelper.exe [2142264 2020-03-10] (Microsoft Corporation -> Microsoft Corporation)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1321608 2018-09-25] (HP Inc. -> HP Inc.)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [477184 2017-10-06] (HP Inc. -> HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.)
R2 ibtsiva; C:\WINDOWS\System32\ibtsiva.exe [529912 2018-12-21] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe [743728 2017-11-16] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe [720184 2017-11-16] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 IntelAudioService; C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe [345208 2019-03-29] (Microsoft Windows Hardware Compatibility Publisher -> Intel)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [205968 2017-12-03] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 masterPDF_Server; C:\Program Files (x86)\MasterPDF\pdfServer.exe [242128 2020-03-20] (天津速读科技有限公司 -> 天津速读科技有限公司)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6933272 2020-03-20] (Malwarebytes Inc -> Malwarebytes)
S3 MixedRealityOpenXRSvc; C:\WINDOWS\System32\MixedRealityRuntime.dll [132240 2020-01-11] (Microsoft Windows -> Microsoft Corporation)
S3 MixedRealityOpenXRSvc; C:\WINDOWS\SysWOW64\MixedRealityRuntime.dll [106352 2020-01-11] (Microsoft Windows -> Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2018-09-05] (Intel Corporation -> )
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-05] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-05] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OneDrive Updater Service; C:\Program Files (x86)\Microsoft OneDrive\OneDriveUpdaterService.exe [2501184 2020-03-10] (Microsoft Corporation -> Microsoft Corporation)
R2 Parsec; C:\Program Files\Parsec\pservice.exe [362568 2020-02-18] (Parsec Cloud, Inc. -> Parsec)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [267552 2019-05-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
U2 SpSvc; C:\MobileEmuMaster\Utils\SpSvc.dll [430592 2019-03-04] (Beijing Qihu Technology Co., Ltd. -> )
S3 sshd; C:\WINDOWS\System32\OpenSSH\sshd.exe [974848 2019-03-22] (Microsoft Windows -> )
S3 SshdBroker; C:\WINDOWS\System32\SshdBroker.dll [300544 2020-01-10] (Microsoft Windows -> Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [360872 2018-09-21] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [2302184 2017-11-30] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
S3 UdkUserSvc; C:\WINDOWS\System32\windowsudk.shellcommon.dll [2029056 2020-01-11] (Microsoft Windows -> Microsoft Corporation)
S3 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [6453328 2018-07-02] (RealVNC Ltd -> RealVNC Ltd)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [147392 2019-04-30] (Microsoft Corporation -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.6-0\NisSrv.exe [3294680 2020-03-20] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.6-0\MsMpEng.exe [103168 2020-03-20] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4059744 2018-09-05] (Intel Corporation -> Intel® Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv.sys [313112 2019-10-21] (Bluestack Systems, Inc. -> Bluestack System Inc. )
R1 CimFS; C:\Windows\System32\Drivers\CimFS.sys [91136 2020-01-11] (Microsoft Windows -> )
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [78832 2018-12-14] (Intel Corporation -> Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [75248 2018-12-14] (Intel Corporation -> Intel Corporation)
R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [403440 2018-12-14] (Intel Corporation -> Intel Corporation)
R3 EzTouchFilter; C:\WINDOWS\System32\drivers\EzTouchFilter.sys [46672 2018-01-30] (ELAN Microelectronics Corporation -> ELAN)
R1 HardwareProtectWp; C:\Users\Andrew\AppData\Roaming\BirdWallpaper\wallpaperhelper\HardwareProtect_x64.sys [1313344 2019-10-31] (Chengdu Qilu Technology Co. Ltd. -> )
R3 HID_PCI; C:\WINDOWS\System32\DriverStore\FileRepository\hid_pci.inf_amd64_4602c21a151b7c57\HID_PCI.sys [33976 2018-10-29] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel)
R3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [98760 2018-10-26] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [207384 2018-07-06] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 ISH; C:\WINDOWS\System32\DriverStore\FileRepository\ish.inf_amd64_64d16427c75175b1\ISH.sys [157160 2018-10-29] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel)
R3 ISH_BusDriver; C:\WINDOWS\System32\DriverStore\FileRepository\ish_busdriver.inf_amd64_35d1c93e780e6195\ISH_BusDriver.sys [84648 2018-10-30] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2020-03-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MsQuic; C:\WINDOWS\System32\drivers\msquic.sys [312608 2020-01-11] (Microsoft Windows -> Microsoft Corporation)
S3 Netwtw06; C:\WINDOWS\System32\drivers\Netwtw06.sys [8810336 2018-05-13] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 Netwtw08; C:\WINDOWS\System32\drivers\Netwtw08.sys [9278240 2019-09-05] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhm.inf_amd64_62951455fb2f3b63\nvlddmkm.sys [23243704 2020-03-09] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-12-07] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [75600 2019-08-22] (NVIDIA Corporation -> NVIDIA Corporation)
U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [90168 2020-03-22] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com)
R3 RTSPER; C:\WINDOWS\System32\drivers\RtsPer.sys [946368 2019-01-09] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [45144 2018-01-26] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55400 2018-09-21] (Synaptics Incorporated -> Synaptics Incorporated)
S3 spaceparser; C:\WINDOWS\System32\drivers\spaceparser.sys [26624 2020-01-11] (Microsoft Windows -> Microsoft Corporation)
S3 sparkocam; C:\WINDOWS\system32\DRIVERS\sparkocam.sys [37712 2018-03-17] (Sparkosoft Inc -> Sparkosoft)
S3 sparkocammic; C:\WINDOWS\system32\drivers\sparkocammic.sys [34640 2018-01-10] (Sparkosoft Inc -> Sparkosoft)
R1 SpDrv; C:\MobileEmuMaster\Utils\SpDrv_amd64.sys [1291600 2019-01-28] (Chengdu Qilu Technology Co. Ltd. -> www.ludashi.com)
R2 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R0 Telemetry; C:\WINDOWS\System32\drivers\IntelTA.sys [22336 2020-01-11] (Microsoft Windows Hardware Abstraction Layer Publisher -> Microsoft Corporation)
R3 VBAudioVACMME; C:\WINDOWS\System32\drivers\vbaudio_cable64_win7.sys [41192 2019-06-11] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R3 VBoxNetAdp; C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [216088 2019-04-12] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [227016 2019-04-12] (Oracle Corporation -> Oracle Corporation)
R3 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [69168 2020-01-10] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer)
R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [41560 2017-11-07] (Intel(R) Software -> Intel Corporation)
S3 VirtualRender; C:\WINDOWS\System32\DriverStore\FileRepository\vrd.inf_amd64_571b246d73a3d322\vrd.sys [11264 2020-01-11] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45960 2020-03-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [391392 2020-03-20] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59104 2020-03-20] (Microsoft Windows -> Microsoft Corporation)
S3 WifiCx; C:\WINDOWS\System32\drivers\WifiCx.sys [669184 2020-01-11] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2019-11-15] (HP Inc. -> HP)
S3 YMIDUSBW; C:\WINDOWS\system32\drivers\ymidusbx64.sys [43744 2015-07-28] (Yamaha Corporation -> Yamaha Corporation)
U4 2345Base; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVCx32: SpSvc -> C:\MobileEmuMaster\Utils\SpSvc.dll ()
NETSVCx32: HpSvc -> no filepath.
NETSVCx32: WpSvc -> no filepath.

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-03-22 15:26 - 2020-03-22 15:26 - 000000000 ____D C:\Users\Andrew\Desktop\FRST
2020-03-22 15:24 - 2020-03-22 15:27 - 000000000 ____D C:\FRST
2020-03-22 10:55 - 2020-03-22 10:55 - 000000000 ____D C:\run_extention
2020-03-22 10:42 - 2020-03-22 10:45 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\Ludashi
2020-03-22 10:42 - 2020-03-22 10:43 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\lockhomepage
2020-03-22 10:33 - 2020-03-22 10:33 - 000002376 _____ C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2020-03-22 09:48 - 2020-03-22 09:48 - 000090168 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON24.SYS
2020-03-22 09:32 - 2020-03-22 09:32 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\navplugin
2020-03-22 09:32 - 2020-03-22 09:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\手机模拟大师
2020-03-22 09:31 - 2020-03-22 09:31 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\360Login
2020-03-22 09:31 - 2020-03-22 09:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\小鸟壁纸
2020-03-22 09:29 - 2020-03-22 10:08 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\360wp
2020-03-22 09:29 - 2020-03-22 09:29 - 000000000 ____D C:\Program Files (x86)\360
2020-03-20 22:56 - 2020-03-20 22:56 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-03-20 22:56 - 2020-03-20 22:56 - 000002028 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-03-20 22:53 - 2020-03-22 09:54 - 145489920 _____ C:\WINDOWS\system32\config\SOFTWARE
2020-03-20 22:49 - 2020-03-20 22:53 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2020-03-20 22:48 - 2020-03-20 22:48 - 000000000 ____D C:\WINDOWS\system32\wslog
2020-03-20 22:30 - 2020-03-20 22:30 - 000003448 _____ C:\WINDOWS\system32\Tasks\360wp-srv
2020-03-20 22:30 - 2020-03-20 22:30 - 000003442 _____ C:\WINDOWS\system32\Tasks\LDSGameMaster
2020-03-20 22:16 - 2020-03-20 22:18 - 000000000 ____D C:\Users\Andrew\AppData\Local\File Viewer Plus 3
2020-03-20 22:16 - 2020-03-20 22:16 - 000000000 ____D C:\Users\Public\File Viewer Plus
2020-03-20 22:16 - 2020-03-20 22:16 - 000000000 ____D C:\Users\Andrew\AppData\Local\Sharpened_Productions
2020-03-20 21:32 - 2020-03-20 22:12 - 000000000 ____D C:\Program Files (x86)\Rich4
2020-03-20 21:23 - 2020-03-22 11:18 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\LDSGameCenter
2020-03-20 21:23 - 2020-03-22 09:37 - 000000000 ____D C:\Program Files (x86)\MasterPDF
2020-03-20 21:23 - 2020-03-20 21:24 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\MasterPDFData
2020-03-20 21:23 - 2020-03-20 21:23 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\ttmpdll
2020-03-20 21:23 - 2020-03-20 21:23 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\MiniPage_2345
2020-03-20 21:23 - 2020-03-20 21:23 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\LDSGameCenterSpecLog
2020-03-20 21:23 - 2020-03-20 21:23 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\D10B9980-8A16-4595-89C0-FD6EF580FAAA
2020-03-20 21:23 - 2020-03-20 21:23 - 000000000 ____D C:\Users\Andrew\AppData\Local\WeiDuan
2020-03-20 21:23 - 2019-05-09 05:54 - 000292864 _____ (成都奇鲁科技有限公司) C:\WINDOWS\SysWOW64\netload.dll
2020-03-20 21:22 - 2020-03-22 10:55 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\BirdWallpaper
2020-03-20 21:22 - 2020-03-22 09:33 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\LDSGameMaster
2020-03-20 21:22 - 2020-03-22 09:31 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\lds
2020-03-20 21:22 - 2020-03-20 21:28 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\360se6
2020-03-20 21:22 - 2020-03-20 21:23 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\2345DomainMon
2020-03-20 21:22 - 2020-03-20 21:23 - 000000000 ____D C:\ProgramData\{8A57FE28-84D9-4966-9ED1-25BA09A4D405}.tmp
2020-03-20 21:22 - 2020-03-20 21:22 - 000000000 ____D C:\Users\Andrew\Documents\手机模拟大师
2020-03-20 21:22 - 2020-03-20 21:22 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\Shield_2345Explorer
2020-03-20 21:22 - 2020-03-20 21:22 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\Sap
2020-03-20 21:22 - 2020-03-20 21:22 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\Osa
2020-03-20 21:22 - 2020-03-20 21:22 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\HY
2020-03-20 21:22 - 2020-03-20 21:22 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\2345PCSafe
2020-03-20 21:22 - 2020-03-20 21:22 - 000000000 ____D C:\ProgramData\{18B78A70-5AF2-427c-8D12-D3E4486EF6C6}.tmp
2020-03-20 21:22 - 2020-03-20 21:22 - 000000000 ____D C:\HYLiteResources
2020-03-20 21:21 - 2020-03-22 09:44 - 000000000 ____D C:\MobileEmuMaster
2020-03-20 21:21 - 2020-03-20 22:30 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\GameHall_2345
2020-03-20 21:21 - 2020-03-20 21:42 - 000000000 ____D C:\Users\Andrew\AppData\Local\ScreenSaver
2020-03-20 21:21 - 2020-03-20 21:25 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2020-03-20 21:21 - 2020-03-20 21:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
2020-03-20 21:21 - 2020-03-20 21:24 - 000000000 ____D C:\Users\Andrew\AppData\Local\HYLite
2020-03-20 21:21 - 2020-03-20 21:24 - 000000000 ____D C:\Users\Andrew\AppData\Local\HYFastSide
2020-03-20 21:21 - 2020-03-20 21:24 - 000000000 ____D C:\Program Files (x86)\HYLite
2020-03-20 21:21 - 2020-03-20 21:22 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\InsLogicCfg
2020-03-20 21:21 - 2020-03-20 21:22 - 000000000 ____D C:\Users\Andrew\AppData\Local\LDSGameMaster
2020-03-20 21:21 - 2020-03-20 21:22 - 000000000 ____D C:\Users\Andrew\AppData\Local\FLYSVR
2020-03-20 21:21 - 2020-03-20 21:21 - 000000000 ____D C:\Users\Andrew\AppData\Local\2345Explorer
2020-03-20 21:20 - 2020-03-20 21:25 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\Tencent
2020-03-20 21:19 - 2020-03-20 21:19 - 000000000 ____D C:\Users\Andrew\UIDowner
2020-03-20 19:30 - 2020-03-20 19:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2020-03-20 17:24 - 2020-03-20 17:24 - 000000015 _____ C:\Users\Andrew\Desktop\(ง'̀-'́)ง.txt
2020-03-19 18:19 - 2020-03-19 18:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2020-03-19 18:19 - 2020-03-19 18:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2020-03-19 18:19 - 2020-03-19 18:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2020-03-19 18:19 - 2020-03-19 18:19 - 000044552 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2020-03-18 20:39 - 2020-03-18 20:43 - 000001641 _____ C:\Users\Andrew\Desktop\                       .lnk
2020-03-18 20:31 - 2020-03-20 16:38 - 000000000 ____D C:\Users\Andrew\Google Drive
2020-03-18 20:27 - 2020-03-18 20:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2020-03-18 20:27 - 2020-03-18 20:27 - 000000000 ____D C:\Program Files\Google
2020-03-18 10:37 - 2020-03-18 10:41 - 000000000 ____D C:\Users\Andrew\Downloads\Autoit 123
2020-03-18 10:27 - 2020-03-18 10:27 - 000000000 ____D C:\Users\Andrew\AppData\Local\AutoIt v3
2020-03-18 10:26 - 2020-03-18 10:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3
2020-03-18 10:26 - 2020-03-18 10:42 - 000000000 ____D C:\Program Files (x86)\AutoIt3
2020-03-17 19:05 - 2020-03-09 22:37 - 011828832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2020-03-17 19:05 - 2020-03-09 22:37 - 010156472 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2020-03-17 19:05 - 2020-03-09 22:37 - 001729448 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2020-03-17 19:05 - 2020-03-09 22:37 - 001729448 _____ C:\WINDOWS\system32\vulkaninfo.exe
2020-03-17 19:05 - 2020-03-09 22:37 - 001329576 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-03-17 19:05 - 2020-03-09 22:37 - 001329576 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2020-03-17 19:05 - 2020-03-09 22:36 - 040501992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2020-03-17 19:05 - 2020-03-09 22:36 - 013317520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2020-03-17 19:05 - 2020-03-09 22:36 - 011313552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2020-03-17 19:05 - 2020-03-09 22:36 - 005377464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2020-03-17 19:05 - 2020-03-09 22:36 - 004715920 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2020-03-17 19:05 - 2020-03-09 22:36 - 002068592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2020-03-17 19:05 - 2020-03-09 22:36 - 001719408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6444253.dll
2020-03-17 19:05 - 2020-03-09 22:36 - 001561552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2020-03-17 19:05 - 2020-03-09 22:36 - 001483192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6444253.dll
2020-03-17 19:05 - 2020-03-09 22:36 - 001476536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2020-03-17 19:05 - 2020-03-09 22:36 - 001358800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2020-03-17 19:05 - 2020-03-09 22:36 - 001138824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2020-03-17 19:05 - 2020-03-09 22:36 - 001056184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2020-03-17 19:05 - 2020-03-09 22:36 - 000678000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2020-03-17 19:05 - 2020-03-09 22:36 - 000669928 _____ C:\WINDOWS\system32\nvofapi64.dll
2020-03-17 19:05 - 2020-03-09 22:36 - 000550328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2020-03-17 19:05 - 2020-03-09 22:36 - 000538552 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2020-03-17 19:05 - 2020-03-09 22:35 - 035371240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2020-03-17 19:05 - 2020-03-09 19:34 - 004232424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2020-03-12 19:54 - 2020-03-12 19:54 - 000000000 ____D C:\Program Files\Yamaha
2020-03-08 18:05 - 2020-03-20 22:34 - 000000368 _____ C:\WINDOWS\Tasks\HPCeeScheduleForAndrew.job
2020-03-08 18:05 - 2020-03-20 18:30 - 000003264 _____ C:\WINDOWS\system32\Tasks\HPCeeScheduleForAndrew
2020-03-05 18:56 - 2020-03-05 18:56 - 000843496 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_epid.dll
2020-03-05 18:56 - 2020-03-05 18:56 - 000841456 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_quote_ex.dll
2020-03-05 18:56 - 2020-03-05 18:56 - 000839408 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_launch.dll
2020-03-05 18:56 - 2020-03-05 18:56 - 000712944 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_epid.dll
2020-03-05 18:56 - 2020-03-05 18:56 - 000711432 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_quote_ex.dll
2020-03-05 18:56 - 2020-03-05 18:56 - 000708848 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_launch.dll
2020-03-05 18:56 - 2020-03-05 18:56 - 000130288 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_urts.dll
2020-03-05 18:56 - 2020-03-05 18:56 - 000109296 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_urts.dll
2020-03-05 18:56 - 2020-03-05 18:56 - 000069872 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_enclave_common.dll
2020-03-05 18:56 - 2020-03-05 18:56 - 000059632 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_enclave_common.dll
2020-03-05 18:56 - 2020-03-05 18:56 - 000054536 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_platform.dll
2020-03-05 18:56 - 2020-03-05 18:56 - 000048368 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_platform.dll
2020-03-05 18:56 - 2020-03-05 18:56 - 000038128 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_uae_service.dll
2020-03-05 18:56 - 2020-03-05 18:56 - 000037616 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_uae_service.dll
2020-03-03 17:32 - 2020-03-17 19:05 - 000000000 ____D C:\WINDOWS\LastGood
2020-03-02 16:51 - 2020-03-20 21:34 - 000000000 ____D C:\WINDOWS\Minidump
2020-03-01 11:38 - 2020-03-01 11:40 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\Parsec
2020-03-01 11:38 - 2020-03-01 11:38 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Parsec
2020-03-01 11:38 - 2020-03-01 11:38 - 000000000 ____D C:\Program Files\Parsec
2020-02-28 08:25 - 2020-02-28 08:25 - 052123443 _____ C:\Users\Andrew\Downloads\Cars.mp4
2020-02-26 17:45 - 2020-02-26 17:45 - 000000000 ___HD C:\OneDriveTemp
2020-02-24 18:31 - 2020-03-13 17:10 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2020-02-24 18:31 - 2020-02-24 18:31 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-03-22 15:22 - 2020-01-22 18:57 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-03-22 15:22 - 2020-01-11 10:00 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2020-03-22 12:29 - 2020-01-11 10:00 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-03-22 11:20 - 2020-01-11 10:00 - 000000000 ___HD C:\Program Files\WindowsApps
2020-03-22 11:20 - 2020-01-11 10:00 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-03-22 10:47 - 2020-01-22 19:09 - 002389328 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-03-22 10:47 - 2020-01-22 18:43 - 000432918 _____ C:\WINDOWS\system32\prfh0804.dat
2020-03-22 10:47 - 2020-01-22 18:43 - 000137496 _____ C:\WINDOWS\system32\prfc0804.dat
2020-03-22 10:47 - 2020-01-22 18:42 - 000776754 _____ C:\WINDOWS\system32\perfh019.dat
2020-03-22 10:47 - 2020-01-22 18:42 - 000156332 _____ C:\WINDOWS\system32\perfc019.dat
2020-03-22 10:47 - 2020-01-11 09:58 - 000000000 ____D C:\WINDOWS\INF
2020-03-22 10:44 - 2018-07-05 07:51 - 000000000 ____D C:\ProgramData\NVIDIA
2020-03-22 10:42 - 2020-01-22 19:05 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-03-22 10:42 - 2020-01-11 10:00 - 000000000 ____D C:\WINDOWS\ServiceState
2020-03-22 10:42 - 2018-09-30 08:31 - 000000000 ___RD C:\Users\Andrew\OneDrive - Erskine Stewart's Melville Schools
2020-03-22 10:42 - 2018-09-25 18:25 - 000000000 ___RD C:\Users\Andrew\OneDrive
2020-03-22 10:42 - 2018-09-25 18:23 - 000000000 __SHD C:\Users\Andrew\IntelGraphicsProfiles
2020-03-22 10:41 - 2020-01-22 18:57 - 000016384 ___SH C:\DumpStack.log.tmp
2020-03-22 10:34 - 2019-06-13 12:28 - 000000000 ____D C:\Users\Andrew\AppData\Local\SquirrelTemp
2020-03-22 10:33 - 2019-06-13 12:28 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Corporation
2020-03-22 09:54 - 2020-01-11 09:49 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2020-03-22 09:34 - 2020-01-22 19:05 - 000004168 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{108EF013-C19E-48FB-9AB3-5AF875793EFF}
2020-03-22 09:32 - 2020-01-22 19:05 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-03-22 09:32 - 2020-01-22 19:05 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-03-20 22:55 - 2019-09-09 10:57 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-03-20 22:55 - 2019-09-09 10:56 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-03-20 22:34 - 2020-01-22 18:57 - 000557080 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-03-20 22:26 - 2019-06-10 16:37 - 000000000 ____D C:\Users\Andrew\AppData\Local\CrashDumps
2020-03-20 21:34 - 2018-09-27 17:47 - 000000000 ____D C:\Users\Andrew\AppData\Local\D3DSCache
2020-03-20 21:19 - 2020-01-22 18:59 - 000000000 ____D C:\Users\Andrew
2020-03-20 21:10 - 2018-09-27 15:18 - 000000000 ____D C:\Users\Andrew\AppData\Local\ElevatedDiagnostics
2020-03-20 19:30 - 2018-09-25 18:29 - 000000000 ____D C:\Program Files (x86)\Dropbox
2020-03-20 16:23 - 2019-06-13 18:57 - 000000000 ____D C:\Users\Andrew\.atom
2020-03-20 14:07 - 2019-06-13 18:56 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2020-03-20 14:07 - 2019-06-13 18:56 - 000000000 ____D C:\Users\Andrew\AppData\Local\atom
2020-03-20 14:03 - 2019-06-13 18:56 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\Atom
2020-03-20 13:57 - 2020-01-23 07:53 - 000000000 ____D C:\Users\Andrew\AppData\Local\Deployment
2020-03-20 13:53 - 2018-09-26 17:54 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-03-20 12:00 - 2020-01-22 19:05 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2020-03-19 08:30 - 2019-09-09 18:58 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\.minecraft
2020-03-18 20:27 - 2018-09-25 18:30 - 000000000 ____D C:\Users\Andrew\AppData\Local\Google
2020-03-18 20:23 - 2018-09-25 18:32 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2020-03-18 10:26 - 2019-10-01 19:23 - 000000000 ____D C:\WINDOWS\ShellNew
2020-03-18 10:18 - 2020-01-21 20:08 - 000001342 _____ C:\Users\Andrew\Desktop\test.bat.lnk
2020-03-18 10:17 - 2020-01-22 19:05 - 000003658 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2020-03-18 10:00 - 2019-06-13 18:32 - 000000000 ____D C:\Users\Andrew\AppData\Local\Package Cache
2020-03-18 09:59 - 2020-02-05 18:26 - 000002403 _____ C:\Users\Public\Desktop\                      .lnk
2020-03-18 09:59 - 2020-02-05 18:26 - 000002403 _____ C:\ProgramData\Desktop\                      .lnk
2020-03-18 09:56 - 2020-02-05 18:26 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-03-17 19:06 - 2020-01-11 10:00 - 000000000 ____D C:\WINDOWS\Help
2020-03-17 19:06 - 2018-07-05 07:51 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2020-03-17 19:06 - 2018-07-05 07:51 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2020-03-16 18:14 - 2019-10-20 18:18 - 000001107 _____ C:\Users\Andrew\Desktop\WinDirStat.lnk
2020-03-14 11:24 - 2020-01-11 10:00 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-03-14 11:20 - 2018-10-02 18:14 - 000000000 ____D C:\Program Files\Microsoft Office
2020-03-13 17:03 - 2019-09-23 18:12 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2020-03-12 19:54 - 2018-02-02 13:05 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2020-03-12 19:53 - 2019-07-26 17:27 - 000000000 ____D C:\Users\Andrew\AppData\Local\Downloaded Installations
2020-03-10 17:18 - 2020-01-22 19:05 - 000003206 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2020-03-10 17:18 - 2019-09-23 18:13 - 000002181 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-03-09 22:36 - 2019-12-11 18:34 - 023243704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2020-03-09 19:34 - 2019-12-11 18:34 - 004965992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2020-03-09 19:14 - 2019-12-11 18:34 - 000055923 _____ C:\WINDOWS\system32\nvinfo.pb
2020-03-01 11:37 - 2018-09-25 18:23 - 000000000 ____D C:\Users\Andrew\AppData\Local\NVIDIA Corporation
2020-03-01 11:37 - 2018-07-05 07:51 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2020-02-29 20:50 - 2018-12-25 09:52 - 000000000 ____D C:\ProgramData\Logishrd
2020-02-28 13:47 - 2020-01-22 18:10 - 000000000 ___DC C:\WINDOWS\Panther
2020-02-28 13:47 - 2019-03-20 19:39 - 000000000 ____D C:\Program Files (x86)\Steam
2020-02-27 19:26 - 2018-09-26 17:45 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-02-27 19:23 - 2018-09-26 17:44 - 120407888 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-02-26 20:38 - 2020-01-30 21:20 - 000000354 _____ C:\Users\Andrew\Documents\AlwaysOnTop.ahk
2020-02-26 18:58 - 2018-09-25 18:40 - 000000000 ____D C:\Users\Andrew\AppData\Local\PlaceholderTileLogoFolder
2020-02-26 18:58 - 2018-09-25 18:23 - 000000000 ____D C:\Users\Andrew\AppData\Local\Packages
2020-02-26 17:57 - 2019-10-24 15:49 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\Visions of Chaos
2020-02-26 17:56 - 2019-10-24 15:51 - 000001132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visions of Chaos.lnk
2020-02-26 17:56 - 2019-10-24 15:51 - 000001120 _____ C:\Users\Andrew\Desktop\Visions of Chaos.lnk
2020-02-26 17:56 - 2019-10-24 15:50 - 000000000 ____D C:\Program Files (x86)\Visions of Chaos
2020-02-26 10:46 - 2018-07-05 07:51 - 005572072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2020-02-26 10:46 - 2018-07-05 07:51 - 002632168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2020-02-26 10:46 - 2018-07-05 07:51 - 001760232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2020-02-26 10:46 - 2018-07-05 07:51 - 000661992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2020-02-26 10:46 - 2018-07-05 07:51 - 000447464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2020-02-26 10:46 - 2018-07-05 07:51 - 000121144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2020-02-26 10:46 - 2018-07-05 07:51 - 000075752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2020-02-26 10:36 - 2018-07-05 07:51 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2020-02-24 18:31 - 2019-11-09 08:22 - 000000045 _____ C:\WINDOWS\SysWOW64\initdebug.nfo

==================== Files in the root of some directories ========

2019-01-27 11:33 - 2019-12-12 19:40 - 000007607 _____ () C:\Users\Andrew\AppData\Local\Resmon.ResmonCfg
2020-01-01 13:08 - 2020-01-01 13:13 - 000000066 _____ () C:\Users\Andrew\AppData\Local\uts.ini

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

I have attached the Addition.txt file.

Thank you very much!

Addition.txt

Share this post


Link to post
Share on other sites

Hi,

The program in bold is a potentially unwanted applications (PUAs) Decide if you want to keep it.
https://www.sophos.com/en-us/threat-center/spyware-and-adware.aspx
Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 8.2.0.2 - Auslogics Labs Pty Ltd)
Use the the Control Panel > Programs > Programs and Features if you decide to remove it
===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

fixlist.txt

Share this post


Link to post
Share on other sites

Hello,

Thank you very much, but this has not helped. I have noticed that after each fixing attempt, when I log in after restarting it takes longer than usual. I think that somehow the malware is being reinstalled during this time. I have attached the fixlist.txt file, and two images showing issues. Also, Auslogics Registry Cleaner is a wanted program.

Thank you.

rightclick.png

processes.png

Fixlog.txt

Share this post


Link to post
Share on other sites

Hi,

Did you execute the Fix?

I was waiting for the FixLog.txt and you posted my Fixlist.

===

Are the programs you underlined in the image present in any of the logs?

If yes what are they and do wish to remove them.

p.s.

You can Remove these programs via the Control Panel > Programs > Programs and Features

Restart the computer when done.

 

Share this post


Link to post
Share on other sites

I have been recieving the below error when I tried to send my reply, so I sent it as an image.

*** We’re sorry but our system has detected wording in your post consistent with spam, It may be by accident, please try changing the wording and try to post again.
If you’re still unable to, then please contact our Helpdesk at the following link:

https://support.malwarebytes.com/community/consumer/pages/contact-us


Thank you
***

reply.png

Fixlog.txt

Share this post


Link to post
Share on other sites
Posted (edited)


Hi,

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.

The location is listed in the 3rd line of the FRST.txt log you have submitted. 

Run FRST and click Fix only once and wait. <- Right click on the program (FRST) (x64).exe and run it as an Administrator before you run the fix.


The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

p.s.

If the problem persists please run the Farbar program and attach fresh logs for my review.

fixlist.txt

Edited by nasdaq

Share this post


Link to post
Share on other sites

Dear Nasdaq,

Thank you very much! Using a combination of Malwarebytes, manually editing the registry and FRST, I have gotten most of the problems fixed. There are still traces of programs left over, but it is mostly unnoticable. Once again, thank you.

Share this post


Link to post
Share on other sites

You can use the Farbar program to SEARCH for files or the Registry.

Let me know if you need help.

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.