Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-11-2021 Ran by SYSTEM on HBCD_PE (17-11-2021 23:51:14) Running from C:\Users\48607\Desktop Platform: Windows 10 Home Version 20H2 19042.1165 (X64) Language: English (United States) Boot Mode: Recovery Default: ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b] ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1138976 2020-08-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (No File) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [134936 2021-11-07] (Avast Software s.r.o. -> AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle America, Inc. -> Oracle Corporation) HKU\48607\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe (No File) HKU\48607\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4267928 2021-10-13] (Valve -> Valve Corporation) HKU\48607\...\Run: [com.squirrel.Teams.Teams] => C:\Users\48607\AppData\Local\Microsoft\Teams\Update.exe [2455256 2021-10-29] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKU\48607\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [33249248 2021-06-15] (Epic Games Inc. -> Epic Games, Inc.) HKU\48607\...\Run: [Taskbar system] => C:\Users\48607\AppData\Local\Programs\Taskbar system\TaskbarSystem.exe [918040 2021-01-13] (Globalhop Ltd TOO -> ) HKU\48607\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize (No File) HKU\48607\...\Run: [Medal] => C:\Users\48607\AppData\Local\Medal\update.exe [1901144 2021-05-15] (Ferox Games B.V. -> ) HKU\48607\...\Run: [Gaijin.Net Updater] => C:\Users\48607\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2374376 2020-12-03] (Gaijin Network LTD -> Gaijin) HKU\48607\...\Run: [Opera GX Browser Assistant] => C:\Users\48607\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software) HKU\48607\...\Run: [qpyizhzm] => "C:\Users\48607\mrqoekti.exe" (No File) HKU\Default\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe (No File) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "Y:\Programs\Google Chrome\91.0.4472.106\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome BootExecute: autocheck autochk * aswBoot.exe /M:15212392a /dir:"C:\Program Files\Avast Software\Avast" HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0116A6B3-1C6C-43EB-8B5B-835052493774} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138600 2021-11-17] (Microsoft Corporation -> Microsoft Corporation) Task: {0F008CCC-AC7D-42F1-A7A3-B0FF7D841BDD} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1778456 2021-11-07] (Avast Software s.r.o. -> Avast Software) Task: {12DF3F8A-9612-48CA-AE38-2818FA70CA73} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\Windows\System32\WinBioPlugIns\FaceFodUninstaller.exe [507392 2021-07-16] () Task: {132BC5F3-46D3-4D76-8065-89D2D983E054} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644472 2019-06-21] (HP Inc. -> HP Inc.) Task: {17730DAC-F6FE-4834-877B-143388AE1122} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1122992 2021-09-03] (HP Inc. -> HP Inc.) Task: {19D611A3-F886-47A0-BC99-8209E8B1D70D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-17] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {1B4B3D75-8C6A-4874-BAA5-3C20F34BC248} - System32\Tasks\Firefox Default Browser Agent 8609518ECBEF10C9 => C:\Users\48607\AppData\Roaming\gictead.exe (No File) <==== ATTENTION Task: {2EBD38A5-C574-4335-9B4D-5EA59FC71D81} - System32\Tasks\Agent Activation Runtime\S-1-5-21-1138517282-2312738049-3737462855-1001 => C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe [13312 2021-05-14] () Task: {397F3EA7-67B0-4AB5-84B9-609705F84A34} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1907712 2021-02-25] () Task: {42A5FC33-4A90-41D8-B8DD-81038CC5A6C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2021-03-19] (Google Inc -> Google LLC) Task: {4FCB2CF8-07C9-4EF4-B346-40ADCD134B0A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation) Task: {50F02AFB-4E35-4CDA-A363-FCD6273F3770} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-17] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {5100A477-348F-48CA-A0F9-BA0C7018AC24} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1138517282-2312738049-3737462855-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File) Task: {57AA5C18-C48D-448D-A9B9-2734C055538D} - System32\Tasks\PowerControl LG => C:\Program [Argument = Files (x86)\PowerControl\PowerControl_Svc.exe] Task: {57DB16C9-24C0-4203-A52F-A15AE86D289C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [136368 2021-09-03] (HP Inc. -> HP Inc.) Task: {6A413D15-1DEF-4701-8275-1CF2796155AC} - System32\Tasks\Opera GX scheduled Autoupdate 1636018122 => C:\Users\48607\AppData\Local\Programs\Opera GX\launcher.exe [46162128 2021-11-04] (Opera Software AS -> Opera Software) Task: {6BCDAF23-4B76-47E9-A805-673CBC8944E3} - System32\Tasks\PowerControl HR => C:\Program [Argument = Files (x86)\PowerControl\PowerControl_Svc.exe] Task: {76AD6414-C1CA-4856-BD22-B0156D4B6172} - System32\Tasks\Opera scheduled Autoupdate 1631214923 => C:\Users\48607\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File) Task: {84FB857F-B7F0-448E-8070-16483F81FD93} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1122992 2021-09-03] (HP Inc. -> HP Inc.) Task: {859AE05D-0CEE-4EB7-9476-F0A65446FAD9} - System32\Tasks\Opera scheduled assistant Autoupdate 1631214934 => C:\Users\48607\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\48607\AppData\Local\Programs\Opera\assistant" $(Arg0) Task: {88BA1716-CF4D-4333-97F1-D5D63D5C36EB} - System32\Tasks\McAfee\Microsoft.Medisystem-security-lsalookup-l1-1-0 => C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /unregister /silent C:\ProgramData\PerformApplication\BitsAvts\EXCNe_Remottror.dll Task: {8E910688-3B90-49A6-BB9C-E5086088B0F8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-17] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {97132557-02CC-4E0A-A2B8-9F2602D5580A} - System32\Tasks\HP\Consent Manager Launcher => sc start hptouchpointanalyticsservice Task: {99B13F0E-F7B3-44FC-A434-48C177A3C00C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation) Task: {AD06763C-A366-4B35-A384-F3BB1B5A1F68} - System32\Tasks\Firefox Default Browser Agent 2377BC8CC93ED2E5 => C:\Users\48607\AppData\Roaming\ijctead.exe (No File) <==== ATTENTION Task: {BEAE783B-1479-4441-83E5-53ED1441521F} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1636058309 => C:\Users\48607\AppData\Local\Programs\Opera GX\launcher.exe [46162128 2021-11-04] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\48607\AppData\Local\Programs\Opera GX\assistant" $(Arg0) Task: {D2985225-477A-43A5-9F98-12DF96C04C51} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [754104 2021-01-07] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.) Task: {DFE7460E-99FA-4ED7-B730-752AAC99E4A6} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4974872 2021-11-07] (Avast Software s.r.o. -> AVAST Software) Task: {E335A5FA-A106-4FA1-A278-E4F29D81B552} - System32\Tasks\Firefox Default Browser Agent 6EB9C032415C933F => C:\Users\48607\AppData\Roaming\arctead.exe (No File) <==== ATTENTION Task: {F0AAA00D-D0BB-4DC8-B4A8-E107C0596F8D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138600 2021-11-17] (Microsoft Corporation -> Microsoft Corporation) Task: {F2341DB3-3B8E-41CA-8E2A-9AF554DBDFC3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2021-03-19] (Google Inc -> Google LLC) Task: {F3ADC431-8775-4990-A7D7-E28EB343B9B3} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1138517282-2312738049-3737462855-1001 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) "HKLM\System\ControlSet001\Services\{DB437C57-08A3-47e9-ACFF-111254F830DF}" => removed successfully C:\Windows\System32\drivers\eG0U5WRwFT8.sys => moved successfully S3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8376400 2021-11-07] (Avast Software s.r.o. -> AVAST Software) S2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [680728 2021-11-07] (Avast Software s.r.o. -> AVAST Software) S2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [427800 2021-11-07] (Avast Software s.r.o. -> AVAST Software) S2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-11-07] (Avast Software s.r.o. -> AVAST Software) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8906088 2021-07-23] (BattlEye Innovations e.K. -> ) S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12034464 2021-11-04] (Microsoft Corporation -> Microsoft Corporation) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [818304 2021-06-08] (EasyAntiCheat Oy -> Epic Games, Inc) S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [926176 2021-03-16] (Epic Games Inc. -> Epic Games, Inc.) S2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1321096 2018-09-28] (HP Inc. -> HP Inc.) S2 HPAppHelperCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_a12b4806152ca26b\x64\AppHelperCap.exe [744000 2021-08-09] (HP Inc. -> HP Inc.) S2 HPDiagsCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_a12b4806152ca26b\x64\DiagsCap.exe [742976 2021-08-09] (HP Inc. -> HP Inc.) S2 HPNetworkCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_a12b4806152ca26b\x64\NetworkCap.exe [742992 2021-08-09] (HP Inc. -> HP Inc.) S2 HPSysInfoCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_a12b4806152ca26b\x64\SysInfoCap.exe [742992 2021-08-09] (HP Inc. -> HP Inc.) S2 HpTouchpointAnalyticsService; C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_35df954651b1f88f\x64\TouchpointAnalyticsClientService.exe [489584 2021-06-18] (HP Inc. -> HP Inc.) S2 MEmuSVC; C:\Program Files (x86)\Microvirt\MEmu\MemuService.exe [85304 2019-09-12] (Shanghai Microvirt Software Technology Co., Ltd. -> ) S4 ssh-agent; C:\Windows\System32\OpenSSH\ssh-agent.exe [382976 2021-05-14] () S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-17] (Microsoft Windows Publisher -> Microsoft Corporation) S2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-17] (Microsoft Windows Publisher -> Microsoft Corporation) S3 wuauserv; C:\WINDOWS\system32\svchost.exe [57360 2021-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) S3 wuauserv; C:\WINDOWS\SysWOW64\svchost.exe [47016 2021-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) S2 HPPrintScanDoctorService; "C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe" [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S0 2c18aeac7; C:\Windows\System32\drivers\2c18aeac7.sys [247464 2021-11-17] (Microsoft Windows Hardware Compatibility Publisher -> Doctor Web, Ltd.) S1 afunix; C:\Windows\system32\drivers\afunix.sys [41984 2021-07-16] (Microsoft Corporation) S1 afunix; C:\Windows\SysWOW64\drivers\afunix.sys [29696 2021-07-16] (Microsoft Corporation) S3 AmUStor; C:\Windows\system32\drivers\AmUStorU.sys [127936 2019-07-02] (Alcorlink Corp. -> ) S3 applockerfltr; C:\Windows\System32\drivers\applockerfltr.sys [18432 2021-07-07] (Microsoft Corporation) S5 AppServiceb; C:\Windows\System32\svchost.exe [57360 2021-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) S0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [35704 2021-11-07] (Avast Software s.r.o. -> AVAST Software) S1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [222112 2021-11-07] (Avast Software s.r.o. -> AVAST Software) S1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [367656 2021-11-17] (Avast Software s.r.o. -> AVAST Software) S0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [250392 2021-11-07] (Avast Software s.r.o. -> AVAST Software) S0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [99344 2021-11-07] (Avast Software s.r.o. -> AVAST Software) S0 aswElam; C:\Windows\System32\drivers\aswElam.sys [21936 2021-11-07] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software) S1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [41344 2021-11-07] (Avast Software s.r.o. -> AVAST Software) S1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [184648 2021-11-07] (Avast Software s.r.o. -> AVAST Software) S1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [538976 2021-11-07] (Avast Software s.r.o. -> AVAST Software) S1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [107848 2021-11-07] (Avast Software s.r.o. -> AVAST Software) S0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [82904 2021-11-07] (Avast Software s.r.o. -> AVAST Software) S1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [852216 2021-11-07] (Avast Software s.r.o. -> AVAST Software) S1 aswSP; C:\Windows\System32\drivers\aswSP.sys [557648 2021-11-07] (Avast Software s.r.o. -> AVAST Software) S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [214384 2021-11-07] (Avast Software s.r.o. -> AVAST Software) S0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [317696 2021-11-17] (Avast Software s.r.o. -> AVAST Software) S2 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv_bgp.sys [315976 2020-10-04] (Bluestack Systems, Inc -> Bluestack System Inc.) S3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [117760 2021-07-16] (Microsoft Corporation) S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) S3 BthEnum; C:\Windows\System32\drivers\BthEnum.sys [113664 2021-08-15] (Microsoft Corporation) S3 BthMini; C:\Windows\System32\drivers\BTHMINI.sys [45568 2021-08-15] (Microsoft Corporation) S3 BTHPORT; C:\Windows\System32\drivers\BTHport.sys [1563136 2021-08-15] (Microsoft Corporation) S3 BTHUSB; C:\Windows\System32\drivers\BTHUSB.sys [110592 2021-08-15] (Microsoft Corporation) S1 cdrom; C:\Windows\System32\drivers\cdrom.sys [181248 2021-06-14] (Microsoft Corporation) S1 CimFS; C:\Windows\System32\Drivers\CimFS.sys [97792 2021-07-07] () S2 CldFlt; C:\Windows\System32\drivers\cldflt.sys [496128 2021-07-16] (Microsoft Corporation) S3 HDAudBus; C:\Windows\System32\drivers\HDAudBus.sys [139776 2021-07-07] (Microsoft Corporation) S3 HPCustomCapDriver; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1f5602eb8a12ac4c\x64\hpcustomcapdriver.sys [25024 2019-04-18] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc.) S3 iaLPSS2_I2C_ICL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_icl.inf_amd64_c8c0638291b9b209\iaLPSS2_I2C_ICL.sys [200456 2020-04-27] (Intel Corporation -> Intel Corporation) S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [90112 2021-05-14] (Microsoft Corporation) S3 MbbCx; C:\Windows\System32\drivers\MbbCx.sys [391168 2021-07-07] (Microsoft Corporation) S1 MEmuDrv; C:\Windows\system32\DRIVERS\MEmuDrv.sys [320360 2021-01-04] (Shanghai Microvirt Software Technology Co., Ltd. -> Maiwei Corporation) S3 monitor; C:\Windows\System32\drivers\monitor.sys [83968 2021-08-15] (Microsoft Corporation) S3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [741888 2021-08-15] (Microsoft Corporation) S3 NdisWan; C:\Windows\System32\drivers\ndiswan.sys [212992 2021-08-15] (Microsoft Corporation) S3 ndiswanlegacy; C:\Windows\System32\DRIVERS\ndiswan.sys [212992 2021-08-15] (Microsoft Corporation) S2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [823296 2021-06-14] (Microsoft Corporation) S3 RasAgileVpn; C:\Windows\System32\drivers\AgileVpn.sys [113152 2021-05-14] (Microsoft Corporation) S3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [787968 2021-07-16] (Microsoft Corporation) S3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [315392 2021-06-14] (Microsoft Corporation) S3 TsUsbGD; C:\Windows\System32\drivers\TsUsbGD.sys [37888 2021-08-15] (Microsoft Corporation) S3 usbaudio; C:\Windows\system32\drivers\usbaudio.sys [201728 2021-07-07] (Microsoft Corporation) S3 usbprint; C:\Windows\System32\drivers\usbprint.sys [37376 2021-08-15] (Microsoft Corporation) S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [48520 2021-11-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [435424 2021-11-17] (Microsoft Windows -> Microsoft Corporation) S3 wdiwifi; C:\Windows\System32\DRIVERS\wdiwifi.sys [951808 2021-08-15] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-17] (Microsoft Windows -> Microsoft Corporation) S3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP) S1 aswbdisk; no ImagePath S1 ncijozdb; \??\C:\WINDOWS\system32\drivers\ncijozdb.sys [X] UpperFilters: [{4D36E967-E325-11CE-BFC1-08002BE10318}] -> [partmgr aswArDisk] UpperFilters: [{4D36E96B-E325-11CE-BFC1-08002BE10318}] -> [ETD aswKbd kbdclass] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (All) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-11-17 23:51 - 2021-11-17 23:51 - 000020834 _____ C:\Users\48607\Desktop\FRST.txt 2021-11-17 23:47 - 2021-11-17 23:47 - 002311680 _____ (Farbar) C:\Users\48607\Desktop\FRST64.exe 2021-11-17 23:47 - 2021-11-17 23:47 - 000000000 ____D C:\FRST 2021-11-17 23:32 - 2021-11-17 23:32 - 000000512 _____ C:\lsfc.isk20211117233242005.isk 2021-11-17 23:32 - 2021-11-17 23:32 - 000000435 _____ C:\lsmc.isk 2021-11-17 23:05 - 2021-11-17 21:53 - 000131072 _____ C:\Windows\System32\config\sam-ms 2021-11-17 21:49 - 2021-11-17 23:00 - 022806528 _____ C:\Windows\System32\config\SYSTEM 2021-11-17 21:42 - 2021-11-17 21:42 - 000247464 _____ (Doctor Web, Ltd.) C:\Windows\System32\Drivers\2c18aeac7.sys 2021-11-17 21:31 - 2021-11-17 21:42 - 000000000 ____D C:\Users\48607\Doctor Web 2021-11-17 21:30 - 2021-11-17 21:31 - 260874720 _____ C:\Users\48607\Downloads\mfdy8l3j.exe 2021-11-11 08:54 - 2021-11-11 08:54 - 721890644 _____ C:\Windows\MEMORY.DMP 2021-11-11 08:54 - 2021-11-11 08:54 - 000708132 _____ C:\Windows\Minidump\111121-11781-01.dmp 2021-11-11 08:54 - 2021-11-07 13:20 - 000340248 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe 2021-11-11 08:29 - 2021-11-17 21:50 - 106692608 _____ C:\Windows\System32\config\software 2021-11-11 08:21 - 2021-11-11 08:21 - 000000000 ____D C:\Users\48607\AppData\LocalLow\Adobe 2021-11-07 20:46 - 2021-11-11 08:54 - 000000000 ____D C:\Windows\Minidump 2021-11-07 20:14 - 2021-11-11 08:29 - 000000000 ____D C:\Windows\Microsoft Antimalware 2021-11-07 14:31 - 2021-11-07 14:31 - 000000000 ____D C:\sh5ldr 2021-11-07 14:30 - 2021-11-07 14:30 - 000000000 ____D C:\Program Files\EnigmaSoft 2021-11-07 13:41 - 2021-11-07 13:51 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job 2021-11-07 13:40 - 2021-11-07 13:40 - 000000000 ____D C:\Windows\pss 2021-11-07 13:38 - 2021-11-07 13:38 - 000003192 _____ C:\Windows\System32\Tasks\klcp_update 2021-11-07 13:37 - 2021-11-07 13:37 - 000001058 _____ C:\Users\Public\Desktop\Wondershare Recoverit.lnk 2021-11-07 13:37 - 2021-11-07 13:37 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2021-11-07 13:34 - 2021-11-07 13:34 - 001264416 _____ C:\Users\48607\Downloads\recoverit_setup_full4134.exe 2021-11-07 13:23 - 2021-11-11 08:54 - 000002083 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2021-11-07 13:23 - 2021-11-07 13:23 - 000000000 ____D C:\Users\48607\AppData\Roaming\Avast Software 2021-11-07 13:23 - 2021-11-07 13:23 - 000000000 ____D C:\Users\48607\AppData\Local\Avast Software 2021-11-07 13:21 - 2021-11-17 21:14 - 000367656 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbidsdriver.sys 2021-11-07 13:21 - 2021-11-17 21:14 - 000317696 _____ (AVAST Software) C:\Windows\System32\Drivers\aswVmm.sys 2021-11-07 13:21 - 2021-11-15 09:37 - 000004264 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2021-11-07 13:21 - 2021-11-07 13:21 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software 2021-11-07 13:21 - 2021-11-07 13:21 - 000000000 ____D C:\Program Files\Common Files\Avast Software 2021-11-07 13:21 - 2021-11-07 13:20 - 000852216 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys 2021-11-07 13:21 - 2021-11-07 13:20 - 000557648 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys 2021-11-07 13:21 - 2021-11-07 13:20 - 000538976 _____ (AVAST Software) C:\Windows\System32\Drivers\aswNetHub.sys 2021-11-07 13:21 - 2021-11-07 13:20 - 000372232 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbidsdriver.sys.163718369726510 2021-11-07 13:21 - 2021-11-07 13:20 - 000250392 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbidsh.sys 2021-11-07 13:21 - 2021-11-07 13:20 - 000222112 _____ (AVAST Software) C:\Windows\System32\Drivers\aswArPot.sys 2021-11-07 13:21 - 2021-11-07 13:20 - 000214384 _____ (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys 2021-11-07 13:21 - 2021-11-07 13:20 - 000184648 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys 2021-11-07 13:21 - 2021-11-07 13:20 - 000107848 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys 2021-11-07 13:21 - 2021-11-07 13:20 - 000099344 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbuniv.sys 2021-11-07 13:21 - 2021-11-07 13:20 - 000082904 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRvrt.sys 2021-11-07 13:21 - 2021-11-07 13:20 - 000041344 _____ (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys 2021-11-07 13:21 - 2021-11-07 13:20 - 000035704 _____ (AVAST Software) C:\Windows\System32\Drivers\aswArDisk.sys 2021-11-07 13:21 - 2021-11-07 13:20 - 000021936 _____ (AVAST Software) C:\Windows\System32\Drivers\aswElam.sys 2021-11-07 13:18 - 2021-11-07 13:18 - 000000000 ____D C:\Program Files\Avast Software 2021-11-07 13:17 - 2021-11-07 13:17 - 000234280 _____ (AVAST Software) C:\Users\48607\Downloads\avast_free_antivirus_setup_online.exe 2021-11-07 13:14 - 2021-11-07 13:14 - 000001116 _____ C:\Users\48607\_readme.txt 2021-11-07 13:14 - 2021-11-07 13:14 - 000000000 ____D C:\SystemID 2021-11-07 13:13 - 2021-11-07 13:13 - 000000000 ____D C:\ProgramData\KNI6N1OGDHHL4IUTOH153TPAK 2021-11-07 13:12 - 2021-11-07 13:14 - 000003728 _____ C:\Windows\System32\Tasks\Firefox Default Browser Agent 6EB9C032415C933F 2021-11-07 13:12 - 2021-11-07 13:13 - 000000000 ____D C:\Users\48607\AppData\LocalLow\hC6_zT4pC2 2021-11-07 13:12 - 2021-11-07 13:12 - 000000000 ____D C:\Users\48607\AppData\Roaming\mwanza 2021-11-07 13:12 - 2021-11-07 13:12 - 000000000 ____D C:\Users\48607\AppData\LocalLow\iT6tF6rB9 2021-11-07 13:12 - 2021-11-07 13:12 - 000000000 ____D C:\Users\48607\AppData\Local\Calculator 2021-11-07 13:10 - 2021-11-07 13:27 - 000000000 ____D C:\Users\48607\AppData\Roaming\Smart Clock 2021-11-07 13:10 - 2021-11-07 13:14 - 011343182 _____ C:\Users\48607\mrqoekti.exe.irfk 2021-11-07 13:10 - 2021-11-07 13:14 - 000413006 _____ C:\Users\48607\Documents\9E_HDyXn4fOaGxukEDwZib3e.exe.irfk 2021-11-07 13:10 - 2021-11-07 13:11 - 000000000 ____D C:\Users\48607\AppData\Roaming\warmded 2021-11-07 13:10 - 2021-11-07 13:10 - 000003728 _____ C:\Windows\System32\Tasks\Firefox Default Browser Agent 8609518ECBEF10C9 2021-11-07 13:10 - 2021-11-07 13:10 - 000000000 ____D C:\ProgramData\DW12EXI4JWL9HNO9NSPL9KVG2 2021-11-07 13:10 - 2021-11-07 13:10 - 000000000 ____D C:\ProgramData\5Q1KZE2W5LBAFRCQDP6BJQOJ6 2021-11-07 13:09 - 2021-11-07 13:27 - 000000000 ____D C:\Users\48607\AppData\Roaming\Calculator 2021-11-07 13:09 - 2021-11-07 13:14 - 000003728 _____ C:\Windows\System32\Tasks\Firefox Default Browser Agent 2377BC8CC93ED2E5 2021-11-07 13:09 - 2021-11-07 13:14 - 000000000 ____D C:\Users\48607\Documents\VlcpVideoV1.0.1 2021-11-07 13:09 - 2021-11-07 13:10 - 000000000 ____D C:\Users\48607\AppData\Roaming\tor 2021-11-07 13:09 - 2021-11-07 13:09 - 000046488 _____ C:\END 2021-11-07 13:09 - 2021-11-07 13:09 - 000000000 ____D C:\ProgramData\Y6OKL7UQNILX3ATNZKE9MWLX8 2021-11-07 13:09 - 2021-11-07 13:09 - 000000000 ____D C:\ProgramData\LYUW1LLM6B5FTFJDNI2WCDTP2 2021-11-07 13:09 - 2021-11-07 13:09 - 000000000 ____D C:\ProgramData\743LZ40W3KGMC8HQK1LUT2K3U 2021-11-07 13:09 - 2021-11-07 13:09 - 000000000 ____D C:\Program Files (x86)\Company 2021-11-07 12:14 - 2021-11-07 13:38 - 000000000 ____D C:\Program Files\Counter-Strike Source 2021-11-04 20:38 - 2021-11-04 20:38 - 000004478 _____ C:\Windows\System32\Tasks\Opera GX scheduled assistant Autoupdate 1636058309 2021-11-04 09:28 - 2021-11-04 20:38 - 000004218 _____ C:\Windows\System32\Tasks\Opera GX scheduled Autoupdate 1636018122 2021-11-04 09:28 - 2021-11-04 09:28 - 000001449 _____ C:\Users\48607\Desktop\Opera GX Browser.lnk 2021-10-31 07:36 - 2021-10-31 07:36 - 000002178 _____ C:\Users\48607\Desktop\Cookie Run Kingdom.lnk 2021-10-30 19:45 - 2021-11-02 10:39 - 000000000 ____D C:\Users\48607\AppData\Local\Enlisted 2021-10-30 19:45 - 2021-10-30 19:45 - 000002018 _____ C:\Users\48607\Desktop\Enlisted.lnk 2021-10-30 19:45 - 2021-10-30 19:45 - 000000000 ____D C:\Users\48607\AppData\Local\Gaijin 2021-10-30 19:45 - 2021-10-30 19:45 - 000000000 ____D C:\ProgramData\Gaijin ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-11-17 21:49 - 2021-03-19 21:22 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2021-11-17 21:49 - 2021-03-19 17:10 - 000000000 ____D C:\users\48607 2021-11-17 21:49 - 2020-10-02 13:12 - 000000000 ____D C:\ProgramData\Avast Software 2021-11-17 21:49 - 2019-12-07 09:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-11-17 21:49 - 2019-12-07 09:03 - 022806528 _____ C:\Windows\System32\config\BCD000000 2021-11-17 21:49 - 2019-12-07 09:03 - 000786432 _____ C:\Windows\System32\config\BBI 2021-11-17 21:31 - 2021-03-19 21:25 - 000000000 ____D C:\Program Files (x86)\Google 2021-11-17 21:29 - 2019-04-15 15:38 - 000000000 ____D C:\Windows\System32\Drivers\wd 2021-11-17 21:22 - 2019-12-07 09:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-11-17 21:22 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\AppReadiness 2021-11-17 21:20 - 2021-03-19 21:19 - 001786626 _____ C:\Windows\System32\PerfStringBackup.INI 2021-11-17 21:20 - 2019-12-07 15:08 - 000789042 _____ C:\Windows\System32\perfh015.dat 2021-11-17 21:20 - 2019-12-07 15:08 - 000163858 _____ C:\Windows\System32\perfc015.dat 2021-11-17 21:20 - 2019-12-07 09:13 - 000000000 ____D C:\Windows\INF 2021-11-17 21:19 - 2019-11-29 00:30 - 000000000 ____D C:\Program Files\Microsoft Office 2021-11-17 21:18 - 2021-09-09 19:19 - 000002219 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2021-11-17 21:18 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\System 2021-11-17 21:16 - 2021-04-13 14:18 - 000003416 _____ C:\Windows\System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d71d05c7dcdffe 2021-11-17 21:16 - 2021-03-19 21:22 - 000003510 _____ C:\Windows\System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-11-17 21:13 - 2020-09-18 07:48 - 000000000 __SHD C:\Users\48607\IntelGraphicsProfiles 2021-11-17 21:12 - 2021-03-19 21:17 - 000008192 ___SH C:\DumpStack.log.tmp 2021-11-17 21:12 - 2021-03-19 21:17 - 000000000 ____D C:\Windows\System32\SleepStudy 2021-11-17 21:12 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\ServiceState 2021-11-11 08:59 - 2020-10-18 16:01 - 000000000 ____D C:\Users\48607\AppData\Local\CrashDumps 2021-11-11 08:57 - 2021-09-09 18:46 - 000000000 ____D C:\Program Files (x86)\PowerControl 2021-11-11 08:54 - 2019-12-07 09:14 - 000000000 ___HD C:\Windows\ELAMBKUP 2021-11-11 08:53 - 2021-09-11 11:57 - 000000000 ____D C:\Users\48607\Downloads\DarkX-V1.8 2021-11-11 08:53 - 2021-09-10 12:27 - 000000000 ____D C:\Users\48607\Desktop\fnf mods 2021-11-11 08:53 - 2021-08-21 14:42 - 000000000 ____D C:\Users\48607\Desktop\Photoshop 2021 2021-11-11 08:53 - 2021-04-21 18:36 - 000000000 ____D C:\Program Files\Wondershare 2021-11-11 08:53 - 2021-04-21 18:33 - 000000000 ____D C:\ProgramData\Wondershare Filmora 2021-11-11 08:53 - 2021-04-21 18:33 - 000000000 ____D C:\Program Files (x86)\Wondershare 2021-11-11 08:53 - 2021-04-16 18:12 - 000000000 ____D C:\Users\48607\Downloads\ACLib 2021-11-11 08:53 - 2021-04-13 14:18 - 000000000 ____D C:\Program Files\WinRAR 2021-11-11 08:53 - 2021-02-12 10:31 - 000000000 ____D C:\Program Files (x86)\SGP Systems 2021-11-11 08:53 - 2021-02-04 20:30 - 000000000 ____D C:\Users\48607\Downloads\Plazma Burst 2 (1) 2021-11-11 08:53 - 2020-09-27 15:49 - 000000000 ____D C:\Program Files (x86)\Steam 2021-11-11 08:53 - 2020-09-18 12:30 - 000000000 ____D C:\Users\48607\AppData\Local\Roblox 2021-11-11 08:53 - 2019-03-19 04:52 - 000000000 ___HD C:\Windows\System32\GroupPolicy 2021-11-11 08:50 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\registration 2021-11-11 08:49 - 2021-04-21 18:36 - 000000000 ____D C:\ProgramData\Wondershare 2021-11-07 20:49 - 2019-12-07 09:03 - 000000000 ____D C:\Windows\CbsTemp 2021-11-07 20:11 - 2019-12-07 09:03 - 000032768 _____ C:\Windows\System32\config\ELAM 2021-11-07 13:51 - 2021-02-19 16:06 - 000000000 ____D C:\Program Files\EqualizerAPO 2021-11-07 13:39 - 2021-03-19 21:17 - 000542512 _____ C:\Windows\System32\FNTCACHE.DAT 2021-11-07 13:38 - 2021-04-21 18:29 - 000000000 ____D C:\Users\Public\Documents\Wondershare 2021-11-07 13:27 - 2021-09-09 18:53 - 000000000 ___HD C:\Users\48607\AppData\Roaming\WinHost 2021-11-07 13:25 - 2021-09-09 18:46 - 000000000 ___HD C:\Windows\rss 2021-11-07 13:14 - 2021-10-01 19:47 - 000000000 ____D C:\workspace 2021-11-07 13:14 - 2021-10-01 19:47 - 000000000 ____D C:\autoexec 2021-11-07 13:14 - 2021-10-01 17:13 - 004319922 _____ C:\Users\48607\Documents\animations and stuff.rbxl.irfk 2021-11-07 13:14 - 2021-09-10 16:28 - 004624246 _____ C:\Users\48607\Documents\hKOYR7c_Fs0roY3BPyTQ9HvC.exe.irfk 2021-11-07 13:14 - 2021-09-10 16:28 - 001282017 _____ C:\Users\48607\Documents\98iuEMkvE8X7KWiPc3gBq1kk.exe.irfk 2021-11-07 13:14 - 2021-09-10 16:28 - 000389454 _____ C:\Users\48607\Documents\3q0NlQESK4zOi7u2F8MgPrNe.exe.irfk 2021-11-07 13:14 - 2021-09-10 16:28 - 000143694 _____ C:\Users\48607\Documents\9Iu2l_rZy7NUaPvPD3cYbeDO.exe.irfk 2021-11-07 13:14 - 2021-09-10 16:28 - 000101710 _____ C:\Users\48607\Documents\cDDedwaMAb90hEV4wW7a5vAB.exe.irfk 2021-11-07 13:14 - 2021-09-10 15:28 - 004624246 _____ C:\Users\48607\Documents\6eko4OZ8_BkX1443tATgnFCr.exe.irfk 2021-11-07 13:14 - 2021-09-10 15:28 - 001282017 _____ C:\Users\48607\Documents\YrWnNYTlbZXgSJu8TSYLXT4y.exe.irfk 2021-11-07 13:14 - 2021-09-10 15:28 - 000389454 _____ C:\Users\48607\Documents\4nxYl0aMaqwT6llcyvPjad2J.exe.irfk 2021-11-07 13:14 - 2021-09-10 15:28 - 000143694 _____ C:\Users\48607\Documents\4Ifnzenp2KMbSpnw_ar8Cy6S.exe.irfk 2021-11-07 13:14 - 2021-09-10 14:28 - 004624246 _____ C:\Users\48607\Documents\mgdXjYsp5sRJCFbGtOd3wATX.exe.irfk 2021-11-07 13:14 - 2021-09-10 14:28 - 001282017 _____ C:\Users\48607\Documents\Or4U__6bjkJIvTBQVDUE55s1.exe.irfk 2021-11-07 13:14 - 2021-09-10 14:28 - 000389454 _____ C:\Users\48607\Documents\KDM9Tuie6zvcLWewBuwTyR_5.exe.irfk 2021-11-07 13:14 - 2021-09-10 14:28 - 000143694 _____ C:\Users\48607\Documents\DhXsSkepWqsfyc3o9IvIKGds.exe.irfk 2021-11-07 13:14 - 2021-09-10 13:28 - 004624246 _____ C:\Users\48607\Documents\7NYxlOYE1tQA97Uvo9h1WQYy.exe.irfk 2021-11-07 13:14 - 2021-09-10 13:28 - 001282017 _____ C:\Users\48607\Documents\vmFniKuu3qd68m4NECB3HWay.exe.irfk 2021-11-07 13:14 - 2021-09-10 13:28 - 000389454 _____ C:\Users\48607\Documents\hdCnr2R3KeSi60pD43mx_wI3.exe.irfk 2021-11-07 13:14 - 2021-09-10 13:28 - 000143694 _____ C:\Users\48607\Documents\6Z1h8fe0fSt5N70aKTyz2Qkx.exe.irfk 2021-11-07 13:14 - 2021-09-10 12:28 - 004624246 _____ C:\Users\48607\Documents\4ik8w3NegJkp9vfyS0CqsU79.exe.irfk 2021-11-07 13:14 - 2021-09-10 12:28 - 001282017 _____ C:\Users\48607\Documents\U7Wl8GrlfBaYFerppo_kPPDV.exe.irfk 2021-11-07 13:14 - 2021-09-10 12:28 - 000389454 _____ C:\Users\48607\Documents\rOYcFEQetaGN9jdFrzXgfTZd.exe.irfk 2021-11-07 13:14 - 2021-09-10 12:28 - 000143694 _____ C:\Users\48607\Documents\fYNeGOCTOIpJETAFVuwEgXhT.exe.irfk 2021-11-07 13:14 - 2021-09-09 19:22 - 004624246 _____ C:\Users\48607\Documents\2YZ2olAggnVD91XwoKbVu0s1.exe.irfk 2021-11-07 13:14 - 2021-09-09 19:22 - 001282017 _____ C:\Users\48607\Documents\ZHCc1TvfmHPqoWQ3GRu4nb8F.exe.irfk 2021-11-07 13:14 - 2021-09-09 19:22 - 000389454 _____ C:\Users\48607\Documents\gQi_71oRM0NMyU8Nezjpbydd.exe.irfk 2021-11-07 13:14 - 2021-09-09 19:22 - 000161614 _____ C:\Users\48607\Documents\oLoxEEZHnqlhoiTnrbg0vQaj.exe.irfk 2021-11-07 13:14 - 2021-09-09 19:00 - 004624246 _____ C:\Users\48607\Documents\cqxUkUu506jaFePH9F5uJjKQ.exe.irfk 2021-11-07 13:14 - 2021-09-09 19:00 - 001282017 _____ C:\Users\48607\Documents\dWAxJ7Cb4JRTrqs6DtHVXlq_.exe.irfk 2021-11-07 13:14 - 2021-09-09 19:00 - 000389454 _____ C:\Users\48607\Documents\GGzfwcEWH7fChZKnlN7hj9nY.exe.irfk 2021-11-07 13:14 - 2021-09-09 19:00 - 000161614 _____ C:\Users\48607\Documents\zZRek_oWQ7mCTyiC8x3Avg0y.exe.irfk 2021-11-07 13:14 - 2021-09-09 18:53 - 018212810 _____ C:\Users\48607\Documents\5pRFI1iJU7LNxaey6qSq_zQx.exe.irfk 2021-11-07 13:14 - 2021-09-09 18:53 - 004624246 _____ C:\Users\48607\Documents\xPXI0Q0ch0pLVt8UJBRgs4OZ.exe.irfk 2021-11-07 13:14 - 2021-09-09 18:53 - 003826774 _____ C:\Users\48607\Documents\uDHBuMyMCTftti598n93voau.exe.irfk 2021-11-07 13:14 - 2021-09-09 18:53 - 002652758 _____ C:\Users\48607\Documents\a5A1efImA27XwXZlcy8HTjch.exe.irfk 2021-11-07 13:14 - 2021-09-09 18:53 - 001633614 _____ C:\Users\48607\Documents\qT3dWYBP7ZsuOrwW4ZcUbjl6.exe.irfk 2021-11-07 13:14 - 2021-09-09 18:53 - 001282017 _____ C:\Users\48607\Documents\D5h07l37kYqaIzizaXY0U5yo.exe.irfk 2021-11-07 13:14 - 2021-09-09 18:53 - 000933710 _____ C:\Users\48607\Documents\BVBLHqBQH0SeQDgaotgcNOg5.exe.irfk 2021-11-07 13:14 - 2021-09-09 18:53 - 000389454 _____ C:\Users\48607\Documents\R3sTXL24aXhOGwIl2k2gUAL0.exe.irfk 2021-11-07 13:14 - 2021-09-09 18:53 - 000161614 _____ C:\Users\48607\Documents\TgKi_o8zbJVjhyZMhj5hAEHl.exe.irfk 2021-11-07 13:14 - 2021-09-09 18:52 - 004624246 _____ C:\Users\48607\Documents\K7bMBOUJOBJPOJZY5r5X9IUq.exe.irfk 2021-11-07 13:14 - 2021-09-09 18:52 - 002949206 _____ C:\Users\48607\Documents\RvcaGChbxbA7LVG98evYo0BY.exe.irfk 2021-11-07 13:14 - 2021-09-09 18:52 - 001408334 _____ C:\Users\48607\Documents\7dbYr83sOnl33DP40W9GAtJt.exe.irfk 2021-11-07 13:14 - 2021-09-09 18:52 - 001258504 _____ C:\Users\48607\Documents\KsWkiUhk3eFHnIs5od0q82Qe.exe.irfk 2021-11-07 13:14 - 2021-09-09 18:52 - 000445262 _____ C:\Users\48607\Documents\CiqkqAYpWm04eR4PdiCLcMCv.exe.irfk 2021-11-07 13:14 - 2021-09-09 18:52 - 000442702 _____ C:\Users\48607\Documents\atNQshrod5pAVfXUwZLGRpFI.exe.irfk 2021-11-07 13:14 - 2021-09-09 18:52 - 000412494 _____ C:\Users\48607\Documents\1v3p855kQzxbFpR5nbihTBzS.exe.irfk 2021-11-07 13:14 - 2021-09-09 18:52 - 000403790 _____ C:\Users\48607\Documents\pBZrzRw_j75g6J_lf6HnWaFW.exe.irfk 2021-11-07 13:14 - 2021-09-09 18:52 - 000325454 _____ C:\Users\48607\Documents\nV5chtbzMf_qkKo_rVEQJcfO.exe.irfk 2021-11-07 13:14 - 2021-09-09 18:52 - 000323918 _____ C:\Users\48607\Documents\fzDK7gywKUTXF52bO5kUixaf.exe.irfk 2021-11-07 13:14 - 2021-09-09 18:52 - 000299342 _____ C:\Users\48607\Documents\GlEoi7mMRJzyG7mrG2Ts9JNk.exe.irfk 2021-11-07 13:14 - 2021-09-09 18:52 - 000256334 _____ C:\Users\48607\Documents\3vTX3rWaYTISfBNrePsakGQT.exe.irfk 2021-11-07 13:14 - 2021-09-09 18:52 - 000158542 _____ C:\Users\48607\Documents\Ydq_sdYeUKkSuherc55Clfft.exe.irfk 2021-11-07 13:14 - 2021-09-09 18:52 - 000101710 _____ C:\Users\48607\Documents\wzv59SGUEPAvbQRJA8Klbw6S.exe.irfk 2021-11-07 13:14 - 2021-09-09 18:52 - 000000607 _____ C:\Users\48607\Documents\wgkf3QaM2sm3uxJcyVwwONNK.exe.irfk 2021-11-07 13:14 - 2021-09-09 18:52 - 000000557 _____ C:\Users\48607\Documents\acqFcB2MEguqzvX5KFJkmQgl.exe.irfk 2021-11-07 13:14 - 2021-09-09 18:46 - 002652758 _____ C:\Users\48607\Documents\MA1Y1ChuZ5FU2jq8bEoPDYa3.exe.irfk 2021-11-07 13:14 - 2021-09-09 18:46 - 001258504 _____ C:\Users\48607\Documents\ugFoHfO3S19Hc1qV63VegYDS.exe.irfk 2021-11-07 13:14 - 2021-09-09 18:46 - 000933710 _____ C:\Users\48607\Documents\NeWeM3QNbTvSCaiJrZBwuXIZ.exe.irfk 2021-11-07 13:14 - 2021-09-09 18:46 - 000226671 _____ C:\Users\48607\AppData\LocalLow\u4fPNLfK0oZ.zip.irfk 2021-11-07 13:14 - 2021-09-09 18:46 - 000003638 _____ C:\Windows\System32\Tasks\PowerControl HR 2021-11-07 13:14 - 2021-09-09 18:46 - 000003382 _____ C:\Windows\System32\Tasks\PowerControl LG 2021-11-07 13:14 - 2021-09-09 18:46 - 000000557 _____ C:\Users\48607\Documents\nB0FdiwuR5Xm0Ol6_Q89fSHE.exe.irfk 2021-11-07 13:14 - 2021-09-09 18:45 - 004624246 _____ C:\Users\48607\Documents\eJZ1xC3nBWAHmaq1wc7zO1bq.exe.irfk 2021-11-07 13:14 - 2021-09-09 18:45 - 000403790 _____ C:\Users\48607\Documents\CNbU6aYEOYpFd47ANVaq_Xe0.exe.irfk 2021-11-07 13:14 - 2021-09-09 18:45 - 000299342 _____ C:\Users\48607\Documents\RbNWkZEeUO_Eb1BlTotRFyRk.exe.irfk 2021-11-07 13:14 - 2021-09-09 18:45 - 000101710 _____ C:\Users\48607\Documents\BLftkPOzhMuSiummnVob6NWy.exe.irfk 2021-11-07 13:14 - 2021-09-09 18:45 - 000000607 _____ C:\Users\48607\Documents\JlzCUbDcHhEsrVKksGlLvtVb.exe.irfk 2021-11-07 13:14 - 2021-09-04 11:56 - 001352252 _____ C:\Users\48607\Documents\project bbb.rbxl.irfk 2021-11-07 13:14 - 2021-08-21 19:18 - 004597146 _____ C:\Users\48607\Documents\AFK UNTIL SOMEONE DONATES ME SOMETHING.rbxl.irfk 2021-11-07 13:14 - 2021-08-19 12:16 - 003645594 _____ C:\Users\48607\Documents\untitled.blend.irfk 2021-11-07 13:14 - 2021-08-10 14:02 - 006079293 _____ C:\Users\48607\Documents\Untitled Game.rbxl.irfk 2021-11-07 13:14 - 2021-08-04 20:11 - 000579835 _____ C:\Users\48607\Documents\sadas.rbxl.irfk 2021-11-07 13:14 - 2021-08-01 12:39 - 000643918 _____ C:\Users\48607\Documents\7za.exe.irfk 2021-11-07 13:14 - 2021-08-01 12:39 - 000000000 ____D C:\Users\48607\Documents\krnl 2021-11-07 13:14 - 2021-07-28 11:38 - 005397325 _____ C:\Users\48607\Documents\Upcomming.rbxl.irfk 2021-11-07 13:14 - 2021-07-26 19:03 - 000676295 _____ C:\Users\48607\Documents\Testing.rbxl.irfk 2021-11-07 13:14 - 2021-07-21 13:02 - 003705179 _____ C:\Users\48607\Documents\d.rbxl.irfk 2021-11-07 13:14 - 2021-07-01 19:12 - 002210832 _____ C:\Users\48607\Documents\rayk.rbxl.irfk 2021-11-07 13:14 - 2021-07-01 07:12 - 003266300 _____ C:\Users\48607\Documents\j.rbxl.irfk 2021-11-07 13:14 - 2021-06-30 11:32 - 007135305 _____ C:\Users\48607\Documents\important fe gun kit edits.rbxl.irfk 2021-11-07 13:14 - 2021-06-27 19:28 - 000030196 _____ C:\Users\48607\Documents\adsasd.rbxl.irfk 2021-11-07 13:14 - 2021-06-26 21:10 - 006498188 _____ C:\Users\48607\Documents\t.rbxl.irfk 2021-11-07 13:14 - 2021-06-20 09:52 - 003389320 _____ C:\Users\48607\Documents\gqebt.rbxl.irfk 2021-11-07 13:14 - 2021-06-17 19:07 - 002364519 _____ C:\Users\48607\Documents\dsaewvqefwdwer adfs dfscxdgtrdgtrxdgtrxdgtrxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxgxddgtrxdgx.rbxl.irfk 2021-11-07 13:14 - 2021-06-16 08:43 - 000000000 ____D C:\hpswsetup 2021-11-07 13:14 - 2021-06-11 12:59 - 000000000 ____D C:\Users\48607\Documents\lesniczuwka 2021-11-07 13:14 - 2021-05-21 12:37 - 004412161 _____ C:\Users\48607\Documents\boulevard.rbxl.irfk 2021-11-07 13:14 - 2021-05-19 16:32 - 007279988 _____ C:\Users\48607\Documents\adfvsafwsf.rbxl.irfk 2021-11-07 13:14 - 2021-05-15 15:40 - 000000000 ____D C:\Users\48607\Documents\Medal 2021-11-07 13:14 - 2021-05-01 10:23 - 007030032 _____ C:\Users\48607\Documents\cringility.rbxl.irfk 2021-11-07 13:14 - 2021-04-16 13:41 - 000194488 _____ C:\Users\48607\Documents\c.rbxl.irfk 2021-11-07 13:14 - 2021-04-10 12:25 - 000022836 _____ C:\Users\48607\Documents\music etc.rbxl.irfk 2021-11-07 13:14 - 2021-04-09 16:46 - 007129394 _____ C:\Users\48607\Documents\trash.rbxl.irfk 2021-11-07 13:14 - 2021-04-01 20:05 - 002145388 _____ C:\Users\48607\Documents\Zombie Nation remake.rbxl.irfk 2021-11-07 13:14 - 2021-03-31 17:03 - 001231361 _____ C:\Users\48607\Documents\public dev server.rbxl.irfk 2021-11-07 13:14 - 2021-03-29 14:54 - 010221017 _____ C:\Users\48607\Documents\fjdhgcjkjgkhjgd important.rbxl.irfk 2021-11-07 13:14 - 2021-03-20 14:17 - 000025376 _____ C:\Users\48607\Documents\making icons etc.rbxl.irfk 2021-11-07 13:14 - 2021-03-18 09:59 - 000000000 ___HD C:\$AV_ASW 2021-11-07 13:14 - 2021-03-14 10:55 - 000000375 _____ C:\Users\48607\Documents\my notepad.txt.irfk 2021-11-07 13:14 - 2021-03-13 16:40 - 001181084 _____ C:\Users\48607\Documents\gdsfsad.rbxl.irfk 2021-11-07 13:14 - 2021-03-06 21:38 - 008828325 _____ C:\Users\48607\Documents\sasdads.rbxl.irfk 2021-11-07 13:14 - 2021-02-28 18:04 - 000000000 ___RD C:\Users\48607\Documents\Scanned Documents 2021-11-07 13:14 - 2021-02-27 10:26 - 000911619 _____ C:\Users\48607\Documents\gggg.rbxl.irfk 2021-11-07 13:14 - 2021-02-14 10:00 - 001051264 _____ C:\Users\48607\Documents\chris gfvffdf.rbxl.irfk 2021-11-07 13:14 - 2021-02-06 12:20 - 000022775 _____ C:\Users\48607\Documents\tests.rbxl.irfk 2021-11-07 13:14 - 2021-01-30 12:49 - 000021816 _____ C:\Users\48607\Documents\dssgffsfg.rbxl.irfk 2021-11-07 13:14 - 2021-01-27 17:52 - 000278451 _____ C:\Users\48607\Documents\FFDSGG.rbxl.irfk 2021-11-07 13:14 - 2021-01-24 20:23 - 000021821 _____ C:\Users\48607\Documents\Baseplate.rbxl.irfk 2021-11-07 13:14 - 2021-01-17 18:36 - 000735474 _____ C:\Users\48607\Documents\project buh.rbxl.irfk 2021-11-07 13:14 - 2021-01-04 19:53 - 000023337 _____ C:\Users\48607\Documents\models.rbxl.irfk 2021-11-07 13:14 - 2020-12-22 14:27 - 001920686 _____ C:\Users\48607\Documents\yes fre rake models go brrrr.rbxl.irfk 2021-11-07 13:14 - 2020-11-21 16:18 - 000000000 ____D C:\Users\48607\.junique 2021-11-07 13:14 - 2020-11-21 16:15 - 000000000 ____D C:\Users\48607\Crystal-Launcher 2021-11-07 13:14 - 2020-10-24 14:50 - 007574053 _____ C:\Users\48607\Documents\L4D2.rbxl.irfk 2021-11-07 13:14 - 2020-10-18 08:55 - 000000000 ____D C:\Users\48607\.MemuHyperv 2021-11-07 13:14 - 2020-10-18 08:55 - 000000000 ____D C:\Users\48607\.android 2021-11-07 13:14 - 2020-09-18 12:30 - 000000588 _____ C:\Users\48607\AppData\LocalLow\rbxcsettings.rbx.irfk 2021-11-07 13:14 - 2020-09-18 07:48 - 000000000 ____D C:\Users\48607\AppData\Local\VirtualStore 2021-11-07 13:14 - 2019-10-29 18:52 - 000000000 ___HD C:\hp 2021-11-07 13:14 - 2019-09-19 00:01 - 000000000 ___HD C:\SYSTEM.SAV 2021-11-07 09:04 - 2021-03-19 21:22 - 000003380 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1138517282-2312738049-3737462855-1001 2021-11-06 07:41 - 2021-09-14 11:52 - 000000000 ___HD C:\ProgramData\Unobx 2021-11-05 09:41 - 2020-11-21 16:15 - 000001838 _____ C:\Users\48607\Desktop\Crystal Launcher.lnk 2021-11-05 09:41 - 2020-09-23 11:10 - 000000000 ____D C:\Users\48607\AppData\Local\CrystalLauncherInstaller 2021-11-04 18:36 - 2020-09-18 12:30 - 000001452 _____ C:\Users\48607\Desktop\Roblox Studio.lnk 2021-11-04 09:30 - 2020-12-25 16:31 - 000000000 ____D C:\Users\48607\AppData\Local\D3DSCache 2021-11-04 09:28 - 2020-09-18 12:23 - 000000000 ____D C:\Users\48607\AppData\Local\Opera Software 2021-11-04 07:10 - 2021-10-02 19:36 - 000001432 _____ C:\Users\48607\Desktop\Roblox Player.lnk 2021-11-02 16:38 - 2019-04-15 15:39 - 000000000 __RHD C:\Users\Public\AccountPictures 2021-10-31 12:32 - 2021-06-05 18:33 - 000000000 ____D C:\Users\48607\AppData\LocalLow\Dani 2021-10-30 19:45 - 2020-09-27 16:02 - 000000000 ____D C:\Users\48607\Documents\My Games 2021-10-29 17:55 - 2021-02-24 18:18 - 000000000 ____D C:\Users\48607\AppData\Roaming\.tlauncher 2021-10-29 17:54 - 2020-09-23 12:00 - 000000000 ____D C:\Users\48607\AppData\Roaming\.minecraft 2021-10-29 17:07 - 2020-10-12 17:13 - 000002367 _____ C:\Users\48607\Desktop\Microsoft Teams.lnk 2021-10-29 16:52 - 2020-09-18 07:38 - 000000000 ____D C:\Users\48607\AppData\Local\Packages ==================== KnownDLLs (Whitelisted) ========================= ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\dnsapi.dll => MD5 is legit C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit C:\Windows\System32\dllhost.exe => MD5 is legit C:\Windows\SysWOW64\dllhost.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Association (Whitelisted) ============= ==================== Restore Points ========================= Restore point date: 2021-11-07 14:24 Restore point date: 2021-11-17 21:43 ==================== Memory info =========================== Percentage of memory in use: 61% Total physical RAM: 7880.82 MB Available physical RAM: 3051.66 MB Total Virtual: 7880.82 MB Available Virtual: 3029.43 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:476.15 GB) (Free:294.74 GB) NTFS Drive e: () (Fixed) (Total:0.51 GB) (Free:0.04 GB) NTFS Drive f: (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.89 GB) (Free:0.89 GB) NTFS Drive y: (HBCD_PE_X64) (Removable) (Total:14.41 GB) (Free:5.34 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 476.9 GB) (Disk ID: 647D9FFB) Partition: GPT. ========================================================== Disk: 1 (Protective MBR) (Size: 14.4 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of FRST.txt ========================