Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-11-2021 Ran by 48607 (administrator) on LAPTOP-O6F29K5C (HP HP Laptop 15s-fq1xxx) (18-11-2021 20:14:45) Running from C:\Users\48607\Desktop Loaded Profiles: 48607 Platform: Microsoft Windows 10 Home Version 20H2 19042.1165 (X64) Language: Polish (Poland) -> English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrl.exe (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe (Gaijin Network LTD -> Gaijin) C:\Users\48607\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_35df954651b1f88f\x64\TouchpointAnalyticsClientService.exe (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_a12b4806152ca26b\x64\AppHelperCap.exe (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_a12b4806152ca26b\x64\BridgeCommunication.exe (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_a12b4806152ca26b\x64\DiagsCap.exe (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_a12b4806152ca26b\x64\NetworkCap.exe (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_a12b4806152ca26b\x64\SysInfoCap.exe (HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPJumpStarts_1.10.1627.0_x64__v10z8vjag6ke6\HP.JumpStarts.exe (INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe (INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt\IGCC.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_21306a77b30fd6e0\esif_uf.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_31a8dbbf39dcdc3b\jhi_service.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_3ef70b9d5cc0699f\LMS.exe (Intel(R) pGFX 2020 -> ) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_dc7a0fe3ada1cbf5\OneApp.IGCC.WinService.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_dc2a57d591329a30\GfxDownloadWrapper.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_dc2a57d591329a30\igfxCUIServiceN.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_dc2a57d591329a30\igfxEMN.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_ada2367baaae74c0\IntelCpHDCPSvc.exe (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_86dc7f4c001ddecd\RstMwService.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2108.25001.0_x64__8wekyb3d8bbwe\Cortana.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20206.0_x64__8wekyb3d8bbwe\HxOutlook.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20206.0_x64__8wekyb3d8bbwe\HxTsr.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1161_none_7e3076a27c733477\TiWorker.exe (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2> (Shanghai Microvirt Software Technology Co., Ltd. -> ) C:\Program Files (x86)\Microvirt\MEmu\MemuService.exe (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1138976 2020-08-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (No File) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [134936 2021-11-07] (Avast Software s.r.o. -> AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle America, Inc. -> Oracle Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-19\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe (No File) HKU\S-1-5-20\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe (No File) HKU\S-1-5-21-1138517282-2312738049-3737462855-1001\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe (No File) HKU\S-1-5-21-1138517282-2312738049-3737462855-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4267928 2021-10-13] (Valve -> Valve Corporation) HKU\S-1-5-21-1138517282-2312738049-3737462855-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\48607\AppData\Local\Microsoft\Teams\Update.exe [2455256 2021-10-29] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKU\S-1-5-21-1138517282-2312738049-3737462855-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [33249248 2021-06-15] (Epic Games Inc. -> Epic Games, Inc.) HKU\S-1-5-21-1138517282-2312738049-3737462855-1001\...\Run: [Taskbar system] => C:\Users\48607\AppData\Local\Programs\Taskbar system\TaskbarSystem.exe [918040 2021-01-13] (Globalhop Ltd TOO -> ) HKU\S-1-5-21-1138517282-2312738049-3737462855-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize (No File) HKU\S-1-5-21-1138517282-2312738049-3737462855-1001\...\Run: [Medal] => C:\Users\48607\AppData\Local\Medal\update.exe [1901144 2021-05-15] (Ferox Games B.V. -> ) HKU\S-1-5-21-1138517282-2312738049-3737462855-1001\...\Run: [Gaijin.Net Updater] => C:\Users\48607\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2374376 2020-12-03] (Gaijin Network LTD -> Gaijin) HKU\S-1-5-21-1138517282-2312738049-3737462855-1001\...\Run: [Opera GX Browser Assistant] => C:\Users\48607\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software) HKU\S-1-5-21-1138517282-2312738049-3737462855-1001\...\Run: [qpyizhzm] => "C:\Users\48607\mrqoekti.exe" (No File) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\96.0.4664.45\Installer\chrmstp.exe [2021-11-17] (Google LLC -> Google LLC) Startup: C:\Users\48607\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe\588.vbs [2021-09-10] () [File not signed] HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0116A6B3-1C6C-43EB-8B5B-835052493774} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138600 2021-11-17] (Microsoft Corporation -> Microsoft Corporation) Task: {0F008CCC-AC7D-42F1-A7A3-B0FF7D841BDD} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1778456 2021-11-07] (Avast Software s.r.o. -> Avast Software) Task: {132BC5F3-46D3-4D76-8065-89D2D983E054} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644472 2019-06-21] (HP Inc. -> HP Inc.) Task: {17730DAC-F6FE-4834-877B-143388AE1122} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1122992 2021-09-03] (HP Inc. -> HP Inc.) Task: {19D611A3-F886-47A0-BC99-8209E8B1D70D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-17] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {397F3EA7-67B0-4AB5-84B9-609705F84A34} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1907712 2021-02-25] () [File not signed] Task: {42A5FC33-4A90-41D8-B8DD-81038CC5A6C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2021-03-19] (Google Inc -> Google LLC) Task: {4FCB2CF8-07C9-4EF4-B346-40ADCD134B0A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation) Task: {50F02AFB-4E35-4CDA-A363-FCD6273F3770} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-17] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {57AA5C18-C48D-448D-A9B9-2734C055538D} - System32\Tasks\PowerControl LG => C:\Program [Argument = Files (x86)\PowerControl\PowerControl_Svc.exe] Task: {57DB16C9-24C0-4203-A52F-A15AE86D289C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [136368 2021-09-03] (HP Inc. -> HP Inc.) Task: {6A413D15-1DEF-4701-8275-1CF2796155AC} - System32\Tasks\Opera GX scheduled Autoupdate 1636018122 => C:\Users\48607\AppData\Local\Programs\Opera GX\launcher.exe [46162128 2021-11-04] (Opera Software AS -> Opera Software) Task: {6BCDAF23-4B76-47E9-A805-673CBC8944E3} - System32\Tasks\PowerControl HR => C:\Program [Argument = Files (x86)\PowerControl\PowerControl_Svc.exe] Task: {84FB857F-B7F0-448E-8070-16483F81FD93} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1122992 2021-09-03] (HP Inc. -> HP Inc.) Task: {859AE05D-0CEE-4EB7-9476-F0A65446FAD9} - System32\Tasks\Opera scheduled assistant Autoupdate 1631214934 => C:\Users\48607\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\48607\AppData\Local\Programs\Opera\assistant" $(Arg0) Task: {88BA1716-CF4D-4333-97F1-D5D63D5C36EB} - System32\Tasks\McAfee\Microsoft.Medisystem-security-lsalookup-l1-1-0 => C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /unregister /silent C:\ProgramData\PerformApplication\BitsAvts\EXCNe_Remottror.dll Task: {8E910688-3B90-49A6-BB9C-E5086088B0F8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-17] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {97132557-02CC-4E0A-A2B8-9F2602D5580A} - System32\Tasks\HP\Consent Manager Launcher => sc start hptouchpointanalyticsservice Task: {99B13F0E-F7B3-44FC-A434-48C177A3C00C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation) Task: {BEAE783B-1479-4441-83E5-53ED1441521F} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1636058309 => C:\Users\48607\AppData\Local\Programs\Opera GX\launcher.exe [46162128 2021-11-04] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\48607\AppData\Local\Programs\Opera GX\assistant" $(Arg0) Task: {D2985225-477A-43A5-9F98-12DF96C04C51} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [754104 2021-01-07] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.) Task: {DFE7460E-99FA-4ED7-B730-752AAC99E4A6} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4974872 2021-11-07] (Avast Software s.r.o. -> AVAST Software) Task: {F0AAA00D-D0BB-4DC8-B4A8-E107C0596F8D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138600 2021-11-17] (Microsoft Corporation -> Microsoft Corporation) Task: {F2341DB3-3B8E-41CA-8E2A-9AF554DBDFC3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2021-03-19] (Google Inc -> Google LLC) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: Hosts file not detected in the default directory Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{13dba05a-3cd6-447e-850d-8b566b5159fa}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{689cedd2-6ce0-4dc9-bf3e-6a50559f69a7}: [DhcpNameServer] 40.23.1.13 Edge: ======= Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] Edge DefaultProfile: Default Edge Profile: C:\Users\48607\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-11] Edge Extension: (VRunMail) - C:\ProgramData\Unobx\Krkwit\2C403928 [2021-09-14] FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2021-02-24] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2021-02-24] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\48607\AppData\Local\Google\Chrome\User Data\Default [2021-11-18] CHR Notifications: Default -> hxxps://linkvertise.com CHR StartupUrls: Default -> "hxxps://www.google.com/" CHR DefaultSearchURL: Default -> hxxps://www.ctcodeinfo.com/search?q={searchTerms} CHR DefaultSearchKeyword: Default -> Custom CHR Extension: (Slides) - C:\Users\48607\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-03-19] CHR Extension: (Docs) - C:\Users\48607\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-03-19] CHR Extension: (Google Drive) - C:\Users\48607\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-03-19] CHR Extension: (YouTube) - C:\Users\48607\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-03-19] CHR Extension: (Sheets) - C:\Users\48607\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-03-19] CHR Extension: (Google Docs Offline) - C:\Users\48607\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-11-18] CHR Extension: (BTRoblox - Making Roblox Better) - C:\Users\48607\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbkpclpemjeibhioopcebchdmohaieln [2021-11-18] CHR Extension: (Custom) - C:\Users\48607\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemlmgggokggmncimchkllhcjcaimcle [2021-11-07] CHR Extension: (Chrome Web Store Payments) - C:\Users\48607\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-19] CHR Extension: (Gmail) - C:\Users\48607\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-03-19] CHR Profile: C:\Users\48607\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-11-18] CHR Profile: C:\Users\48607\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-11-18] CHR Notifications: Profile 1 -> hxxps://juicydataage.ru; hxxps://linkvertise.com CHR Extension: (Slides) - C:\Users\48607\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-08-10] CHR Extension: (Docs) - C:\Users\48607\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2021-08-10] CHR Extension: (Google Drive) - C:\Users\48607\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-08-10] CHR Extension: (YouTube) - C:\Users\48607\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-08-10] CHR Extension: (Chump) - C:\Users\48607\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cmniipbmpamifglbggkejhabcocdjlcm [2021-08-10] CHR Extension: (Sheets) - C:\Users\48607\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-08-10] CHR Extension: (Google Docs Offline) - C:\Users\48607\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-13] CHR Extension: (BTRoblox - Making Roblox Better) - C:\Users\48607\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hbkpclpemjeibhioopcebchdmohaieln [2021-10-24] CHR Extension: (Chrome Web Store Payments) - C:\Users\48607\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-08-10] CHR Extension: (Gmail) - C:\Users\48607\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-08-10] CHR Profile: C:\Users\48607\AppData\Local\Google\Chrome\User Data\System Profile [2021-11-18] Opera: ======= OPR Profile: C:\Users\48607\AppData\Roaming\Opera Software\Opera Stable [2021-11-18] StartMenuInternet: (HKU\S-1-5-21-1138517282-2312738049-3737462855-1001) Opera GXStable - "C:\Users\48607\AppData\Local\Programs\Opera GX\Launcher.exe" ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8376400 2021-11-07] (Avast Software s.r.o. -> AVAST Software) R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [680728 2021-11-07] (Avast Software s.r.o. -> AVAST Software) R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [427800 2021-11-07] (Avast Software s.r.o. -> AVAST Software) R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-11-07] (Avast Software s.r.o. -> AVAST Software) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8906088 2021-07-23] (BattlEye Innovations e.K. -> ) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12034464 2021-11-04] (Microsoft Corporation -> Microsoft Corporation) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [818304 2021-06-08] (EasyAntiCheat Oy -> Epic Games, Inc) S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [926176 2021-03-16] (Epic Games Inc. -> Epic Games, Inc.) S2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1321096 2018-09-28] (HP Inc. -> HP Inc.) R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_a12b4806152ca26b\x64\AppHelperCap.exe [744000 2021-08-09] (HP Inc. -> HP Inc.) R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_a12b4806152ca26b\x64\DiagsCap.exe [742976 2021-08-09] (HP Inc. -> HP Inc.) R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_a12b4806152ca26b\x64\NetworkCap.exe [742992 2021-08-09] (HP Inc. -> HP Inc.) R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_a12b4806152ca26b\x64\SysInfoCap.exe [742992 2021-08-09] (HP Inc. -> HP Inc.) R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_35df954651b1f88f\x64\TouchpointAnalyticsClientService.exe [489584 2021-06-18] (HP Inc. -> HP Inc.) R2 MEmuSVC; C:\Program Files (x86)\Microvirt\MEmu\MemuService.exe [85304 2019-09-12] (Shanghai Microvirt Software Technology Co., Ltd. -> ) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-17] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-17] (Microsoft Windows Publisher -> Microsoft Corporation) S3 wuauserv; C:\WINDOWS\system32\svchost.exe [57360 2021-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL) S3 wuauserv; C:\WINDOWS\SysWOW64\svchost.exe [47016 2021-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AmUStor; C:\WINDOWS\system32\drivers\AmUStorU.sys [127936 2019-07-02] (Alcorlink Corp. -> ) U5 AppServiceb; C:\WINDOWS\System32\svchost.exe [57360 2021-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35704 2021-11-07] (Avast Software s.r.o. -> AVAST Software) R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [222112 2021-11-07] (Avast Software s.r.o. -> AVAST Software) R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [367632 2021-11-18] (Avast Software s.r.o. -> AVAST Software) R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [250392 2021-11-07] (Avast Software s.r.o. -> AVAST Software) R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [99344 2021-11-07] (Avast Software s.r.o. -> AVAST Software) R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [21936 2021-11-07] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software) R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41344 2021-11-07] (Avast Software s.r.o. -> AVAST Software) R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [184648 2021-11-07] (Avast Software s.r.o. -> AVAST Software) R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [538976 2021-11-07] (Avast Software s.r.o. -> AVAST Software) R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107848 2021-11-07] (Avast Software s.r.o. -> AVAST Software) R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [82904 2021-11-07] (Avast Software s.r.o. -> AVAST Software) R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [852216 2021-11-07] (Avast Software s.r.o. -> AVAST Software) R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [557648 2021-11-07] (Avast Software s.r.o. -> AVAST Software) R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [214384 2021-11-07] (Avast Software s.r.o. -> AVAST Software) R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [317696 2021-11-17] (Avast Software s.r.o. -> AVAST Software) R2 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv_bgp.sys [315976 2020-10-04] (Bluestack Systems, Inc -> Bluestack System Inc.) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed] R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1f5602eb8a12ac4c\x64\hpcustomcapdriver.sys [25024 2019-04-18] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc.) R3 iaLPSS2_I2C_ICL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_icl.inf_amd64_c8c0638291b9b209\iaLPSS2_I2C_ICL.sys [200456 2020-04-27] (Intel Corporation -> Intel Corporation) R1 MEmuDrv; C:\WINDOWS\system32\DRIVERS\MEmuDrv.sys [320360 2021-01-04] (Shanghai Microvirt Software Technology Co., Ltd. -> Maiwei Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48520 2021-11-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435424 2021-11-17] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-17] (Microsoft Windows -> Microsoft Corporation) R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP) U1 aswbdisk; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-11-18 19:05 - 2021-11-18 19:05 - 000047382 _____ C:\Users\48607\Desktop\Shortcut.txt 2021-11-18 19:04 - 2021-11-18 19:05 - 000061397 _____ C:\Users\48607\Desktop\Addition.txt 2021-11-18 19:00 - 2021-11-18 20:12 - 000029334 _____ C:\Users\48607\Desktop\Fixlog.txt 2021-11-18 00:51 - 2021-11-18 20:15 - 000028165 _____ C:\Users\48607\Desktop\FRST.txt 2021-11-18 00:47 - 2021-11-18 20:14 - 000000000 ____D C:\FRST 2021-11-18 00:47 - 2021-11-18 00:47 - 002311680 _____ (Farbar) C:\Users\48607\Desktop\FRST64.exe 2021-11-18 00:32 - 2021-11-18 00:32 - 000000512 _____ C:\lsfc.isk20211117233242005.isk 2021-11-18 00:32 - 2021-11-18 00:32 - 000000435 _____ C:\lsmc.isk 2021-11-18 00:05 - 2021-11-17 22:53 - 000131072 _____ C:\WINDOWS\system32\config\sam-ms 2021-11-17 22:49 - 2021-11-18 20:12 - 023068672 _____ C:\WINDOWS\system32\config\SYSTEM 2021-11-17 22:31 - 2021-11-18 01:29 - 000000000 ____D C:\Users\48607\Doctor Web 2021-11-17 22:30 - 2021-11-17 22:31 - 260874720 _____ C:\Users\48607\Downloads\mfdy8l3j.exe 2021-11-11 09:54 - 2021-11-11 09:54 - 721890644 _____ C:\WINDOWS\MEMORY.DMP 2021-11-11 09:54 - 2021-11-07 14:20 - 000340248 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2021-11-11 09:29 - 2021-11-18 20:12 - 106692608 _____ C:\WINDOWS\system32\config\software 2021-11-11 09:21 - 2021-11-11 09:21 - 000000000 ____D C:\Users\48607\AppData\LocalLow\Adobe 2021-11-07 21:46 - 2021-11-18 20:09 - 000000000 ____D C:\WINDOWS\Minidump 2021-11-07 21:14 - 2021-11-11 09:29 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware 2021-11-07 14:41 - 2021-11-07 14:51 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2021-11-07 14:40 - 2021-11-07 14:40 - 000000000 ____D C:\WINDOWS\pss 2021-11-07 14:38 - 2021-11-07 14:38 - 000003192 _____ C:\WINDOWS\system32\Tasks\klcp_update 2021-11-07 14:37 - 2021-11-07 14:37 - 000001058 _____ C:\Users\Public\Desktop\Wondershare Recoverit.lnk 2021-11-07 14:37 - 2021-11-07 14:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2021-11-07 14:37 - 2021-11-07 14:37 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2021-11-07 14:34 - 2021-11-07 14:34 - 001264416 _____ C:\Users\48607\Downloads\recoverit_setup_full4134.exe 2021-11-07 14:23 - 2021-11-11 09:54 - 000002095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk 2021-11-07 14:23 - 2021-11-11 09:54 - 000002083 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2021-11-07 14:23 - 2021-11-07 14:23 - 000000000 ____D C:\Users\48607\AppData\Roaming\Avast Software 2021-11-07 14:23 - 2021-11-07 14:23 - 000000000 ____D C:\Users\48607\AppData\Local\Avast Software 2021-11-07 14:21 - 2021-11-18 18:54 - 000367632 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys 2021-11-07 14:21 - 2021-11-17 22:14 - 000317696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2021-11-07 14:21 - 2021-11-15 10:37 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update 2021-11-07 14:21 - 2021-11-07 14:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software 2021-11-07 14:21 - 2021-11-07 14:21 - 000000000 ____D C:\Program Files\Common Files\Avast Software 2021-11-07 14:21 - 2021-11-07 14:20 - 000852216 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2021-11-07 14:21 - 2021-11-07 14:20 - 000557648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2021-11-07 14:21 - 2021-11-07 14:20 - 000538976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys 2021-11-07 14:21 - 2021-11-07 14:20 - 000250392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys 2021-11-07 14:21 - 2021-11-07 14:20 - 000222112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys 2021-11-07 14:21 - 2021-11-07 14:20 - 000214384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2021-11-07 14:21 - 2021-11-07 14:20 - 000184648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2021-11-07 14:21 - 2021-11-07 14:20 - 000107848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2021-11-07 14:21 - 2021-11-07 14:20 - 000099344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys 2021-11-07 14:21 - 2021-11-07 14:20 - 000082904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2021-11-07 14:21 - 2021-11-07 14:20 - 000041344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2021-11-07 14:21 - 2021-11-07 14:20 - 000035704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys 2021-11-07 14:21 - 2021-11-07 14:20 - 000021936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys 2021-11-07 14:18 - 2021-11-07 14:18 - 000000000 ____D C:\Program Files\Avast Software 2021-11-07 14:17 - 2021-11-07 14:17 - 000234280 _____ (AVAST Software) C:\Users\48607\Downloads\avast_free_antivirus_setup_online.exe 2021-11-07 14:14 - 2021-11-07 14:14 - 000001116 _____ C:\Users\48607\_readme.txt 2021-11-07 14:14 - 2021-11-07 14:14 - 000000000 ____D C:\SystemID 2021-11-07 14:12 - 2021-11-07 14:12 - 000000000 ____D C:\Users\48607\AppData\Local\Calculator 2021-11-07 14:10 - 2021-11-07 14:27 - 000000000 ____D C:\Users\48607\AppData\Roaming\Smart Clock 2021-11-07 14:09 - 2021-11-07 14:27 - 000000000 ____D C:\Users\48607\AppData\Roaming\Calculator 2021-11-07 14:09 - 2021-11-07 14:14 - 000000000 ____D C:\Users\48607\Documents\VlcpVideoV1.0.1 2021-11-07 14:09 - 2021-11-07 14:10 - 000000000 ____D C:\Users\48607\AppData\Roaming\tor 2021-11-07 13:14 - 2021-11-07 14:38 - 000000000 ____D C:\Program Files\Counter-Strike Source 2021-11-04 21:38 - 2021-11-04 21:38 - 000004478 _____ C:\WINDOWS\system32\Tasks\Opera GX scheduled assistant Autoupdate 1636058309 2021-11-04 10:28 - 2021-11-18 03:26 - 000001548 _____ C:\Users\48607\Desktop\Opera GX Browser.lnk 2021-11-04 10:28 - 2021-11-04 21:38 - 000004218 _____ C:\WINDOWS\system32\Tasks\Opera GX scheduled Autoupdate 1636018122 2021-11-04 10:28 - 2021-11-04 21:38 - 000001445 _____ C:\Users\48607\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera GX Browser.lnk 2021-10-31 08:36 - 2021-11-18 03:26 - 000002006 _____ C:\Users\48607\Desktop\Cookie Run Kingdom.lnk 2021-10-30 20:45 - 2021-11-18 20:13 - 000000000 ____D C:\Users\48607\AppData\Local\Enlisted 2021-10-30 20:45 - 2021-11-18 03:26 - 000002133 _____ C:\Users\48607\Desktop\Enlisted.lnk 2021-10-30 20:45 - 2021-10-30 20:45 - 000000000 ____D C:\Users\48607\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Enlisted 2021-10-30 20:45 - 2021-10-30 20:45 - 000000000 ____D C:\Users\48607\AppData\Local\Gaijin 2021-10-30 20:45 - 2021-10-30 20:45 - 000000000 ____D C:\ProgramData\Gaijin 2021-10-23 17:46 - 2021-10-23 17:46 - 000000279 _____ C:\Users\48607\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-11-18 20:15 - 2021-03-19 22:25 - 000000000 ____D C:\Program Files (x86)\Google 2021-11-18 20:13 - 2021-03-19 22:22 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-11-18 20:13 - 2021-03-19 22:17 - 000008192 ___SH C:\DumpStack.log.tmp 2021-11-18 20:13 - 2020-10-02 14:12 - 000000000 ____D C:\ProgramData\Avast Software 2021-11-18 20:13 - 2020-09-18 08:48 - 000000000 __SHD C:\Users\48607\IntelGraphicsProfiles 2021-11-18 20:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState 2021-11-18 20:13 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-11-18 20:12 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2021-11-18 20:09 - 2021-03-19 18:10 - 000000000 ____D C:\Users\48607 2021-11-18 19:52 - 2021-03-19 22:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-11-18 19:34 - 2020-12-25 17:31 - 000000000 ____D C:\Users\48607\AppData\Local\D3DSCache 2021-11-18 18:59 - 2021-03-19 22:19 - 001786626 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-11-18 18:59 - 2019-12-07 16:08 - 000789042 _____ C:\WINDOWS\system32\perfh015.dat 2021-11-18 18:59 - 2019-12-07 16:08 - 000163858 _____ C:\WINDOWS\system32\perfc015.dat 2021-11-18 18:59 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF 2021-11-18 03:26 - 2021-10-02 20:36 - 000001547 _____ C:\Users\48607\Desktop\Roblox Player.lnk 2021-11-18 03:26 - 2021-05-15 16:35 - 000002313 _____ C:\Users\48607\Desktop\Medal.lnk 2021-11-18 03:26 - 2021-03-02 21:16 - 000001016 _____ C:\Users\48607\Desktop\Multi-MEmu.lnk 2021-11-18 03:26 - 2021-03-02 21:16 - 000000991 _____ C:\Users\48607\Desktop\MEmu.lnk 2021-11-18 03:26 - 2021-02-24 19:17 - 000002087 _____ C:\Users\48607\Desktop\TLauncher.lnk 2021-11-18 03:26 - 2021-02-12 11:32 - 000001053 _____ C:\Users\48607\Desktop\SGP Baltie 3.lnk 2021-11-18 03:26 - 2020-10-12 18:13 - 000002482 _____ C:\Users\48607\Desktop\Microsoft Teams.lnk 2021-11-18 03:26 - 2020-09-18 13:30 - 000001567 _____ C:\Users\48607\Desktop\Roblox Studio.lnk 2021-11-18 02:14 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-11-17 22:49 - 2019-12-07 10:03 - 022806528 _____ C:\WINDOWS\system32\config\BCD000000 2021-11-17 22:29 - 2019-04-15 16:38 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2021-11-17 22:22 - 2020-09-23 09:35 - 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-11-17 22:22 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-11-17 22:19 - 2019-11-29 01:30 - 000000000 ____D C:\Program Files\Microsoft Office 2021-11-17 22:18 - 2021-09-09 20:19 - 000002219 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2021-11-17 22:18 - 2021-03-19 22:26 - 000002260 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-11-17 22:18 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\System 2021-11-17 22:16 - 2021-04-13 15:18 - 000003416 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d71d05c7dcdffe 2021-11-17 22:16 - 2021-03-19 22:22 - 000003510 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-11-11 09:59 - 2020-10-18 17:01 - 000000000 ____D C:\Users\48607\AppData\Local\CrashDumps 2021-11-11 09:57 - 2021-09-09 19:46 - 000000000 ____D C:\Program Files (x86)\PowerControl 2021-11-11 09:54 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2021-11-11 09:53 - 2021-09-11 12:57 - 000000000 ____D C:\Users\48607\Downloads\DarkX-V1.8 2021-11-11 09:53 - 2021-09-10 13:27 - 000000000 ____D C:\Users\48607\Desktop\fnf mods 2021-11-11 09:53 - 2021-08-21 15:42 - 000000000 ____D C:\Users\48607\Desktop\Photoshop 2021 2021-11-11 09:53 - 2021-04-21 19:36 - 000000000 ____D C:\Program Files\Wondershare 2021-11-11 09:53 - 2021-04-21 19:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare 2021-11-11 09:53 - 2021-04-21 19:33 - 000000000 ____D C:\ProgramData\Wondershare Filmora 2021-11-11 09:53 - 2021-04-21 19:33 - 000000000 ____D C:\Program Files (x86)\Wondershare 2021-11-11 09:53 - 2021-04-16 19:12 - 000000000 ____D C:\Users\48607\Downloads\ACLib 2021-11-11 09:53 - 2021-04-13 15:18 - 000000000 ____D C:\Users\48607\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2021-11-11 09:53 - 2021-04-13 15:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2021-11-11 09:53 - 2021-04-13 15:18 - 000000000 ____D C:\Program Files\WinRAR 2021-11-11 09:53 - 2021-02-12 11:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SGP Systems 2021-11-11 09:53 - 2021-02-12 11:31 - 000000000 ____D C:\Program Files (x86)\SGP Systems 2021-11-11 09:53 - 2021-02-04 21:30 - 000000000 ____D C:\Users\48607\Downloads\Plazma Burst 2 (1) 2021-11-11 09:53 - 2020-09-27 16:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2021-11-11 09:53 - 2020-09-27 16:49 - 000000000 ____D C:\Program Files (x86)\Steam 2021-11-11 09:53 - 2020-09-18 13:30 - 000000000 ____D C:\Users\48607\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2021-11-11 09:53 - 2020-09-18 13:30 - 000000000 ____D C:\Users\48607\AppData\Local\Roblox 2021-11-11 09:53 - 2019-03-19 05:52 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy 2021-11-11 09:50 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\registration 2021-11-11 09:49 - 2021-04-21 19:36 - 000000000 ____D C:\ProgramData\Wondershare 2021-11-07 21:49 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-11-07 21:11 - 2019-12-07 10:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2021-11-07 14:51 - 2021-02-19 17:06 - 000000000 ____D C:\Program Files\EqualizerAPO 2021-11-07 14:39 - 2021-03-19 22:17 - 000542512 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-11-07 14:38 - 2021-04-21 19:29 - 000000000 ____D C:\Users\Public\Documents\Wondershare 2021-11-07 14:27 - 2021-09-09 19:53 - 000000000 ___HD C:\Users\48607\AppData\Roaming\WinHost 2021-11-07 14:27 - 2021-09-09 19:49 - 000000000 ____D C:\Users\48607\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe 2021-11-07 14:25 - 2021-09-09 19:46 - 000000000 ___HD C:\WINDOWS\rss 2021-11-07 14:14 - 2021-10-01 20:47 - 000000000 ____D C:\workspace 2021-11-07 14:14 - 2021-10-01 20:47 - 000000000 ____D C:\autoexec 2021-11-07 14:14 - 2021-09-09 19:46 - 000003638 _____ C:\WINDOWS\system32\Tasks\PowerControl HR 2021-11-07 14:14 - 2021-09-09 19:46 - 000003382 _____ C:\WINDOWS\system32\Tasks\PowerControl LG 2021-11-07 14:14 - 2021-08-01 13:39 - 000000000 ____D C:\Users\48607\Documents\krnl 2021-11-07 14:14 - 2021-06-16 09:43 - 000000000 ____D C:\hpswsetup 2021-11-07 14:14 - 2021-06-11 13:59 - 000000000 ____D C:\Users\48607\Documents\lesniczuwka 2021-11-07 14:14 - 2021-05-15 16:40 - 000000000 ____D C:\Users\48607\Documents\Medal 2021-11-07 14:14 - 2021-03-18 10:59 - 000000000 ___HD C:\$AV_ASW 2021-11-07 14:14 - 2020-11-21 17:18 - 000000000 ____D C:\Users\48607\.junique 2021-11-07 14:14 - 2020-11-21 17:15 - 000000000 ____D C:\Users\48607\Crystal-Launcher 2021-11-07 14:14 - 2020-10-18 09:55 - 000000000 ____D C:\Users\48607\.MemuHyperv 2021-11-07 14:14 - 2020-10-18 09:55 - 000000000 ____D C:\Users\48607\.android 2021-11-07 14:14 - 2020-09-18 08:48 - 000000000 ____D C:\Users\48607\AppData\Local\VirtualStore 2021-11-07 14:14 - 2019-10-29 19:52 - 000000000 ___HD C:\hp 2021-11-07 14:14 - 2019-09-19 01:01 - 000000000 ___HD C:\SYSTEM.SAV 2021-11-07 10:04 - 2021-03-19 18:10 - 000002390 _____ C:\Users\48607\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-11-06 08:41 - 2021-09-14 12:52 - 000000000 ___HD C:\ProgramData\Unobx 2021-11-05 10:41 - 2020-11-21 17:15 - 000001838 _____ C:\Users\48607\Desktop\Crystal Launcher.lnk 2021-11-05 10:41 - 2020-09-23 12:10 - 000000000 ____D C:\Users\48607\AppData\Local\CrystalLauncherInstaller 2021-11-04 10:28 - 2020-09-18 13:23 - 000000000 ____D C:\Users\48607\AppData\Local\Opera Software 2021-11-02 17:38 - 2019-04-15 16:39 - 000000000 __RHD C:\Users\Public\AccountPictures 2021-10-31 13:32 - 2021-06-05 19:33 - 000000000 ____D C:\Users\48607\AppData\LocalLow\Dani 2021-10-31 08:42 - 2020-09-27 16:55 - 000000000 ____D C:\Users\48607\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2021-10-30 20:45 - 2020-09-27 17:02 - 000000000 ____D C:\Users\48607\Documents\My Games 2021-10-29 18:55 - 2021-02-24 19:18 - 000000000 ____D C:\Users\48607\AppData\Roaming\.tlauncher 2021-10-29 18:54 - 2020-09-23 13:00 - 000000000 ____D C:\Users\48607\AppData\Roaming\.minecraft 2021-10-29 18:07 - 2020-10-12 18:13 - 000002375 _____ C:\Users\48607\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk 2021-10-29 17:52 - 2020-09-18 08:38 - 000000000 ____D C:\Users\48607\AppData\Local\Packages ==================== Files in the root of some directories ======== 2020-11-21 17:15 - 2020-11-21 17:15 - 000000031 _____ () C:\Users\48607\AppData\Roaming\.crystalinst 2021-07-02 11:21 - 2021-07-02 11:21 - 000000021 _____ () C:\Users\48607\AppData\Local\Autosofted License.txt 2021-06-08 22:29 - 2021-06-15 17:51 - 000001536 _____ () C:\Users\48607\AppData\Local\GfxMetrics.cfg 2021-02-19 16:34 - 2021-02-19 16:40 - 000016438 _____ () C:\Users\48607\AppData\Local\partner.bmp 2021-09-09 20:12 - 2021-09-09 20:12 - 003103968 _____ (DT001) C:\Users\48607\AppData\Local\setup29587.exe 2021-09-09 20:26 - 2021-09-09 20:26 - 003103968 _____ (DT001) C:\Users\48607\AppData\Local\setup58103.exe ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================