Hi, I need your help! I unfortunately downloaded a ransomware and infected my laptop. Windows security was disabled and all my files were renamed as .wrui I received the ransom not. I deleted all my files already since I read that it can’t return to its original state. Later I learned that BleepingComputer can help with that, whew
I scanned my laptop using Avast and Malwarebytes and detected viruses such as trojan.bitcoinminer, Win64 dropper, MalwareGen, Sandbox, optional.onlineIO, trojan injector, etc. I repeatedly scanned my laptop with those 2 antiviruses until a few are infected. Should I delete them from the virus chest? From time to time Malwarebytes prompt that a virus has been blocked (temp files).
Here are texts from FRST and Addition files —
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-04-2021
Ran by andre (administrator) on TRIXIEPC (ASUSTeK COMPUTER INC. ASUS TUF Gaming A17 FA706IU_TUF706IU) (23-04-2021 17:39:00)
Running from C:UsersandreDesktop
Loaded Profiles: andre
Platform: Windows 10 Home Version 20H2 19042.928 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc) C:Program Files (x86)Common FilesAdobeAdobe Desktop CommonIPCBoxAdobeIPCBroker.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:Program FilesAdobeAdobe Creative Cloud ExperienceCCXProcess.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:Program Files (x86)Common FilesAdobeAdobeGCClientAGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:Program Files (x86)Common FilesAdobeAdobeGCClientAGSService.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:Program Files (x86)Common FilesAdobeAdobe Desktop CommonElevationManagerAdobeUpdateService.exe
(Advanced Micro Devices, Inc. -> AMD) C:WindowsSystem32DriverStoreFileRepositoryu0362957.inf_amd64_47170f5efa6cd04eB362672atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:WindowsSystem32DriverStoreFileRepositoryu0362957.inf_amd64_47170f5efa6cd04eB362672atiesrxx.exe
(ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSLinkRemoteAsusLinkRemote.exe
(ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSSoftwareManagerAsusSoftwareManagerAgent.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:Program Files (x86)ASUSTeK COMPUTER INCRefreshRateServiceRefreshRateService.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:Program Files (x86)LightingServiceLightingService.exe
(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:Program FilesASUSARMOURY CRATE ServiceArmouryCrate.Service.exe
(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:Program FilesASUSARMOURY CRATE ServiceArmouryCrate.UserSessionHelper.exe
(ASUSTeK Computer Inc. -> ASUSTeK COMPUTER INC.) C:WindowsSystem32ASUSACCIArmouryCrateControlInterface.exe
(ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSLinkNearAsusLinkNear.exe
(ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSLinkNearAsusLinkNearExt.exe
(ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSOptimizationAsusOptimization.exe
(ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSOptimizationAsusOptimizationStartupTask.exe
(ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSOptimizationAsusOSD.exe
(ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSSoftwareManagerAsusSoftwareManager.exe
(ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSSystemAnalysisAsusSystemAnalysis.exe
(ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.) C:Program Files (x86)ASUSROG Live ServiceROGLiveService.exe
(Avast Software s.r.o. -> AVAST Software) C:Program FilesAvast SoftwareAvastaswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:Program FilesAvast SoftwareAvastaswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:Program FilesAvast SoftwareAvastAvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:Program FilesAvast SoftwareAvastAvastUI.exe <4>
(Avast Software s.r.o. -> AVAST Software) C:Program FilesAvast SoftwareAvastwsc_proxy.exe
(DTS, Inc. -> DTS Inc.) C:WindowsSystem32DTSPCAPO4xDtsApo4Service.exe
(Google LLC -> Google LLC) C:Program FilesGoogleChromeApplicationchrome.exe <24>
(Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-Malwarembamtray.exe
(Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-MalwareMBAMWsc.exe
(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.WindowsStore_12001.1001.5.0_x64__8wekyb3d8bbweWinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsImmersiveControlPanelSystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32oobeUserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:WindowsSystem32amdlogsr.exe
(Microsoft Windows Hardware Compatibility Publisher -> ASUSTek COMPUTER INC.) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSSystemDiagnosisAsusSystemDiagnosis.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:WindowsRtkBtManServ.exe
(Nitro Software, Inc. -> ) C:Program FilesNitroPro 11Nitro_UpdateService.exe
(Nitro Software, Inc. -> Nalpeiron Ltd.) C:WindowsSysWOW64NLSSRV32.EXE
(Nitro Software, Inc. -> Nitro Software, Inc.) C:Program FilesNitroPro 11NitroPDFDriverService11x64.exe
(Node.js Foundation -> Node.js) C:Program FilesAdobeAdobe Creative Cloud Experiencelibsnode.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:WindowsSystem32DriverStoreFileRepositorynvam.inf_amd64_0f6918628c340454Display.NvContainerNVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:WindowsSystem32RtkAudUService64.exe
(Skype) C:Program FilesWindowsAppsMicrosoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5cSkypeApp.exe
(Skype) C:Program FilesWindowsAppsMicrosoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5cSkypeBackgroundHost.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM…Run: [AvastUI.exe] => C:Program FilesAvast SoftwareAvastAvLaunch.exe [118496 2021-04-22] (Avast Software s.r.o. -> AVAST Software)
HKLM…Run: [TabletDriver] => C:Huion TabletHuion Tablet.exe huion-hklm
HKLM…Run: [AdobeAAMUpdater-1.0] => C:Program Files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe [500936 2015-04-28] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM…Run: [AdobeGCInvoker-1.0] => C:Program Files (x86)Common FilesAdobeAdobeGCClientAGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32…Run: [SwitchBoard] => C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32…Run: [AdobeCS6ServiceManager] => C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32…Run: [Adobe Creative Cloud] => C:Program Files (x86)AdobeAdobe Creative CloudACCCreative Cloud.exe [2383040 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32…Run: [AdobeCS5.5ServiceManager] => C:Program Files (x86)Common FilesAdobeCS5.5ServiceManagerCS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32…Run: [GrooveMonitor] => C:Program Files (x86)Microsoft OfficeOffice12GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32…Run: [Adobe CCXProcess] => C:Program Files (x86)AdobeAdobe Creative Cloud ExperienceCCXProcess.exe [129288 2021-04-22] (Adobe Inc. -> )
HKLMSOFTWAREPoliciesMicrosoftWindows Defender: Restriction <==== ATTENTION
HKUS-1-5-21-1823135509-1463431044-1941639193-1002…Run: [Spotify] => C:UsersandreAppDataRoamingSpotifySpotify.exe [24261704 2021-04-19] (Spotify AB -> Spotify Ltd)
HKUS-1-5-21-1823135509-1463431044-1941639193-1002…Run: [Viber] => C:UsersandreAppDataLocalViberViber.exe [47907032 2021-02-25] (Viber Media S.à r.l. -> Viber Media S.Ã r.l.)
HKUS-1-5-21-1823135509-1463431044-1941639193-1002…Run: [Discord] => C:UsersandreAppDataLocalDiscordUpdate.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKUS-1-5-21-1823135509-1463431044-1941639193-1002…Run: [AdobeBridge] => [X]
HKUS-1-5-21-1823135509-1463431044-1941639193-1002…Run: [sxyvyshp] => “C:Usersandreqztyqpkg.exe”
HKUS-1-5-21-1823135509-1463431044-1941639193-1002…MountPoints2: {859772e1-9fec-11eb-a6d0-d8c0a657faba} – “D:HiSuiteDownLoader.exe”
HKLM…PrintMonitorsNitro PDF Port Monitor: C:Windowssystem32nitrolocalmon11.dll [31944 2017-03-09] (Nitro Software, Inc. -> Nitro Software, Inc.)
HKLMSoftwareMicrosoftActive SetupInstalled Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:Program FilesGoogleChromeApplication90.0.4430.85Installerchrmstp.exe [2021-04-21] (Google LLC -> Google LLC)
Startup: C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupHuion Tablet.lnk [2021-03-02]
ShortcutTarget: Huion Tablet.lnk -> C:Huion TabletHuion Tablet.exe (No File)
Startup: C:UsersandreAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupprograms.bat [2021-04-23] () [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:ProgramDataNTUSER.pol: Restriction <==== ATTENTION
HKLMSOFTWAREPoliciesMozillaFirefox: Restriction <==== ATTENTION
HKLMSOFTWAREPoliciesGoogle: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {056F7BC7-740D-4848-8A28-E7B19F8D5B3F} – System32TasksNvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe [850928 2020-07-10] (NVIDIA Corporation -> NVIDIA Corporation) -> -d “C:Program FilesNVIDIA CorporationNvBackendNvBatteryBoostCheck” -l 3 -f C:ProgramDataNVIDIANvContainerBatteryBoostCheck.log
Task: {10DEB861-5F96-4808-A519-F894576D5AE8} – System32TasksAvast SoftwareOverseer => C:Program FilesCommon FilesAvast SoftwareOverseeroverseer.exe [1791712 2021-03-02] (Avast Software s.r.o. -> Avast Software)
Task: {1976B49B-949C-438C-B094-D67926301D3D} – System32TasksASUS Update Checker 2.0 => C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSSoftwareManagerAsusUpdateChecker.exe [677952 2021-03-28] (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.)
Task: {1B878D95-5BB0-4207-AA2F-3956816930BA} – System32TasksNvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1126888 2020-07-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1E0EAF36-C5DC-4FF2-8B78-184A09653D3C} – System32TasksGoogleUpdateTaskMachineUA => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [154440 2021-03-02] (Google LLC -> Google LLC)
Task: {33F08F5D-8A8B-4AAA-8C27-2FDF0792AA84} – System32TasksNvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [907240 2020-07-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {44D23708-AE50-4F50-A3C2-7C1B225C8962} – System32TasksNvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1126888 2020-07-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {49686555-4268-4C3D-9B8F-4E0098EB0F70} – System32TasksNvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program Files (x86)NVIDIA CorporationNvNodenvnodejslauncher.exe [646456 2020-07-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {55EF4299-1CB5-4F3E-80CA-375F614AAD64} – System32TasksNVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNVIDIA GeForce ExperienceNVIDIA GeForce Experience.exe [3293168 2020-07-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {577F4903-7BEA-41F2-854B-18A8B9962903} – System32TasksGoogleUpdateTaskMachineCore => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [154440 2021-03-02] (Google LLC -> Google LLC)
Task: {65592C1A-48F2-4B47-9FC8-4C75324D54CC} – System32TasksAvast Emergency Update => C:Program FilesAvast SoftwareAvastAvEmUpdate.exe [4699872 2021-04-22] (Avast Software s.r.o. -> AVAST Software)
Task: {7A2F7777-1159-4B5F-9739-9D13278FADF6} – System32TasksASUS Optimization 36D18D69AFC3 => C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSOptimizationAsusHotkeyExec.exe [231968 2021-03-28] (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.)
Task: {8191CEDC-6EBB-4D9D-936C-7FD26AE4C84B} – System32TasksASUSASUSUpdateTaskMachineUA => C:Program Files (x86)ASUSUpdateAsusUpdate.exe [163176 2020-12-29] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {88DD50AA-99D4-439D-8576-29C0FAD19E65} – System32TasksNvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [907240 2020-07-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9046D3A1-418F-4E0F-B82E-8EBD4056FA20} – System32TasksMicrosoftWindowsPLA 74C0539-0999-4DA9-9D0D-3D016B62F4E9 => {FF679DA1-8FF2-4474-9C9E-52BBD409B557} C:Windowssystem32pla.dll [1493504 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {9590E3D1-AD41-4EF9-BD89-1AAF3E155DE3} – Syst[email protected]gmail.com => C:Program Files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe [500936 2015-04-28] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {AA91D2E6-2708-4BA9-AD33-0B1421DF7358} – System32TasksNvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe [850928 2020-07-10] (NVIDIA Corporation -> NVIDIA Corporation) -> -d “C:Program FilesNVIDIA CorporationNvDriverUpdateCheck” -l 3 -f C:ProgramDataNVIDIANvContainerDriverUpdateCheck.log
Task: {AEB32902-2CFB-4AFC-8A3E-B262DEC742F5} – System32TasksPBtKAfc => C:Windowssystem32rundll32.exe “C:Program Files (x86)PBtKAfcPBtKAfc.dll”,PBtKAfc <==== ATTENTION
Task: {B2E3BA99-5DDB-4794-B95A-2DB882BBA80D} – System32TasksAdvancedUpdater => C:Program Files (x86)AW ManagerWindows ManagerWindows Updater.exe
Task: {BBED2EA5-C6A4-47CB-80BD-58AA89A6B7CA} – System32TasksMicrosoftWindowsPLAAsusLinkNear => {FF679DA1-8FF2-4474-9C9E-52BBD409B557} C:Windowssystem32pla.dll [1493504 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {CD6E9CEF-EBFB-47EB-AF08-EB95B14CA86A} – System32TasksNvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1126888 2020-07-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D0DEEDD3-2878-46A5-A2C5-B9642BB7F59C} – System32TasksAdobeGCInvoker-1.0 => C:Program Files (x86)Common FilesAdobeAdobeGCClientAGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {D94BB76B-8B51-4C07-B4EA-936A308103DC} – System32TasksNvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1126888 2020-07-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {DA2BC568-BA11-4431-8826-64B067543977} – System32TasksAsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474 => C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSSystemAnalysisAsusSystemAnalysis.exe [2399800 2021-03-28] (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.)
Task: {EC4B47F8-808F-4D75-9E36-7995D54FC624} – System32TasksRtkAudUService64_BG => C:WindowsSystem32RtkAudUService64.exe [1063712 2020-02-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {F3113799-CC66-48C9-859C-15A9C965CD0A} – System32TasksASUSASUSUpdateTaskMachineCore1d6dd657b1a3a6a => C:Program Files (x86)ASUSUpdateAsusUpdate.exe [163176 2020-12-29] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
TcpipParameters: [DhcpNameServer] 192.168.254.254
Tcpip..Interfaces{1a47204a-0bc7-4717-bf3e-fcf877e6cb7f}: [DhcpNameServer] 40.53.1.11
Tcpip..Interfaces{be4d5457-1e2c-4259-89d6-2dfaafc3ebf6}: [DhcpNameServer] 192.168.254.254
Edge:
=======
Edge Profile: C:UsersandreAppDataLocalMicrosoftEdgeUser DataDefault [2021-04-23]
Edge HKLM-x32…EdgeExtension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:Program FilesVideoLANVLCnpvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:Program Files (x86)Common FilesAdobeOOBEPDAppCCMUtilitiesnpAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:Program Files (x86)NitroPro 11npnitromozilla.dll [2017-03-09] (Nitro Software, Inc. -> Nitro PDF)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:UsersandreAppDataLocalGoogleChromeUser DataDefault [2021-04-23]
CHR DownloadDir: C:UsersandreDesktop
CHR StartupUrls: Default -> “hxxps://mail.google.com/mail/u/0/?pli=1#inbox”,”hxxps://www.facebook.com/”,”hxxps://mail.google.com/mail/u/2/?tab=km#inbox”
CHR DefaultSearchURL: Default -> hxxps://www.ctcodeinfo.com/search?q={searchTerms}
CHR DefaultSearchKeyword: Default -> Custom
CHR Extension: (Slides) – C:UsersandreAppDataLocalGoogleChromeUser DataDefaultExtensionsaapocclcgogkmnckokdopfmhonfmgoek [2021-03-02]
CHR Extension: (Docs) – C:UsersandreAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [2021-03-02]
CHR Extension: (Google Drive) – C:UsersandreAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2021-03-02]
CHR Extension: (YouTube) – C:UsersandreAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2021-03-02]
CHR Extension: (Custom) – C:UsersandreAppDataLocalGoogleChromeUser DataDefaultExtensionscolgdlijdieibnaccfdcdbpdffofkfeb [2021-04-22]
CHR Extension: (Sheets) – C:UsersandreAppDataLocalGoogleChromeUser DataDefaultExtensionsfelcaaldnbdncclmgdcncolpebgiejap [2021-03-02]
CHR Extension: (Google Docs Offline) – C:UsersandreAppDataLocalGoogleChromeUser DataDefaultExtensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-04-21]
CHR Extension: (Malwarebytes Browser Guard) – C:UsersandreAppDataLocalGoogleChromeUser DataDefaultExtensionsihcjicgdanjaechkgeegckofjjedodee [2021-04-23]
CHR Extension: (Chrome Web Store Payments) – C:UsersandreAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2021-03-02]
CHR Extension: (Gmail) – C:UsersandreAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2021-03-02]
CHR Extension: (Chrome Media Router) – C:UsersandreAppDataLocalGoogleChromeUser DataDefaultExtensionspkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-17]
CHR Profile: C:UsersandreAppDataLocalGoogleChromeUser DataGuest Profile [2021-03-21]
CHR HKLM-x32…ChromeExtension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32…ChromeExtension: [ihcjicgdanjaechkgeegckofjjedodee]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeUpdateService; C:Program Files (x86)Common FilesAdobeAdobe Desktop CommonElevationManagerAdobeUpdateService.exe [744640 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:Program Files (x86)Common FilesAdobeAdobeGCClientAGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:Program Files (x86)Common FilesAdobeAdobeGCClientAGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 ArmouryCrateControlInterface; C:WindowsSystem32ASUSACCIArmouryCrateControlInterface.exe [889248 2020-12-17] (ASUSTeK Computer Inc. -> ASUSTeK COMPUTER INC.)
R2 ArmouryCrateService; C:Program FilesASUSARMOURY CRATE ServiceArmouryCrate.Service.exe [348280 2021-03-29] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
S2 asus; C:Program Files (x86)ASUSUpdateAsusUpdate.exe [163176 2020-12-29] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 ASUSLinkNear; C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSLinkNearAsusLinkNear.exe [1177648 2021-03-28] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
R2 ASUSLinkNearExt; C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSLinkNearAsusLinkNearExt.exe [142248 2021-03-28] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
R2 ASUSLinkRemote; C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSLinkRemoteAsusLinkRemote.exe [791584 2021-03-28] (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.)
S3 asusm; C:Program Files (x86)ASUSUpdateAsusUpdate.exe [163176 2020-12-29] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 ASUSOptimization; C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSOptimizationAsusOptimization.exe [327200 2021-03-28] (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.)
R2 ASUSSoftwareManager; C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSSoftwareManagerAsusSoftwareManager.exe [884800 2021-03-28] (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.)
R2 ASUSSystemAnalysis; C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSSystemAnalysisAsusSystemAnalysis.exe [2399800 2021-03-28] (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.)
R2 ASUSSystemDiagnosis; C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSSystemDiagnosisAsusSystemDiagnosis.exe [620960 2021-03-28] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek COMPUTER INC.)
S3 aswbIDSAgent; C:Program FilesAvast SoftwareAvastaswidsagent.exe [7894040 2021-04-22] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:Program FilesAvast SoftwareAvastAvastSvc.exe [606944 2021-04-22] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:Program FilesAvast SoftwareAvastaswToolsSvc.exe [356064 2021-04-22] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:Program FilesAvast SoftwareAvastwsc_proxy.exe [56920 2021-04-22] (Avast Software s.r.o. -> AVAST Software)
R2 DtsApo4Service; C:WindowsSystem32DTSPCAPO4xDtsApo4Service.exe [201376 2020-10-19] (DTS, Inc. -> DTS Inc.)
R2 LightingService; C:Program Files (x86)LightingServiceLightingService.exe [3210232 2021-03-03] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
R2 MBAMService; C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe [7456464 2021-04-23] (Malwarebytes Inc -> Malwarebytes)
R2 NitroDriverReadSpool11; C:Program FilesNitroPro 11NitroPDFDriverService11x64.exe [327368 2017-03-09] (Nitro Software, Inc. -> Nitro Software, Inc.)
R2 NitroUpdateService; C:Program FilesNitroPro 11Nitro_UpdateService.exe [419016 2017-03-09] (Nitro Software, Inc. -> )
R2 nlsX86cc; C:WindowsSysWOW64NLSSRV32.EXE [71880 2017-03-09] (Nitro Software, Inc. -> Nalpeiron Ltd.)
R2 RefreshRateService; C:Program Files (x86)ASUSTeK COMPUTER INCRefreshRateServiceRefreshRateService.exe [37344 2020-02-07] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
R2 ROG Live Service; C:Program Files (x86)ASUSROG Live ServiceROGLiveService.exe [5557848 2021-03-24] (ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.)
S3 SwitchBoard; C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:ProgramDataMicrosoftWindows Defenderplatform4.18.2101.9-0NisSrv.exe [2462960 2021-03-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 WinDefend; C:ProgramDataMicrosoftWindows Defenderplatform4.18.2101.9-0MsMpEng.exe [128376 2021-03-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:WindowsSystem32DriverStoreFileRepositorynvam.inf_amd64_0f6918628c340454Display.NvContainerNVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%NVIDIANVDisplay.ContainerLocalSystem.log -l 3 -d C:WindowsSystem32DriverStoreFileRepositorynvam.inf_amd64_0f6918628c340454Display.NvContainerpluginsLocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystemLocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppServicea; C:WindowsSystem32svchost.exe [57360 2021-03-03] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R3 AsusPTPDrv; C:WindowsSystem32driversAsusPTPFilter.sys [112336 2019-10-02] (ASUSTek Computer Inc. -> ASUSTek COMPUTER INC.)
R1 ASUSSAIO; C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSSystemAnalysisASUSSAIO.sys [36416 2021-03-28] (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.)
R0 aswArDisk; C:WindowsSystem32driversaswArDisk.sys [35664 2021-04-22] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:WindowsSystem32driversaswArPot.sys [212192 2021-04-22] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:WindowsSystem32driversaswbidsdriver.sys [365024 2021-04-22] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:WindowsSystem32driversaswbidsh.sys [250336 2021-04-22] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:WindowsSystem32driversaswbuniv.sys [99288 2021-04-22] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:WindowsSystem32driversaswElam.sys [17352 2021-04-22] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:WindowsSystem32driversaswKbd.sys [41296 2021-04-22] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:WindowsSystem32driversaswMonFlt.sys [180448 2021-04-22] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:WindowsSystem32driversaswNetHub.sys [522384 2021-04-22] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:WindowsSystem32driversaswRdr2.sys [107792 2021-04-22] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:WindowsSystem32driversaswRvrt.sys [82872 2021-04-22] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:WindowsSystem32driversaswSnx.sys [850632 2021-04-22] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:WindowsSystem32driversaswSP.sys [467720 2021-04-22] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:WindowsSystem32driversaswStm.sys [215352 2021-04-22] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:WindowsSystem32driversaswVmm.sys [326992 2021-04-22] (Avast Software s.r.o. -> AVAST Software)
R1 ATKWMIACPIIO; C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSOptimizationatkwmiacpi64.sys [44680 2021-03-28] (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.)
R1 ESProtectionDriver; C:Windowssystem32driversmbae64.sys [199128 2021-04-23] (Malwarebytes Inc -> Malwarebytes)
R3 HIDSwitch; C:WindowsSystem32driversAsRadioControl.sys [32696 2020-11-19] (ASUSTek Computer Inc. -> ASUS)
S3 ITEflashIO; C:WindowsSystem32DriversITEflashIO.sys [23624 2021-03-23] (ITE Tech. Inc. -> ITE Tech. Inc.)
R2 MBAMChameleon; C:WindowsSystem32DriversMbamChameleon.sys [220752 2021-04-23] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:WindowsSystem32DRIVERSMbamElam.sys [19912 2021-04-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:WindowsSystem32DRIVERSfarflt.sys [198888 2021-04-23] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:Windowssystem32DRIVERSmbam.sys [77496 2021-04-23] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:WindowsSystem32Driversmbamswissarmy.sys [248992 2021-04-23] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:Windowssystem32DRIVERSmwac.sys [157944 2021-04-23] (Malwarebytes Inc -> Malwarebytes)
R3 vmulti; C:WindowsSystem32driversvmulti.sys [10752 2018-03-16] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
S3 WdBoot; C:Windowssystem32driverswdWdBoot.sys [49552 2021-03-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:Windowssystem32driverswdWdFilter.sys [419040 2021-03-02] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:WindowsSystem32driverswdWdNisDrv.sys [71912 2021-03-02] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-04-23 17:39 – 2021-04-23 17:39 – 000030538 _____ C:UsersandreDesktopFRST.txt
2021-04-23 17:38 – 2021-04-23 17:39 – 000000000 ____D C:FRST
2021-04-23 17:37 – 2021-04-23 17:37 – 002298368 _____ (Farbar) C:UsersandreDesktopFRST64.exe
2021-04-23 17:11 – 2021-04-23 17:11 – 000220752 _____ (Malwarebytes) C:Windowssystem32DriversMbamChameleon.sys
2021-04-23 17:11 – 2021-04-23 17:11 – 000198888 _____ (Malwarebytes) C:Windowssystem32Driversfarflt.sys
2021-04-23 17:11 – 2021-04-23 17:11 – 000157944 _____ (Malwarebytes) C:Windowssystem32Driversmwac.sys
2021-04-23 17:11 – 2021-04-23 17:11 – 000077496 _____ (Malwarebytes) C:Windowssystem32Driversmbam.sys
2021-04-23 17:10 – 2021-04-23 17:10 – 019660800 ____N C:Windowssystem32configSYSTEM
2021-04-23 17:10 – 2021-04-23 17:10 – 000006144 _____ (Microsoft Corporation) C:Windowssystem32J9RRE6X2DX.tmp
2021-04-23 17:03 – 2021-04-23 17:03 – 000002023 _____ C:UsersPublicDesktopMalwarebytes.lnk
2021-04-23 17:03 – 2021-04-23 17:03 – 000002023 _____ C:ProgramDataDesktopMalwarebytes.lnk
2021-04-23 12:37 – 2021-04-23 17:03 – 000248992 _____ (Malwarebytes) C:Windowssystem32Driversmbamswissarmy.sys
2021-04-23 12:37 – 2021-04-23 17:03 – 000002035 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes.lnk
2021-04-23 12:37 – 2021-04-23 12:37 – 000199128 _____ (Malwarebytes) C:Windowssystem32Driversmbae64.sys
2021-04-23 12:37 – 2021-04-23 12:37 – 000019912 _____ (Malwarebytes) C:Windowssystem32DriversMbamElam.sys
2021-04-23 12:37 – 2021-04-23 12:37 – 000000000 ____D C:UsersandreAppDataLocalmbam
2021-04-23 12:37 – 2021-04-23 12:37 – 000000000 ____D C:ProgramDataMalwarebytes
2021-04-23 12:36 – 2021-04-23 12:36 – 000000000 ____D C:Program FilesMalwarebytes
2021-04-23 12:34 – 2021-04-23 12:34 – 000000000 ____D C:UsersandreAppDataLocalbe4a6ac4-2a30-45cc-ad41-fbf5b4e55023
2021-04-23 11:48 – 2021-04-23 15:21 – 000000000 ____D C:UsersandreAppDataLocalCrashDumps
2021-04-23 11:46 – 2021-04-23 11:46 – 000016786 _____ C:Windowssystem32TasksPBtKAfc
2021-04-23 11:46 – 2021-04-23 11:46 – 000000000 ____D C:UsersandreAppDataRoaminglighteningplayer
2021-04-23 11:45 – 2021-03-04 02:16 – 000000000 ____D C:Program Files (x86)PBtKAfc
2021-04-23 11:44 – 2021-04-23 11:49 – 011254606 _____ C:Usersandreqztyqpkg.exe.wrui
2021-04-23 11:44 – 2021-04-23 11:44 – 000001106 _____ C:Usersandre_readme.txt
2021-04-23 11:43 – 2021-04-23 11:43 – 000000556 _____ C:UsersandreAppDataLocalbowsakkdestx.txt
2021-04-23 11:43 – 2021-04-23 11:43 – 000000000 ____D C:SystemID
2021-04-23 11:42 – 2021-04-23 17:10 – 019660800 _____ C:Windowssystem32C_32770.NLS
2021-04-23 11:42 – 2021-04-23 15:59 – 000002776 _____ C:Windowssystem32TasksFirefox Default Browser Agent 58AF81702FE38D36
2021-04-23 11:42 – 2021-04-23 12:33 – 000000000 ____D C:UsersandreAppDataLocal7c27bd44-ee86-4ffa-9730-6f193b19c5d1
2021-04-23 11:42 – 2021-04-23 11:50 – 000148711 _____ C:UsersandreAppDataLocalLowZPpniG0J2Ga.zip.wrui
2021-04-23 11:42 – 2021-04-23 11:50 – 000002449 _____ C:UsersandreAppDataLocalLowmachineinfo.txt.wrui
2021-04-23 11:42 – 2021-04-23 11:45 – 000002118 _____ C:UsersandreAppDataRoamingMicrosoftWindowsStart MenuProgramsLightening Media Player.lnk
2021-04-23 11:42 – 2021-04-23 11:42 – 006694800 ____N C:Windowssystem32Drivers8lV9Yk2.sys
2021-04-23 11:42 – 2021-04-23 11:42 – 000916735 _____ (SQLite Development Team) C:UsersandreAppDataLocalLowsqlite3.dll
2021-04-23 11:42 – 2021-04-23 11:41 – 001048576 _____ C:UsersandreAppDataLocalLowexuieaoEiI
2021-04-23 11:42 – 2021-04-16 22:59 – 000114688 _____ C:UsersandreAppDataLocalLowQDNQsOYAhl
2021-04-23 11:42 – 2021-04-16 22:59 – 000114688 _____ C:UsersandreAppDataLocalLowFgnihTnT3h
2021-04-23 11:42 – 2021-04-16 22:59 – 000049152 _____ C:UsersandreAppDataLocalLow4bl6oDi3bH
2021-04-23 11:42 – 2021-03-21 19:15 – 000020480 _____ C:UsersandreAppDataLocalLowmnNHfbHoLd
2021-04-23 11:42 – 2021-03-12 15:36 – 000032768 _____ C:UsersandreAppDataLocalLowfGwl4MX6d9
2021-04-23 11:41 – 2021-04-23 16:25 – 000000000 ___HD C:UsersPublicDocumentsAdobeGC
2021-04-23 11:41 – 2021-04-23 16:25 – 000000000 ___HD C:ProgramDataDocumentsAdobeGC
2021-04-22 21:20 – 2021-04-22 21:20 – 000001132 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsAdobe Premiere Pro 2021.lnk
2021-04-22 21:20 – 2021-04-22 21:20 – 000000000 ____D C:UsersPublicDocumentsAdobe
2021-04-22 21:20 – 2021-04-22 21:20 – 000000000 ____D C:ProgramDataDocumentsAdobe
2021-04-22 19:17 – 2021-04-23 15:59 – 000000000 ____D C:UsersandreAppDataRoamingXUGnyWzvizFylweeYySuMujumtetYJCSWAxQzDvzHFJJKYdtmVYluyoQHAZwTfnnRNpJGjIxJnnubDcANYErKaLRaEoTEcmailSXPHbhjDAHGear
2021-04-22 19:17 – 2021-04-23 12:33 – 000000000 ____D C:UsersandreAppDataRoamingSmart Clock
2021-04-22 19:15 – 2021-04-23 17:11 – 000000258 __RSH C:ProgramDatantuser.pol
2021-04-22 19:15 – 2021-04-22 19:16 – 000000000 ____D C:UsersandreAppDataLocalLowcR1dL5pE5dG6mD5k
2021-04-22 19:14 – 2021-04-23 15:59 – 000002776 _____ C:Windowssystem32TasksFirefox Default Browser Agent DD87B3B03701A1AA
2021-04-22 19:14 – 2021-04-22 19:14 – 000000000 ____D C:UsersandreAppDataRoamingXantan
2021-04-22 19:14 – 2021-04-22 19:14 – 000000000 ____D C:UsersandreAppDataLocalLowgC9tT2iQ3s
2021-04-22 19:13 – 2021-04-22 19:13 – 000000000 ____D C:ProgramDataLavasoft
2021-04-22 19:12 – 2021-04-23 16:40 – 000000000 ____D C:UsersandreDocumentsVlcpVideoV1.0.1
2021-04-22 19:12 – 2021-04-23 16:03 – 000000000 ____D C:Program Files (x86)94c45254-6d52-40cc-93fb-b69707383880
2021-04-22 19:12 – 2021-04-23 12:33 – 000000000 ___HD C:ProgramDataWindows Host
2021-04-22 19:12 – 2021-04-23 11:44 – 000037872 _____ C:Program FileslibEGL.dll
2021-04-22 19:12 – 2021-04-22 23:27 – 000002988 _____ C:Windowssystem32TasksAdvancedUpdater
2021-04-22 19:12 – 2021-04-22 19:12 – 001493916 _____ C:UsersandreSkQwxeRsyPCqnYikcCvSYRQagr
2021-04-22 17:01 – 2021-04-22 17:01 – 000339680 _____ (AVAST Software) C:Windowssystem32aswBoot.exe
2021-04-22 17:01 – 2021-04-22 17:01 – 000215352 _____ (AVAST Software) C:Windowssystem32DriversaswStm.sys
2021-04-22 16:09 – 2021-04-22 16:09 – 000000000 ____D C:UsersandreAppDataRoamingPACE Anti-Piracy
2021-04-22 16:09 – 2021-04-22 16:09 – 000000000 ____D C:ProgramDataPACE Anti-Piracy
2021-04-21 20:01 – 2021-04-21 14:57 – 000470634 _____ C:UsersPublicPatient Data Sheet- FILL UP-COLORED-FINAL.pdf
2021-04-21 20:01 – 2021-04-21 14:57 – 000197420 _____ C:UsersPublicREGISTRATION FORM.pdf
2021-04-19 18:14 – 2021-04-19 18:14 – 000000000 ____H C:Windowssystem32DriversMsft_User_WpdMtpDr_01_11_00.Wdf
2021-04-16 17:38 – 2021-04-16 17:38 – 001823304 _____ (Microsoft Corporation) C:Windowssystem32winload.efi
2021-04-16 17:38 – 2021-04-16 17:38 – 000231248 _____ C:Windowssystem32containerdevicemanagement.dll
2021-04-16 17:38 – 2021-04-16 17:38 – 000011357 _____ C:Windowssystem32DrtmAuthTxt.wim
2021-04-06 21:40 – 2021-04-23 16:40 – 000000000 ____D C:UsersandreDocumentsShadow of the Tomb Raider
2021-04-06 21:40 – 2021-04-06 21:40 – 000000000 ____D C:UsersandreAppDataRoamingEidos Montreal
2021-04-06 21:40 – 2021-04-06 21:40 – 000000000 ____D C:Usersandreansel
2021-04-06 21:39 – 2021-04-06 21:39 – 000000000 ____D C:UsersPublicDocumentsSteam
2021-04-06 21:39 – 2021-04-06 21:39 – 000000000 ____D C:ProgramDataDocumentsSteam
2021-04-06 21:01 – 2021-04-06 21:01 – 000000000 ____D C:UsersandreAppDataRoamingcod_ww2_crack_data
2021-04-06 14:12 – 2021-04-06 14:12 – 000000000 ____D C:Windowssystem32TasksAgent Activation Runtime
2021-03-27 19:17 – 2021-03-27 19:17 – 000000000 ____D C:UsersandreAppDataLocalViber Media S.à r.l
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-04-23 17:28 – 2019-12-07 17:14 – 000000000 ____D C:WindowsAppReadiness
2021-04-23 17:17 – 2020-05-07 21:20 – 000840602 _____ C:Windowssystem32PerfStringBackup.INI
2021-04-23 17:17 – 2019-12-07 17:13 – 000000000 ____D C:WindowsINF
2021-04-23 17:13 – 2021-03-02 16:31 – 000003752 _____ C:Windowssystem32TasksAsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474
2021-04-23 17:11 – 2021-03-02 18:50 – 000000000 ____D C:ProgramDataAvast Software
2021-04-23 17:11 – 2020-12-29 05:59 – 000000000 ____D C:ProgramDataNVIDIA
2021-04-23 17:11 – 2020-05-07 21:13 – 000000006 ____H C:WindowsTasksSA.DAT
2021-04-23 17:11 – 2019-12-07 17:14 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft
2021-04-23 17:10 – 2020-05-07 21:12 – 000008192 ___SH C:DumpStack.log.tmp
2021-04-23 17:10 – 2019-12-07 17:03 – 000786432 _____ C:Windowssystem32configBBI
2021-04-23 16:48 – 2021-03-02 19:41 – 000000000 ____D C:UsersandreDocuments- Trixie Files
2021-04-23 16:40 – 2021-03-02 19:04 – 000000000 ____D C:UsersandreDocumentsActivePresenter Templates
2021-04-23 16:31 – 2020-12-29 05:59 – 000000000 ____D C:ProgramDataPackage Cache
2021-04-23 16:25 – 2021-03-04 18:20 – 000000000 ___HD C:UsersPublicDocumentsAdobeGCData
2021-04-23 16:25 – 2021-03-04 18:20 – 000000000 ___HD C:ProgramDataDocumentsAdobeGCData
2021-04-23 16:19 – 2019-12-07 17:14 – 000000000 ___HD C:Program FilesWindowsApps.tmp
2021-04-23 16:19 – 2019-12-07 17:14 – 000000000 ___HD C:Program FilesWindowsApps
2021-04-23 16:18 – 2019-12-07 17:14 – 000000000 ____D C:Windowsregistration
2021-04-23 16:06 – 2021-03-02 22:52 – 000000000 ____D C:UsersandreAppDataRoamingNitro
2021-04-23 16:02 – 2021-03-02 18:51 – 000004264 _____ C:Windowssystem32TasksAvast Emergency Update
2021-04-23 16:00 – 2020-05-07 21:12 – 000000000 ____D C:Windowssystem32SleepStudy
2021-04-23 15:55 – 2021-03-02 16:01 – 000000000 ____D C:UsersandreAppDataLocalD3DSCache
2021-04-23 12:37 – 2019-12-07 17:14 – 000000000 ___HD C:WindowsELAMBKUP
2021-04-23 12:33 – 2021-03-03 18:02 – 000000000 ____D C:Program Files (x86)Microsoft Office
2021-04-23 12:33 – 2020-12-30 08:14 – 000000000 ____D C:Usersandre
2021-04-23 11:55 – 2021-03-02 16:01 – 000000000 ____D C:UsersandreAppDataLocalVirtualStore
2021-04-23 11:49 – 2021-03-02 19:22 – 000000000 ____D C:Huion Tablet
2021-04-23 11:44 – 2020-05-07 22:02 – 000000000 ____D C:eSupport
2021-04-23 11:42 – 2019-12-07 17:03 – 019660800 _____ C:Windowssystem32configBCD00000000
2021-04-22 23:27 – 2021-03-02 18:52 – 000000000 ____D C:Windowssystem32TasksAvast Software
2021-04-22 23:27 – 2021-03-02 16:11 – 000003346 _____ C:Windowssystem32TasksGoogleUpdateTaskMachineUA
2021-04-22 23:27 – 2021-03-02 16:11 – 000003122 _____ C:Windowssystem32TasksGoogleUpdateTaskMachineCore
2021-04-22 23:27 – 2020-12-29 06:06 – 000003116 _____ C:Windowssystem32TasksASUS Update Checker 2.0
2021-04-22 23:27 – 2020-12-29 06:00 – 000003042 _____ C:Windowssystem32TasksASUS Optimization 36D18D69AFC3
2021-04-22 23:27 – 2020-05-07 21:16 – 000003408 _____ C:Windowssystem32TasksMicrosoftEdgeUpdateTaskMachineUA
2021-04-22 23:27 – 2020-05-07 21:16 – 000003184 _____ C:Windowssystem32TasksMicrosoftEdgeUpdateTaskMachineCore
2021-04-22 21:37 – 2021-03-02 22:08 – 000000000 ____D C:UsersandreAppDataRoamingvlc
2021-04-22 21:22 – 2021-03-02 16:01 – 000000000 ____D C:UsersandreAppDataRoamingAdobe
2021-04-22 21:20 – 2021-03-02 23:03 – 000000000 ____D C:Program Files (x86)Adobe
2021-04-22 21:20 – 2021-03-02 21:39 – 000000000 ____D C:Program FilesCommon FilesAdobe
2021-04-22 21:20 – 2021-03-02 21:39 – 000000000 ____D C:Program FilesAdobe
2021-04-22 21:19 – 2021-03-02 21:36 – 000000000 ____D C:UsersandreAppDataLocalAdobe
2021-04-22 21:16 – 2021-03-14 14:15 – 000000000 ____D C:UsersandreAppDataRoaminguTorrent
2021-04-22 21:05 – 2021-03-02 16:28 – 000000000 ____D C:UsersandreDocuments- Installers
2021-04-22 19:15 – 2019-12-07 17:14 – 000000000 ___HD C:Windowssystem32GroupPolicy
2021-04-22 19:12 – 2019-12-07 17:52 – 000000000 ____D C:Program FilesWindows Multimedia Platform
2021-04-22 19:12 – 2019-12-07 17:14 – 000000000 __SHD C:Program FilesWindows Sidebar
2021-04-22 18:24 – 2019-11-10 09:00 – 000000000 ___HD C:UsersandreAppDataLocalHAW7CyKB4B
2021-04-22 17:02 – 2020-05-07 21:12 – 005194024 _____ C:Windowssystem32FNTCACHE.DAT
2021-04-22 17:01 – 2021-03-02 18:51 – 000850632 _____ (AVAST Software) C:Windowssystem32DriversaswSnx.sys
2021-04-22 17:01 – 2021-03-02 18:51 – 000522384 _____ (AVAST Software) C:Windowssystem32DriversaswNetHub.sys
2021-04-22 17:01 – 2021-03-02 18:51 – 000467720 _____ (AVAST Software) C:Windowssystem32DriversaswSP.sys
2021-04-22 17:01 – 2021-03-02 18:51 – 000365024 _____ (AVAST Software) C:Windowssystem32Driversaswbidsdriver.sys
2021-04-22 17:01 – 2021-03-02 18:51 – 000326992 _____ (AVAST Software) C:Windowssystem32DriversaswVmm.sys
2021-04-22 17:01 – 2021-03-02 18:51 – 000250336 _____ (AVAST Software) C:Windowssystem32Driversaswbidsh.sys
2021-04-22 17:01 – 2021-03-02 18:51 – 000212192 _____ (AVAST Software) C:Windowssystem32DriversaswArPot.sys
2021-04-22 17:01 – 2021-03-02 18:51 – 000180448 _____ (AVAST Software) C:Windowssystem32DriversaswMonFlt.sys
2021-04-22 17:01 – 2021-03-02 18:51 – 000107792 _____ (AVAST Software) C:Windowssystem32DriversaswRdr2.sys
2021-04-22 17:01 – 2021-03-02 18:51 – 000099288 _____ (AVAST Software) C:Windowssystem32Driversaswbuniv.sys
2021-04-22 17:01 – 2021-03-02 18:51 – 000082872 _____ (AVAST Software) C:Windowssystem32DriversaswRvrt.sys
2021-04-22 17:01 – 2021-03-02 18:51 – 000041296 _____ (AVAST Software) C:Windowssystem32DriversaswKbd.sys
2021-04-22 17:01 – 2021-03-02 18:51 – 000035664 _____ (AVAST Software) C:Windowssystem32DriversaswArDisk.sys
2021-04-22 17:01 – 2021-03-02 18:51 – 000017352 _____ (AVAST Software) C:Windowssystem32DriversaswElam.sys
2021-04-22 16:53 – 2021-03-02 16:01 – 000000000 ____D C:UsersandreAppDataLocalASUS
2021-04-22 16:09 – 2021-03-02 21:40 – 000000000 ____D C:ProgramDataregid.1986-12.com.adobe
2021-04-22 16:09 – 2020-10-23 02:24 – 000000000 ___HD C:UsersandreAppDataLocalI5DbsCcTu4mFM
2021-04-21 21:42 – 2020-12-29 05:57 – 000000000 ____D C:Windowssystem32AMD
2021-04-21 20:01 – 2021-03-02 17:57 – 000416768 ___SH C:UsersPublicThumbs.db
2021-04-21 17:10 – 2021-03-02 16:11 – 000002249 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk
2021-04-21 16:21 – 2021-03-04 16:32 – 000000132 _____ C:UsersandreAppDataRoamingAdobe PNG Format CS6 Prefs
2021-04-20 21:44 – 2020-05-07 21:16 – 000002440 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk
2021-04-19 16:33 – 2021-03-02 18:08 – 000000000 ____D C:UsersandreAppDataLocalSpotify
2021-04-19 16:25 – 2021-03-02 18:07 – 000000000 ____D C:UsersandreAppDataRoamingSpotify
2021-04-19 11:20 – 2019-12-07 17:14 – 000000000 ____D C:WindowsLiveKernelReports
2021-04-17 21:23 – 2021-03-04 00:09 – 000000000 ____D C:WindowsSysWOW64directx
2021-04-17 21:22 – 2021-03-04 10:06 – 000000000 ___HD C:Windowsmsdownld.tmp
2021-04-17 20:26 – 2021-03-04 09:32 – 000000000 ____D C:Games
2021-04-16 23:10 – 2019-12-07 17:14 – 000000000 ___SD C:Windowssystem32DiagSvcs
2021-04-16 23:10 – 2019-12-07 17:14 – 000000000 ___RD C:WindowsImmersiveControlPanel
2021-04-16 23:10 – 2019-12-07 17:14 – 000000000 ____D C:WindowsSystemResources
2021-04-16 23:10 – 2019-12-07 17:14 – 000000000 ____D C:Windowssystem32setup
2021-04-16 23:10 – 2019-12-07 17:14 – 000000000 ____D C:Windowssystem32oobe
2021-04-16 23:10 – 2019-12-07 17:14 – 000000000 ____D C:Windowssystem32lv-LV
2021-04-16 23:10 – 2019-12-07 17:14 – 000000000 ____D C:Windowssystem32lt-LT
2021-04-16 23:10 – 2019-12-07 17:14 – 000000000 ____D C:Windowssystem32et-EE
2021-04-16 23:10 – 2019-12-07 17:14 – 000000000 ____D C:Windowssystem32es-MX
2021-04-16 23:10 – 2019-12-07 17:14 – 000000000 ____D C:WindowsProvisioning
2021-04-16 23:10 – 2019-12-07 17:14 – 000000000 ____D C:WindowsPolicyDefinitions
2021-04-16 23:10 – 2019-12-07 17:14 – 000000000 ____D C:Windowsbcastdvr
2021-04-16 17:40 – 2019-12-07 17:03 – 000000000 ____D C:WindowsCbsTemp
2021-04-16 17:38 – 2020-05-07 21:17 – 002877440 _____ (Microsoft Corporation) C:WindowsSysWOW64PrintConfig.dll
2021-04-16 17:34 – 2021-03-03 18:25 – 000000000 ____D C:Windowssystem32MRT
2021-04-16 17:33 – 2021-03-03 18:25 – 131963968 ____C (Microsoft Corporation) C:Windowssystem32MRT.exe
2021-04-16 11:39 – 2021-03-04 18:21 – 000002672 _____ C:Windowssystem32TasksAdobeGCInvoker-1.0
2021-04-16 11:39 – 2021-03-02 21:42 – 000002880 _____ C:Windowssyst[email protected]gmail.com
2021-04-16 11:39 – 2021-03-02 16:03 – 000002922 _____ C:Windowssystem32TasksOneDrive Standalone Update Task-S-1-5-21-1823135509-1463431044-1941639193-1002
2021-04-16 11:39 – 2020-12-29 06:00 – 000002374 _____ C:Windowssystem32TasksRtkAudUService64_BG
2021-04-16 11:39 – 2020-12-29 05:59 – 000003458 _____ C:Windowssystem32TasksNvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-16 11:39 – 2020-12-29 05:59 – 000003256 _____ C:Windowssystem32TasksNvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-16 11:39 – 2020-12-29 05:59 – 000003212 _____ C:Windowssystem32TasksNVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-16 11:39 – 2020-12-29 05:59 – 000003044 _____ C:Windowssystem32TasksNvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-16 11:39 – 2020-12-29 05:59 – 000003008 _____ C:Windowssystem32TasksNvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-16 11:39 – 2020-12-29 05:59 – 000003008 _____ C:Windowssystem32TasksNvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-16 11:39 – 2020-12-29 05:59 – 000003008 _____ C:Windowssystem32TasksNvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-16 11:39 – 2020-12-29 05:59 – 000003008 _____ C:Windowssystem32TasksNvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-16 11:39 – 2020-12-29 05:59 – 000002974 _____ C:Windowssystem32TasksNvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-16 11:39 – 2020-12-29 05:59 – 000002804 _____ C:Windowssystem32TasksNvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-16 11:39 – 2020-12-29 05:57 – 000002918 _____ C:Windowssystem32TasksOneDrive Standalone Update Task-S-1-5-21-1823135509-1463431044-1941639193-500
2021-04-12 12:29 – 2021-03-02 16:03 – 000000000 ___RD C:UsersandreOneDrive
2021-04-12 12:29 – 2020-12-30 08:14 – 000002409 _____ C:UsersandreAppDataRoamingMicrosoftWindowsStart MenuProgramsOneDrive.lnk
2021-04-06 21:40 – 2021-03-02 16:03 – 000000000 ____D C:UsersandreAppDataLocalNVIDIA Corporation
2021-04-06 21:01 – 2021-03-16 17:33 – 000000000 ____D C:UsersandreAppDataRoamingSmartSteamEmu
2021-04-06 21:01 – 2021-03-04 10:21 – 000003035 _____ C:Windowssystem32Driversetchosts.rollback
2021-04-03 12:07 – 2021-03-03 08:51 – 000000000 ____D C:UsersandreDocuments- Games
2021-03-31 10:47 – 2020-12-29 06:04 – 000000000 ____D C:Program Files (x86)LightingService
2021-03-29 15:22 – 2020-12-29 06:04 – 000000000 ____D C:Program Files (x86)ASUS
2021-03-29 15:21 – 2020-12-29 06:03 – 000000000 ____D C:Program FilesASUS
2021-03-27 19:18 – 2021-03-02 18:14 – 000000000 ____D C:UsersandreAppDataRoamingViberPC
2021-03-24 14:46 – 2021-03-02 21:42 – 000000000 ____D C:UsersandreAppDataLocalNVIDIA
==================== Files in the root of some directories ========
2021-04-22 19:12 – 2021-04-23 11:44 – 000037872 _____ () C:Program FileslibEGL.dll
2021-03-04 16:32 – 2021-04-21 16:21 – 000000132 _____ () C:UsersandreAppDataRoamingAdobe PNG Format CS6 Prefs
2021-03-02 23:16 – 2021-03-02 23:23 – 000000034 _____ () C:UsersandreAppDataRoamingAdobeWLCMCache.dat
2021-03-03 11:01 – 2021-03-03 11:01 – 000321226 ___SH () C:UsersandreAppDataRoaminguuihsds
2021-04-23 11:43 – 2021-04-23 11:43 – 000000556 _____ () C:UsersandreAppDataLocalbowsakkdestx.txt
2021-03-05 11:04 – 2021-03-05 11:04 – 000000000 _____ () C:UsersandreAppDataLocaloobelibMkey.log
==================== FLock ==============================
2021-04-23 17:10 C:Windowssystem32configSYSTEM
2021-04-23 11:42 C:Windowssystem32Drivers8lV9Yk2.sys
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2021
Ran by andre (23-04-2021 17:40:10)
Running from C:UsersandreDesktop
Windows 10 Home Version 20H2 19042.928 (X64) (2020-12-29 23:55:27)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1823135509-1463431044-1941639193-500 – Administrator – Disabled)
andre (S-1-5-21-1823135509-1463431044-1941639193-1002 – Administrator – Enabled) => C:Usersandre
DefaultAccount (S-1-5-21-1823135509-1463431044-1941639193-503 – Limited – Disabled)
Guest (S-1-5-21-1823135509-1463431044-1941639193-501 – Limited – Disabled)
WDAGUtilityAccount (S-1-5-21-1823135509-1463431044-1941639193-504 – Limited – Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Disabled – Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
==================== Installed Programs ======================
(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKUS-1-5-21-1823135509-1463431044-1941639193-1002…uTorrent) (Version: 3.5.5.45966 – BitTorrent Inc.)
7-Zip 19.00 (x64) (HKLM…7-Zip) (Version: 19.00 – Igor Pavlov)
ActivePresenter (HKLM…{A2A40277-D807-4754-95A3-2F294C2C51D3}_is1) (Version: 8.3.2 – Atomi Systems, Inc.)
Adobe After Effects CC 2015 (HKLM-x32…{147EC100-14BE-45EF-AB42-35BAEE7D02F0}) (Version: 13.5.0 – Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32…Adobe Creative Cloud) (Version: 3.9.0.327 – Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32…{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 – Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32…AdobeGenuineService) (Version: – Adobe)
Adobe Illustrator CS5.1 (HKLM-x32…{23767F5D-A80C-4264-B8EA-ED4085FC332A}) (Version: 15.1 – Adobe Systems Incorporated)
Adobe InDesign CC 2015 (HKLM-x32…{BC448016-6F11-1014-B0EA-97CEE6E26CB8}) (Version: 11.0 – Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32…{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 – Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5 64-bit (HKLM…{6C1A010F-9108-4162-A26F-9FEC4AC0F0F0}) (Version: 5.0.1 – Adobe)
Adobe Premiere Pro 2021 (HKLM-x32…PPRO_15_0) (Version: 15.0 – Adobe Inc.)
Adobe Update Management Tool (HKLM-x32…{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 8.0 – PainteR)
ARMOURY CRATE Service (HKLM…{01378DC3-088F-4F55-AAFA-DC6A9CCA292A}) (Version: 4.0.12 – ASUS)
ASUS Aac_NBDT HAL (HKLM…{01D3B7AA-D078-4506-B460-60877FCDDBD6}) (Version: 2.3.19.0 – ASUSTek COMPUTER INC.) Hidden
ASUS Aac_NBDT HAL (HKLM-x32…{401933de-cde2-4537-8e35-6b76b1a3ac39}) (Version: 2.3.19.0 – ASUSTek COMPUTER INC.) Hidden
ASUS AURA Display Component (HKLM…{AFD1CF98-FE97-434C-A095-9F27C5BEA53C}) (Version: 1.1.25 – ASUSTek COMPUTER INC. ) Hidden
ASUS AURA Display Component (HKLM-x32…{94267bd0-fa8a-4aa4-925d-ec3e0d130fba}) (Version: 1.1.25 – ASUSTek COMPUTER INC. ) Hidden
ASUS AURA Headset Component (HKLM…{A3C4120D-8096-4307-91A2-FFE37EBD5A3D}) (Version: 1.3.7.0 – ASUSTek COMPUTER INC.) Hidden
ASUS AURA Headset Component (HKLM-x32…{0b7086ac-be35-49b5-b650-93df80b7f9f9}) (Version: 1.3.7.0 – ASUSTek COMPUTER INC.) Hidden
ASUS Aura SDK (HKLM…{CF8E6E00-9C03-4440-81C0-21FACB921A6B}) (Version: 3.04.05 – ASUSTek COMPUTER INC.) Hidden
ASUS Keyboard HAL (HKLM…{0FA0CDEE-5DC8-421E-A97D-C74FA6E66FC3}) (Version: 1.1.12.0 – ASUSTek COMPUTER INC.) Hidden
ASUS Keyboard HAL (HKLM-x32…{b0db9d8d-e0d2-415a-8937-ef8baaca84d6}) (Version: 1.1.12.0 – ASUSTek COMPUTER INC.) Hidden
ASUS MB Peripheral Products (HKLM…{BFED9861-7D96-4528-89F1-B090ABBF11A7}) (Version: 1.0.33 – ASUSTeK Computer Inc.) Hidden
ASUS MB Peripheral Products (HKLM-x32…{ba1d61ab-a60c-4fc3-ae58-87a688f3e258}) (Version: 1.0.33 – ASUSTeK Computer Inc.) Hidden
ASUS Mouse HAL (HKLM…{1838F91B-D481-45AA-B92F-071C62D0A19A}) (Version: 1.1.0.8 – ASUSTek COMPUTER INC.) Hidden
ASUS Mouse HAL (HKLM-x32…{6a8e2c5f-6a39-4d81-8326-a6117c21089b}) (Version: 1.1.0.8 – ASUSTek COMPUTER INC.) Hidden
ASUS Update Helper (HKLM-x32…{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.107.53 – ASUSTeK Computer Inc.) Hidden
AURA lighting effect add-on (HKLM-x32…{1E2EA04B-FCA7-457E-B6F4-F33E1858E859}) (Version: 0.0.15 – ASUS)
AURA lighting effect add-on x64 (HKLM…{C5A4A164-4428-4931-B728-96EEF0FA3C44}) (Version: 0.0.15 – ASUS)
AURA Service (HKLM-x32…{0E536061-3B55-4D45-BF58-0BDA261C94B0}) (Version: 3.04.35 – ASUSTeK Computer Inc.) Hidden
AURA Service (HKLM-x32…{35381ead-8a19-4bff-a272-dcdfe38a5867}) (Version: 3.04.35 – ASUSTeK Computer Inc.)
Avast Free Antivirus (HKLM-x32…Avast Antivirus) (Version: 21.3.2459 – Avast Software)
Call of Duty: MW2 CR (HKLM-x32…Call of Duty: MW2 CR_is1) (Version: – )
CLIP STUDIO 1.6.2 (HKLM-x32…{D10EA45D-4594-4405-90C6-9E9ADD1192CA}) (Version: 1.6.2 – CELSYS)
CLIP STUDIO PAINT 1.6.2 (HKLM-x32…{88B5A062-DDA1-4F62-A4DD-95D0C4F19979}) (Version: 1.6.2 – CELSYS)
Discord (HKUS-1-5-21-1823135509-1463431044-1941639193-1002…Discord) (Version: 0.0.309 – Discord Inc.)
Google Chrome (HKLM-x32…Google Chrome) (Version: 90.0.4430.85 – Google LLC)
HandBrake 1.3.3 (HKLM-x32…HandBrake) (Version: 1.3.3 – )
Huion Tablet v14.7.154.586 (HKLM…{62047893-F186-48B8-83A5-1C74D8666D19}_is1) (Version: v14.7.154.586 – )
Malwarebytes version 4.3.0.98 (HKLM…{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 – Malwarebytes)
Microsoft Edge (HKLM-x32…Microsoft Edge) (Version: 90.0.818.42 – Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32…Microsoft EdgeWebView) (Version: 90.0.818.42 – Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32…ENTERPRISE) (Version: 12.0.4518.1014 – Microsoft Corporation)
Microsoft OneDrive (HKUS-1-5-21-1823135509-1463431044-1941639193-1002…OneDriveSetup.exe) (Version: 21.052.0314.0001 – Microsoft Corporation)
Microsoft Update Health Tools (HKLM…{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 – Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32…{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 – Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32…{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 – Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM…{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 – Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM…{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 – Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable – x64 9.0.30729.6161 (HKLM…{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 – Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.17 (HKLM-x32…{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 – Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.6161 (HKLM-x32…{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 – Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) – 14.23.27820 (HKLM-x32…{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 – Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) – 14.23.27820 (HKLM-x32…{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 – Microsoft Corporation)
Nitro Pro (HKLM…{1DD58739-D7CC-497A-900C-64275F3DDC56}) (Version: 11.0.3.173 – Nitro) Hidden
Nitro Pro (HKLM-x32…{d1856858-e5d7-496e-b693-d580589dea84}) (Version: 11.0.3.173 – Nitro)
NVIDIA GeForce Experience 3.20.3.63 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.3.63 – NVIDIA Corporation)
NVIDIA Graphics Driver 451.67 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 451.67 – NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.34 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.34 – NVIDIA Corporation)
NVIDIA PhysX System Software 9.20.0221 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.20.0221 – NVIDIA Corporation)
NVIDIA USBC Driver 1.42.831.832 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.42.831.832 – NVIDIA Corporation)
PDF Settings CS5 (HKLM-x32…{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 – Adobe Systems Incorporated) Hidden
PDF Settings CS6 (HKLM-x32…{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 – Adobe Systems Incorporated) Hidden
RefreshRateService (HKLM-x32…{7E5E84CB-B190-4658-A4DC-166779C329D1}) (Version: 2.0.3 – ASUSTeK COMPUTER INC.)
ROG Live Service (HKLM-x32…{2D87BFB6-C184-4A59-9BBE-3E20CE797631}) (Version: 1.2.5.0 – ASUSTek COMPUTER INC.)
Shadow of the Tomb Raider (HKLM-x32…Shadow of the Tomb Raider_is1) (Version: – )
Spotify (HKUS-1-5-21-1823135509-1463431044-1941639193-1002…Spotify) (Version: 1.1.56.595.g2d2da0de – Spotify AB)
The Sims 4 (HKLM-x32…The Sims 4_is1) (Version: – )
Viber (HKLM-x32…{C3909B59-A21E-4BA2-8E6B-E0985804E405}) (Version: 14.8.0.3 – Viber Media S.a.r.l) Hidden
Viber (HKUS-1-5-21-1823135509-1463431044-1941639193-1002…{ec8a1876-e90b-4cb2-b2e8-f31d30357d17}) (Version: 14.8.0.3 – 2010-2021 Viber Media S.a.r.l)
VLC media player (HKLM…VLC media player) (Version: 3.0.12 – VideoLAN)
Windows Driver Package – Graphics Tablet (WinUsb) USBDevice (04/10/2014 8.33.30.0) (HKLM…142118DF51345EA02D2B1583E102C8FB95FD6D52) (Version: 04/10/2014 8.33.30.0 – Graphics Tablet)
Zoom (HKUS-1-5-21-1823135509-1463431044-1941639193-1002…ZoomUMX) (Version: 5.5.2 (12494.0204) – Zoom Video Communications, Inc.)
Packages:
=========
Adobe Photoshop Express: Image Editor, Adjustments, Filters, Effects, Borders -> C:Program FilesWindowsAppsAdobeSystemsIncorporated.AdobePhotoshopExpress_3.4.8.0_x64__ynb6jyjzte8ga [2021-04-23] (Adobe Inc.)
AMD Radeon Software -> C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10027.0_x64__0a9344xs7nr4m [2021-04-23] (Advanced Micro Devices Inc.) [Startup Task]
ARMOURY CRATE -> C:Program FilesWindowsAppsB9ECED6F.ArmouryCrate_4.0.8.0_x64__qmba6cd70vzyy [2021-04-23] (ASUSTeK COMPUTER INC.)
Cortana -> C:Program FilesWindowsAppsMicrosoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2021-04-23] (Microsoft Corporation)
DTS:X Ultra -> C:Program FilesWindowsAppsDTSInc.DTSXUltra_1.10.1.0_x64__t5j2fzbtdg37r [2021-04-23] (DTS, Inc.)
Mail and Calendar -> C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2021-04-23] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-04-23] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-04-23] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:Program FilesWindowsAppsMicrosoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2021-04-23] (Microsoft Studios) [MS Ad]
Microsoft To Do -> C:Program FilesWindowsAppsMicrosoft.Todos_2.38.4482.0_x64__8wekyb3d8bbwe [2021-04-23] (Microsoft Corporation) [Startup Task]
MSN Weather -> C:Program FilesWindowsAppsMicrosoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe [2021-04-23] (Microsoft Corporation) [MS Ad]
MyASUS -> C:Program FilesWindowsAppsB9ECED6F.ASUSPCAssistant_2.3.18.0_x64__qmba6cd70vzyy [2021-04-23] (ASUSTeK COMPUTER INC.)
NVIDIA Control Panel -> C:Program FilesWindowsAppsNVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj [2021-04-23] (NVIDIA Corp.)
PicsArt – Photo Studio -> C:Program FilesWindowsApps2FE3CB00.PICSART-PHOTOSTUDIO_9.3.4.0_x64__crhqpqs3x1ygc [2021-04-23] (PicsArt Inc.)
Realtek Audio Control -> C:Program FilesWindowsAppsRealtekSemiconductorCorp.RealtekAudioControl_1.9.212.0_x64__dt26b99r8h8gj [2021-04-23] (Realtek Semiconductor Corp)
Skype -> C:Program FilesWindowsAppsMicrosoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c [2021-04-23] (Skype)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook – {B5A7F190-DDA6-4420-B3BA-52453494E6CD} – C:Program Files (x86)Microsoft OfficeOffice12GrooveShellExtensions.dll [2210608 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:Program Files (x86)AdobeAdobe Creative CloudCoreSyncExtensionCoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:Program Files (x86)AdobeAdobe Creative CloudCoreSyncExtensionCoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:Program Files (x86)AdobeAdobe Creative CloudCoreSyncExtensionCoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:Program FilesAvast SoftwareAvastashShell.dll [2021-04-22] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:Program FilesAvast SoftwareAvastashShell.dll [2021-04-22] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:Program Files7-Zip7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:Program Files (x86)AdobeAdobe Creative CloudCoreSyncExtensionCoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:Program FilesAvast SoftwareAvastashShell.dll [2021-04-22] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:Program FilesNitroPro 11NPShellExtension.dll [2017-03-09] (Nitro Software, Inc. -> Nitro PDF)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:Program FilesAvast SoftwareAvastashShell.dll [2021-04-22] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2021-04-23] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:Program Files7-Zip7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:WindowsSystem32DriverStoreFileRepositorynvam.inf_amd64_0f6918628c340454nvshext.dll [2020-07-09] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:Program Files7-Zip7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:Program Files (x86)AdobeAdobe Creative CloudCoreSyncExtensionCoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:Program FilesAvast SoftwareAvastashShell.dll [2021-04-22] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2021-04-23] (Malwarebytes Corporation -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2021-04-23 11:45 – 2021-03-04 02:16 – 004003840 _____ () [File not signed] C:Program Files (x86)PBtKAfcPBtKAfc.dll
2020-05-27 09:08 – 2020-05-27 09:08 – 002831360 _____ (Apache Software Foundation) [File not signed] C:Program Files (x86)LightingServicelog4cxx.dll
2021-03-02 22:11 – 2019-02-22 00:00 – 000078336 _____ (Igor Pavlov) [File not signed] C:Program Files7-Zip7-zip.dll
2020-02-27 06:36 – 2020-02-27 06:36 – 000747008 _____ (TODO: <Company name>) [File not signed] C:Program FilesASUSAac_KeyboardAacKbHal_x86.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:Windows:nlsPreferences [386]
AlternateDataStreams: C:Usersandre:.repos [616612]
AlternateDataStreams: C:UsersandreAppDataLocalHAW7CyKB4B:i8cXjzETrIJSnCGrMth [2160]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)
HKLMSYSTEMCurrentControlSetControlSafeBootMinimalaswSP.sys => “”=”Driver”
HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMBAMService => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMCODS => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkaswSP.sys => “”=”Driver”
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMBAMService => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMcMPFSvc => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMCODS => “”=”Service”
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKUS-1-5-21-1823135509-1463431044-1941639193-1002SoftwareMicrosoftInternet ExplorerMain,Start Page = hxxp://www.msn.com/?pc=ASTE
HKUS-1-5-21-1823135509-1463431044-1941639193-1002SoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = hxxp://www.msn.com/?pc=ASTE
SearchScopes: HKUS-1-5-21-1823135509-1463431044-1941639193-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKUS-1-5-21-1823135509-1463431044-1941639193-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:Program Files (x86)Microsoft OfficeOffice12GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 17:14 – 2021-04-22 19:12 – 000000000 _____ C:Windowssystem32driversetchosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKUS-1-5-21-1823135509-1463431044-1941639193-1002Control PanelDesktopWallpaper -> C:UsersandrePictures- Trixie PhotosDesktop BackgroundTrese.jpg
DNS Servers: 192.168.254.254
HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM…StartupApprovedRun: => “AdobeAAMUpdater-1.0”
HKLM…StartupApprovedRun32: => “Adobe Creative Cloud”
HKLM…StartupApprovedRun32: => “AdobeCS5.5ServiceManager”
HKLM…StartupApprovedRun32: => “AdobeCS6ServiceManager”
HKLM…StartupApprovedRun32: => “SwitchBoard”
HKUS-1-5-21-1823135509-1463431044-1941639193-1002…StartupApprovedStartupFolder: => “programs.bat”
HKUS-1-5-21-1823135509-1463431044-1941639193-1002…StartupApprovedRun: => “Spotify”
HKUS-1-5-21-1823135509-1463431044-1941639193-1002…StartupApprovedRun: => “Discord”
HKUS-1-5-21-1823135509-1463431044-1941639193-1002…StartupApprovedRun: => “Viber”
HKUS-1-5-21-1823135509-1463431044-1941639193-1002…StartupApprovedRun: => “Windows Host”
HKUS-1-5-21-1823135509-1463431044-1941639193-1002…StartupApprovedRun: => “SysHelper”
HKUS-1-5-21-1823135509-1463431044-1941639193-1002…StartupApprovedRun: => “sxyvyshp”
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{8BA8D1E8-C54A-4644-9E3C-B65EDD28AADA}] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6626436B-1010-439F-A8A1-6B92F2051385}] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{AB5931FE-255A-40E8-B216-A3651CC047A7}] => (Allow) C:Program FilesASUSARMOURY CRATE ServiceMobilePluginAutoConnectHelper.exe (ASUSTEK COMPUTER INCORPORATION -> )
FirewallRules: [{AA945A58-5368-41F9-9C53-1354F6E8ADC9}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16outlook.exe => No File
FirewallRules: [{7BFF8652-F364-4ED2-8FD6-97E3398E6B9A}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3DB0EC6E-4A0B-404E-AA4F-457F60EBC168}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{23BC1D28-22A1-4E37-887B-F63BA8B4E77D}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{48AAFFDB-ACAD-478C-BE3B-08BEE65B21B1}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{544CC4C3-9714-4EC9-A352-A3268DB1D69F}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{209C3A9E-E53E-4D9C-BA96-2292AD672376}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6F44E9F2-B90B-4FD5-B6B9-296FC9659562}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D21C66F3-8DA6-4AF1-8D96-CED635CE704A}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{F961220E-103C-4B3A-A371-CFCF98ED3109}C:usersandreappdataroamingspotifyspotify.exe] => (Allow) C:usersandreappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{7D704770-9FCA-4F5F-9663-0F4E8C10E62C}C:usersandreappdataroamingspotifyspotify.exe] => (Allow) C:usersandreappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FE0506A0-D299-48B0-88EB-EC52FF3D9735}] => (Allow) C:UsersandreAppDataRoamingZoombinZoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{D22CE516-9AE7-401D-A946-9007299DA131}] => (Allow) C:UsersandreAppDataRoamingZoombinairhost.exe => No File
FirewallRules: [{A83BD923-C295-43F6-AD1A-54AF4D5C0AA1}] => (Allow) C:UsersandreAppDataRoamingZoombinairhost.exe => No File
FirewallRules: [{B29A0D3D-0CA5-42B5-9CDC-9761F5AB7666}] => (Allow) C:Program FilesATOMIActivePresenterActivePresenter.exe (ATOMI SYSTEMS, INC. -> Atomi Systems, Inc.)
FirewallRules: [{1970EB2C-16EA-4D84-83DA-21A5358FFF9A}] => (Allow) C:Program FilesATOMIActivePresenterrlactivator.exe (ATOMI SYSTEMS, INC. -> Atomi Systems, Inc.)
FirewallRules: [TCP Query User{5D8796A6-188A-446C-9312-BA26F3C03D50}C:gamesthe sims 4gamebints4_x64.exe] => (Allow) C:gamesthe sims 4gamebints4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [UDP Query User{D3BE52AD-162A-42DA-B35C-3F9D896A7AF3}C:gamesthe sims 4gamebints4_x64.exe] => (Allow) C:gamesthe sims 4gamebints4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{4F2CFD3F-E6D6-4943-B43B-C7E0D8F4E2E5}] => (Allow) C:UsersandreAppDataRoaminguTorrentuTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{5A82F973-6109-46F5-AFC3-1E128C769773}] => (Allow) C:UsersandreAppDataRoaminguTorrentuTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{7D439C91-3B13-45E4-8D86-7E0928513884}C:gamesrise of the tomb raiderrottr.exe] => (Allow) C:gamesrise of the tomb raiderrottr.exe => No File
FirewallRules: [UDP Query User{FC195761-A845-41A0-BA1F-261E9E255963}C:gamesrise of the tomb raiderrottr.exe] => (Allow) C:gamesrise of the tomb raiderrottr.exe => No File
FirewallRules: [TCP Query User{3E6DE5F1-500E-4681-ADCB-715C600207F1}C:gamescall of duty – black ops 3blackops3.exe] => (Allow) C:gamescall of duty – black ops 3blackops3.exe => No File
FirewallRules: [UDP Query User{7481FA3B-5BE0-4DBE-B7D6-6B6EF4C80073}C:gamescall of duty – black ops 3blackops3.exe] => (Allow) C:gamescall of duty – black ops 3blackops3.exe => No File
FirewallRules: [{ABC6A36A-4D1B-4AD8-9D3C-CF181C9FDC1A}] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6E7AFC98-6ADD-4FDE-A10A-43E3C8287F1A}] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{D8400F51-2408-491D-A4F4-D390CDD405FB}] => (Allow) C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{0D332ACD-6849-42EB-88B9-3293495E1CB1}] => (Allow) C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7656EFC0-0E21-40F5-991F-C16D7791D482}] => (Allow) C:Program Files (x86)ASUSROG Live ServiceROGLiveService.exe (ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.)
FirewallRules: [{C3F34CAE-1580-4170-9398-48BC576178B1}] => (Allow) C:Program Files (x86)ASUSROG Live ServiceROGLiveService.exe (ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.)
FirewallRules: [TCP Query User{EAEC43C0-AFA4-4D47-AC63-0F426FD34DE3}C:gamescall of duty – wwiis2_sp64_ship.exe] => (Allow) C:gamescall of duty – wwiis2_sp64_ship.exe => No File
FirewallRules: [UDP Query User{CC6387E1-8D45-4681-B0EF-00170735B621}C:gamescall of duty – wwiis2_sp64_ship.exe] => (Allow) C:gamescall of duty – wwiis2_sp64_ship.exe => No File
FirewallRules: [TCP Query User{1DA95D7E-5E2A-47B8-8DC2-ACE09AF7B41D}C:gamescall of duty – modern warfare 2 crmw2cr.exe] => (Allow) C:gamescall of duty – modern warfare 2 crmw2cr.exe (Activision Publishing Inc -> Activision) [File not signed]
FirewallRules: [UDP Query User{B5946C59-E2EF-41A0-82DA-5DF09694A3EE}C:gamescall of duty – modern warfare 2 crmw2cr.exe] => (Allow) C:gamescall of duty – modern warfare 2 crmw2cr.exe (Activision Publishing Inc -> Activision) [File not signed]
FirewallRules: [{0E4AAAA8-CBF3-4DB3-A119-09F19EA6FCEA}] => (Allow) C:Program Files (x86)MicrosoftEdgeWebViewApplication90.0.818.42msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{894EF960-E50F-45A8-8A63-8291153F229D}] => (Allow) C:Program FilesGoogleChromeApplicationchrome.exe (Google LLC -> Google LLC)
FirewallRules: [{EB7113EC-4116-48F9-B92D-E281F9BEA078}] => (Allow) C:Program FilesAdobeAdobe Premiere Pro CC 2015Adobe Premiere Pro.exe => No File
FirewallRules: [{33D32CAB-4711-48ED-BC00-7C17CE4D9283}] => (Allow) C:Program FilesAdobeAdobe Premiere Pro CC 2015Adobe Premiere Pro.exe => No File
FirewallRules: [{5E9BD144-3D17-4ED3-8617-759F67A140FB}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7D1076BC-03A0-48F6-A850-9C329D461535}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3BFD7EC2-41EF-44BC-8ADE-A57ED015768D}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5836D0A2-9A42-477A-B648-C179EC5C00E1}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1926C243-CC7F-4823-A072-1A84DBD374D7}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E611A0E9-C48C-4981-8CC5-FD51F8023BEE}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{65E9B374-0AAF-4BA3-B06F-261562C74B87}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{23319406-F505-47D7-ADAC-7EDE2C531056}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{55393BFE-EA0C-4FFC-9947-262519A6F6C5}] => (Allow) C:Windowssystem32rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{40A5F299-34BB-4DD7-A4C7-5B61862A2599}C:windowssyswow64svchost.exe] => (Block) C:windowssyswow64svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [UDP Query User{E15A2CDC-D22F-40A4-9B71-1D9A0DCE04B7}C:windowssyswow64svchost.exe] => (Block) C:windowssyswow64svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{DB702248-1DD4-4C78-8574-03CD2CC298AD}] => (Allow) C:WindowsSystem32rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{C6DEC293-3786-40B7-8CD3-8BAFA58B8CB0}] => (Allow) C:WindowsSystem32rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{3D2D26ED-DD56-4663-BDBE-CC0D270F627C}] => (Allow) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSLinkNearAsusLinkNear.exe (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
FirewallRules: [{C2D5EABB-DE52-4A3B-A02B-53A1F4E6A7BE}] => (Allow) C:WindowsSystem32rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{56D255AA-DF52-4BFF-97A5-3244599A5FAA}] => (Allow) C:WindowsSystem32rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{078B0434-1BD7-4C23-899C-060F68716704}] => (Allow) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSLinkRemoteAsusLinkRemoteAgent.exe (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.)
FirewallRules: [{5B500A62-3557-4BFA-8E7E-69F764659AB2}] => (Allow) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSLinkRemoteAsusLinkRemoteAgent.exe (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.)
FirewallRules: [{D4D33C29-2B89-4B85-9504-66AAA948AA92}] => (Allow) C:Program FilesASUSARMOURY CRATE ServiceMobilePluginAutoConnectHelper.exe (ASUSTEK COMPUTER INCORPORATION -> )
FirewallRules: [{195D6DA7-7F12-4FBB-940F-C94CDC5FBD3D}] => (Allow) C:Program FilesASUSARMOURY CRATE ServiceMobilePluginAutoConnectHelper.exe (ASUSTEK COMPUTER INCORPORATION -> )
==================== Restore Points =========================
22-04-2021 15:20:52 Microsoft Visual C++ 2012 Redistributable (x64) – 11.0.61030
22-04-2021 15:21:04 Microsoft Visual C++ 2012 Redistributable (x86) – 11.0.61030
22-04-2021 21:30:31 Removed Microsoft Visual C++ 2010 x64 Redistributable – 10.0.40219
22-04-2021 21:30:54 Removed Microsoft Visual C++ 2010 x64 Redistributable – 10.0.40219
23-04-2021 16:15:00 Restore Operation
23-04-2021 16:31:13 Removed Microsoft Visual C++ 2010 x86 Redistributable – 10.0.40219
23-04-2021 16:31:36 Removed Microsoft Visual C++ 2010 x64 Redistributable – 10.0.40219
23-04-2021 16:31:59 Removed Microsoft Visual C++ 2010 x86 Redistributable – 10.0.40219
23-04-2021 16:32:20 Removed Microsoft Visual C++ 2010 x64 Redistributable – 10.0.40219
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (04/23/2021 05:14:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 4.0.0.974, time stamp: 0x607861f0
Faulting module name: Qt5Core.dll, version: 5.14.1.0, time stamp: 0x603971ce
Exception code: 0xc0000005
Fault offset: 0x0000000000219dc5
Faulting process id: 0x27c0
Faulting application start time: 0x01d73820a22f91a1
Faulting application path: C:Program FilesMalwarebytesAnti-Malwarembamtray.exe
Faulting module path: C:Program FilesMalwarebytesAnti-MalwareQt5Core.dll
Report Id: 2ab07411-8d85-4bbf-9ad3-aee7ffda12fc
Faulting package full name:
Faulting package-relative application ID:
Error: (04/23/2021 05:11:17 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:Program FilesAvast SoftwareAvastaswToolsSvc.exe, PID: 4688, ProfSvc PID: 1452.
Error: (04/23/2021 05:10:36 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.
Error: (04/23/2021 05:10:36 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
Error: (04/23/2021 05:10:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 10.0.19041.546, time stamp: 0x058e175a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x2af0
Faulting application start time: 0x01d73820808ab23a
Faulting application path: C:Windowssystem32svchost.exe
Faulting module path: unknown
Report Id: cd490e87-0258-4b29-9a7f-bc37e4227408
Faulting package full name:
Faulting package-relative application ID:
Error: (04/23/2021 05:10:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 10.0.19041.546, time stamp: 0x058e175a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x1854
Faulting application start time: 0x01d738208005da75
Faulting application path: C:Windowssystem32svchost.exe
Faulting module path: unknown
Report Id: eab28eee-267d-4ecf-a742-a7363604b969
Faulting package full name:
Faulting package-relative application ID:
Error: (04/23/2021 05:07:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 4.0.0.974, time stamp: 0x607861f0
Faulting module name: Qt5Core.dll, version: 5.14.1.0, time stamp: 0x603971ce
Exception code: 0xc0000005
Fault offset: 0x0000000000219dc5
Faulting process id: 0x2488
Faulting application start time: 0x01d7381f93d35615
Faulting application path: C:Program FilesMalwarebytesAnti-Malwarembamtray.exe
Faulting module path: C:Program FilesMalwarebytesAnti-MalwareQt5Core.dll
Report Id: b485de98-5182-46cf-9cdc-b8d0dec26c2f
Faulting package full name:
Faulting package-relative application ID:
Error: (04/23/2021 04:20:18 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Modules Installer). Additional information: 0x800705aa.
System errors:
=============
Error: (04/23/2021 04:19:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the AppServicef service to connect.
Error: (04/23/2021 04:19:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the AppServicei service to connect.
Error: (04/23/2021 04:19:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the AppServicek service to connect.
Error: (04/23/2021 04:19:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the AppServicej service to connect.
Error: (04/23/2021 04:19:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the AppServicec service to connect.
Error: (04/23/2021 04:19:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the AppServicee service to connect.
Error: (04/23/2021 04:19:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the AppServicel service to connect.
Error: (04/23/2021 04:19:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the AppServiceh service to connect.
Windows Defender:
================
Date: 2021-03-23 22:09:21
Description:
The specified driver is invalid.
Date: 2021-03-23 22:09:21
Description:
The specified driver is invalid.
Date: 2021-03-23 22:09:21
Description:
The specified driver is invalid.
Date: 2021-03-23 22:09:21
Description:
The specified driver is invalid.
Date: 2021-03-23 22:09:21
Description:
The specified driver is invalid.
CodeIntegrity:
===============
Date: 2021-04-23 17:31:04
Description:
Code Integrity determined that a process (DeviceHarddiskVolume3Program Files (x86)Common FilesAdobeAdobeGCClientAGSService.exe) attempted to load DeviceHarddiskVolume3Program FilesAvast SoftwareAvastx86aswAMSI.dll that did not meet the Microsoft signing level requirements.
Date: 2021-04-23 17:13:05
Description:
Code Integrity determined that a process (DeviceHarddiskVolume3WindowsSystem32svchost.exe) attempted to load DeviceHarddiskVolume3Program FilesAvast SoftwareAvastaswAMSI.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. FA706IU.315 01/29/2021
Motherboard: ASUSTeK COMPUTER INC. FA706IU
Processor: AMD Ryzen 7 4800H with Radeon Graphics
Percentage of memory in use: 52%
Total physical RAM: 15789.58 MB
Available physical RAM: 7471.69 MB
Total Virtual: 18989.58 MB
Available Virtual: 8880.11 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:933.27 GB) (Free:674.83 GB) NTFS
Drive e: (HUION) (Removable) (Total:14.83 GB) (Free:14.83 GB) FAT32
?Volume{ae4efab0-8112-47ce-95c7-61c12ea86013} (RECOVERY) (Fixed) (Total:0.83 GB) (Free:0.09 GB) NTFS
?Volume{c97cb8f3-0c3c-4bc5-b148-67ed796d9448} (RESTORE) (Fixed) (Total:19.5 GB) (Free:5.78 GB) NTFS
?Volume{f22c77c2-6cc0-462b-b9d1-e970e7e90ae6} (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 953.9 GB) (Disk ID: 30C2814D)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 14.8 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================