Infected with Trojan.BitcoinMiner, Malwares, and the like

Amora R Jelo

Hi, I need your help! I unfortunately downloaded a ransomware and infected my laptop. Windows security was disabled and all my files were renamed as .wrui I received the ransom not.  I deleted all my files already since I read that it can’t return to its original state. Later I learned that BleepingComputer can help with that, whew  

 

I scanned my laptop using Avast and Malwarebytes and detected viruses such as trojan.bitcoinminer, Win64 dropper, MalwareGen, Sandbox, optional.onlineIO, trojan injector, etc. I repeatedly scanned my laptop with those 2 antiviruses until a few are infected. Should I delete them from the virus chest? From time to time Malwarebytes prompt that a virus has been blocked (temp files). 

 

Here are texts from FRST and Addition files —

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-04-2021

Ran by andre (administrator) on TRIXIEPC (ASUSTeK COMPUTER INC. ASUS TUF Gaming A17 FA706IU_TUF706IU) (23-04-2021 17:39:00)

Running from C:UsersandreDesktop

Loaded Profiles: andre

Platform: Windows 10 Home Version 20H2 19042.928 (X64) Language: English (United States)

Default browser: Chrome

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Adobe Inc. -> Adobe Inc) C:Program Files (x86)Common FilesAdobeAdobe Desktop CommonIPCBoxAdobeIPCBroker.exe

(Adobe Inc. -> Adobe Systems Incorporated) C:Program FilesAdobeAdobe Creative Cloud ExperienceCCXProcess.exe

(Adobe Inc. -> Adobe Systems, Incorporated) C:Program Files (x86)Common FilesAdobeAdobeGCClientAGMService.exe

(Adobe Inc. -> Adobe Systems, Incorporated) C:Program Files (x86)Common FilesAdobeAdobeGCClientAGSService.exe

(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:Program Files (x86)Common FilesAdobeAdobe Desktop CommonElevationManagerAdobeUpdateService.exe

(Advanced Micro Devices, Inc. -> AMD) C:WindowsSystem32DriverStoreFileRepositoryu0362957.inf_amd64_47170f5efa6cd04eB362672atieclxx.exe

(Advanced Micro Devices, Inc. -> AMD) C:WindowsSystem32DriverStoreFileRepositoryu0362957.inf_amd64_47170f5efa6cd04eB362672atiesrxx.exe

(ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.​) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSLinkRemoteAsusLinkRemote.exe

(ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.​) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSSoftwareManagerAsusSoftwareManagerAgent.exe

(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:Program Files (x86)ASUSTeK COMPUTER INCRefreshRateServiceRefreshRateService.exe

(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:Program Files (x86)LightingServiceLightingService.exe

(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:Program FilesASUSARMOURY CRATE ServiceArmouryCrate.Service.exe

(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:Program FilesASUSARMOURY CRATE ServiceArmouryCrate.UserSessionHelper.exe

(ASUSTeK Computer Inc. -> ASUSTeK COMPUTER INC.) C:WindowsSystem32ASUSACCIArmouryCrateControlInterface.exe

(ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSLinkNearAsusLinkNear.exe

(ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSLinkNearAsusLinkNearExt.exe

(ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSOptimizationAsusOptimization.exe

(ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSOptimizationAsusOptimizationStartupTask.exe

(ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSOptimizationAsusOSD.exe

(ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSSoftwareManagerAsusSoftwareManager.exe

(ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSSystemAnalysisAsusSystemAnalysis.exe

(ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.) C:Program Files (x86)ASUSROG Live ServiceROGLiveService.exe

(Avast Software s.r.o. -> AVAST Software) C:Program FilesAvast SoftwareAvastaswEngSrv.exe

(Avast Software s.r.o. -> AVAST Software) C:Program FilesAvast SoftwareAvastaswToolsSvc.exe

(Avast Software s.r.o. -> AVAST Software) C:Program FilesAvast SoftwareAvastAvastSvc.exe

(Avast Software s.r.o. -> AVAST Software) C:Program FilesAvast SoftwareAvastAvastUI.exe <4>

(Avast Software s.r.o. -> AVAST Software) C:Program FilesAvast SoftwareAvastwsc_proxy.exe

(DTS, Inc. -> DTS Inc.) C:WindowsSystem32DTSPCAPO4xDtsApo4Service.exe

(Google LLC -> Google LLC) C:Program FilesGoogleChromeApplicationchrome.exe <24>

(Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe

(Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-Malwarembamtray.exe

(Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-MalwareMBAMWsc.exe

(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.WindowsStore_12001.1001.5.0_x64__8wekyb3d8bbweWinStore.App.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsImmersiveControlPanelSystemSettings.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32oobeUserOOBEBroker.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32rundll32.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32smartscreen.exe

(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:WindowsSystem32amdlogsr.exe

(Microsoft Windows Hardware Compatibility Publisher -> ASUSTek COMPUTER INC.) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSSystemDiagnosisAsusSystemDiagnosis.exe

(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:WindowsRtkBtManServ.exe

(Nitro Software, Inc. -> ) C:Program FilesNitroPro 11Nitro_UpdateService.exe

(Nitro Software, Inc. -> Nalpeiron Ltd.) C:WindowsSysWOW64NLSSRV32.EXE

(Nitro Software, Inc. -> Nitro Software, Inc.) C:Program FilesNitroPro 11NitroPDFDriverService11x64.exe

(Node.js Foundation -> Node.js) C:Program FilesAdobeAdobe Creative Cloud Experiencelibsnode.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:WindowsSystem32DriverStoreFileRepositorynvam.inf_amd64_0f6918628c340454Display.NvContainerNVDisplay.Container.exe <2>

(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:WindowsSystem32RtkAudUService64.exe

(Skype) C:Program FilesWindowsAppsMicrosoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5cSkypeApp.exe

(Skype) C:Program FilesWindowsAppsMicrosoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5cSkypeBackgroundHost.exe

 

==================== Registry (Whitelisted) ===================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM…Run: [AvastUI.exe] => C:Program FilesAvast SoftwareAvastAvLaunch.exe [118496 2021-04-22] (Avast Software s.r.o. -> AVAST Software)

HKLM…Run: [TabletDriver] => C:Huion TabletHuion Tablet.exe huion-hklm

HKLM…Run: [AdobeAAMUpdater-1.0] => C:Program Files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe [500936 2015-04-28] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

HKLM…Run: [AdobeGCInvoker-1.0] => C:Program Files (x86)Common FilesAdobeAdobeGCClientAGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)

HKLM-x32…Run: [SwitchBoard] => C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]

HKLM-x32…Run: [AdobeCS6ServiceManager] => C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

HKLM-x32…Run: [Adobe Creative Cloud] => C:Program Files (x86)AdobeAdobe Creative CloudACCCreative Cloud.exe [2383040 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

HKLM-x32…Run: [AdobeCS5.5ServiceManager] => C:Program Files (x86)Common FilesAdobeCS5.5ServiceManagerCS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

HKLM-x32…Run: [GrooveMonitor] => C:Program Files (x86)Microsoft OfficeOffice12GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)

HKLM-x32…Run: [Adobe CCXProcess] => C:Program Files (x86)AdobeAdobe Creative Cloud ExperienceCCXProcess.exe [129288 2021-04-22] (Adobe Inc. -> )

HKLMSOFTWAREPoliciesMicrosoftWindows Defender: Restriction <==== ATTENTION

HKUS-1-5-21-1823135509-1463431044-1941639193-1002…Run: [Spotify] => C:UsersandreAppDataRoamingSpotifySpotify.exe [24261704 2021-04-19] (Spotify AB -> Spotify Ltd)

HKUS-1-5-21-1823135509-1463431044-1941639193-1002…Run: [Viber] => C:UsersandreAppDataLocalViberViber.exe [47907032 2021-02-25] (Viber Media S.à r.l. -> Viber Media S.à r.l.)

HKUS-1-5-21-1823135509-1463431044-1941639193-1002…Run: [Discord] => C:UsersandreAppDataLocalDiscordUpdate.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)

HKUS-1-5-21-1823135509-1463431044-1941639193-1002…Run: [AdobeBridge] => [X]

HKUS-1-5-21-1823135509-1463431044-1941639193-1002…Run: [sxyvyshp] => “C:Usersandreqztyqpkg.exe”

HKUS-1-5-21-1823135509-1463431044-1941639193-1002…MountPoints2: {859772e1-9fec-11eb-a6d0-d8c0a657faba} – “D:HiSuiteDownLoader.exe” 

HKLM…PrintMonitorsNitro PDF Port Monitor: C:Windowssystem32nitrolocalmon11.dll [31944 2017-03-09] (Nitro Software, Inc. -> Nitro Software, Inc.)

HKLMSoftwareMicrosoftActive SetupInstalled Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:Program FilesGoogleChromeApplication90.0.4430.85Installerchrmstp.exe [2021-04-21] (Google LLC -> Google LLC)

Startup: C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupHuion Tablet.lnk [2021-03-02]

ShortcutTarget: Huion Tablet.lnk -> C:Huion TabletHuion Tablet.exe (No File)

Startup: C:UsersandreAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupprograms.bat [2021-04-23] () [File not signed]

GroupPolicy: Restriction ? <==== ATTENTION

Policies: C:ProgramDataNTUSER.pol: Restriction <==== ATTENTION

HKLMSOFTWAREPoliciesMozillaFirefox: Restriction <==== ATTENTION

HKLMSOFTWAREPoliciesGoogle: Restriction <==== ATTENTION

 

==================== Scheduled Tasks (Whitelisted) ============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {056F7BC7-740D-4848-8A28-E7B19F8D5B3F} – System32TasksNvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe [850928 2020-07-10] (NVIDIA Corporation -> NVIDIA Corporation) -> -d “C:Program FilesNVIDIA CorporationNvBackendNvBatteryBoostCheck” -l 3 -f C:ProgramDataNVIDIANvContainerBatteryBoostCheck.log

Task: {10DEB861-5F96-4808-A519-F894576D5AE8} – System32TasksAvast SoftwareOverseer => C:Program FilesCommon FilesAvast SoftwareOverseeroverseer.exe [1791712 2021-03-02] (Avast Software s.r.o. -> Avast Software)

Task: {1976B49B-949C-438C-B094-D67926301D3D} – System32TasksASUS Update Checker 2.0 => C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSSoftwareManagerAsusUpdateChecker.exe [677952 2021-03-28] (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.)

Task: {1B878D95-5BB0-4207-AA2F-3956816930BA} – System32TasksNvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1126888 2020-07-10] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {1E0EAF36-C5DC-4FF2-8B78-184A09653D3C} – System32TasksGoogleUpdateTaskMachineUA => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [154440 2021-03-02] (Google LLC -> Google LLC)

Task: {33F08F5D-8A8B-4AAA-8C27-2FDF0792AA84} – System32TasksNvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [907240 2020-07-10] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {44D23708-AE50-4F50-A3C2-7C1B225C8962} – System32TasksNvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1126888 2020-07-10] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {49686555-4268-4C3D-9B8F-4E0098EB0F70} – System32TasksNvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program Files (x86)NVIDIA CorporationNvNodenvnodejslauncher.exe [646456 2020-07-10] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {55EF4299-1CB5-4F3E-80CA-375F614AAD64} – System32TasksNVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNVIDIA GeForce ExperienceNVIDIA GeForce Experience.exe [3293168 2020-07-10] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {577F4903-7BEA-41F2-854B-18A8B9962903} – System32TasksGoogleUpdateTaskMachineCore => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [154440 2021-03-02] (Google LLC -> Google LLC)

Task: {65592C1A-48F2-4B47-9FC8-4C75324D54CC} – System32TasksAvast Emergency Update => C:Program FilesAvast SoftwareAvastAvEmUpdate.exe [4699872 2021-04-22] (Avast Software s.r.o. -> AVAST Software)

Task: {7A2F7777-1159-4B5F-9739-9D13278FADF6} – System32TasksASUS Optimization 36D18D69AFC3 => C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSOptimizationAsusHotkeyExec.exe [231968 2021-03-28] (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.)

Task: {8191CEDC-6EBB-4D9D-936C-7FD26AE4C84B} – System32TasksASUSASUSUpdateTaskMachineUA => C:Program Files (x86)ASUSUpdateAsusUpdate.exe [163176 2020-12-29] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)

Task: {88DD50AA-99D4-439D-8576-29C0FAD19E65} – System32TasksNvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [907240 2020-07-10] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {9046D3A1-418F-4E0F-B82E-8EBD4056FA20} – System32TasksMicrosoftWindowsPLA74C0539-0999-4DA9-9D0D-3D016B62F4E9 => {FF679DA1-8FF2-4474-9C9E-52BBD409B557} C:Windowssystem32pla.dll [1493504 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

Task: {9590E3D1-AD41-4EF9-BD89-1AAF3E155DE3} – Syst[email protected]gmail.com => C:Program Files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe [500936 2015-04-28] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

Task: {AA91D2E6-2708-4BA9-AD33-0B1421DF7358} – System32TasksNvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe [850928 2020-07-10] (NVIDIA Corporation -> NVIDIA Corporation) -> -d “C:Program FilesNVIDIA CorporationNvDriverUpdateCheck” -l 3 -f C:ProgramDataNVIDIANvContainerDriverUpdateCheck.log

Task: {AEB32902-2CFB-4AFC-8A3E-B262DEC742F5} – System32TasksPBtKAfc => C:Windowssystem32rundll32.exe “C:Program Files (x86)PBtKAfcPBtKAfc.dll”,PBtKAfc <==== ATTENTION

Task: {B2E3BA99-5DDB-4794-B95A-2DB882BBA80D} – System32TasksAdvancedUpdater => C:Program Files (x86)AW ManagerWindows ManagerWindows Updater.exe

Task: {BBED2EA5-C6A4-47CB-80BD-58AA89A6B7CA} – System32TasksMicrosoftWindowsPLAAsusLinkNear => {FF679DA1-8FF2-4474-9C9E-52BBD409B557} C:Windowssystem32pla.dll [1493504 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

Task: {CD6E9CEF-EBFB-47EB-AF08-EB95B14CA86A} – System32TasksNvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1126888 2020-07-10] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {D0DEEDD3-2878-46A5-A2C5-B9642BB7F59C} – System32TasksAdobeGCInvoker-1.0 => C:Program Files (x86)Common FilesAdobeAdobeGCClientAGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)

Task: {D94BB76B-8B51-4C07-B4EA-936A308103DC} – System32TasksNvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1126888 2020-07-10] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {DA2BC568-BA11-4431-8826-64B067543977} – System32TasksAsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474 => C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSSystemAnalysisAsusSystemAnalysis.exe [2399800 2021-03-28] (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.)

Task: {EC4B47F8-808F-4D75-9E36-7995D54FC624} – System32TasksRtkAudUService64_BG => C:WindowsSystem32RtkAudUService64.exe [1063712 2020-02-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

Task: {F3113799-CC66-48C9-859C-15A9C965CD0A} – System32TasksASUSASUSUpdateTaskMachineCore1d6dd657b1a3a6a => C:Program Files (x86)ASUSUpdateAsusUpdate.exe [163176 2020-12-29] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

TcpipParameters: [DhcpNameServer] 192.168.254.254

Tcpip..Interfaces{1a47204a-0bc7-4717-bf3e-fcf877e6cb7f}: [DhcpNameServer] 40.53.1.11

Tcpip..Interfaces{be4d5457-1e2c-4259-89d6-2dfaafc3ebf6}: [DhcpNameServer] 192.168.254.254

 

Edge: 

=======

Edge Profile: C:UsersandreAppDataLocalMicrosoftEdgeUser DataDefault [2021-04-23]

Edge HKLM-x32…EdgeExtension: [ihcjicgdanjaechkgeegckofjjedodee]

 

FireFox:

========

FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:Program FilesVideoLANVLCnpvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)

FF Plugin: adobe.com/AdobeAAMDetect -> C:Program Files (x86)Common FilesAdobeOOBEPDAppCCMUtilitiesnpAdobeAAMDetect64.dll [No File]

FF Plugin-x32: @nitropdf.com/NitroPDF -> C:Program Files (x86)NitroPro 11npnitromozilla.dll [2017-03-09] (Nitro Software, Inc. -> Nitro PDF)

 

Chrome: 

=======

CHR DefaultProfile: Default

CHR Profile: C:UsersandreAppDataLocalGoogleChromeUser DataDefault [2021-04-23]

CHR DownloadDir: C:UsersandreDesktop

CHR StartupUrls: Default -> “hxxps://mail.google.com/mail/u/0/?pli=1#inbox”,”hxxps://www.facebook.com/”,”hxxps://mail.google.com/mail/u/2/?tab=km#inbox”

CHR DefaultSearchURL: Default -> hxxps://www.ctcodeinfo.com/search?q={searchTerms}

CHR DefaultSearchKeyword: Default -> Custom

CHR Extension: (Slides) – C:UsersandreAppDataLocalGoogleChromeUser DataDefaultExtensionsaapocclcgogkmnckokdopfmhonfmgoek [2021-03-02]

CHR Extension: (Docs) – C:UsersandreAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [2021-03-02]

CHR Extension: (Google Drive) – C:UsersandreAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2021-03-02]

CHR Extension: (YouTube) – C:UsersandreAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2021-03-02]

CHR Extension: (Custom) – C:UsersandreAppDataLocalGoogleChromeUser DataDefaultExtensionscolgdlijdieibnaccfdcdbpdffofkfeb [2021-04-22]

CHR Extension: (Sheets) – C:UsersandreAppDataLocalGoogleChromeUser DataDefaultExtensionsfelcaaldnbdncclmgdcncolpebgiejap [2021-03-02]

CHR Extension: (Google Docs Offline) – C:UsersandreAppDataLocalGoogleChromeUser DataDefaultExtensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-04-21]

CHR Extension: (Malwarebytes Browser Guard) – C:UsersandreAppDataLocalGoogleChromeUser DataDefaultExtensionsihcjicgdanjaechkgeegckofjjedodee [2021-04-23]

CHR Extension: (Chrome Web Store Payments) – C:UsersandreAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2021-03-02]

CHR Extension: (Gmail) – C:UsersandreAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2021-03-02]

CHR Extension: (Chrome Media Router) – C:UsersandreAppDataLocalGoogleChromeUser DataDefaultExtensionspkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-17]

CHR Profile: C:UsersandreAppDataLocalGoogleChromeUser DataGuest Profile [2021-03-21]

CHR HKLM-x32…ChromeExtension: [aegnopegbbhjeeiganiajffnalhlkkjb]

CHR HKLM-x32…ChromeExtension: [ihcjicgdanjaechkgeegckofjjedodee]

 

==================== Services (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AdobeUpdateService; C:Program Files (x86)Common FilesAdobeAdobe Desktop CommonElevationManagerAdobeUpdateService.exe [744640 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

R2 AGMService; C:Program Files (x86)Common FilesAdobeAdobeGCClientAGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)

R2 AGSService; C:Program Files (x86)Common FilesAdobeAdobeGCClientAGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)

R2 ArmouryCrateControlInterface; C:WindowsSystem32ASUSACCIArmouryCrateControlInterface.exe [889248 2020-12-17] (ASUSTeK Computer Inc. -> ASUSTeK COMPUTER INC.)

R2 ArmouryCrateService; C:Program FilesASUSARMOURY CRATE ServiceArmouryCrate.Service.exe [348280 2021-03-29] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)

S2 asus; C:Program Files (x86)ASUSUpdateAsusUpdate.exe [163176 2020-12-29] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)

R2 ASUSLinkNear; C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSLinkNearAsusLinkNear.exe [1177648 2021-03-28] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)

R2 ASUSLinkNearExt; C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSLinkNearAsusLinkNearExt.exe [142248 2021-03-28] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)

R2 ASUSLinkRemote; C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSLinkRemoteAsusLinkRemote.exe [791584 2021-03-28] (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.​)

S3 asusm; C:Program Files (x86)ASUSUpdateAsusUpdate.exe [163176 2020-12-29] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)

R2 ASUSOptimization; C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSOptimizationAsusOptimization.exe [327200 2021-03-28] (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.)

R2 ASUSSoftwareManager; C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSSoftwareManagerAsusSoftwareManager.exe [884800 2021-03-28] (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.)

R2 ASUSSystemAnalysis; C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSSystemAnalysisAsusSystemAnalysis.exe [2399800 2021-03-28] (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.)

R2 ASUSSystemDiagnosis; C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSSystemDiagnosisAsusSystemDiagnosis.exe [620960 2021-03-28] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek COMPUTER INC.)

S3 aswbIDSAgent; C:Program FilesAvast SoftwareAvastaswidsagent.exe [7894040 2021-04-22] (Avast Software s.r.o. -> AVAST Software)

R2 avast! Antivirus; C:Program FilesAvast SoftwareAvastAvastSvc.exe [606944 2021-04-22] (Avast Software s.r.o. -> AVAST Software)

R2 avast! Tools; C:Program FilesAvast SoftwareAvastaswToolsSvc.exe [356064 2021-04-22] (Avast Software s.r.o. -> AVAST Software)

R2 AvastWscReporter; C:Program FilesAvast SoftwareAvastwsc_proxy.exe [56920 2021-04-22] (Avast Software s.r.o. -> AVAST Software)

R2 DtsApo4Service; C:WindowsSystem32DTSPCAPO4xDtsApo4Service.exe [201376 2020-10-19] (DTS, Inc. -> DTS Inc.)

R2 LightingService; C:Program Files (x86)LightingServiceLightingService.exe [3210232 2021-03-03] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)

R2 MBAMService; C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe [7456464 2021-04-23] (Malwarebytes Inc -> Malwarebytes)

R2 NitroDriverReadSpool11; C:Program FilesNitroPro 11NitroPDFDriverService11x64.exe [327368 2017-03-09] (Nitro Software, Inc. -> Nitro Software, Inc.)

R2 NitroUpdateService; C:Program FilesNitroPro 11Nitro_UpdateService.exe [419016 2017-03-09] (Nitro Software, Inc. -> )

R2 nlsX86cc; C:WindowsSysWOW64NLSSRV32.EXE [71880 2017-03-09] (Nitro Software, Inc. -> Nalpeiron Ltd.)

R2 RefreshRateService; C:Program Files (x86)ASUSTeK COMPUTER INCRefreshRateServiceRefreshRateService.exe [37344 2020-02-07] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)

R2 ROG Live Service; C:Program Files (x86)ASUSROG Live ServiceROGLiveService.exe [5557848 2021-03-24] (ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.)

S3 SwitchBoard; C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]

S3 WdNisSvc; C:ProgramDataMicrosoftWindows Defenderplatform4.18.2101.9-0NisSrv.exe [2462960 2021-03-02] (Microsoft Windows Publisher -> Microsoft Corporation)

S4 WinDefend; C:ProgramDataMicrosoftWindows Defenderplatform4.18.2101.9-0MsMpEng.exe [128376 2021-03-02] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 NVDisplay.ContainerLocalSystem; C:WindowsSystem32DriverStoreFileRepositorynvam.inf_amd64_0f6918628c340454Display.NvContainerNVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%NVIDIANVDisplay.ContainerLocalSystem.log -l 3 -d C:WindowsSystem32DriverStoreFileRepositorynvam.inf_amd64_0f6918628c340454Display.NvContainerpluginsLocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystemLocalSystem

 

===================== Drivers (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

U5 AppServicea; C:WindowsSystem32svchost.exe [57360 2021-03-03] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)

R3 AsusPTPDrv; C:WindowsSystem32driversAsusPTPFilter.sys [112336 2019-10-02] (ASUSTek Computer Inc. -> ASUSTek COMPUTER INC.)

R1 ASUSSAIO; C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSSystemAnalysisASUSSAIO.sys [36416 2021-03-28] (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.)

R0 aswArDisk; C:WindowsSystem32driversaswArDisk.sys [35664 2021-04-22] (Avast Software s.r.o. -> AVAST Software)

R1 aswArPot; C:WindowsSystem32driversaswArPot.sys [212192 2021-04-22] (Avast Software s.r.o. -> AVAST Software)

R1 aswbidsdriver; C:WindowsSystem32driversaswbidsdriver.sys [365024 2021-04-22] (Avast Software s.r.o. -> AVAST Software)

R0 aswbidsh; C:WindowsSystem32driversaswbidsh.sys [250336 2021-04-22] (Avast Software s.r.o. -> AVAST Software)

R0 aswbuniv; C:WindowsSystem32driversaswbuniv.sys [99288 2021-04-22] (Avast Software s.r.o. -> AVAST Software)

R0 aswElam; C:WindowsSystem32driversaswElam.sys [17352 2021-04-22] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)

R1 aswKbd; C:WindowsSystem32driversaswKbd.sys [41296 2021-04-22] (Avast Software s.r.o. -> AVAST Software)

R1 aswMonFlt; C:WindowsSystem32driversaswMonFlt.sys [180448 2021-04-22] (Avast Software s.r.o. -> AVAST Software)

R1 aswNetHub; C:WindowsSystem32driversaswNetHub.sys [522384 2021-04-22] (Avast Software s.r.o. -> AVAST Software)

R1 aswRdr; C:WindowsSystem32driversaswRdr2.sys [107792 2021-04-22] (Avast Software s.r.o. -> AVAST Software)

R0 aswRvrt; C:WindowsSystem32driversaswRvrt.sys [82872 2021-04-22] (Avast Software s.r.o. -> AVAST Software)

R1 aswSnx; C:WindowsSystem32driversaswSnx.sys [850632 2021-04-22] (Avast Software s.r.o. -> AVAST Software)

R1 aswSP; C:WindowsSystem32driversaswSP.sys [467720 2021-04-22] (Avast Software s.r.o. -> AVAST Software)

R2 aswStm; C:WindowsSystem32driversaswStm.sys [215352 2021-04-22] (Avast Software s.r.o. -> AVAST Software)

R0 aswVmm; C:WindowsSystem32driversaswVmm.sys [326992 2021-04-22] (Avast Software s.r.o. -> AVAST Software)

R1 ATKWMIACPIIO; C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSOptimizationatkwmiacpi64.sys [44680 2021-03-28] (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.)

R1 ESProtectionDriver; C:Windowssystem32driversmbae64.sys [199128 2021-04-23] (Malwarebytes Inc -> Malwarebytes)

R3 HIDSwitch; C:WindowsSystem32driversAsRadioControl.sys [32696 2020-11-19] (ASUSTek Computer Inc. -> ASUS)

S3 ITEflashIO; C:WindowsSystem32DriversITEflashIO.sys [23624 2021-03-23] (ITE Tech. Inc. -> ITE Tech. Inc.)

R2 MBAMChameleon; C:WindowsSystem32DriversMbamChameleon.sys [220752 2021-04-23] (Malwarebytes Inc -> Malwarebytes)

S0 MbamElam; C:WindowsSystem32DRIVERSMbamElam.sys [19912 2021-04-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)

R3 MBAMFarflt; C:WindowsSystem32DRIVERSfarflt.sys [198888 2021-04-23] (Malwarebytes Inc -> Malwarebytes)

R3 MBAMProtection; C:Windowssystem32DRIVERSmbam.sys [77496 2021-04-23] (Malwarebytes Inc -> Malwarebytes)

R3 MBAMSwissArmy; C:WindowsSystem32Driversmbamswissarmy.sys [248992 2021-04-23] (Malwarebytes Inc -> Malwarebytes)

R3 MBAMWebProtection; C:Windowssystem32DRIVERSmwac.sys [157944 2021-04-23] (Malwarebytes Inc -> Malwarebytes)

R3 vmulti; C:WindowsSystem32driversvmulti.sys [10752 2018-03-16] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)

S3 WdBoot; C:Windowssystem32driverswdWdBoot.sys [49552 2021-03-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

S3 WdFilter; C:Windowssystem32driverswdWdFilter.sys [419040 2021-03-02] (Microsoft Windows -> Microsoft Corporation)

S3 WdNisDrv; C:WindowsSystem32driverswdWdNisDrv.sys [71912 2021-03-02] (Microsoft Windows -> Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One month (created) (Whitelisted) =========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2021-04-23 17:39 – 2021-04-23 17:39 – 000030538 _____ C:UsersandreDesktopFRST.txt

2021-04-23 17:38 – 2021-04-23 17:39 – 000000000 ____D C:FRST

2021-04-23 17:37 – 2021-04-23 17:37 – 002298368 _____ (Farbar) C:UsersandreDesktopFRST64.exe

2021-04-23 17:11 – 2021-04-23 17:11 – 000220752 _____ (Malwarebytes) C:Windowssystem32DriversMbamChameleon.sys

2021-04-23 17:11 – 2021-04-23 17:11 – 000198888 _____ (Malwarebytes) C:Windowssystem32Driversfarflt.sys

2021-04-23 17:11 – 2021-04-23 17:11 – 000157944 _____ (Malwarebytes) C:Windowssystem32Driversmwac.sys

2021-04-23 17:11 – 2021-04-23 17:11 – 000077496 _____ (Malwarebytes) C:Windowssystem32Driversmbam.sys

2021-04-23 17:10 – 2021-04-23 17:10 – 019660800 ____N C:Windowssystem32configSYSTEM

2021-04-23 17:10 – 2021-04-23 17:10 – 000006144 _____ (Microsoft Corporation) C:Windowssystem32J9RRE6X2DX.tmp

2021-04-23 17:03 – 2021-04-23 17:03 – 000002023 _____ C:UsersPublicDesktopMalwarebytes.lnk

2021-04-23 17:03 – 2021-04-23 17:03 – 000002023 _____ C:ProgramDataDesktopMalwarebytes.lnk

2021-04-23 12:37 – 2021-04-23 17:03 – 000248992 _____ (Malwarebytes) C:Windowssystem32Driversmbamswissarmy.sys

2021-04-23 12:37 – 2021-04-23 17:03 – 000002035 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes.lnk

2021-04-23 12:37 – 2021-04-23 12:37 – 000199128 _____ (Malwarebytes) C:Windowssystem32Driversmbae64.sys

2021-04-23 12:37 – 2021-04-23 12:37 – 000019912 _____ (Malwarebytes) C:Windowssystem32DriversMbamElam.sys

2021-04-23 12:37 – 2021-04-23 12:37 – 000000000 ____D C:UsersandreAppDataLocalmbam

2021-04-23 12:37 – 2021-04-23 12:37 – 000000000 ____D C:ProgramDataMalwarebytes

2021-04-23 12:36 – 2021-04-23 12:36 – 000000000 ____D C:Program FilesMalwarebytes

2021-04-23 12:34 – 2021-04-23 12:34 – 000000000 ____D C:UsersandreAppDataLocalbe4a6ac4-2a30-45cc-ad41-fbf5b4e55023

2021-04-23 11:48 – 2021-04-23 15:21 – 000000000 ____D C:UsersandreAppDataLocalCrashDumps

2021-04-23 11:46 – 2021-04-23 11:46 – 000016786 _____ C:Windowssystem32TasksPBtKAfc

2021-04-23 11:46 – 2021-04-23 11:46 – 000000000 ____D C:UsersandreAppDataRoaminglighteningplayer

2021-04-23 11:45 – 2021-03-04 02:16 – 000000000 ____D C:Program Files (x86)PBtKAfc

2021-04-23 11:44 – 2021-04-23 11:49 – 011254606 _____ C:Usersandreqztyqpkg.exe.wrui

2021-04-23 11:44 – 2021-04-23 11:44 – 000001106 _____ C:Usersandre_readme.txt

2021-04-23 11:43 – 2021-04-23 11:43 – 000000556 _____ C:UsersandreAppDataLocalbowsakkdestx.txt

2021-04-23 11:43 – 2021-04-23 11:43 – 000000000 ____D C:SystemID

2021-04-23 11:42 – 2021-04-23 17:10 – 019660800 _____ C:Windowssystem32C_32770.NLS

2021-04-23 11:42 – 2021-04-23 15:59 – 000002776 _____ C:Windowssystem32TasksFirefox Default Browser Agent 58AF81702FE38D36

2021-04-23 11:42 – 2021-04-23 12:33 – 000000000 ____D C:UsersandreAppDataLocal7c27bd44-ee86-4ffa-9730-6f193b19c5d1

2021-04-23 11:42 – 2021-04-23 11:50 – 000148711 _____ C:UsersandreAppDataLocalLowZPpniG0J2Ga.zip.wrui

2021-04-23 11:42 – 2021-04-23 11:50 – 000002449 _____ C:UsersandreAppDataLocalLowmachineinfo.txt.wrui

2021-04-23 11:42 – 2021-04-23 11:45 – 000002118 _____ C:UsersandreAppDataRoamingMicrosoftWindowsStart MenuProgramsLightening Media Player.lnk

2021-04-23 11:42 – 2021-04-23 11:42 – 006694800 ____N C:Windowssystem32Drivers8lV9Yk2.sys

2021-04-23 11:42 – 2021-04-23 11:42 – 000916735 _____ (SQLite Development Team) C:UsersandreAppDataLocalLowsqlite3.dll

2021-04-23 11:42 – 2021-04-23 11:41 – 001048576 _____ C:UsersandreAppDataLocalLowexuieaoEiI

2021-04-23 11:42 – 2021-04-16 22:59 – 000114688 _____ C:UsersandreAppDataLocalLowQDNQsOYAhl

2021-04-23 11:42 – 2021-04-16 22:59 – 000114688 _____ C:UsersandreAppDataLocalLowFgnihTnT3h

2021-04-23 11:42 – 2021-04-16 22:59 – 000049152 _____ C:UsersandreAppDataLocalLow4bl6oDi3bH

2021-04-23 11:42 – 2021-03-21 19:15 – 000020480 _____ C:UsersandreAppDataLocalLowmnNHfbHoLd

2021-04-23 11:42 – 2021-03-12 15:36 – 000032768 _____ C:UsersandreAppDataLocalLowfGwl4MX6d9

2021-04-23 11:41 – 2021-04-23 16:25 – 000000000 ___HD C:UsersPublicDocumentsAdobeGC

2021-04-23 11:41 – 2021-04-23 16:25 – 000000000 ___HD C:ProgramDataDocumentsAdobeGC

2021-04-22 21:20 – 2021-04-22 21:20 – 000001132 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsAdobe Premiere Pro 2021.lnk

2021-04-22 21:20 – 2021-04-22 21:20 – 000000000 ____D C:UsersPublicDocumentsAdobe

2021-04-22 21:20 – 2021-04-22 21:20 – 000000000 ____D C:ProgramDataDocumentsAdobe

2021-04-22 19:17 – 2021-04-23 15:59 – 000000000 ____D C:UsersandreAppDataRoamingXUGnyWzvizFylweeYySuMujumtetYJCSWAxQzDvzHFJJKYdtmVYluyoQHAZwTfnnRNpJGjIxJnnubDcANYErKaLRaEoTEcmailSXPHbhjDAHGear

2021-04-22 19:17 – 2021-04-23 12:33 – 000000000 ____D C:UsersandreAppDataRoamingSmart Clock

2021-04-22 19:15 – 2021-04-23 17:11 – 000000258 __RSH C:ProgramDatantuser.pol

2021-04-22 19:15 – 2021-04-22 19:16 – 000000000 ____D C:UsersandreAppDataLocalLowcR1dL5pE5dG6mD5k

2021-04-22 19:14 – 2021-04-23 15:59 – 000002776 _____ C:Windowssystem32TasksFirefox Default Browser Agent DD87B3B03701A1AA

2021-04-22 19:14 – 2021-04-22 19:14 – 000000000 ____D C:UsersandreAppDataRoamingXantan

2021-04-22 19:14 – 2021-04-22 19:14 – 000000000 ____D C:UsersandreAppDataLocalLowgC9tT2iQ3s

2021-04-22 19:13 – 2021-04-22 19:13 – 000000000 ____D C:ProgramDataLavasoft

2021-04-22 19:12 – 2021-04-23 16:40 – 000000000 ____D C:UsersandreDocumentsVlcpVideoV1.0.1

2021-04-22 19:12 – 2021-04-23 16:03 – 000000000 ____D C:Program Files (x86)94c45254-6d52-40cc-93fb-b69707383880

2021-04-22 19:12 – 2021-04-23 12:33 – 000000000 ___HD C:ProgramDataWindows Host

2021-04-22 19:12 – 2021-04-23 11:44 – 000037872 _____ C:Program FileslibEGL.dll

2021-04-22 19:12 – 2021-04-22 23:27 – 000002988 _____ C:Windowssystem32TasksAdvancedUpdater

2021-04-22 19:12 – 2021-04-22 19:12 – 001493916 _____ C:UsersandreSkQwxeRsyPCqnYikcCvSYRQagr

2021-04-22 17:01 – 2021-04-22 17:01 – 000339680 _____ (AVAST Software) C:Windowssystem32aswBoot.exe

2021-04-22 17:01 – 2021-04-22 17:01 – 000215352 _____ (AVAST Software) C:Windowssystem32DriversaswStm.sys

2021-04-22 16:09 – 2021-04-22 16:09 – 000000000 ____D C:UsersandreAppDataRoamingPACE Anti-Piracy

2021-04-22 16:09 – 2021-04-22 16:09 – 000000000 ____D C:ProgramDataPACE Anti-Piracy

2021-04-21 20:01 – 2021-04-21 14:57 – 000470634 _____ C:UsersPublicPatient Data Sheet- FILL UP-COLORED-FINAL.pdf

2021-04-21 20:01 – 2021-04-21 14:57 – 000197420 _____ C:UsersPublicREGISTRATION FORM.pdf

2021-04-19 18:14 – 2021-04-19 18:14 – 000000000 ____H C:Windowssystem32DriversMsft_User_WpdMtpDr_01_11_00.Wdf

2021-04-16 17:38 – 2021-04-16 17:38 – 001823304 _____ (Microsoft Corporation) C:Windowssystem32winload.efi

2021-04-16 17:38 – 2021-04-16 17:38 – 000231248 _____ C:Windowssystem32containerdevicemanagement.dll

2021-04-16 17:38 – 2021-04-16 17:38 – 000011357 _____ C:Windowssystem32DrtmAuthTxt.wim

2021-04-06 21:40 – 2021-04-23 16:40 – 000000000 ____D C:UsersandreDocumentsShadow of the Tomb Raider

2021-04-06 21:40 – 2021-04-06 21:40 – 000000000 ____D C:UsersandreAppDataRoamingEidos Montreal

2021-04-06 21:40 – 2021-04-06 21:40 – 000000000 ____D C:Usersandreansel

2021-04-06 21:39 – 2021-04-06 21:39 – 000000000 ____D C:UsersPublicDocumentsSteam

2021-04-06 21:39 – 2021-04-06 21:39 – 000000000 ____D C:ProgramDataDocumentsSteam

2021-04-06 21:01 – 2021-04-06 21:01 – 000000000 ____D C:UsersandreAppDataRoamingcod_ww2_crack_data

2021-04-06 14:12 – 2021-04-06 14:12 – 000000000 ____D C:Windowssystem32TasksAgent Activation Runtime

2021-03-27 19:17 – 2021-03-27 19:17 – 000000000 ____D C:UsersandreAppDataLocalViber Media S.à r.l

 

==================== One month (modified) ==================

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2021-04-23 17:28 – 2019-12-07 17:14 – 000000000 ____D C:WindowsAppReadiness

2021-04-23 17:17 – 2020-05-07 21:20 – 000840602 _____ C:Windowssystem32PerfStringBackup.INI

2021-04-23 17:17 – 2019-12-07 17:13 – 000000000 ____D C:WindowsINF

2021-04-23 17:13 – 2021-03-02 16:31 – 000003752 _____ C:Windowssystem32TasksAsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474

2021-04-23 17:11 – 2021-03-02 18:50 – 000000000 ____D C:ProgramDataAvast Software

2021-04-23 17:11 – 2020-12-29 05:59 – 000000000 ____D C:ProgramDataNVIDIA

2021-04-23 17:11 – 2020-05-07 21:13 – 000000006 ____H C:WindowsTasksSA.DAT

2021-04-23 17:11 – 2019-12-07 17:14 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft

2021-04-23 17:10 – 2020-05-07 21:12 – 000008192 ___SH C:DumpStack.log.tmp

2021-04-23 17:10 – 2019-12-07 17:03 – 000786432 _____ C:Windowssystem32configBBI

2021-04-23 16:48 – 2021-03-02 19:41 – 000000000 ____D C:UsersandreDocuments- Trixie Files

2021-04-23 16:40 – 2021-03-02 19:04 – 000000000 ____D C:UsersandreDocumentsActivePresenter Templates

2021-04-23 16:31 – 2020-12-29 05:59 – 000000000 ____D C:ProgramDataPackage Cache

2021-04-23 16:25 – 2021-03-04 18:20 – 000000000 ___HD C:UsersPublicDocumentsAdobeGCData

2021-04-23 16:25 – 2021-03-04 18:20 – 000000000 ___HD C:ProgramDataDocumentsAdobeGCData

2021-04-23 16:19 – 2019-12-07 17:14 – 000000000 ___HD C:Program FilesWindowsApps.tmp

2021-04-23 16:19 – 2019-12-07 17:14 – 000000000 ___HD C:Program FilesWindowsApps

2021-04-23 16:18 – 2019-12-07 17:14 – 000000000 ____D C:Windowsregistration

2021-04-23 16:06 – 2021-03-02 22:52 – 000000000 ____D C:UsersandreAppDataRoamingNitro

2021-04-23 16:02 – 2021-03-02 18:51 – 000004264 _____ C:Windowssystem32TasksAvast Emergency Update

2021-04-23 16:00 – 2020-05-07 21:12 – 000000000 ____D C:Windowssystem32SleepStudy

2021-04-23 15:55 – 2021-03-02 16:01 – 000000000 ____D C:UsersandreAppDataLocalD3DSCache

2021-04-23 12:37 – 2019-12-07 17:14 – 000000000 ___HD C:WindowsELAMBKUP

2021-04-23 12:33 – 2021-03-03 18:02 – 000000000 ____D C:Program Files (x86)Microsoft Office

2021-04-23 12:33 – 2020-12-30 08:14 – 000000000 ____D C:Usersandre

2021-04-23 11:55 – 2021-03-02 16:01 – 000000000 ____D C:UsersandreAppDataLocalVirtualStore

2021-04-23 11:49 – 2021-03-02 19:22 – 000000000 ____D C:Huion Tablet

2021-04-23 11:44 – 2020-05-07 22:02 – 000000000 ____D C:eSupport

2021-04-23 11:42 – 2019-12-07 17:03 – 019660800 _____ C:Windowssystem32configBCD00000000

2021-04-22 23:27 – 2021-03-02 18:52 – 000000000 ____D C:Windowssystem32TasksAvast Software

2021-04-22 23:27 – 2021-03-02 16:11 – 000003346 _____ C:Windowssystem32TasksGoogleUpdateTaskMachineUA

2021-04-22 23:27 – 2021-03-02 16:11 – 000003122 _____ C:Windowssystem32TasksGoogleUpdateTaskMachineCore

2021-04-22 23:27 – 2020-12-29 06:06 – 000003116 _____ C:Windowssystem32TasksASUS Update Checker 2.0

2021-04-22 23:27 – 2020-12-29 06:00 – 000003042 _____ C:Windowssystem32TasksASUS Optimization 36D18D69AFC3

2021-04-22 23:27 – 2020-05-07 21:16 – 000003408 _____ C:Windowssystem32TasksMicrosoftEdgeUpdateTaskMachineUA

2021-04-22 23:27 – 2020-05-07 21:16 – 000003184 _____ C:Windowssystem32TasksMicrosoftEdgeUpdateTaskMachineCore

2021-04-22 21:37 – 2021-03-02 22:08 – 000000000 ____D C:UsersandreAppDataRoamingvlc

2021-04-22 21:22 – 2021-03-02 16:01 – 000000000 ____D C:UsersandreAppDataRoamingAdobe

2021-04-22 21:20 – 2021-03-02 23:03 – 000000000 ____D C:Program Files (x86)Adobe

2021-04-22 21:20 – 2021-03-02 21:39 – 000000000 ____D C:Program FilesCommon FilesAdobe

2021-04-22 21:20 – 2021-03-02 21:39 – 000000000 ____D C:Program FilesAdobe

2021-04-22 21:19 – 2021-03-02 21:36 – 000000000 ____D C:UsersandreAppDataLocalAdobe

2021-04-22 21:16 – 2021-03-14 14:15 – 000000000 ____D C:UsersandreAppDataRoaminguTorrent

2021-04-22 21:05 – 2021-03-02 16:28 – 000000000 ____D C:UsersandreDocuments- Installers

2021-04-22 19:15 – 2019-12-07 17:14 – 000000000 ___HD C:Windowssystem32GroupPolicy

2021-04-22 19:12 – 2019-12-07 17:52 – 000000000 ____D C:Program FilesWindows Multimedia Platform

2021-04-22 19:12 – 2019-12-07 17:14 – 000000000 __SHD C:Program FilesWindows Sidebar

2021-04-22 18:24 – 2019-11-10 09:00 – 000000000 ___HD C:UsersandreAppDataLocalHAW7CyKB4B

2021-04-22 17:02 – 2020-05-07 21:12 – 005194024 _____ C:Windowssystem32FNTCACHE.DAT

2021-04-22 17:01 – 2021-03-02 18:51 – 000850632 _____ (AVAST Software) C:Windowssystem32DriversaswSnx.sys

2021-04-22 17:01 – 2021-03-02 18:51 – 000522384 _____ (AVAST Software) C:Windowssystem32DriversaswNetHub.sys

2021-04-22 17:01 – 2021-03-02 18:51 – 000467720 _____ (AVAST Software) C:Windowssystem32DriversaswSP.sys

2021-04-22 17:01 – 2021-03-02 18:51 – 000365024 _____ (AVAST Software) C:Windowssystem32Driversaswbidsdriver.sys

2021-04-22 17:01 – 2021-03-02 18:51 – 000326992 _____ (AVAST Software) C:Windowssystem32DriversaswVmm.sys

2021-04-22 17:01 – 2021-03-02 18:51 – 000250336 _____ (AVAST Software) C:Windowssystem32Driversaswbidsh.sys

2021-04-22 17:01 – 2021-03-02 18:51 – 000212192 _____ (AVAST Software) C:Windowssystem32DriversaswArPot.sys

2021-04-22 17:01 – 2021-03-02 18:51 – 000180448 _____ (AVAST Software) C:Windowssystem32DriversaswMonFlt.sys

2021-04-22 17:01 – 2021-03-02 18:51 – 000107792 _____ (AVAST Software) C:Windowssystem32DriversaswRdr2.sys

2021-04-22 17:01 – 2021-03-02 18:51 – 000099288 _____ (AVAST Software) C:Windowssystem32Driversaswbuniv.sys

2021-04-22 17:01 – 2021-03-02 18:51 – 000082872 _____ (AVAST Software) C:Windowssystem32DriversaswRvrt.sys

2021-04-22 17:01 – 2021-03-02 18:51 – 000041296 _____ (AVAST Software) C:Windowssystem32DriversaswKbd.sys

2021-04-22 17:01 – 2021-03-02 18:51 – 000035664 _____ (AVAST Software) C:Windowssystem32DriversaswArDisk.sys

2021-04-22 17:01 – 2021-03-02 18:51 – 000017352 _____ (AVAST Software) C:Windowssystem32DriversaswElam.sys

2021-04-22 16:53 – 2021-03-02 16:01 – 000000000 ____D C:UsersandreAppDataLocalASUS

2021-04-22 16:09 – 2021-03-02 21:40 – 000000000 ____D C:ProgramDataregid.1986-12.com.adobe

2021-04-22 16:09 – 2020-10-23 02:24 – 000000000 ___HD C:UsersandreAppDataLocalI5DbsCcTu4mFM

2021-04-21 21:42 – 2020-12-29 05:57 – 000000000 ____D C:Windowssystem32AMD

2021-04-21 20:01 – 2021-03-02 17:57 – 000416768 ___SH C:UsersPublicThumbs.db

2021-04-21 17:10 – 2021-03-02 16:11 – 000002249 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk

2021-04-21 16:21 – 2021-03-04 16:32 – 000000132 _____ C:UsersandreAppDataRoamingAdobe PNG Format CS6 Prefs

2021-04-20 21:44 – 2020-05-07 21:16 – 000002440 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk

2021-04-19 16:33 – 2021-03-02 18:08 – 000000000 ____D C:UsersandreAppDataLocalSpotify

2021-04-19 16:25 – 2021-03-02 18:07 – 000000000 ____D C:UsersandreAppDataRoamingSpotify

2021-04-19 11:20 – 2019-12-07 17:14 – 000000000 ____D C:WindowsLiveKernelReports

2021-04-17 21:23 – 2021-03-04 00:09 – 000000000 ____D C:WindowsSysWOW64directx

2021-04-17 21:22 – 2021-03-04 10:06 – 000000000 ___HD C:Windowsmsdownld.tmp

2021-04-17 20:26 – 2021-03-04 09:32 – 000000000 ____D C:Games

2021-04-16 23:10 – 2019-12-07 17:14 – 000000000 ___SD C:Windowssystem32DiagSvcs

2021-04-16 23:10 – 2019-12-07 17:14 – 000000000 ___RD C:WindowsImmersiveControlPanel

2021-04-16 23:10 – 2019-12-07 17:14 – 000000000 ____D C:WindowsSystemResources

2021-04-16 23:10 – 2019-12-07 17:14 – 000000000 ____D C:Windowssystem32setup

2021-04-16 23:10 – 2019-12-07 17:14 – 000000000 ____D C:Windowssystem32oobe

2021-04-16 23:10 – 2019-12-07 17:14 – 000000000 ____D C:Windowssystem32lv-LV

2021-04-16 23:10 – 2019-12-07 17:14 – 000000000 ____D C:Windowssystem32lt-LT

2021-04-16 23:10 – 2019-12-07 17:14 – 000000000 ____D C:Windowssystem32et-EE

2021-04-16 23:10 – 2019-12-07 17:14 – 000000000 ____D C:Windowssystem32es-MX

2021-04-16 23:10 – 2019-12-07 17:14 – 000000000 ____D C:WindowsProvisioning

2021-04-16 23:10 – 2019-12-07 17:14 – 000000000 ____D C:WindowsPolicyDefinitions

2021-04-16 23:10 – 2019-12-07 17:14 – 000000000 ____D C:Windowsbcastdvr

2021-04-16 17:40 – 2019-12-07 17:03 – 000000000 ____D C:WindowsCbsTemp

2021-04-16 17:38 – 2020-05-07 21:17 – 002877440 _____ (Microsoft Corporation) C:WindowsSysWOW64PrintConfig.dll

2021-04-16 17:34 – 2021-03-03 18:25 – 000000000 ____D C:Windowssystem32MRT

2021-04-16 17:33 – 2021-03-03 18:25 – 131963968 ____C (Microsoft Corporation) C:Windowssystem32MRT.exe

2021-04-16 11:39 – 2021-03-04 18:21 – 000002672 _____ C:Windowssystem32TasksAdobeGCInvoker-1.0

2021-04-16 11:39 – 2021-03-02 21:42 – 000002880 _____ C:Windowssyst[email protected]gmail.com

2021-04-16 11:39 – 2021-03-02 16:03 – 000002922 _____ C:Windowssystem32TasksOneDrive Standalone Update Task-S-1-5-21-1823135509-1463431044-1941639193-1002

2021-04-16 11:39 – 2020-12-29 06:00 – 000002374 _____ C:Windowssystem32TasksRtkAudUService64_BG

2021-04-16 11:39 – 2020-12-29 05:59 – 000003458 _____ C:Windowssystem32TasksNvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2021-04-16 11:39 – 2020-12-29 05:59 – 000003256 _____ C:Windowssystem32TasksNvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2021-04-16 11:39 – 2020-12-29 05:59 – 000003212 _____ C:Windowssystem32TasksNVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2021-04-16 11:39 – 2020-12-29 05:59 – 000003044 _____ C:Windowssystem32TasksNvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2021-04-16 11:39 – 2020-12-29 05:59 – 000003008 _____ C:Windowssystem32TasksNvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2021-04-16 11:39 – 2020-12-29 05:59 – 000003008 _____ C:Windowssystem32TasksNvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2021-04-16 11:39 – 2020-12-29 05:59 – 000003008 _____ C:Windowssystem32TasksNvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2021-04-16 11:39 – 2020-12-29 05:59 – 000003008 _____ C:Windowssystem32TasksNvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2021-04-16 11:39 – 2020-12-29 05:59 – 000002974 _____ C:Windowssystem32TasksNvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2021-04-16 11:39 – 2020-12-29 05:59 – 000002804 _____ C:Windowssystem32TasksNvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2021-04-16 11:39 – 2020-12-29 05:57 – 000002918 _____ C:Windowssystem32TasksOneDrive Standalone Update Task-S-1-5-21-1823135509-1463431044-1941639193-500

2021-04-12 12:29 – 2021-03-02 16:03 – 000000000 ___RD C:UsersandreOneDrive

2021-04-12 12:29 – 2020-12-30 08:14 – 000002409 _____ C:UsersandreAppDataRoamingMicrosoftWindowsStart MenuProgramsOneDrive.lnk

2021-04-06 21:40 – 2021-03-02 16:03 – 000000000 ____D C:UsersandreAppDataLocalNVIDIA Corporation

2021-04-06 21:01 – 2021-03-16 17:33 – 000000000 ____D C:UsersandreAppDataRoamingSmartSteamEmu

2021-04-06 21:01 – 2021-03-04 10:21 – 000003035 _____ C:Windowssystem32Driversetchosts.rollback

2021-04-03 12:07 – 2021-03-03 08:51 – 000000000 ____D C:UsersandreDocuments- Games

2021-03-31 10:47 – 2020-12-29 06:04 – 000000000 ____D C:Program Files (x86)LightingService

2021-03-29 15:22 – 2020-12-29 06:04 – 000000000 ____D C:Program Files (x86)ASUS

2021-03-29 15:21 – 2020-12-29 06:03 – 000000000 ____D C:Program FilesASUS

2021-03-27 19:18 – 2021-03-02 18:14 – 000000000 ____D C:UsersandreAppDataRoamingViberPC

2021-03-24 14:46 – 2021-03-02 21:42 – 000000000 ____D C:UsersandreAppDataLocalNVIDIA

 

==================== Files in the root of some directories ========

 

2021-04-22 19:12 – 2021-04-23 11:44 – 000037872 _____ () C:Program FileslibEGL.dll

2021-03-04 16:32 – 2021-04-21 16:21 – 000000132 _____ () C:UsersandreAppDataRoamingAdobe PNG Format CS6 Prefs

2021-03-02 23:16 – 2021-03-02 23:23 – 000000034 _____ () C:UsersandreAppDataRoamingAdobeWLCMCache.dat

2021-03-03 11:01 – 2021-03-03 11:01 – 000321226 ___SH () C:UsersandreAppDataRoaminguuihsds

2021-04-23 11:43 – 2021-04-23 11:43 – 000000556 _____ () C:UsersandreAppDataLocalbowsakkdestx.txt

2021-03-05 11:04 – 2021-03-05 11:04 – 000000000 _____ () C:UsersandreAppDataLocaloobelibMkey.log

 

==================== FLock ==============================

 

2021-04-23 17:10 C:Windowssystem32configSYSTEM

2021-04-23 11:42 C:Windowssystem32Drivers8lV9Yk2.sys

 

==================== SigCheck ============================

 

(There is no automatic fix for files that do not pass verification.)

 

==================== End of FRST.txt ========================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2021

Ran by andre (23-04-2021 17:40:10)

Running from C:UsersandreDesktop

Windows 10 Home Version 20H2 19042.928 (X64) (2020-12-29 23:55:27)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-1823135509-1463431044-1941639193-500 – Administrator – Disabled)

andre (S-1-5-21-1823135509-1463431044-1941639193-1002 – Administrator – Enabled) => C:Usersandre

DefaultAccount (S-1-5-21-1823135509-1463431044-1941639193-503 – Limited – Disabled)

Guest (S-1-5-21-1823135509-1463431044-1941639193-501 – Limited – Disabled)

WDAGUtilityAccount (S-1-5-21-1823135509-1463431044-1941639193-504 – Limited – Disabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Disabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Avast Antivirus (Disabled – Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}

 

==================== Installed Programs ======================

 

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

µTorrent (HKUS-1-5-21-1823135509-1463431044-1941639193-1002…uTorrent) (Version: 3.5.5.45966 – BitTorrent Inc.)

7-Zip 19.00 (x64) (HKLM…7-Zip) (Version: 19.00 – Igor Pavlov)

ActivePresenter (HKLM…{A2A40277-D807-4754-95A3-2F294C2C51D3}_is1) (Version: 8.3.2 – Atomi Systems, Inc.)

Adobe After Effects CC 2015 (HKLM-x32…{147EC100-14BE-45EF-AB42-35BAEE7D02F0}) (Version: 13.5.0 – Adobe Systems Incorporated)

Adobe Creative Cloud (HKLM-x32…Adobe Creative Cloud) (Version: 3.9.0.327 – Adobe Systems Incorporated)

Adobe Creative Suite 6 Master Collection (HKLM-x32…{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 – Adobe Systems Incorporated)

Adobe Genuine Service (HKLM-x32…AdobeGenuineService) (Version:  – Adobe)

Adobe Illustrator CS5.1 (HKLM-x32…{23767F5D-A80C-4264-B8EA-ED4085FC332A}) (Version: 15.1 – Adobe Systems Incorporated)

Adobe InDesign CC 2015 (HKLM-x32…{BC448016-6F11-1014-B0EA-97CEE6E26CB8}) (Version: 11.0 – Adobe Systems Incorporated)

Adobe Photoshop CS6 (HKLM-x32…{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 – Adobe Systems Incorporated)

Adobe Photoshop Lightroom 5 64-bit (HKLM…{6C1A010F-9108-4162-A26F-9FEC4AC0F0F0}) (Version: 5.0.1 – Adobe)

Adobe Premiere Pro 2021 (HKLM-x32…PPRO_15_0) (Version: 15.0 – Adobe Inc.)

Adobe Update Management Tool (HKLM-x32…{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 8.0 – PainteR)

ARMOURY CRATE Service (HKLM…{01378DC3-088F-4F55-AAFA-DC6A9CCA292A}) (Version: 4.0.12 – ASUS)

ASUS Aac_NBDT HAL (HKLM…{01D3B7AA-D078-4506-B460-60877FCDDBD6}) (Version: 2.3.19.0 – ASUSTek COMPUTER INC.) Hidden

ASUS Aac_NBDT HAL (HKLM-x32…{401933de-cde2-4537-8e35-6b76b1a3ac39}) (Version: 2.3.19.0 – ASUSTek COMPUTER INC.) Hidden

ASUS AURA Display Component (HKLM…{AFD1CF98-FE97-434C-A095-9F27C5BEA53C}) (Version: 1.1.25 – ASUSTek COMPUTER INC. ) Hidden

ASUS AURA Display Component (HKLM-x32…{94267bd0-fa8a-4aa4-925d-ec3e0d130fba}) (Version: 1.1.25 – ASUSTek COMPUTER INC. ) Hidden

ASUS AURA Headset Component (HKLM…{A3C4120D-8096-4307-91A2-FFE37EBD5A3D}) (Version: 1.3.7.0 – ASUSTek COMPUTER INC.) Hidden

ASUS AURA Headset Component (HKLM-x32…{0b7086ac-be35-49b5-b650-93df80b7f9f9}) (Version: 1.3.7.0 – ASUSTek COMPUTER INC.) Hidden

ASUS Aura SDK (HKLM…{CF8E6E00-9C03-4440-81C0-21FACB921A6B}) (Version: 3.04.05 – ASUSTek COMPUTER INC.) Hidden

ASUS Keyboard HAL (HKLM…{0FA0CDEE-5DC8-421E-A97D-C74FA6E66FC3}) (Version: 1.1.12.0 – ASUSTek COMPUTER INC.) Hidden

ASUS Keyboard HAL (HKLM-x32…{b0db9d8d-e0d2-415a-8937-ef8baaca84d6}) (Version: 1.1.12.0 – ASUSTek COMPUTER INC.) Hidden

ASUS MB Peripheral Products (HKLM…{BFED9861-7D96-4528-89F1-B090ABBF11A7}) (Version: 1.0.33 – ASUSTeK Computer Inc.) Hidden

ASUS MB Peripheral Products (HKLM-x32…{ba1d61ab-a60c-4fc3-ae58-87a688f3e258}) (Version: 1.0.33 – ASUSTeK Computer Inc.) Hidden

ASUS Mouse HAL (HKLM…{1838F91B-D481-45AA-B92F-071C62D0A19A}) (Version: 1.1.0.8 – ASUSTek COMPUTER INC.) Hidden

ASUS Mouse HAL (HKLM-x32…{6a8e2c5f-6a39-4d81-8326-a6117c21089b}) (Version: 1.1.0.8 – ASUSTek COMPUTER INC.) Hidden

ASUS Update Helper (HKLM-x32…{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.107.53 – ASUSTeK Computer Inc.) Hidden

AURA lighting effect add-on (HKLM-x32…{1E2EA04B-FCA7-457E-B6F4-F33E1858E859}) (Version: 0.0.15 – ASUS)

AURA lighting effect add-on x64 (HKLM…{C5A4A164-4428-4931-B728-96EEF0FA3C44}) (Version: 0.0.15 – ASUS)

AURA Service (HKLM-x32…{0E536061-3B55-4D45-BF58-0BDA261C94B0}) (Version: 3.04.35 – ASUSTeK Computer Inc.) Hidden

AURA Service (HKLM-x32…{35381ead-8a19-4bff-a272-dcdfe38a5867}) (Version: 3.04.35 – ASUSTeK Computer Inc.)

Avast Free Antivirus (HKLM-x32…Avast Antivirus) (Version: 21.3.2459 – Avast Software)

Call of Duty: MW2 CR (HKLM-x32…Call of Duty: MW2 CR_is1) (Version:  – )

CLIP STUDIO 1.6.2 (HKLM-x32…{D10EA45D-4594-4405-90C6-9E9ADD1192CA}) (Version: 1.6.2 – CELSYS)

CLIP STUDIO PAINT 1.6.2 (HKLM-x32…{88B5A062-DDA1-4F62-A4DD-95D0C4F19979}) (Version: 1.6.2 – CELSYS)

Discord (HKUS-1-5-21-1823135509-1463431044-1941639193-1002…Discord) (Version: 0.0.309 – Discord Inc.)

Google Chrome (HKLM-x32…Google Chrome) (Version: 90.0.4430.85 – Google LLC)

HandBrake 1.3.3 (HKLM-x32…HandBrake) (Version: 1.3.3 – )

Huion Tablet v14.7.154.586 (HKLM…{62047893-F186-48B8-83A5-1C74D8666D19}_is1) (Version: v14.7.154.586 – )

Malwarebytes version 4.3.0.98 (HKLM…{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 – Malwarebytes)

Microsoft Edge (HKLM-x32…Microsoft Edge) (Version: 90.0.818.42 – Microsoft Corporation)

Microsoft Edge WebView2 Runtime (HKLM-x32…Microsoft EdgeWebView) (Version: 90.0.818.42 – Microsoft Corporation)

Microsoft Office Enterprise 2007 (HKLM-x32…ENTERPRISE) (Version: 12.0.4518.1014 – Microsoft Corporation)

Microsoft OneDrive (HKUS-1-5-21-1823135509-1463431044-1941639193-1002…OneDriveSetup.exe) (Version: 21.052.0314.0001 – Microsoft Corporation)

Microsoft Update Health Tools (HKLM…{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 – Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32…{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 – Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32…{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 – Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM…{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 – Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM…{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 – Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable – x64 9.0.30729.6161 (HKLM…{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 – Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.17 (HKLM-x32…{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 – Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.6161 (HKLM-x32…{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 – Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x64) – 14.23.27820 (HKLM-x32…{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 – Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x86) – 14.23.27820 (HKLM-x32…{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 – Microsoft Corporation)

Nitro Pro (HKLM…{1DD58739-D7CC-497A-900C-64275F3DDC56}) (Version: 11.0.3.173 – Nitro) Hidden

Nitro Pro (HKLM-x32…{d1856858-e5d7-496e-b693-d580589dea84}) (Version: 11.0.3.173 – Nitro)

NVIDIA GeForce Experience 3.20.3.63 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.3.63 – NVIDIA Corporation)

NVIDIA Graphics Driver 451.67 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 451.67 – NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.38.34 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.34 – NVIDIA Corporation)

NVIDIA PhysX System Software 9.20.0221 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.20.0221 – NVIDIA Corporation)

NVIDIA USBC Driver 1.42.831.832 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.42.831.832 – NVIDIA Corporation)

PDF Settings CS5 (HKLM-x32…{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 – Adobe Systems Incorporated) Hidden

PDF Settings CS6 (HKLM-x32…{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 – Adobe Systems Incorporated) Hidden

RefreshRateService (HKLM-x32…{7E5E84CB-B190-4658-A4DC-166779C329D1}) (Version: 2.0.3 – ASUSTeK COMPUTER INC.)

ROG Live Service (HKLM-x32…{2D87BFB6-C184-4A59-9BBE-3E20CE797631}) (Version: 1.2.5.0 – ASUSTek COMPUTER INC.)

Shadow of the Tomb Raider (HKLM-x32…Shadow of the Tomb Raider_is1) (Version:  – )

Spotify (HKUS-1-5-21-1823135509-1463431044-1941639193-1002…Spotify) (Version: 1.1.56.595.g2d2da0de – Spotify AB)

The Sims 4 (HKLM-x32…The Sims 4_is1) (Version:  – )

Viber (HKLM-x32…{C3909B59-A21E-4BA2-8E6B-E0985804E405}) (Version: 14.8.0.3 – Viber Media S.a.r.l) Hidden

Viber (HKUS-1-5-21-1823135509-1463431044-1941639193-1002…{ec8a1876-e90b-4cb2-b2e8-f31d30357d17}) (Version: 14.8.0.3 – 2010-2021 Viber Media S.a.r.l)

VLC media player (HKLM…VLC media player) (Version: 3.0.12 – VideoLAN)

Windows Driver Package – Graphics Tablet (WinUsb) USBDevice  (04/10/2014 8.33.30.0) (HKLM…142118DF51345EA02D2B1583E102C8FB95FD6D52) (Version: 04/10/2014 8.33.30.0 – Graphics Tablet)

Zoom (HKUS-1-5-21-1823135509-1463431044-1941639193-1002…ZoomUMX) (Version: 5.5.2 (12494.0204) – Zoom Video Communications, Inc.)

 

Packages:

=========

Adobe Photoshop Express: Image Editor, Adjustments, Filters, Effects, Borders -> C:Program FilesWindowsAppsAdobeSystemsIncorporated.AdobePhotoshopExpress_3.4.8.0_x64__ynb6jyjzte8ga [2021-04-23] (Adobe Inc.)

AMD Radeon Software -> C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10027.0_x64__0a9344xs7nr4m [2021-04-23] (Advanced Micro Devices Inc.) [Startup Task]

ARMOURY CRATE -> C:Program FilesWindowsAppsB9ECED6F.ArmouryCrate_4.0.8.0_x64__qmba6cd70vzyy [2021-04-23] (ASUSTeK COMPUTER INC.)

Cortana -> C:Program FilesWindowsAppsMicrosoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2021-04-23] (Microsoft Corporation)

DTS:X Ultra -> C:Program FilesWindowsAppsDTSInc.DTSXUltra_1.10.1.0_x64__t5j2fzbtdg37r [2021-04-23] (DTS, Inc.)

Mail and Calendar -> C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2021-04-23] (Microsoft Corporation) [MS Ad]

Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-04-23] (Microsoft Corporation) [MS Ad]

Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-04-23] (Microsoft Corporation) [MS Ad]

Microsoft Solitaire Collection -> C:Program FilesWindowsAppsMicrosoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2021-04-23] (Microsoft Studios) [MS Ad]

Microsoft To Do -> C:Program FilesWindowsAppsMicrosoft.Todos_2.38.4482.0_x64__8wekyb3d8bbwe [2021-04-23] (Microsoft Corporation) [Startup Task]

MSN Weather -> C:Program FilesWindowsAppsMicrosoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe [2021-04-23] (Microsoft Corporation) [MS Ad]

MyASUS -> C:Program FilesWindowsAppsB9ECED6F.ASUSPCAssistant_2.3.18.0_x64__qmba6cd70vzyy [2021-04-23] (ASUSTeK COMPUTER INC.)

NVIDIA Control Panel -> C:Program FilesWindowsAppsNVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj [2021-04-23] (NVIDIA Corp.)

PicsArt – Photo Studio -> C:Program FilesWindowsApps2FE3CB00.PICSART-PHOTOSTUDIO_9.3.4.0_x64__crhqpqs3x1ygc [2021-04-23] (PicsArt Inc.)

Realtek Audio Control -> C:Program FilesWindowsAppsRealtekSemiconductorCorp.RealtekAudioControl_1.9.212.0_x64__dt26b99r8h8gj [2021-04-23] (Realtek Semiconductor Corp)

Skype -> C:Program FilesWindowsAppsMicrosoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c [2021-04-23] (Skype)

 

==================== Custom CLSID (Whitelisted): ==============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

ShellExecuteHooks-x32: Groove GFS Stub Execution Hook – {B5A7F190-DDA6-4420-B3BA-52453494E6CD} – C:Program Files (x86)Microsoft OfficeOffice12GrooveShellExtensions.dll [2210608 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:Program Files (x86)AdobeAdobe Creative CloudCoreSyncExtensionCoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )

ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:Program Files (x86)AdobeAdobe Creative CloudCoreSyncExtensionCoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )

ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:Program Files (x86)AdobeAdobe Creative CloudCoreSyncExtensionCoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:Program FilesAvast SoftwareAvastashShell.dll [2021-04-22] (Avast Software s.r.o. -> AVAST Software)

ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:Program FilesAvast SoftwareAvastashShell.dll [2021-04-22] (Avast Software s.r.o. -> AVAST Software)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:Program Files7-Zip7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed]

ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:Program Files (x86)AdobeAdobe Creative CloudCoreSyncExtensionCoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )

ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:Program FilesAvast SoftwareAvastashShell.dll [2021-04-22] (Avast Software s.r.o. -> AVAST Software)

ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:Program FilesNitroPro 11NPShellExtension.dll [2017-03-09] (Nitro Software, Inc. -> Nitro PDF)

ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:Program FilesAvast SoftwareAvastashShell.dll [2021-04-22] (Avast Software s.r.o. -> AVAST Software)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2021-04-23] (Malwarebytes Corporation -> Malwarebytes)

ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:Program Files7-Zip7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed]

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:WindowsSystem32DriverStoreFileRepositorynvam.inf_amd64_0f6918628c340454nvshext.dll [2020-07-09] (NVIDIA Corporation -> NVIDIA Corporation)

ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:Program Files7-Zip7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed]

ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:Program Files (x86)AdobeAdobe Creative CloudCoreSyncExtensionCoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )

ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:Program FilesAvast SoftwareAvastashShell.dll [2021-04-22] (Avast Software s.r.o. -> AVAST Software)

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2021-04-23] (Malwarebytes Corporation -> Malwarebytes)

 

==================== Codecs (Whitelisted) ====================

 

==================== Shortcuts & WMI ========================

 

==================== Loaded Modules (Whitelisted) =============

 

2021-04-23 11:45 – 2021-03-04 02:16 – 004003840 _____ () [File not signed] C:Program Files (x86)PBtKAfcPBtKAfc.dll

2020-05-27 09:08 – 2020-05-27 09:08 – 002831360 _____ (Apache Software Foundation) [File not signed] C:Program Files (x86)LightingServicelog4cxx.dll

2021-03-02 22:11 – 2019-02-22 00:00 – 000078336 _____ (Igor Pavlov) [File not signed] C:Program Files7-Zip7-zip.dll

2020-02-27 06:36 – 2020-02-27 06:36 – 000747008 _____ (TODO: <Company name>) [File not signed] C:Program FilesASUSAac_KeyboardAacKbHal_x86.dll

 

==================== Alternate Data Streams (Whitelisted) ========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:Windows:nlsPreferences [386]

AlternateDataStreams: C:Usersandre:.repos [616612]

AlternateDataStreams: C:UsersandreAppDataLocalHAW7CyKB4B:i8cXjzETrIJSnCGrMth [2160]

 

==================== Safe Mode (Whitelisted) ==================

 

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

 

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalaswSP.sys => “”=”Driver”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMBAMService => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMCODS => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkaswSP.sys => “”=”Driver”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMBAMService => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMcMPFSvc => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMCODS => “”=”Service”

 

==================== Association (Whitelisted) =================

 

==================== Internet Explorer (Whitelisted) ==========

 

HKUS-1-5-21-1823135509-1463431044-1941639193-1002SoftwareMicrosoftInternet ExplorerMain,Start Page = hxxp://www.msn.com/?pc=ASTE

HKUS-1-5-21-1823135509-1463431044-1941639193-1002SoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = hxxp://www.msn.com/?pc=ASTE

SearchScopes: HKUS-1-5-21-1823135509-1463431044-1941639193-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKUS-1-5-21-1823135509-1463431044-1941639193-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:Program Files (x86)Microsoft OfficeOffice12GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)

 

==================== Hosts content: =========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2019-12-07 17:14 – 2021-04-22 19:12 – 000000000 _____ C:Windowssystem32driversetchosts

 

==================== Other Areas ===========================

 

(Currently there is no automatic fix for this section.)

 

HKUS-1-5-21-1823135509-1463431044-1941639193-1002Control PanelDesktopWallpaper -> C:UsersandrePictures- Trixie PhotosDesktop BackgroundTrese.jpg

DNS Servers: 192.168.254.254

HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: )

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(If an entry is included in the fixlist, it will be removed.)

 

HKLM…StartupApprovedRun: => “AdobeAAMUpdater-1.0”

HKLM…StartupApprovedRun32: => “Adobe Creative Cloud”

HKLM…StartupApprovedRun32: => “AdobeCS5.5ServiceManager”

HKLM…StartupApprovedRun32: => “AdobeCS6ServiceManager”

HKLM…StartupApprovedRun32: => “SwitchBoard”

HKUS-1-5-21-1823135509-1463431044-1941639193-1002…StartupApprovedStartupFolder: => “programs.bat”

HKUS-1-5-21-1823135509-1463431044-1941639193-1002…StartupApprovedRun: => “Spotify”

HKUS-1-5-21-1823135509-1463431044-1941639193-1002…StartupApprovedRun: => “Discord”

HKUS-1-5-21-1823135509-1463431044-1941639193-1002…StartupApprovedRun: => “Viber”

HKUS-1-5-21-1823135509-1463431044-1941639193-1002…StartupApprovedRun: => “Windows Host”

HKUS-1-5-21-1823135509-1463431044-1941639193-1002…StartupApprovedRun: => “SysHelper”

HKUS-1-5-21-1823135509-1463431044-1941639193-1002…StartupApprovedRun: => “sxyvyshp”

 

==================== FirewallRules (Whitelisted) ================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{8BA8D1E8-C54A-4644-9E3C-B65EDD28AADA}] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{6626436B-1010-439F-A8A1-6B92F2051385}] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{AB5931FE-255A-40E8-B216-A3651CC047A7}] => (Allow) C:Program FilesASUSARMOURY CRATE ServiceMobilePluginAutoConnectHelper.exe (ASUSTEK COMPUTER INCORPORATION -> )

FirewallRules: [{AA945A58-5368-41F9-9C53-1354F6E8ADC9}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16outlook.exe => No File

FirewallRules: [{7BFF8652-F364-4ED2-8FD6-97E3398E6B9A}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{3DB0EC6E-4A0B-404E-AA4F-457F60EBC168}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{23BC1D28-22A1-4E37-887B-F63BA8B4E77D}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{48AAFFDB-ACAD-478C-BE3B-08BEE65B21B1}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{544CC4C3-9714-4EC9-A352-A3268DB1D69F}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{209C3A9E-E53E-4D9C-BA96-2292AD672376}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{6F44E9F2-B90B-4FD5-B6B9-296FC9659562}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{D21C66F3-8DA6-4AF1-8D96-CED635CE704A}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [TCP Query User{F961220E-103C-4B3A-A371-CFCF98ED3109}C:usersandreappdataroamingspotifyspotify.exe] => (Allow) C:usersandreappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [UDP Query User{7D704770-9FCA-4F5F-9663-0F4E8C10E62C}C:usersandreappdataroamingspotifyspotify.exe] => (Allow) C:usersandreappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{FE0506A0-D299-48B0-88EB-EC52FF3D9735}] => (Allow) C:UsersandreAppDataRoamingZoombinZoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

FirewallRules: [{D22CE516-9AE7-401D-A946-9007299DA131}] => (Allow) C:UsersandreAppDataRoamingZoombinairhost.exe => No File

FirewallRules: [{A83BD923-C295-43F6-AD1A-54AF4D5C0AA1}] => (Allow) C:UsersandreAppDataRoamingZoombinairhost.exe => No File

FirewallRules: [{B29A0D3D-0CA5-42B5-9CDC-9761F5AB7666}] => (Allow) C:Program FilesATOMIActivePresenterActivePresenter.exe (ATOMI SYSTEMS, INC. -> Atomi Systems, Inc.)

FirewallRules: [{1970EB2C-16EA-4D84-83DA-21A5358FFF9A}] => (Allow) C:Program FilesATOMIActivePresenterrlactivator.exe (ATOMI SYSTEMS, INC. -> Atomi Systems, Inc.)

FirewallRules: [TCP Query User{5D8796A6-188A-446C-9312-BA26F3C03D50}C:gamesthe sims 4gamebints4_x64.exe] => (Allow) C:gamesthe sims 4gamebints4_x64.exe (Electronic Arts Inc.) [File not signed]

FirewallRules: [UDP Query User{D3BE52AD-162A-42DA-B35C-3F9D896A7AF3}C:gamesthe sims 4gamebints4_x64.exe] => (Allow) C:gamesthe sims 4gamebints4_x64.exe (Electronic Arts Inc.) [File not signed]

FirewallRules: [{4F2CFD3F-E6D6-4943-B43B-C7E0D8F4E2E5}] => (Allow) C:UsersandreAppDataRoaminguTorrentuTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)

FirewallRules: [{5A82F973-6109-46F5-AFC3-1E128C769773}] => (Allow) C:UsersandreAppDataRoaminguTorrentuTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)

FirewallRules: [TCP Query User{7D439C91-3B13-45E4-8D86-7E0928513884}C:gamesrise of the tomb raiderrottr.exe] => (Allow) C:gamesrise of the tomb raiderrottr.exe => No File

FirewallRules: [UDP Query User{FC195761-A845-41A0-BA1F-261E9E255963}C:gamesrise of the tomb raiderrottr.exe] => (Allow) C:gamesrise of the tomb raiderrottr.exe => No File

FirewallRules: [TCP Query User{3E6DE5F1-500E-4681-ADCB-715C600207F1}C:gamescall of duty – black ops 3blackops3.exe] => (Allow) C:gamescall of duty – black ops 3blackops3.exe => No File

FirewallRules: [UDP Query User{7481FA3B-5BE0-4DBE-B7D6-6B6EF4C80073}C:gamescall of duty – black ops 3blackops3.exe] => (Allow) C:gamescall of duty – black ops 3blackops3.exe => No File

FirewallRules: [{ABC6A36A-4D1B-4AD8-9D3C-CF181C9FDC1A}] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{6E7AFC98-6ADD-4FDE-A10A-43E3C8287F1A}] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{D8400F51-2408-491D-A4F4-D390CDD405FB}] => (Allow) C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{0D332ACD-6849-42EB-88B9-3293495E1CB1}] => (Allow) C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{7656EFC0-0E21-40F5-991F-C16D7791D482}] => (Allow) C:Program Files (x86)ASUSROG Live ServiceROGLiveService.exe (ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.)

FirewallRules: [{C3F34CAE-1580-4170-9398-48BC576178B1}] => (Allow) C:Program Files (x86)ASUSROG Live ServiceROGLiveService.exe (ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.)

FirewallRules: [TCP Query User{EAEC43C0-AFA4-4D47-AC63-0F426FD34DE3}C:gamescall of duty – wwiis2_sp64_ship.exe] => (Allow) C:gamescall of duty – wwiis2_sp64_ship.exe => No File

FirewallRules: [UDP Query User{CC6387E1-8D45-4681-B0EF-00170735B621}C:gamescall of duty – wwiis2_sp64_ship.exe] => (Allow) C:gamescall of duty – wwiis2_sp64_ship.exe => No File

FirewallRules: [TCP Query User{1DA95D7E-5E2A-47B8-8DC2-ACE09AF7B41D}C:gamescall of duty – modern warfare 2 crmw2cr.exe] => (Allow) C:gamescall of duty – modern warfare 2 crmw2cr.exe (Activision Publishing Inc -> Activision) [File not signed]

FirewallRules: [UDP Query User{B5946C59-E2EF-41A0-82DA-5DF09694A3EE}C:gamescall of duty – modern warfare 2 crmw2cr.exe] => (Allow) C:gamescall of duty – modern warfare 2 crmw2cr.exe (Activision Publishing Inc -> Activision) [File not signed]

FirewallRules: [{0E4AAAA8-CBF3-4DB3-A119-09F19EA6FCEA}] => (Allow) C:Program Files (x86)MicrosoftEdgeWebViewApplication90.0.818.42msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{894EF960-E50F-45A8-8A63-8291153F229D}] => (Allow) C:Program FilesGoogleChromeApplicationchrome.exe (Google LLC -> Google LLC)

FirewallRules: [{EB7113EC-4116-48F9-B92D-E281F9BEA078}] => (Allow) C:Program FilesAdobeAdobe Premiere Pro CC 2015Adobe Premiere Pro.exe => No File

FirewallRules: [{33D32CAB-4711-48ED-BC00-7C17CE4D9283}] => (Allow) C:Program FilesAdobeAdobe Premiere Pro CC 2015Adobe Premiere Pro.exe => No File

FirewallRules: [{5E9BD144-3D17-4ED3-8617-759F67A140FB}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{7D1076BC-03A0-48F6-A850-9C329D461535}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{3BFD7EC2-41EF-44BC-8ADE-A57ED015768D}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{5836D0A2-9A42-477A-B648-C179EC5C00E1}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{1926C243-CC7F-4823-A072-1A84DBD374D7}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{E611A0E9-C48C-4981-8CC5-FD51F8023BEE}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{65E9B374-0AAF-4BA3-B06F-261562C74B87}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{23319406-F505-47D7-ADAC-7EDE2C531056}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{55393BFE-EA0C-4FFC-9947-262519A6F6C5}] => (Allow) C:Windowssystem32rundll32.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [TCP Query User{40A5F299-34BB-4DD7-A4C7-5B61862A2599}C:windowssyswow64svchost.exe] => (Block) C:windowssyswow64svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)

FirewallRules: [UDP Query User{E15A2CDC-D22F-40A4-9B71-1D9A0DCE04B7}C:windowssyswow64svchost.exe] => (Block) C:windowssyswow64svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)

FirewallRules: [{DB702248-1DD4-4C78-8574-03CD2CC298AD}] => (Allow) C:WindowsSystem32rundll32.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{C6DEC293-3786-40B7-8CD3-8BAFA58B8CB0}] => (Allow) C:WindowsSystem32rundll32.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{3D2D26ED-DD56-4663-BDBE-CC0D270F627C}] => (Allow) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSLinkNearAsusLinkNear.exe (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)

FirewallRules: [{C2D5EABB-DE52-4A3B-A02B-53A1F4E6A7BE}] => (Allow) C:WindowsSystem32rundll32.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{56D255AA-DF52-4BFF-97A5-3244599A5FAA}] => (Allow) C:WindowsSystem32rundll32.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{078B0434-1BD7-4C23-899C-060F68716704}] => (Allow) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSLinkRemoteAsusLinkRemoteAgent.exe (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.​)

FirewallRules: [{5B500A62-3557-4BFA-8E7E-69F764659AB2}] => (Allow) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_614f48546dc6ba1aASUSLinkRemoteAsusLinkRemoteAgent.exe (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.​)

FirewallRules: [{D4D33C29-2B89-4B85-9504-66AAA948AA92}] => (Allow) C:Program FilesASUSARMOURY CRATE ServiceMobilePluginAutoConnectHelper.exe (ASUSTEK COMPUTER INCORPORATION -> )

FirewallRules: [{195D6DA7-7F12-4FBB-940F-C94CDC5FBD3D}] => (Allow) C:Program FilesASUSARMOURY CRATE ServiceMobilePluginAutoConnectHelper.exe (ASUSTEK COMPUTER INCORPORATION -> )

 

==================== Restore Points =========================

 

22-04-2021 15:20:52 Microsoft Visual C++ 2012 Redistributable (x64) – 11.0.61030

22-04-2021 15:21:04 Microsoft Visual C++ 2012 Redistributable (x86) – 11.0.61030

22-04-2021 21:30:31 Removed Microsoft Visual C++ 2010  x64 Redistributable – 10.0.40219

22-04-2021 21:30:54 Removed Microsoft Visual C++ 2010  x64 Redistributable – 10.0.40219

23-04-2021 16:15:00 Restore Operation

23-04-2021 16:31:13 Removed Microsoft Visual C++ 2010  x86 Redistributable – 10.0.40219

23-04-2021 16:31:36 Removed Microsoft Visual C++ 2010  x64 Redistributable – 10.0.40219

23-04-2021 16:31:59 Removed Microsoft Visual C++ 2010  x86 Redistributable – 10.0.40219

23-04-2021 16:32:20 Removed Microsoft Visual C++ 2010  x64 Redistributable – 10.0.40219

 

==================== Faulty Device Manager Devices ============

 

 

==================== Event log errors: ========================

 

Application errors:

==================

Error: (04/23/2021 05:14:49 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: mbamtray.exe, version: 4.0.0.974, time stamp: 0x607861f0

Faulting module name: Qt5Core.dll, version: 5.14.1.0, time stamp: 0x603971ce

Exception code: 0xc0000005

Fault offset: 0x0000000000219dc5

Faulting process id: 0x27c0

Faulting application start time: 0x01d73820a22f91a1

Faulting application path: C:Program FilesMalwarebytesAnti-Malwarembamtray.exe

Faulting module path: C:Program FilesMalwarebytesAnti-MalwareQt5Core.dll

Report Id: 2ab07411-8d85-4bbf-9ad3-aee7ffda12fc

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (04/23/2021 05:11:17 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)

Description: User hive is loaded by another process (Registry Lock) Process name: C:Program FilesAvast SoftwareAvastaswToolsSvc.exe, PID: 4688, ProfSvc PID: 1452.

 

Error: (04/23/2021 05:10:36 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.

.

 

Error: (04/23/2021 05:10:36 PM) (Source: VSS) (EventID: 13) (User: )

Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.

]

 

Error: (04/23/2021 05:10:28 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: svchost.exe, version: 10.0.19041.546, time stamp: 0x058e175a

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x0000000000000000

Faulting process id: 0x2af0

Faulting application start time: 0x01d73820808ab23a

Faulting application path: C:Windowssystem32svchost.exe

Faulting module path: unknown

Report Id: cd490e87-0258-4b29-9a7f-bc37e4227408

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (04/23/2021 05:10:27 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: svchost.exe, version: 10.0.19041.546, time stamp: 0x058e175a

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x0000000000000000

Faulting process id: 0x1854

Faulting application start time: 0x01d738208005da75

Faulting application path: C:Windowssystem32svchost.exe

Faulting module path: unknown

Report Id: eab28eee-267d-4ecf-a742-a7363604b969

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (04/23/2021 05:07:04 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: mbamtray.exe, version: 4.0.0.974, time stamp: 0x607861f0

Faulting module name: Qt5Core.dll, version: 5.14.1.0, time stamp: 0x603971ce

Exception code: 0xc0000005

Fault offset: 0x0000000000219dc5

Faulting process id: 0x2488

Faulting application start time: 0x01d7381f93d35615

Faulting application path: C:Program FilesMalwarebytesAnti-Malwarembamtray.exe

Faulting module path: C:Program FilesMalwarebytesAnti-MalwareQt5Core.dll

Report Id: b485de98-5182-46cf-9cdc-b8d0dec26c2f

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (04/23/2021 04:20:18 PM) (Source: System Restore) (EventID: 8210) (User: )

Description: An unspecified error occurred during System Restore: (Windows Modules Installer). Additional information: 0x800705aa.

 

 

System errors:

=============

Error: (04/23/2021 04:19:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (45000 milliseconds) while waiting for the AppServicef service to connect.

 

Error: (04/23/2021 04:19:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (45000 milliseconds) while waiting for the AppServicei service to connect.

 

Error: (04/23/2021 04:19:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (45000 milliseconds) while waiting for the AppServicek service to connect.

 

Error: (04/23/2021 04:19:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (45000 milliseconds) while waiting for the AppServicej service to connect.

 

Error: (04/23/2021 04:19:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (45000 milliseconds) while waiting for the AppServicec service to connect.

 

Error: (04/23/2021 04:19:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (45000 milliseconds) while waiting for the AppServicee service to connect.

 

Error: (04/23/2021 04:19:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (45000 milliseconds) while waiting for the AppServicel service to connect.

 

Error: (04/23/2021 04:19:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (45000 milliseconds) while waiting for the AppServiceh service to connect.

 

 

Windows Defender:

================

Date: 2021-03-23 22:09:21

Description: 

The specified driver is invalid.

 

Date: 2021-03-23 22:09:21

Description: 

The specified driver is invalid.

 

Date: 2021-03-23 22:09:21

Description: 

The specified driver is invalid.

 

Date: 2021-03-23 22:09:21

Description: 

The specified driver is invalid.

 

Date: 2021-03-23 22:09:21

Description: 

The specified driver is invalid.

 

CodeIntegrity:

===============

Date: 2021-04-23 17:31:04

Description: 

Code Integrity determined that a process (DeviceHarddiskVolume3Program Files (x86)Common FilesAdobeAdobeGCClientAGSService.exe) attempted to load DeviceHarddiskVolume3Program FilesAvast SoftwareAvastx86aswAMSI.dll that did not meet the Microsoft signing level requirements.

 

Date: 2021-04-23 17:13:05

Description: 

Code Integrity determined that a process (DeviceHarddiskVolume3WindowsSystem32svchost.exe) attempted to load DeviceHarddiskVolume3Program FilesAvast SoftwareAvastaswAMSI.dll that did not meet the Windows signing level requirements.

 

 

==================== Memory info =========================== 

 

BIOS: American Megatrends Inc. FA706IU.315 01/29/2021

Motherboard: ASUSTeK COMPUTER INC. FA706IU

Processor: AMD Ryzen 7 4800H with Radeon Graphics 

Percentage of memory in use: 52%

Total physical RAM: 15789.58 MB

Available physical RAM: 7471.69 MB

Total Virtual: 18989.58 MB

Available Virtual: 8880.11 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:933.27 GB) (Free:674.83 GB) NTFS

Drive e: (HUION) (Removable) (Total:14.83 GB) (Free:14.83 GB) FAT32

 

?Volume{ae4efab0-8112-47ce-95c7-61c12ea86013} (RECOVERY) (Fixed) (Total:0.83 GB) (Free:0.09 GB) NTFS

?Volume{c97cb8f3-0c3c-4bc5-b148-67ed796d9448} (RESTORE) (Fixed) (Total:19.5 GB) (Free:5.78 GB) NTFS

?Volume{f22c77c2-6cc0-462b-b9d1-e970e7e90ae6} (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

 

==================== MBR & Partition Table ====================

 

==========================================================

Disk: 0 (MBR Code: Windows 7/8/10) (Size: 953.9 GB) (Disk ID: 30C2814D)

 

Partition: GPT.

 

==========================================================

Disk: 1 (Protective MBR) (Size: 14.8 GB) (Disk ID: 00000000)

 

Partition: GPT.

 

==================== End of Addition.txt =======================

 

Next Post

The 2021 MINI Is A Tech Gadget On Wheels

2021 MINI collection MINI A collection of brightly colored MINIs line-up neatly outside Plant Oxford, the marque’s original manufacturing site in the UK. From a distance they could be mistaken for toy cars. Up close though, these are nicely finished, immaculately painted vehicles with refined features and resting on a […]