Solved Virus in users folder hiding files

M

marinakomp

Posts: 30   +0
Hello,



so I have a C and a D partition, and recently I noticed that my C partition is starting to get full, and I couldn't locate what is taking so much space. Then I noticed that my USERS folder has 90 GB and that there is a problem, and I made a mistake; since I couldn't see what is taking so much space, I marked "Show hidden files and folders" in folder options, and it seems that that has activated the virus (or malware or whatever) cause it started to do something like copying, and afterwards, I lost half of the files on my desktop. I restarted the computer, thinking (stupid) maybe it will solve that problem, and - still ignorant - did the same thing again, making other half of my files to disappear from my desktop, along with the Users folder, and emptying other folders on my C disk (downloads, pictures, music etc.). Fortunately, my pictures&music etc. are held on my D disk, so I don't have a large amount of data to recover, but still I would love to try to solve this problem without formating disk, and to try to save some documents I had on my desktop. And yes, I'm aware that the infection could have spread to my D disk and/or my USB disk & external hardrive (what to do about that? Is running an antivirus scan enough?)



I read that this kind of infection is probably a malware, but I haven't found anyone else having the same exact problem (and I googled alot). I have no idea how I scored this virus, since I really am careful while downloading ANYTHING from internet, I don't visit suspicious websites etc.



I have windows 10.



Please if anyone have had the similar experience, or suggestions to solve this problem without formating disk, I would be very grateful.
 
Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================

Is the D drive a partition or a separate drive? If separate I'd suggest disconnecting it for now.
 
Hi!
Thank you for the quick reply! I will be able to work on it in a week, since I'm not at home where is my computer right now. If not a problem, I will let you know when I start!

Best regards
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2021
Ran by Marina (27-04-2021 20:49:20)
Running from C:\Users\Marina\Desktop
Windows 10 Pro Version 20H2 19042.867 (X64) (2021-03-30 17:42:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1222784746-3010063665-1554652310-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1222784746-3010063665-1554652310-503 - Limited - Disabled)
Guest (S-1-5-21-1222784746-3010063665-1554652310-501 - Limited - Disabled)
Marina (S-1-5-21-1222784746-3010063665-1554652310-1001 - Administrator - Enabled) => C:\Users\Marina
WDAGUtilityAccount (S-1-5-21-1222784746-3010063665-1554652310-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1222784746-3010063665-1554652310-1001\...\uTorrent) (Version: 3.5.5.45852 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Croatian (HKLM-x32\...\{AC76BA86-7AD7-1050-7B44-AC0F074E4100}) (Version: 21.001.20145 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.0.327 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.1 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0) (Version: 18.0.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 17.7 - Advanced Micro Devices, Inc.)
Balanced (HKLM-x32\...\{EFD0705E-598B-46D4-8D5B-4539431764B8}) (Version: 2.02.0000 - Advanced Micro Devices, Inc.) Hidden
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.76.1090 - AB Team, d.o.o.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Divinity Original Sin 2 Definitive Edition (HKLM-x32\...\Divinity Original Sin 2 Definitive Edition_is1) (Version: - )
Driver Easy 5.6.7 (HKLM\...\DriverEasy_is1) (Version: 5.6.7 - Easeware)
Final Draft (HKLM-x32\...\{E8FDC52C-83F4-4A0F-AA65-D0E8C0F3302F}) (Version: 9.0.0.163 - Final Draft, Inc.)
Free Video Flip and Rotate (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version: 1.1.35.831 - Digital Wave Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.72 - Google LLC)
Jurassic World Evolution (HKLM-x32\...\Jurassic World Evolution_is1) (Version: - )
K-Lite Codec Pack 15.4.4 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 15.4.4 - KLCP)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.76 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1222784746-3010063665-1554652310-1001\...\OneDriveSetup.exe) (Version: 21.052.0314.0001 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 (HKLM-x32\...\{65e650ff-30be-469d-b63a-418d71ea1765}) (Version: 14.25.28508.3 - Microsoft Corporation)
Movavi Video Converter 14 (HKLM-x32\...\Movavi Video Converter 14) (Version: 14.3.0 - Movavi)
Movie Maker (HKLM-x32\...\{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
NVIDIA Graphics Driver 456.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 456.71 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.35 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{7F5DCD33-1039-C3B2-9538-B645B65BBA63}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.26.328.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8339 - Realtek Semiconductor Corp.)
The Sims 3 Complete Collection version 1.67.2 (HKLM-x32\...\The Sims 3 Complete Collection_is1) (Version: 1.67.2 - Mr DJ)
The Sims 4 (HKLM-x32\...\The Sims 4_is1) (Version: - )
The Sims 4 Snowy Escape (HKLM-x32\...\The Sims 4 Snowy Escape_is1) (Version: - )
Unravel Two (HKLM-x32\...\Unravel Two_is1) (Version: - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{91684B6D-153D-4C12-B6B1-59F7496BE44A}) (Version: 2.50.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
VdhCoApp 1.6.0 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22589 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )
Worms W.M.D. (HKLM-x32\...\1448620034_is1) (Version: 2.0.0.2 - GOG.com)
Worms W.M.D. All Stars Pack (HKLM-x32\...\2041366294_is1) (Version: 2.0.0.2 - GOG.com)

Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-01-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-01-25] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-03-30] (Microsoft Studios) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2021-01-25] (Microsoft Corporation) [MS Ad]
Warm Winter Nights -> C:\Program Files\WindowsApps\Microsoft.WarmWinterNights_1.0.0.0_neutral__8wekyb3d8bbwe [2021-01-25] (Microsoft Corporation)
Winter Wallpapers -> C:\Program Files\WindowsApps\6630lbc21apps.WinterWallpapers_1.1.1.0_x64__a24r53g98298g [2021-01-25] (lbc21apps) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1222784746-3010063665-1554652310-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6723984 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4222864 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2010-10-29] (WinZip Computing -> WinZip Computing, S.L.)
ContextMenuHandlers2-x32: [AlcoholShellEx] -> {32020A01-506E-484D-A2A8-BE3CF17601C3} => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlex.dll [2014-09-06] (Alcohol Soft -> Alcohol Soft Development Team)
ContextMenuHandlers2: [AlcoholShellEx64] -> {AF67B665-D752-424E-9A03-C7C218F2844F} => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlEx64.dll [2014-09-06] (Alcohol Soft -> Alcohol Soft Development Team)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2010-10-29] (WinZip Computing -> WinZip Computing, S.L.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2020-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2010-10-29] (WinZip Computing -> WinZip Computing, S.L.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2016-10-12 02:08 - 2016-10-12 02:08 - 000124928 _____ () [File not signed] \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-10-12 02:08 - 2016-10-12 02:08 - 000118272 _____ () [File not signed] \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-10-12 02:08 - 2016-10-12 02:08 - 000166400 _____ () [File not signed] \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2016-10-12 02:08 - 2016-10-12 02:08 - 000223232 _____ () [File not signed] \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-10-12 02:08 - 2016-10-12 02:08 - 000117248 _____ () [File not signed] \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2018-10-26 14:45 - 2021-04-27 20:41 - 000031528 _____ (ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AXSP\4.00.01\PEbiosinterface32.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 13:04 - 2015-07-10 13:02 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1222784746-3010063665-1554652310-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Marina\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{63A26A3A-6106-4A58-8108-6D42ADBB5466}] => (Block) D:\games\the sims 4 snowy escape\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{3F383B24-407C-44DA-B446-34BEC8D01BB6}] => (Block) D:\games\the sims 4 snowy escape\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [UDP Query User{FCCC718A-B1DD-4ED9-A324-2424375C49AD}D:\games\the sims 4 snowy escape\game\bin\ts4_x64.exe] => (Allow) D:\games\the sims 4 snowy escape\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [TCP Query User{A5FFE2BD-69CF-406F-B506-947C29FA0FC9}D:\games\the sims 4 snowy escape\game\bin\ts4_x64.exe] => (Allow) D:\games\the sims 4 snowy escape\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{EB63231C-A3DA-4BB6-9EBD-D4B43D8EEEDF}] => (Allow) C:\Users\Marina\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{8264EB71-FB31-4C8D-BC90-C5D0CE32FD8D}] => (Allow) C:\Users\Marina\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{8081244A-88A2-4BAF-9C66-A31FAAB3AFBF}] => (Allow) C:\Program Files (x86)\EaseUS\EaseUS RecExperts\EaseUS RecExperts.exe => No File
FirewallRules: [{DD54FBE1-520C-4F8B-A023-6C63FFD028B9}] => (Allow) C:\Program Files (x86)\EaseUS\EaseUS RecExperts\EaseUS RecExperts.exe => No File
FirewallRules: [{EAC94F44-0511-4FB4-966C-F9CB4B6A8996}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C902DF05-E6AF-4B31-BFCC-59D2A9C679B8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{77472304-1DE7-4C3F-9B4B-2B53EC6C3228}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{566142EE-7837-4D1A-BCD8-3EFDEBACA1C1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{36B57B58-A444-4A91-8C97-385CF6009E9A}] => (Allow) LPort=1900
FirewallRules: [{B0AAFCEB-96D4-42AD-94E5-679214811D18}] => (Allow) LPort=2869
FirewallRules: [{F0AA088D-1FA4-4AD9-89E6-F2A892829DF3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{96A5C0EB-A0C0-4950-9711-0CE3D81EE036}C:\program files (x86)\activision\call of duty - black ops\blackops.exe] => (Allow) C:\program files (x86)\activision\call of duty - black ops\blackops.exe => No File
FirewallRules: [TCP Query User{EFCDAD45-21E1-4EE5-892C-752B8CA00E6F}C:\program files (x86)\activision\call of duty - black ops\blackops.exe] => (Allow) C:\program files (x86)\activision\call of duty - black ops\blackops.exe => No File
FirewallRules: [{385D2F82-E1B5-44F3-ACEC-D7F29090043C}] => (Allow) C:\Program Files\Easeware\DriverEasy\DriverEasy.exe (Easeware Technology Limited -> Easeware)
FirewallRules: [{67EA19C4-18BA-4914-816C-955E9F864520}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [{FF6BD20A-AE40-4D57-8909-F0D7B3FE9271}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [TCP Query User{4480BF2E-53EA-42B0-A3B6-6269B11308FB}D:\games\the sims 4\game\bin\ts4.exe] => (Block) D:\games\the sims 4\game\bin\ts4.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [UDP Query User{DCD4BB5E-EB29-44ED-8AA2-1C641272A3F0}D:\games\the sims 4\game\bin\ts4.exe] => (Block) D:\games\the sims 4\game\bin\ts4.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [TCP Query User{49631B64-91C3-4BBD-A2B3-E4693E0D5F5F}D:\games\the sims 4\game\bin\ts4_x64.exe] => (Allow) D:\games\the sims 4\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [UDP Query User{C4454823-5755-4095-A1DC-F09DA7B5DE93}D:\games\the sims 4\game\bin\ts4_x64.exe] => (Allow) D:\games\the sims 4\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [TCP Query User{AF60C47C-548F-4221-85A3-9AD69D726AD0}C:\program files (x86)\call of duty black ops 2\t6sp.exe] => (Allow) C:\program files (x86)\call of duty black ops 2\t6sp.exe => No File
FirewallRules: [UDP Query User{8B85439F-2A17-459E-AA57-DD66888D6EBC}C:\program files (x86)\call of duty black ops 2\t6sp.exe] => (Allow) C:\program files (x86)\call of duty black ops 2\t6sp.exe => No File
FirewallRules: [{2863EBD4-65AA-4127-967E-FD61A1B25701}] => (Block) C:\program files (x86)\call of duty black ops 2\t6sp.exe => No File
FirewallRules: [{0712093B-F222-491B-BA93-A88837CAE4ED}] => (Block) C:\program files (x86)\call of duty black ops 2\t6sp.exe => No File
FirewallRules: [TCP Query User{8C85A8F7-E378-45D7-923B-25AAD0F8F4DD}C:\program files (x86)\call of duty black ops 2\t6zm.exe] => (Block) C:\program files (x86)\call of duty black ops 2\t6zm.exe => No File
FirewallRules: [UDP Query User{6899C2FB-217F-4A11-B446-CF0C037A8E2F}C:\program files (x86)\call of duty black ops 2\t6zm.exe] => (Block) C:\program files (x86)\call of duty black ops 2\t6zm.exe => No File
FirewallRules: [TCP Query User{5C94EAA3-E694-41F3-B689-23392F89A0D6}D:\games\call of duty black ops iii\blackops3.exe] => (Block) D:\games\call of duty black ops iii\blackops3.exe => No File
FirewallRules: [UDP Query User{4C91E6E8-13D7-4766-B6E8-E62EA38A2B51}D:\games\call of duty black ops iii\blackops3.exe] => (Block) D:\games\call of duty black ops iii\blackops3.exe => No File
FirewallRules: [TCP Query User{FFE530F1-3020-48A4-AB1D-D07982467E25}C:\divinity original sin 2 definitive edition\defed\bin\eocapp.exe] => (Allow) C:\divinity original sin 2 definitive edition\defed\bin\eocapp.exe (Larian Studios -> )
FirewallRules: [UDP Query User{4717EAEE-04D5-46D7-92FA-D870697C2595}C:\divinity original sin 2 definitive edition\defed\bin\eocapp.exe] => (Allow) C:\divinity original sin 2 definitive edition\defed\bin\eocapp.exe (Larian Studios -> )
FirewallRules: [{D0A39F11-0401-459B-A837-87C574EA2F4A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [{2ACCB070-3014-4B1C-9978-E4AD4AD3CCE4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [TCP Query User{CD1D9DE4-F708-4471-AECD-B327F332B35A}D:\games\unravel two\unraveltwo.exe] => (Allow) D:\games\unravel two\unraveltwo.exe (Coldwood Interactive AB -> Coldwood Interactive AB) [File not signed]
FirewallRules: [UDP Query User{7314DCCB-D3A4-4D2E-BCCD-8EF67F821208}D:\games\unravel two\unraveltwo.exe] => (Allow) D:\games\unravel two\unraveltwo.exe (Coldwood Interactive AB -> Coldwood Interactive AB) [File not signed]
FirewallRules: [{7221B37A-FC1B-492C-BE0A-365F45B92154}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

12-04-2021 09:57:51 Scheduled Checkpoint
14-04-2021 11:10:55 Windows Modules Installer

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (04/27/2021 08:48:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.844, time stamp: 0x69441820
Faulting module name: KERNELBASE.dll, version: 10.0.19041.804, time stamp: 0x0e9c5eae
Exception code: 0xc000027b
Fault offset: 0x000000000010bd5c
Faulting process id: 0x27d0
Faulting application start time: 0x01d73b959c81e92c
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: c0073b41-6291-4c65-ad50-57d1b7e12f2e
Faulting package full name: Microsoft.Windows.Search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (04/27/2021 08:46:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.844, time stamp: 0x69441820
Faulting module name: KERNELBASE.dll, version: 10.0.19041.804, time stamp: 0x0e9c5eae
Exception code: 0xc000027b
Fault offset: 0x000000000010bd5c
Faulting process id: 0xeb0
Faulting application start time: 0x01d73b9555b722db
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: bd036aa8-4519-4e8f-b240-935f327b1765
Faulting package full name: Microsoft.Windows.Search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (04/27/2021 08:44:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.844, time stamp: 0x69441820
Faulting module name: KERNELBASE.dll, version: 10.0.19041.804, time stamp: 0x0e9c5eae
Exception code: 0xc000027b
Fault offset: 0x000000000010bd5c
Faulting process id: 0x18b0
Faulting application start time: 0x01d73b9505625f8f
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 1d11b7df-539c-4dc5-a4e3-e2f7307b2078
Faulting package full name: Microsoft.Windows.Search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (04/27/2021 08:42:37 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent

Error: (04/27/2021 08:42:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OneDrive.exe, version: 21.52.314.1, time stamp: 0x7441671c
Faulting module name: Qt5Core.dll, version: 5.14.1.0, time stamp: 0x5ebb1ed3
Exception code: 0xc0000409
Fault offset: 0x0001ebb1
Faulting process id: 0xda0
Faulting application start time: 0x01d73b9506580398
Faulting application path: C:\Users\Marina\AppData\Local\Microsoft\OneDrive\OneDrive.exe
Faulting module path: C:\Users\Marina\AppData\Local\Microsoft\OneDrive\21.052.0314.0001\Qt5Core.dll
Report Id: 9799b1d3-fa2c-48fb-8554-a5b6096bc119
Faulting package full name:
Faulting package-relative application ID:

Error: (04/27/2021 08:41:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FreemakeUtilsService.exe, version: 1.0.0.0, time stamp: 0x60239929
Faulting module name: KERNELBASE.dll, version: 10.0.19041.804, time stamp: 0xb610d74d
Exception code: 0xe0434352
Fault offset: 0x0012a8b2
Faulting process id: 0xdd4
Faulting application start time: 0x01d73b94ef6378d3
Faulting application path: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: ba355d31-5408-41ba-9d2e-816b03c71194
Faulting package full name:
Faulting package-relative application ID:

Error: (04/27/2021 08:41:46 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: FreemakeUtilsService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
at FreemakeUtilsService.Program.Main(System.String[])

Error: (04/16/2021 10:33:28 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.19041.844 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2350

Start Time: 01d732994acea8d7

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: 25aac0bf-7d67-4d51-a8e7-e60197db787e

Faulting package full name:

Faulting package-relative application ID:

Hang type: Cross-process


System errors:
=============
Error: (04/27/2021 08:41:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Freemake Improver service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/27/2021 08:41:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the Freemake Improver service to connect.

Error: (04/16/2021 12:56:27 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-RL8Q6RI)
Description: The server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} did not register with DCOM within the required timeout.

Error: (04/16/2021 10:18:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Freemake Improver service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/16/2021 10:18:21 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the Freemake Improver service to connect.

Error: (04/16/2021 10:17:51 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-RL8Q6RI)
Description: The server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} did not register with DCOM within the required timeout.

Error: (04/16/2021 10:04:42 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-RL8Q6RI)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (04/16/2021 10:02:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Freemake Improver service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Windows Defender:
================
Date: 2021-04-16 12:52:18
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-16 12:46:17
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-16 12:37:46
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-16 11:30:10
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-14 11:10:55
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

==================== Memory info ===========================

BIOS: American Megatrends Inc. 0403 07/12/2018
Motherboard: ASUSTeK COMPUTER INC. TUF B450M-PLUS GAMING
Processor: AMD Ryzen 5 1600 Six-Core Processor
Percentage of memory in use: 22%
Total physical RAM: 16313.21 MB
Available physical RAM: 12593.15 MB
Total Virtual: 18745.21 MB
Available Virtual: 13499.93 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.21 GB) (Free:3.04 GB) NTFS
Drive d: () (Fixed) (Total:931.39 GB) (Free:241.51 GB) NTFS

\\?\Volume{2ab54681-1596-498b-b25d-e4414be7061e}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{622d3f92-614b-4219-8a86-470a5d3ee61a}\ () (Fixed) (Total:0.8 GB) (Free:0.38 GB) NTFS
\\?\Volume{e2f432ca-fbd2-4d9d-961e-d3e791c7f36a}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 223.6 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-04-2021
Ran by Marina (administrator) on DESKTOP-RL8Q6RI (27-04-2021 20:47:15)
Running from C:\Users\Marina\Desktop
Loaded Profiles: Marina
Platform: Windows 10 Pro Version 20H2 19042.867 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> ) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2>
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Alcohol Soft -> Alcohol Soft Development Team) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAHCIServiceEx.exe
(ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.00.01\atkexComSvc.exe
(Digital Wave Ltd -> Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Flexera Software LLC -> Flexera) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12101.1001.14.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.20122.11121.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(StarWind Software) [File not signed] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9246656 2018-01-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1222784746-3010063665-1554652310-1001\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft -> Alcohol Soft Development Team)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.72\Installer\chrmstp.exe [2021-04-15] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07F6DAAA-3F90-46DB-BFF3-6626AEB0FD03} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [3479920 2018-10-22] (Easeware Technology Limited -> Easeware)
Task: {10B5056F-7FAC-4D07-B040-16BDB06A9CF4} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-RL8Q6RI-Marina => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {247E7B4B-079B-44F9-AF16-2786A521B7EA} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.12.0.104\SymErr.exe
Task: {34662D77-5927-401D-A8FD-77C6D3DDC686} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3BD894C4-B6B8-4060-9765-D947F996E15D} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.12.0.104\SymErr.exe
Task: {5F6D420F-E5FD-49AE-AD92-E6D1F1D615AA} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1706496 2020-04-05] () [File not signed]
Task: {60F5E12F-C9CA-4C81-A6BC-39E069710DD2} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.12.0.104\SymErr.exe
Task: {690551D8-CFC2-4159-B500-0E07C1854DE5} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {6EB94B87-F987-4ED1-ABC0-B46FF60E2791} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-26] (Google Inc -> Google Inc.)
Task: {73BE1668-CEC3-4FC9-A21E-76CB0BA5DC52} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {A0F57660-F63E-4621-8185-F50C43AAC277} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A3A5D21F-F5B1-4FDC-AA84-75CD6745010E} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {A5881E1A-B162-4250-A004-0DC2FC91BE58} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AF9154E3-5256-4454-8EF9-C8DE21970ECA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C7411B43-9B69-4589-A549-0AA0A3E4D875} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\WINDOWS\system32\EOSNotify.exe
Task: {CBA96445-0005-466E-91FA-B85FE246640A} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.12.0.104\WSCStub.exe
Task: {ED58E341-7DA8-4294-BCFD-71088B0EF75E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-26] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{92f9ea99-be89-42fc-b2d5-e1d96b30efc6}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Marina\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-27]

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-12] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-03-06] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-12] (Adobe Systems Incorporated -> Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\Marina\AppData\Local\Google\Chrome\User Data\Default [2021-04-16]
CHR Notifications: Default -> hxxps://270577562699580.webpush.freshchat.com; hxxps://filmora.wondershare.com; hxxps://happypawsjewelry.com; hxxps://thepiratebay.org; hxxps://wwcasting.cdn.pagesense.io; hxxps://www.facebook.com; hxxps://www.pcmag.com; hxxps://www.reddit.com; hxxps://www.shawacademy.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Extension: (Slides) - C:\Users\Marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-12-29]
CHR Extension: (Safe Torrent Scanner) - C:\Users\Marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2021-03-06]
CHR Extension: (Docs) - C:\Users\Marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-12-29]
CHR Extension: (Google Drive) - C:\Users\Marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-29]
CHR Extension: (YouTube) - C:\Users\Marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-12-29]
CHR Extension: (Sheets) - C:\Users\Marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-12-29]
CHR Extension: (Google Docs Offline) - C:\Users\Marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-17]
CHR Extension: (Video DownloadHelper) - C:\Users\Marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2021-03-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\Marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-29]
CHR Extension: (Chrome Media Router) - C:\Users\Marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-16]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.00.01\atkexComSvc.exe [382424 2018-02-06] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-24] (ASUSTeK Computer Inc. -> ) [File not signed]
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft -> Alcohol Soft Development Team)
R2 AxVirtualAHCISrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAHCIServiceEx.exe [105888 2019-06-12] (Alcohol Soft -> Alcohol Soft Development Team)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2017-03-22] (Digital Wave Ltd -> Digital Wave Ltd.)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [82216 2021-02-10] (Mixbyte Inc -> Freemake)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5352528 2021-03-31] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe [2624104 2021-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe [128376 2021-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2017-06-01] (ASUSTeK Computer Inc. -> )
R0 sptd2; C:\WINDOWS\System32\Drivers\sptd2.sys [203296 2020-03-24] (Disc Soft Ltd -> Duplex Secure Ltd)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102552 2018-10-26] (Symantec Corporation -> Symantec Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [421088 2021-04-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72928 2021-04-12] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-27 20:47 - 2021-04-27 20:47 - 000017652 _____ C:\Users\Marina\Desktop\FRST.txt
2021-04-27 20:43 - 2021-04-27 20:47 - 000000000 ____D C:\FRST
2021-04-27 20:43 - 2021-04-22 11:41 - 002298368 _____ (Farbar) C:\Users\Marina\Desktop\FRST64.exe
2021-04-15 19:00 - 2021-04-15 19:05 - 000005467 ____H C:\Users\Marina\Desktop\senka2.wlmp
2021-04-15 18:31 - 2021-04-15 18:37 - 000005636 ____H C:\Users\Marina\Desktop\senka videos.wlmp
2021-04-15 17:39 - 2021-04-15 18:25 - 000000000 ___HD C:\Users\Marina\Desktop\Video_Marko_mob
2021-04-14 17:38 - 2021-04-14 17:38 - 000000000 ____D C:\ProgramData\DigitalWave.ApplicationUpdater_files
2021-04-14 17:37 - 2021-04-14 17:38 - 000000000 ___HD C:\Users\Marina\AppData\Roaming\DVDVideoSoft
2021-04-14 17:37 - 2021-04-14 17:37 - 000001439 ____H C:\Users\Public\Desktop\Free Video Flip and Rotate.lnk
2021-04-14 17:37 - 2021-04-14 17:37 - 000001439 ____H C:\ProgramData\Desktop\Free Video Flip and Rotate.lnk
2021-04-14 17:37 - 2021-04-14 17:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2021-04-14 17:37 - 2021-04-14 17:37 - 000000000 ____D C:\Program Files (x86)\DVDVideoSoft
2021-04-14 17:36 - 2021-04-14 17:37 - 033700240 ____H (Digital Wave Ltd ) C:\Users\Marina\Downloads\FreeVideoFlipAndRotate_1.1.35.831_d.exe
2021-04-14 17:33 - 2021-04-14 17:35 - 081205957 ____H C:\Users\Marina\Downloads\MyVideo_1_multi 2.mov
2021-04-14 15:37 - 2021-04-14 15:37 - 000179908 ____H C:\Users\Marina\Downloads\=_utf-8_B_UE9UVlJEQSBPIElaVlLFoEVOSlUgVFJBTlNBS0NJSkUucGRm_=
2021-04-13 20:25 - 2021-04-13 20:36 - 000000000 ___HD C:\Users\Marina\Desktop\VIDEO CAST
2021-04-12 18:03 - 2021-04-16 10:13 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-04-12 18:03 - 2021-04-16 10:13 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-04-12 18:03 - 2021-04-12 18:03 - 000002124 ____H C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2021-04-12 18:03 - 2021-04-12 18:03 - 000002124 ____H C:\ProgramData\Desktop\Acrobat Reader DC.lnk
2021-04-12 17:57 - 2021-04-12 17:57 - 001349887 ____H C:\Users\Marina\Downloads\IMG_0003 (1).pdf
2021-04-08 20:30 - 2021-04-08 20:30 - 000169488 ____H C:\Users\Marina\Desktop\zadnja verzija reel engNOVO.wlmp
2021-04-08 16:29 - 2021-04-08 16:29 - 000064842 ____H C:\Users\Marina\Desktop\potvrda.pdf
2021-04-06 13:32 - 2021-04-06 13:32 - 001349887 ____H C:\Users\Marina\Downloads\IMG_0003.pdf
2021-04-06 12:11 - 2021-04-06 12:11 - 000039324 ____H C:\Users\Marina\Downloads\ESB_izvadak (2).htm
2021-04-06 12:11 - 2021-04-06 12:11 - 000007217 ____H C:\Users\Marina\Downloads\ESB_izvadak (1).htm
2021-03-31 05:31 - 2021-03-31 05:33 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-03-31 05:31 - 2021-03-31 05:31 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-03-31 05:30 - 2021-03-31 05:30 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-03-31 05:29 - 2021-03-31 05:29 - 000000000 ____D C:\ProgramData\ssh
2021-03-31 05:26 - 2021-03-31 05:26 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-03-31 05:26 - 2021-03-31 05:26 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-03-31 05:26 - 2021-03-31 05:26 - 000480256 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-03-31 05:26 - 2021-03-31 05:26 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-03-31 05:26 - 2021-03-31 05:26 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2021-03-31 05:26 - 2021-03-31 05:26 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-03-31 05:26 - 2021-03-31 05:26 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-03-31 05:26 - 2021-03-31 05:26 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-03-31 05:26 - 2021-03-31 05:26 - 000111616 _____ C:\WINDOWS\system32\RDVGHelper.exe
2021-03-31 05:26 - 2021-03-31 05:26 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-03-31 05:26 - 2021-03-31 05:26 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-03-31 05:26 - 2021-03-31 05:26 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-03-31 05:25 - 2021-03-31 05:25 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2021-03-31 05:25 - 2021-03-31 05:25 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2021-03-31 05:25 - 2021-03-31 05:25 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-03-31 05:25 - 2021-03-31 05:25 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-03-31 05:25 - 2021-03-31 05:25 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2021-03-31 05:25 - 2021-03-31 05:25 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-03-31 05:25 - 2021-03-31 05:25 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-03-31 05:25 - 2021-03-31 05:25 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-03-31 05:25 - 2021-03-31 05:25 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2021-03-31 05:25 - 2021-03-31 05:25 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2021-03-31 05:25 - 2021-03-31 05:25 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2021-03-31 05:25 - 2021-03-31 05:25 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2021-03-31 05:25 - 2021-03-31 05:25 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2021-03-31 05:25 - 2021-03-31 05:25 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-03-31 05:25 - 2021-03-31 05:25 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-03-31 05:25 - 2021-03-31 05:25 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-03-31 05:25 - 2021-03-31 05:25 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-03-31 05:25 - 2021-03-31 05:25 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-03-31 05:25 - 2021-03-31 05:25 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-03-31 05:25 - 2021-03-31 05:25 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-03-31 05:25 - 2021-03-31 05:25 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-03-31 05:25 - 2021-03-31 05:25 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-03-31 05:25 - 2021-03-31 05:25 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-03-31 05:25 - 2021-03-31 05:25 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-03-31 05:25 - 2021-03-31 05:25 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2021-03-31 05:25 - 2021-03-31 05:25 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2021-03-31 05:25 - 2021-03-31 05:25 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-03-31 05:25 - 2021-03-31 05:25 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2021-03-31 05:25 - 2021-03-31 05:25 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-03-31 05:25 - 2021-03-31 05:25 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-03-31 05:25 - 2021-03-31 05:25 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-03-31 05:25 - 2021-03-31 05:25 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\activeds.tlb
2021-03-31 05:25 - 2021-03-31 05:25 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2021-03-31 05:25 - 2021-03-31 05:25 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-03-31 05:25 - 2021-03-31 05:25 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-03-31 05:25 - 2021-03-31 05:25 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-03-31 05:25 - 2021-03-31 05:25 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-03-31 05:25 - 2021-03-31 05:25 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2021-03-31 05:25 - 2021-03-31 05:25 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2021-03-31 05:25 - 2021-03-31 05:25 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-03-31 05:25 - 2021-03-31 05:25 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll
2021-03-31 05:25 - 2021-03-31 05:25 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll
2021-03-31 05:25 - 2021-03-31 05:25 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2021-03-31 05:25 - 2021-03-31 05:25 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.drv
2021-03-31 05:25 - 2021-03-31 05:25 - 000011359 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-03-31 05:25 - 2021-03-31 05:25 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2021-03-31 05:24 - 2021-03-31 05:24 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-03-31 05:24 - 2021-03-31 05:24 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-03-31 05:24 - 2021-03-31 05:24 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-03-31 05:24 - 2021-03-31 05:24 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-03-31 05:24 - 2021-03-31 05:24 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-03-31 05:24 - 2021-03-31 05:24 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll
2021-03-31 05:24 - 2021-03-31 05:24 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-03-31 05:24 - 2021-03-31 05:24 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-03-31 05:24 - 2021-03-31 05:24 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-03-31 05:24 - 2021-03-31 05:24 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2021-03-31 05:24 - 2021-03-31 05:24 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-03-31 05:24 - 2021-03-31 05:24 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-03-31 05:24 - 2021-03-31 05:24 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-03-31 05:24 - 2021-03-31 05:24 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-03-31 05:24 - 2021-03-31 05:24 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\activeds.tlb
2021-03-31 05:24 - 2021-03-31 05:24 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2021-03-31 05:24 - 2021-03-31 05:24 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-03-31 05:24 - 2021-03-31 05:24 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-03-31 05:24 - 2021-03-31 05:24 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2021-03-31 05:24 - 2021-03-31 05:24 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2021-03-31 05:24 - 2021-03-31 05:24 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll
2021-03-31 05:24 - 2021-03-31 05:24 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2021-03-31 05:23 - 2021-03-31 05:23 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2021-03-31 05:23 - 2021-03-31 05:23 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-03-31 05:23 - 2021-03-31 05:23 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-03-31 05:23 - 2021-03-31 05:23 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-03-31 05:23 - 2021-03-31 05:23 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-03-31 05:23 - 2021-03-31 05:23 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-03-31 05:23 - 2021-03-31 05:23 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll
2021-03-31 05:23 - 2021-03-31 05:23 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-03-31 05:23 - 2021-03-31 05:23 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2021-03-31 05:23 - 2021-03-31 05:23 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-03-31 05:23 - 2021-03-31 05:23 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-03-31 05:23 - 2021-03-31 05:23 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll
2021-03-31 05:23 - 2021-03-31 05:23 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.drv
2021-03-31 05:23 - 2021-03-31 05:23 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-03-31 05:19 - 2021-03-31 05:19 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2021-03-31 05:19 - 2021-03-31 05:19 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2021-03-30 19:44 - 2021-04-27 20:45 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-03-30 19:44 - 2021-03-30 19:44 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-03-30 19:42 - 2021-04-27 20:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-03-30 19:42 - 2021-04-16 10:08 - 000004170 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{3940DE8D-0408-457A-ADAB-E62A082DEAB4}
2021-03-30 19:42 - 2021-04-06 09:13 - 000003382 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1222784746-3010063665-1554652310-1001
2021-03-30 19:42 - 2021-03-30 19:42 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2021-03-30 19:42 - 2021-03-30 19:42 - 000007623 _____ C:\WINDOWS\diagerr.xml
2021-03-30 19:42 - 2021-03-30 19:42 - 000003568 _____ C:\WINDOWS\system32\Tasks\Driver Easy Scheduled Scan
2021-03-30 19:42 - 2021-03-30 19:42 - 000003416 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-03-30 19:42 - 2021-03-30 19:42 - 000003396 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-03-30 19:42 - 2021-03-30 19:42 - 000003192 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-03-30 19:42 - 2021-03-30 19:42 - 000003182 _____ C:\WINDOWS\system32\Tasks\klcp_update
2021-03-30 19:42 - 2021-03-30 19:42 - 000003172 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-03-30 19:42 - 2021-03-30 19:42 - 000002776 _____ C:\WINDOWS\system32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-RL8Q6RI-Marina
2021-03-30 19:42 - 2021-03-30 19:42 - 000002614 _____ C:\WINDOWS\system32\Tasks\Norton WSC Integration
2021-03-30 19:42 - 2021-03-30 19:42 - 000002612 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2021-03-30 19:42 - 2021-03-30 19:42 - 000000020 ___SH C:\Users\Marina\ntuser.ini
2021-03-30 19:42 - 2021-03-30 19:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\OfficeSoftwareProtectionPlatform
2021-03-30 19:42 - 2021-03-30 19:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton Security
2021-03-30 19:42 - 2021-03-30 19:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Swift Sound
2021-03-30 19:36 - 2021-04-06 09:13 - 000002370 ____H C:\Users\Marina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-30 19:36 - 2021-03-30 19:42 - 000000000 ___HD C:\Users\Marina
2021-03-30 19:34 - 2021-04-16 10:01 - 000008192 ___SH C:\DumpStack.log.tmp
2021-03-30 19:34 - 2021-04-15 19:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-03-30 19:34 - 2021-03-31 09:07 - 005155624 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-03-30 18:49 - 2021-03-30 18:49 - 000000000 ___HD C:\Users\Marina\AppData\Local\Tempzxpsign70e09e8a3381b894
2021-03-30 18:47 - 2021-03-30 18:47 - 000000000 ___HD C:\Users\Marina\AppData\Local\Tempzxpsign6ebaaf5eac35b474
2021-03-30 18:47 - 2021-03-30 18:47 - 000000000 ___HD C:\Users\Marina\AppData\Local\Tempzxpsign47c35184b338fbb7
2021-03-30 11:23 - 2021-04-12 09:51 - 000000000 ___DC C:\WINDOWS\Panther
2021-03-30 11:21 - 2021-03-30 11:21 - 000000000 ___HD C:\$WinREAgent

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-27 20:48 - 2018-10-27 11:22 - 000000000 ___HD C:\Users\Marina\AppData\Local\Adobe
2021-04-27 20:45 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-04-27 20:42 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-27 20:41 - 2018-10-26 20:59 - 000000000 ____D C:\ProgramData\NVIDIA
2021-04-16 12:56 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-04-16 12:30 - 2020-12-18 14:31 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-04-16 12:30 - 2020-12-18 14:31 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2021-04-16 12:30 - 2018-10-26 12:11 - 000000000 ___HD C:\Users\Marina\AppData\Local\Packages
2021-04-16 10:02 - 2018-10-26 12:11 - 000000000 __RHD C:\Users\Marina\OneDrive
2021-04-15 09:42 - 2021-01-05 09:46 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-15 09:42 - 2021-01-05 09:46 - 000002276 ____H C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-04-15 09:42 - 2021-01-05 09:46 - 000002276 ____H C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-04-15 09:42 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-04-15 09:42 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-04-15 09:40 - 2018-10-26 14:44 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-15 09:40 - 2018-10-26 14:44 - 000002260 ____H C:\Users\Public\Desktop\Google Chrome.lnk
2021-04-15 09:40 - 2018-10-26 14:44 - 000002260 ____H C:\ProgramData\Desktop\Google Chrome.lnk
2021-04-14 17:32 - 2019-04-28 11:52 - 000000000 ___HD C:\Users\Marina\AppData\Roaming\vlc
2021-04-14 11:21 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\servicing
2021-04-14 11:21 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-04-14 11:01 - 2018-10-26 21:20 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-04-14 10:58 - 2018-10-26 21:20 - 131963968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-04-13 22:37 - 2021-03-06 13:29 - 000000000 ___HD C:\Users\Marina\AppData\Roaming\uTorrent
2021-04-13 21:04 - 2021-03-06 13:29 - 000000000 ___HD C:\Users\Marina\AppData\LocalLow\uTorrent
2021-04-12 18:06 - 2018-11-03 16:40 - 000000000 ___HD C:\Users\Marina\AppData\LocalLow\Adobe
2021-04-12 18:06 - 2018-10-27 11:22 - 000000000 ____D C:\ProgramData\Adobe
2021-04-12 18:06 - 2018-10-26 12:11 - 000000000 ___HD C:\Users\Marina\AppData\Roaming\Adobe
2021-04-12 18:02 - 2018-11-03 16:28 - 000000000 ____D C:\Program Files (x86)\Adobe
2021-04-12 09:43 - 2018-10-26 21:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-04-01 09:29 - 2020-12-17 13:14 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-03-31 09:11 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\appcompat
2021-03-31 05:33 - 2021-03-09 10:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4 Snowy Escape
2021-03-31 05:33 - 2021-03-09 09:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 120%
2021-03-31 05:33 - 2021-02-01 12:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BS.Player
2021-03-31 05:33 - 2020-12-17 13:18 - 000000000 ____D C:\Program Files\UNP
2021-03-31 05:33 - 2020-04-13 11:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2021-03-31 05:33 - 2020-04-13 11:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unravel Two
2021-03-31 05:33 - 2020-03-24 12:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2021-03-31 05:33 - 2020-03-24 12:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2021-03-31 05:33 - 2020-03-24 12:09 - 000000000 ____D C:\WINDOWS\SHELLNEW
2021-03-31 05:33 - 2020-03-18 19:29 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2021-03-31 05:33 - 2020-02-15 22:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Worms W.M.D. [GOG.com]
2021-03-31 05:33 - 2019-12-07 11:18 - 000000000 ____D C:\WINDOWS\Setup
2021-03-31 05:33 - 2019-12-07 11:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-03-31 05:33 - 2019-12-07 11:14 - 000000000 __RHD C:\Users\Public\Libraries
2021-03-31 05:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-03-31 05:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\spool
2021-03-31 05:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-03-31 05:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2021-03-31 05:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-03-31 05:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Registration
2021-03-31 05:33 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-03-31 05:33 - 2019-04-28 11:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2021-03-31 05:33 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-03-31 05:33 - 2018-11-27 11:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Converter 14
2021-03-31 05:33 - 2018-11-27 11:07 - 000000000 ____D C:\WINDOWS\system32\Codecs
2021-03-31 05:33 - 2018-11-27 10:47 - 000000000 ____D C:\WINDOWS\en
2021-03-31 05:33 - 2018-11-04 22:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jurassic World Evolution
2021-03-31 05:33 - 2018-10-30 12:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Divinity Original Sin 2 Definitive Edition
2021-03-31 05:33 - 2018-10-27 11:25 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2021-03-31 05:33 - 2018-10-27 11:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2021-03-31 05:33 - 2018-10-26 22:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 3 Complete Collection
2021-03-31 05:33 - 2018-10-26 15:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy
2021-03-31 05:33 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-03-31 05:33 - 2015-07-10 13:04 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-03-31 05:32 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Resources
2021-03-31 05:32 - 2018-10-26 14:27 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2021-03-31 05:31 - 2018-10-26 14:46 - 000000000 ____D C:\Program Files\Realtek
2021-03-31 05:29 - 2019-12-07 11:54 - 000000000 ___SD C:\WINDOWS\system32\AppV
2021-03-31 05:29 - 2019-12-07 11:54 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-03-31 05:29 - 2019-12-07 11:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-03-31 05:29 - 2019-12-07 11:54 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-03-31 05:29 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-03-31 05:29 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-03-31 05:29 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-03-31 05:29 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-03-31 05:29 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-03-31 05:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-03-31 05:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-03-31 05:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-03-31 05:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-03-31 05:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2021-03-31 05:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-03-31 05:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-03-31 05:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-03-31 05:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-03-31 05:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-03-31 05:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-03-31 05:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-03-31 05:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-03-31 05:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-03-31 05:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2021-03-31 05:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-03-31 05:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-03-31 05:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-03-31 05:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-03-31 05:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-03-31 05:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-03-31 05:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-03-31 05:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-03-31 05:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-03-31 05:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-03-31 05:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-03-31 05:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-03-31 05:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-03-31 05:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\IME
2021-03-31 05:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-03-31 05:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-03-31 05:29 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-03-31 05:29 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-03-31 05:28 - 2019-12-07 11:54 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-03-31 05:28 - 2019-12-07 11:54 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2021-03-31 05:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-03-31 05:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-03-31 05:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-03-31 05:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-03-31 05:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-03-31 05:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-03-31 05:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-03-30 21:03 - 2018-10-27 11:14 - 000000000 ___HD C:\Users\Marina\AppData\Local\PlaceholderTileLogoFolder
2021-03-30 19:59 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-03-30 19:43 - 2018-10-26 21:22 - 000000000 ____D C:\ProgramData\Packages
2021-03-30 19:42 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-03-30 19:42 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-03-30 19:42 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-03-30 19:42 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-03-30 19:42 - 2019-12-07 11:03 - 000065536 _____ C:\WINDOWS\system32\config\ELAM
2021-03-30 19:42 - 2018-11-28 10:35 - 000000410 __RSH C:\ProgramData\ntuser.pol
2021-03-30 19:42 - 2018-10-26 21:05 - 000000000 __RHD C:\Users\Marina\3D Objects
2021-03-30 19:42 - 2018-10-26 12:11 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-03-30 19:35 - 2018-10-26 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2021-03-30 19:35 - 2018-10-26 14:46 - 000000000 ____D C:\WINDOWS\system32\RTCOM
2021-03-30 19:35 - 2018-10-26 14:46 - 000000000 ____D C:\WINDOWS\system32\DAX3
2021-03-30 19:35 - 2018-10-26 14:46 - 000000000 ____D C:\WINDOWS\system32\DAX2
2021-03-30 19:34 - 2018-10-26 14:27 - 000000000 ____D C:\Program Files\NVIDIA Corporation

==================== Files in the root of some directories ========

2019-07-01 12:29 - 2019-07-02 17:37 - 000151454 ____H () C:\Users\Marina\AppData\Roaming\WavePad.dmp
2020-03-16 19:38 - 2020-03-16 19:38 - 000000000 ___SH () C:\Users\Marina\AppData\Local\LumaEmu
2020-12-29 12:02 - 2020-12-29 12:02 - 000000000 ____H () C:\Users\Marina\AppData\Local\oobelibMkey.log
2021-03-02 15:45 - 2021-03-02 15:45 - 000000000 ____H () C:\Users\Marina\AppData\Local\{CF70090D-575C-4E1A-9469-F34C28E33B2F}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 
And my D disk is a separate disk; so, I guess I need to diconnects it? I'm little bit affraid of that, never did that, I'm pretty good with softvare but when it comes to hardvare I'm lost; is it necssary?

Thank you very much for your effort!
 
If D is a separate disk just unplug it.

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 
So, I cannot shut down my computer without installing updates, and I need to shut it down to disconnect the disk. Should I let it to install updates, or is it better to run all of those programs first? Since, maybe if the virus in on D to, wouldn't it be better to clean it as well?
 
Ok, so I did as you said, at least tryied, but both malwarebytes and adwcleaner didn't offer me neither to delete file (it was quarantine and then I delete it from there) and they didn't ask to restart my computer. First time I restarted manually (after malwarebytes) and now after adwcleaner I'm not sure what should I do.
 
LOGS:

RogueKiller Anti-Malware V14.8.6.0 (x64) [Mar 24 2021] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19042) 64 bits
Started in : Normal mode
User : Marina [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20200213_081045, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2021/04/29 10:30:40 (Duration : 00:04:41)
Switches : -minimize

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.Easeware (Potentially Malicious)] \Driver Easy Scheduled Scan -- C:\Program Files\Easeware\DriverEasy\DriverEasy.exe (--scan) -> Deleted
[PUP.Easeware (Potentially Malicious)] C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job -- C:\Program Files\Easeware\DriverEasy\DriverEasy.exe (--scan) -> ERROR [80070002]
[PUP.Conduit|PUP.Gen1 (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Conduit -- -> Deleted
[PUP.Conduit|PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-1222784746-3010063665-1554652310-1001\Software\Conduit -- -> Deleted
[PUP.Easeware (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1 -- -> Deleted
[PUP.Easeware (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{385D2F82-E1B5-44F3-ACEC-D7F29090043C} -- [%ProgramFiles%\Easeware\DriverEasy\DriverEasy.exe] -> Deleted
[PUP.Easeware (Potentially Malicious)] Easeware -- %_Marina_appdata%\Easeware -> Deleted
=> 2hokfjxd.ypp -- C:\Users\Marina\AppData\Roaming\Easeware\DRIVER~1\drivers\2hokfjxd.ypp -> Deleted
=> Drivers.data -- C:\Users\Marina\AppData\Roaming\Easeware\DRIVER~1\drivers\DRIVER~1.DAT -> Deleted
=> e430z2iy.12q -- C:\Users\Marina\AppData\Roaming\Easeware\DRIVER~1\drivers\e430z2iy.12q -> Deleted
=> iojvpwy2.0xd -- C:\Users\Marina\AppData\Roaming\Easeware\DRIVER~1\drivers\iojvpwy2.0xd -> Deleted
=> jwkinpyj.jy2 -- C:\Users\Marina\AppData\Roaming\Easeware\DRIVER~1\drivers\jwkinpyj.jy2 -> Deleted
=> o0e5plbp.1hu -- C:\Users\Marina\AppData\Roaming\Easeware\DRIVER~1\drivers\o0e5plbp.1hu -> Deleted
=> qncwzyza.ifu -- C:\Users\Marina\AppData\Roaming\Easeware\DRIVER~1\drivers\qncwzyza.ifu -> Deleted
=> roigcx0x.ogk -- C:\Users\Marina\AppData\Roaming\Easeware\DRIVER~1\drivers\roigcx0x.ogk -> Deleted
=> ttxvtm35.nut -- C:\Users\Marina\AppData\Roaming\Easeware\DRIVER~1\drivers\ttxvtm35.nut -> Deleted
=> xgqx0jty.k40 -- C:\Users\Marina\AppData\Roaming\Easeware\DRIVER~1\drivers\xgqx0jty.k40 -> Deleted
=> drivers -- C:\Users\Marina\AppData\Roaming\Easeware\DRIVER~1\drivers -> Deleted
=> settings.dat -- C:\Users\Marina\AppData\Roaming\Easeware\DRIVER~1\settings.dat -> Deleted
=> DriverEasy -- C:\Users\Marina\AppData\Roaming\Easeware\DRIVER~1 -> Deleted
[PUP.SysTweak|PUP.Gen1|PUP.Solvusoft (Potentially Malicious)] WinThruster -- %_Marina_appdata%\WinThruster -> Deleted
=> WL -- C:\Users\Marina\AppData\Roaming\WINTHR~1\WL -> Deleted
[PUP.Easeware (Potentially Malicious)] Driver Easy.lnk -- %programdata%\Microsoft\Windows\Start Menu\Programs\Driver Easy\Driver Easy.lnk (lnk => C:\PROGRA~1\Easeware\DRIVER~1\DRIVER~1.EXE []) -> Deleted
[PUP.Easeware (Potentially Malicious)] Uninstall Driver Easy.lnk -- %programdata%\Microsoft\Windows\Start Menu\Programs\Driver Easy\Uninstall Driver Easy.lnk (lnk => C:\PROGRA~1\Easeware\DRIVER~1\unins000.exe []) -> Deleted
[PUP.Easeware (Potentially Malicious)] Easeware -- %ProgramFiles%\Easeware -> Deleted
=> 7z.dll -- C:\PROGRA~1\Easeware\DRIVER~1\7z\7z.dll -> Deleted
=> 7z86.dll -- C:\PROGRA~1\Easeware\DRIVER~1\7z\7z86.dll -> Deleted
=> 7z -- C:\PROGRA~1\Easeware\DRIVER~1\7z -> Deleted
=> 7zip_license.txt -- C:\PROGRA~1\Easeware\DRIVER~1\7ZIP_L~1.TXT -> Deleted
=> DriverEasy.exe -- C:\PROGRA~1\Easeware\DRIVER~1\DRIVER~1.EXE -> Deleted
=> DriverEasy.exe.config -- C:\PROGRA~1\Easeware\DRIVER~1\DRIVER~1.CON -> Deleted
=> Easeware.CheckScheduledScan.exe -- C:\PROGRA~1\Easeware\DRIVER~1\EASEWA~1.EXE -> Deleted
=> Easeware.CheckScheduledScan.exe.config -- C:\PROGRA~1\Easeware\DRIVER~1\EASEWA~1.CON -> Deleted
=> Easeware.ConfigLanguageFromSetup.exe -- C:\PROGRA~1\Easeware\DRIVER~1\EASEWA~2.EXE -> Deleted
=> Easeware.ConfigLanguageFromSetup.exe.config -- C:\PROGRA~1\Easeware\DRIVER~1\EASEWA~2.CON -> Deleted
=> Easeware.Driver.Backup.dll -- C:\PROGRA~1\Easeware\DRIVER~1\EASEWA~1.DLL -> Deleted
=> Easeware.Driver.Core.dll -- C:\PROGRA~1\Easeware\DRIVER~1\EASEWA~2.DLL -> Deleted
=> HardwareInfo.dll -- C:\PROGRA~1\Easeware\DRIVER~1\HARDWA~1\HARDWA~1.DLL -> Deleted
=> HardwareInfo64.dll -- C:\PROGRA~1\Easeware\DRIVER~1\HARDWA~1\HARDWA~2.DLL -> Deleted
=> HardwareInfo -- C:\PROGRA~1\Easeware\DRIVER~1\HARDWA~1 -> Deleted
=> Interop.WUApiLib.dll -- C:\PROGRA~1\Easeware\DRIVER~1\INTERO~1.DLL -> Deleted
=> Map.xml -- C:\PROGRA~1\Easeware\DRIVER~1\Map.xml -> Deleted
=> SevenZipSharp.dll -- C:\PROGRA~1\Easeware\DRIVER~1\SEVENZ~1.DLL -> Deleted
=> unins000.dat -- C:\PROGRA~1\Easeware\DRIVER~1\unins000.dat -> Deleted
=> unins000.exe -- C:\PROGRA~1\Easeware\DRIVER~1\unins000.exe -> Deleted
=> unins000.msg -- C:\PROGRA~1\Easeware\DRIVER~1\unins000.msg -> Deleted
=> DriverEasy -- C:\PROGRA~1\Easeware\DRIVER~1 -> Deleted
 
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/29/21
Scan Time: 10:38 AM
Log File: 3ac4f658-a8c6-11eb-92d9-0c9d9262b29c.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1273
Update Package Version: 1.0.39939
License: Trial

-System Information-
OS: Windows 10 (Build 19042.928)
CPU: x64
File System: NTFS
User: DESKTOP-RL8Q6RI\Marina

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 288941
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 1 min, 23 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
PUP.Optional.BundleInstaller, C:\USERS\MARINA\DOWNLOADS\UTORRENT.EXE, Quarantined, 526, 875791, 1.0.39939, , ame, , 017D9131641A18826DECC8CB058B931C, E11B8C1D3BA335DC63A206CDB79CB6927C2053BF6CEAED9CE3ED9CE849E76C32

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 
# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-04-28.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 04-29-2021
# Duration: 00:00:09
# OS: Windows 10 Pro
# Scanned: 31984
# Detected: 4


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\solvusoft.com
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\store.solvusoft.com
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\solvusoft.com
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\store.solvusoft.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 
# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-04-28.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-29-2021
# Duration: 00:00:00
# OS: Windows 10 Pro
# Cleaned: 4
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\solvusoft.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\store.solvusoft.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\solvusoft.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\store.solvusoft.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2293 octets] - [29/04/2021 10:52:34]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-04-2021
Ran by Marina (administrator) on DESKTOP-RL8Q6RI (01-05-2021 10:48:11)
Running from C:\Users\Marina\Desktop
Loaded Profiles: Marina
Platform: Windows 10 Pro Version 20H2 19042.928 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> ) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2>
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Alcohol Soft -> Alcohol Soft Development Team) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAHCIServiceEx.exe
(ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.00.01\atkexComSvc.exe
(Digital Wave Ltd -> Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Flexera Software LLC -> Flexera) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Marina\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12101.1001.14.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.521.3093.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.521.3093.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.20122.11121.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\BackgroundTransferHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(StarWind Software) [File not signed] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9246656 2018-01-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1222784746-3010063665-1554652310-1001\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft -> Alcohol Soft Development Team)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.93\Installer\chrmstp.exe [2021-04-29] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10B5056F-7FAC-4D07-B040-16BDB06A9CF4} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-RL8Q6RI-Marina => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {247E7B4B-079B-44F9-AF16-2786A521B7EA} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.12.0.104\SymErr.exe
Task: {3139B13A-A6F9-4983-B0A3-6BA644707EAF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {34662D77-5927-401D-A8FD-77C6D3DDC686} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3BD894C4-B6B8-4060-9765-D947F996E15D} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.12.0.104\SymErr.exe
Task: {5F6D420F-E5FD-49AE-AD92-E6D1F1D615AA} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1706496 2020-04-05] () [File not signed]
Task: {60F5E12F-C9CA-4C81-A6BC-39E069710DD2} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.12.0.104\SymErr.exe
Task: {690551D8-CFC2-4159-B500-0E07C1854DE5} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {6EB94B87-F987-4ED1-ABC0-B46FF60E2791} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-26] (Google Inc -> Google Inc.)
Task: {A0F57660-F63E-4621-8185-F50C43AAC277} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A3A5D21F-F5B1-4FDC-AA84-75CD6745010E} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {A5881E1A-B162-4250-A004-0DC2FC91BE58} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AF9154E3-5256-4454-8EF9-C8DE21970ECA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C7411B43-9B69-4589-A549-0AA0A3E4D875} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\WINDOWS\system32\EOSNotify.exe
Task: {CBA96445-0005-466E-91FA-B85FE246640A} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.12.0.104\WSCStub.exe
Task: {ED58E341-7DA8-4294-BCFD-71088B0EF75E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-26] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{92f9ea99-be89-42fc-b2d5-e1d96b30efc6}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Marina\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-29]

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-12] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-04-21] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-12] (Adobe Systems Incorporated -> Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\Marina\AppData\Local\Google\Chrome\User Data\Default [2021-04-16]
CHR Notifications: Default -> hxxps://270577562699580.webpush.freshchat.com; hxxps://filmora.wondershare.com; hxxps://happypawsjewelry.com; hxxps://thepiratebay.org; hxxps://wwcasting.cdn.pagesense.io; hxxps://www.facebook.com; hxxps://www.pcmag.com; hxxps://www.reddit.com; hxxps://www.shawacademy.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Extension: (Slides) - C:\Users\Marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-12-29]
CHR Extension: (Safe Torrent Scanner) - C:\Users\Marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2021-03-06]
CHR Extension: (Docs) - C:\Users\Marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-12-29]
CHR Extension: (Google Drive) - C:\Users\Marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-29]
CHR Extension: (YouTube) - C:\Users\Marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-12-29]
CHR Extension: (Sheets) - C:\Users\Marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-12-29]
CHR Extension: (Google Docs Offline) - C:\Users\Marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-17]
CHR Extension: (Video DownloadHelper) - C:\Users\Marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2021-03-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\Marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-29]
CHR Extension: (Chrome Media Router) - C:\Users\Marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-16]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.00.01\atkexComSvc.exe [382424 2018-02-06] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-24] (ASUSTeK Computer Inc. -> ) [File not signed]
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft -> Alcohol Soft Development Team)
R2 AxVirtualAHCISrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAHCIServiceEx.exe [105888 2019-06-12] (Alcohol Soft -> Alcohol Soft Development Team)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2017-03-22] (Digital Wave Ltd -> Digital Wave Ltd.)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [82216 2021-02-10] (Mixbyte Inc -> Freemake)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-04-29] (Malwarebytes Inc -> Malwarebytes)
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13688656 2021-03-24] (Adlice -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5361256 2021-04-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe [2624104 2021-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe [128376 2021-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2017-06-01] (ASUSTeK Computer Inc. -> )
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-04-29] (Malwarebytes Inc -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-04-29] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-04-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-05-01] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-05-01] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-04-29] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [157944 2021-05-01] (Malwarebytes Inc -> Malwarebytes)
R0 sptd2; C:\WINDOWS\System32\Drivers\sptd2.sys [203296 2020-03-24] (Disc Soft Ltd -> Duplex Secure Ltd)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102552 2018-10-26] (Symantec Corporation -> Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2021-05-01] (Adlice -> )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [421088 2021-04-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72928 2021-04-12] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-01 10:47 - 2021-05-01 10:47 - 000000000 ____D C:\Users\Marina\Desktop\FRST-OlderVersion
2021-05-01 10:45 - 2021-05-01 10:48 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2021-05-01 10:45 - 2021-05-01 10:48 - 000000000 ___HD C:\ProgramData\Documents\AdobeGC
2021-05-01 10:45 - 2021-05-01 10:45 - 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-05-01 10:45 - 2021-05-01 10:45 - 000157944 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-05-01 10:45 - 2021-05-01 10:45 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-05-01 10:45 - 2021-05-01 10:45 - 000000000 ____D C:\Users\Marina\AppData\LocalLow\IGDump
2021-04-29 17:54 - 2021-04-29 17:54 - 000003286 _____ C:\Users\Marina\Desktop\proba.wlmp
2021-04-29 17:52 - 2021-04-29 17:52 - 003402901 _____ C:\Users\Marina\Desktop\My Movie.m4a
2021-04-29 17:19 - 2021-04-29 17:19 - 000000533 _____ C:\Users\Marina\Desktop\Local Disk (C) - Shortcut (2).lnk
2021-04-29 17:19 - 2021-04-29 17:19 - 000000515 _____ C:\Users\Marina\Desktop\Local Disk (D) - Shortcut (2).lnk
2021-04-29 10:54 - 2021-04-29 10:54 - 000002293 _____ C:\Users\Marina\Desktop\adw cleaner.txt
2021-04-29 10:52 - 2021-04-29 10:55 - 000000000 ____D C:\AdwCleaner
2021-04-29 10:41 - 2021-04-29 10:41 - 000003394 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d7258bd43fd5b6
2021-04-29 10:39 - 2021-05-01 10:49 - 000000000 ____D C:\Users\Marina\AppData\Local\CrashDumps
2021-04-29 10:37 - 2021-04-29 10:37 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-04-29 10:37 - 2021-04-29 10:37 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-04-29 10:37 - 2021-04-29 10:37 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-04-29 10:37 - 2021-04-29 10:37 - 000000000 ____D C:\Users\Marina\AppData\Local\mbam
2021-04-29 10:36 - 2021-04-29 10:36 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-04-29 10:36 - 2021-04-29 10:36 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-04-29 10:36 - 2021-04-29 10:36 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-04-29 10:36 - 2021-04-29 10:36 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-04-29 10:36 - 2021-04-29 10:36 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-04-29 10:32 - 2021-04-29 10:32 - 000000000 ____D C:\Program Files\Malwarebytes
2021-04-29 10:15 - 2021-05-01 10:45 - 000038032 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2021-04-29 10:15 - 2021-04-29 10:15 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2021-04-29 10:15 - 2021-04-29 10:15 - 000000899 _____ C:\ProgramData\Desktop\RogueKiller.lnk
2021-04-29 10:15 - 2021-04-29 10:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2021-04-29 10:15 - 2021-04-29 10:15 - 000000000 ____D C:\Program Files\RogueKiller
2021-04-29 10:14 - 2021-04-29 10:25 - 000000000 ____D C:\ProgramData\RogueKiller
2021-04-29 10:14 - 2021-04-28 20:25 - 008534696 _____ (Malwarebytes) C:\Users\Marina\Desktop\AdwCleaner.exe
2021-04-29 10:14 - 2021-04-28 20:24 - 002078632 _____ (Malwarebytes) C:\Users\Marina\Desktop\MBSetup.exe
2021-04-29 10:14 - 2021-04-28 20:21 - 040488656 _____ (Adlice Software ) C:\Users\Marina\Desktop\RogueKiller_setup.exe
2021-04-28 12:34 - 2021-04-28 12:36 - 000003567 _____ C:\Users\Marina\Desktop\ckfiles.txt
2021-04-28 12:33 - 2021-04-28 12:32 - 000468480 _____ () C:\Users\Marina\Desktop\CKScanner.exe
2021-04-27 20:49 - 2021-04-27 20:49 - 000032891 _____ C:\Users\Marina\Desktop\Addition.txt
2021-04-27 20:47 - 2021-05-01 10:48 - 000020036 _____ C:\Users\Marina\Desktop\FRST.txt
2021-04-27 20:43 - 2021-05-01 10:48 - 000000000 ____D C:\FRST
2021-04-27 20:43 - 2021-05-01 10:47 - 002298368 _____ (Farbar) C:\Users\Marina\Desktop\FRST64.exe
2021-04-15 19:00 - 2021-04-15 19:05 - 000005467 ____H C:\Users\Marina\Desktop\senka2.wlmp
2021-04-15 18:31 - 2021-04-15 18:37 - 000005636 ____H C:\Users\Marina\Desktop\senka videos.wlmp
2021-04-15 17:39 - 2021-04-15 18:25 - 000000000 ___HD C:\Users\Marina\Desktop\Video_Marko_mob
2021-04-14 17:38 - 2021-04-14 17:38 - 000000000 ____D C:\ProgramData\DigitalWave.ApplicationUpdater_files
2021-04-14 17:37 - 2021-04-14 17:38 - 000000000 ___HD C:\Users\Marina\AppData\Roaming\DVDVideoSoft
2021-04-14 17:37 - 2021-04-14 17:37 - 000001439 ____H C:\Users\Public\Desktop\Free Video Flip and Rotate.lnk
2021-04-14 17:37 - 2021-04-14 17:37 - 000001439 ____H C:\ProgramData\Desktop\Free Video Flip and Rotate.lnk
2021-04-14 17:37 - 2021-04-14 17:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2021-04-14 17:37 - 2021-04-14 17:37 - 000000000 ____D C:\Program Files (x86)\DVDVideoSoft
2021-04-14 17:36 - 2021-04-14 17:37 - 033700240 ____H (Digital Wave Ltd ) C:\Users\Marina\Downloads\FreeVideoFlipAndRotate_1.1.35.831_d.exe
2021-04-14 17:33 - 2021-04-14 17:35 - 081205957 ____H C:\Users\Marina\Downloads\MyVideo_1_multi 2.mov
2021-04-14 15:37 - 2021-04-14 15:37 - 000179908 ____H C:\Users\Marina\Downloads\=_utf-8_B_UE9UVlJEQSBPIElaVlLFoEVOSlUgVFJBTlNBS0NJSkUucGRm_=
2021-04-14 11:19 - 2021-04-14 11:19 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-14 11:19 - 2021-04-14 11:19 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-04-14 11:19 - 2021-04-14 11:19 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-04-13 20:25 - 2021-04-13 20:36 - 000000000 ___HD C:\Users\Marina\Desktop\VIDEO CAST
2021-04-12 18:03 - 2021-04-29 10:41 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-04-12 18:03 - 2021-04-29 10:40 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-04-12 18:03 - 2021-04-12 18:03 - 000002124 ____H C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2021-04-12 18:03 - 2021-04-12 18:03 - 000002124 ____H C:\ProgramData\Desktop\Acrobat Reader DC.lnk
2021-04-12 17:57 - 2021-04-12 17:57 - 001349887 ____H C:\Users\Marina\Downloads\IMG_0003 (1).pdf
2021-04-08 20:30 - 2021-04-08 20:30 - 000169488 ____H C:\Users\Marina\Desktop\zadnja verzija reel engNOVO.wlmp
2021-04-08 16:29 - 2021-04-08 16:29 - 000064842 ____H C:\Users\Marina\Desktop\potvrda.pdf
2021-04-06 13:32 - 2021-04-06 13:32 - 001349887 ____H C:\Users\Marina\Downloads\IMG_0003.pdf
2021-04-06 12:11 - 2021-04-06 12:11 - 000039324 ____H C:\Users\Marina\Downloads\ESB_izvadak (2).htm
2021-04-06 12:11 - 2021-04-06 12:11 - 000007217 ____H C:\Users\Marina\Downloads\ESB_izvadak (1).htm

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-01 10:48 - 2021-03-30 19:42 - 000004170 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{3940DE8D-0408-457A-ADAB-E62A082DEAB4}
2021-05-01 10:48 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-05-01 10:48 - 2018-10-27 11:22 - 000000000 ___HD C:\Users\Marina\AppData\Local\Adobe
2021-05-01 10:47 - 2018-10-26 12:11 - 000000000 __RHD C:\Users\Marina\OneDrive
2021-05-01 10:46 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-01 10:45 - 2021-03-30 19:42 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-05-01 10:45 - 2018-10-26 20:59 - 000000000 ____D C:\ProgramData\NVIDIA
2021-04-29 18:27 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-04-29 17:16 - 2021-03-30 19:34 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-04-29 15:43 - 2018-10-26 14:44 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-29 15:43 - 2018-10-26 14:44 - 000002260 ____H C:\Users\Public\Desktop\Google Chrome.lnk
2021-04-29 15:43 - 2018-10-26 14:44 - 000002260 ____H C:\ProgramData\Desktop\Google Chrome.lnk
2021-04-29 10:51 - 2021-03-30 19:44 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-04-29 10:51 - 2021-01-05 09:46 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-29 10:51 - 2021-01-05 09:46 - 000002276 ____H C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-04-29 10:51 - 2021-01-05 09:46 - 000002276 ____H C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-04-29 10:51 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-04-29 10:51 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-04-29 10:41 - 2021-03-30 19:42 - 000003488 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-29 10:39 - 2021-03-30 19:42 - 000003468 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-29 10:39 - 2021-03-30 19:42 - 000003344 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-29 10:36 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-04-29 10:34 - 2021-03-30 19:42 - 000003382 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1222784746-3010063665-1554652310-1001
2021-04-29 10:34 - 2021-03-30 19:36 - 000002370 _____ C:\Users\Marina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-29 10:30 - 2018-10-26 15:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy
2021-04-29 10:15 - 2020-12-18 14:31 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-04-29 10:15 - 2020-12-18 14:31 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2021-04-28 21:02 - 2021-03-30 19:34 - 005155624 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-04-28 21:02 - 2019-12-07 11:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-04-28 21:02 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-28 21:02 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-28 21:02 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-04-28 21:02 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-04-28 21:02 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-28 21:02 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-28 21:02 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-04-28 21:02 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-28 21:02 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-28 21:02 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-04-28 21:02 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-28 21:02 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-04-16 12:30 - 2018-10-26 12:11 - 000000000 ___HD C:\Users\Marina\AppData\Local\Packages
2021-04-16 10:01 - 2021-03-30 19:34 - 000008192 ___SH C:\DumpStack.log.tmp
2021-04-14 17:32 - 2019-04-28 11:52 - 000000000 ___HD C:\Users\Marina\AppData\Roaming\vlc
2021-04-14 11:21 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\servicing
2021-04-14 11:21 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-04-14 11:18 - 2021-03-30 19:36 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-04-14 11:01 - 2018-10-26 21:20 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-04-14 10:58 - 2018-10-26 21:20 - 131963968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-04-13 22:37 - 2021-03-06 13:29 - 000000000 ___HD C:\Users\Marina\AppData\Roaming\uTorrent
2021-04-13 21:04 - 2021-03-06 13:29 - 000000000 ___HD C:\Users\Marina\AppData\LocalLow\uTorrent
2021-04-12 18:06 - 2018-11-03 16:40 - 000000000 ___HD C:\Users\Marina\AppData\LocalLow\Adobe
2021-04-12 18:06 - 2018-10-27 11:22 - 000000000 ____D C:\ProgramData\Adobe
2021-04-12 18:06 - 2018-10-26 12:11 - 000000000 ___HD C:\Users\Marina\AppData\Roaming\Adobe
2021-04-12 18:02 - 2018-11-03 16:28 - 000000000 ____D C:\Program Files (x86)\Adobe
2021-04-12 09:51 - 2021-03-30 11:23 - 000000000 ___DC C:\WINDOWS\Panther
2021-04-12 09:43 - 2018-10-26 21:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-04-01 09:29 - 2020-12-17 13:14 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools

==================== Files in the root of some directories ========

2019-07-01 12:29 - 2019-07-02 17:37 - 000151454 ____H () C:\Users\Marina\AppData\Roaming\WavePad.dmp
2020-03-16 19:38 - 2020-03-16 19:38 - 000000000 ___SH () C:\Users\Marina\AppData\Local\LumaEmu
2020-12-29 12:02 - 2020-12-29 12:02 - 000000000 ____H () C:\Users\Marina\AppData\Local\oobelibMkey.log
2021-03-02 15:45 - 2021-03-02 15:45 - 000000000 ____H () C:\Users\Marina\AppData\Local\{CF70090D-575C-4E1A-9469-F34C28E33B2F}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-04-2021
Ran by Marina (01-05-2021 10:49:40)
Running from C:\Users\Marina\Desktop
Windows 10 Pro Version 20H2 19042.928 (X64) (2021-03-30 17:42:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1222784746-3010063665-1554652310-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1222784746-3010063665-1554652310-503 - Limited - Disabled)
Guest (S-1-5-21-1222784746-3010063665-1554652310-501 - Limited - Disabled)
Marina (S-1-5-21-1222784746-3010063665-1554652310-1001 - Administrator - Enabled) => C:\Users\Marina
WDAGUtilityAccount (S-1-5-21-1222784746-3010063665-1554652310-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1222784746-3010063665-1554652310-1001\...\uTorrent) (Version: 3.5.5.45852 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Croatian (HKLM-x32\...\{AC76BA86-7AD7-1050-7B44-AC0F074E4100}) (Version: 21.001.20150 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.0.327 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.1 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0) (Version: 18.0.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 17.7 - Advanced Micro Devices, Inc.)
Balanced (HKLM-x32\...\{EFD0705E-598B-46D4-8D5B-4539431764B8}) (Version: 2.02.0000 - Advanced Micro Devices, Inc.) Hidden
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.76.1090 - AB Team, d.o.o.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Divinity Original Sin 2 Definitive Edition (HKLM-x32\...\Divinity Original Sin 2 Definitive Edition_is1) (Version: - )
Final Draft (HKLM-x32\...\{E8FDC52C-83F4-4A0F-AA65-D0E8C0F3302F}) (Version: 9.0.0.163 - Final Draft, Inc.)
Free Video Flip and Rotate (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version: 1.1.35.831 - Digital Wave Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.93 - Google LLC)
Jurassic World Evolution (HKLM-x32\...\Jurassic World Evolution_is1) (Version: - )
K-Lite Codec Pack 15.4.4 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 15.4.4 - KLCP)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.49 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1222784746-3010063665-1554652310-1001\...\OneDriveSetup.exe) (Version: 21.062.0328.0001 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 (HKLM-x32\...\{65e650ff-30be-469d-b63a-418d71ea1765}) (Version: 14.25.28508.3 - Microsoft Corporation)
Movavi Video Converter 14 (HKLM-x32\...\Movavi Video Converter 14) (Version: 14.3.0 - Movavi)
Movie Maker (HKLM-x32\...\{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
NVIDIA Graphics Driver 456.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 456.71 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.35 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{7F5DCD33-1039-C3B2-9538-B645B65BBA63}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.26.328.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8339 - Realtek Semiconductor Corp.)
RogueKiller version 14.8.6.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 14.8.6.0 - Adlice Software)
The Sims 3 Complete Collection version 1.67.2 (HKLM-x32\...\The Sims 3 Complete Collection_is1) (Version: 1.67.2 - Mr DJ)
The Sims 4 (HKLM-x32\...\The Sims 4_is1) (Version: - )
The Sims 4 Snowy Escape (HKLM-x32\...\The Sims 4 Snowy Escape_is1) (Version: - )
Unravel Two (HKLM-x32\...\Unravel Two_is1) (Version: - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{91684B6D-153D-4C12-B6B1-59F7496BE44A}) (Version: 2.50.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
VdhCoApp 1.6.0 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22589 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )
Worms W.M.D. (HKLM-x32\...\1448620034_is1) (Version: 2.0.0.2 - GOG.com)
Worms W.M.D. All Stars Pack (HKLM-x32\...\2041366294_is1) (Version: 2.0.0.2 - GOG.com)

Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-01-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-01-25] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-03-30] (Microsoft Studios) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2021-01-25] (Microsoft Corporation) [MS Ad]
Warm Winter Nights -> C:\Program Files\WindowsApps\Microsoft.WarmWinterNights_1.0.0.0_neutral__8wekyb3d8bbwe [2021-01-25] (Microsoft Corporation)
Winter Wallpapers -> C:\Program Files\WindowsApps\6630lbc21apps.WinterWallpapers_1.1.1.0_x64__a24r53g98298g [2021-01-25] (lbc21apps) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1222784746-3010063665-1554652310-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6723984 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4222864 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2010-10-29] (WinZip Computing -> WinZip Computing, S.L.)
ContextMenuHandlers2-x32: [AlcoholShellEx] -> {32020A01-506E-484D-A2A8-BE3CF17601C3} => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlex.dll [2014-09-06] (Alcohol Soft -> Alcohol Soft Development Team)
ContextMenuHandlers2: [AlcoholShellEx64] -> {AF67B665-D752-424E-9A03-C7C218F2844F} => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlEx64.dll [2014-09-06] (Alcohol Soft -> Alcohol Soft Development Team)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-29] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2010-10-29] (WinZip Computing -> WinZip Computing, S.L.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2020-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-29] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2010-10-29] (WinZip Computing -> WinZip Computing, S.L.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2016-10-12 02:08 - 2016-10-12 02:08 - 000124928 _____ () [File not signed] \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-10-12 02:08 - 2016-10-12 02:08 - 000118272 _____ () [File not signed] \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-10-12 02:08 - 2016-10-12 02:08 - 000166400 _____ () [File not signed] \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2016-10-12 02:08 - 2016-10-12 02:08 - 000223232 _____ () [File not signed] \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-10-12 02:08 - 2016-10-12 02:08 - 000117248 _____ () [File not signed] \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2018-10-26 14:45 - 2021-05-01 10:45 - 000031528 _____ (ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AXSP\4.00.01\PEbiosinterface32.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 13:04 - 2015-07-10 13:02 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1222784746-3010063665-1554652310-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Marina\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{63A26A3A-6106-4A58-8108-6D42ADBB5466}] => (Block) D:\games\the sims 4 snowy escape\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{3F383B24-407C-44DA-B446-34BEC8D01BB6}] => (Block) D:\games\the sims 4 snowy escape\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [UDP Query User{FCCC718A-B1DD-4ED9-A324-2424375C49AD}D:\games\the sims 4 snowy escape\game\bin\ts4_x64.exe] => (Allow) D:\games\the sims 4 snowy escape\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [TCP Query User{A5FFE2BD-69CF-406F-B506-947C29FA0FC9}D:\games\the sims 4 snowy escape\game\bin\ts4_x64.exe] => (Allow) D:\games\the sims 4 snowy escape\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{EB63231C-A3DA-4BB6-9EBD-D4B43D8EEEDF}] => (Allow) C:\Users\Marina\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{8264EB71-FB31-4C8D-BC90-C5D0CE32FD8D}] => (Allow) C:\Users\Marina\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{8081244A-88A2-4BAF-9C66-A31FAAB3AFBF}] => (Allow) C:\Program Files (x86)\EaseUS\EaseUS RecExperts\EaseUS RecExperts.exe => No File
FirewallRules: [{DD54FBE1-520C-4F8B-A023-6C63FFD028B9}] => (Allow) C:\Program Files (x86)\EaseUS\EaseUS RecExperts\EaseUS RecExperts.exe => No File
FirewallRules: [{EAC94F44-0511-4FB4-966C-F9CB4B6A8996}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C902DF05-E6AF-4B31-BFCC-59D2A9C679B8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{77472304-1DE7-4C3F-9B4B-2B53EC6C3228}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{566142EE-7837-4D1A-BCD8-3EFDEBACA1C1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{36B57B58-A444-4A91-8C97-385CF6009E9A}] => (Allow) LPort=1900
FirewallRules: [{B0AAFCEB-96D4-42AD-94E5-679214811D18}] => (Allow) LPort=2869
FirewallRules: [{F0AA088D-1FA4-4AD9-89E6-F2A892829DF3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{96A5C0EB-A0C0-4950-9711-0CE3D81EE036}C:\program files (x86)\activision\call of duty - black ops\blackops.exe] => (Allow) C:\program files (x86)\activision\call of duty - black ops\blackops.exe => No File
FirewallRules: [TCP Query User{EFCDAD45-21E1-4EE5-892C-752B8CA00E6F}C:\program files (x86)\activision\call of duty - black ops\blackops.exe] => (Allow) C:\program files (x86)\activision\call of duty - black ops\blackops.exe => No File
FirewallRules: [{67EA19C4-18BA-4914-816C-955E9F864520}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [{FF6BD20A-AE40-4D57-8909-F0D7B3FE9271}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [TCP Query User{4480BF2E-53EA-42B0-A3B6-6269B11308FB}D:\games\the sims 4\game\bin\ts4.exe] => (Block) D:\games\the sims 4\game\bin\ts4.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [UDP Query User{DCD4BB5E-EB29-44ED-8AA2-1C641272A3F0}D:\games\the sims 4\game\bin\ts4.exe] => (Block) D:\games\the sims 4\game\bin\ts4.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [TCP Query User{49631B64-91C3-4BBD-A2B3-E4693E0D5F5F}D:\games\the sims 4\game\bin\ts4_x64.exe] => (Allow) D:\games\the sims 4\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [UDP Query User{C4454823-5755-4095-A1DC-F09DA7B5DE93}D:\games\the sims 4\game\bin\ts4_x64.exe] => (Allow) D:\games\the sims 4\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [TCP Query User{AF60C47C-548F-4221-85A3-9AD69D726AD0}C:\program files (x86)\call of duty black ops 2\t6sp.exe] => (Allow) C:\program files (x86)\call of duty black ops 2\t6sp.exe => No File
FirewallRules: [UDP Query User{8B85439F-2A17-459E-AA57-DD66888D6EBC}C:\program files (x86)\call of duty black ops 2\t6sp.exe] => (Allow) C:\program files (x86)\call of duty black ops 2\t6sp.exe => No File
FirewallRules: [{2863EBD4-65AA-4127-967E-FD61A1B25701}] => (Block) C:\program files (x86)\call of duty black ops 2\t6sp.exe => No File
FirewallRules: [{0712093B-F222-491B-BA93-A88837CAE4ED}] => (Block) C:\program files (x86)\call of duty black ops 2\t6sp.exe => No File
FirewallRules: [TCP Query User{8C85A8F7-E378-45D7-923B-25AAD0F8F4DD}C:\program files (x86)\call of duty black ops 2\t6zm.exe] => (Block) C:\program files (x86)\call of duty black ops 2\t6zm.exe => No File
FirewallRules: [UDP Query User{6899C2FB-217F-4A11-B446-CF0C037A8E2F}C:\program files (x86)\call of duty black ops 2\t6zm.exe] => (Block) C:\program files (x86)\call of duty black ops 2\t6zm.exe => No File
FirewallRules: [TCP Query User{5C94EAA3-E694-41F3-B689-23392F89A0D6}D:\games\call of duty black ops iii\blackops3.exe] => (Block) D:\games\call of duty black ops iii\blackops3.exe => No File
FirewallRules: [UDP Query User{4C91E6E8-13D7-4766-B6E8-E62EA38A2B51}D:\games\call of duty black ops iii\blackops3.exe] => (Block) D:\games\call of duty black ops iii\blackops3.exe => No File
FirewallRules: [TCP Query User{FFE530F1-3020-48A4-AB1D-D07982467E25}C:\divinity original sin 2 definitive edition\defed\bin\eocapp.exe] => (Allow) C:\divinity original sin 2 definitive edition\defed\bin\eocapp.exe (Larian Studios -> )
FirewallRules: [UDP Query User{4717EAEE-04D5-46D7-92FA-D870697C2595}C:\divinity original sin 2 definitive edition\defed\bin\eocapp.exe] => (Allow) C:\divinity original sin 2 definitive edition\defed\bin\eocapp.exe (Larian Studios -> )
FirewallRules: [{D0A39F11-0401-459B-A837-87C574EA2F4A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [{2ACCB070-3014-4B1C-9978-E4AD4AD3CCE4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [TCP Query User{CD1D9DE4-F708-4471-AECD-B327F332B35A}D:\games\unravel two\unraveltwo.exe] => (Allow) D:\games\unravel two\unraveltwo.exe (Coldwood Interactive AB -> Coldwood Interactive AB) [File not signed]
FirewallRules: [UDP Query User{7314DCCB-D3A4-4D2E-BCCD-8EF67F821208}D:\games\unravel two\unraveltwo.exe] => (Allow) D:\games\unravel two\unraveltwo.exe (Coldwood Interactive AB -> Coldwood Interactive AB) [File not signed]
FirewallRules: [{4CA8DD06-4E99-4840-87FB-0AB4BCAACB0D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

28-04-2021 20:50:23 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/01/2021 10:49:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.844, time stamp: 0x69441820
Faulting module name: KERNELBASE.dll, version: 10.0.19041.906, time stamp: 0x2f2f77bf
Exception code: 0xc000027b
Fault offset: 0x000000000010b2dc
Faulting process id: 0x12b0
Faulting application start time: 0x01d73e669db445ef
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 699efaee-f8cb-49ec-b344-358d8acf55b4
Faulting package full name: Microsoft.Windows.Search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (05/01/2021 10:47:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.844, time stamp: 0x69441820
Faulting module name: KERNELBASE.dll, version: 10.0.19041.906, time stamp: 0x2f2f77bf
Exception code: 0xc000027b
Fault offset: 0x000000000010b2dc
Faulting process id: 0x27f8
Faulting application start time: 0x01d73e665bcbb1c5
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: eed00d34-344f-4914-847e-864c32fd62ac
Faulting package full name: Microsoft.Windows.Search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (05/01/2021 10:45:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.844, time stamp: 0x69441820
Faulting module name: KERNELBASE.dll, version: 10.0.19041.906, time stamp: 0x2f2f77bf
Exception code: 0xc000027b
Fault offset: 0x000000000010b2dc
Faulting process id: 0x63c
Faulting application start time: 0x01d73e665636b415
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 73960d1a-d123-4355-8c18-dafcc468951b
Faulting package full name: Microsoft.Windows.Search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (05/01/2021 10:45:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FreemakeUtilsService.exe, version: 1.0.0.0, time stamp: 0x60239929
Faulting module name: KERNELBASE.dll, version: 10.0.19041.906, time stamp: 0x26452a2a
Exception code: 0xe0434352
Fault offset: 0x0012a6e2
Faulting process id: 0xf8c
Faulting application start time: 0x01d73e665338bb99
Faulting application path: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 3c9d15e9-e2bc-440e-b755-e7b0134b59bf
Faulting package full name:
Faulting package-relative application ID:

Error: (05/01/2021 10:45:24 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: FreemakeUtilsService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
at FreemakeUtilsService.Program.Main(System.String[])

Error: (04/29/2021 11:22:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.844, time stamp: 0x69441820
Faulting module name: KERNELBASE.dll, version: 10.0.19041.906, time stamp: 0x2f2f77bf
Exception code: 0xc000027b
Fault offset: 0x000000000010b2dc
Faulting process id: 0x2b2c
Faulting application start time: 0x01d73cd81786555e
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 0cfbce00-6c87-430e-ab06-491c8efda093
Faulting package full name: Microsoft.Windows.Search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (04/29/2021 10:55:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.844, time stamp: 0x69441820
Faulting module name: KERNELBASE.dll, version: 10.0.19041.906, time stamp: 0x2f2f77bf
Exception code: 0xc000027b
Fault offset: 0x000000000010b2dc
Faulting process id: 0x1dd0
Faulting application start time: 0x01d73cd560503c67
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 5ff09939-c4b5-4f11-ac87-21d50b6c105c
Faulting package full name: Microsoft.Windows.Search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (04/29/2021 10:53:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.844, time stamp: 0x69441820
Faulting module name: KERNELBASE.dll, version: 10.0.19041.906, time stamp: 0x2f2f77bf
Exception code: 0xc000027b
Fault offset: 0x000000000010b2dc
Faulting process id: 0x1150
Faulting application start time: 0x01d73cd4e95751c1
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 8678553b-9217-48fe-ac57-b2a8708c5376
Faulting package full name: Microsoft.Windows.Search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI


System errors:
=============
Error: (05/01/2021 10:47:44 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-RL8Q6RI)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (05/01/2021 10:45:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Freemake Improver service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (05/01/2021 10:45:28 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the Freemake Improver service to connect.

Error: (04/29/2021 06:27:20 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (04/29/2021 06:27:20 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (04/29/2021 06:27:20 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (04/29/2021 03:43:27 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-RL8Q6RI)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (04/29/2021 11:23:42 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-RL8Q6RI)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.


Windows Defender:
================
Date: 2021-04-16 12:52:18
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-16 12:46:17
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-16 12:37:46
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-16 11:30:10
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-14 11:10:55
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-29 10:47:06
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.335.958.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18000.5
Error code: 0x80070643
Error description: Fatal error during installation.

Date: 2021-04-29 10:47:04
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.337.170.0
Previous security intelligence Version: 1.335.958.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.18100.5
Previous Engine Version: 1.1.18000.5
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2021-04-29 10:47:04
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.337.170.0
Previous security intelligence Version: 1.335.958.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.18100.5
Previous Engine Version: 1.1.18000.5
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2021-04-29 10:47:04
Description:
Microsoft Defender Antivirus has encountered an error trying to update the engine.
New Engine Version: 1.1.18100.5
Previous Engine Version: 1.1.18000.5
Error Code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 0403 07/12/2018
Motherboard: ASUSTeK COMPUTER INC. TUF B450M-PLUS GAMING
Processor: AMD Ryzen 5 1600 Six-Core Processor
Percentage of memory in use: 23%
Total physical RAM: 16313.21 MB
Available physical RAM: 12457.87 MB
Total Virtual: 18745.21 MB
Available Virtual: 13253.23 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.21 GB) (Free:3.28 GB) NTFS
Drive d: () (Fixed) (Total:931.39 GB) (Free:239.86 GB) NTFS

\\?\Volume{2ab54681-1596-498b-b25d-e4414be7061e}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{622d3f92-614b-4219-8a86-470a5d3ee61a}\ () (Fixed) (Total:0.8 GB) (Free:0.38 GB) NTFS
\\?\Volume{e2f432ca-fbd2-4d9d-961e-d3e791c7f36a}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 223.6 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    2.9 KB · Views: 24
Fix result of Farbar Recovery Scan Tool (x64) Version: 28-04-2021
Ran by Marina (01-05-2021 11:53:50) Run:1
Running from C:\Users\Marina\Desktop
Loaded Profiles: Marina
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
FirewallRules: [{8081244A-88A2-4BAF-9C66-A31FAAB3AFBF}] => (Allow) C:\Program Files (x86)\EaseUS\EaseUS RecExperts\EaseUS RecExperts.exe => No File
FirewallRules: [{DD54FBE1-520C-4F8B-A023-6C63FFD028B9}] => (Allow) C:\Program Files (x86)\EaseUS\EaseUS RecExperts\EaseUS RecExperts.exe => No File
FirewallRules: [UDP Query User{96A5C0EB-A0C0-4950-9711-0CE3D81EE036}C:\program files (x86)\activision\call of duty - black ops\blackops.exe] => (Allow) C:\program files (x86)\activision\call of duty - black ops\blackops.exe => No File
FirewallRules: [TCP Query User{EFCDAD45-21E1-4EE5-892C-752B8CA00E6F}C:\program files (x86)\activision\call of duty - black ops\blackops.exe] => (Allow) C:\program files (x86)\activision\call of duty - black ops\blackops.exe => No File
FirewallRules: [{67EA19C4-18BA-4914-816C-955E9F864520}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [{FF6BD20A-AE40-4D57-8909-F0D7B3FE9271}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [TCP Query User{AF60C47C-548F-4221-85A3-9AD69D726AD0}C:\program files (x86)\call of duty black ops 2\t6sp.exe] => (Allow) C:\program files (x86)\call of duty black ops 2\t6sp.exe => No File
FirewallRules: [UDP Query User{8B85439F-2A17-459E-AA57-DD66888D6EBC}C:\program files (x86)\call of duty black ops 2\t6sp.exe] => (Allow) C:\program files (x86)\call of duty black ops 2\t6sp.exe => No File
FirewallRules: [{2863EBD4-65AA-4127-967E-FD61A1B25701}] => (Block) C:\program files (x86)\call of duty black ops 2\t6sp.exe => No File
FirewallRules: [{0712093B-F222-491B-BA93-A88837CAE4ED}] => (Block) C:\program files (x86)\call of duty black ops 2\t6sp.exe => No File
FirewallRules: [TCP Query User{8C85A8F7-E378-45D7-923B-25AAD0F8F4DD}C:\program files (x86)\call of duty black ops 2\t6zm.exe] => (Block) C:\program files (x86)\call of duty black ops 2\t6zm.exe => No File
FirewallRules: [UDP Query User{6899C2FB-217F-4A11-B446-CF0C037A8E2F}C:\program files (x86)\call of duty black ops 2\t6zm.exe] => (Block) C:\program files (x86)\call of duty black ops 2\t6zm.exe => No File
FirewallRules: [TCP Query User{5C94EAA3-E694-41F3-B689-23392F89A0D6}D:\games\call of duty black ops iii\blackops3.exe] => (Block) D:\games\call of duty black ops iii\blackops3.exe => No File
FirewallRules: [UDP Query User{4C91E6E8-13D7-4766-B6E8-E62EA38A2B51}D:\games\call of duty black ops iii\blackops3.exe] => (Block) D:\games\call of duty black ops iii\blackops3.exe => No File
FirewallRules: [{D0A39F11-0401-459B-A837-87C574EA2F4A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [{2ACCB070-3014-4B1C-9978-E4AD4AD3CCE4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => No File

*****************

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => could not remove, key could be protected
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8081244A-88A2-4BAF-9C66-A31FAAB3AFBF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DD54FBE1-520C-4F8B-A023-6C63FFD028B9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{96A5C0EB-A0C0-4950-9711-0CE3D81EE036}C:\program files (x86)\activision\call of duty - black ops\blackops.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{EFCDAD45-21E1-4EE5-892C-752B8CA00E6F}C:\program files (x86)\activision\call of duty - black ops\blackops.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{67EA19C4-18BA-4914-816C-955E9F864520}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FF6BD20A-AE40-4D57-8909-F0D7B3FE9271}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{AF60C47C-548F-4221-85A3-9AD69D726AD0}C:\program files (x86)\call of duty black ops 2\t6sp.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8B85439F-2A17-459E-AA57-DD66888D6EBC}C:\program files (x86)\call of duty black ops 2\t6sp.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2863EBD4-65AA-4127-967E-FD61A1B25701}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0712093B-F222-491B-BA93-A88837CAE4ED}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8C85A8F7-E378-45D7-923B-25AAD0F8F4DD}C:\program files (x86)\call of duty black ops 2\t6zm.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6899C2FB-217F-4A11-B446-CF0C037A8E2F}C:\program files (x86)\call of duty black ops 2\t6zm.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5C94EAA3-E694-41F3-B689-23392F89A0D6}D:\games\call of duty black ops iii\blackops3.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4C91E6E8-13D7-4766-B6E8-E62EA38A2B51}D:\games\call of duty black ops iii\blackops3.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D0A39F11-0401-459B-A837-87C574EA2F4A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2ACCB070-3014-4B1C-9978-E4AD4AD3CCE4}" => removed successfully

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 01-05-2021 11:54:58)


Result of scheduled keys to remove after reboot:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully

==== End of Fixlog 11:54:58 ====
 
You must log in or register to reply here.

Similar threads

E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
461
eriksnyman1
E
M
Virus warning popup
Replies
1
Views
527
Mark Fuller
M
Daniel Sims
Google Drive users report losing files from the last few months
Replies
12
Views
339
GodisanAtheist
GodisanAtheist

Latest posts

Back