Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-01-2021
Ran by help (administrator) on DESKTOP-7AS2TU1 (HP HP Laptop 15-bs0xx) (15-01-2021 16:32:58)
Running from C:\Users\help\Downloads
Loaded Profiles: help
Platform: Windows 10 Enterprise Version 1909 18363.1316 (X64) Language: Russian (Russia)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\dglvrsvc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <27>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki131191.inf_amd64_d668106cb6f2eae0\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki131191.inf_amd64_d668106cb6f2eae0\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki131191.inf_amd64_d668106cb6f2eae0\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki131191.inf_amd64_d668106cb6f2eae0\IntelCpHeciSvc.exe
(LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\CSP\3.1.286.0\McCSPServiceHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2011.16.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Shenzhen Huion Animation Technology Co.,LTD -> ) C:\Huion Tablet\Huion Tablet.exe
(Shenzhen Huion Animation Technology Co.,LTD -> ) C:\Huion Tablet\x64\TabletDriverCore.exe
(SurfRight B.V. -> SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(Wondershare software CO., LIMITED -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.2.222\WsAppService.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16733192 2016-11-07] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [TabletDriver] => C:\Huion Tablet\Huion Tablet.exe [240360 2020-06-29] (Shenzhen Huion Animation Technology Co.,LTD -> )
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5890504 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\Run: [uTorrent] => C:\Users\help\AppData\Roaming\uTorrent\uTorrent.exe [2072816 2020-05-15] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3365840 2020-02-11] (Valve -> Valve Corporation)
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\Run: [Chromium] => "c:\users\help\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\help\AppData\Local\Microsoft\Teams\Update.exe [2453688 2020-11-21] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\Run: [TabletDriver] => C:\Huion Tablet\x64\TabletDriverCore.exe [321256 2020-06-29] (Shenzhen Huion Animation Technology Co.,LTD -> )
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\MountPoints2: {b8be1daf-580b-11ea-b4af-409f388e5364} - "F:\HiSuiteDownLoader.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe [2021-01-12] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Huion Tablet.lnk [2021-01-12]
ShortcutTarget: Huion Tablet.lnk -> C:\Huion Tablet\Huion Tablet.exe (Shenzhen Huion Animation Technology Co.,LTD -> )
Startup: C:\Users\help\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Отправка в OneNote.lnk [2021-01-15]
ShortcutTarget: Отправка в OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {204CC9D8-F916-4FFF-A6EF-28DE21C3E797} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1741416 2020-09-19] (Avast Software s.r.o. -> Avast Software)
Task: {2FB3B776-07D2-432F-AA47-E07BFBE0BE64} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {4007E1DD-B0EA-429F-AF6A-1C0897C3E685} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe
Task: {40CBBF75-E35F-42E8-B77E-12592E8AAAA0} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {508C51F8-9C76-4138-8A2F-9A539D313A54} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-12-17] (Google Inc -> Google Inc.)
Task: {5376B5D1-65E2-42D2-9D77-FADAF3D01F0F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {58F4708A-1867-4C57-9BB5-0475C411101F} - System32\Tasks\G2MUpdateTask-S-1-5-21-2223184529-1837807021-1881898419-1001 => C:\Users\help\AppData\Local\GoToMeeting\19228\g2mupdate.exe [31320 2020-12-31] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {7658D50B-F714-40E7-97F6-54B03D0E697D} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [52104 2017-04-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {7D73EE12-3957-4C4F-AA91-24EE9488358B} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {7DDFFCE3-21D6-4D3F-A977-A23360BF666C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {88F5C7A7-F2B6-42BA-8FD1-88ADD07290B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-12-17] (Google Inc -> Google Inc.)
Task: {A18DBB75-3CA7-4205-9BDD-D95144FEE988} - System32\Tasks\G2MUploadTask-S-1-5-21-2223184529-1837807021-1881898419-1001 => C:\Users\help\AppData\Local\GoToMeeting\19228\g2mupload.exe [31320 2020-12-31] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {BFE4DEB8-4F0B-41B0-825D-E874B61E7AE0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {D39DD3FA-7313-4CE4-AF94-5A8D860592B5} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [468992 2019-05-22] (Advanced Micro Devices, Inc.) [File not signed]
Task: {EC5C8DE2-C69C-4CF1-8957-3751AC8769B7} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [468992 2019-05-22] (Advanced Micro Devices, Inc.) [File not signed]
Task: {EC771863-6B5B-4233-9678-EB11CB6D8DD9} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [64920 2020-03-10] (Microsoft Corporation -> Microsoft)
Task: {F47D41D6-DD2D-42E3-A376-3C4FD9D7E053} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [693456 2020-12-18] (Mozilla Corporation -> Mozilla Foundation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2223184529-1837807021-1881898419-1001.job => C:\Users\help\AppData\Local\GoToMeeting\19228\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2223184529-1837807021-1881898419-1001.job => C:\Users\help\AppData\Local\GoToMeeting\19228\g2mupload.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{e877362d-62d9-49f4-b5f4-c50a55c6d88f}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{ee410218-036b-40ac-8046-211596f8418d}: [DhcpNameServer] 192.168.0.1
Edge:
======
Edge Profile: C:\Users\help\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-15]
Edge StartupUrls: Default -> "hxxps://go.microsoft.com/fwlink/?LinkId=625119&clcid=0x419"
FireFox:
========
FF DefaultProfile: xqv515l1.default
FF ProfilePath: C:\Users\help\AppData\Roaming\Mozilla\Firefox\Profiles\xqv515l1.default [2020-03-12]
FF ProfilePath: C:\Users\help\AppData\Roaming\Mozilla\Firefox\Profiles\6zyppz0e.default-release [2021-01-15]
FF Notifications: Mozilla\Firefox\Profiles\6zyppz0e.default-release -> hxxps://keep.google.com
FF Extension: (Dark Reader) - C:\Users\help\AppData\Roaming\Mozilla\Firefox\Profiles\6zyppz0e.default-release\Extensions\addon@darkreader.org.xpi [2020-12-04]
FF Extension: (Greasemonkey) - C:\Users\help\AppData\Roaming\Mozilla\Firefox\Profiles\6zyppz0e.default-release\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2020-03-18]
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/AuthorwarePlayer -> C:\Windows\system32\Macromed\AUTHORWA\np32asw.dll [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1218158.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2223184529-1837807021-1881898419-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\help\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-05-15] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\help\AppData\Local\Google\Chrome\User Data\Default [2021-01-15]
CHR DefaultSearchURL: Default -> hxxps://statics.teams.cdn.office.net/hashedassets/favicon/prod/favicon-32x32-0b158ae.png
CHR Extension: (Docs) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-17]
CHR Extension: (Google Drive) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-26]
CHR Extension: (YouTube) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-17]
CHR Extension: (uBlock Origin) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2021-01-10]
CHR Extension: (Google Docs Offline) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-13]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2020-04-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-16]
CHR Extension: (Gmail) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-25]
CHR Extension: (Chrome Media Router) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-10]
CHR Extension: (Sechenov Online) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Default\Extensions\pndcfhhheooopfkgicbdcemgikagkgee [2020-05-22]
CHR Profile: C:\Users\help\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-01-15]
CHR Profile: C:\Users\help\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-01-15]
CHR Extension: (Slides) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-05-21]
CHR Extension: (Docs) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2020-05-21]
CHR Extension: (Google Drive) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-02]
CHR Extension: (YouTube) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-05-21]
CHR Extension: (Adobe Acrobat) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-05-21]
CHR Extension: (Sheets) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-05-21]
CHR Extension: (Google Docs Offline) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-12-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-05-21]
CHR Extension: (Gmail) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-02]
CHR Extension: (Chrome Media Router) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-02]
CHR Profile: C:\Users\help\AppData\Local\Google\Chrome\User Data\System Profile [2021-01-15]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8473200 2019-03-29] (BattlEye Innovations e.K. -> )
R2 dglvrsvc; C:\WINDOWS\dglvrsvc.exe [40928 2016-09-02] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-10] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3361736 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [162392 2021-01-15] (SurfRight B.V. -> SurfRight B.V.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-01-15] (Malwarebytes Inc -> Malwarebytes)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.1.286.0\\McCSPServiceHost.exe [2226608 2019-06-13] (McAfee, LLC. -> McAfee, LLC.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6264144 2021-01-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.222\WsAppService.exe [474768 2017-03-01] (Wondershare software CO., LIMITED -> Wondershare)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 dglvrbus; C:\WINDOWS\System32\drivers\dglvrbus.sys [85984 2016-09-02] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
R3 dglvrkdod; C:\WINDOWS\system32\DRIVERS\dglvrkdod.sys [45536 2016-09-02] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
R3 dglvrmflt; C:\WINDOWS\System32\drivers\dglvrmflt.sys [27104 2016-09-02] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
R3 DroidCam; C:\WINDOWS\System32\drivers\droidcam.sys [33592 2020-03-17] (DEV47 APPS -> Dev47Apps)
R3 DroidCamVideo; C:\WINDOWS\System32\drivers\droidcamvideo.sys [229432 2020-03-17] (DEV47 APPS -> Dev47Apps)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2021-01-15] (Malwarebytes Corporation -> Malwarebytes)
S3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2017-06-29] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220160 2021-01-15] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-01-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [197792 2021-01-15] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-01-15] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2021-01-15] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [139424 2021-01-15] (Malwarebytes Inc -> Malwarebytes)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [36168 2019-08-22] (McAfee, Inc. -> The OpenVPN Project)
R3 vmulti; C:\WINDOWS\System32\drivers\vmulti.sys [10752 2018-03-16] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [74552 2019-05-03] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 xspirit; C:\WINDOWS\xspirit.sys [47928 2019-05-03] (Wellbia.com Co., Ltd. -> )
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
Error Reading file: "C:\Users\help\Downloads\Unconfirmed 723522.crdownload"
Error Reading file: "C:\Users\help\Downloads\Adobe Photoshop CC 2019 "
2021-01-15 16:32 - 2021-01-15 16:34 - 000023975 _____ C:\Users\help\Downloads\FRST.txt
2021-01-15 16:32 - 2021-01-15 16:33 - 000000000 ____D C:\FRST
2021-01-15 16:31 - 2021-01-15 16:31 - 002281472 _____ (Farbar) C:\Users\help\Downloads\FRST64.exe
2021-01-15 16:13 - 2021-01-15 16:13 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-01-15 16:12 - 2021-01-15 16:12 - 000197792 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-01-15 16:12 - 2021-01-15 16:12 - 000139424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-01-15 16:07 - 2021-01-15 16:07 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2021-01-15 15:53 - 2021-01-15 15:53 - 000001966 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2021-01-15 15:53 - 2021-01-15 15:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2021-01-15 15:53 - 2021-01-15 15:53 - 000000000 ____D C:\Program Files\HitmanPro
2021-01-15 15:52 - 2021-01-15 16:10 - 000000000 ____D C:\Users\Все пользователи\HitmanPro
2021-01-15 15:52 - 2021-01-15 16:10 - 000000000 ____D C:\ProgramData\HitmanPro
2021-01-15 15:52 - 2021-01-15 15:52 - 011431000 _____ (SurfRight B.V.) C:\Users\help\Downloads\hitmanpro_x64.exe
2021-01-15 15:32 - 2021-01-15 16:15 - 000003110 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate
2021-01-15 15:14 - 2021-01-15 15:25 - 000000000 ____D C:\AdwCleaner
2021-01-15 15:12 - 2021-01-15 15:12 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-01-15 15:12 - 2021-01-15 15:12 - 000220160 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-01-15 15:12 - 2021-01-15 15:12 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-01-15 15:12 - 2021-01-15 15:12 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-01-15 15:12 - 2021-01-15 15:12 - 000000000 ____D C:\Users\help\AppData\Local\mbam
2021-01-15 15:12 - 2021-01-15 15:11 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-01-15 15:12 - 2021-01-15 15:11 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-01-15 15:11 - 2021-01-15 15:12 - 008458096 _____ (Malwarebytes) C:\Users\help\Downloads\adwcleaner_8.0.9.exe
2021-01-15 15:11 - 2021-01-15 15:11 - 000000000 ____D C:\Users\Все пользователи\Malwarebytes
2021-01-15 15:11 - 2021-01-15 15:11 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-15 15:10 - 2021-01-15 15:10 - 000000000 ____D C:\Program Files\Malwarebytes
2021-01-15 15:09 - 2021-01-15 15:09 - 002086424 _____ (Malwarebytes) C:\Users\help\Downloads\MBSetup.exe
2021-01-15 14:55 - 2021-01-15 14:55 - 000000549 _____ C:\Users\help\Downloads\delete_chrome_policies.bat
2021-01-15 13:49 - 2021-01-15 13:49 - 000000000 ____D C:\Users\Все пользователи\Thunder Network
2021-01-15 13:49 - 2021-01-15 13:49 - 000000000 ____D C:\Users\Public\Thunder Network
2021-01-15 13:49 - 2021-01-15 13:49 - 000000000 ____D C:\ProgramData\Thunder Network
2021-01-15 13:49 - 2021-01-15 13:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HappyNewYear
2021-01-15 12:48 - 2021-01-15 12:51 - 000064955 _____ C:\Users\help\Documents\Jan 15 12h48.svgz
2021-01-15 12:14 - 2021-01-15 12:15 - 000000000 ____D C:\Program Files\PDF Annotator
2021-01-15 12:14 - 2021-01-15 12:14 - 000000948 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Annotator.lnk
2021-01-15 12:14 - 2021-01-15 12:14 - 000000936 _____ C:\Users\Public\Desktop\PDF Annotator.lnk
2021-01-15 12:11 - 2020-09-26 18:08 - 000000000 ____D C:\Users\help\Downloads\PDF Annotator Version 8.0.0.811(RPD Tips & Tricks)
2021-01-15 11:58 - 2021-01-15 11:58 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-15 11:58 - 2021-01-15 11:58 - 000502784 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-01-15 11:58 - 2021-01-15 11:58 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-15 11:58 - 2021-01-15 11:58 - 000151040 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-01-15 11:58 - 2021-01-15 11:58 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-15 11:58 - 2021-01-15 11:58 - 000094720 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-15 11:58 - 2021-01-15 11:58 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-15 11:57 - 2021-01-15 11:57 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-15 11:57 - 2021-01-15 11:57 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-15 11:57 - 2021-01-15 11:57 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-15 11:57 - 2021-01-15 11:57 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-15 11:57 - 2021-01-15 11:57 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-15 11:57 - 2021-01-15 11:57 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-15 11:57 - 2021-01-15 11:57 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-15 11:57 - 2021-01-15 11:57 - 000053248 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-15 11:56 - 2021-01-15 11:56 - 000696832 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-15 11:56 - 2021-01-15 11:56 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-15 11:56 - 2021-01-15 11:56 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-15 11:56 - 2021-01-15 11:56 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-15 11:56 - 2021-01-15 11:56 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth18.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth17.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth16.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth15.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2021-01-15 11:55 - 2021-01-15 11:55 - 001101312 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-15 11:55 - 2021-01-15 11:55 - 000458240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-15 11:55 - 2021-01-15 11:55 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-15 11:55 - 2021-01-15 11:55 - 000208384 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-15 11:55 - 2021-01-15 11:55 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-15 11:54 - 2021-01-15 11:54 - 002590720 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-15 11:54 - 2021-01-15 11:54 - 000331264 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-15 11:54 - 2021-01-15 11:54 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-15 11:54 - 2021-01-15 11:54 - 000186368 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-15 11:53 - 2021-01-15 11:53 - 001841152 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-15 11:53 - 2021-01-15 11:53 - 000549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-15 11:53 - 2021-01-15 11:53 - 000266752 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-15 11:52 - 2021-01-15 11:52 - 000540672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-15 11:52 - 2021-01-15 11:52 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-15 11:52 - 2021-01-15 11:52 - 000164864 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-15 11:52 - 2021-01-15 11:52 - 000061440 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-01-15 11:51 - 2021-01-15 11:51 - 000453632 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-14 23:04 - 2021-01-14 23:06 - 000000000 ____D C:\Users\help\Desktop\physics
2021-01-14 14:37 - 2021-01-14 15:06 - 000425022 _____ C:\Users\help\Downloads\Quiz(linear function).pdf9J (1).pdf
2021-01-14 14:37 - 2021-01-14 14:37 - 000137997 _____ C:\Users\help\Downloads\Quiz(linear function).pdf9J.pdf
2021-01-14 14:20 - 2021-01-14 14:25 - 000000000 ____D C:\Program Files (x86)\iSkysoft
2021-01-14 14:20 - 2021-01-14 14:20 - 000000000 ____D C:\Program Files\Common Files\Wondershare
2021-01-14 14:18 - 2021-01-15 12:08 - 000000000 ____D C:\Users\Public\Documents\iSkysoft
2021-01-13 23:56 - 2021-01-13 23:56 - 000489971 _____ C:\Users\help\Downloads\Unnamed.pdf
2021-01-13 22:48 - 2021-01-13 22:48 - 005597251 _____ C:\Users\help\Downloads\January 12th homework (Jan 13, 2021 08_54_34).jpeg
2021-01-13 19:48 - 2021-01-13 19:48 - 016810856 _____ C:\Users\help\Desktop\Chemistry workbook answers.pdf
2021-01-13 19:47 - 2021-01-14 21:16 - 004375955 _____ C:\Users\help\Desktop\Chemistry workbook.pdf
2021-01-13 19:20 - 2021-01-13 19:20 - 001979254 _____ C:\Users\help\Downloads\phy hw 13jan.pdf
2021-01-13 14:39 - 2021-01-13 14:50 - 000207771 _____ C:\Users\help\Downloads\Newton laws (1).pdf
2021-01-13 14:39 - 2021-01-13 14:39 - 000169593 _____ C:\Users\help\Downloads\Newton laws.pdf
2021-01-13 13:01 - 2021-01-13 15:46 - 001021102 _____ C:\Users\help\Downloads\Calculus 9J and 9K.pdf
2021-01-13 12:34 - 2021-01-13 12:34 - 000569859 _____ C:\Users\help\Downloads\eng assesment 13 jan.pdf
2021-01-13 10:53 - 2021-01-13 10:53 - 001940029 _____ C:\Users\help\Downloads\9J.pdf
2021-01-13 10:44 - 2021-01-13 10:44 - 000000000 ____D C:\Users\help\AppData\Roaming\Softland
2021-01-13 10:43 - 2021-01-15 12:26 - 000000000 ____D C:\Users\help\AppData\Local\PDF Annotator
2021-01-13 10:39 - 2021-01-13 10:41 - 072381744 _____ (GRAHL software design ) C:\Users\help\Downloads\PDFAnnotatorSetup.exe
2021-01-12 22:51 - 2021-01-12 22:51 - 000387522 _____ C:\Users\help\Downloads\hw9J.pdf
2021-01-12 19:55 - 2021-01-13 11:38 - 005520521 _____ C:\Users\help\Downloads\Rate of Reaction 1 QP.pdf
2021-01-12 19:50 - 2021-01-12 19:50 - 000000728 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Huion Tablet Uninstall .lnk
2021-01-12 19:50 - 2021-01-12 19:50 - 000000691 _____ C:\Users\Public\Desktop\Huion Tablet.lnk
2021-01-12 19:50 - 2021-01-12 19:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Huion Tablet
2021-01-12 19:50 - 2021-01-12 19:50 - 000000000 ____D C:\Huion Tablet
2021-01-12 19:50 - 2020-04-21 08:51 - 000221184 _____ (Graphics Tablet) C:\WINDOWS\system32\wintab32.dll
2021-01-12 19:50 - 2020-04-21 08:50 - 000190976 _____ (Graphics Tablet) C:\WINDOWS\SysWOW64\wintab32.dll
2021-01-12 19:50 - 2018-03-16 10:55 - 000010752 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\vmulti.sys
2021-01-12 19:50 - 2018-03-16 10:55 - 000007680 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\hidkmdf.sys
2021-01-09 21:27 - 2021-01-09 21:27 - 005831168 _____ C:\Users\help\Downloads\Chemical tests.ppt
2021-01-09 17:42 - 2018-07-12 01:50 - 1457383746 _____ C:\Users\help\Desktop\Biology +.pdf
2021-01-07 17:56 - 2021-01-07 17:57 - 004901376 _____ C:\Users\help\Downloads\8. Rates of Reaction v1.0.ppt
2021-01-07 16:29 - 2021-01-07 17:47 - 1310567896 _____ C:\Users\help\Desktop\Physics +.pdf
2021-01-06 21:39 - 2021-01-06 21:39 - 121281989 _____ C:\Users\help\Downloads\Complete Chemistry for cambridge IGCSE Third edition .pdf
2021-01-06 17:37 - 2021-01-06 17:37 - 000105731 _____ C:\Users\help\Downloads\WhatsApp Image 2021-01-06 at 12.38.52.jpeg
2021-01-05 21:34 - 2021-01-05 21:34 - 000001809 _____ C:\Users\help\Documents\anki.txt
2021-01-05 21:32 - 2021-01-05 21:32 - 000040243 _____ C:\Users\help\Downloads\quizlet.pdf
2021-01-05 20:42 - 2021-01-05 20:42 - 000000000 ____D C:\Users\help\AppData\Local\Anki
2021-01-05 20:41 - 2021-01-14 23:51 - 000000000 ____D C:\Users\help\AppData\Roaming\Anki2
2021-01-05 20:40 - 2021-01-05 20:40 - 000000531 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk
2021-01-05 20:40 - 2021-01-05 20:40 - 000000519 _____ C:\Users\Public\Desktop\Anki.lnk
2021-01-05 20:40 - 2021-01-05 20:40 - 000000000 ____D C:\Program Files\Anki
2021-01-05 20:32 - 2021-01-05 20:38 - 104219912 _____ C:\Users\help\Downloads\anki-2.1.38-windows.exe
2021-01-05 13:26 - 2021-01-05 13:26 - 000002122 _____ C:\Users\Public\Desktop\Twomon PC Program.lnk
2021-01-05 13:26 - 2021-01-05 13:26 - 000000000 ____D C:\Users\help\AppData\Local\Devguru
2021-01-05 13:26 - 2021-01-05 13:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Twomon PC Program
2021-01-05 13:26 - 2021-01-05 13:26 - 000000000 ____D C:\Program Files (x86)\Twomon PC Program
2021-01-05 13:26 - 2016-09-02 16:19 - 000040928 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\dglvrsvc.exe
2021-01-05 13:26 - 2016-09-02 16:19 - 000032736 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\dglvrproc.exe
2021-01-05 13:22 - 2021-01-05 13:22 - 000000000 ____D C:\Users\help\AppData\Local\Downloaded Installations
2021-01-05 13:21 - 2021-01-05 13:22 - 048647168 _____ (Devguru Co., LTD ) C:\Users\help\Downloads\Twomon_PC_Program_Win_2.0.67.0.exe
2021-01-05 11:08 - 2021-01-05 11:08 - 005812224 _____ C:\Users\help\Downloads\spacedesk_driver_Win_10_64_v0976_BETA.msi
2020-12-18 11:32 - 2020-12-18 11:32 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2020-12-18 11:15 - 2021-01-12 20:01 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-12-16 20:38 - 2020-12-16 20:38 - 000000000 ____D C:\Users\help\Documents\Записные книжки OneNote
2020-12-16 20:36 - 2020-12-16 20:36 - 001156872 _____ C:\Users\help\Downloads\17.2_-_chemical_tests_1c__-_edexcel_igcse_9-1__chemistry_qp.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-15 16:26 - 2019-03-19 08:52 - 000000000 ____D C:\Users\Все пользователи\regid.1991-06.com.microsoft
2021-01-15 16:26 - 2019-03-19 08:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-15 16:14 - 2017-12-19 22:20 - 000000000 __SHD C:\Users\help\IntelGraphicsProfiles
2021-01-15 16:12 - 2020-10-11 19:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-15 16:10 - 2019-03-19 08:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-01-15 16:07 - 2019-05-18 13:07 - 000000000 ____D C:\Users\help\Documents\ps
2021-01-15 15:46 - 2020-10-11 19:16 - 000000000 ____D C:\Users\help
2021-01-15 15:44 - 2020-10-11 19:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-15 15:28 - 2020-03-12 13:32 - 000000000 ____D C:\Users\Все пользователи\Mozilla
2021-01-15 15:28 - 2020-03-12 13:32 - 000000000 ____D C:\Users\help\AppData\LocalLow\Mozilla
2021-01-15 15:28 - 2020-03-12 13:32 - 000000000 ____D C:\ProgramData\Mozilla
2021-01-15 15:25 - 2017-12-19 19:31 - 000000000 ____D C:\Users\help\AppData\Local\Lavasoft
2021-01-15 15:25 - 2017-12-19 19:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2021-01-15 15:25 - 2017-12-19 19:30 - 000000000 ____D C:\Users\help\AppData\Roaming\Lavasoft
2021-01-15 15:25 - 2017-12-19 19:30 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2021-01-15 15:25 - 2017-12-19 19:29 - 000000000 ____D C:\Users\Все пользователи\Lavasoft
2021-01-15 15:25 - 2017-12-19 19:29 - 000000000 ____D C:\ProgramData\Lavasoft
2021-01-15 15:12 - 2019-03-19 08:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-01-15 14:48 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-01-15 14:43 - 2018-09-26 23:27 - 000000000 ____D C:\Users\help\AppData\Local\PlaceholderTileLogoFolder
2021-01-15 14:43 - 2017-12-31 22:18 - 000000000 ____D C:\Users\help\AppData\Local\Packages
2021-01-15 14:42 - 2019-03-19 08:52 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-15 14:15 - 2017-12-17 18:14 - 000000000 ____D C:\Users\help\AppData\Local\Microsoft Help
2021-01-15 14:14 - 2020-10-11 19:29 - 000005810 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-15 14:14 - 2019-03-19 15:34 - 000907668 _____ C:\WINDOWS\system32\perfh019.dat
2021-01-15 14:14 - 2019-03-19 15:34 - 000193872 _____ C:\WINDOWS\system32\perfc019.dat
2021-01-15 14:10 - 2017-12-31 22:41 - 000000000 ___RD C:\Users\help\3D Objects
2021-01-15 14:10 - 2017-12-17 18:01 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-01-15 14:08 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2021-01-15 14:06 - 2020-10-11 19:07 - 000448736 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-15 14:02 - 2019-03-19 08:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-15 14:02 - 2019-03-19 08:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-15 14:02 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-15 14:02 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-15 14:02 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-15 14:02 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-15 14:02 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-15 14:01 - 2019-03-19 08:52 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-15 14:01 - 2019-03-19 08:52 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-15 14:01 - 2019-03-19 08:52 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-15 14:01 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-15 14:01 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-15 14:01 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-15 14:01 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-15 14:01 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-15 14:01 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-15 14:01 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-01-15 14:01 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-15 14:01 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-15 14:01 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-15 13:59 - 2019-03-19 15:36 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-15 13:59 - 2019-03-19 15:36 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-01-15 13:59 - 2019-03-19 15:36 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-15 13:59 - 2019-03-19 08:52 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-15 13:59 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-15 13:59 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-15 13:59 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-15 13:59 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-01-15 13:59 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\IME
2021-01-15 13:59 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-15 13:59 - 2019-03-19 08:52 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-15 13:58 - 2019-03-19 08:50 - 000000000 ____D C:\WINDOWS\INF
2021-01-15 12:39 - 2019-03-19 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-15 12:36 - 2017-12-19 21:57 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-15 12:11 - 2017-12-19 21:57 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-01-15 11:51 - 2020-10-11 19:11 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-01-15 11:50 - 2020-10-11 19:38 - 000004166 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{190B990F-D040-43EF-9BD3-A499CDD0183D}
2021-01-14 17:44 - 2019-12-17 15:56 - 000000000 ____D C:\Users\help\Documents\Wondershare Filmora 9
2021-01-14 17:44 - 2017-12-24 23:03 - 000000000 ____D C:\Program Files (x86)\Wondershare
2021-01-14 14:24 - 2017-12-24 23:02 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2021-01-14 14:20 - 2020-09-05 08:55 - 000000000 ____D C:\Users\help\AppData\Roaming\Wondershare
2021-01-12 20:01 - 2020-03-17 10:39 - 000000660 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2223184529-1837807021-1881898419-1001.job
2021-01-12 20:01 - 2020-03-17 10:39 - 000000564 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2223184529-1837807021-1881898419-1001.job
2021-01-12 20:01 - 2020-03-12 13:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-01-12 19:50 - 2020-06-21 18:21 - 000000000 ____D C:\Program Files\DIFX
2021-01-12 19:32 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-01-12 15:43 - 2017-12-17 21:17 - 000002297 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-09 22:51 - 2020-09-11 14:26 - 000002433 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-05 13:25 - 2017-12-17 21:16 - 000000000 ____D C:\Users\Все пользователи\Package Cache
2021-01-05 13:25 - 2017-12-17 21:16 - 000000000 ____D C:\ProgramData\Package Cache
2020-12-31 22:15 - 2020-10-11 19:38 - 000003828 _____ C:\WINDOWS\system32\Tasks\G2MUploadTask-S-1-5-21-2223184529-1837807021-1881898419-1001
2020-12-31 22:15 - 2020-10-11 19:38 - 000003732 _____ C:\WINDOWS\system32\Tasks\G2MUpdateTask-S-1-5-21-2223184529-1837807021-1881898419-1001
2020-12-31 22:15 - 2020-03-17 10:39 - 000000000 ____D C:\Users\help\AppData\Local\GoToMeeting
2020-12-18 11:32 - 2020-03-12 13:32 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-12-17 18:52 - 2020-10-11 19:38 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2223184529-1837807021-1881898419-1001
2020-12-17 18:52 - 2020-10-11 19:16 - 000002364 _____ C:\Users\help\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-12-17 18:52 - 2017-12-17 18:03 - 000000000 ___RD C:\Users\help\OneDrive
2020-12-16 08:51 - 2020-07-23 14:27 - 000000000 ____D C:\Users\help\Desktop\Saadat Y
==================== Files in the root of some directories ========
2019-11-30 21:28 - 2020-07-04 17:54 - 000000132 _____ () C:\Users\help\AppData\Roaming\Adobe PNG Format CS6 Prefs
2019-09-11 00:58 - 2019-09-11 00:58 - 000001147 _____ () C:\Users\help\AppData\Roaming\AppData - Shortcut.lnk
2019-06-17 12:57 - 2019-06-17 13:05 - 000000013 _____ () C:\Users\help\AppData\Roaming\doubleRunningProtection.txt
2019-05-17 22:23 - 2019-05-17 22:23 - 000000868 _____ () C:\Users\help\AppData\Local\recently-used.xbel
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-01-2021
Ran by help (15-01-2021 16:36:31)
Running from C:\Users\help\Downloads
Windows 10 Enterprise Version 1909 18363.1316 (X64) (2020-10-11 15:39:20)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
DefaultAccount (S-1-5-21-2223184529-1837807021-1881898419-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2223184529-1837807021-1881898419-1000 - Limited - Disabled) => C:\Users\defaultuser0
help (S-1-5-21-2223184529-1837807021-1881898419-1001 - Administrator - Enabled) => C:\Users\help
WDAGUtilityAccount (S-1-5-21-2223184529-1837807021-1881898419-504 - Limited - Disabled)
Администратор (S-1-5-21-2223184529-1837807021-1881898419-500 - Administrator - Disabled)
Гость (S-1-5-21-2223184529-1837807021-1881898419-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\uTorrent) (Version: 3.5.5.45628 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Russian (HKLM-x32\...\{AC76BA86-7AD7-1049-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Adobe Shockwave Player + Authorware Web Player (HKLM-x32\...\Adobe Shockwave Player + Authorware Web Player) (Version: v12.1.8.158 - Adobe Systems, Inc.)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.5.2 - Advanced Micro Devices, Inc.)
Anki (HKLM-x32\...\Anki) (Version: 2.1.38 - )
Apowersoft Online Launcher version 1.7.8 (HKLM-x32\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.7.8 - APOWERSOFT LIMITED)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - )
Branding64 (HKLM\...\{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{88DF5BD8-ECDC-C8D5-3BF2-B34D267A4EAC}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{6CECB174-D3F6-2273-7975-EC4C9A2C2A2B}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{FD4A7E74-34C1-45A6-CC98-2A733C3CFDF5}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{2510AF49-7D35-012F-FF7C-BC0DE1CBD1DE}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{6D1CD857-3315-EC3E-15C2-C455D3B58435}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{B8F467BC-FDE8-0026-69EA-FDCA59B1876A}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{F1866165-2781-1515-CB4A-02D8A6AEBD26}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{EF1BBF91-38E3-E7C8-4F09-A391D507B92D}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{F693598B-E1B5-6F2F-5334-90F5C1876466}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{003781D1-BDEE-4EA2-9732-82EB074FA4E3}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{CADEE18A-A69D-FB91-6524-804E5318A472}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{076C8B36-F8EF-5685-5A70-CEE81BC86B37}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{63264374-FEC2-8C52-B12E-EC4A5F477F7D}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{078DD9C3-3A83-280B-4515-6FFF43E0EE88}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{08C0E88B-E44D-1CFA-2269-B0886674F6F8}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{4D8AB00F-44BE-EAB4-9299-8795D7D16842}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{DC41E589-5399-B0BD-E7FF-E3AFCCA693F7}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{27E87D5B-DA2F-2586-0063-AE9806ACA82A}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{7B759E98-486F-D349-0F3B-4BD898D8A01D}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{8114EA06-77B9-029D-9ABA-B77610EA6FD0}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{7528D6F7-D0E1-0E7B-91E4-B3A4E35C469C}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
DriverTools 1.0 (HKLM-x32\...\DriverTools) (Version: 1.0 - Huawei Technologies Co.,Ltd)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Fallout 3 (HKLM-x32\...\1454315831_is1) (Version: 1.7.0.3 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.141 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
GoTo Opener (HKLM-x32\...\{E69269DB-A77B-4BC1-8F39-241107B09F26}) (Version: 1.0.539 - LogMeIn, Inc.)
GoToMeeting 10.15.0.19228 (HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\GoToMeeting) (Version: 10.15.0.19228 - LogMeIn, Inc.)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.20.314 - SurfRight B.V.)
Huion Tablet v14.8.137.1273 (HKLM\...\{62047893-F186-48B8-83A5-1C74D8666D19}_is1) (Version: v14.8.137.1273 - )
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 25.20.100.6518 - Intel Corporation)
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
K-Lite Mega Codec Pack 11.2.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.2.0 - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\{ECC0FA07-863E-44BC-8B1D-DA22F96E5FB7}) (Version: 2.2.0.633 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.633 - LogMeIn, Inc.)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
McAfee Safe Connect (HKLM-x32\...\{095c98d4-cc8d-4a11-9c82-9ed357ac4f7f}) (Version: 2.4.2 - McAfee)
McAfee Safe Connect (HKLM-x32\...\{71600119-A99D-4260-8B69-7545BB4C21C0}) (Version: 2.4.2 - McAfee) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.75 - Корпорация Майкрософт)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft Office профессиональный плюс 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\Teams) (Version: 1.3.00.30866 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61135 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61135 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61135 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61135 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual C++ 2017 x86 Additional Runtime - 14.12.25711 (HKLM-x32\...\{8FDCF95F-4756-34F4-9DA2-D708E7FAC504}) (Version: 14.12.25711 - Microsoft Corporation)
Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.12.25711 (HKLM-x32\...\{6E894015-A182-3C1E-A7D2-3032CB2E1D43}) (Version: 14.12.25711 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{FD9D64F4-CAF5-3D23-845A-B843C78CC1A5}) (Version: 10.0.60830 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.4.1083.303 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.4.3 (HKLM-x32\...\{B561660D-8B3C-491D-9E3E-293F14FCAADA}_is1) (Version: 1.4.3 - Samuel Rodberg)
Mozilla Firefox 84.0 (x64 en-US) (HKLM\...\Mozilla Firefox 84.0 (x64 en-US)) (Version: 84.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 74.0 - Mozilla)
MPC-HC (HKLM\...\MPC-HC) (Version: - MPC-HC Team)
PDF Annotator 8.0.0.811 (HKLM\...\PDFAnnotator_is1) (Version: 8.0.0.811 - GRAHL software design)
Point Blank (HKLM-x32\...\Point Blank) (Version: 1.0.0 - Zepetto & nFinity)
PyCharm Community Edition 2020.1.2 (HKLM-x32\...\PyCharm Community Edition 2020.1.2) (Version: 201.7846.77 - JetBrains s.r.o.)
Python 3.7.4 (32-bit) (HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\{b66087e3-469e-4725-8b9b-f0981244afea}) (Version: 3.7.4150.0 - Python Software Foundation)
Python 3.7.4 Add to Path (32-bit) (HKLM-x32\...\{53C4AA04-FA4C-49B0-AC2E-E7134655B041}) (Version: 3.7.4150.0 - Python Software Foundation) Hidden
Python 3.7.4 Core Interpreter (32-bit) (HKLM-x32\...\{A56641A4-58A7-471F-A0AE-A6633F4FA2BB}) (Version: 3.7.4150.0 - Python Software Foundation) Hidden
Python 3.7.4 Development Libraries (32-bit) (HKLM-x32\...\{4816C66E-55BF-4A8D-A5CE-FEAC36F4D192}) (Version: 3.7.4150.0 - Python Software Foundation) Hidden
Python 3.7.4 Documentation (32-bit) (HKLM-x32\...\{BB344FE7-A97C-44F0-BAF4-AA0C7D6359BA}) (Version: 3.7.4150.0 - Python Software Foundation) Hidden
Python 3.7.4 Executables (32-bit) (HKLM-x32\...\{CE095720-010D-4605-872E-EF3673551DF0}) (Version: 3.7.4150.0 - Python Software Foundation) Hidden
Python 3.7.4 pip Bootstrap (32-bit) (HKLM-x32\...\{8DA900ED-69C5-41D9-8F85-416FBE1C89CB}) (Version: 3.7.4150.0 - Python Software Foundation) Hidden
Python 3.7.4 Standard Library (32-bit) (HKLM-x32\...\{236BB597-B9C7-4084-BD77-0DCCDA0D947F}) (Version: 3.7.4150.0 - Python Software Foundation) Hidden
Python 3.7.4 Tcl/Tk Support (32-bit) (HKLM-x32\...\{8F959BE9-8184-4C35-AB2A-87401C0279EB}) (Version: 3.7.4150.0 - Python Software Foundation) Hidden
Python 3.7.4 Test Suite (32-bit) (HKLM-x32\...\{D41CCB8E-4FD1-4EBF-9790-5B2218B5C5DD}) (Version: 3.7.4150.0 - Python Software Foundation) Hidden
Python 3.7.4 Utility Scripts (32-bit) (HKLM-x32\...\{DE70FA71-6C2C-48C2-9B54-4049CD25154C}) (Version: 3.7.4150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{D722DA3A-92F5-454A-BD5D-A48C94D82300}) (Version: 3.7.6762.0 - Python Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7977 - Realtek Semiconductor Corp.)
Roblox Player for help (HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\roblox-player) (Version: - Roblox Corporation)
Scratch Desktop 3.6.0 (HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\bad79d23-e888-5a7b-9e99-60ee89b6c8bf) (Version: 3.6.0 - Scratch Foundation)
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version: - 2K Games, Inc.)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Twomon PC Program (HKLM-x32\...\{ece4c973-e776-4195-9a56-b4f33ade8b84}) (Version: 2.0.67.0 - Devguru Co., LTD)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{0BAA0A93-3AD3-4B19-9105-4C8C3FA92A83}) (Version: 2.67.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{0746492E-47B6-4251-940C-44462DFD74BB}) (Version: 2.55.0.0 - Microsoft Corporation)
Visual Studio Community 2019 (HKLM-x32\...\8d4d67d9) (Version: 16.4.29905.134 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.10 - VideoLAN)
vs_filehandler_amd64 (HKLM-x32\...\{709D609A-B91C-4C1C-890B-966470991D67}) (Version: 16.4.29709 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{6BC9BFD7-46B4-46CF-B248-DEC2B7E2028B}) (Version: 16.4.29709 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{472A5337-3393-436B-8656-00810D36BD67}) (Version: 16.4.29709 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{EC04CD66-C03A-470D-B0D2-4BBC87F6382D}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Windows Driver Package - Graphics Tablet (WinUsb) USBDevice (04/10/2014 8.33.30.0) (HKLM\...\142118DF51345EA02D2B1583E102C8FB95FD6D52) (Version: 04/10/2014 8.33.30.0 - Graphics Tablet)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinRAR 5.20 (64-разрядная) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Zoom (HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)
Засоби перевірки правопису Microsoft Office 2013 – українська мова (HKLM-x32\...\{90150000-001F-0422-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Средства проверки правописания Microsoft Office 2013 — русский (HKLM-x32\...\{90150000-001F-0419-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Packages:
=========
Cloud Drive! -> C:\Program Files\WindowsApps\5913DefineStudio.CloudDrive_4.9.5.0_x64__jj4r3mnwe2ey2 [2021-01-15] (Define Studio) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad]
Microsoft Remote Desktop -> C:\Program Files\WindowsApps\Microsoft.RemoteDesktop_10.2.1646.0_x64__8wekyb3d8bbwe [2021-01-14] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1102.0_x64__8wekyb3d8bbwe [2021-01-14] (Microsoft Studios) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_20.11214.5532.0_x64__8wekyb3d8bbwe [2021-01-12] (Microsoft Corporation)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2020-04-02] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-01-20] (Microsoft Corporation)
Synaptics TouchPad -> C:\Program Files\WindowsApps\SynapticsIncorporated.SynHPConsumerDApp_19005.35054.0.0_x64__807d65c4rvak2 [2020-10-14] (Synaptics Incorporated)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2223184529-1837807021-1881898419-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\help\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20275.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2223184529-1837807021-1881898419-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\help\AppData\Local\GoToMeeting\18962\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
CustomCLSID: HKU\S-1-5-21-2223184529-1837807021-1881898419-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\help\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-15] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-04-17] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki131191.inf_amd64_d668106cb6f2eae0\igfxDTCM.dll [2019-02-25] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-15] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.mjpg] => C:\WINDOWS\system32\bdmjpeg64.dll [17920 2011-09-19] () [File not signed]
HKLM\...\Drivers32: [vidc.mpeg] => C:\WINDOWS\system32\bdmpegv64.dll [62464 2011-09-19] () [File not signed]
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\WINDOWS\system32\bdmpega64.acm [62976 2011-09-19] () [File not signed]
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [15360 2011-09-19] () [File not signed]
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [58368 2011-09-19] () [File not signed]
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [58368 2011-09-19] () [File not signed]
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\help\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Дополнительные возможности.lnk -> C:\Windows\System32\fodhelper.exe (Microsoft Corporation) <==== Cyrillic
ShortcutWithArgument: C:\Users\help\Desktop\Saadat Y\lessons\Seadet - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\help\Desktop\Saadat Y\lessons\Sechenov Online.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=pndcfhhheooopfkgicbdcemgikagkgee
ShortcutWithArgument: C:\Users\help\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Отправка в OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation) -> /tsr <==== Cyrillic
ShortcutWithArgument: C:\Users\help\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sechenov Online.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=pndcfhhheooopfkgicbdcemgikagkgee
ShortcutWithArgument: C:\Users\help\AppData\Roaming\Microsoft\Windows\SendTo\Получатель факса.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo <==== Cyrillic
==================== Loaded Modules (Whitelisted) =============
2016-09-14 03:28 - 2016-09-14 03:28 - 000011776 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 002013696 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-14 03:29 - 2016-09-14 03:29 - 000739840 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-14 03:29 - 2016-09-14 03:29 - 000191488 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2016-09-14 03:29 - 2016-09-14 03:29 - 000071168 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-14 03:29 - 2016-09-14 03:29 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2017-04-17 07:40 - 2017-04-17 07:40 - 000851456 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\CNext\CNext\atiacm64.dll
2017-04-17 07:40 - 2017-04-17 07:40 - 000004608 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\CNext\CNext\atiamenu.dll
2021-01-12 19:50 - 2020-04-21 08:51 - 000221184 _____ (Graphics Tablet) [File not signed] C:\WINDOWS\system32\wintab32.dll
2020-09-05 08:56 - 2015-02-27 14:35 - 000489984 _____ (Newtonsoft) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.2.222\Newtonsoft.Json.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000049664 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qdds.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000029696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000037376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000459776 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjp2.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000236544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000275456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qmng.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000023552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000022528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000351744 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtiff.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000374784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 001212416 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2016-09-14 03:27 - 2016-09-14 03:27 - 000912384 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll
2016-09-14 03:27 - 2016-09-14 03:27 - 005496320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2016-09-14 03:27 - 2016-09-14 03:27 - 005804544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2016-09-14 03:27 - 2016-09-14 03:27 - 001061376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2016-09-14 03:27 - 2016-09-14 03:27 - 003187712 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2016-09-14 03:27 - 2016-09-14 03:27 - 002924544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2016-09-14 03:27 - 2016-09-14 03:27 - 000310784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 005444608 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000277504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000193024 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2020-09-05 08:56 - 2017-03-01 14:30 - 000087040 _____ (Wondershare) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.2.222\WsAppCollect.dll
2020-09-05 08:56 - 2017-03-01 14:30 - 000197632 _____ (Wondershare) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.2.222\WsAppCommon.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Public\AppData:CSM [476]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [234]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10454__171219__yaie
SearchScopes: HKU\S-1-5-21-2223184529-1837807021-1881898419-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10454__171219__yaie&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-21] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-21] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\localhost -> localhost
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-07-16 15:47 - 2019-10-19 13:25 - 000000826 _____ C:\WINDOWS\system32\drivers\etc\hosts
2020-12-05 13:52 - 2020-12-05 13:52 - 000000521 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
192.168.137.1 DESKTOP-7AS2TU1.mshome.net # 2025 12 4 4 9 52 49 93
192.168.137.247 HUAWEI_P20_lite-f10eba60b.mshome.net # 2020 12 6 12 9 52 49 93
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\WINDOWS\System32\OpenSSH\;C:\Users\help\AppData\Local\Programs\Python\Python37-32\Scripts\;C:\Users\help\AppData\Local\Programs\Python\Python37-32\;C:\Users\help\AppData\Local\Microsoft\WindowsApps;C:\Program Files\JetBrains\PyCharm Community Edition 2019.20\bin;C:\Program Files\JetBrains\PyCharm Community Edition 2020.1\bin;C:\Users\help\adb;C:\adb;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\help\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\wallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "egui"
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\StartupApproved\StartupFolder: => "Отправка в OneNote.lnk"
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{5F81F707-46E7-4820-9504-10526DD6C009}C:\users\help\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\help\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{0A687651-1AAC-46E7-AA9A-9F085039D220}C:\users\help\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\help\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CE1E7F1A-49A5-4BFC-BBD5-EC957619411F}] => (Block) C:\program files (x86)\wondershare\mirrorgo\mirrorgo.exe => No File
FirewallRules: [{2E57C025-9CAB-42FF-9A6B-CBE69972691F}] => (Block) C:\program files (x86)\wondershare\mirrorgo\mirrorgo.exe => No File
FirewallRules: [UDP Query User{1DBEE767-B057-40BE-A564-234D1BCA384F}C:\program files (x86)\wondershare\mirrorgo\mirrorgo.exe] => (Allow) C:\program files (x86)\wondershare\mirrorgo\mirrorgo.exe => No File
FirewallRules: [TCP Query User{CBB85DD2-D721-4D8E-9702-5AEC4E4F0172}C:\program files (x86)\wondershare\mirrorgo\mirrorgo.exe] => (Allow) C:\program files (x86)\wondershare\mirrorgo\mirrorgo.exe => No File
FirewallRules: [UDP Query User{6992BEDF-5023-49FF-BC4C-4CFCED1EAF65}C:\program files\jetbrains\pycharm community edition 2020.1\bin\pycharm64.exe] => (Block) C:\program files\jetbrains\pycharm community edition 2020.1\bin\pycharm64.exe => No File
FirewallRules: [TCP Query User{591BFC78-5263-448C-A2BE-3A5AC6359B7E}C:\program files\jetbrains\pycharm community edition 2020.1\bin\pycharm64.exe] => (Block) C:\program files\jetbrains\pycharm community edition 2020.1\bin\pycharm64.exe => No File
FirewallRules: [{D612CFFB-F4DC-4719-8F78-0BADD147D5F2}] => (Block) C:\program files (x86)\soundwire server\soundwireserver.exe => No File
FirewallRules: [{E0EB25EA-4C50-45EC-BD93-CBC10E10BCBA}] => (Block) C:\program files (x86)\soundwire server\soundwireserver.exe => No File
FirewallRules: [UDP Query User{B0CCEB72-A155-4513-BA32-FBA987A93761}C:\program files (x86)\soundwire server\soundwireserver.exe] => (Allow) C:\program files (x86)\soundwire server\soundwireserver.exe => No File
FirewallRules: [TCP Query User{7736FD19-4E74-4BF6-A2BF-00AEF716E946}C:\program files (x86)\soundwire server\soundwireserver.exe] => (Allow) C:\program files (x86)\soundwire server\soundwireserver.exe => No File
FirewallRules: [{B9DF4D34-1BF5-4D3D-9C47-E3E73146D432}] => (Allow) C:\Users\help\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{64F931AD-E661-446E-9382-F7DAF9E1FC32}] => (Allow) C:\Users\help\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{D0BCEFEA-5817-4D6B-A55E-F9F029004BB6}] => (Allow) C:\Users\help\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{0EE148A4-591F-4765-B350-6FFFB2779702}] => (Allow) C:\Users\help\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [UDP Query User{55EE36FA-ACE7-4221-B106-07AE3BD6335F}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{EE0F5984-4967-4A70-9A7F-A0740BB9F3EC}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B2C2A20F-4B3D-4658-BE34-E6AB33D34BCB}] => (Allow) C:\Program Files (x86)\DroidCam\DroidCamApp.exe (DEV47 APPS -> )
FirewallRules: [{B4C61775-1FFC-44AF-917F-F0B55771E95C}] => (Allow) C:\Program Files (x86)\DroidCam\DroidCamApp.exe (DEV47 APPS -> )
FirewallRules: [{BB1DB2CC-6858-4AED-B64B-66E7CEC8930C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9401FB36-B146-44D8-8430-702F986A19A0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{426810FB-5151-48CC-8F6C-A670096F7941}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{66D6F477-B805-484C-BD5D-403A4CD30014}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => No File
FirewallRules: [UDP Query User{0E9C4FDD-696D-4D08-8E97-F39C63FDA543}C:\program files\jetbrains\pycharm community edition 2019.20\bin\pycharm64.exe] => (Block) C:\program files\jetbrains\pycharm community edition 2019.20\bin\pycharm64.exe => No File
FirewallRules: [TCP Query User{A978BB73-D675-44FB-AF6B-51E43E4BFEE8}C:\program files\jetbrains\pycharm community edition 2019.20\bin\pycharm64.exe] => (Block) C:\program files\jetbrains\pycharm community edition 2019.20\bin\pycharm64.exe => No File
FirewallRules: [UDP Query User{FB58B154-ADCF-4DA6-A92E-905856D2DC9E}C:\program files\jetbrains\pycharm community edition 2019.2\bin\pycharm64.exe] => (Block) C:\program files\jetbrains\pycharm community edition 2019.2\bin\pycharm64.exe => No File
FirewallRules: [TCP Query User{0C0DF857-C0F3-4F22-A850-2F6A8E91770D}C:\program files\jetbrains\pycharm community edition 2019.2\bin\pycharm64.exe] => (Block) C:\program files\jetbrains\pycharm community edition 2019.2\bin\pycharm64.exe => No File
FirewallRules: [UDP Query User{5429ECDC-381E-46A8-A7DE-F988A9AC91B3}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [TCP Query User{F44093D0-9C69-4D36-AFAE-907030F86951}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [{CC3CE764-A119-4DCB-B1E4-F4A0FA5AB4F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe () [File not signed]
FirewallRules: [{F92185F8-FF3F-47BC-85EC-D07580D9C3B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe () [File not signed]
FirewallRules: [{F9E56848-9984-4165-AACC-97C9D6BEC40B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{B24FBEEF-5F97-471E-9B32-7EF16A906D37}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{28088C6B-9479-47C1-8CD8-E01FB345DF5C}] => (Allow) C:\Program Files (x86)\TAM Game\PointBlank\PointBlank.exe (Zepetto -> )
FirewallRules: [{C981B3F3-C26A-4BB7-A3B5-37CF47E5BD8A}] => (Allow) C:\Program Files (x86)\TAM Game\PointBlank\PointBlank.exe (Zepetto -> )
FirewallRules: [UDP Query User{93AA08BE-D44C-4E05-83D5-53A440874E6C}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [TCP Query User{2898FC07-4A1A-414A-8B72-23E4845ECD6F}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [UDP Query User{78DB9BB4-1BE0-422A-A2E7-28A09E044D15}C:\program files\java\jre1.8.0_151\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [TCP Query User{A31AABDA-858E-4456-A59B-5EE34A781AA5}C:\program files\java\jre1.8.0_151\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [UDP Query User{17897952-EF6E-4E5F-B70F-408035D58D66}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe => No File
FirewallRules: [TCP Query User{BFCECCCF-1B66-4466-A71E-186D4F9B4E4F}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe => No File
FirewallRules: [UDP Query User{EA6D0874-661D-4C47-BB4A-7030F649EEE4}C:\program files (x86)\dont.starve.together.v249566\dont starve together v249566\bin\dontstarve_steam.exe] => (Allow) C:\program files (x86)\dont.starve.together.v249566\dont starve together v249566\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [TCP Query User{04E2EC14-29BA-4A24-B36A-B2EF36756E91}C:\program files (x86)\dont.starve.together.v249566\dont starve together v249566\bin\dontstarve_steam.exe] => (Allow) C:\program files (x86)\dont.starve.together.v249566\dont starve together v249566\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [{A78E525E-1932-4C99-BE84-180918451114}] => (Allow) C:\Users\help\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{E143C5DC-E792-4BD1-B396-DC78B9203490}] => (Allow) C:\Users\help\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{C8BC7B14-4B6F-44E8-AE54-DAB46A903A57}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6AABCB8E-E445-49F8-B7A1-438BB4967309}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe => No File
FirewallRules: [{AC83F53F-31DB-4A6B-A850-5AD0253D3178}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe => No File
FirewallRules: [{1D57C5D9-7D38-4CD4-B129-34AE882780EF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe => No File
FirewallRules: [{BCF48A05-B9F0-4E31-816F-ED9E8A9FE8DF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe => No File
FirewallRules: [{19C37E70-F3A2-485A-B559-0B98AED8BF47}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B365B651-2CCF-44B3-8116-356131274260}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{57353597-5C9B-41A5-B7D5-888C753611CF}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{58A86F91-8231-48C8-BC4A-6C82284DB465}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{06B73FE1-0812-4B6C-B488-ECCA14E3CA0E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{6FCA6386-69E8-42E9-A2FF-90801209DF3C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{B830D830-AB36-4E44-9E85-D95C9A4A8EBC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{56EAF88C-B4D8-4E6C-B2F4-22D26ACFD115}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{A3F2F4A0-8EE0-484F-A744-D59D141ADE82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{F011725B-70A2-4FF3-BD47-B1C572E25230}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{31614C76-3828-486F-A60E-7518D5850452}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe (Smartly Dressed Games Ltd. -> ) [File not signed]
FirewallRules: [{68C1CD99-3210-444F-BD4E-0DAAADD92C7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe (Smartly Dressed Games Ltd. -> ) [File not signed]
FirewallRules: [TCP Query User{F7F5A6E4-8CB3-4159-A0BA-71F221E08173}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe => No File
FirewallRules: [UDP Query User{26AAF99B-C3D4-47AB-9339-1E7C2F1AF31C}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe => No File
FirewallRules: [{31B92505-5861-4AFF-B116-06A8A23D21D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe (Firaxis Games) [File not signed]
FirewallRules: [{AA3A9156-626B-42B7-900C-CE06E5CA0994}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe (Firaxis Games) [File not signed]
FirewallRules: [TCP Query User{F3C80447-0C02-4A89-A9B4-8B7FFD09B6D2}C:\program files\java\jre1.8.0_151\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [UDP Query User{6F550524-9CA9-40B9-AEB9-439DFED9C6E9}C:\program files\java\jre1.8.0_151\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [{37BA80D1-B251-41C7-BAE1-38AE120E61C4}] => (Allow) C:\Program Files (x86)\TAM Game\PointBlank\PointBlank.exe (Zepetto -> )
FirewallRules: [{C2D75A47-4E36-469E-88C1-0132464DC01E}] => (Allow) C:\Program Files (x86)\TAM Game\PointBlank\PointBlank.exe (Zepetto -> )
FirewallRules: [TCP Query User{78280EF7-F07D-42FD-A2EB-31482C676F16}C:\program files (x86)\twomon pc program\twomon pc program.exe] => (Allow) C:\program files (x86)\twomon pc program\twomon pc program.exe (DEVGURU Co., Ltd. -> DEVGURU Co., LTD.(www.devguru.co.kr))
FirewallRules: [UDP Query User{B36A9B3B-10EC-4B47-AECE-240925084E29}C:\program files (x86)\twomon pc program\twomon pc program.exe] => (Allow) C:\program files (x86)\twomon pc program\twomon pc program.exe (DEVGURU Co., Ltd. -> DEVGURU Co., LTD.(www.devguru.co.kr))
FirewallRules: [{170EA62A-8F64-4B52-82D7-DB018181833D}] => (Block) C:\program files (x86)\twomon pc program\twomon pc program.exe (DEVGURU Co., Ltd. -> DEVGURU Co., LTD.(www.devguru.co.kr))
FirewallRules: [{DD9EC7B6-4057-4239-B533-B349E4AF968B}] => (Block) C:\program files (x86)\twomon pc program\twomon pc program.exe (DEVGURU Co., Ltd. -> DEVGURU Co., LTD.(www.devguru.co.kr))
FirewallRules: [{27C86693-A2FD-4503-901C-72300BF9A78A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D04ABD14-DD7F-49D3-823C-057B32C4FAB9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C85F3B0E-3E60-41E7-958F-5167A4BF60AD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1D881A71-58B9-48BE-947C-01A7C8B90468}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B7739A70-A52C-4B99-9499-1483FC28E9FB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{21F61028-2E0B-4F37-8FD3-89AA74F3884B}] => (Allow) C:\Users\help\AppData\Local\Temp\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{A8481366-F3E4-4EA1-9769-AD249664A6DD}] => (Allow) C:\Users\help\AppData\Local\Temp\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
==================== Restore Points =========================
05-01-2021 13:23:28 Installed Microsoft Visual C++ 2005 Redistributable
13-01-2021 20:36:57 Запланированная контрольная точка
15-01-2021 13:47:20 Installed gdiview
==================== Faulty Device Manager Devices ============
Name: LogMeIn Hamachi Virtual Ethernet Adapter
Description: LogMeIn Hamachi Virtual Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn Inc.
Service: Hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: ========================
Application errors:
==================
Error: (01/15/2021 04:31:34 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (10484,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (01/15/2021 04:23:06 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4524,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (01/15/2021 04:19:58 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (01/15/2021 04:17:30 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (01/15/2021 04:16:05 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Error: (01/15/2021 03:57:51 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2644,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (01/15/2021 03:52:23 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (01/15/2021 03:52:02 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable
System errors:
=============
Error: (01/15/2021 04:10:42 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error:
Access is denied.
Error: (01/15/2021 04:10:41 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
Access is denied.
Error: (01/15/2021 04:10:41 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
Access is denied.
Error: (01/15/2021 04:10:41 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
Access is denied.
Error: (01/15/2021 04:10:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Антивирусная программа "Защитника Windows" service terminated with the following error:
General access denied error
Error: (01/15/2021 04:10:41 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
Access is denied.
Error: (01/15/2021 04:10:41 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for ImagePath with the following error:
Access is denied.
Error: (01/15/2021 04:10:40 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Security with the following error:
Access is denied.
Windows Defender:
===================================
Date: 2021-01-15 13:49:49.473
Description:
???????????? ????????? "???????? Windows" has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Wacatac.G!ml
ID: 2147749376
Severity: ???????????
Category: ?????
Path: file:_C:\Users\help\AppData\Local\Temp\23E04C4F32EF2158.exe
Detection Origin: ????????? ?????????
Detection Type: FastPath
Detection Source: ???????
Process Name: Unknown
Security intelligence Version: AV: 1.329.2160.0, AS: 1.329.2160.0, NIS: 1.329.2160.0
Engine Version: AM: 1.1.17700.4, NIS: 1.1.17700.4
Date: 2021-01-15 13:49:36.750
Description:
???????????? ????????? "???????? Windows" has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Ymacco.AADB
ID: 2147757202
Severity: ???????????
Category: ?????
Path: file:_C:\Users\help\Desktop\iobit_60016306256a8\FileSetup-v19.26.01.exe
Detection Origin: ????????? ?????????
Detection Type: FastPath
Detection Source: ?????? ? ???????? ???????:
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.329.2160.0, AS: 1.329.2160.0, NIS: 1.329.2160.0
Engine Version: AM: 1.1.17700.4, NIS: 1.1.17700.4
Date: 2021-01-15 13:49:26.842
Description:
???????????? ????????? "???????? Windows" has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Ymacco.AADB
ID: 2147757202
Severity: ???????????
Category: ?????
Path: file:_C:\Users\help\AppData\Local\Temp\7882645F6AF8B82B.exe; process:_pid:3180,ProcessStart:132551776415259433
Detection Origin: ????????? ?????????
Detection Type: FastPath
Detection Source: ???????
Process Name: C:\Users\help\AppData\Local\Temp\7882645F6AF8B82B.exe
Security intelligence Version: AV: 1.329.2160.0, AS: 1.329.2160.0, NIS: 1.329.2160.0
Engine Version: AM: 1.1.17700.4, NIS: 1.1.17700.4
Date: 2021-01-15 13:49:05.919
Description:
???????????? ????????? "???????? Windows" has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Ymacco.AADB
ID: 2147757202
Severity: ???????????
Category: ?????
Path: file:_C:\Users\help\Desktop\iobit_60016306256a8\FileSetup-v19.26.01.exe
Detection Origin: ????????? ?????????
Detection Type: FastPath
Detection Source: ?????? ? ???????? ???????:
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.329.2160.0, AS: 1.329.2160.0, NIS: 1.329.2160.0
Engine Version: AM: 1.1.17700.4, NIS: 1.1.17700.4
Date: 2021-01-15 13:47:51.234
Description:
???????????? ????????? "???????? Windows" has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Ymacco.AADB
ID: 2147757202
Severity: ???????????
Category: ?????
Path: file:_C:\Users\help\AppData\Local\Temp\7882645F6AF8B82B.exe
Detection Origin: ????????? ?????????
Detection Type: FastPath
Detection Source: ???????
Process Name: Unknown
Security intelligence Version: AV: 1.329.2160.0, AS: 1.329.2160.0, NIS: 1.329.2160.0
Engine Version: AM: 1.1.17700.4, NIS: 1.1.17700.4
Date: 2021-01-15 14:17:15.644
Description:
???????????? ????????? "???????? Windows" has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2219.0
Update Source: ?????? ?????? ?????????? ??????????
Security intelligence Type: ???????????? ?????????
Update Type: ??????
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x8024402c
Error description: ????????? ??????????? ?????? ??? ???????? ??????? ??????????. ?????????????? ???????? ?? ????????? ? ??????????? ?????????? ????? ????? ? ?????? ??????? ? ?????????.
Date: 2020-12-31 13:46:08.924
Description:
???????????? ????????? "???????? Windows" has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.545.0
Update Source: ????? ?????????? ?? ?????? ?? ??????????? ????????
Security intelligence Type: ???????????? ?????????
Update Type: ??????
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee7
Error description: ?? ??????? ????????? ??? ??? ????? ???????
Date: 2020-12-31 13:46:08.923
Description:
???????????? ????????? "???????? Windows" has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.545.0
Update Source: ????? ?????????? ?? ?????? ?? ??????????? ????????
Security intelligence Type: ????????????? ?????????
Update Type: ??????
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee7
Error description: ?? ??????? ????????? ??? ??? ????? ???????
Date: 2020-12-31 13:46:08.922
Description:
???????????? ????????? "???????? Windows" has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.545.0
Update Source: ????? ?????????? ?? ?????? ?? ??????????? ????????
Security intelligence Type: ???????????? ?????????
Update Type: ??????
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee7
Error description: ?? ??????? ????????? ??? ??? ????? ???????
Date: 2020-12-31 13:46:08.914
Description:
???????????? ????????? "???????? Windows" has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.545.0
Update Source: ????? ?????????? ?? ?????? ?? ??????????? ????????
Security intelligence Type: ???????????? ?????????
Update Type: ??????
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee7
Error description: ?? ??????? ????????? ??? ??? ????? ???????
CodeIntegrity:
===================================
Date: 2021-01-15 15:22:02.193
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2021-01-15 15:22:02.164
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2021-01-15 15:22:02.152
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2021-01-15 15:22:02.126
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2021-01-15 15:22:01.570
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2021-01-15 15:22:01.329
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2021-01-15 15:21:54.898
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2021-01-15 15:21:42.961
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: Insyde F.22 07/24/2017
Motherboard: HP 832B
Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 61%
Total physical RAM: 8108.91 MB
Available physical RAM: 3087.94 MB
Total Virtual: 9388.91 MB
Available Virtual: 4016.49 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:291.58 GB) (Free:178.49 GB) NTFS
Drive d: () (Fixed) (Total:638.54 GB) (Free:635.2 GB) NTFS
\\?\Volume{fc515ad7-0000-0000-0000-100000000000}\ (Зарезервировано системой) (Fixed) (Total:0.49 GB) (Free:0.44 GB) NTFS
\\?\Volume{fc515ad7-0000-0000-0000-600449000000}\ () (Fixed) (Total:0.9 GB) (Free:0.33 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: FC515AD7)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=291.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=922 MB) - (Type=27)
Partition 4: (Not Active) - (Size=638.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================
Running from C:\Users\help\Downloads
Loaded Profiles: help
Platform: Windows 10 Enterprise Version 1909 18363.1316 (X64) Language: Russian (Russia)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\dglvrsvc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <27>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki131191.inf_amd64_d668106cb6f2eae0\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki131191.inf_amd64_d668106cb6f2eae0\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki131191.inf_amd64_d668106cb6f2eae0\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki131191.inf_amd64_d668106cb6f2eae0\IntelCpHeciSvc.exe
(LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\CSP\3.1.286.0\McCSPServiceHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2011.16.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Shenzhen Huion Animation Technology Co.,LTD -> ) C:\Huion Tablet\Huion Tablet.exe
(Shenzhen Huion Animation Technology Co.,LTD -> ) C:\Huion Tablet\x64\TabletDriverCore.exe
(SurfRight B.V. -> SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(Wondershare software CO., LIMITED -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.2.222\WsAppService.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16733192 2016-11-07] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [TabletDriver] => C:\Huion Tablet\Huion Tablet.exe [240360 2020-06-29] (Shenzhen Huion Animation Technology Co.,LTD -> )
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5890504 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\Run: [uTorrent] => C:\Users\help\AppData\Roaming\uTorrent\uTorrent.exe [2072816 2020-05-15] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3365840 2020-02-11] (Valve -> Valve Corporation)
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\Run: [Chromium] => "c:\users\help\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\help\AppData\Local\Microsoft\Teams\Update.exe [2453688 2020-11-21] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\Run: [TabletDriver] => C:\Huion Tablet\x64\TabletDriverCore.exe [321256 2020-06-29] (Shenzhen Huion Animation Technology Co.,LTD -> )
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\MountPoints2: {b8be1daf-580b-11ea-b4af-409f388e5364} - "F:\HiSuiteDownLoader.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe [2021-01-12] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Huion Tablet.lnk [2021-01-12]
ShortcutTarget: Huion Tablet.lnk -> C:\Huion Tablet\Huion Tablet.exe (Shenzhen Huion Animation Technology Co.,LTD -> )
Startup: C:\Users\help\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Отправка в OneNote.lnk [2021-01-15]
ShortcutTarget: Отправка в OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {204CC9D8-F916-4FFF-A6EF-28DE21C3E797} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1741416 2020-09-19] (Avast Software s.r.o. -> Avast Software)
Task: {2FB3B776-07D2-432F-AA47-E07BFBE0BE64} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {4007E1DD-B0EA-429F-AF6A-1C0897C3E685} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe
Task: {40CBBF75-E35F-42E8-B77E-12592E8AAAA0} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {508C51F8-9C76-4138-8A2F-9A539D313A54} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-12-17] (Google Inc -> Google Inc.)
Task: {5376B5D1-65E2-42D2-9D77-FADAF3D01F0F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {58F4708A-1867-4C57-9BB5-0475C411101F} - System32\Tasks\G2MUpdateTask-S-1-5-21-2223184529-1837807021-1881898419-1001 => C:\Users\help\AppData\Local\GoToMeeting\19228\g2mupdate.exe [31320 2020-12-31] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {7658D50B-F714-40E7-97F6-54B03D0E697D} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [52104 2017-04-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {7D73EE12-3957-4C4F-AA91-24EE9488358B} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {7DDFFCE3-21D6-4D3F-A977-A23360BF666C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {88F5C7A7-F2B6-42BA-8FD1-88ADD07290B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-12-17] (Google Inc -> Google Inc.)
Task: {A18DBB75-3CA7-4205-9BDD-D95144FEE988} - System32\Tasks\G2MUploadTask-S-1-5-21-2223184529-1837807021-1881898419-1001 => C:\Users\help\AppData\Local\GoToMeeting\19228\g2mupload.exe [31320 2020-12-31] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {BFE4DEB8-4F0B-41B0-825D-E874B61E7AE0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {D39DD3FA-7313-4CE4-AF94-5A8D860592B5} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [468992 2019-05-22] (Advanced Micro Devices, Inc.) [File not signed]
Task: {EC5C8DE2-C69C-4CF1-8957-3751AC8769B7} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [468992 2019-05-22] (Advanced Micro Devices, Inc.) [File not signed]
Task: {EC771863-6B5B-4233-9678-EB11CB6D8DD9} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [64920 2020-03-10] (Microsoft Corporation -> Microsoft)
Task: {F47D41D6-DD2D-42E3-A376-3C4FD9D7E053} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [693456 2020-12-18] (Mozilla Corporation -> Mozilla Foundation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2223184529-1837807021-1881898419-1001.job => C:\Users\help\AppData\Local\GoToMeeting\19228\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2223184529-1837807021-1881898419-1001.job => C:\Users\help\AppData\Local\GoToMeeting\19228\g2mupload.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{e877362d-62d9-49f4-b5f4-c50a55c6d88f}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{ee410218-036b-40ac-8046-211596f8418d}: [DhcpNameServer] 192.168.0.1
Edge:
======
Edge Profile: C:\Users\help\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-15]
Edge StartupUrls: Default -> "hxxps://go.microsoft.com/fwlink/?LinkId=625119&clcid=0x419"
FireFox:
========
FF DefaultProfile: xqv515l1.default
FF ProfilePath: C:\Users\help\AppData\Roaming\Mozilla\Firefox\Profiles\xqv515l1.default [2020-03-12]
FF ProfilePath: C:\Users\help\AppData\Roaming\Mozilla\Firefox\Profiles\6zyppz0e.default-release [2021-01-15]
FF Notifications: Mozilla\Firefox\Profiles\6zyppz0e.default-release -> hxxps://keep.google.com
FF Extension: (Dark Reader) - C:\Users\help\AppData\Roaming\Mozilla\Firefox\Profiles\6zyppz0e.default-release\Extensions\addon@darkreader.org.xpi [2020-12-04]
FF Extension: (Greasemonkey) - C:\Users\help\AppData\Roaming\Mozilla\Firefox\Profiles\6zyppz0e.default-release\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2020-03-18]
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/AuthorwarePlayer -> C:\Windows\system32\Macromed\AUTHORWA\np32asw.dll [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1218158.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2223184529-1837807021-1881898419-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\help\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-05-15] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\help\AppData\Local\Google\Chrome\User Data\Default [2021-01-15]
CHR DefaultSearchURL: Default -> hxxps://statics.teams.cdn.office.net/hashedassets/favicon/prod/favicon-32x32-0b158ae.png
CHR Extension: (Docs) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-17]
CHR Extension: (Google Drive) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-26]
CHR Extension: (YouTube) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-17]
CHR Extension: (uBlock Origin) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2021-01-10]
CHR Extension: (Google Docs Offline) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-13]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2020-04-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-16]
CHR Extension: (Gmail) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-25]
CHR Extension: (Chrome Media Router) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-10]
CHR Extension: (Sechenov Online) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Default\Extensions\pndcfhhheooopfkgicbdcemgikagkgee [2020-05-22]
CHR Profile: C:\Users\help\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-01-15]
CHR Profile: C:\Users\help\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-01-15]
CHR Extension: (Slides) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-05-21]
CHR Extension: (Docs) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2020-05-21]
CHR Extension: (Google Drive) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-02]
CHR Extension: (YouTube) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-05-21]
CHR Extension: (Adobe Acrobat) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-05-21]
CHR Extension: (Sheets) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-05-21]
CHR Extension: (Google Docs Offline) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-12-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-05-21]
CHR Extension: (Gmail) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-02]
CHR Extension: (Chrome Media Router) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-02]
CHR Profile: C:\Users\help\AppData\Local\Google\Chrome\User Data\System Profile [2021-01-15]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8473200 2019-03-29] (BattlEye Innovations e.K. -> )
R2 dglvrsvc; C:\WINDOWS\dglvrsvc.exe [40928 2016-09-02] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-10] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3361736 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [162392 2021-01-15] (SurfRight B.V. -> SurfRight B.V.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-01-15] (Malwarebytes Inc -> Malwarebytes)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.1.286.0\\McCSPServiceHost.exe [2226608 2019-06-13] (McAfee, LLC. -> McAfee, LLC.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6264144 2021-01-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.222\WsAppService.exe [474768 2017-03-01] (Wondershare software CO., LIMITED -> Wondershare)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 dglvrbus; C:\WINDOWS\System32\drivers\dglvrbus.sys [85984 2016-09-02] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
R3 dglvrkdod; C:\WINDOWS\system32\DRIVERS\dglvrkdod.sys [45536 2016-09-02] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
R3 dglvrmflt; C:\WINDOWS\System32\drivers\dglvrmflt.sys [27104 2016-09-02] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
R3 DroidCam; C:\WINDOWS\System32\drivers\droidcam.sys [33592 2020-03-17] (DEV47 APPS -> Dev47Apps)
R3 DroidCamVideo; C:\WINDOWS\System32\drivers\droidcamvideo.sys [229432 2020-03-17] (DEV47 APPS -> Dev47Apps)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2021-01-15] (Malwarebytes Corporation -> Malwarebytes)
S3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2017-06-29] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220160 2021-01-15] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-01-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [197792 2021-01-15] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-01-15] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2021-01-15] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [139424 2021-01-15] (Malwarebytes Inc -> Malwarebytes)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [36168 2019-08-22] (McAfee, Inc. -> The OpenVPN Project)
R3 vmulti; C:\WINDOWS\System32\drivers\vmulti.sys [10752 2018-03-16] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [74552 2019-05-03] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 xspirit; C:\WINDOWS\xspirit.sys [47928 2019-05-03] (Wellbia.com Co., Ltd. -> )
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
Error Reading file: "C:\Users\help\Downloads\Unconfirmed 723522.crdownload"
Error Reading file: "C:\Users\help\Downloads\Adobe Photoshop CC 2019 "
2021-01-15 16:32 - 2021-01-15 16:34 - 000023975 _____ C:\Users\help\Downloads\FRST.txt
2021-01-15 16:32 - 2021-01-15 16:33 - 000000000 ____D C:\FRST
2021-01-15 16:31 - 2021-01-15 16:31 - 002281472 _____ (Farbar) C:\Users\help\Downloads\FRST64.exe
2021-01-15 16:13 - 2021-01-15 16:13 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-01-15 16:12 - 2021-01-15 16:12 - 000197792 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-01-15 16:12 - 2021-01-15 16:12 - 000139424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-01-15 16:07 - 2021-01-15 16:07 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2021-01-15 15:53 - 2021-01-15 15:53 - 000001966 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2021-01-15 15:53 - 2021-01-15 15:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2021-01-15 15:53 - 2021-01-15 15:53 - 000000000 ____D C:\Program Files\HitmanPro
2021-01-15 15:52 - 2021-01-15 16:10 - 000000000 ____D C:\Users\Все пользователи\HitmanPro
2021-01-15 15:52 - 2021-01-15 16:10 - 000000000 ____D C:\ProgramData\HitmanPro
2021-01-15 15:52 - 2021-01-15 15:52 - 011431000 _____ (SurfRight B.V.) C:\Users\help\Downloads\hitmanpro_x64.exe
2021-01-15 15:32 - 2021-01-15 16:15 - 000003110 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate
2021-01-15 15:14 - 2021-01-15 15:25 - 000000000 ____D C:\AdwCleaner
2021-01-15 15:12 - 2021-01-15 15:12 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-01-15 15:12 - 2021-01-15 15:12 - 000220160 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-01-15 15:12 - 2021-01-15 15:12 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-01-15 15:12 - 2021-01-15 15:12 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-01-15 15:12 - 2021-01-15 15:12 - 000000000 ____D C:\Users\help\AppData\Local\mbam
2021-01-15 15:12 - 2021-01-15 15:11 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-01-15 15:12 - 2021-01-15 15:11 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-01-15 15:11 - 2021-01-15 15:12 - 008458096 _____ (Malwarebytes) C:\Users\help\Downloads\adwcleaner_8.0.9.exe
2021-01-15 15:11 - 2021-01-15 15:11 - 000000000 ____D C:\Users\Все пользователи\Malwarebytes
2021-01-15 15:11 - 2021-01-15 15:11 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-15 15:10 - 2021-01-15 15:10 - 000000000 ____D C:\Program Files\Malwarebytes
2021-01-15 15:09 - 2021-01-15 15:09 - 002086424 _____ (Malwarebytes) C:\Users\help\Downloads\MBSetup.exe
2021-01-15 14:55 - 2021-01-15 14:55 - 000000549 _____ C:\Users\help\Downloads\delete_chrome_policies.bat
2021-01-15 13:49 - 2021-01-15 13:49 - 000000000 ____D C:\Users\Все пользователи\Thunder Network
2021-01-15 13:49 - 2021-01-15 13:49 - 000000000 ____D C:\Users\Public\Thunder Network
2021-01-15 13:49 - 2021-01-15 13:49 - 000000000 ____D C:\ProgramData\Thunder Network
2021-01-15 13:49 - 2021-01-15 13:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HappyNewYear
2021-01-15 12:48 - 2021-01-15 12:51 - 000064955 _____ C:\Users\help\Documents\Jan 15 12h48.svgz
2021-01-15 12:14 - 2021-01-15 12:15 - 000000000 ____D C:\Program Files\PDF Annotator
2021-01-15 12:14 - 2021-01-15 12:14 - 000000948 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Annotator.lnk
2021-01-15 12:14 - 2021-01-15 12:14 - 000000936 _____ C:\Users\Public\Desktop\PDF Annotator.lnk
2021-01-15 12:11 - 2020-09-26 18:08 - 000000000 ____D C:\Users\help\Downloads\PDF Annotator Version 8.0.0.811(RPD Tips & Tricks)
2021-01-15 11:58 - 2021-01-15 11:58 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-15 11:58 - 2021-01-15 11:58 - 000502784 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-01-15 11:58 - 2021-01-15 11:58 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-15 11:58 - 2021-01-15 11:58 - 000151040 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-01-15 11:58 - 2021-01-15 11:58 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-15 11:58 - 2021-01-15 11:58 - 000094720 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-15 11:58 - 2021-01-15 11:58 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-15 11:57 - 2021-01-15 11:57 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-15 11:57 - 2021-01-15 11:57 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-15 11:57 - 2021-01-15 11:57 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-15 11:57 - 2021-01-15 11:57 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-15 11:57 - 2021-01-15 11:57 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-15 11:57 - 2021-01-15 11:57 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-15 11:57 - 2021-01-15 11:57 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-15 11:57 - 2021-01-15 11:57 - 000053248 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-15 11:56 - 2021-01-15 11:56 - 000696832 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-15 11:56 - 2021-01-15 11:56 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-15 11:56 - 2021-01-15 11:56 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-15 11:56 - 2021-01-15 11:56 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-15 11:56 - 2021-01-15 11:56 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth18.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth17.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth16.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth15.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2021-01-15 11:55 - 2021-01-15 11:55 - 001101312 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-15 11:55 - 2021-01-15 11:55 - 000458240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-15 11:55 - 2021-01-15 11:55 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-15 11:55 - 2021-01-15 11:55 - 000208384 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-15 11:55 - 2021-01-15 11:55 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-15 11:54 - 2021-01-15 11:54 - 002590720 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-15 11:54 - 2021-01-15 11:54 - 000331264 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-15 11:54 - 2021-01-15 11:54 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-15 11:54 - 2021-01-15 11:54 - 000186368 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-15 11:53 - 2021-01-15 11:53 - 001841152 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-15 11:53 - 2021-01-15 11:53 - 000549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-15 11:53 - 2021-01-15 11:53 - 000266752 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-15 11:52 - 2021-01-15 11:52 - 000540672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-15 11:52 - 2021-01-15 11:52 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-15 11:52 - 2021-01-15 11:52 - 000164864 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-15 11:52 - 2021-01-15 11:52 - 000061440 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-01-15 11:51 - 2021-01-15 11:51 - 000453632 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-14 23:04 - 2021-01-14 23:06 - 000000000 ____D C:\Users\help\Desktop\physics
2021-01-14 14:37 - 2021-01-14 15:06 - 000425022 _____ C:\Users\help\Downloads\Quiz(linear function).pdf9J (1).pdf
2021-01-14 14:37 - 2021-01-14 14:37 - 000137997 _____ C:\Users\help\Downloads\Quiz(linear function).pdf9J.pdf
2021-01-14 14:20 - 2021-01-14 14:25 - 000000000 ____D C:\Program Files (x86)\iSkysoft
2021-01-14 14:20 - 2021-01-14 14:20 - 000000000 ____D C:\Program Files\Common Files\Wondershare
2021-01-14 14:18 - 2021-01-15 12:08 - 000000000 ____D C:\Users\Public\Documents\iSkysoft
2021-01-13 23:56 - 2021-01-13 23:56 - 000489971 _____ C:\Users\help\Downloads\Unnamed.pdf
2021-01-13 22:48 - 2021-01-13 22:48 - 005597251 _____ C:\Users\help\Downloads\January 12th homework (Jan 13, 2021 08_54_34).jpeg
2021-01-13 19:48 - 2021-01-13 19:48 - 016810856 _____ C:\Users\help\Desktop\Chemistry workbook answers.pdf
2021-01-13 19:47 - 2021-01-14 21:16 - 004375955 _____ C:\Users\help\Desktop\Chemistry workbook.pdf
2021-01-13 19:20 - 2021-01-13 19:20 - 001979254 _____ C:\Users\help\Downloads\phy hw 13jan.pdf
2021-01-13 14:39 - 2021-01-13 14:50 - 000207771 _____ C:\Users\help\Downloads\Newton laws (1).pdf
2021-01-13 14:39 - 2021-01-13 14:39 - 000169593 _____ C:\Users\help\Downloads\Newton laws.pdf
2021-01-13 13:01 - 2021-01-13 15:46 - 001021102 _____ C:\Users\help\Downloads\Calculus 9J and 9K.pdf
2021-01-13 12:34 - 2021-01-13 12:34 - 000569859 _____ C:\Users\help\Downloads\eng assesment 13 jan.pdf
2021-01-13 10:53 - 2021-01-13 10:53 - 001940029 _____ C:\Users\help\Downloads\9J.pdf
2021-01-13 10:44 - 2021-01-13 10:44 - 000000000 ____D C:\Users\help\AppData\Roaming\Softland
2021-01-13 10:43 - 2021-01-15 12:26 - 000000000 ____D C:\Users\help\AppData\Local\PDF Annotator
2021-01-13 10:39 - 2021-01-13 10:41 - 072381744 _____ (GRAHL software design ) C:\Users\help\Downloads\PDFAnnotatorSetup.exe
2021-01-12 22:51 - 2021-01-12 22:51 - 000387522 _____ C:\Users\help\Downloads\hw9J.pdf
2021-01-12 19:55 - 2021-01-13 11:38 - 005520521 _____ C:\Users\help\Downloads\Rate of Reaction 1 QP.pdf
2021-01-12 19:50 - 2021-01-12 19:50 - 000000728 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Huion Tablet Uninstall .lnk
2021-01-12 19:50 - 2021-01-12 19:50 - 000000691 _____ C:\Users\Public\Desktop\Huion Tablet.lnk
2021-01-12 19:50 - 2021-01-12 19:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Huion Tablet
2021-01-12 19:50 - 2021-01-12 19:50 - 000000000 ____D C:\Huion Tablet
2021-01-12 19:50 - 2020-04-21 08:51 - 000221184 _____ (Graphics Tablet) C:\WINDOWS\system32\wintab32.dll
2021-01-12 19:50 - 2020-04-21 08:50 - 000190976 _____ (Graphics Tablet) C:\WINDOWS\SysWOW64\wintab32.dll
2021-01-12 19:50 - 2018-03-16 10:55 - 000010752 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\vmulti.sys
2021-01-12 19:50 - 2018-03-16 10:55 - 000007680 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\hidkmdf.sys
2021-01-09 21:27 - 2021-01-09 21:27 - 005831168 _____ C:\Users\help\Downloads\Chemical tests.ppt
2021-01-09 17:42 - 2018-07-12 01:50 - 1457383746 _____ C:\Users\help\Desktop\Biology +.pdf
2021-01-07 17:56 - 2021-01-07 17:57 - 004901376 _____ C:\Users\help\Downloads\8. Rates of Reaction v1.0.ppt
2021-01-07 16:29 - 2021-01-07 17:47 - 1310567896 _____ C:\Users\help\Desktop\Physics +.pdf
2021-01-06 21:39 - 2021-01-06 21:39 - 121281989 _____ C:\Users\help\Downloads\Complete Chemistry for cambridge IGCSE Third edition .pdf
2021-01-06 17:37 - 2021-01-06 17:37 - 000105731 _____ C:\Users\help\Downloads\WhatsApp Image 2021-01-06 at 12.38.52.jpeg
2021-01-05 21:34 - 2021-01-05 21:34 - 000001809 _____ C:\Users\help\Documents\anki.txt
2021-01-05 21:32 - 2021-01-05 21:32 - 000040243 _____ C:\Users\help\Downloads\quizlet.pdf
2021-01-05 20:42 - 2021-01-05 20:42 - 000000000 ____D C:\Users\help\AppData\Local\Anki
2021-01-05 20:41 - 2021-01-14 23:51 - 000000000 ____D C:\Users\help\AppData\Roaming\Anki2
2021-01-05 20:40 - 2021-01-05 20:40 - 000000531 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk
2021-01-05 20:40 - 2021-01-05 20:40 - 000000519 _____ C:\Users\Public\Desktop\Anki.lnk
2021-01-05 20:40 - 2021-01-05 20:40 - 000000000 ____D C:\Program Files\Anki
2021-01-05 20:32 - 2021-01-05 20:38 - 104219912 _____ C:\Users\help\Downloads\anki-2.1.38-windows.exe
2021-01-05 13:26 - 2021-01-05 13:26 - 000002122 _____ C:\Users\Public\Desktop\Twomon PC Program.lnk
2021-01-05 13:26 - 2021-01-05 13:26 - 000000000 ____D C:\Users\help\AppData\Local\Devguru
2021-01-05 13:26 - 2021-01-05 13:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Twomon PC Program
2021-01-05 13:26 - 2021-01-05 13:26 - 000000000 ____D C:\Program Files (x86)\Twomon PC Program
2021-01-05 13:26 - 2016-09-02 16:19 - 000040928 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\dglvrsvc.exe
2021-01-05 13:26 - 2016-09-02 16:19 - 000032736 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\dglvrproc.exe
2021-01-05 13:22 - 2021-01-05 13:22 - 000000000 ____D C:\Users\help\AppData\Local\Downloaded Installations
2021-01-05 13:21 - 2021-01-05 13:22 - 048647168 _____ (Devguru Co., LTD ) C:\Users\help\Downloads\Twomon_PC_Program_Win_2.0.67.0.exe
2021-01-05 11:08 - 2021-01-05 11:08 - 005812224 _____ C:\Users\help\Downloads\spacedesk_driver_Win_10_64_v0976_BETA.msi
2020-12-18 11:32 - 2020-12-18 11:32 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2020-12-18 11:15 - 2021-01-12 20:01 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-12-16 20:38 - 2020-12-16 20:38 - 000000000 ____D C:\Users\help\Documents\Записные книжки OneNote
2020-12-16 20:36 - 2020-12-16 20:36 - 001156872 _____ C:\Users\help\Downloads\17.2_-_chemical_tests_1c__-_edexcel_igcse_9-1__chemistry_qp.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-15 16:26 - 2019-03-19 08:52 - 000000000 ____D C:\Users\Все пользователи\regid.1991-06.com.microsoft
2021-01-15 16:26 - 2019-03-19 08:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-15 16:14 - 2017-12-19 22:20 - 000000000 __SHD C:\Users\help\IntelGraphicsProfiles
2021-01-15 16:12 - 2020-10-11 19:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-15 16:10 - 2019-03-19 08:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-01-15 16:07 - 2019-05-18 13:07 - 000000000 ____D C:\Users\help\Documents\ps
2021-01-15 15:46 - 2020-10-11 19:16 - 000000000 ____D C:\Users\help
2021-01-15 15:44 - 2020-10-11 19:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-15 15:28 - 2020-03-12 13:32 - 000000000 ____D C:\Users\Все пользователи\Mozilla
2021-01-15 15:28 - 2020-03-12 13:32 - 000000000 ____D C:\Users\help\AppData\LocalLow\Mozilla
2021-01-15 15:28 - 2020-03-12 13:32 - 000000000 ____D C:\ProgramData\Mozilla
2021-01-15 15:25 - 2017-12-19 19:31 - 000000000 ____D C:\Users\help\AppData\Local\Lavasoft
2021-01-15 15:25 - 2017-12-19 19:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2021-01-15 15:25 - 2017-12-19 19:30 - 000000000 ____D C:\Users\help\AppData\Roaming\Lavasoft
2021-01-15 15:25 - 2017-12-19 19:30 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2021-01-15 15:25 - 2017-12-19 19:29 - 000000000 ____D C:\Users\Все пользователи\Lavasoft
2021-01-15 15:25 - 2017-12-19 19:29 - 000000000 ____D C:\ProgramData\Lavasoft
2021-01-15 15:12 - 2019-03-19 08:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-01-15 14:48 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-01-15 14:43 - 2018-09-26 23:27 - 000000000 ____D C:\Users\help\AppData\Local\PlaceholderTileLogoFolder
2021-01-15 14:43 - 2017-12-31 22:18 - 000000000 ____D C:\Users\help\AppData\Local\Packages
2021-01-15 14:42 - 2019-03-19 08:52 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-15 14:15 - 2017-12-17 18:14 - 000000000 ____D C:\Users\help\AppData\Local\Microsoft Help
2021-01-15 14:14 - 2020-10-11 19:29 - 000005810 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-15 14:14 - 2019-03-19 15:34 - 000907668 _____ C:\WINDOWS\system32\perfh019.dat
2021-01-15 14:14 - 2019-03-19 15:34 - 000193872 _____ C:\WINDOWS\system32\perfc019.dat
2021-01-15 14:10 - 2017-12-31 22:41 - 000000000 ___RD C:\Users\help\3D Objects
2021-01-15 14:10 - 2017-12-17 18:01 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-01-15 14:08 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2021-01-15 14:06 - 2020-10-11 19:07 - 000448736 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-15 14:02 - 2019-03-19 08:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-15 14:02 - 2019-03-19 08:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-15 14:02 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-15 14:02 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-15 14:02 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-15 14:02 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-15 14:02 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-15 14:01 - 2019-03-19 08:52 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-15 14:01 - 2019-03-19 08:52 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-15 14:01 - 2019-03-19 08:52 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-15 14:01 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-15 14:01 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-15 14:01 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-15 14:01 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-15 14:01 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-15 14:01 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-15 14:01 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-01-15 14:01 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-15 14:01 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-15 14:01 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-15 13:59 - 2019-03-19 15:36 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-15 13:59 - 2019-03-19 15:36 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-01-15 13:59 - 2019-03-19 15:36 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-15 13:59 - 2019-03-19 08:52 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-15 13:59 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-15 13:59 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-15 13:59 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-15 13:59 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-01-15 13:59 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\IME
2021-01-15 13:59 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-15 13:59 - 2019-03-19 08:52 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-15 13:58 - 2019-03-19 08:50 - 000000000 ____D C:\WINDOWS\INF
2021-01-15 12:39 - 2019-03-19 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-15 12:36 - 2017-12-19 21:57 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-15 12:11 - 2017-12-19 21:57 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-01-15 11:51 - 2020-10-11 19:11 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-01-15 11:50 - 2020-10-11 19:38 - 000004166 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{190B990F-D040-43EF-9BD3-A499CDD0183D}
2021-01-14 17:44 - 2019-12-17 15:56 - 000000000 ____D C:\Users\help\Documents\Wondershare Filmora 9
2021-01-14 17:44 - 2017-12-24 23:03 - 000000000 ____D C:\Program Files (x86)\Wondershare
2021-01-14 14:24 - 2017-12-24 23:02 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2021-01-14 14:20 - 2020-09-05 08:55 - 000000000 ____D C:\Users\help\AppData\Roaming\Wondershare
2021-01-12 20:01 - 2020-03-17 10:39 - 000000660 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2223184529-1837807021-1881898419-1001.job
2021-01-12 20:01 - 2020-03-17 10:39 - 000000564 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2223184529-1837807021-1881898419-1001.job
2021-01-12 20:01 - 2020-03-12 13:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-01-12 19:50 - 2020-06-21 18:21 - 000000000 ____D C:\Program Files\DIFX
2021-01-12 19:32 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-01-12 15:43 - 2017-12-17 21:17 - 000002297 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-09 22:51 - 2020-09-11 14:26 - 000002433 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-05 13:25 - 2017-12-17 21:16 - 000000000 ____D C:\Users\Все пользователи\Package Cache
2021-01-05 13:25 - 2017-12-17 21:16 - 000000000 ____D C:\ProgramData\Package Cache
2020-12-31 22:15 - 2020-10-11 19:38 - 000003828 _____ C:\WINDOWS\system32\Tasks\G2MUploadTask-S-1-5-21-2223184529-1837807021-1881898419-1001
2020-12-31 22:15 - 2020-10-11 19:38 - 000003732 _____ C:\WINDOWS\system32\Tasks\G2MUpdateTask-S-1-5-21-2223184529-1837807021-1881898419-1001
2020-12-31 22:15 - 2020-03-17 10:39 - 000000000 ____D C:\Users\help\AppData\Local\GoToMeeting
2020-12-18 11:32 - 2020-03-12 13:32 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-12-17 18:52 - 2020-10-11 19:38 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2223184529-1837807021-1881898419-1001
2020-12-17 18:52 - 2020-10-11 19:16 - 000002364 _____ C:\Users\help\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-12-17 18:52 - 2017-12-17 18:03 - 000000000 ___RD C:\Users\help\OneDrive
2020-12-16 08:51 - 2020-07-23 14:27 - 000000000 ____D C:\Users\help\Desktop\Saadat Y
==================== Files in the root of some directories ========
2019-11-30 21:28 - 2020-07-04 17:54 - 000000132 _____ () C:\Users\help\AppData\Roaming\Adobe PNG Format CS6 Prefs
2019-09-11 00:58 - 2019-09-11 00:58 - 000001147 _____ () C:\Users\help\AppData\Roaming\AppData - Shortcut.lnk
2019-06-17 12:57 - 2019-06-17 13:05 - 000000013 _____ () C:\Users\help\AppData\Roaming\doubleRunningProtection.txt
2019-05-17 22:23 - 2019-05-17 22:23 - 000000868 _____ () C:\Users\help\AppData\Local\recently-used.xbel
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-01-2021
Ran by help (15-01-2021 16:36:31)
Running from C:\Users\help\Downloads
Windows 10 Enterprise Version 1909 18363.1316 (X64) (2020-10-11 15:39:20)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
DefaultAccount (S-1-5-21-2223184529-1837807021-1881898419-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2223184529-1837807021-1881898419-1000 - Limited - Disabled) => C:\Users\defaultuser0
help (S-1-5-21-2223184529-1837807021-1881898419-1001 - Administrator - Enabled) => C:\Users\help
WDAGUtilityAccount (S-1-5-21-2223184529-1837807021-1881898419-504 - Limited - Disabled)
Администратор (S-1-5-21-2223184529-1837807021-1881898419-500 - Administrator - Disabled)
Гость (S-1-5-21-2223184529-1837807021-1881898419-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\uTorrent) (Version: 3.5.5.45628 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Russian (HKLM-x32\...\{AC76BA86-7AD7-1049-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Adobe Shockwave Player + Authorware Web Player (HKLM-x32\...\Adobe Shockwave Player + Authorware Web Player) (Version: v12.1.8.158 - Adobe Systems, Inc.)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.5.2 - Advanced Micro Devices, Inc.)
Anki (HKLM-x32\...\Anki) (Version: 2.1.38 - )
Apowersoft Online Launcher version 1.7.8 (HKLM-x32\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.7.8 - APOWERSOFT LIMITED)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - )
Branding64 (HKLM\...\{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{88DF5BD8-ECDC-C8D5-3BF2-B34D267A4EAC}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{6CECB174-D3F6-2273-7975-EC4C9A2C2A2B}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{FD4A7E74-34C1-45A6-CC98-2A733C3CFDF5}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{2510AF49-7D35-012F-FF7C-BC0DE1CBD1DE}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{6D1CD857-3315-EC3E-15C2-C455D3B58435}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{B8F467BC-FDE8-0026-69EA-FDCA59B1876A}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{F1866165-2781-1515-CB4A-02D8A6AEBD26}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{EF1BBF91-38E3-E7C8-4F09-A391D507B92D}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{F693598B-E1B5-6F2F-5334-90F5C1876466}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{003781D1-BDEE-4EA2-9732-82EB074FA4E3}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{CADEE18A-A69D-FB91-6524-804E5318A472}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{076C8B36-F8EF-5685-5A70-CEE81BC86B37}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{63264374-FEC2-8C52-B12E-EC4A5F477F7D}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{078DD9C3-3A83-280B-4515-6FFF43E0EE88}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{08C0E88B-E44D-1CFA-2269-B0886674F6F8}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{4D8AB00F-44BE-EAB4-9299-8795D7D16842}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{DC41E589-5399-B0BD-E7FF-E3AFCCA693F7}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{27E87D5B-DA2F-2586-0063-AE9806ACA82A}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{7B759E98-486F-D349-0F3B-4BD898D8A01D}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{8114EA06-77B9-029D-9ABA-B77610EA6FD0}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{7528D6F7-D0E1-0E7B-91E4-B3A4E35C469C}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
DriverTools 1.0 (HKLM-x32\...\DriverTools) (Version: 1.0 - Huawei Technologies Co.,Ltd)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Fallout 3 (HKLM-x32\...\1454315831_is1) (Version: 1.7.0.3 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.141 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
GoTo Opener (HKLM-x32\...\{E69269DB-A77B-4BC1-8F39-241107B09F26}) (Version: 1.0.539 - LogMeIn, Inc.)
GoToMeeting 10.15.0.19228 (HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\GoToMeeting) (Version: 10.15.0.19228 - LogMeIn, Inc.)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.20.314 - SurfRight B.V.)
Huion Tablet v14.8.137.1273 (HKLM\...\{62047893-F186-48B8-83A5-1C74D8666D19}_is1) (Version: v14.8.137.1273 - )
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 25.20.100.6518 - Intel Corporation)
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
K-Lite Mega Codec Pack 11.2.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.2.0 - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\{ECC0FA07-863E-44BC-8B1D-DA22F96E5FB7}) (Version: 2.2.0.633 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.633 - LogMeIn, Inc.)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
McAfee Safe Connect (HKLM-x32\...\{095c98d4-cc8d-4a11-9c82-9ed357ac4f7f}) (Version: 2.4.2 - McAfee)
McAfee Safe Connect (HKLM-x32\...\{71600119-A99D-4260-8B69-7545BB4C21C0}) (Version: 2.4.2 - McAfee) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.75 - Корпорация Майкрософт)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft Office профессиональный плюс 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\Teams) (Version: 1.3.00.30866 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61135 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61135 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61135 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61135 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual C++ 2017 x86 Additional Runtime - 14.12.25711 (HKLM-x32\...\{8FDCF95F-4756-34F4-9DA2-D708E7FAC504}) (Version: 14.12.25711 - Microsoft Corporation)
Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.12.25711 (HKLM-x32\...\{6E894015-A182-3C1E-A7D2-3032CB2E1D43}) (Version: 14.12.25711 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{FD9D64F4-CAF5-3D23-845A-B843C78CC1A5}) (Version: 10.0.60830 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.4.1083.303 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.4.3 (HKLM-x32\...\{B561660D-8B3C-491D-9E3E-293F14FCAADA}_is1) (Version: 1.4.3 - Samuel Rodberg)
Mozilla Firefox 84.0 (x64 en-US) (HKLM\...\Mozilla Firefox 84.0 (x64 en-US)) (Version: 84.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 74.0 - Mozilla)
MPC-HC (HKLM\...\MPC-HC) (Version: - MPC-HC Team)
PDF Annotator 8.0.0.811 (HKLM\...\PDFAnnotator_is1) (Version: 8.0.0.811 - GRAHL software design)
Point Blank (HKLM-x32\...\Point Blank) (Version: 1.0.0 - Zepetto & nFinity)
PyCharm Community Edition 2020.1.2 (HKLM-x32\...\PyCharm Community Edition 2020.1.2) (Version: 201.7846.77 - JetBrains s.r.o.)
Python 3.7.4 (32-bit) (HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\{b66087e3-469e-4725-8b9b-f0981244afea}) (Version: 3.7.4150.0 - Python Software Foundation)
Python 3.7.4 Add to Path (32-bit) (HKLM-x32\...\{53C4AA04-FA4C-49B0-AC2E-E7134655B041}) (Version: 3.7.4150.0 - Python Software Foundation) Hidden
Python 3.7.4 Core Interpreter (32-bit) (HKLM-x32\...\{A56641A4-58A7-471F-A0AE-A6633F4FA2BB}) (Version: 3.7.4150.0 - Python Software Foundation) Hidden
Python 3.7.4 Development Libraries (32-bit) (HKLM-x32\...\{4816C66E-55BF-4A8D-A5CE-FEAC36F4D192}) (Version: 3.7.4150.0 - Python Software Foundation) Hidden
Python 3.7.4 Documentation (32-bit) (HKLM-x32\...\{BB344FE7-A97C-44F0-BAF4-AA0C7D6359BA}) (Version: 3.7.4150.0 - Python Software Foundation) Hidden
Python 3.7.4 Executables (32-bit) (HKLM-x32\...\{CE095720-010D-4605-872E-EF3673551DF0}) (Version: 3.7.4150.0 - Python Software Foundation) Hidden
Python 3.7.4 pip Bootstrap (32-bit) (HKLM-x32\...\{8DA900ED-69C5-41D9-8F85-416FBE1C89CB}) (Version: 3.7.4150.0 - Python Software Foundation) Hidden
Python 3.7.4 Standard Library (32-bit) (HKLM-x32\...\{236BB597-B9C7-4084-BD77-0DCCDA0D947F}) (Version: 3.7.4150.0 - Python Software Foundation) Hidden
Python 3.7.4 Tcl/Tk Support (32-bit) (HKLM-x32\...\{8F959BE9-8184-4C35-AB2A-87401C0279EB}) (Version: 3.7.4150.0 - Python Software Foundation) Hidden
Python 3.7.4 Test Suite (32-bit) (HKLM-x32\...\{D41CCB8E-4FD1-4EBF-9790-5B2218B5C5DD}) (Version: 3.7.4150.0 - Python Software Foundation) Hidden
Python 3.7.4 Utility Scripts (32-bit) (HKLM-x32\...\{DE70FA71-6C2C-48C2-9B54-4049CD25154C}) (Version: 3.7.4150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{D722DA3A-92F5-454A-BD5D-A48C94D82300}) (Version: 3.7.6762.0 - Python Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7977 - Realtek Semiconductor Corp.)
Roblox Player for help (HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\roblox-player) (Version: - Roblox Corporation)
Scratch Desktop 3.6.0 (HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\bad79d23-e888-5a7b-9e99-60ee89b6c8bf) (Version: 3.6.0 - Scratch Foundation)
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version: - 2K Games, Inc.)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Twomon PC Program (HKLM-x32\...\{ece4c973-e776-4195-9a56-b4f33ade8b84}) (Version: 2.0.67.0 - Devguru Co., LTD)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{0BAA0A93-3AD3-4B19-9105-4C8C3FA92A83}) (Version: 2.67.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{0746492E-47B6-4251-940C-44462DFD74BB}) (Version: 2.55.0.0 - Microsoft Corporation)
Visual Studio Community 2019 (HKLM-x32\...\8d4d67d9) (Version: 16.4.29905.134 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.10 - VideoLAN)
vs_filehandler_amd64 (HKLM-x32\...\{709D609A-B91C-4C1C-890B-966470991D67}) (Version: 16.4.29709 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{6BC9BFD7-46B4-46CF-B248-DEC2B7E2028B}) (Version: 16.4.29709 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{472A5337-3393-436B-8656-00810D36BD67}) (Version: 16.4.29709 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{EC04CD66-C03A-470D-B0D2-4BBC87F6382D}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Windows Driver Package - Graphics Tablet (WinUsb) USBDevice (04/10/2014 8.33.30.0) (HKLM\...\142118DF51345EA02D2B1583E102C8FB95FD6D52) (Version: 04/10/2014 8.33.30.0 - Graphics Tablet)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinRAR 5.20 (64-разрядная) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Zoom (HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)
Засоби перевірки правопису Microsoft Office 2013 – українська мова (HKLM-x32\...\{90150000-001F-0422-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Средства проверки правописания Microsoft Office 2013 — русский (HKLM-x32\...\{90150000-001F-0419-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Packages:
=========
Cloud Drive! -> C:\Program Files\WindowsApps\5913DefineStudio.CloudDrive_4.9.5.0_x64__jj4r3mnwe2ey2 [2021-01-15] (Define Studio) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad]
Microsoft Remote Desktop -> C:\Program Files\WindowsApps\Microsoft.RemoteDesktop_10.2.1646.0_x64__8wekyb3d8bbwe [2021-01-14] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1102.0_x64__8wekyb3d8bbwe [2021-01-14] (Microsoft Studios) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_20.11214.5532.0_x64__8wekyb3d8bbwe [2021-01-12] (Microsoft Corporation)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2020-04-02] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-01-20] (Microsoft Corporation)
Synaptics TouchPad -> C:\Program Files\WindowsApps\SynapticsIncorporated.SynHPConsumerDApp_19005.35054.0.0_x64__807d65c4rvak2 [2020-10-14] (Synaptics Incorporated)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2223184529-1837807021-1881898419-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\help\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20275.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2223184529-1837807021-1881898419-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\help\AppData\Local\GoToMeeting\18962\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
CustomCLSID: HKU\S-1-5-21-2223184529-1837807021-1881898419-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\help\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-15] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-04-17] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki131191.inf_amd64_d668106cb6f2eae0\igfxDTCM.dll [2019-02-25] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-15] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.mjpg] => C:\WINDOWS\system32\bdmjpeg64.dll [17920 2011-09-19] () [File not signed]
HKLM\...\Drivers32: [vidc.mpeg] => C:\WINDOWS\system32\bdmpegv64.dll [62464 2011-09-19] () [File not signed]
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\WINDOWS\system32\bdmpega64.acm [62976 2011-09-19] () [File not signed]
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [15360 2011-09-19] () [File not signed]
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [58368 2011-09-19] () [File not signed]
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [58368 2011-09-19] () [File not signed]
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\help\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Дополнительные возможности.lnk -> C:\Windows\System32\fodhelper.exe (Microsoft Corporation) <==== Cyrillic
ShortcutWithArgument: C:\Users\help\Desktop\Saadat Y\lessons\Seadet - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\help\Desktop\Saadat Y\lessons\Sechenov Online.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=pndcfhhheooopfkgicbdcemgikagkgee
ShortcutWithArgument: C:\Users\help\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Отправка в OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation) -> /tsr <==== Cyrillic
ShortcutWithArgument: C:\Users\help\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sechenov Online.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=pndcfhhheooopfkgicbdcemgikagkgee
ShortcutWithArgument: C:\Users\help\AppData\Roaming\Microsoft\Windows\SendTo\Получатель факса.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo <==== Cyrillic
==================== Loaded Modules (Whitelisted) =============
2016-09-14 03:28 - 2016-09-14 03:28 - 000011776 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 002013696 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-14 03:29 - 2016-09-14 03:29 - 000739840 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-14 03:29 - 2016-09-14 03:29 - 000191488 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2016-09-14 03:29 - 2016-09-14 03:29 - 000071168 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-14 03:29 - 2016-09-14 03:29 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2017-04-17 07:40 - 2017-04-17 07:40 - 000851456 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\CNext\CNext\atiacm64.dll
2017-04-17 07:40 - 2017-04-17 07:40 - 000004608 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\CNext\CNext\atiamenu.dll
2021-01-12 19:50 - 2020-04-21 08:51 - 000221184 _____ (Graphics Tablet) [File not signed] C:\WINDOWS\system32\wintab32.dll
2020-09-05 08:56 - 2015-02-27 14:35 - 000489984 _____ (Newtonsoft) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.2.222\Newtonsoft.Json.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000049664 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qdds.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000029696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000037376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000459776 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjp2.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000236544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000275456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qmng.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000023552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000022528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000351744 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtiff.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000374784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 001212416 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2016-09-14 03:27 - 2016-09-14 03:27 - 000912384 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll
2016-09-14 03:27 - 2016-09-14 03:27 - 005496320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2016-09-14 03:27 - 2016-09-14 03:27 - 005804544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2016-09-14 03:27 - 2016-09-14 03:27 - 001061376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2016-09-14 03:27 - 2016-09-14 03:27 - 003187712 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2016-09-14 03:27 - 2016-09-14 03:27 - 002924544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2016-09-14 03:27 - 2016-09-14 03:27 - 000310784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 005444608 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000277504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000193024 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2020-09-05 08:56 - 2017-03-01 14:30 - 000087040 _____ (Wondershare) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.2.222\WsAppCollect.dll
2020-09-05 08:56 - 2017-03-01 14:30 - 000197632 _____ (Wondershare) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.2.222\WsAppCommon.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Public\AppData:CSM [476]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [234]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10454__171219__yaie
SearchScopes: HKU\S-1-5-21-2223184529-1837807021-1881898419-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10454__171219__yaie&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-21] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-21] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\localhost -> localhost
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-07-16 15:47 - 2019-10-19 13:25 - 000000826 _____ C:\WINDOWS\system32\drivers\etc\hosts
2020-12-05 13:52 - 2020-12-05 13:52 - 000000521 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
192.168.137.1 DESKTOP-7AS2TU1.mshome.net # 2025 12 4 4 9 52 49 93
192.168.137.247 HUAWEI_P20_lite-f10eba60b.mshome.net # 2020 12 6 12 9 52 49 93
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\WINDOWS\System32\OpenSSH\;C:\Users\help\AppData\Local\Programs\Python\Python37-32\Scripts\;C:\Users\help\AppData\Local\Programs\Python\Python37-32\;C:\Users\help\AppData\Local\Microsoft\WindowsApps;C:\Program Files\JetBrains\PyCharm Community Edition 2019.20\bin;C:\Program Files\JetBrains\PyCharm Community Edition 2020.1\bin;C:\Users\help\adb;C:\adb;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\help\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\wallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "egui"
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\StartupApproved\StartupFolder: => "Отправка в OneNote.lnk"
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{5F81F707-46E7-4820-9504-10526DD6C009}C:\users\help\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\help\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{0A687651-1AAC-46E7-AA9A-9F085039D220}C:\users\help\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\help\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CE1E7F1A-49A5-4BFC-BBD5-EC957619411F}] => (Block) C:\program files (x86)\wondershare\mirrorgo\mirrorgo.exe => No File
FirewallRules: [{2E57C025-9CAB-42FF-9A6B-CBE69972691F}] => (Block) C:\program files (x86)\wondershare\mirrorgo\mirrorgo.exe => No File
FirewallRules: [UDP Query User{1DBEE767-B057-40BE-A564-234D1BCA384F}C:\program files (x86)\wondershare\mirrorgo\mirrorgo.exe] => (Allow) C:\program files (x86)\wondershare\mirrorgo\mirrorgo.exe => No File
FirewallRules: [TCP Query User{CBB85DD2-D721-4D8E-9702-5AEC4E4F0172}C:\program files (x86)\wondershare\mirrorgo\mirrorgo.exe] => (Allow) C:\program files (x86)\wondershare\mirrorgo\mirrorgo.exe => No File
FirewallRules: [UDP Query User{6992BEDF-5023-49FF-BC4C-4CFCED1EAF65}C:\program files\jetbrains\pycharm community edition 2020.1\bin\pycharm64.exe] => (Block) C:\program files\jetbrains\pycharm community edition 2020.1\bin\pycharm64.exe => No File
FirewallRules: [TCP Query User{591BFC78-5263-448C-A2BE-3A5AC6359B7E}C:\program files\jetbrains\pycharm community edition 2020.1\bin\pycharm64.exe] => (Block) C:\program files\jetbrains\pycharm community edition 2020.1\bin\pycharm64.exe => No File
FirewallRules: [{D612CFFB-F4DC-4719-8F78-0BADD147D5F2}] => (Block) C:\program files (x86)\soundwire server\soundwireserver.exe => No File
FirewallRules: [{E0EB25EA-4C50-45EC-BD93-CBC10E10BCBA}] => (Block) C:\program files (x86)\soundwire server\soundwireserver.exe => No File
FirewallRules: [UDP Query User{B0CCEB72-A155-4513-BA32-FBA987A93761}C:\program files (x86)\soundwire server\soundwireserver.exe] => (Allow) C:\program files (x86)\soundwire server\soundwireserver.exe => No File
FirewallRules: [TCP Query User{7736FD19-4E74-4BF6-A2BF-00AEF716E946}C:\program files (x86)\soundwire server\soundwireserver.exe] => (Allow) C:\program files (x86)\soundwire server\soundwireserver.exe => No File
FirewallRules: [{B9DF4D34-1BF5-4D3D-9C47-E3E73146D432}] => (Allow) C:\Users\help\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{64F931AD-E661-446E-9382-F7DAF9E1FC32}] => (Allow) C:\Users\help\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{D0BCEFEA-5817-4D6B-A55E-F9F029004BB6}] => (Allow) C:\Users\help\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{0EE148A4-591F-4765-B350-6FFFB2779702}] => (Allow) C:\Users\help\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [UDP Query User{55EE36FA-ACE7-4221-B106-07AE3BD6335F}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{EE0F5984-4967-4A70-9A7F-A0740BB9F3EC}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B2C2A20F-4B3D-4658-BE34-E6AB33D34BCB}] => (Allow) C:\Program Files (x86)\DroidCam\DroidCamApp.exe (DEV47 APPS -> )
FirewallRules: [{B4C61775-1FFC-44AF-917F-F0B55771E95C}] => (Allow) C:\Program Files (x86)\DroidCam\DroidCamApp.exe (DEV47 APPS -> )
FirewallRules: [{BB1DB2CC-6858-4AED-B64B-66E7CEC8930C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9401FB36-B146-44D8-8430-702F986A19A0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{426810FB-5151-48CC-8F6C-A670096F7941}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{66D6F477-B805-484C-BD5D-403A4CD30014}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => No File
FirewallRules: [UDP Query User{0E9C4FDD-696D-4D08-8E97-F39C63FDA543}C:\program files\jetbrains\pycharm community edition 2019.20\bin\pycharm64.exe] => (Block) C:\program files\jetbrains\pycharm community edition 2019.20\bin\pycharm64.exe => No File
FirewallRules: [TCP Query User{A978BB73-D675-44FB-AF6B-51E43E4BFEE8}C:\program files\jetbrains\pycharm community edition 2019.20\bin\pycharm64.exe] => (Block) C:\program files\jetbrains\pycharm community edition 2019.20\bin\pycharm64.exe => No File
FirewallRules: [UDP Query User{FB58B154-ADCF-4DA6-A92E-905856D2DC9E}C:\program files\jetbrains\pycharm community edition 2019.2\bin\pycharm64.exe] => (Block) C:\program files\jetbrains\pycharm community edition 2019.2\bin\pycharm64.exe => No File
FirewallRules: [TCP Query User{0C0DF857-C0F3-4F22-A850-2F6A8E91770D}C:\program files\jetbrains\pycharm community edition 2019.2\bin\pycharm64.exe] => (Block) C:\program files\jetbrains\pycharm community edition 2019.2\bin\pycharm64.exe => No File
FirewallRules: [UDP Query User{5429ECDC-381E-46A8-A7DE-F988A9AC91B3}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [TCP Query User{F44093D0-9C69-4D36-AFAE-907030F86951}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [{CC3CE764-A119-4DCB-B1E4-F4A0FA5AB4F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe () [File not signed]
FirewallRules: [{F92185F8-FF3F-47BC-85EC-D07580D9C3B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe () [File not signed]
FirewallRules: [{F9E56848-9984-4165-AACC-97C9D6BEC40B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{B24FBEEF-5F97-471E-9B32-7EF16A906D37}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{28088C6B-9479-47C1-8CD8-E01FB345DF5C}] => (Allow) C:\Program Files (x86)\TAM Game\PointBlank\PointBlank.exe (Zepetto -> )
FirewallRules: [{C981B3F3-C26A-4BB7-A3B5-37CF47E5BD8A}] => (Allow) C:\Program Files (x86)\TAM Game\PointBlank\PointBlank.exe (Zepetto -> )
FirewallRules: [UDP Query User{93AA08BE-D44C-4E05-83D5-53A440874E6C}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [TCP Query User{2898FC07-4A1A-414A-8B72-23E4845ECD6F}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [UDP Query User{78DB9BB4-1BE0-422A-A2E7-28A09E044D15}C:\program files\java\jre1.8.0_151\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [TCP Query User{A31AABDA-858E-4456-A59B-5EE34A781AA5}C:\program files\java\jre1.8.0_151\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [UDP Query User{17897952-EF6E-4E5F-B70F-408035D58D66}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe => No File
FirewallRules: [TCP Query User{BFCECCCF-1B66-4466-A71E-186D4F9B4E4F}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe => No File
FirewallRules: [UDP Query User{EA6D0874-661D-4C47-BB4A-7030F649EEE4}C:\program files (x86)\dont.starve.together.v249566\dont starve together v249566\bin\dontstarve_steam.exe] => (Allow) C:\program files (x86)\dont.starve.together.v249566\dont starve together v249566\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [TCP Query User{04E2EC14-29BA-4A24-B36A-B2EF36756E91}C:\program files (x86)\dont.starve.together.v249566\dont starve together v249566\bin\dontstarve_steam.exe] => (Allow) C:\program files (x86)\dont.starve.together.v249566\dont starve together v249566\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [{A78E525E-1932-4C99-BE84-180918451114}] => (Allow) C:\Users\help\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{E143C5DC-E792-4BD1-B396-DC78B9203490}] => (Allow) C:\Users\help\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{C8BC7B14-4B6F-44E8-AE54-DAB46A903A57}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6AABCB8E-E445-49F8-B7A1-438BB4967309}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe => No File
FirewallRules: [{AC83F53F-31DB-4A6B-A850-5AD0253D3178}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe => No File
FirewallRules: [{1D57C5D9-7D38-4CD4-B129-34AE882780EF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe => No File
FirewallRules: [{BCF48A05-B9F0-4E31-816F-ED9E8A9FE8DF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe => No File
FirewallRules: [{19C37E70-F3A2-485A-B559-0B98AED8BF47}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B365B651-2CCF-44B3-8116-356131274260}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{57353597-5C9B-41A5-B7D5-888C753611CF}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{58A86F91-8231-48C8-BC4A-6C82284DB465}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{06B73FE1-0812-4B6C-B488-ECCA14E3CA0E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{6FCA6386-69E8-42E9-A2FF-90801209DF3C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{B830D830-AB36-4E44-9E85-D95C9A4A8EBC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{56EAF88C-B4D8-4E6C-B2F4-22D26ACFD115}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{A3F2F4A0-8EE0-484F-A744-D59D141ADE82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{F011725B-70A2-4FF3-BD47-B1C572E25230}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{31614C76-3828-486F-A60E-7518D5850452}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe (Smartly Dressed Games Ltd. -> ) [File not signed]
FirewallRules: [{68C1CD99-3210-444F-BD4E-0DAAADD92C7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe (Smartly Dressed Games Ltd. -> ) [File not signed]
FirewallRules: [TCP Query User{F7F5A6E4-8CB3-4159-A0BA-71F221E08173}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe => No File
FirewallRules: [UDP Query User{26AAF99B-C3D4-47AB-9339-1E7C2F1AF31C}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe => No File
FirewallRules: [{31B92505-5861-4AFF-B116-06A8A23D21D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe (Firaxis Games) [File not signed]
FirewallRules: [{AA3A9156-626B-42B7-900C-CE06E5CA0994}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe (Firaxis Games) [File not signed]
FirewallRules: [TCP Query User{F3C80447-0C02-4A89-A9B4-8B7FFD09B6D2}C:\program files\java\jre1.8.0_151\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [UDP Query User{6F550524-9CA9-40B9-AEB9-439DFED9C6E9}C:\program files\java\jre1.8.0_151\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [{37BA80D1-B251-41C7-BAE1-38AE120E61C4}] => (Allow) C:\Program Files (x86)\TAM Game\PointBlank\PointBlank.exe (Zepetto -> )
FirewallRules: [{C2D75A47-4E36-469E-88C1-0132464DC01E}] => (Allow) C:\Program Files (x86)\TAM Game\PointBlank\PointBlank.exe (Zepetto -> )
FirewallRules: [TCP Query User{78280EF7-F07D-42FD-A2EB-31482C676F16}C:\program files (x86)\twomon pc program\twomon pc program.exe] => (Allow) C:\program files (x86)\twomon pc program\twomon pc program.exe (DEVGURU Co., Ltd. -> DEVGURU Co., LTD.(www.devguru.co.kr))
FirewallRules: [UDP Query User{B36A9B3B-10EC-4B47-AECE-240925084E29}C:\program files (x86)\twomon pc program\twomon pc program.exe] => (Allow) C:\program files (x86)\twomon pc program\twomon pc program.exe (DEVGURU Co., Ltd. -> DEVGURU Co., LTD.(www.devguru.co.kr))
FirewallRules: [{170EA62A-8F64-4B52-82D7-DB018181833D}] => (Block) C:\program files (x86)\twomon pc program\twomon pc program.exe (DEVGURU Co., Ltd. -> DEVGURU Co., LTD.(www.devguru.co.kr))
FirewallRules: [{DD9EC7B6-4057-4239-B533-B349E4AF968B}] => (Block) C:\program files (x86)\twomon pc program\twomon pc program.exe (DEVGURU Co., Ltd. -> DEVGURU Co., LTD.(www.devguru.co.kr))
FirewallRules: [{27C86693-A2FD-4503-901C-72300BF9A78A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D04ABD14-DD7F-49D3-823C-057B32C4FAB9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C85F3B0E-3E60-41E7-958F-5167A4BF60AD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1D881A71-58B9-48BE-947C-01A7C8B90468}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B7739A70-A52C-4B99-9499-1483FC28E9FB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{21F61028-2E0B-4F37-8FD3-89AA74F3884B}] => (Allow) C:\Users\help\AppData\Local\Temp\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{A8481366-F3E4-4EA1-9769-AD249664A6DD}] => (Allow) C:\Users\help\AppData\Local\Temp\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
==================== Restore Points =========================
05-01-2021 13:23:28 Installed Microsoft Visual C++ 2005 Redistributable
13-01-2021 20:36:57 Запланированная контрольная точка
15-01-2021 13:47:20 Installed gdiview
==================== Faulty Device Manager Devices ============
Name: LogMeIn Hamachi Virtual Ethernet Adapter
Description: LogMeIn Hamachi Virtual Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn Inc.
Service: Hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: ========================
Application errors:
==================
Error: (01/15/2021 04:31:34 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (10484,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (01/15/2021 04:23:06 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4524,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (01/15/2021 04:19:58 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (01/15/2021 04:17:30 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (01/15/2021 04:16:05 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Error: (01/15/2021 03:57:51 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2644,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (01/15/2021 03:52:23 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (01/15/2021 03:52:02 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable
System errors:
=============
Error: (01/15/2021 04:10:42 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error:
Access is denied.
Error: (01/15/2021 04:10:41 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
Access is denied.
Error: (01/15/2021 04:10:41 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
Access is denied.
Error: (01/15/2021 04:10:41 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
Access is denied.
Error: (01/15/2021 04:10:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Антивирусная программа "Защитника Windows" service terminated with the following error:
General access denied error
Error: (01/15/2021 04:10:41 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
Access is denied.
Error: (01/15/2021 04:10:41 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for ImagePath with the following error:
Access is denied.
Error: (01/15/2021 04:10:40 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Security with the following error:
Access is denied.
Windows Defender:
===================================
Date: 2021-01-15 13:49:49.473
Description:
???????????? ????????? "???????? Windows" has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Wacatac.G!ml
ID: 2147749376
Severity: ???????????
Category: ?????
Path: file:_C:\Users\help\AppData\Local\Temp\23E04C4F32EF2158.exe
Detection Origin: ????????? ?????????
Detection Type: FastPath
Detection Source: ???????
Process Name: Unknown
Security intelligence Version: AV: 1.329.2160.0, AS: 1.329.2160.0, NIS: 1.329.2160.0
Engine Version: AM: 1.1.17700.4, NIS: 1.1.17700.4
Date: 2021-01-15 13:49:36.750
Description:
???????????? ????????? "???????? Windows" has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Ymacco.AADB
ID: 2147757202
Severity: ???????????
Category: ?????
Path: file:_C:\Users\help\Desktop\iobit_60016306256a8\FileSetup-v19.26.01.exe
Detection Origin: ????????? ?????????
Detection Type: FastPath
Detection Source: ?????? ? ???????? ???????:
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.329.2160.0, AS: 1.329.2160.0, NIS: 1.329.2160.0
Engine Version: AM: 1.1.17700.4, NIS: 1.1.17700.4
Date: 2021-01-15 13:49:26.842
Description:
???????????? ????????? "???????? Windows" has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Ymacco.AADB
ID: 2147757202
Severity: ???????????
Category: ?????
Path: file:_C:\Users\help\AppData\Local\Temp\7882645F6AF8B82B.exe; process:_pid:3180,ProcessStart:132551776415259433
Detection Origin: ????????? ?????????
Detection Type: FastPath
Detection Source: ???????
Process Name: C:\Users\help\AppData\Local\Temp\7882645F6AF8B82B.exe
Security intelligence Version: AV: 1.329.2160.0, AS: 1.329.2160.0, NIS: 1.329.2160.0
Engine Version: AM: 1.1.17700.4, NIS: 1.1.17700.4
Date: 2021-01-15 13:49:05.919
Description:
???????????? ????????? "???????? Windows" has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Ymacco.AADB
ID: 2147757202
Severity: ???????????
Category: ?????
Path: file:_C:\Users\help\Desktop\iobit_60016306256a8\FileSetup-v19.26.01.exe
Detection Origin: ????????? ?????????
Detection Type: FastPath
Detection Source: ?????? ? ???????? ???????:
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.329.2160.0, AS: 1.329.2160.0, NIS: 1.329.2160.0
Engine Version: AM: 1.1.17700.4, NIS: 1.1.17700.4
Date: 2021-01-15 13:47:51.234
Description:
???????????? ????????? "???????? Windows" has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Ymacco.AADB
ID: 2147757202
Severity: ???????????
Category: ?????
Path: file:_C:\Users\help\AppData\Local\Temp\7882645F6AF8B82B.exe
Detection Origin: ????????? ?????????
Detection Type: FastPath
Detection Source: ???????
Process Name: Unknown
Security intelligence Version: AV: 1.329.2160.0, AS: 1.329.2160.0, NIS: 1.329.2160.0
Engine Version: AM: 1.1.17700.4, NIS: 1.1.17700.4
Date: 2021-01-15 14:17:15.644
Description:
???????????? ????????? "???????? Windows" has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2219.0
Update Source: ?????? ?????? ?????????? ??????????
Security intelligence Type: ???????????? ?????????
Update Type: ??????
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x8024402c
Error description: ????????? ??????????? ?????? ??? ???????? ??????? ??????????. ?????????????? ???????? ?? ????????? ? ??????????? ?????????? ????? ????? ? ?????? ??????? ? ?????????.
Date: 2020-12-31 13:46:08.924
Description:
???????????? ????????? "???????? Windows" has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.545.0
Update Source: ????? ?????????? ?? ?????? ?? ??????????? ????????
Security intelligence Type: ???????????? ?????????
Update Type: ??????
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee7
Error description: ?? ??????? ????????? ??? ??? ????? ???????
Date: 2020-12-31 13:46:08.923
Description:
???????????? ????????? "???????? Windows" has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.545.0
Update Source: ????? ?????????? ?? ?????? ?? ??????????? ????????
Security intelligence Type: ????????????? ?????????
Update Type: ??????
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee7
Error description: ?? ??????? ????????? ??? ??? ????? ???????
Date: 2020-12-31 13:46:08.922
Description:
???????????? ????????? "???????? Windows" has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.545.0
Update Source: ????? ?????????? ?? ?????? ?? ??????????? ????????
Security intelligence Type: ???????????? ?????????
Update Type: ??????
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee7
Error description: ?? ??????? ????????? ??? ??? ????? ???????
Date: 2020-12-31 13:46:08.914
Description:
???????????? ????????? "???????? Windows" has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.545.0
Update Source: ????? ?????????? ?? ?????? ?? ??????????? ????????
Security intelligence Type: ???????????? ?????????
Update Type: ??????
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee7
Error description: ?? ??????? ????????? ??? ??? ????? ???????
CodeIntegrity:
===================================
Date: 2021-01-15 15:22:02.193
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2021-01-15 15:22:02.164
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2021-01-15 15:22:02.152
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2021-01-15 15:22:02.126
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2021-01-15 15:22:01.570
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2021-01-15 15:22:01.329
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2021-01-15 15:21:54.898
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2021-01-15 15:21:42.961
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: Insyde F.22 07/24/2017
Motherboard: HP 832B
Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 61%
Total physical RAM: 8108.91 MB
Available physical RAM: 3087.94 MB
Total Virtual: 9388.91 MB
Available Virtual: 4016.49 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:291.58 GB) (Free:178.49 GB) NTFS
Drive d: () (Fixed) (Total:638.54 GB) (Free:635.2 GB) NTFS
\\?\Volume{fc515ad7-0000-0000-0000-100000000000}\ (Зарезервировано системой) (Fixed) (Total:0.49 GB) (Free:0.44 GB) NTFS
\\?\Volume{fc515ad7-0000-0000-0000-600449000000}\ () (Fixed) (Total:0.9 GB) (Free:0.33 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: FC515AD7)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=291.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=922 MB) - (Type=27)
Partition 4: (Not Active) - (Size=638.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================
Last edited by a moderator: