How do I remove searchgoose?

Status
Not open for further replies.
BottledSyrup

BottledSyrup

Level 1
Thread author
May 10, 2021
21
I've tried using Hitmanpro and Start emergency kit scanner but It still doesn't remove it. I've also reset the settings to original, but it still appears.
 
  • Like
Reactions: Nevi
struppigel

struppigel

Super Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
667
Hello BottleSyrup

I am Karsten and will help you with any malware-related problems.

Please familiarize yourself with the following ground rules before you start.
  • Read my instructions thoroughly, carry out each step in the given order.
  • Do not make any changes to your system, or run any tools other than those I provided. Do not delete, fix, uninstall, or install anything unless I tell you to.
  • If you are unsure about anything or if you encounter any problems, please stop and inform me about it.
  • Stick with me until I tell you that your computer is clean. Absence of symptoms does not mean that your computer is free of malware.
  • Back up important files before we start.
  • Note: On weekends I might be slow to reply
-------------------------------------------------------------------

Farbar Recovery Scan Tool (FRST) Scan
  • Please download Farbar Recovery Scan Tool and save the file to your Desktop. (Note: choose the right version, 64 or 32 bit, for your operating system, only one will run)
  • Double-click FRST64.exe to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Attach both logs in your next reply.
 
  • Like
Reactions: Nevi and BottledSyrup
BottledSyrup

BottledSyrup

Level 1
Thread author
May 10, 2021
21
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-05-2021
Ran by Yroqu (administrator) on DESKTOP-ML5MUKB (Dell Inc. Inspiron 5490 AIO) (16-05-2021 03:44:15)
Running from C:\Users\Yroqu\Downloads
Loaded Profiles: Yroqu
Platform: Windows 10 Home Version 2004 19041.985 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\Dell\DELLOSD\DellOSDService.exe
() [File not signed] C:\Program Files (x86)\Dell\DELLOSD\MediaButtons.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\avgToolsSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe <3>
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\TuneUp\TuneupSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\TuneUp\TuneupUI.exe <3>
(Dell Inc -> ) C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe
(Dell Inc -> Dell INC.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Discord Inc. -> Discord Inc.) C:\Users\Yroqu\AppData\Local\Discord\app-1.0.9001\Discord.exe <6>
(Emsisoft Ltd -> Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Emsisoft Ltd -> Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\eppwsc.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <34>
(INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6ctt\IGCC.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_0b214be229a13e84\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_bfc6bc9032ffdf1f\LMS.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_efb119a73d6b56f6\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_efb119a73d6b56f6\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_577b4722c749a41f\OneApp.IGCC.WinService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_607ab7d80643c793\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_607ab7d80643c793\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_42f9d9bfb72d84cf\RstMwService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\CSP\4.1.106.0\McCSPServiceHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <3>
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\MSM\McSmtFwk.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_20_12\mcapexe.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MAT\McPvTray.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Yroqu\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Yroqu\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2103.17603.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(OOO Online Center -> Floomby) C:\Program Files (x86)\Floomby\floomby.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <3>
(Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe
(Rivet Networks LLC -> DELL) C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe
(Rivet Networks LLC -> Rivet Networks LLC) C:\Program Files\Rivet Networks\SmartByte\RAPS.exe
(Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe
(Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
(Rivet Networks LLC -> Rivet Networks, LLC.) C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe
(Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\IAS\IntelAudioService.exe
(SurfRight B.V. -> SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_b4384d7b6d69cda4\WavesSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_b4384d7b6d69cda4\WavesSysSvc64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [1093872 2020-04-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Windows\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_b4384d7b6d69cda4\WavesSvc64.exe [1594456 2019-12-13] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [TuneupUI.exe] => C:\Program Files\AVG\TuneUp\TuneupUI.exe [2447104 2021-03-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [166144 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [353408 2021-04-27] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM\...\Run: [Emsisoft Anti-Malware] => C:\Program Files\Emsisoft Anti-Malware\a2guard.exe [9249448 2021-05-09] (Emsisoft Ltd -> Emsisoft Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-16] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2286517863-2150365057-2533688822-1001\...\Run: [Steam] => C:\Users\Yroqu\Downloads\New folder\steam.exe [4087528 2021-04-12] (Valve -> Valve Corporation)
HKU\S-1-5-21-2286517863-2150365057-2533688822-1001\...\Run: [Discord] => C:\Users\Yroqu\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2286517863-2150365057-2533688822-1001\...\Run: [Floomby] => C:\Program Files (x86)\Floomby\floomby.exe [4126528 2020-10-27] (OOO Online Center -> Floomby)
HKU\S-1-5-21-2286517863-2150365057-2533688822-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [33029600 2021-05-13] (Epic Games Inc. -> Epic Games, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\90.0.4430.212\Installer\chrmstp.exe [2021-05-12] (Google LLC -> Google LLC)
BootExecute: autocheck autochk * icarus_rvrt.exebootdelete
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D108733-DBC6-4CBD-93CE-CBC6E989CCF5} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [740760 2021-03-31] (McAfee, LLC -> McAfee, LLC)
Task: {1D7DF654-4B66-490C-BCA0-3D2C0B870655} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23103392 2021-04-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {228BA314-2E92-4E3F-B67C-9EBE885E5D15} - System32\Tasks\AVG\AVG TuneUp BugReport => C:\Program Files\AVG\TuneUp\AvBugReport.exe [4665600 2021-03-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) -> --send "dumps|report" --silent --product 74 --programpath "C:\Program Files\AVG\TuneUp\Setup\.." --configpath "C:\Program Files\AVG\TuneUp\Setup" --path "C:\ProgramData\AVG\TuneUp\log" --path "C:\ProgramData\AVG\Icarus\Logs" --guid 726494cb-c045-4ab5-a94a-46fee441fe75
Task: {46F5C027-ACDD-49A5-9887-C8695354CF21} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-11-21] (Google LLC -> Google LLC)
Task: {6E0D4722-42B8-42B9-A338-4D5779635CCA} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [4747008 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {9A17D109-C0EF-4074-AE5D-9215A1107F70} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1821968 2021-04-30] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {9B1B8930-F184-4022-A15B-EAC547585B37} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [995848 2021-03-29] (McAfee, LLC -> McAfee, LLC)
Task: {A72BFA3C-4215-4308-A97F-D8306C21B24F} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.6.102\DADUpdater.exe [4114728 2021-04-26] (McAfee, LLC -> McAfee, LLC)
Task: {ADFC5DBB-DDB9-42AC-B195-241FADB5D3BA} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141152 2021-05-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {B27BA324-DCFE-4FDF-9E12-D784E6DB2C3E} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [95072 2020-08-14] (Rivet Networks LLC -> DELL)
Task: {BDF9F6F8-E6DF-4D94-A454-82045B4F55FC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-11-21] (Google LLC -> Google LLC)
Task: {CF1DF855-CD45-43EB-B526-5AEC0B84E677} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23103392 2021-04-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {DF3B087B-F5A5-4D2F-8C4C-4F64C53D6CA6} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141152 2021-05-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {E3635340-23A9-42C6-8FD0-0B4E17232113} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4630104 2021-02-03] (McAfee, LLC -> McAfee, LLC)
Task: {E8236AB2-4B80-43C3-BB64-7394C02C6ED4} - System32\Tasks\AVG\AVG TuneUp Update => C:\Program Files\Common Files\AVG\Icarus\avg-tu\icarus.exe [5546240 2021-03-08] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {F1ED7AAF-5E8C-4322-A1C0-B1EBDCDE7D5C} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1058336 2021-04-21] (Dell Inc -> Dell Inc.)
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {F2EBC21F-8A2E-4F85-B9E9-3D48D075DBC0} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [995848 2021-03-29] (McAfee, LLC -> McAfee, LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{289db161-028e-4fa2-9c8b-5f4dd598079d}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Yroqu\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-16]
Edge StartupUrls: Default -> "hxxps://www.searchgoose.com/?path=chrome/newtab&u=88b27879b69dcd52&subid=11118&channel=1"
Edge DefaultSearchURL: Default -> {bing:baseURL}search?q={searchTerms}&{bing:cvid}{google:assistedQueryStats}
Edge Profile: C:\Users\Yroqu\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2021-05-14]
Edge StartupUrls: Profile 1 -> "hxxps://www.searchgoose.com/?path=chrome/newtab&u=88b27879b69dcd52&subid=11118&channel=1"
Edge DefaultSearchURL: Profile 1 -> hxxps://www.search-fine.com/search?subid=11118&u=88b27879b69dcd52&channel=1&keyword={searchTerms}
Edge DefaultSearchKeyword: Profile 1 -> Google
Edge DefaultNewTabURL: Profile 1 -> hxxps://www.searchgoose.com/?path=chrome/newtab&u=88b27879b69dcd52&subid=11118&channel=1
Edge DefaultSuggestURL: Profile 1 -> hxxps://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316

FireFox:
========
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSKHKLM => not found
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2021-04-20] [Legacy] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-12-31] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-12-31] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2021-03-31] (McAfee, LLC -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2021-03-31] (McAfee, LLC -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default [2021-05-16]
CHR DefaultSearchURL: Default -> hxxps://open.scdn.co/cdn/images/icons/Spotify_16.aa3775a0.png
CHR Extension: (Slides) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-21]
CHR Extension: (Docs) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-21]
CHR Extension: (Google Drive) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-21]
CHR Extension: (YouTube) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-21]
CHR Extension: (WasteNoTime) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\enebomhlllfaccbelnjhfgblnalofhch [2020-11-23]
CHR Extension: (Sheets) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-21]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-04-25]
CHR Extension: (Google Docs Offline) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-14]
CHR Extension: (Guardio: Antivirus & Malware Removal) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjfpmkejnolcfklaaddjnckanhhgegla [2021-05-08]
CHR Extension: (Parental Control: Porn Blocker) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmillccnmojidmkhhjngjlalnbhpobcl [2020-11-23]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2021-04-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR Extension: (Spotify) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjibgclleladliembfgfagdaldikeohf [2021-05-03]
CHR Extension: (Gmail) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-21]
CHR Extension: (Chrome Media Router) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-05-03]
CHR Profile: C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\System Profile [2021-05-08]
CHR DefaultSearchKeyword: System Profile -> Google
CHR DefaultNewTabURL: System Profile -> hxxps://www.searchgoose.com/?path=chrome/newtab&u=88b27879b69dcd52&subid=11118&channel=1
CHR DefaultSuggestURL: System Profile -> hxxps://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"GameModernGo" => service was unlocked. <==== ATTENTION

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [11007088 2021-05-09] (Emsisoft Ltd -> Emsisoft Ltd)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [607488 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [356608 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [7941688 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109480 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8901968 2021-05-03] (BattlEye Innovations e.K. -> )
R2 CleanupPSvc; C:\Program Files\AVG\TuneUp\TuneupSvc.exe [12421888 2021-03-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8798600 2021-04-28] (Microsoft Corporation -> Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [422128 2021-03-09] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3975712 2021-03-09] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [623136 2021-03-09] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 Dell Digital Delivery Services; C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe [48832 2020-11-19] (Dell Inc -> )
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe [1009264 2021-03-30] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [19128 2021-04-01] (Dell Inc -> Dell INC.)
R2 Dell WMI Service; C:\Program Files (x86)\Dell\DELLOSD\DellOSDService.exe [118784 2019-10-08] () [File not signed]
S2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38592 2021-01-19] (Dell Inc -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [818304 2021-05-03] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [926176 2021-03-16] (Epic Games Inc. -> Epic Games, Inc.)
R2 EppWsc; C:\Program Files\Emsisoft Anti-Malware\EppWsc.exe [1545368 2021-05-09] (Emsisoft Ltd -> Emsisoft Ltd)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [151496 2021-05-09] (SurfRight B.V. -> SurfRight B.V.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7391408 2021-05-08] (Malwarebytes Inc -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [971976 2021-05-13] (McAfee, LLC -> McAfee, LLC)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_20_12\McApExe.exe [780032 2021-03-31] (McAfee, LLC -> McAfee, LLC)
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [584296 2020-02-06] (McAfee, LLC. -> McAfee, LLC.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\4.1.106.0\\McCSPServiceHost.exe [2787160 2021-03-29] (McAfee, LLC -> McAfee, LLC)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [645736 2020-12-10] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [645736 2020-12-10] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [645736 2020-12-10] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1631736 2021-03-29] (McAfee, LLC -> McAfee, LLC)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [4241112 2021-03-29] (McAfee, LLC -> McAfee, LLC)
R2 RAPSService; C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe [64848 2020-08-14] (Rivet Networks LLC -> Rivet Networks, LLC.)
S3 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [64856 2020-08-14] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 SmartByte Analytics Service; C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe [1630576 2020-08-14] (Rivet Networks LLC -> Rivet Networks)
R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2385256 2020-08-14] (Rivet Networks LLC -> Rivet Networks)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39968 2021-04-21] (Dell Inc -> Dell Inc.)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10301672 2021-04-27] (Riot Games, Inc. -> Riot Games, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 GameModernGo; C:\Program Files (x86)\GameModernGo\GameModernGo.exe -system -token 3ee86e [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avgArDisk; C:\Windows\System32\drivers\avgArDisk.sys [35816 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [212344 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriver.sys [365112 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsh.sys [250408 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniv.sys [99384 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgElam; C:\Windows\System32\drivers\avgElam.sys [16816 2021-04-26] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [41432 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [180576 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgNetHub; C:\Windows\System32\drivers\avgNetHub.sys [523032 2021-05-14] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [107920 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [83008 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [850784 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [467840 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [215488 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [327104 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [75712 2020-12-11] (McAfee, Inc. -> McAfee, LLC)
R3 DDDriver; C:\Windows\System32\drivers\dddriver64Dcsa.sys [42376 2020-10-26] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
R1 epp; C:\Program Files\Emsisoft Anti-Malware\epp.sys [155112 2021-05-09] (Microsoft Windows Hardware Compatibility Publisher -> Emsisoft Ltd)
R0 eppdisk; C:\Windows\System32\drivers\eppdisk.sys [37776 2021-05-09] (Emsisoft Ltd -> Emsisoft Ltd)
S0 EppElam; C:\Windows\System32\drivers\EppElam.sys [16808 2021-05-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Emsisoft Ltd)
R1 eppwfp; C:\Program Files\Emsisoft Anti-Malware\eppwfp.sys [126968 2021-05-09] (Microsoft Windows Hardware Compatibility Publisher -> Emsisoft Ltd)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [218960 2020-05-26] (McAfee, LLC -> McAfee, Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220752 2021-05-08] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-05-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-05-10] (Malwarebytes Inc -> Malwarebytes)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [89112 2021-01-18] (McAfee, LLC -> McAfee, LLC)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [544704 2020-12-11] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [385984 2020-12-11] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [85944 2020-12-11] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522176 2020-12-11] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [1027520 2020-12-11] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [608192 2020-12-17] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [107968 2020-12-17] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [116672 2020-12-11] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [252352 2020-12-11] (McAfee, Inc. -> McAfee, LLC)
R3 SmbCoSvc; C:\Windows\system32\DRIVERS\SmbCo10X64.sys [164424 2020-08-14] (Rivet Networks LLC -> Rivet Networks, LLC.)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [6438816 2021-04-27] (Riot Games, Inc. -> Riot Games, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
U1 avgbdisk; no ImagePath
S4 DBUtilDrv2; \SystemRoot\System32\drivers\DBUtilDrv2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-16 03:44 - 2021-05-16 03:46 - 000032363 _____ C:\Users\Yroqu\Downloads\FRST.txt
2021-05-16 03:43 - 2021-05-16 03:45 - 000000000 ____D C:\FRST
2021-05-16 03:42 - 2021-05-16 03:42 - 002299392 _____ (Farbar) C:\Users\Yroqu\Downloads\FRST64.exe
2021-05-16 03:39 - 2021-05-16 03:39 - 000913228 _____ C:\Users\Yroqu\Downloads\BSL_v8.0.01.zip
2021-05-13 00:08 - 2021-05-13 00:08 - 001687040 _____ C:\Windows\system32\libcrypto.dll
2021-05-13 00:07 - 2021-05-13 00:07 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2021-05-13 00:07 - 2021-05-13 00:07 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2021-05-13 00:07 - 2021-05-13 00:07 - 000700928 _____ C:\Windows\system32\FsNVSDeviceSource.dll
2021-05-13 00:06 - 2021-05-13 00:06 - 001314120 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2021-05-13 00:06 - 2021-05-13 00:06 - 001163776 _____ C:\Windows\system32\MBR2GPT.EXE
2021-05-13 00:06 - 2021-05-13 00:06 - 000011351 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-05-13 00:05 - 2021-05-13 00:05 - 001823816 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-05-13 00:05 - 2021-05-13 00:05 - 001393504 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-05-13 00:05 - 2021-05-13 00:05 - 000060928 _____ C:\Windows\system32\runexehelper.exe
2021-05-13 00:04 - 2021-05-13 00:04 - 000165888 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2021-05-13 00:04 - 2021-05-13 00:04 - 000013312 _____ C:\Windows\system32\agentactivationruntimestarter.exe
2021-05-10 21:40 - 2021-05-10 21:40 - 000000000 ____D C:\Windows\pss
2021-05-10 10:22 - 2021-05-10 10:22 - 000000000 ____D C:\AdwCleaner
2021-05-10 10:21 - 2021-05-10 10:21 - 008534696 _____ (Malwarebytes) C:\Users\Yroqu\Downloads\adwcleaner_8.2.exe
2021-05-10 10:12 - 2021-05-09 21:02 - 000016808 _____ (Emsisoft Ltd) C:\Windows\system32\Drivers\EppElam.sys
2021-05-10 10:11 - 2021-05-10 10:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2021-05-10 10:11 - 2021-05-09 21:02 - 000037776 _____ (Emsisoft Ltd) C:\Windows\system32\Drivers\eppdisk.sys
2021-05-10 10:10 - 2021-05-16 03:00 - 000000000 ____D C:\Program Files\Emsisoft Anti-Malware
2021-05-10 09:32 - 2021-05-10 10:11 - 000000000 ____D C:\ProgramData\Emsisoft
2021-05-10 09:28 - 2021-05-10 21:23 - 000000000 ____D C:\EEK
2021-05-10 09:21 - 2021-05-10 09:23 - 285627104 _____ C:\Users\Yroqu\Downloads\EmsisoftEmergencyKit.exe
2021-05-10 09:02 - 2021-05-10 09:02 - 000005422 _____ C:\Windows\system32\.crusader
2021-05-09 21:08 - 2021-05-09 21:08 - 000001968 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2021-05-09 21:08 - 2021-05-09 21:08 - 000001968 _____ C:\ProgramData\Desktop\HitmanPro.lnk
2021-05-09 21:08 - 2021-05-09 21:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2021-05-09 21:08 - 2021-05-09 21:08 - 000000000 ____D C:\Program Files\HitmanPro
2021-05-09 21:07 - 2021-05-10 09:02 - 000000000 ____D C:\ProgramData\HitmanPro
2021-05-09 21:07 - 2021-05-09 21:07 - 011291072 _____ (SurfRight B.V.) C:\Users\Yroqu\Downloads\hitmanpro_x64.exe
2021-05-09 09:51 - 2021-05-13 21:23 - 000000000 ____D C:\Users\Yroqu\AppData\LocalLow\IGDump
2021-05-08 21:03 - 2021-05-08 21:03 - 000000000 ____D C:\Users\Yroqu\AppData\Local\mbam
2021-05-08 21:02 - 2021-05-10 10:15 - 000002023 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-05-08 21:02 - 2021-05-10 10:15 - 000002023 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-05-08 21:02 - 2021-05-10 09:07 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-05-08 21:02 - 2021-05-08 21:02 - 000220752 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2021-05-08 21:02 - 2021-05-08 21:02 - 000002035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-05-08 21:02 - 2021-05-08 21:01 - 000199128 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-05-08 21:02 - 2021-05-08 21:01 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2021-05-08 21:01 - 2021-05-08 21:01 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-05-08 21:00 - 2021-05-08 21:00 - 002078632 _____ (Malwarebytes) C:\Users\Yroqu\Downloads\MBSetup.exe
2021-05-08 21:00 - 2021-05-08 21:00 - 000000000 ____D C:\Program Files\Malwarebytes
2021-05-08 16:52 - 2021-05-08 16:52 - 000000000 ___SH C:\Users\Public\Shared Files
2021-05-08 16:31 - 2021-05-08 16:31 - 000000000 ____D C:\Users\Yroqu\AppData\Local\DBG
2021-05-08 16:29 - 2021-05-08 16:29 - 000000000 ____D C:\Users\Yroqu\AppData\Local\FortniteGame
2021-05-08 16:29 - 2021-05-08 16:29 - 000000000 ____D C:\Users\Yroqu\AppData\Local\CrashReportClient
2021-05-08 16:29 - 2021-05-08 16:29 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2021-05-03 11:41 - 2021-05-03 11:41 - 000000000 ____D C:\Program Files\Epic Games
2021-05-03 11:27 - 2021-05-08 16:30 - 000000000 ____D C:\Users\Yroqu\AppData\Local\NVIDIA Corporation
2021-05-03 11:21 - 2021-05-03 11:21 - 000000000 ____D C:\Users\Yroqu\AppData\Local\UnrealEngineLauncher
2021-05-03 11:20 - 2021-05-03 11:20 - 000000000 ____D C:\Users\Yroqu\AppData\Local\EpicGamesLauncher
2021-05-03 11:19 - 2021-05-03 11:19 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2021-05-03 11:19 - 2021-05-03 11:19 - 000001258 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2021-05-03 11:19 - 2021-05-03 11:19 - 000001258 _____ C:\ProgramData\Desktop\Epic Games Launcher.lnk
2021-05-03 11:18 - 2021-05-08 16:31 - 000000000 ____D C:\ProgramData\Epic
2021-05-03 11:18 - 2021-05-03 11:22 - 000000000 ____D C:\Program Files (x86)\Epic Games
2021-05-03 11:14 - 2021-05-03 11:15 - 056791040 _____ C:\Users\Yroqu\Downloads\EpicInstaller-12.1.7-fortnite.msi
2021-05-03 07:52 - 2021-05-08 16:29 - 000000000 ____D C:\Users\Yroqu\AppData\Local\UnrealEngine
2021-05-03 07:52 - 2021-05-03 07:52 - 000000000 ____D C:\Users\Yroqu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2021-05-03 07:52 - 2021-05-03 07:52 - 000000000 ____D C:\Users\Yroqu\AppData\Local\VALORANT
2021-05-02 22:09 - 2021-05-15 12:00 - 000000001 _____ C:\Windows\vgkbootstatus.dat
2021-05-02 21:51 - 2021-05-02 21:51 - 000000000 ____D C:\Program Files\Riot Vanguard
2021-05-02 21:47 - 2021-05-02 22:02 - 000001627 _____ C:\Users\Public\Desktop\VALORANT.lnk
2021-05-02 21:47 - 2021-05-02 22:02 - 000001627 _____ C:\ProgramData\Desktop\VALORANT.lnk
2021-05-02 21:47 - 2021-05-02 21:52 - 000000000 ____D C:\Riot Games
2021-05-02 21:47 - 2021-05-02 21:47 - 000000000 ____D C:\Users\Yroqu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Riot Games
2021-05-02 21:47 - 2021-05-02 21:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2021-05-02 21:39 - 2021-05-03 07:58 - 000000000 ____D C:\ProgramData\Riot Games
2021-05-02 21:39 - 2021-05-03 07:51 - 000000000 ____D C:\Users\Yroqu\AppData\Local\Riot Games
2021-05-02 21:37 - 2021-05-02 21:37 - 069069824 _____ (Riot Games, Inc.) C:\Users\Yroqu\Downloads\Install VALORANT.exe
2021-04-26 02:34 - 2021-04-26 02:33 - 000340224 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2021-04-26 02:34 - 2021-04-26 02:33 - 000215488 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2021-04-24 17:01 - 2021-04-24 17:02 - 005924305 _____ C:\Users\Yroqu\Downloads\OptiFine_1.16.5_HD_U_G7.jar
2021-04-21 22:20 - 2021-04-21 22:20 - 000000000 ____D C:\Windows\system32\ICH
2021-04-20 12:04 - 2021-04-20 12:12 - 002450364 _____ C:\Windows\Minidump\042021-55906-01.dmp
2021-04-20 12:04 - 2021-04-20 12:04 - 1866895263 _____ C:\Windows\MEMORY.DMP

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-16 03:47 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-16 03:45 - 2021-01-08 21:35 - 000000000 ____D C:\Users\Yroqu\AppData\Roaming\discord
2021-05-16 03:39 - 2021-01-01 23:41 - 000003310 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{0A010BB3-7C15-4B98-BCBB-F2AA4421B44E}
2021-05-16 03:39 - 2020-12-10 03:08 - 000002258 _____ C:\Windows\system32\Tasks\SmartByte Telemetry
2021-05-16 03:39 - 2020-12-02 11:32 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software
2021-05-16 03:39 - 2020-11-23 00:37 - 000003250 _____ C:\Windows\system32\Tasks\Antivirus Emergency Update
2021-05-16 03:39 - 2020-11-21 19:35 - 000002862 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2286517863-2150365057-2533688822-1001
2021-05-16 03:39 - 2020-11-21 19:34 - 000003346 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-05-16 03:39 - 2020-11-21 19:34 - 000003122 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-05-16 03:39 - 2020-11-10 06:09 - 000003276 _____ C:\Windows\system32\Tasks\Dell SupportAssistAgent AutoUpdate
2021-05-16 03:39 - 2020-11-10 06:08 - 000002660 _____ C:\Windows\system32\Tasks\McAfeeLogon
2021-05-16 03:39 - 2020-11-10 06:06 - 000002650 _____ C:\Windows\system32\Tasks\McAfee Remediation (Prepare)
2021-05-16 03:39 - 2020-10-12 10:28 - 000003408 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-05-16 03:39 - 2020-10-12 10:28 - 000003184 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-05-16 03:24 - 2021-01-08 21:35 - 000000000 ____D C:\Users\Yroqu\AppData\Local\Discord
2021-05-16 02:03 - 2020-12-20 16:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2021-05-16 01:51 - 2020-10-12 10:25 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-05-16 00:59 - 2020-11-21 22:33 - 000000000 ____D C:\Users\Yroqu\AppData\Roaming\.minecraft
2021-05-15 23:48 - 2020-11-23 17:09 - 000000000 ____D C:\Users\Yroqu\AppData\Local\CrashDumps
2021-05-15 15:26 - 2020-11-10 06:07 - 000000000 ____D C:\Windows\system32\Tasks\McAfee
2021-05-15 12:24 - 2020-11-21 19:39 - 000000000 ____D C:\Users\Yroqu\Downloads\New folder
2021-05-15 12:23 - 2020-11-10 06:02 - 000000000 ____D C:\Program Files (x86)\Dell Digital Delivery Services
2021-05-15 12:10 - 2019-12-07 05:13 - 000000000 ____D C:\Windows\INF
2021-05-15 12:05 - 2020-12-02 13:46 - 000749988 _____ C:\Windows\system32\perfh00A.dat
2021-05-15 12:05 - 2020-12-02 13:46 - 000147258 _____ C:\Windows\system32\perfc00A.dat
2021-05-15 12:05 - 2020-11-21 19:35 - 000000000 ___RD C:\Users\Yroqu\OneDrive
2021-05-15 12:05 - 2020-10-12 10:33 - 001683676 _____ C:\Windows\system32\PerfStringBackup.INI
2021-05-15 12:03 - 2020-12-20 17:01 - 000000000 __RSD C:\Users\Yroqu\OneDrive\Documents\McAfee Vaults
2021-05-15 12:02 - 2020-11-21 19:25 - 000000000 __SHD C:\Users\Yroqu\IntelGraphicsProfiles
2021-05-15 12:00 - 2020-11-23 00:04 - 000000000 ____D C:\ProgramData\AVG
2021-05-15 11:58 - 2020-11-10 05:48 - 000000000 ____D C:\Intel
2021-05-15 11:58 - 2020-10-12 10:25 - 000008192 ___SH C:\DumpStack.log.tmp
2021-05-15 11:58 - 2020-10-12 10:25 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-05-15 11:58 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\ServiceState
2021-05-15 11:57 - 2019-12-07 05:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-05-15 10:45 - 2020-10-12 10:28 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-05-15 10:45 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-15 10:45 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\AppReadiness
2021-05-14 23:02 - 2020-10-12 10:29 - 000000000 ____D C:\Program Files\Microsoft Office
2021-05-14 19:52 - 2019-12-07 05:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2021-05-14 19:50 - 2019-12-07 05:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-05-14 19:15 - 2020-11-23 00:37 - 000523032 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNetHub.sys
2021-05-14 19:10 - 2020-10-12 10:25 - 000454288 _____ C:\Windows\system32\FNTCACHE.DAT
2021-05-14 19:08 - 2020-11-21 19:08 - 000000000 ____D C:\Users\Yroqu
2021-05-14 19:05 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2021-05-14 19:05 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-05-14 19:05 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-05-14 19:05 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2021-05-14 19:05 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\es-MX
2021-05-14 19:05 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-05-14 19:05 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SystemResources
2021-05-14 19:04 - 2020-12-02 13:44 - 000000000 ____D C:\Windows\system32\Drivers\es-MX
2021-05-14 19:04 - 2020-12-02 13:44 - 000000000 ____D C:\Windows\es-MX
2021-05-14 19:04 - 2019-12-07 05:50 - 000000000 ____D C:\Windows\system32\OpenSSH
2021-05-14 19:04 - 2019-12-07 05:14 - 000000000 ___RD C:\Windows\PrintDialog
2021-05-14 19:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2021-05-14 19:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2021-05-14 19:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\setup
2021-05-14 19:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\oobe
2021-05-14 19:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\lt-LT
2021-05-14 19:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\es-MX
2021-05-14 19:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\Dism
2021-05-14 19:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\Provisioning
2021-05-14 19:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-05-14 19:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\DiagTrack
2021-05-14 19:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\bcastdvr
2021-05-13 00:25 - 2019-12-07 05:03 - 000000000 ____D C:\Windows\CbsTemp
2021-05-13 00:18 - 2019-12-07 05:52 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll
2021-05-12 23:27 - 2020-11-28 07:48 - 000000000 ____D C:\Windows\system32\MRT
2021-05-12 23:15 - 2020-11-28 07:47 - 132732536 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-05-12 17:05 - 2020-11-21 19:35 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-05-12 17:05 - 2020-11-21 19:35 - 000002208 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-05-12 17:05 - 2020-11-21 19:35 - 000002208 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-05-12 11:02 - 2021-01-08 21:33 - 000000000 ____D C:\Users\Yroqu\AppData\Local\D3DSCache
2021-05-11 20:22 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\LiveKernelReports
2021-05-10 10:12 - 2019-12-07 05:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-05-10 09:05 - 2021-03-21 19:05 - 000000000 ____D C:\Users\defaultuser100000.DESKTOP-ML5MUKB
2021-05-10 09:05 - 2021-03-21 19:02 - 000000000 ____D C:\Users\defaultuser100001
2021-05-10 09:05 - 2021-03-21 18:56 - 000000000 ____D C:\Users\defaultuser100000
2021-05-09 08:33 - 2020-11-10 05:59 - 000000000 ____D C:\ProgramData\Package Cache
2021-05-09 07:32 - 2020-12-31 12:47 - 000000000 ____D C:\Program Files (x86)\HolcusTopicalmgiSoft
2021-05-09 07:25 - 2020-12-31 12:50 - 000000000 ____D C:\Users\Yroqu\AppData\Roaming\Digital Protection Services S.R.L
2021-05-09 07:24 - 2021-01-15 09:11 - 000000000 ____D C:\ProgramData\Digital Protection Services S.R.L
2021-05-08 17:40 - 2020-11-21 21:49 - 000000000 ____D C:\Program Files (x86)\Minecraft Launcher
2021-05-08 16:52 - 2019-12-07 05:14 - 000000000 __SHD C:\Users\Public\Libraries
2021-05-08 12:15 - 2020-11-21 19:08 - 000002369 _____ C:\Users\Yroqu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-05-07 23:49 - 2020-11-10 05:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2021-05-07 23:44 - 2020-11-10 05:58 - 000000000 ____D C:\ProgramData\PCDr
2021-05-07 23:43 - 2020-11-10 05:57 - 000000000 ____D C:\Program Files\Dell
2021-05-07 23:08 - 2020-11-10 06:06 - 000000000 ____D C:\Program Files (x86)\McAfee
2021-05-06 20:04 - 2020-11-21 21:28 - 000000000 ____D C:\Users\Yroqu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2021-04-26 02:33 - 2020-11-23 00:37 - 000850784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2021-04-26 02:33 - 2020-11-23 00:37 - 000467840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2021-04-26 02:33 - 2020-11-23 00:37 - 000365112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriver.sys
2021-04-26 02:33 - 2020-11-23 00:37 - 000327104 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2021-04-26 02:33 - 2020-11-23 00:37 - 000250408 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsh.sys
2021-04-26 02:33 - 2020-11-23 00:37 - 000212344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2021-04-26 02:33 - 2020-11-23 00:37 - 000180576 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2021-04-26 02:33 - 2020-11-23 00:37 - 000107920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2021-04-26 02:33 - 2020-11-23 00:37 - 000099384 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniv.sys
2021-04-26 02:33 - 2020-11-23 00:37 - 000083008 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2021-04-26 02:33 - 2020-11-23 00:37 - 000041432 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgKbd.sys
2021-04-26 02:33 - 2020-11-23 00:37 - 000035816 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArDisk.sys
2021-04-26 02:33 - 2020-11-23 00:37 - 000016816 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgElam.sys
2021-04-23 22:37 - 2020-11-21 21:28 - 000000000 ____D C:\Users\Yroqu\AppData\Local\Roblox
2021-04-22 16:07 - 2020-11-10 06:08 - 000000000 ____D C:\ProgramData\Dell
2021-04-21 13:03 - 2021-01-24 01:25 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-20 12:12 - 2021-03-25 06:09 - 000000000 ____D C:\Windows\Minidump
2021-04-20 12:12 - 2020-11-10 06:06 - 000000000 ____D C:\Program Files\Common Files\McAfee

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 
Last edited by a moderator:
  • Like
Reactions: Nevi
BottledSyrup

BottledSyrup

Level 1
Thread author
May 10, 2021
21
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-05-2021
Ran by Yroqu (16-05-2021 03:47:48)
Running from C:\Users\Yroqu\Downloads
Windows 10 Home Version 2004 19041.985 (X64) (2020-11-22 00:58:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2286517863-2150365057-2533688822-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2286517863-2150365057-2533688822-503 - Limited - Disabled)
Guest (S-1-5-21-2286517863-2150365057-2533688822-501 - Limited - Disabled)
regia (S-1-5-21-2286517863-2150365057-2533688822-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2286517863-2150365057-2533688822-504 - Limited - Disabled)
Yroqu (S-1-5-21-2286517863-2150365057-2533688822-1001 - Administrator - Enabled) => C:\Users\Yroqu

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C}
AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
FW: McAfee Firewall (Enabled) {A57E80C3-3899-292F-ECD6-209A91801C57}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 21.3.3174 - AVG Technologies)
AVG TuneUp (HKLM\...\AVG TuneUp) (Version: 21.1.2523.2006 - AVG)
Dell Digital Delivery Services (HKLM-x32\...\{81C48559-E2EB-4F18-9854-51331B9DB552}) (Version: 4.0.70.0 - Dell Inc.)
Dell Mobile Connect Drivers (HKLM\...\{2D27B76E-8FB1-495B-A61D-FB76349E7E36}) (Version: 3.1.9518 - Screenovate Technologies Ltd.)
Dell SupportAssist (HKLM\...\{5106801D-CA18-4173-85B9-D74C33358F7F}) (Version: 3.9.0.234 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{900D0BCD-0B86-4DAA-B639-89BE70449569}) (Version: 5.4.1.14954 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{ec40a028-983b-4213-af2c-77ed6f6fe1d5}) (Version: 5.4.1.14954 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{E9E87628-7D88-4557-9A80-49B2B4A81460}) (Version: 5.4.1.14954 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{ef6a1215-d616-4e4f-9453-525ed9903031}) (Version: 5.4.1.14954 - Dell Inc.)
Dell Update for Windows 10 (HKLM\...\{41D2D254-D869-4CD8-B440-5DF49083C4BA}) (Version: 4.1.0 - Dell Inc.)
DELLOSD (HKLM-x32\...\{437102ED-22A2-4C3D-BA6B-E5ECAE798DFA}) (Version: 1.0.3.0 - DELL)
Discord (HKU\S-1-5-21-2286517863-2150365057-2533688822-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Dynamic Application Loader Host Interface Service (HKLM\...\{B2B50A9C-3A65-4BDC-AA76-5D7537D8A7D1}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Emsisoft Anti-Malware (HKLM\...\{CA975286-D816-410C-B6C9-F7213CA84695}) (Version: 21.5.0.10896 - Emsisoft Ltd.)
Epic Games Launcher (HKLM-x32\...\{A7BBC0A6-3DB0-41CC-BCED-DDFC5D4F3060}) (Version: 1.2.17.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{0B736177-814A-4ADE-81D1-66A0FDD55BB4}) (Version: 1.1.11.0 - Epic Games, Inc.)
Floomby (HKU\S-1-5-21-2286517863-2150365057-2533688822-1001\...\Floomby) (Version: - Online Center ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.212 - Google LLC)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.22.316 - SurfRight B.V.)
Intel(R) Chipset Device Software (HKLM-x32\...\{4551f75f-3c54-4f09-8221-8c8a061bad00}) (Version: 10.1.18019.8144 - Intel(R) Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1937.14.0.1350 - Intel Corporation)
Java 8 Update 271 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.3.3.116 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.3.116 - Malwarebytes)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R31 - McAfee, LLC)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13929.20372 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.62 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 90.0.818.62 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2286517863-2150365057-2533688822-1001\...\OneDriveSetup.exe) (Version: 21.073.0411.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{27B34E47-68AE-4802-822A-9F0C187AF84A}) (Version: 1.0.0.0 - Mojang)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.9.1 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13929.20372 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13929.20372 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13929.20372 - Microsoft Corporation) Hidden
OneUpdater (HKU\S-1-5-21-2286517863-2150365057-2533688822-1001\...\OneUpdater) (Version: 1.0.0.1 - Clalon Albidus Team)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8929.1 - Realtek Semiconductor Corp.)
Realtek PC Camera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.17763.20082 - Realtek Semiconductor Corp.)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.)
Roblox Player for Yroqu (HKU\S-1-5-21-2286517863-2150365057-2533688822-1001\...\roblox-player) (Version: - Roblox Corporation)
SmartByte Drivers and Services (HKLM\...\{9668B1BB-D0FE-4C0C-800C-B1555E069A62}) (Version: 3.1.940 - Rivet Networks)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
VALORANT (HKU\S-1-5-21-2286517863-2150365057-2533688822-1001\...\Riot Game valorant.live) (Version: - Riot Games, Inc)
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.590 - McAfee, LLC)
Zoom (HKU\S-1-5-21-2286517863-2150365057-2533688822-1001\...\ZoomUMX) (Version: 5.4.3 (58891.1115) - Zoom Video Communications, Inc.)

Packages:
=========
Dell Cinema Guide -> C:\Program Files\WindowsApps\DellInc.DellCinemaGuide_1.0.49.0_x64__htrsf667h5kn2 [2020-11-24] (Dell Inc)
Dell CinemaColor -> C:\Program Files\WindowsApps\PortraitDisplays.DellCinemaColor_2.2.22.0_x64__2dgmkzkw4h30c [2020-11-24] (Portrait Displays)
Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.2.52.0_x64__htrsf667h5kn2 [2021-04-12] (Dell Inc)
Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_4.0.70.0_x64__htrsf667h5kn2 [2021-02-25] (Dell Inc)
Dell Mobile Connect -> C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.2.9771.0_x64__0vhbc3ng4wbp0 [2021-01-24] (Screenovate Technologies) [Startup Task]
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.9.11.0_x64__htrsf667h5kn2 [2021-05-14] (Dell Inc)
Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_4.1.15.0_x86__htrsf667h5kn2 [2021-02-11] (Dell Inc)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96 [2020-11-24] (Dropbox Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_127.1.115.0_x64__v10z8vjag6ke6 [2021-05-11] (HP Inc.)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6ctt [2021-05-14] (INTEL CORP) [Startup Task]
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1015.0_x64__8j3eq9eme6ctt [2021-03-13] (INTEL CORP)
McAfee® Personal Security -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.60.0_x64__wafk5atnkzcwy [2021-02-26] (McAfee LLC.)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.5060.0_x64__8wekyb3d8bbwe [2021-05-10] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2020-05-05] (Microsoft Corporation)
My Dell -> C:\Program Files\WindowsApps\DellInc.MyDell_1.8.40.0_x64__htrsf667h5kn2 [2021-05-08] (Dell Inc)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-11-24] (Netflix, Inc.)
Partner Promo -> C:\Program Files\WindowsApps\DellInc.PartnerPromo_1.0.21.0_x64__htrsf667h5kn2 [2020-11-10] (Dell Inc)
SmartByte -> C:\Program Files\WindowsApps\RivetNetworks.SmartByte_3.1.970.0_x64__rh07ty8m5nkag [2021-05-06] (Rivet Networks LLC)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0 [2021-04-30] (Spotify AB) [Startup Task]
Waves MaxxAudio Pro for Dell 2019 -> C:\Program Files\WindowsApps\WavesAudio.MaxxAudioProforDell2019_2.0.54.0_x64__fh4rh281wavaa [2020-11-10] (Waves Audio)
Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2020-12-24] (Microsoft Corporation) [MS Ad]
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2020-12-07] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2286517863-2150365057-2533688822-1001_Classes\CLSID\{0BAD39CB-DD3E-4F21-9156-649B0156C28E}\localserver32 -> C:\Windows\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_b4384d7b6d69cda4\WavesSvc64.exe (Waves Inc -> Waves Audio Ltd.)
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b31ddd6f2a24807e\OptaneShellExt.dll [2021-02-09] (Intel(R) Rapid Storage Technology -> )
ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2020-11-01] (Notepad++ -> )
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2021-03-31] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU.DLL [2021-05-09] (Emsisoft Ltd -> Emsisoft Ltd)
ContextMenuHandlers2: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU64.DLL [2021-05-09] (Emsisoft Ltd -> Emsisoft Ltd)
ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU.DLL [2021-05-09] (Emsisoft Ltd -> Emsisoft Ltd)
ContextMenuHandlers3: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU64.DLL [2021-05-09] (Emsisoft Ltd -> Emsisoft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-05-08] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b31ddd6f2a24807e\OptaneShellExt.dll [2021-02-09] (Intel(R) Rapid Storage Technology -> )
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU.DLL [2021-05-09] (Emsisoft Ltd -> Emsisoft Ltd)
ContextMenuHandlers6: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU64.DLL [2021-05-09] (Emsisoft Ltd -> Emsisoft Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-05-08] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2021-03-31] (McAfee, LLC -> McAfee, LLC)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Yroqu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Spotify.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=pjibgclleladliembfgfagdaldikeohf
ShortcutWithArgument: C:\Users\Yroqu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Spotify.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=pjibgclleladliembfgfagdaldikeohf

==================== Loaded Modules (Whitelisted) =============

2020-11-19 14:12 - 2020-11-19 14:12 - 000019456 _____ () [File not signed] C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.HSA.Server.dll
2017-03-08 05:13 - 2017-03-08 05:13 - 000491520 _____ () [File not signed] C:\Program Files (x86)\Floomby\graphin.dll
2021-05-08 00:00 - 2021-05-08 00:00 - 042557440 _____ (Intel Corporation) [File not signed] C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6ctt\IGCC.dll
2020-08-14 22:29 - 2020-08-14 22:29 - 000122880 _____ (Rivet Networks) [File not signed] C:\Program Files\Rivet Networks\SmartByte\KillerNetworkServicePS.dll
2020-12-01 01:14 - 2020-12-01 01:14 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\SQLite.Interop.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [10350]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-2286517863-2150365057-2533688822-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=DCTE
HKU\S-1-5-21-2286517863-2150365057-2533688822-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-2286517863-2150365057-2533688822-1001 -> DefaultScope {15C82995-2369-4404-984A-9576E2D3C343} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_271\bin\ssv.dll [2020-12-31] (Oracle America, Inc. -> Oracle Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2021-05-13] (McAfee, LLC -> McAfee, LLC)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-12-31] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2021-05-13] (McAfee, LLC -> McAfee, LLC)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-05-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-05-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-05-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-05-03] (Microsoft Corporation -> Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2021-03-31] (McAfee, LLC -> McAfee, LLC)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2021-03-31] (McAfee, LLC -> McAfee, LLC)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 05:14 - 2021-05-07 23:08 - 000002103 _____ C:\Windows\system32\drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2286517863-2150365057-2533688822-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AADB3BDA-47A7-4FCE-84A1-15E474471567}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{6EA9F8DF-6BBC-45CD-A651-CE78E8ED6BFE}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{BA1B2C0E-74A1-458B-BA7F-C990B1E2C68E}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{05E29072-3BD5-454F-8A3B-5CE4836FA682}] => (Allow) C:\Users\Yroqu\Downloads\New folder\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{505E2E39-80C9-4745-BED4-37144C58808B}] => (Allow) C:\Users\Yroqu\Downloads\New folder\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{15FB5D3E-2231-4898-8CF9-D15CEA11CD20}] => (Allow) C:\Users\Yroqu\Downloads\New folder\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{3270F932-83A3-4586-8308-1F7D30970A25}] => (Allow) C:\Users\Yroqu\Downloads\New folder\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{3195C9B9-20D0-4B88-921C-74B54F788E85}] => (Allow) C:\Users\Yroqu\Downloads\New folder\steamapps\common\SCP Secret Laboratory\SCPSL.exe (Hubert Moszka Northwood -> )
FirewallRules: [{92B69DE5-0A5E-4A81-8C7A-1F6D9338CE87}] => (Allow) C:\Users\Yroqu\Downloads\New folder\steamapps\common\SCP Secret Laboratory\SCPSL.exe (Hubert Moszka Northwood -> )
FirewallRules: [{3E20D5D4-7910-4CD3-AE98-610954D40970}] => (Allow) C:\Users\Yroqu\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{ACC7778D-2ABF-4AB5-A0E6-6106BC5667E1}] => (Allow) C:\Users\Yroqu\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{A5DB7D18-EE1F-48D5-A815-FC9127075737}] => (Allow) C:\Users\Yroqu\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{DE47861C-8036-4B9F-9F77-C229566DDF85}] => (Allow) C:\Users\Yroqu\Downloads\New folder\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{1F6157DC-C7BE-4D12-8E7B-BDC20C33BDDC}] => (Allow) C:\Users\Yroqu\Downloads\New folder\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{01D52161-A949-4435-879A-46D7A4CE2D5E}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.2.9771.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
FirewallRules: [{E36426DF-0B4D-4DD5-B77D-ACE9425D1EA6}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.2.9771.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
FirewallRules: [{B620FB00-1642-47AD-9D38-06F3693927C0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C37C5EE8-3C0F-419A-8CE9-B12B52314792}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{17AC03E9-984D-488C-802F-B9DA77F1142D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{20001C66-F51E-41EB-BFC8-A5F78141EAE5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D82A6DC5-7ADC-4FEF-9160-E14D2842A6F7}] => (Allow) C:\Users\Yroqu\Downloads\New folder\steamapps\common\Ultimate Custom Night\Ultimate Custom Night.exe () [File not signed]
FirewallRules: [{7B038D87-632A-4D22-93D3-2C304AB92135}] => (Allow) C:\Users\Yroqu\Downloads\New folder\steamapps\common\Ultimate Custom Night\Ultimate Custom Night.exe () [File not signed]
FirewallRules: [{3B1F4D90-15DB-48E0-BEB5-2CDF0B703AE3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8BF57D3D-D807-4660-A981-D7D859AEDBB8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F5ABDF1C-AD61-4BD4-8C64-99B95ABAF57E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{88BE992A-CC59-4EC7-A954-EFA8CA71EA2A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B063AA04-B713-4D65-ACF6-8E7471ACEA4F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{909C8FFD-60C8-4AC1-8EDB-41A02A69A200}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B142E237-9FD0-4245-8842-517151DEFEA4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3EA8640E-815E-40FF-8CC2-D09213FB20B9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{01E00917-C3A6-4824-A245-857621CE4E0D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{22B57EA1-0704-44BA-B2EC-2E02BCC60F28}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{2F47C3C0-B660-4D64-9D65-086CB4ECCFFF}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.62\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

12-05-2021 11:02:33 Scheduled Checkpoint
12-05-2021 23:27:31 Windows Modules Installer
12-05-2021 23:30:35 Windows Modules Installer
12-05-2021 23:33:11 Windows Modules Installer

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/15/2021 11:58:43 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {5e98eab4-7114-4bdd-8dcb-478d65d27045}

Error: (05/15/2021 11:47:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: javaw.exe, version: 8.0.51.16, time stamp: 0x55763d32
Faulting module name: lwjgl.dll, version: 0.0.0.0, time stamp: 0x5ccf3ab2
Exception code: 0xc0000005
Fault offset: 0x00000000000010ae
Faulting process id: 0x36f4
Faulting application start time: 0x01d74a06312032d5
Faulting application path: C:\Program Files (x86)\Minecraft Launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
Faulting module path: C:\Users\Yroqu\AppData\Roaming\.minecraft\bin\869f-0ff6-14bb-664c\lwjgl.dll
Report Id: 169639a9-46ee-40f5-873f-fa7dd53976f0
Faulting package full name:
Faulting package-relative application ID:

Error: (05/15/2021 10:31:06 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {5e98eab4-7114-4bdd-8dcb-478d65d27045}

Error: (05/15/2021 12:25:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ServiceShell.exe, version: 2.1.0.22, time stamp: 0x60070db7
Faulting module name: KERNELBASE.dll, version: 10.0.19041.964, time stamp: 0x812662a7
Exception code: 0xe0434352
Fault offset: 0x0000000000034b89
Faulting process id: 0x3428
Faulting application start time: 0x01d749a4504ca959
Faulting application path: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 2aa26595-c5c0-456f-88b8-5c1c4899d0f3
Faulting package full name:
Faulting package-relative application ID:

Error: (05/15/2021 12:25:05 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ServiceShell.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.Remoting.RemotingException
at System.IDisposable.Dispose()
at Dell.Asimov.FrameworkCore.ApplicationModel.MarshalTask+<CallActualAsync>d__7`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].MoveNext()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (05/15/2021 11:56:16 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (05/15/2021 11:56:16 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (05/15/2021 11:56:16 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.


System errors:
=============
Error: (05/16/2021 01:17:26 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {338B40F9-9D68-4B53-A793-6B9AA0C5F63B} did not register with DCOM within the required timeout.

Error: (05/15/2021 09:28:17 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {D726464B-98F1-4627-86CD-4A082A1E5307} did not register with DCOM within the required timeout.

Error: (05/15/2021 08:28:16 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {D726464B-98F1-4627-86CD-4A082A1E5307} did not register with DCOM within the required timeout.

Error: (05/15/2021 07:28:16 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {D726464B-98F1-4627-86CD-4A082A1E5307} did not register with DCOM within the required timeout.

Error: (05/15/2021 02:10:29 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {D726464B-98F1-4627-86CD-4A082A1E5307} did not register with DCOM within the required timeout.

Error: (05/15/2021 02:08:29 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {D726464B-98F1-4627-86CD-4A082A1E5307} did not register with DCOM within the required timeout.

Error: (05/15/2021 01:27:28 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {338B40F9-9D68-4B53-A793-6B9AA0C5F63B} did not register with DCOM within the required timeout.

Error: (05/15/2021 12:27:07 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-ML5MUKB)
Description: DCOM got error "1053" attempting to start the service gupdatem with arguments "/comsvc" in order to run the server:
{E225E692-4B47-4777-9BED-4FD7FE257F0E}


CodeIntegrity:
===============
Date: 2021-05-16 03:51:17
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Microsoft signing level requirements.

Date: 2021-05-16 03:51:17
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. 1.5.2 07/30/2020
Motherboard: Dell Inc. 0C8JG6
Processor: Intel(R) Core(TM) i3-10110U CPU @ 2.10GHz
Percentage of memory in use: 85%
Total physical RAM: 8020.93 MB
Available physical RAM: 1125.89 MB
Total Virtual: 14676.93 MB
Available Virtual: 4082.9 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:914.85 GB) (Free:762.99 GB) (Protected) NTFS

\\?\Volume{c372287b-a073-45ae-8840-0fda64092ebd}\ (WINRETOOLS) (Fixed) (Total:0.97 GB) (Free:0.51 GB) NTFS
\\?\Volume{d3d966a7-4a3c-45e5-b169-2c6d9251a530}\ (Image) (Fixed) (Total:14.08 GB) (Free:0.13 GB) NTFS
\\?\Volume{c0a95219-a43f-47de-8387-b5b781ef3a6b}\ (DELLSUPPORT) (Fixed) (Total:1.33 GB) (Free:0.45 GB) NTFS
\\?\Volume{008bdbfd-464a-4334-ab4e-0372e2730029}\ (ESP) (Fixed) (Total:0.14 GB) (Free:0.08 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6FD14D2C)

Partition: GPT.

==================== End of Addition.txt =======================
 
Last edited by a moderator:
struppigel

struppigel

Super Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
667
Step 1: Multiple AVs

Your system has a lot of security software installed, most of which are still actively running in the background.

Having more than one Antivirus product on your system will weaken security and slow down your system. AVs need to deeply ingrain into the system in order to fight malware. This and the fact that they carry malware patterns with them for malware detection makes them look like malware for other AV software. Different AVs may recognize each other as malicious and using them at the same time may have unforseen consequences.

For that reason I want you to decide for one AV product that you will keep. I found these AVs on your system:
  1. Emsisoft
  2. McAfee
  3. AVG
  4. Malwarebytes Antimalware
  5. and always inbuilt: Windows Defender

Please tell me which one of these you want to keep as your AV and uninstall the others.

Step 2: VirusTotal Upload
  • Please go to VirusTotal.com.
  • Click Choose File and locate the following file:
    • C:\Program Files (x86)\GameModernGo\GameModernGo.exe
  • Click Scan it!.
  • If you receive the following notification: File already analysed click Reanalyse.
  • Once the file has been analyzed, copy the page URL at the top of the window and paste in your next reply.

Step 3: Rescan with Farbar Recovery Scan Tool (FRST)
There are some entries in your log that require a re-scan with FRST.
  • Double-Click FRST64.exe to run the programme.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Attach the logs in your next reply.
 
  • Like
Reactions: Nevi, BottledSyrup and upnorth
BottledSyrup

BottledSyrup

Level 1
Thread author
May 10, 2021
21
I am keeping AVG, and I'm still doing the other 2 steps so ill will inform you once I'm done with the other 2
 
  • Like
Reactions: Nevi
BottledSyrup

BottledSyrup

Level 1
Thread author
May 10, 2021
21
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-05-2021
Ran by Yroqu (administrator) on DESKTOP-ML5MUKB (Dell Inc. Inspiron 5490 AIO) (17-05-2021 13:23:19)
Running from C:\Users\Yroqu\Downloads
Loaded Profiles: Yroqu
Platform: Windows 10 Home Version 2004 19041.985 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\Dell\DELLOSD\DellOSDService.exe
() [File not signed] C:\Program Files (x86)\Dell\DELLOSD\MediaButtons.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\avgToolsSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe <3>
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\TuneUp\TuneupSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\TuneUp\TuneupUI.exe <3>
(Dell Inc -> ) C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dell Inc -> Dell INC.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Discord Inc. -> Discord Inc.) C:\Users\Yroqu\AppData\Local\Discord\app-1.0.9001\Discord.exe <6>
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <18>
(INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6ctt\IGCC.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_0b214be229a13e84\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_bfc6bc9032ffdf1f\LMS.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_efb119a73d6b56f6\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_efb119a73d6b56f6\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_577b4722c749a41f\OneApp.IGCC.WinService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_607ab7d80643c793\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_607ab7d80643c793\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_42f9d9bfb72d84cf\RstMwService.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\browserhost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Yroqu\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Yroqu\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Mojang AB -> Mojang) C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe <4>
(OOO Online Center -> Floomby) C:\Program Files (x86)\Floomby\floomby.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Minecraft Launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\SystemIdleCheck.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <3>
(Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe
(Rivet Networks LLC -> DELL) C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe
(Rivet Networks LLC -> Rivet Networks LLC) C:\Program Files\Rivet Networks\SmartByte\RAPS.exe
(Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe
(Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
(Rivet Networks LLC -> Rivet Networks, LLC.) C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe
(Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\IAS\IntelAudioService.exe
(SurfRight B.V. -> SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_b4384d7b6d69cda4\WavesSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_b4384d7b6d69cda4\WavesSysSvc64.exe
Failed to access process -> svchost.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [1093872 2020-04-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Windows\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_b4384d7b6d69cda4\WavesSvc64.exe [1594456 2019-12-13] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [TuneupUI.exe] => C:\Program Files\AVG\TuneUp\TuneupUI.exe [2447104 2021-03-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [166144 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [353408 2021-04-27] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-16] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2286517863-2150365057-2533688822-1001\...\Run: [Steam] => C:\Users\Yroqu\Downloads\New folder\steam.exe [4087528 2021-04-12] (Valve -> Valve Corporation)
HKU\S-1-5-21-2286517863-2150365057-2533688822-1001\...\Run: [Discord] => C:\Users\Yroqu\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2286517863-2150365057-2533688822-1001\...\Run: [Floomby] => C:\Program Files (x86)\Floomby\floomby.exe [4126528 2020-10-27] (OOO Online Center -> Floomby)
HKU\S-1-5-21-2286517863-2150365057-2533688822-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [33029600 2021-05-13] (Epic Games Inc. -> Epic Games, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\90.0.4430.212\Installer\chrmstp.exe [2021-05-12] (Google LLC -> Google LLC)
BootExecute: autocheck autochk * icarus_rvrt.exebootdelete
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1D7DF654-4B66-490C-BCA0-3D2C0B870655} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23103392 2021-04-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {228BA314-2E92-4E3F-B67C-9EBE885E5D15} - System32\Tasks\AVG\AVG TuneUp BugReport => C:\Program Files\AVG\TuneUp\AvBugReport.exe [4665600 2021-03-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) -> --send "dumps|report" --silent --product 74 --programpath "C:\Program Files\AVG\TuneUp\Setup\.." --configpath "C:\Program Files\AVG\TuneUp\Setup" --path "C:\ProgramData\AVG\TuneUp\log" --path "C:\ProgramData\AVG\Icarus\Logs" --guid 726494cb-c045-4ab5-a94a-46fee441fe75
Task: {46F5C027-ACDD-49A5-9887-C8695354CF21} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-11-21] (Google LLC -> Google LLC)
Task: {6E0D4722-42B8-42B9-A338-4D5779635CCA} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [4747008 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {9A17D109-C0EF-4074-AE5D-9215A1107F70} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1821968 2021-04-30] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {ADFC5DBB-DDB9-42AC-B195-241FADB5D3BA} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141152 2021-05-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {B27BA324-DCFE-4FDF-9E12-D784E6DB2C3E} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [95072 2020-08-14] (Rivet Networks LLC -> DELL)
Task: {BDF9F6F8-E6DF-4D94-A454-82045B4F55FC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-11-21] (Google LLC -> Google LLC)
Task: {CF1DF855-CD45-43EB-B526-5AEC0B84E677} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23103392 2021-04-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {DF3B087B-F5A5-4D2F-8C4C-4F64C53D6CA6} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141152 2021-05-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {E8236AB2-4B80-43C3-BB64-7394C02C6ED4} - System32\Tasks\AVG\AVG TuneUp Update => C:\Program Files\Common Files\AVG\Icarus\avg-tu\icarus.exe [5546240 2021-03-08] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {F1ED7AAF-5E8C-4322-A1C0-B1EBDCDE7D5C} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1058336 2021-04-21] (Dell Inc -> Dell Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{289db161-028e-4fa2-9c8b-5f4dd598079d}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Yroqu\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-16]
Edge StartupUrls: Default -> "hxxps://www.searchgoose.com/?path=chrome/newtab&u=88b27879b69dcd52&subid=11118&channel=1"
Edge DefaultSearchURL: Default -> {bing:baseURL}search?q={searchTerms}&{bing:cvid}{google:assistedQueryStats}
Edge Profile: C:\Users\Yroqu\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2021-05-16]
Edge StartupUrls: Profile 1 -> "hxxps://www.searchgoose.com/?path=chrome/newtab&u=88b27879b69dcd52&subid=11118&channel=1"
Edge DefaultSearchURL: Profile 1 -> hxxps://www.search-fine.com/search?subid=11118&u=88b27879b69dcd52&channel=1&keyword={searchTerms}
Edge DefaultSearchKeyword: Profile 1 -> Google
Edge DefaultNewTabURL: Profile 1 -> hxxps://www.searchgoose.com/?path=chrome/newtab&u=88b27879b69dcd52&subid=11118&channel=1
Edge DefaultSuggestURL: Profile 1 -> hxxps://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-12-31] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-12-31] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default [2021-05-17]
CHR DefaultSearchURL: Default -> hxxps://open.scdn.co/cdn/images/icons/Spotify_16.aa3775a0.png
CHR Extension: (Slides) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-21]
CHR Extension: (Docs) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-21]
CHR Extension: (Google Drive) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-21]
CHR Extension: (YouTube) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-21]
CHR Extension: (WasteNoTime) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\enebomhlllfaccbelnjhfgblnalofhch [2020-11-23]
CHR Extension: (Sheets) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-21]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-04-25]
CHR Extension: (Google Docs Offline) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-14]
CHR Extension: (Guardio: Antivirus & Malware Removal) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjfpmkejnolcfklaaddjnckanhhgegla [2021-05-08]
CHR Extension: (Parental Control: Porn Blocker) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmillccnmojidmkhhjngjlalnbhpobcl [2020-11-23]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2021-04-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR Extension: (Spotify) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjibgclleladliembfgfagdaldikeohf [2021-05-03]
CHR Extension: (Gmail) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-21]
CHR Extension: (Chrome Media Router) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-05-03]
CHR Profile: C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\System Profile [2021-05-08]
CHR DefaultSearchKeyword: System Profile -> Google
CHR DefaultNewTabURL: System Profile -> hxxps://www.searchgoose.com/?path=chrome/newtab&u=88b27879b69dcd52&subid=11118&channel=1
CHR DefaultSuggestURL: System Profile -> hxxps://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [607488 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [356608 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [7941688 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109480 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8901968 2021-05-03] (BattlEye Innovations e.K. -> )
R2 CleanupPSvc; C:\Program Files\AVG\TuneUp\TuneupSvc.exe [12421888 2021-03-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8798600 2021-04-28] (Microsoft Corporation -> Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [422128 2021-03-09] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3975712 2021-03-09] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [623136 2021-03-09] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 Dell Digital Delivery Services; C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe [48832 2020-11-19] (Dell Inc -> )
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe [1009264 2021-03-30] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [19128 2021-04-01] (Dell Inc -> Dell INC.)
R2 Dell WMI Service; C:\Program Files (x86)\Dell\DELLOSD\DellOSDService.exe [118784 2019-10-08] () [File not signed]
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38592 2021-01-19] (Dell Inc -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [818304 2021-05-03] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [926176 2021-03-16] (Epic Games Inc. -> Epic Games, Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [151496 2021-05-09] (SurfRight B.V. -> SurfRight B.V.)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [971976 2021-05-13] (McAfee, LLC -> McAfee, LLC)
R2 RAPSService; C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe [64848 2020-08-14] (Rivet Networks LLC -> Rivet Networks, LLC.)
S3 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [64856 2020-08-14] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 SmartByte Analytics Service; C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe [1630576 2020-08-14] (Rivet Networks LLC -> Rivet Networks)
R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2385256 2020-08-14] (Rivet Networks LLC -> Rivet Networks)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39968 2021-04-21] (Dell Inc -> Dell Inc.)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10301672 2021-04-27] (Riot Games, Inc. -> Riot Games, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 GameModernGo; C:\Program Files (x86)\GameModernGo\GameModernGo.exe -system -token 3ee86e [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avgArDisk; C:\Windows\System32\drivers\avgArDisk.sys [35816 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [212344 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriver.sys [365112 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsh.sys [250408 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniv.sys [99384 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgElam; C:\Windows\System32\drivers\avgElam.sys [16816 2021-04-26] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [41432 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [180576 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgNetHub; C:\Windows\System32\drivers\avgNetHub.sys [523032 2021-05-14] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [107920 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [83008 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [850784 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [467840 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [215488 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [327104 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 DDDriver; C:\Windows\System32\drivers\dddriver64Dcsa.sys [42376 2020-10-26] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
R3 SmbCoSvc; C:\Windows\system32\DRIVERS\SmbCo10X64.sys [164424 2020-08-14] (Rivet Networks LLC -> Rivet Networks, LLC.)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [6438816 2021-04-27] (Riot Games, Inc. -> Riot Games, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
U1 avgbdisk; no ImagePath
S4 DBUtilDrv2; \SystemRoot\System32\drivers\DBUtilDrv2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-16 19:52 - 2021-05-16 19:52 - 002299392 _____ (Farbar) C:\Users\Yroqu\Downloads\FRST64 (1).exe
2021-05-16 18:47 - 2021-05-16 20:03 - 000000000 ____D C:\ProgramData\McInstTemp0123521621205266
2021-05-16 03:47 - 2021-05-16 09:13 - 000041387 _____ C:\Users\Yroqu\Downloads\Addition.txt
2021-05-16 03:44 - 2021-05-17 13:25 - 000025886 _____ C:\Users\Yroqu\Downloads\FRST.txt
2021-05-16 03:43 - 2021-05-17 13:24 - 000000000 ____D C:\FRST
2021-05-16 03:42 - 2021-05-16 03:42 - 002299392 _____ (Farbar) C:\Users\Yroqu\Downloads\FRST64.exe
2021-05-16 03:39 - 2021-05-16 03:39 - 000913228 _____ C:\Users\Yroqu\Downloads\BSL_v8.0.01.zip
2021-05-13 00:08 - 2021-05-13 00:08 - 001687040 _____ C:\Windows\system32\libcrypto.dll
2021-05-13 00:07 - 2021-05-13 00:07 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2021-05-13 00:07 - 2021-05-13 00:07 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2021-05-13 00:07 - 2021-05-13 00:07 - 000700928 _____ C:\Windows\system32\FsNVSDeviceSource.dll
2021-05-13 00:06 - 2021-05-13 00:06 - 001314120 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2021-05-13 00:06 - 2021-05-13 00:06 - 001163776 _____ C:\Windows\system32\MBR2GPT.EXE
2021-05-13 00:06 - 2021-05-13 00:06 - 000011351 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-05-13 00:05 - 2021-05-13 00:05 - 001823816 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-05-13 00:05 - 2021-05-13 00:05 - 001393504 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-05-13 00:05 - 2021-05-13 00:05 - 000060928 _____ C:\Windows\system32\runexehelper.exe
2021-05-13 00:04 - 2021-05-13 00:04 - 000165888 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2021-05-13 00:04 - 2021-05-13 00:04 - 000013312 _____ C:\Windows\system32\agentactivationruntimestarter.exe
2021-05-10 21:40 - 2021-05-10 21:40 - 000000000 ____D C:\Windows\pss
2021-05-10 10:22 - 2021-05-10 10:22 - 000000000 ____D C:\AdwCleaner
2021-05-10 10:21 - 2021-05-10 10:21 - 008534696 _____ (Malwarebytes) C:\Users\Yroqu\Downloads\adwcleaner_8.2.exe
2021-05-10 09:28 - 2021-05-10 21:23 - 000000000 ____D C:\EEK
2021-05-10 09:21 - 2021-05-10 09:23 - 285627104 _____ C:\Users\Yroqu\Downloads\EmsisoftEmergencyKit.exe
2021-05-10 09:02 - 2021-05-10 09:02 - 000005422 _____ C:\Windows\system32\.crusader
2021-05-09 21:08 - 2021-05-09 21:08 - 000001968 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2021-05-09 21:08 - 2021-05-09 21:08 - 000001968 _____ C:\ProgramData\Desktop\HitmanPro.lnk
2021-05-09 21:08 - 2021-05-09 21:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2021-05-09 21:08 - 2021-05-09 21:08 - 000000000 ____D C:\Program Files\HitmanPro
2021-05-09 21:07 - 2021-05-10 09:02 - 000000000 ____D C:\ProgramData\HitmanPro
2021-05-09 21:07 - 2021-05-09 21:07 - 011291072 _____ (SurfRight B.V.) C:\Users\Yroqu\Downloads\hitmanpro_x64.exe
2021-05-09 09:51 - 2021-05-13 21:23 - 000000000 ____D C:\Users\Yroqu\AppData\LocalLow\IGDump
2021-05-08 21:03 - 2021-05-08 21:03 - 000000000 ____D C:\Users\Yroqu\AppData\Local\mbam
2021-05-08 21:00 - 2021-05-08 21:00 - 002078632 _____ (Malwarebytes) C:\Users\Yroqu\Downloads\MBSetup.exe
2021-05-08 16:52 - 2021-05-08 16:52 - 000000000 ___SH C:\Users\Public\Shared Files
2021-05-08 16:31 - 2021-05-08 16:31 - 000000000 ____D C:\Users\Yroqu\AppData\Local\DBG
2021-05-08 16:29 - 2021-05-08 16:29 - 000000000 ____D C:\Users\Yroqu\AppData\Local\FortniteGame
2021-05-08 16:29 - 2021-05-08 16:29 - 000000000 ____D C:\Users\Yroqu\AppData\Local\CrashReportClient
2021-05-08 16:29 - 2021-05-08 16:29 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2021-05-03 11:41 - 2021-05-03 11:41 - 000000000 ____D C:\Program Files\Epic Games
2021-05-03 11:27 - 2021-05-08 16:30 - 000000000 ____D C:\Users\Yroqu\AppData\Local\NVIDIA Corporation
2021-05-03 11:21 - 2021-05-03 11:21 - 000000000 ____D C:\Users\Yroqu\AppData\Local\UnrealEngineLauncher
2021-05-03 11:20 - 2021-05-03 11:20 - 000000000 ____D C:\Users\Yroqu\AppData\Local\EpicGamesLauncher
2021-05-03 11:19 - 2021-05-03 11:19 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2021-05-03 11:19 - 2021-05-03 11:19 - 000001258 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2021-05-03 11:19 - 2021-05-03 11:19 - 000001258 _____ C:\ProgramData\Desktop\Epic Games Launcher.lnk
2021-05-03 11:18 - 2021-05-08 16:31 - 000000000 ____D C:\ProgramData\Epic
2021-05-03 11:18 - 2021-05-03 11:22 - 000000000 ____D C:\Program Files (x86)\Epic Games
2021-05-03 11:14 - 2021-05-03 11:15 - 056791040 _____ C:\Users\Yroqu\Downloads\EpicInstaller-12.1.7-fortnite.msi
2021-05-03 07:52 - 2021-05-08 16:29 - 000000000 ____D C:\Users\Yroqu\AppData\Local\UnrealEngine
2021-05-03 07:52 - 2021-05-03 07:52 - 000000000 ____D C:\Users\Yroqu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2021-05-03 07:52 - 2021-05-03 07:52 - 000000000 ____D C:\Users\Yroqu\AppData\Local\VALORANT
2021-05-02 22:09 - 2021-05-16 20:05 - 000000001 _____ C:\Windows\vgkbootstatus.dat
2021-05-02 21:51 - 2021-05-02 21:51 - 000000000 ____D C:\Program Files\Riot Vanguard
2021-05-02 21:47 - 2021-05-02 22:02 - 000001627 _____ C:\Users\Public\Desktop\VALORANT.lnk
2021-05-02 21:47 - 2021-05-02 22:02 - 000001627 _____ C:\ProgramData\Desktop\VALORANT.lnk
2021-05-02 21:47 - 2021-05-02 21:52 - 000000000 ____D C:\Riot Games
2021-05-02 21:47 - 2021-05-02 21:47 - 000000000 ____D C:\Users\Yroqu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Riot Games
2021-05-02 21:47 - 2021-05-02 21:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2021-05-02 21:39 - 2021-05-03 07:58 - 000000000 ____D C:\ProgramData\Riot Games
2021-05-02 21:39 - 2021-05-03 07:51 - 000000000 ____D C:\Users\Yroqu\AppData\Local\Riot Games
2021-05-02 21:37 - 2021-05-02 21:37 - 069069824 _____ (Riot Games, Inc.) C:\Users\Yroqu\Downloads\Install VALORANT.exe
2021-04-26 02:34 - 2021-04-26 02:33 - 000340224 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2021-04-26 02:34 - 2021-04-26 02:33 - 000215488 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2021-04-24 17:01 - 2021-04-24 17:02 - 005924305 _____ C:\Users\Yroqu\Downloads\OptiFine_1.16.5_HD_U_G7.jar
2021-04-21 22:20 - 2021-04-21 22:20 - 000000000 ____D C:\Windows\system32\ICH
2021-04-20 12:04 - 2021-04-20 12:12 - 002450364 _____ C:\Windows\Minidump\042021-55906-01.dmp
2021-04-20 12:04 - 2021-04-20 12:04 - 1866895263 _____ C:\Windows\MEMORY.DMP

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-17 13:26 - 2021-01-08 21:35 - 000000000 ____D C:\Users\Yroqu\AppData\Roaming\discord
2021-05-17 13:12 - 2021-01-08 21:35 - 000000000 ____D C:\Users\Yroqu\AppData\Local\Discord
2021-05-17 13:02 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-17 12:23 - 2020-11-21 22:33 - 000000000 ____D C:\Users\Yroqu\AppData\Roaming\.minecraft
2021-05-17 12:20 - 2020-10-12 10:25 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-05-17 12:06 - 2021-01-01 23:41 - 000004168 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{0A010BB3-7C15-4B98-BCBB-F2AA4421B44E}
2021-05-17 12:05 - 2020-11-23 00:37 - 000004266 _____ C:\Windows\system32\Tasks\Antivirus Emergency Update
2021-05-16 20:44 - 2020-11-21 19:39 - 000000000 ____D C:\Users\Yroqu\Downloads\New folder
2021-05-16 20:27 - 2020-11-10 06:02 - 000000000 ____D C:\Program Files (x86)\Dell Digital Delivery Services
2021-05-16 20:19 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\LiveKernelReports
2021-05-16 20:12 - 2019-12-07 05:13 - 000000000 ____D C:\Windows\INF
2021-05-16 20:08 - 2020-11-21 19:35 - 000000000 ___RD C:\Users\Yroqu\OneDrive
2021-05-16 20:05 - 2020-11-21 19:25 - 000000000 __SHD C:\Users\Yroqu\IntelGraphicsProfiles
2021-05-16 20:04 - 2020-11-23 00:04 - 000000000 ____D C:\ProgramData\AVG
2021-05-16 20:03 - 2020-11-10 06:06 - 000000000 ____D C:\ProgramData\McAfee
2021-05-16 20:03 - 2020-11-10 06:06 - 000000000 ____D C:\Program Files\McAfee
2021-05-16 20:03 - 2020-11-10 05:48 - 000000000 ____D C:\Intel
2021-05-16 20:03 - 2020-10-12 10:25 - 000008192 ___SH C:\DumpStack.log.tmp
2021-05-16 20:03 - 2020-10-12 10:25 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-05-16 20:03 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\ServiceState
2021-05-16 20:02 - 2019-12-07 05:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-05-16 19:51 - 2019-12-07 05:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-05-16 19:50 - 2020-11-21 19:25 - 000000000 ____D C:\Users\Yroqu\AppData\Local\Packages
2021-05-16 19:50 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\AppReadiness
2021-05-16 18:51 - 2019-12-07 05:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2021-05-16 03:39 - 2020-12-10 03:08 - 000002258 _____ C:\Windows\system32\Tasks\SmartByte Telemetry
2021-05-16 03:39 - 2020-12-02 11:32 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software
2021-05-16 03:39 - 2020-11-21 19:35 - 000002862 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2286517863-2150365057-2533688822-1001
2021-05-16 03:39 - 2020-11-21 19:34 - 000003346 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-05-16 03:39 - 2020-11-21 19:34 - 000003122 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-05-16 03:39 - 2020-11-10 06:09 - 000003276 _____ C:\Windows\system32\Tasks\Dell SupportAssistAgent AutoUpdate
2021-05-16 03:39 - 2020-10-12 10:28 - 000003408 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-05-16 03:39 - 2020-10-12 10:28 - 000003184 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-05-15 23:48 - 2020-11-23 17:09 - 000000000 ____D C:\Users\Yroqu\AppData\Local\CrashDumps
2021-05-15 12:05 - 2020-12-02 13:46 - 000749988 _____ C:\Windows\system32\perfh00A.dat
2021-05-15 12:05 - 2020-12-02 13:46 - 000147258 _____ C:\Windows\system32\perfc00A.dat
2021-05-15 12:05 - 2020-10-12 10:33 - 001683676 _____ C:\Windows\system32\PerfStringBackup.INI
2021-05-15 10:45 - 2020-10-12 10:28 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-05-15 10:45 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-14 23:02 - 2020-10-12 10:29 - 000000000 ____D C:\Program Files\Microsoft Office
2021-05-14 19:50 - 2019-12-07 05:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-05-14 19:15 - 2020-11-23 00:37 - 000523032 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNetHub.sys
2021-05-14 19:10 - 2020-10-12 10:25 - 000454288 _____ C:\Windows\system32\FNTCACHE.DAT
2021-05-14 19:08 - 2020-11-21 19:08 - 000000000 ____D C:\Users\Yroqu
2021-05-14 19:05 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2021-05-14 19:05 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-05-14 19:05 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-05-14 19:05 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2021-05-14 19:05 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\es-MX
2021-05-14 19:05 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-05-14 19:05 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SystemResources
2021-05-14 19:04 - 2020-12-02 13:44 - 000000000 ____D C:\Windows\system32\Drivers\es-MX
2021-05-14 19:04 - 2020-12-02 13:44 - 000000000 ____D C:\Windows\es-MX
2021-05-14 19:04 - 2019-12-07 05:50 - 000000000 ____D C:\Windows\system32\OpenSSH
2021-05-14 19:04 - 2019-12-07 05:14 - 000000000 ___RD C:\Windows\PrintDialog
2021-05-14 19:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2021-05-14 19:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2021-05-14 19:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\setup
2021-05-14 19:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\oobe
2021-05-14 19:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\lt-LT
2021-05-14 19:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\es-MX
2021-05-14 19:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\Dism
2021-05-14 19:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\Provisioning
2021-05-14 19:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-05-14 19:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\DiagTrack
2021-05-14 19:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\bcastdvr
2021-05-13 00:25 - 2019-12-07 05:03 - 000000000 ____D C:\Windows\CbsTemp
2021-05-13 00:18 - 2019-12-07 05:52 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll
2021-05-12 23:27 - 2020-11-28 07:48 - 000000000 ____D C:\Windows\system32\MRT
2021-05-12 23:15 - 2020-11-28 07:47 - 132732536 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-05-12 17:05 - 2020-11-21 19:35 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-05-12 17:05 - 2020-11-21 19:35 - 000002208 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-05-12 17:05 - 2020-11-21 19:35 - 000002208 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-05-12 11:02 - 2021-01-08 21:33 - 000000000 ____D C:\Users\Yroqu\AppData\Local\D3DSCache
2021-05-10 09:05 - 2021-03-21 19:05 - 000000000 ____D C:\Users\defaultuser100000.DESKTOP-ML5MUKB
2021-05-10 09:05 - 2021-03-21 19:02 - 000000000 ____D C:\Users\defaultuser100001
2021-05-10 09:05 - 2021-03-21 18:56 - 000000000 ____D C:\Users\defaultuser100000
2021-05-09 08:33 - 2020-11-10 05:59 - 000000000 ____D C:\ProgramData\Package Cache
2021-05-09 07:32 - 2020-12-31 12:47 - 000000000 ____D C:\Program Files (x86)\HolcusTopicalmgiSoft
2021-05-09 07:25 - 2020-12-31 12:50 - 000000000 ____D C:\Users\Yroqu\AppData\Roaming\Digital Protection Services S.R.L
2021-05-09 07:24 - 2021-01-15 09:11 - 000000000 ____D C:\ProgramData\Digital Protection Services S.R.L
2021-05-08 17:40 - 2020-11-21 21:49 - 000000000 ____D C:\Program Files (x86)\Minecraft Launcher
2021-05-08 16:52 - 2019-12-07 05:14 - 000000000 __SHD C:\Users\Public\Libraries
2021-05-08 12:15 - 2020-11-21 19:08 - 000002369 _____ C:\Users\Yroqu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-05-07 23:49 - 2020-11-10 05:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2021-05-07 23:44 - 2020-11-10 05:58 - 000000000 ____D C:\ProgramData\PCDr
2021-05-07 23:43 - 2020-11-10 05:57 - 000000000 ____D C:\Program Files\Dell
2021-05-06 20:04 - 2020-11-21 21:28 - 000000000 ____D C:\Users\Yroqu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2021-04-26 02:33 - 2020-11-23 00:37 - 000850784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2021-04-26 02:33 - 2020-11-23 00:37 - 000467840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2021-04-26 02:33 - 2020-11-23 00:37 - 000365112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriver.sys
2021-04-26 02:33 - 2020-11-23 00:37 - 000327104 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2021-04-26 02:33 - 2020-11-23 00:37 - 000250408 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsh.sys
2021-04-26 02:33 - 2020-11-23 00:37 - 000212344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2021-04-26 02:33 - 2020-11-23 00:37 - 000180576 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2021-04-26 02:33 - 2020-11-23 00:37 - 000107920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2021-04-26 02:33 - 2020-11-23 00:37 - 000099384 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniv.sys
2021-04-26 02:33 - 2020-11-23 00:37 - 000083008 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2021-04-26 02:33 - 2020-11-23 00:37 - 000041432 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgKbd.sys
2021-04-26 02:33 - 2020-11-23 00:37 - 000035816 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArDisk.sys
2021-04-26 02:33 - 2020-11-23 00:37 - 000016816 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgElam.sys
2021-04-23 22:37 - 2020-11-21 21:28 - 000000000 ____D C:\Users\Yroqu\AppData\Local\Roblox
2021-04-22 16:07 - 2020-11-10 06:08 - 000000000 ____D C:\ProgramData\Dell
2021-04-21 13:03 - 2021-01-24 01:25 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-20 12:12 - 2021-03-25 06:09 - 000000000 ____D C:\Windows\Minidump

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 
  • Like
Reactions: Nevi
BottledSyrup

BottledSyrup

Level 1
Thread author
May 10, 2021
21
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-05-2021
Ran by Yroqu (17-05-2021 13:27:53)
Running from C:\Users\Yroqu\Downloads
Windows 10 Home Version 2004 19041.985 (X64) (2020-11-22 00:58:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2286517863-2150365057-2533688822-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2286517863-2150365057-2533688822-503 - Limited - Disabled)
Guest (S-1-5-21-2286517863-2150365057-2533688822-501 - Limited - Disabled)
regia (S-1-5-21-2286517863-2150365057-2533688822-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2286517863-2150365057-2533688822-504 - Limited - Disabled)
Yroqu (S-1-5-21-2286517863-2150365057-2533688822-1001 - Administrator - Enabled) => C:\Users\Yroqu

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 21.3.3174 - AVG Technologies)
AVG TuneUp (HKLM\...\AVG TuneUp) (Version: 21.1.2523.2006 - AVG)
Dell Digital Delivery Services (HKLM-x32\...\{81C48559-E2EB-4F18-9854-51331B9DB552}) (Version: 4.0.70.0 - Dell Inc.)
Dell Mobile Connect Drivers (HKLM\...\{2D27B76E-8FB1-495B-A61D-FB76349E7E36}) (Version: 3.1.9518 - Screenovate Technologies Ltd.)
Dell SupportAssist (HKLM\...\{5106801D-CA18-4173-85B9-D74C33358F7F}) (Version: 3.9.0.234 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{900D0BCD-0B86-4DAA-B639-89BE70449569}) (Version: 5.4.1.14954 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{ec40a028-983b-4213-af2c-77ed6f6fe1d5}) (Version: 5.4.1.14954 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{E9E87628-7D88-4557-9A80-49B2B4A81460}) (Version: 5.4.1.14954 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{ef6a1215-d616-4e4f-9453-525ed9903031}) (Version: 5.4.1.14954 - Dell Inc.)
Dell Update for Windows 10 (HKLM\...\{41D2D254-D869-4CD8-B440-5DF49083C4BA}) (Version: 4.1.0 - Dell Inc.)
DELLOSD (HKLM-x32\...\{437102ED-22A2-4C3D-BA6B-E5ECAE798DFA}) (Version: 1.0.3.0 - DELL)
Discord (HKU\S-1-5-21-2286517863-2150365057-2533688822-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Dynamic Application Loader Host Interface Service (HKLM\...\{B2B50A9C-3A65-4BDC-AA76-5D7537D8A7D1}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Epic Games Launcher (HKLM-x32\...\{A7BBC0A6-3DB0-41CC-BCED-DDFC5D4F3060}) (Version: 1.2.17.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{0B736177-814A-4ADE-81D1-66A0FDD55BB4}) (Version: 1.1.11.0 - Epic Games, Inc.)
Floomby (HKU\S-1-5-21-2286517863-2150365057-2533688822-1001\...\Floomby) (Version: - Online Center ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.212 - Google LLC)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.22.316 - SurfRight B.V.)
Intel(R) Chipset Device Software (HKLM-x32\...\{4551f75f-3c54-4f09-8221-8c8a061bad00}) (Version: 10.1.18019.8144 - Intel(R) Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1937.14.0.1350 - Intel Corporation)
Java 8 Update 271 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13929.20372 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.62 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 90.0.818.62 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2286517863-2150365057-2533688822-1001\...\OneDriveSetup.exe) (Version: 21.073.0411.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{27B34E47-68AE-4802-822A-9F0C187AF84A}) (Version: 1.0.0.0 - Mojang)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.9.1 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13929.20372 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13929.20372 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13929.20372 - Microsoft Corporation) Hidden
OneUpdater (HKU\S-1-5-21-2286517863-2150365057-2533688822-1001\...\OneUpdater) (Version: 1.0.0.1 - Clalon Albidus Team)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8929.1 - Realtek Semiconductor Corp.)
Realtek PC Camera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.17763.20082 - Realtek Semiconductor Corp.)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.)
Roblox Player for Yroqu (HKU\S-1-5-21-2286517863-2150365057-2533688822-1001\...\roblox-player) (Version: - Roblox Corporation)
SmartByte Drivers and Services (HKLM\...\{9668B1BB-D0FE-4C0C-800C-B1555E069A62}) (Version: 3.1.940 - Rivet Networks)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
VALORANT (HKU\S-1-5-21-2286517863-2150365057-2533688822-1001\...\Riot Game valorant.live) (Version: - Riot Games, Inc)
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.590 - McAfee, LLC)
Zoom (HKU\S-1-5-21-2286517863-2150365057-2533688822-1001\...\ZoomUMX) (Version: 5.4.3 (58891.1115) - Zoom Video Communications, Inc.)

Packages:
=========
Dell Cinema Guide -> C:\Program Files\WindowsApps\DellInc.DellCinemaGuide_1.0.49.0_x64__htrsf667h5kn2 [2020-11-24] (Dell Inc)
Dell CinemaColor -> C:\Program Files\WindowsApps\PortraitDisplays.DellCinemaColor_2.2.22.0_x64__2dgmkzkw4h30c [2020-11-24] (Portrait Displays)
Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.2.52.0_x64__htrsf667h5kn2 [2021-04-12] (Dell Inc)
Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_4.0.70.0_x64__htrsf667h5kn2 [2021-02-25] (Dell Inc)
Dell Mobile Connect -> C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.2.9771.0_x64__0vhbc3ng4wbp0 [2021-01-24] (Screenovate Technologies) [Startup Task]
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.9.11.0_x64__htrsf667h5kn2 [2021-05-14] (Dell Inc)
Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_4.1.15.0_x86__htrsf667h5kn2 [2021-02-11] (Dell Inc)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96 [2020-11-24] (Dropbox Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_127.1.115.0_x64__v10z8vjag6ke6 [2021-05-11] (HP Inc.)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6ctt [2021-05-14] (INTEL CORP) [Startup Task]
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1015.0_x64__8j3eq9eme6ctt [2021-03-13] (INTEL CORP)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.5060.0_x64__8wekyb3d8bbwe [2021-05-10] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2020-05-05] (Microsoft Corporation)
My Dell -> C:\Program Files\WindowsApps\DellInc.MyDell_1.8.40.0_x64__htrsf667h5kn2 [2021-05-08] (Dell Inc)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-11-24] (Netflix, Inc.)
Partner Promo -> C:\Program Files\WindowsApps\DellInc.PartnerPromo_1.0.21.0_x64__htrsf667h5kn2 [2020-11-10] (Dell Inc)
SmartByte -> C:\Program Files\WindowsApps\RivetNetworks.SmartByte_3.1.970.0_x64__rh07ty8m5nkag [2021-05-06] (Rivet Networks LLC)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0 [2021-04-30] (Spotify AB) [Startup Task]
Waves MaxxAudio Pro for Dell 2019 -> C:\Program Files\WindowsApps\WavesAudio.MaxxAudioProforDell2019_2.0.54.0_x64__fh4rh281wavaa [2020-11-10] (Waves Audio)
Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2020-12-24] (Microsoft Corporation) [MS Ad]
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2020-12-07] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2286517863-2150365057-2533688822-1001_Classes\CLSID\{0BAD39CB-DD3E-4F21-9156-649B0156C28E}\localserver32 -> C:\Windows\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_b4384d7b6d69cda4\WavesSvc64.exe (Waves Inc -> Waves Audio Ltd.)
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b31ddd6f2a24807e\OptaneShellExt.dll [2021-02-09] (Intel(R) Rapid Storage Technology -> )
ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2020-11-01] (Notepad++ -> )
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b31ddd6f2a24807e\OptaneShellExt.dll [2021-02-09] (Intel(R) Rapid Storage Technology -> )
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Yroqu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Spotify.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=pjibgclleladliembfgfagdaldikeohf
ShortcutWithArgument: C:\Users\Yroqu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Spotify.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=pjibgclleladliembfgfagdaldikeohf

==================== Loaded Modules (Whitelisted) =============

2020-11-19 14:12 - 2020-11-19 14:12 - 000019456 _____ () [File not signed] C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.HSA.Server.dll
2017-03-08 05:13 - 2017-03-08 05:13 - 000491520 _____ () [File not signed] C:\Program Files (x86)\Floomby\graphin.dll
2021-05-17 12:24 - 2019-05-02 20:41 - 000355840 ____N () [File not signed] C:\Users\Yroqu\AppData\Roaming\.minecraft\bin\10cd-8443-b819-50ee\glfw.dll
2021-05-17 12:24 - 2019-05-05 21:59 - 000254464 ____N () [File not signed] C:\Users\Yroqu\AppData\Roaming\.minecraft\bin\10cd-8443-b819-50ee\jemalloc.dll
2021-05-17 12:24 - 2019-05-05 22:35 - 000449536 ____N () [File not signed] C:\Users\Yroqu\AppData\Roaming\.minecraft\bin\10cd-8443-b819-50ee\lwjgl.dll
2021-05-17 12:24 - 2019-05-05 22:35 - 000341504 ____N () [File not signed] C:\Users\Yroqu\AppData\Roaming\.minecraft\bin\10cd-8443-b819-50ee\lwjgl_opengl.dll
2021-05-17 12:24 - 2019-05-05 22:36 - 000500224 ____N () [File not signed] C:\Users\Yroqu\AppData\Roaming\.minecraft\bin\10cd-8443-b819-50ee\lwjgl_stb.dll
2021-05-17 12:24 - 2019-05-04 18:56 - 001096192 ____N () [File not signed] C:\Users\Yroqu\AppData\Roaming\.minecraft\bin\10cd-8443-b819-50ee\OpenAL.dll
2021-05-17 12:24 - 2019-04-08 10:33 - 000085504 ____N () [File not signed] C:\Users\Yroqu\AppData\Roaming\.minecraft\bin\10cd-8443-b819-50ee\SAPIWrapper_x64.dll
2021-05-08 00:00 - 2021-05-08 00:00 - 042557440 _____ (Intel Corporation) [File not signed] C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6ctt\IGCC.dll
2021-05-17 12:24 - 2021-05-17 12:24 - 000245760 ____N (Java(TM) Native Access (JNA)) [File not signed] C:\Users\Yroqu\AppData\Local\Temp\jna-85699834\jna7385976278693796627.dll
2020-08-14 22:29 - 2020-08-14 22:29 - 000122880 _____ (Rivet Networks) [File not signed] C:\Program Files\Rivet Networks\SmartByte\KillerNetworkServicePS.dll
2020-12-01 01:14 - 2020-12-01 01:14 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\SQLite.Interop.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [10350]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-2286517863-2150365057-2533688822-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=DCTE
HKU\S-1-5-21-2286517863-2150365057-2533688822-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-2286517863-2150365057-2533688822-1001 -> DefaultScope {15C82995-2369-4404-984A-9576E2D3C343} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_271\bin\ssv.dll [2020-12-31] (Oracle America, Inc. -> Oracle Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2021-05-13] (McAfee, LLC -> McAfee, LLC)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-12-31] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2021-05-13] (McAfee, LLC -> McAfee, LLC)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-05-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-05-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-05-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-05-03] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 05:14 - 2021-05-07 23:08 - 000002103 _____ C:\Windows\system32\drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2286517863-2150365057-2533688822-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{05E29072-3BD5-454F-8A3B-5CE4836FA682}] => (Allow) C:\Users\Yroqu\Downloads\New folder\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{505E2E39-80C9-4745-BED4-37144C58808B}] => (Allow) C:\Users\Yroqu\Downloads\New folder\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{15FB5D3E-2231-4898-8CF9-D15CEA11CD20}] => (Allow) C:\Users\Yroqu\Downloads\New folder\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{3270F932-83A3-4586-8308-1F7D30970A25}] => (Allow) C:\Users\Yroqu\Downloads\New folder\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{3195C9B9-20D0-4B88-921C-74B54F788E85}] => (Allow) C:\Users\Yroqu\Downloads\New folder\steamapps\common\SCP Secret Laboratory\SCPSL.exe (Hubert Moszka Northwood -> )
FirewallRules: [{92B69DE5-0A5E-4A81-8C7A-1F6D9338CE87}] => (Allow) C:\Users\Yroqu\Downloads\New folder\steamapps\common\SCP Secret Laboratory\SCPSL.exe (Hubert Moszka Northwood -> )
FirewallRules: [{3E20D5D4-7910-4CD3-AE98-610954D40970}] => (Allow) C:\Users\Yroqu\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{ACC7778D-2ABF-4AB5-A0E6-6106BC5667E1}] => (Allow) C:\Users\Yroqu\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{A5DB7D18-EE1F-48D5-A815-FC9127075737}] => (Allow) C:\Users\Yroqu\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{DE47861C-8036-4B9F-9F77-C229566DDF85}] => (Allow) C:\Users\Yroqu\Downloads\New folder\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{1F6157DC-C7BE-4D12-8E7B-BDC20C33BDDC}] => (Allow) C:\Users\Yroqu\Downloads\New folder\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{01D52161-A949-4435-879A-46D7A4CE2D5E}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.2.9771.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
FirewallRules: [{E36426DF-0B4D-4DD5-B77D-ACE9425D1EA6}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.2.9771.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
FirewallRules: [{B620FB00-1642-47AD-9D38-06F3693927C0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C37C5EE8-3C0F-419A-8CE9-B12B52314792}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{17AC03E9-984D-488C-802F-B9DA77F1142D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{20001C66-F51E-41EB-BFC8-A5F78141EAE5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D82A6DC5-7ADC-4FEF-9160-E14D2842A6F7}] => (Allow) C:\Users\Yroqu\Downloads\New folder\steamapps\common\Ultimate Custom Night\Ultimate Custom Night.exe () [File not signed]
FirewallRules: [{7B038D87-632A-4D22-93D3-2C304AB92135}] => (Allow) C:\Users\Yroqu\Downloads\New folder\steamapps\common\Ultimate Custom Night\Ultimate Custom Night.exe () [File not signed]
FirewallRules: [{3B1F4D90-15DB-48E0-BEB5-2CDF0B703AE3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8BF57D3D-D807-4660-A981-D7D859AEDBB8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F5ABDF1C-AD61-4BD4-8C64-99B95ABAF57E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{88BE992A-CC59-4EC7-A954-EFA8CA71EA2A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B063AA04-B713-4D65-ACF6-8E7471ACEA4F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{909C8FFD-60C8-4AC1-8EDB-41A02A69A200}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B142E237-9FD0-4245-8842-517151DEFEA4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3EA8640E-815E-40FF-8CC2-D09213FB20B9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{01E00917-C3A6-4824-A245-857621CE4E0D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{22B57EA1-0704-44BA-B2EC-2E02BCC60F28}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{2F47C3C0-B660-4D64-9D65-086CB4ECCFFF}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.62\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{8D7371F4-C742-407F-86EB-FDD0007E4DF7}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{EF51B22C-6AAA-45D5-B43C-9234B9B61340}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe

==================== Restore Points =========================

12-05-2021 11:02:33 Scheduled Checkpoint
12-05-2021 23:27:31 Windows Modules Installer
12-05-2021 23:30:35 Windows Modules Installer
12-05-2021 23:33:11 Windows Modules Installer
16-05-2021 18:03:10 Removed Emsisoft Anti-Malware

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/17/2021 04:01:24 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {67121103-a065-410c-a2a1-b5c99f269096}

Error: (05/16/2021 11:55:42 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {67121103-a065-410c-a2a1-b5c99f269096}

Error: (05/16/2021 08:25:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program svchost.exe version 10.0.19041.546 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: d70

Start Time: 01d74ab010992ffd

Termination Time: 4294967295

Application Path: C:\Windows\System32\svchost.exe

Report Id: 0c788b2f-9910-4230-a935-22c326dd567f

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (05/16/2021 08:18:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ServiceShell.exe, version: 2.1.0.22, time stamp: 0x60070db7
Faulting module name: KERNELBASE.dll, version: 10.0.19041.964, time stamp: 0x812662a7
Exception code: 0xe0434352
Fault offset: 0x0000000000034b89
Faulting process id: 0x22a0
Faulting application start time: 0x01d74ab0dd492622
Faulting application path: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 599901fa-33a4-4a41-9777-74d467ae0134
Faulting package full name:
Faulting package-relative application ID:

Error: (05/16/2021 08:18:11 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ServiceShell.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.Remoting.RemotingException
at System.IDisposable.Dispose()
at Dell.Asimov.FrameworkCore.ApplicationModel.MarshalTask+<CallActualAsync>d__7`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].MoveNext()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (05/16/2021 08:14:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Cortana.exe version 2.2103.17603.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 20f4

Start Time: 01d74ab09cdd4fd1

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2103.17603.0_x64__8wekyb3d8bbwe\Cortana.exe

Report Id: 2e48cae8-171a-40b8-8905-63b2648b6e09

Faulting package full name: Microsoft.549981C3F5F10_2.2103.17603.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: App

Hang type: Quiesce

Error: (05/16/2021 03:57:30 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program StartMenuExperienceHost.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 4404

Start Time: 01d74a28d28d245b

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

Report Id: 41ecc62a-ca14-4d56-af4e-7fce51fdf9c1

Faulting package full name: Microsoft.Windows.StartMenuExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: App

Hang type: Activation

Error: (05/16/2021 03:55:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program StartMenuExperienceHost.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2fac

Start Time: 01d749a3ce1dc3a5

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

Report Id: 6460a161-8b5f-4f8f-b5fc-7ff5ae41e0e0

Faulting package full name: Microsoft.Windows.StartMenuExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: App

Hang type: Quiesce


System errors:
=============
Error: (05/17/2021 11:10:22 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {D726464B-98F1-4627-86CD-4A082A1E5307} did not register with DCOM within the required timeout.

Error: (05/17/2021 10:10:11 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {D726464B-98F1-4627-86CD-4A082A1E5307} did not register with DCOM within the required timeout.

Error: (05/17/2021 09:10:11 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {D726464B-98F1-4627-86CD-4A082A1E5307} did not register with DCOM within the required timeout.

Error: (05/17/2021 08:10:10 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {D726464B-98F1-4627-86CD-4A082A1E5307} did not register with DCOM within the required timeout.

Error: (05/17/2021 07:10:10 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {D726464B-98F1-4627-86CD-4A082A1E5307} did not register with DCOM within the required timeout.

Error: (05/17/2021 06:10:09 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {D726464B-98F1-4627-86CD-4A082A1E5307} did not register with DCOM within the required timeout.

Error: (05/17/2021 06:09:11 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {338B40F9-9D68-4B53-A793-6B9AA0C5F63B} did not register with DCOM within the required timeout.

Error: (05/17/2021 05:10:09 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {D726464B-98F1-4627-86CD-4A082A1E5307} did not register with DCOM within the required timeout.


CodeIntegrity:
===============
Date: 2021-05-17 13:30:41
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. 1.5.2 07/30/2020
Motherboard: Dell Inc. 0C8JG6
Processor: Intel(R) Core(TM) i3-10110U CPU @ 2.10GHz
Percentage of memory in use: 88%
Total physical RAM: 8020.93 MB
Available physical RAM: 944.49 MB
Total Virtual: 14676.93 MB
Available Virtual: 3004.97 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:914.85 GB) (Free:751.37 GB) (Protected) NTFS

\\?\Volume{c372287b-a073-45ae-8840-0fda64092ebd}\ (WINRETOOLS) (Fixed) (Total:0.97 GB) (Free:0.51 GB) NTFS
\\?\Volume{d3d966a7-4a3c-45e5-b169-2c6d9251a530}\ (Image) (Fixed) (Total:14.08 GB) (Free:0.13 GB) NTFS
\\?\Volume{c0a95219-a43f-47de-8387-b5b781ef3a6b}\ (DELLSUPPORT) (Fixed) (Total:1.33 GB) (Free:0.45 GB) NTFS
\\?\Volume{008bdbfd-464a-4334-ab4e-0372e2730029}\ (ESP) (Fixed) (Total:0.14 GB) (Free:0.08 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6FD14D2C)

Partition: GPT.

==================== End of Addition.txt =======================
 
  • Like
Reactions: Nevi
BottledSyrup

BottledSyrup

Level 1
Thread author
May 10, 2021
21
Also I've noticed around the txts, and searchgoose also appears on microsoft edge. Does this process also remove it from edge?
 
  • Like
Reactions: Nevi
struppigel

struppigel

Super Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
667
Step 1: Uninstall Software
  • Press the Windows Key
    vQQ9ew4.png
    + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programs, right-click and click Uninstall.
    • Webadvisor McAfee
    • OneUpdater
  • Follow the prompts.
  • Note: If you are offered the choice to install additional software, ensure you decline.
  • Reboot if necessary.

Step 2: Remove Chrome Extension
  • Please open Chrome.
  • Enter the following line into the address bar
    chrome://extensions/
  • For the following extensions click the button Remove and follow the prompts
    • AVG Web TuneUp
    • Webadvisor McAfee (if it still exists)

Step 3: Farbar Recovery Scan Tool (FRST) Script
  • Download the attached fixlist.txt
  • Important: The file must be saved in the same location as FRST64.exe.
NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.
  • Double-click FRST64.exe to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Attach the log to your next reply.
 

Attachments

  • fixlist.txt
    1.7 KB · Views: 2
  • Like
Reactions: Nevi
BottledSyrup

BottledSyrup

Level 1
Thread author
May 10, 2021
21
Fix result of Farbar Recovery Scan Tool (x64) Version: 15-05-2021
Ran by Yroqu (18-05-2021 20:02:49) Run:1
Running from C:\Users\Yroqu\Downloads
Loaded Profiles: Yroqu
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
2021-05-16 20:03 - 2020-11-10 06:06 - 000000000 ____D C:\ProgramData\McAfee
2021-05-16 20:03 - 2020-11-10 06:06 - 000000000 ____D C:\Program Files\McAfee
C:\Program Files\McAfee\WebAdvisor
VirusTotal: C:\Users\Yroqu\Downloads\New folder\steam.exe
VirusTotal: C:\Program Files (x86)\GameModernGo\GameModernGo.exe
Folder: C:\ProgramData\McInstTemp0123521621205266
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Edge StartupUrls: Default -> "hxxps://www.searchgoose.com/?path=chrome/newtab&u=88b27879b69dcd52&subid=11118&channel=1"
Edge DefaultSearchURL: Default -> {bing:baseURL}search?q={searchTerms}&{bing:cvid}{google:assistedQueryStats}
Edge StartupUrls: Profile 1 -> "hxxps://www.searchgoose.com/?path=chrome/newtab&u=88b27879b69dcd52&subid=11118&channel=1"
Edge DefaultSearchURL: Profile 1 -> hxxps://www.search-fine.com/search?subid=11118&u=88b27879b69dcd52&channel=1&keyword={searchTerms}
Edge DefaultNewTabURL: Profile 1 -> hxxps://www.searchgoose.com/?path=chrome/newtab&u=88b27879b69dcd52&subid=11118&channel=1
Edge DefaultSuggestURL: Profile 1 -> hxxps://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316
C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjfpmkejnolcfklaaddjnckanhhgegla [2021-05-08]
CHR DefaultNewTabURL: System Profile -> hxxps://www.searchgoose.com/?path=chrome/newtab&u=88b27879b69dcd52&subid=11118&channel=1
CHR DefaultSuggestURL: System Profile -> hxxps://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316
S2 GameModernGo; C:\Program Files (x86)\GameModernGo\GameModernGo.exe -system -token 3ee86e [X]
C:\Program Files (x86)\GameModernGo
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
"C:\ProgramData\McAfee" => not found
C:\Program Files\McAfee => moved successfully
"C:\Program Files\McAfee\WebAdvisor" => not found
VirusTotal: C:\Users\Yroqu\Downloads\New folder\steam.exe => VirusTotal
"VirusTotal: C:\Program Files (x86)\GameModernGo\GameModernGo.exe" => not found

========================= Folder: C:\ProgramData\McInstTemp0123521621205266 ========================

2021-05-16 18:47 - 2021-03-31 17:13 - 000854808 ____A [C3EDEE82CE42CAD99871334594A3AD92] (McAfee, LLC) C:\ProgramData\McInstTemp0123521621205266\McInst.exe

====== End of Folder: ======

HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"Edge StartupUrls" => removed successfully
"Edge DefaultSearchURL" => removed successfully
"Edge StartupUrls" => removed successfully
"Edge DefaultSearchURL" => removed successfully
"Edge DefaultNewTabURL" => removed successfully
"Edge DefaultSuggestURL" => removed successfully
"C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjfpmkejnolcfklaaddjnckanhhgegla [2021-05-08]" => not found
"Chrome DefaultNewTabURL" => removed successfully
"Chrome DefaultSuggestURL" => removed successfully
HKLM\System\CurrentControlSet\Services\GameModernGo => removed successfully
GameModernGo => service removed successfully
C:\Program Files (x86)\GameModernGo => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 120630997 B
Java, Flash, Steam htmlcache => 305316691 B
Windows/system/drivers => 455171019 B
Edge => 0 B
Chrome => 492840462 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 77520130 B
systemprofile32 => 77520130 B
LocalService => 79068488 B
NetworkService => 79085924 B
Yroqu => 845644046 B
defaultuser100000 => 845651214 B
defaultuser100001 => 846642176 B
defaultuser100000.DESKTOP-ML5MUKB => 847640306 B

RecycleBin => 787040882 B
EmptyTemp: => 5.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:07:48 ====
 
  • Like
Reactions: Nevi
BottledSyrup

BottledSyrup

Level 1
Thread author
May 10, 2021
21
Also does this process also remove search fine and and securesearch, because those 2 still appear visible in a new browser
 
  • Like
Reactions: Nevi
struppigel

struppigel

Super Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
667
Step 1: Browser Reset

Before proceeding, please refer to the following instructions on how you can backup your Favourites/Bookmarks.
Using the relevant instructions below, please reset your installed browsers.
As Internet Explorer and Edge are an integral part of Windows, please ensure you reset these browser regardless of whether you use them or not.

Please restart your system before proceeding to Step 2

Step 2: Re-Scan with Farbar Recovery Scan Tool (FRST)
  • Double-Click FRST64.exe to run the programme.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Attach the logs in your next reply.

Also does this process also remove search fine and and securesearch, because those 2 still appear visible in a new browser
Click to expand...

It should. Please let me know if they are still there after reboot.
 
  • Like
Reactions: Nevi
BottledSyrup

BottledSyrup

Level 1
Thread author
May 10, 2021
21
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2021
Ran by Yroqu (administrator) on DESKTOP-ML5MUKB (Dell Inc. Inspiron 5490 AIO) (19-05-2021 15:58:29)
Running from C:\Users\Yroqu\Downloads
Loaded Profiles: Yroqu
Platform: Windows 10 Home Version 2004 19041.985 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\Dell\DELLOSD\DellOSDService.exe
() [File not signed] C:\Program Files (x86)\Dell\DELLOSD\MediaButtons.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\avgToolsSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe <3>
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\TuneUp\TuneupSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\TuneUp\TuneupUI.exe <3>
(Dell Inc -> ) C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dell Inc -> Dell INC.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Discord Inc. -> Discord Inc.) C:\Users\Yroqu\AppData\Local\Discord\app-1.0.9001\Discord.exe <6>
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <10>
(INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6ctt\IGCC.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_0b214be229a13e84\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_bfc6bc9032ffdf1f\LMS.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_efb119a73d6b56f6\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_efb119a73d6b56f6\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_607ab7d80643c793\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_607ab7d80643c793\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_42f9d9bfb72d84cf\RstMwService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Yroqu\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2103.17603.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(OOO Online Center -> Floomby) C:\Program Files (x86)\Floomby\floomby.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <3>
(Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe
(Rivet Networks LLC -> DELL) C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe
(Rivet Networks LLC -> Rivet Networks LLC) C:\Program Files\Rivet Networks\SmartByte\RAPS.exe
(Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe
(Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
(Rivet Networks LLC -> Rivet Networks, LLC.) C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe
(SurfRight B.V. -> SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_b4384d7b6d69cda4\WavesSvc64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [1093872 2020-04-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Windows\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_b4384d7b6d69cda4\WavesSvc64.exe [1594456 2019-12-13] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [TuneupUI.exe] => C:\Program Files\AVG\TuneUp\TuneupUI.exe [2447104 2021-03-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [166144 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [353408 2021-04-27] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-16] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2286517863-2150365057-2533688822-1001\...\Run: [Steam] => C:\Users\Yroqu\Downloads\New folder\steam.exe [4087528 2021-04-12] (Valve -> Valve Corporation)
HKU\S-1-5-21-2286517863-2150365057-2533688822-1001\...\Run: [Discord] => C:\Users\Yroqu\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2286517863-2150365057-2533688822-1001\...\Run: [Floomby] => C:\Program Files (x86)\Floomby\floomby.exe [4126528 2020-10-27] (OOO Online Center -> Floomby)
HKU\S-1-5-21-2286517863-2150365057-2533688822-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [33029600 2021-05-18] (Epic Games Inc. -> Epic Games, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\90.0.4430.212\Installer\chrmstp.exe [2021-05-12] (Google LLC -> Google LLC)
BootExecute: autocheck autochk * icarus_rvrt.exebootdelete
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1D7DF654-4B66-490C-BCA0-3D2C0B870655} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23103392 2021-04-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {228BA314-2E92-4E3F-B67C-9EBE885E5D15} - System32\Tasks\AVG\AVG TuneUp BugReport => C:\Program Files\AVG\TuneUp\AvBugReport.exe [4665600 2021-03-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) -> --send "dumps|report" --silent --product 74 --programpath "C:\Program Files\AVG\TuneUp\Setup\.." --configpath "C:\Program Files\AVG\TuneUp\Setup" --path "C:\ProgramData\AVG\TuneUp\log" --path "C:\ProgramData\AVG\Icarus\Logs" --guid 726494cb-c045-4ab5-a94a-46fee441fe75
Task: {46F5C027-ACDD-49A5-9887-C8695354CF21} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-11-21] (Google LLC -> Google LLC)
Task: {6E0D4722-42B8-42B9-A338-4D5779635CCA} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [4747008 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {9A17D109-C0EF-4074-AE5D-9215A1107F70} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1821968 2021-04-30] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {ADFC5DBB-DDB9-42AC-B195-241FADB5D3BA} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141152 2021-05-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {B27BA324-DCFE-4FDF-9E12-D784E6DB2C3E} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [95072 2020-08-14] (Rivet Networks LLC -> DELL)
Task: {BDF9F6F8-E6DF-4D94-A454-82045B4F55FC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-11-21] (Google LLC -> Google LLC)
Task: {CF1DF855-CD45-43EB-B526-5AEC0B84E677} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23103392 2021-04-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {DF3B087B-F5A5-4D2F-8C4C-4F64C53D6CA6} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141152 2021-05-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {E8236AB2-4B80-43C3-BB64-7394C02C6ED4} - System32\Tasks\AVG\AVG TuneUp Update => C:\Program Files\Common Files\AVG\Icarus\avg-tu\icarus.exe [5546240 2021-03-08] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {F1ED7AAF-5E8C-4322-A1C0-B1EBDCDE7D5C} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1058336 2021-04-21] (Dell Inc -> Dell Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{289db161-028e-4fa2-9c8b-5f4dd598079d}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Yroqu\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-19]
Edge Profile: C:\Users\Yroqu\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2021-05-19]

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-12-31] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-12-31] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default [2021-05-19]
CHR DefaultSearchURL: Default -> hxxps://open.scdn.co/cdn/images/icons/Spotify_16.aa3775a0.png
CHR Extension: (Slides) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-21]
CHR Extension: (Docs) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-21]
CHR Extension: (Google Drive) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-21]
CHR Extension: (YouTube) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-21]
CHR Extension: (WasteNoTime) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\enebomhlllfaccbelnjhfgblnalofhch [2020-11-23]
CHR Extension: (Sheets) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-21]
CHR Extension: (Google Docs Offline) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-14]
CHR Extension: (Guardio: Antivirus & Malware Removal) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjfpmkejnolcfklaaddjnckanhhgegla [2021-05-08]
CHR Extension: (Parental Control: Porn Blocker) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmillccnmojidmkhhjngjlalnbhpobcl [2020-11-23]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2021-04-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR Extension: (Spotify) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjibgclleladliembfgfagdaldikeohf [2021-05-03]
CHR Extension: (Gmail) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-21]
CHR Extension: (Chrome Media Router) - C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-05-03]
CHR Profile: C:\Users\Yroqu\AppData\Local\Google\Chrome\User Data\System Profile [2021-05-18]
CHR DefaultSearchKeyword: System Profile -> Google

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [607488 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [356608 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [7941688 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109480 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8901968 2021-05-03] (BattlEye Innovations e.K. -> )
R2 CleanupPSvc; C:\Program Files\AVG\TuneUp\TuneupSvc.exe [12421888 2021-03-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8798600 2021-04-28] (Microsoft Corporation -> Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [422128 2021-03-09] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3975712 2021-03-09] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [623136 2021-03-09] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 Dell Digital Delivery Services; C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe [48832 2020-11-19] (Dell Inc -> )
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe [1009264 2021-03-30] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [19128 2021-04-01] (Dell Inc -> Dell INC.)
R2 Dell WMI Service; C:\Program Files (x86)\Dell\DELLOSD\DellOSDService.exe [118784 2019-10-08] () [File not signed]
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38592 2021-01-19] (Dell Inc -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [818304 2021-05-03] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [926176 2021-03-16] (Epic Games Inc. -> Epic Games, Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [151496 2021-05-09] (SurfRight B.V. -> SurfRight B.V.)
R2 RAPSService; C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe [64848 2020-08-14] (Rivet Networks LLC -> Rivet Networks, LLC.)
S3 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [64856 2020-08-14] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 SmartByte Analytics Service; C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe [1630576 2020-08-14] (Rivet Networks LLC -> Rivet Networks)
R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2385256 2020-08-14] (Rivet Networks LLC -> Rivet Networks)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39968 2021-04-21] (Dell Inc -> Dell Inc.)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10301672 2021-04-27] (Riot Games, Inc. -> Riot Games, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avgArDisk; C:\Windows\System32\drivers\avgArDisk.sys [35816 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [212344 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriver.sys [365112 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsh.sys [250408 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniv.sys [99384 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgElam; C:\Windows\System32\drivers\avgElam.sys [16816 2021-04-26] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [41432 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [180576 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgNetHub; C:\Windows\System32\drivers\avgNetHub.sys [523032 2021-05-14] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [107920 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [83008 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [850784 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [467840 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [215488 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [327104 2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 DDDriver; C:\Windows\System32\drivers\dddriver64Dcsa.sys [42376 2020-10-26] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
R3 SmbCoSvc; C:\Windows\system32\DRIVERS\SmbCo10X64.sys [164424 2020-08-14] (Rivet Networks LLC -> Rivet Networks, LLC.)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [6438816 2021-04-27] (Riot Games, Inc. -> Riot Games, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
U1 avgbdisk; no ImagePath
S4 DBUtilDrv2; \SystemRoot\System32\drivers\DBUtilDrv2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-19 15:56 - 2021-05-19 15:58 - 000000000 ____D C:\Users\Yroqu\Downloads\FRST-OlderVersion
2021-05-19 14:34 - 2021-05-19 14:34 - 000011336 _____ C:\Users\Yroqu\OneDrive\Documents\BookmarksChrome.html
2021-05-18 20:02 - 2021-05-18 20:07 - 000004467 _____ C:\Users\Yroqu\Downloads\Fixlog.txt
2021-05-18 19:14 - 2021-05-18 19:14 - 000000000 ___HD C:\$AV_AVG
2021-05-16 03:47 - 2021-05-17 13:32 - 000036260 _____ C:\Users\Yroqu\Downloads\Addition.txt
2021-05-16 03:44 - 2021-05-19 16:00 - 000023126 _____ C:\Users\Yroqu\Downloads\FRST.txt
2021-05-16 03:43 - 2021-05-19 15:59 - 000000000 ____D C:\FRST
2021-05-16 03:42 - 2021-05-19 15:56 - 002299904 _____ (Farbar) C:\Users\Yroqu\Downloads\FRST64.exe
2021-05-16 03:39 - 2021-05-16 03:39 - 000913228 _____ C:\Users\Yroqu\Downloads\BSL_v8.0.01.zip
2021-05-13 00:08 - 2021-05-13 00:08 - 001687040 _____ C:\Windows\system32\libcrypto.dll
2021-05-13 00:07 - 2021-05-13 00:07 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2021-05-13 00:07 - 2021-05-13 00:07 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2021-05-13 00:07 - 2021-05-13 00:07 - 000700928 _____ C:\Windows\system32\FsNVSDeviceSource.dll
2021-05-13 00:06 - 2021-05-13 00:06 - 001314120 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2021-05-13 00:06 - 2021-05-13 00:06 - 001163776 _____ C:\Windows\system32\MBR2GPT.EXE
2021-05-13 00:06 - 2021-05-13 00:06 - 000011351 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-05-13 00:05 - 2021-05-13 00:05 - 001823816 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-05-13 00:05 - 2021-05-13 00:05 - 001393504 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-05-13 00:05 - 2021-05-13 00:05 - 000060928 _____ C:\Windows\system32\runexehelper.exe
2021-05-13 00:04 - 2021-05-13 00:04 - 000165888 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2021-05-13 00:04 - 2021-05-13 00:04 - 000013312 _____ C:\Windows\system32\agentactivationruntimestarter.exe
2021-05-10 21:40 - 2021-05-10 21:40 - 000000000 ____D C:\Windows\pss
2021-05-10 10:22 - 2021-05-10 10:22 - 000000000 ____D C:\AdwCleaner
2021-05-10 10:21 - 2021-05-10 10:21 - 008534696 _____ (Malwarebytes) C:\Users\Yroqu\Downloads\adwcleaner_8.2.exe
2021-05-10 09:28 - 2021-05-10 21:23 - 000000000 ____D C:\EEK
2021-05-10 09:21 - 2021-05-10 09:23 - 285627104 _____ C:\Users\Yroqu\Downloads\EmsisoftEmergencyKit.exe
2021-05-10 09:02 - 2021-05-10 09:02 - 000005422 _____ C:\Windows\system32\.crusader
2021-05-09 21:08 - 2021-05-09 21:08 - 000001968 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2021-05-09 21:08 - 2021-05-09 21:08 - 000001968 _____ C:\ProgramData\Desktop\HitmanPro.lnk
2021-05-09 21:08 - 2021-05-09 21:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2021-05-09 21:08 - 2021-05-09 21:08 - 000000000 ____D C:\Program Files\HitmanPro
2021-05-09 21:07 - 2021-05-10 09:02 - 000000000 ____D C:\ProgramData\HitmanPro
2021-05-09 21:07 - 2021-05-09 21:07 - 011291072 _____ (SurfRight B.V.) C:\Users\Yroqu\Downloads\hitmanpro_x64.exe
2021-05-09 09:51 - 2021-05-13 21:23 - 000000000 ____D C:\Users\Yroqu\AppData\LocalLow\IGDump
2021-05-08 21:03 - 2021-05-08 21:03 - 000000000 ____D C:\Users\Yroqu\AppData\Local\mbam
2021-05-08 21:00 - 2021-05-08 21:00 - 002078632 _____ (Malwarebytes) C:\Users\Yroqu\Downloads\MBSetup.exe
2021-05-08 16:52 - 2021-05-08 16:52 - 000000000 ___SH C:\Users\Public\Shared Files
2021-05-08 16:31 - 2021-05-08 16:31 - 000000000 ____D C:\Users\Yroqu\AppData\Local\DBG
2021-05-08 16:29 - 2021-05-08 16:29 - 000000000 ____D C:\Users\Yroqu\AppData\Local\FortniteGame
2021-05-08 16:29 - 2021-05-08 16:29 - 000000000 ____D C:\Users\Yroqu\AppData\Local\CrashReportClient
2021-05-08 16:29 - 2021-05-08 16:29 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2021-05-03 11:41 - 2021-05-03 11:41 - 000000000 ____D C:\Program Files\Epic Games
2021-05-03 11:27 - 2021-05-08 16:30 - 000000000 ____D C:\Users\Yroqu\AppData\Local\NVIDIA Corporation
2021-05-03 11:21 - 2021-05-03 11:21 - 000000000 ____D C:\Users\Yroqu\AppData\Local\UnrealEngineLauncher
2021-05-03 11:20 - 2021-05-03 11:20 - 000000000 ____D C:\Users\Yroqu\AppData\Local\EpicGamesLauncher
2021-05-03 11:19 - 2021-05-03 11:19 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2021-05-03 11:19 - 2021-05-03 11:19 - 000001258 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2021-05-03 11:19 - 2021-05-03 11:19 - 000001258 _____ C:\ProgramData\Desktop\Epic Games Launcher.lnk
2021-05-03 11:18 - 2021-05-08 16:31 - 000000000 ____D C:\ProgramData\Epic
2021-05-03 11:18 - 2021-05-03 11:22 - 000000000 ____D C:\Program Files (x86)\Epic Games
2021-05-03 11:14 - 2021-05-03 11:15 - 056791040 _____ C:\Users\Yroqu\Downloads\EpicInstaller-12.1.7-fortnite.msi
2021-05-03 07:52 - 2021-05-08 16:29 - 000000000 ____D C:\Users\Yroqu\AppData\Local\UnrealEngine
2021-05-03 07:52 - 2021-05-03 07:52 - 000000000 ____D C:\Users\Yroqu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2021-05-03 07:52 - 2021-05-03 07:52 - 000000000 ____D C:\Users\Yroqu\AppData\Local\VALORANT
2021-05-02 22:09 - 2021-05-19 14:40 - 000000001 _____ C:\Windows\vgkbootstatus.dat
2021-05-02 21:51 - 2021-05-02 21:51 - 000000000 ____D C:\Program Files\Riot Vanguard
2021-05-02 21:47 - 2021-05-02 22:02 - 000001627 _____ C:\Users\Public\Desktop\VALORANT.lnk
2021-05-02 21:47 - 2021-05-02 22:02 - 000001627 _____ C:\ProgramData\Desktop\VALORANT.lnk
2021-05-02 21:47 - 2021-05-02 21:52 - 000000000 ____D C:\Riot Games
2021-05-02 21:47 - 2021-05-02 21:47 - 000000000 ____D C:\Users\Yroqu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Riot Games
2021-05-02 21:47 - 2021-05-02 21:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2021-05-02 21:39 - 2021-05-03 07:58 - 000000000 ____D C:\ProgramData\Riot Games
2021-05-02 21:39 - 2021-05-03 07:51 - 000000000 ____D C:\Users\Yroqu\AppData\Local\Riot Games
2021-05-02 21:37 - 2021-05-02 21:37 - 069069824 _____ (Riot Games, Inc.) C:\Users\Yroqu\Downloads\Install VALORANT.exe
2021-04-26 02:34 - 2021-04-26 02:33 - 000340224 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2021-04-26 02:34 - 2021-04-26 02:33 - 000215488 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2021-04-24 17:01 - 2021-04-24 17:02 - 005924305 _____ C:\Users\Yroqu\Downloads\OptiFine_1.16.5_HD_U_G7.jar
2021-04-21 22:20 - 2021-04-21 22:20 - 000000000 ____D C:\Windows\system32\ICH
2021-04-20 12:04 - 2021-04-20 12:12 - 002450364 _____ C:\Windows\Minidump\042021-55906-01.dmp
2021-04-20 12:04 - 2021-04-20 12:04 - 1866895263 _____ C:\Windows\MEMORY.DMP

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-19 15:45 - 2021-01-08 21:35 - 000000000 ____D C:\Users\Yroqu\AppData\Roaming\discord
2021-05-19 15:45 - 2021-01-08 21:35 - 000000000 ____D C:\Users\Yroqu\AppData\Local\Discord
2021-05-19 15:36 - 2021-01-01 23:41 - 000004168 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{0A010BB3-7C15-4B98-BCBB-F2AA4421B44E}
2021-05-19 15:16 - 2020-10-12 10:25 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-05-19 15:05 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-19 15:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\AppReadiness
2021-05-19 15:00 - 2020-11-10 06:02 - 000000000 ____D C:\Program Files (x86)\Dell Digital Delivery Services
2021-05-19 14:47 - 2019-12-07 05:13 - 000000000 ____D C:\Windows\INF
2021-05-19 14:44 - 2020-11-21 19:39 - 000000000 ____D C:\Users\Yroqu\Downloads\New folder
2021-05-19 14:41 - 2020-11-21 19:35 - 000000000 ___RD C:\Users\Yroqu\OneDrive
2021-05-19 14:38 - 2020-11-23 00:04 - 000000000 ____D C:\ProgramData\AVG
2021-05-19 14:38 - 2020-11-21 19:25 - 000000000 __SHD C:\Users\Yroqu\IntelGraphicsProfiles
2021-05-19 14:38 - 2020-11-10 05:48 - 000000000 ____D C:\Intel
2021-05-19 14:38 - 2020-10-12 10:25 - 000008192 ___SH C:\DumpStack.log.tmp
2021-05-19 14:38 - 2020-10-12 10:25 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-05-19 14:38 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\ServiceState
2021-05-19 14:37 - 2019-12-07 05:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-05-19 14:31 - 2020-11-21 22:33 - 000000000 ____D C:\Users\Yroqu\AppData\Roaming\.minecraft
2021-05-18 20:18 - 2020-12-31 12:49 - 000000000 ____D C:\Program Files (x86)\ClalonAlbidus
2021-05-18 19:17 - 2020-11-23 00:37 - 000004266 _____ C:\Windows\system32\Tasks\Antivirus Emergency Update
2021-05-18 13:13 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-16 20:19 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\LiveKernelReports
2021-05-16 19:51 - 2019-12-07 05:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-05-16 19:50 - 2020-11-21 19:25 - 000000000 ____D C:\Users\Yroqu\AppData\Local\Packages
2021-05-16 18:51 - 2019-12-07 05:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2021-05-16 03:39 - 2020-12-10 03:08 - 000002258 _____ C:\Windows\system32\Tasks\SmartByte Telemetry
2021-05-16 03:39 - 2020-12-02 11:32 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software
2021-05-16 03:39 - 2020-11-21 19:35 - 000002862 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2286517863-2150365057-2533688822-1001
2021-05-16 03:39 - 2020-11-21 19:34 - 000003346 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-05-16 03:39 - 2020-11-21 19:34 - 000003122 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-05-16 03:39 - 2020-11-10 06:09 - 000003276 _____ C:\Windows\system32\Tasks\Dell SupportAssistAgent AutoUpdate
2021-05-16 03:39 - 2020-10-12 10:28 - 000003408 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-05-16 03:39 - 2020-10-12 10:28 - 000003184 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-05-15 23:48 - 2020-11-23 17:09 - 000000000 ____D C:\Users\Yroqu\AppData\Local\CrashDumps
2021-05-15 12:05 - 2020-12-02 13:46 - 000749988 _____ C:\Windows\system32\perfh00A.dat
2021-05-15 12:05 - 2020-12-02 13:46 - 000147258 _____ C:\Windows\system32\perfc00A.dat
2021-05-15 12:05 - 2020-10-12 10:33 - 001683676 _____ C:\Windows\system32\PerfStringBackup.INI
2021-05-15 10:45 - 2020-10-12 10:28 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-05-14 23:02 - 2020-10-12 10:29 - 000000000 ____D C:\Program Files\Microsoft Office
2021-05-14 19:50 - 2019-12-07 05:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-05-14 19:15 - 2020-11-23 00:37 - 000523032 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNetHub.sys
2021-05-14 19:10 - 2020-10-12 10:25 - 000454288 _____ C:\Windows\system32\FNTCACHE.DAT
2021-05-14 19:08 - 2020-11-21 19:08 - 000000000 ____D C:\Users\Yroqu
2021-05-14 19:05 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2021-05-14 19:05 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-05-14 19:05 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-05-14 19:05 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2021-05-14 19:05 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\es-MX
2021-05-14 19:05 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-05-14 19:05 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SystemResources
2021-05-14 19:04 - 2020-12-02 13:44 - 000000000 ____D C:\Windows\system32\Drivers\es-MX
2021-05-14 19:04 - 2020-12-02 13:44 - 000000000 ____D C:\Windows\es-MX
2021-05-14 19:04 - 2019-12-07 05:50 - 000000000 ____D C:\Windows\system32\OpenSSH
2021-05-14 19:04 - 2019-12-07 05:14 - 000000000 ___RD C:\Windows\PrintDialog
2021-05-14 19:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2021-05-14 19:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2021-05-14 19:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\setup
2021-05-14 19:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\oobe
2021-05-14 19:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\lt-LT
2021-05-14 19:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\es-MX
2021-05-14 19:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\Dism
2021-05-14 19:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\Provisioning
2021-05-14 19:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-05-14 19:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\DiagTrack
2021-05-14 19:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\bcastdvr
2021-05-13 00:25 - 2019-12-07 05:03 - 000000000 ____D C:\Windows\CbsTemp
2021-05-13 00:18 - 2019-12-07 05:52 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll
2021-05-12 23:27 - 2020-11-28 07:48 - 000000000 ____D C:\Windows\system32\MRT
2021-05-12 23:15 - 2020-11-28 07:47 - 132732536 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-05-12 17:05 - 2020-11-21 19:35 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-05-12 17:05 - 2020-11-21 19:35 - 000002208 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-05-12 17:05 - 2020-11-21 19:35 - 000002208 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-05-12 11:02 - 2021-01-08 21:33 - 000000000 ____D C:\Users\Yroqu\AppData\Local\D3DSCache
2021-05-10 09:05 - 2021-03-21 19:05 - 000000000 ____D C:\Users\defaultuser100000.DESKTOP-ML5MUKB
2021-05-10 09:05 - 2021-03-21 19:02 - 000000000 ____D C:\Users\defaultuser100001
2021-05-10 09:05 - 2021-03-21 18:56 - 000000000 ____D C:\Users\defaultuser100000
2021-05-09 08:33 - 2020-11-10 05:59 - 000000000 ____D C:\ProgramData\Package Cache
2021-05-09 07:32 - 2020-12-31 12:47 - 000000000 ____D C:\Program Files (x86)\HolcusTopicalmgiSoft
2021-05-09 07:25 - 2020-12-31 12:50 - 000000000 ____D C:\Users\Yroqu\AppData\Roaming\Digital Protection Services S.R.L
2021-05-09 07:24 - 2021-01-15 09:11 - 000000000 ____D C:\ProgramData\Digital Protection Services S.R.L
2021-05-08 17:40 - 2020-11-21 21:49 - 000000000 ____D C:\Program Files (x86)\Minecraft Launcher
2021-05-08 16:52 - 2019-12-07 05:14 - 000000000 __SHD C:\Users\Public\Libraries
2021-05-08 12:15 - 2020-11-21 19:08 - 000002369 _____ C:\Users\Yroqu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-05-07 23:49 - 2020-11-10 05:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2021-05-07 23:44 - 2020-11-10 05:58 - 000000000 ____D C:\ProgramData\PCDr
2021-05-07 23:43 - 2020-11-10 05:57 - 000000000 ____D C:\Program Files\Dell
2021-05-06 20:04 - 2020-11-21 21:28 - 000000000 ____D C:\Users\Yroqu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2021-04-26 02:33 - 2020-11-23 00:37 - 000850784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2021-04-26 02:33 - 2020-11-23 00:37 - 000467840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2021-04-26 02:33 - 2020-11-23 00:37 - 000365112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriver.sys
2021-04-26 02:33 - 2020-11-23 00:37 - 000327104 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2021-04-26 02:33 - 2020-11-23 00:37 - 000250408 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsh.sys
2021-04-26 02:33 - 2020-11-23 00:37 - 000212344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2021-04-26 02:33 - 2020-11-23 00:37 - 000180576 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2021-04-26 02:33 - 2020-11-23 00:37 - 000107920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2021-04-26 02:33 - 2020-11-23 00:37 - 000099384 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniv.sys
2021-04-26 02:33 - 2020-11-23 00:37 - 000083008 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2021-04-26 02:33 - 2020-11-23 00:37 - 000041432 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgKbd.sys
2021-04-26 02:33 - 2020-11-23 00:37 - 000035816 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArDisk.sys
2021-04-26 02:33 - 2020-11-23 00:37 - 000016816 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgElam.sys
2021-04-23 22:37 - 2020-11-21 21:28 - 000000000 ____D C:\Users\Yroqu\AppData\Local\Roblox
2021-04-22 16:07 - 2020-11-10 06:08 - 000000000 ____D C:\ProgramData\Dell
2021-04-21 13:03 - 2021-01-24 01:25 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-20 12:12 - 2021-03-25 06:09 - 000000000 ____D C:\Windows\Minidump

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 
  • Like
Reactions: Nevi
BottledSyrup

BottledSyrup

Level 1
Thread author
May 10, 2021
21
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-05-2021
Ran by Yroqu (19-05-2021 16:01:40)
Running from C:\Users\Yroqu\Downloads
Windows 10 Home Version 2004 19041.985 (X64) (2020-11-22 00:58:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2286517863-2150365057-2533688822-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2286517863-2150365057-2533688822-503 - Limited - Disabled)
Guest (S-1-5-21-2286517863-2150365057-2533688822-501 - Limited - Disabled)
regia (S-1-5-21-2286517863-2150365057-2533688822-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2286517863-2150365057-2533688822-504 - Limited - Disabled)
Yroqu (S-1-5-21-2286517863-2150365057-2533688822-1001 - Administrator - Enabled) => C:\Users\Yroqu

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 21.3.3174 - AVG Technologies)
AVG TuneUp (HKLM\...\AVG TuneUp) (Version: 21.1.2523.2006 - AVG)
Dell Digital Delivery Services (HKLM-x32\...\{81C48559-E2EB-4F18-9854-51331B9DB552}) (Version: 4.0.70.0 - Dell Inc.)
Dell Mobile Connect Drivers (HKLM\...\{2D27B76E-8FB1-495B-A61D-FB76349E7E36}) (Version: 3.1.9518 - Screenovate Technologies Ltd.)
Dell SupportAssist (HKLM\...\{5106801D-CA18-4173-85B9-D74C33358F7F}) (Version: 3.9.0.234 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{900D0BCD-0B86-4DAA-B639-89BE70449569}) (Version: 5.4.1.14954 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{ec40a028-983b-4213-af2c-77ed6f6fe1d5}) (Version: 5.4.1.14954 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{E9E87628-7D88-4557-9A80-49B2B4A81460}) (Version: 5.4.1.14954 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{ef6a1215-d616-4e4f-9453-525ed9903031}) (Version: 5.4.1.14954 - Dell Inc.)
Dell Update for Windows 10 (HKLM\...\{41D2D254-D869-4CD8-B440-5DF49083C4BA}) (Version: 4.1.0 - Dell Inc.)
DELLOSD (HKLM-x32\...\{437102ED-22A2-4C3D-BA6B-E5ECAE798DFA}) (Version: 1.0.3.0 - DELL)
Discord (HKU\S-1-5-21-2286517863-2150365057-2533688822-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Dynamic Application Loader Host Interface Service (HKLM\...\{B2B50A9C-3A65-4BDC-AA76-5D7537D8A7D1}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Epic Games Launcher (HKLM-x32\...\{A7BBC0A6-3DB0-41CC-BCED-DDFC5D4F3060}) (Version: 1.2.17.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{0B736177-814A-4ADE-81D1-66A0FDD55BB4}) (Version: 1.1.11.0 - Epic Games, Inc.)
Floomby (HKU\S-1-5-21-2286517863-2150365057-2533688822-1001\...\Floomby) (Version: - Online Center ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.212 - Google LLC)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.22.316 - SurfRight B.V.)
Intel(R) Chipset Device Software (HKLM-x32\...\{4551f75f-3c54-4f09-8221-8c8a061bad00}) (Version: 10.1.18019.8144 - Intel(R) Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1937.14.0.1350 - Intel Corporation)
Java 8 Update 271 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13929.20372 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.62 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 90.0.818.62 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2286517863-2150365057-2533688822-1001\...\OneDriveSetup.exe) (Version: 21.073.0411.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{27B34E47-68AE-4802-822A-9F0C187AF84A}) (Version: 1.0.0.0 - Mojang)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.9.1 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13929.20372 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13929.20372 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13929.20372 - Microsoft Corporation) Hidden
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8929.1 - Realtek Semiconductor Corp.)
Realtek PC Camera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.17763.20082 - Realtek Semiconductor Corp.)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.)
Roblox Player for Yroqu (HKU\S-1-5-21-2286517863-2150365057-2533688822-1001\...\roblox-player) (Version: - Roblox Corporation)
SmartByte Drivers and Services (HKLM\...\{9668B1BB-D0FE-4C0C-800C-B1555E069A62}) (Version: 3.1.940 - Rivet Networks)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
VALORANT (HKU\S-1-5-21-2286517863-2150365057-2533688822-1001\...\Riot Game valorant.live) (Version: - Riot Games, Inc)
Zoom (HKU\S-1-5-21-2286517863-2150365057-2533688822-1001\...\ZoomUMX) (Version: 5.4.3 (58891.1115) - Zoom Video Communications, Inc.)

Packages:
=========
Dell Cinema Guide -> C:\Program Files\WindowsApps\DellInc.DellCinemaGuide_1.0.49.0_x64__htrsf667h5kn2 [2020-11-24] (Dell Inc)
Dell CinemaColor -> C:\Program Files\WindowsApps\PortraitDisplays.DellCinemaColor_2.3.34.0_x64__2dgmkzkw4h30c [2021-05-18] (Portrait Displays)
Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.2.52.0_x64__htrsf667h5kn2 [2021-04-12] (Dell Inc)
Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_4.0.70.0_x64__htrsf667h5kn2 [2021-02-25] (Dell Inc)
Dell Mobile Connect -> C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.2.9771.0_x64__0vhbc3ng4wbp0 [2021-01-24] (Screenovate Technologies) [Startup Task]
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.9.11.0_x64__htrsf667h5kn2 [2021-05-18] (Dell Inc)
Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_4.1.15.0_x86__htrsf667h5kn2 [2021-02-11] (Dell Inc)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96 [2020-11-24] (Dropbox Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_127.1.115.0_x64__v10z8vjag6ke6 [2021-05-11] (HP Inc.)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6ctt [2021-05-14] (INTEL CORP) [Startup Task]
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1015.0_x64__8j3eq9eme6ctt [2021-03-13] (INTEL CORP)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.5060.0_x64__8wekyb3d8bbwe [2021-05-10] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2020-05-05] (Microsoft Corporation)
My Dell -> C:\Program Files\WindowsApps\DellInc.MyDell_1.8.40.0_x64__htrsf667h5kn2 [2021-05-08] (Dell Inc)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-11-24] (Netflix, Inc.)
Partner Promo -> C:\Program Files\WindowsApps\DellInc.PartnerPromo_1.0.21.0_x64__htrsf667h5kn2 [2020-11-10] (Dell Inc)
SmartByte -> C:\Program Files\WindowsApps\RivetNetworks.SmartByte_3.1.971.0_x64__rh07ty8m5nkag [2021-05-18] (Rivet Networks LLC)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.159.712.0_x86__zpdnekdrzrea0 [2021-05-18] (Spotify AB) [Startup Task]
Waves MaxxAudio Pro for Dell 2019 -> C:\Program Files\WindowsApps\WavesAudio.MaxxAudioProforDell2019_2.0.54.0_x64__fh4rh281wavaa [2020-11-10] (Waves Audio)
Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2020-12-24] (Microsoft Corporation) [MS Ad]
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2020-12-07] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2286517863-2150365057-2533688822-1001_Classes\CLSID\{0BAD39CB-DD3E-4F21-9156-649B0156C28E}\localserver32 -> C:\Windows\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_b4384d7b6d69cda4\WavesSvc64.exe (Waves Inc -> Waves Audio Ltd.)
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b31ddd6f2a24807e\OptaneShellExt.dll [2021-02-09] (Intel(R) Rapid Storage Technology -> )
ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2020-11-01] (Notepad++ -> )
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b31ddd6f2a24807e\OptaneShellExt.dll [2021-02-09] (Intel(R) Rapid Storage Technology -> )
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Yroqu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Spotify.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=pjibgclleladliembfgfagdaldikeohf
ShortcutWithArgument: C:\Users\Yroqu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Spotify.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=pjibgclleladliembfgfagdaldikeohf

==================== Loaded Modules (Whitelisted) =============

2020-11-19 14:12 - 2020-11-19 14:12 - 000019456 _____ () [File not signed] C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.HSA.Server.dll
2017-03-08 05:13 - 2017-03-08 05:13 - 000491520 _____ () [File not signed] C:\Program Files (x86)\Floomby\graphin.dll
2021-01-22 13:20 - 2021-01-22 13:20 - 000016384 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_4.0.70.0_x64__htrsf667h5kn2\Dell.D3.HSA.Client.dll
2021-01-22 13:20 - 2021-01-22 13:20 - 023371264 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_4.0.70.0_x64__htrsf667h5kn2\Dell.D3.UWP.dll
2021-05-08 00:00 - 2021-05-08 00:00 - 042557440 _____ (Intel Corporation) [File not signed] C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6ctt\IGCC.dll
2020-08-14 22:29 - 2020-08-14 22:29 - 000122880 _____ (Rivet Networks) [File not signed] C:\Program Files\Rivet Networks\SmartByte\KillerNetworkServicePS.dll
2020-12-01 01:14 - 2020-12-01 01:14 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\SQLite.Interop.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [10350]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-2286517863-2150365057-2533688822-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=DCTE
HKU\S-1-5-21-2286517863-2150365057-2533688822-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-2286517863-2150365057-2533688822-1001 -> DefaultScope {15C82995-2369-4404-984A-9576E2D3C343} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_271\bin\ssv.dll [2020-12-31] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-12-31] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-05-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-05-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-05-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-05-03] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 05:14 - 2021-05-07 23:08 - 000002103 _____ C:\Windows\system32\drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2286517863-2150365057-2533688822-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{05E29072-3BD5-454F-8A3B-5CE4836FA682}] => (Allow) C:\Users\Yroqu\Downloads\New folder\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{505E2E39-80C9-4745-BED4-37144C58808B}] => (Allow) C:\Users\Yroqu\Downloads\New folder\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{15FB5D3E-2231-4898-8CF9-D15CEA11CD20}] => (Allow) C:\Users\Yroqu\Downloads\New folder\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{3270F932-83A3-4586-8308-1F7D30970A25}] => (Allow) C:\Users\Yroqu\Downloads\New folder\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{3195C9B9-20D0-4B88-921C-74B54F788E85}] => (Allow) C:\Users\Yroqu\Downloads\New folder\steamapps\common\SCP Secret Laboratory\SCPSL.exe (Hubert Moszka Northwood -> )
FirewallRules: [{92B69DE5-0A5E-4A81-8C7A-1F6D9338CE87}] => (Allow) C:\Users\Yroqu\Downloads\New folder\steamapps\common\SCP Secret Laboratory\SCPSL.exe (Hubert Moszka Northwood -> )
FirewallRules: [{3E20D5D4-7910-4CD3-AE98-610954D40970}] => (Allow) C:\Users\Yroqu\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{ACC7778D-2ABF-4AB5-A0E6-6106BC5667E1}] => (Allow) C:\Users\Yroqu\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{A5DB7D18-EE1F-48D5-A815-FC9127075737}] => (Allow) C:\Users\Yroqu\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{DE47861C-8036-4B9F-9F77-C229566DDF85}] => (Allow) C:\Users\Yroqu\Downloads\New folder\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{1F6157DC-C7BE-4D12-8E7B-BDC20C33BDDC}] => (Allow) C:\Users\Yroqu\Downloads\New folder\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{01D52161-A949-4435-879A-46D7A4CE2D5E}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.2.9771.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
FirewallRules: [{E36426DF-0B4D-4DD5-B77D-ACE9425D1EA6}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.2.9771.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
FirewallRules: [{B620FB00-1642-47AD-9D38-06F3693927C0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C37C5EE8-3C0F-419A-8CE9-B12B52314792}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{17AC03E9-984D-488C-802F-B9DA77F1142D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{20001C66-F51E-41EB-BFC8-A5F78141EAE5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D82A6DC5-7ADC-4FEF-9160-E14D2842A6F7}] => (Allow) C:\Users\Yroqu\Downloads\New folder\steamapps\common\Ultimate Custom Night\Ultimate Custom Night.exe () [File not signed]
FirewallRules: [{7B038D87-632A-4D22-93D3-2C304AB92135}] => (Allow) C:\Users\Yroqu\Downloads\New folder\steamapps\common\Ultimate Custom Night\Ultimate Custom Night.exe () [File not signed]
FirewallRules: [{01E00917-C3A6-4824-A245-857621CE4E0D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{22B57EA1-0704-44BA-B2EC-2E02BCC60F28}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{2F47C3C0-B660-4D64-9D65-086CB4ECCFFF}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.62\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{8D7371F4-C742-407F-86EB-FDD0007E4DF7}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{EF51B22C-6AAA-45D5-B43C-9234B9B61340}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [{5F1886B1-8D66-40E9-A103-45EF3FE223AC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.159.712.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F73E1388-73B0-429C-8F52-D7E99853A0BB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.159.712.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F4D98236-1B1C-4D0F-BCC2-AFF2F29D5B56}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.159.712.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B03676B3-F257-40F1-8283-B5EC1513EEC0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.159.712.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{54140174-97D2-4BCA-B8A7-31088F8393B2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.159.712.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B5C95C9F-751D-478C-9C53-9CF1FE49ED0B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.159.712.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{606726A1-511D-46A1-A287-7DA2394FE76B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.159.712.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{02AD2FE1-F9AA-4475-A6E3-16D9B2FC7C92}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.159.712.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

==================== Restore Points =========================

12-05-2021 23:30:35 Windows Modules Installer
12-05-2021 23:33:11 Windows Modules Installer
16-05-2021 18:03:10 Removed Emsisoft Anti-Malware

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/19/2021 12:23:03 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {89b0e975-69dd-43af-af66-631abf3dc5e6}

Error: (05/19/2021 09:45:12 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {89b0e975-69dd-43af-af66-631abf3dc5e6}

Error: (05/18/2021 08:35:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ServiceShell.exe, version: 2.1.0.22, time stamp: 0x60070db7
Faulting module name: KERNELBASE.dll, version: 10.0.19041.964, time stamp: 0x812662a7
Exception code: 0xe0434352
Fault offset: 0x0000000000034b89
Faulting process id: 0x1d14
Faulting application start time: 0x01d74c44d7cf5d6d
Faulting application path: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 8d9f224d-ebc7-4525-93a5-72441a89bea6
Faulting package full name:
Faulting package-relative application ID:

Error: (05/18/2021 08:35:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ServiceShell.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.Remoting.RemotingException
at System.IDisposable.Dispose()
at Dell.Asimov.FrameworkCore.ApplicationModel.MarshalTask+<CallActualAsync>d__7`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].MoveNext()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (05/18/2021 08:27:36 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 1664, ProfSvc PID: 1900.

Error: (05/18/2021 08:27:36 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Program Files\AVG\Antivirus\avgToolsSvc.exe, PID: 4112, ProfSvc PID: 1900.

Error: (05/18/2021 08:27:36 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Program Files\AVG\TuneUp\TuneupSvc.exe, PID: 4708, ProfSvc PID: 1900.

Error: (05/18/2021 08:15:20 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.


System errors:
=============
Error: (05/19/2021 03:15:01 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {338B40F9-9D68-4B53-A793-6B9AA0C5F63B} did not register with DCOM within the required timeout.

Error: (05/19/2021 02:44:03 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Dell Data Vault Processor service hung on starting.

Error: (05/19/2021 02:40:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (60000 milliseconds) was reached while waiting for a transaction response from the CleanupPSvc service.

Error: (05/19/2021 02:39:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel(R) Graphics Command Center Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (05/19/2021 02:39:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel(R) Audio Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (05/19/2021 02:39:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Waves Audio Services service depends on the Intel(R) Audio Service service which failed to start because of the following error:
The operation completed successfully.

Error: (05/19/2021 02:39:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the Intel(R) Graphics Command Center Service service to connect.

Error: (05/19/2021 02:39:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the Intel(R) Audio Service service to connect.


CodeIntegrity:
===============
Date: 2021-05-19 16:03:37
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. 1.5.2 07/30/2020
Motherboard: Dell Inc. 0C8JG6
Processor: Intel(R) Core(TM) i3-10110U CPU @ 2.10GHz
Percentage of memory in use: 71%
Total physical RAM: 8020.93 MB
Available physical RAM: 2312.02 MB
Total Virtual: 14420.93 MB
Available Virtual: 7313.32 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:914.85 GB) (Free:750.83 GB) (Protected) NTFS

\\?\Volume{c372287b-a073-45ae-8840-0fda64092ebd}\ (WINRETOOLS) (Fixed) (Total:0.97 GB) (Free:0.51 GB) NTFS
\\?\Volume{d3d966a7-4a3c-45e5-b169-2c6d9251a530}\ (Image) (Fixed) (Total:14.08 GB) (Free:0.13 GB) NTFS
\\?\Volume{c0a95219-a43f-47de-8387-b5b781ef3a6b}\ (DELLSUPPORT) (Fixed) (Total:1.33 GB) (Free:0.45 GB) NTFS
\\?\Volume{008bdbfd-464a-4334-ab4e-0372e2730029}\ (ESP) (Fixed) (Total:0.14 GB) (Free:0.08 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6FD14D2C)

Partition: GPT.

==================== End of Addition.txt =======================
 
  • Like
Reactions: Nevi
BottledSyrup

BottledSyrup

Level 1
Thread author
May 10, 2021
21
Searchgoose is removed from the computer, as opening a new tab is normal, but searching up something goes first to search-fine and then search.securypath in the URL, then changes the search into bing, yahoo, or edge
 
  • Like
Reactions: Nevi
struppigel

struppigel

Super Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
667
1. Farbar Recovery Scan Tool (FRST) Search
  • Double click Frst64.exe to launch it.
  • FRST will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Copy/Paste or Type the following line into the Search: box.
    search-fine;search.securitypath
  • Press the Search Registry button.
  • When finished searching a log will open on your Desktop ... Search.txt
  • Please post it in your next reply.

2. ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.
  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your Anti-Virus software. For instructions, please refer to the following link.
  • Double-click esetonlinescanner.exe to run the programme.
  • Click Get started
  • Review and accept the Terms of use
  • Click Get started
  • Choose what information you would like to share or not
  • Click Continue
  • Click Full Scan
  • Select Enable ESET to detect and quarantine potentially unwanted applications
  • Click Start scan
  • Once completed click Save scan log and save it to your Desktop as ESETScan.txt
  • Click Continue then finally click Close
  • Copy and paste the ESETScan.txt file contents in your reply
 
Status
Not open for further replies.

Similar threads

S
  • Locked
Browser keeps switching to Yahoo/ Secure Search even though i set Google as deafult browser
Replies
1
Views
274
Windows Malware Removal Help & Support
nasdaq
nasdaq
S
  • Locked
Browser keeps switching to Yahoo/ Secure Search even though i set Google as deafult browser
Replies
6
Views
468
Windows Malware Removal Help & Support
nasdaq
nasdaq
Ehp12
  • Locked
Having problems with boyu
Replies
2
Views
406
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top