I have a personal computer but chrome says "managed by your organisation"

Status
Not open for further replies.

ayte

New Member
Thread author
Jan 15, 2021
2
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-01-2021
Ran by help (administrator) on DESKTOP-7AS2TU1 (HP HP Laptop 15-bs0xx) (15-01-2021 16:32:58)
Running from C:\Users\help\Downloads
Loaded Profiles: help
Platform: Windows 10 Enterprise Version 1909 18363.1316 (X64) Language: Russian (Russia)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\dglvrsvc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <27>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki131191.inf_amd64_d668106cb6f2eae0\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki131191.inf_amd64_d668106cb6f2eae0\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki131191.inf_amd64_d668106cb6f2eae0\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki131191.inf_amd64_d668106cb6f2eae0\IntelCpHeciSvc.exe
(LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\CSP\3.1.286.0\McCSPServiceHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2011.16.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Shenzhen Huion Animation Technology Co.,LTD -> ) C:\Huion Tablet\Huion Tablet.exe
(Shenzhen Huion Animation Technology Co.,LTD -> ) C:\Huion Tablet\x64\TabletDriverCore.exe
(SurfRight B.V. -> SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(Wondershare software CO., LIMITED -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.2.222\WsAppService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16733192 2016-11-07] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [TabletDriver] => C:\Huion Tablet\Huion Tablet.exe [240360 2020-06-29] (Shenzhen Huion Animation Technology Co.,LTD -> )
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5890504 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\Run: [uTorrent] => C:\Users\help\AppData\Roaming\uTorrent\uTorrent.exe [2072816 2020-05-15] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3365840 2020-02-11] (Valve -> Valve Corporation)
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\Run: [Chromium] => "c:\users\help\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\help\AppData\Local\Microsoft\Teams\Update.exe [2453688 2020-11-21] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\Run: [TabletDriver] => C:\Huion Tablet\x64\TabletDriverCore.exe [321256 2020-06-29] (Shenzhen Huion Animation Technology Co.,LTD -> )
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\MountPoints2: {b8be1daf-580b-11ea-b4af-409f388e5364} - "F:\HiSuiteDownLoader.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe [2021-01-12] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Huion Tablet.lnk [2021-01-12]
ShortcutTarget: Huion Tablet.lnk -> C:\Huion Tablet\Huion Tablet.exe (Shenzhen Huion Animation Technology Co.,LTD -> )
Startup: C:\Users\help\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Отправка в OneNote.lnk [2021-01-15]
ShortcutTarget: Отправка в OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {204CC9D8-F916-4FFF-A6EF-28DE21C3E797} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1741416 2020-09-19] (Avast Software s.r.o. -> Avast Software)
Task: {2FB3B776-07D2-432F-AA47-E07BFBE0BE64} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {4007E1DD-B0EA-429F-AF6A-1C0897C3E685} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe
Task: {40CBBF75-E35F-42E8-B77E-12592E8AAAA0} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {508C51F8-9C76-4138-8A2F-9A539D313A54} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-12-17] (Google Inc -> Google Inc.)
Task: {5376B5D1-65E2-42D2-9D77-FADAF3D01F0F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {58F4708A-1867-4C57-9BB5-0475C411101F} - System32\Tasks\G2MUpdateTask-S-1-5-21-2223184529-1837807021-1881898419-1001 => C:\Users\help\AppData\Local\GoToMeeting\19228\g2mupdate.exe [31320 2020-12-31] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {7658D50B-F714-40E7-97F6-54B03D0E697D} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [52104 2017-04-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {7D73EE12-3957-4C4F-AA91-24EE9488358B} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {7DDFFCE3-21D6-4D3F-A977-A23360BF666C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {88F5C7A7-F2B6-42BA-8FD1-88ADD07290B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-12-17] (Google Inc -> Google Inc.)
Task: {A18DBB75-3CA7-4205-9BDD-D95144FEE988} - System32\Tasks\G2MUploadTask-S-1-5-21-2223184529-1837807021-1881898419-1001 => C:\Users\help\AppData\Local\GoToMeeting\19228\g2mupload.exe [31320 2020-12-31] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {BFE4DEB8-4F0B-41B0-825D-E874B61E7AE0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {D39DD3FA-7313-4CE4-AF94-5A8D860592B5} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [468992 2019-05-22] (Advanced Micro Devices, Inc.) [File not signed]
Task: {EC5C8DE2-C69C-4CF1-8957-3751AC8769B7} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [468992 2019-05-22] (Advanced Micro Devices, Inc.) [File not signed]
Task: {EC771863-6B5B-4233-9678-EB11CB6D8DD9} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [64920 2020-03-10] (Microsoft Corporation -> Microsoft)
Task: {F47D41D6-DD2D-42E3-A376-3C4FD9D7E053} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [693456 2020-12-18] (Mozilla Corporation -> Mozilla Foundation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2223184529-1837807021-1881898419-1001.job => C:\Users\help\AppData\Local\GoToMeeting\19228\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2223184529-1837807021-1881898419-1001.job => C:\Users\help\AppData\Local\GoToMeeting\19228\g2mupload.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{e877362d-62d9-49f4-b5f4-c50a55c6d88f}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{ee410218-036b-40ac-8046-211596f8418d}: [DhcpNameServer] 192.168.0.1

Edge:
======
Edge Profile: C:\Users\help\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-15]
Edge StartupUrls: Default -> "hxxps://go.microsoft.com/fwlink/?LinkId=625119&clcid=0x419"

FireFox:
========
FF DefaultProfile: xqv515l1.default
FF ProfilePath: C:\Users\help\AppData\Roaming\Mozilla\Firefox\Profiles\xqv515l1.default [2020-03-12]
FF ProfilePath: C:\Users\help\AppData\Roaming\Mozilla\Firefox\Profiles\6zyppz0e.default-release [2021-01-15]
FF Notifications: Mozilla\Firefox\Profiles\6zyppz0e.default-release -> hxxps://keep.google.com
FF Extension: (Dark Reader) - C:\Users\help\AppData\Roaming\Mozilla\Firefox\Profiles\6zyppz0e.default-release\Extensions\addon@darkreader.org.xpi [2020-12-04]
FF Extension: (Greasemonkey) - C:\Users\help\AppData\Roaming\Mozilla\Firefox\Profiles\6zyppz0e.default-release\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2020-03-18]
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/AuthorwarePlayer -> C:\Windows\system32\Macromed\AUTHORWA\np32asw.dll [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1218158.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2223184529-1837807021-1881898419-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\help\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-05-15] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\help\AppData\Local\Google\Chrome\User Data\Default [2021-01-15]
CHR DefaultSearchURL: Default -> hxxps://statics.teams.cdn.office.net/hashedassets/favicon/prod/favicon-32x32-0b158ae.png
CHR Extension: (Docs) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-17]
CHR Extension: (Google Drive) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-26]
CHR Extension: (YouTube) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-17]
CHR Extension: (uBlock Origin) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2021-01-10]
CHR Extension: (Google Docs Offline) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-13]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2020-04-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-16]
CHR Extension: (Gmail) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-25]
CHR Extension: (Chrome Media Router) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-10]
CHR Extension: (Sechenov Online) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Default\Extensions\pndcfhhheooopfkgicbdcemgikagkgee [2020-05-22]
CHR Profile: C:\Users\help\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-01-15]
CHR Profile: C:\Users\help\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-01-15]
CHR Extension: (Slides) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-05-21]
CHR Extension: (Docs) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2020-05-21]
CHR Extension: (Google Drive) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-02]
CHR Extension: (YouTube) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-05-21]
CHR Extension: (Adobe Acrobat) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-05-21]
CHR Extension: (Sheets) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-05-21]
CHR Extension: (Google Docs Offline) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-12-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-05-21]
CHR Extension: (Gmail) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-02]
CHR Extension: (Chrome Media Router) - C:\Users\help\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-02]
CHR Profile: C:\Users\help\AppData\Local\Google\Chrome\User Data\System Profile [2021-01-15]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8473200 2019-03-29] (BattlEye Innovations e.K. -> )
R2 dglvrsvc; C:\WINDOWS\dglvrsvc.exe [40928 2016-09-02] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-10] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3361736 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [162392 2021-01-15] (SurfRight B.V. -> SurfRight B.V.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-01-15] (Malwarebytes Inc -> Malwarebytes)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.1.286.0\\McCSPServiceHost.exe [2226608 2019-06-13] (McAfee, LLC. -> McAfee, LLC.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6264144 2021-01-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.222\WsAppService.exe [474768 2017-03-01] (Wondershare software CO., LIMITED -> Wondershare)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dglvrbus; C:\WINDOWS\System32\drivers\dglvrbus.sys [85984 2016-09-02] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
R3 dglvrkdod; C:\WINDOWS\system32\DRIVERS\dglvrkdod.sys [45536 2016-09-02] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
R3 dglvrmflt; C:\WINDOWS\System32\drivers\dglvrmflt.sys [27104 2016-09-02] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
R3 DroidCam; C:\WINDOWS\System32\drivers\droidcam.sys [33592 2020-03-17] (DEV47 APPS -> Dev47Apps)
R3 DroidCamVideo; C:\WINDOWS\System32\drivers\droidcamvideo.sys [229432 2020-03-17] (DEV47 APPS -> Dev47Apps)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2021-01-15] (Malwarebytes Corporation -> Malwarebytes)
S3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2017-06-29] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220160 2021-01-15] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-01-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [197792 2021-01-15] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-01-15] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2021-01-15] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [139424 2021-01-15] (Malwarebytes Inc -> Malwarebytes)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [36168 2019-08-22] (McAfee, Inc. -> The OpenVPN Project)
R3 vmulti; C:\WINDOWS\System32\drivers\vmulti.sys [10752 2018-03-16] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [74552 2019-05-03] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 xspirit; C:\WINDOWS\xspirit.sys [47928 2019-05-03] (Wellbia.com Co., Ltd. -> )

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

Error Reading file: "C:\Users\help\Downloads\Unconfirmed 723522.crdownload"
Error Reading file: "C:\Users\help\Downloads\Adobe Photoshop CC 2019 "
2021-01-15 16:32 - 2021-01-15 16:34 - 000023975 _____ C:\Users\help\Downloads\FRST.txt
2021-01-15 16:32 - 2021-01-15 16:33 - 000000000 ____D C:\FRST
2021-01-15 16:31 - 2021-01-15 16:31 - 002281472 _____ (Farbar) C:\Users\help\Downloads\FRST64.exe
2021-01-15 16:13 - 2021-01-15 16:13 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-01-15 16:12 - 2021-01-15 16:12 - 000197792 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-01-15 16:12 - 2021-01-15 16:12 - 000139424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-01-15 16:07 - 2021-01-15 16:07 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2021-01-15 15:53 - 2021-01-15 15:53 - 000001966 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2021-01-15 15:53 - 2021-01-15 15:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2021-01-15 15:53 - 2021-01-15 15:53 - 000000000 ____D C:\Program Files\HitmanPro
2021-01-15 15:52 - 2021-01-15 16:10 - 000000000 ____D C:\Users\Все пользователи\HitmanPro
2021-01-15 15:52 - 2021-01-15 16:10 - 000000000 ____D C:\ProgramData\HitmanPro
2021-01-15 15:52 - 2021-01-15 15:52 - 011431000 _____ (SurfRight B.V.) C:\Users\help\Downloads\hitmanpro_x64.exe
2021-01-15 15:32 - 2021-01-15 16:15 - 000003110 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate
2021-01-15 15:14 - 2021-01-15 15:25 - 000000000 ____D C:\AdwCleaner
2021-01-15 15:12 - 2021-01-15 15:12 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-01-15 15:12 - 2021-01-15 15:12 - 000220160 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-01-15 15:12 - 2021-01-15 15:12 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-01-15 15:12 - 2021-01-15 15:12 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-01-15 15:12 - 2021-01-15 15:12 - 000000000 ____D C:\Users\help\AppData\Local\mbam
2021-01-15 15:12 - 2021-01-15 15:11 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-01-15 15:12 - 2021-01-15 15:11 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-01-15 15:11 - 2021-01-15 15:12 - 008458096 _____ (Malwarebytes) C:\Users\help\Downloads\adwcleaner_8.0.9.exe
2021-01-15 15:11 - 2021-01-15 15:11 - 000000000 ____D C:\Users\Все пользователи\Malwarebytes
2021-01-15 15:11 - 2021-01-15 15:11 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-15 15:10 - 2021-01-15 15:10 - 000000000 ____D C:\Program Files\Malwarebytes
2021-01-15 15:09 - 2021-01-15 15:09 - 002086424 _____ (Malwarebytes) C:\Users\help\Downloads\MBSetup.exe
2021-01-15 14:55 - 2021-01-15 14:55 - 000000549 _____ C:\Users\help\Downloads\delete_chrome_policies.bat
2021-01-15 13:49 - 2021-01-15 13:49 - 000000000 ____D C:\Users\Все пользователи\Thunder Network
2021-01-15 13:49 - 2021-01-15 13:49 - 000000000 ____D C:\Users\Public\Thunder Network
2021-01-15 13:49 - 2021-01-15 13:49 - 000000000 ____D C:\ProgramData\Thunder Network
2021-01-15 13:49 - 2021-01-15 13:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HappyNewYear
2021-01-15 12:48 - 2021-01-15 12:51 - 000064955 _____ C:\Users\help\Documents\Jan 15 12h48.svgz
2021-01-15 12:14 - 2021-01-15 12:15 - 000000000 ____D C:\Program Files\PDF Annotator
2021-01-15 12:14 - 2021-01-15 12:14 - 000000948 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Annotator.lnk
2021-01-15 12:14 - 2021-01-15 12:14 - 000000936 _____ C:\Users\Public\Desktop\PDF Annotator.lnk
2021-01-15 12:11 - 2020-09-26 18:08 - 000000000 ____D C:\Users\help\Downloads\PDF Annotator Version 8.0.0.811(RPD Tips & Tricks)
2021-01-15 11:58 - 2021-01-15 11:58 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-15 11:58 - 2021-01-15 11:58 - 000502784 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-01-15 11:58 - 2021-01-15 11:58 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-15 11:58 - 2021-01-15 11:58 - 000151040 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-01-15 11:58 - 2021-01-15 11:58 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-15 11:58 - 2021-01-15 11:58 - 000094720 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-15 11:58 - 2021-01-15 11:58 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-15 11:57 - 2021-01-15 11:57 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-15 11:57 - 2021-01-15 11:57 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-15 11:57 - 2021-01-15 11:57 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-15 11:57 - 2021-01-15 11:57 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-15 11:57 - 2021-01-15 11:57 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-15 11:57 - 2021-01-15 11:57 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-15 11:57 - 2021-01-15 11:57 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-15 11:57 - 2021-01-15 11:57 - 000053248 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-15 11:56 - 2021-01-15 11:56 - 000696832 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-15 11:56 - 2021-01-15 11:56 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-15 11:56 - 2021-01-15 11:56 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-15 11:56 - 2021-01-15 11:56 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-15 11:56 - 2021-01-15 11:56 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth18.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth17.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth16.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth15.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2021-01-15 11:56 - 2021-01-15 11:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2021-01-15 11:55 - 2021-01-15 11:55 - 001101312 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-15 11:55 - 2021-01-15 11:55 - 000458240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-15 11:55 - 2021-01-15 11:55 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-15 11:55 - 2021-01-15 11:55 - 000208384 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-15 11:55 - 2021-01-15 11:55 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-15 11:54 - 2021-01-15 11:54 - 002590720 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-15 11:54 - 2021-01-15 11:54 - 000331264 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-15 11:54 - 2021-01-15 11:54 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-15 11:54 - 2021-01-15 11:54 - 000186368 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-15 11:53 - 2021-01-15 11:53 - 001841152 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-15 11:53 - 2021-01-15 11:53 - 000549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-15 11:53 - 2021-01-15 11:53 - 000266752 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-15 11:52 - 2021-01-15 11:52 - 000540672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-15 11:52 - 2021-01-15 11:52 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-15 11:52 - 2021-01-15 11:52 - 000164864 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-15 11:52 - 2021-01-15 11:52 - 000061440 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-01-15 11:51 - 2021-01-15 11:51 - 000453632 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-14 23:04 - 2021-01-14 23:06 - 000000000 ____D C:\Users\help\Desktop\physics
2021-01-14 14:37 - 2021-01-14 15:06 - 000425022 _____ C:\Users\help\Downloads\Quiz(linear function).pdf9J (1).pdf
2021-01-14 14:37 - 2021-01-14 14:37 - 000137997 _____ C:\Users\help\Downloads\Quiz(linear function).pdf9J.pdf
2021-01-14 14:20 - 2021-01-14 14:25 - 000000000 ____D C:\Program Files (x86)\iSkysoft
2021-01-14 14:20 - 2021-01-14 14:20 - 000000000 ____D C:\Program Files\Common Files\Wondershare
2021-01-14 14:18 - 2021-01-15 12:08 - 000000000 ____D C:\Users\Public\Documents\iSkysoft
2021-01-13 23:56 - 2021-01-13 23:56 - 000489971 _____ C:\Users\help\Downloads\Unnamed.pdf
2021-01-13 22:48 - 2021-01-13 22:48 - 005597251 _____ C:\Users\help\Downloads\January 12th homework (Jan 13, 2021 08_54_34).jpeg
2021-01-13 19:48 - 2021-01-13 19:48 - 016810856 _____ C:\Users\help\Desktop\Chemistry workbook answers.pdf
2021-01-13 19:47 - 2021-01-14 21:16 - 004375955 _____ C:\Users\help\Desktop\Chemistry workbook.pdf
2021-01-13 19:20 - 2021-01-13 19:20 - 001979254 _____ C:\Users\help\Downloads\phy hw 13jan.pdf
2021-01-13 14:39 - 2021-01-13 14:50 - 000207771 _____ C:\Users\help\Downloads\Newton laws (1).pdf
2021-01-13 14:39 - 2021-01-13 14:39 - 000169593 _____ C:\Users\help\Downloads\Newton laws.pdf
2021-01-13 13:01 - 2021-01-13 15:46 - 001021102 _____ C:\Users\help\Downloads\Calculus 9J and 9K.pdf
2021-01-13 12:34 - 2021-01-13 12:34 - 000569859 _____ C:\Users\help\Downloads\eng assesment 13 jan.pdf
2021-01-13 10:53 - 2021-01-13 10:53 - 001940029 _____ C:\Users\help\Downloads\9J.pdf
2021-01-13 10:44 - 2021-01-13 10:44 - 000000000 ____D C:\Users\help\AppData\Roaming\Softland
2021-01-13 10:43 - 2021-01-15 12:26 - 000000000 ____D C:\Users\help\AppData\Local\PDF Annotator
2021-01-13 10:39 - 2021-01-13 10:41 - 072381744 _____ (GRAHL software design ) C:\Users\help\Downloads\PDFAnnotatorSetup.exe
2021-01-12 22:51 - 2021-01-12 22:51 - 000387522 _____ C:\Users\help\Downloads\hw9J.pdf
2021-01-12 19:55 - 2021-01-13 11:38 - 005520521 _____ C:\Users\help\Downloads\Rate of Reaction 1 QP.pdf
2021-01-12 19:50 - 2021-01-12 19:50 - 000000728 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Huion Tablet Uninstall .lnk
2021-01-12 19:50 - 2021-01-12 19:50 - 000000691 _____ C:\Users\Public\Desktop\Huion Tablet.lnk
2021-01-12 19:50 - 2021-01-12 19:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Huion Tablet
2021-01-12 19:50 - 2021-01-12 19:50 - 000000000 ____D C:\Huion Tablet
2021-01-12 19:50 - 2020-04-21 08:51 - 000221184 _____ (Graphics Tablet) C:\WINDOWS\system32\wintab32.dll
2021-01-12 19:50 - 2020-04-21 08:50 - 000190976 _____ (Graphics Tablet) C:\WINDOWS\SysWOW64\wintab32.dll
2021-01-12 19:50 - 2018-03-16 10:55 - 000010752 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\vmulti.sys
2021-01-12 19:50 - 2018-03-16 10:55 - 000007680 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\hidkmdf.sys
2021-01-09 21:27 - 2021-01-09 21:27 - 005831168 _____ C:\Users\help\Downloads\Chemical tests.ppt
2021-01-09 17:42 - 2018-07-12 01:50 - 1457383746 _____ C:\Users\help\Desktop\Biology +.pdf
2021-01-07 17:56 - 2021-01-07 17:57 - 004901376 _____ C:\Users\help\Downloads\8. Rates of Reaction v1.0.ppt
2021-01-07 16:29 - 2021-01-07 17:47 - 1310567896 _____ C:\Users\help\Desktop\Physics +.pdf
2021-01-06 21:39 - 2021-01-06 21:39 - 121281989 _____ C:\Users\help\Downloads\Complete Chemistry for cambridge IGCSE Third edition .pdf
2021-01-06 17:37 - 2021-01-06 17:37 - 000105731 _____ C:\Users\help\Downloads\WhatsApp Image 2021-01-06 at 12.38.52.jpeg
2021-01-05 21:34 - 2021-01-05 21:34 - 000001809 _____ C:\Users\help\Documents\anki.txt
2021-01-05 21:32 - 2021-01-05 21:32 - 000040243 _____ C:\Users\help\Downloads\quizlet.pdf
2021-01-05 20:42 - 2021-01-05 20:42 - 000000000 ____D C:\Users\help\AppData\Local\Anki
2021-01-05 20:41 - 2021-01-14 23:51 - 000000000 ____D C:\Users\help\AppData\Roaming\Anki2
2021-01-05 20:40 - 2021-01-05 20:40 - 000000531 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk
2021-01-05 20:40 - 2021-01-05 20:40 - 000000519 _____ C:\Users\Public\Desktop\Anki.lnk
2021-01-05 20:40 - 2021-01-05 20:40 - 000000000 ____D C:\Program Files\Anki
2021-01-05 20:32 - 2021-01-05 20:38 - 104219912 _____ C:\Users\help\Downloads\anki-2.1.38-windows.exe
2021-01-05 13:26 - 2021-01-05 13:26 - 000002122 _____ C:\Users\Public\Desktop\Twomon PC Program.lnk
2021-01-05 13:26 - 2021-01-05 13:26 - 000000000 ____D C:\Users\help\AppData\Local\Devguru
2021-01-05 13:26 - 2021-01-05 13:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Twomon PC Program
2021-01-05 13:26 - 2021-01-05 13:26 - 000000000 ____D C:\Program Files (x86)\Twomon PC Program
2021-01-05 13:26 - 2016-09-02 16:19 - 000040928 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\dglvrsvc.exe
2021-01-05 13:26 - 2016-09-02 16:19 - 000032736 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\dglvrproc.exe
2021-01-05 13:22 - 2021-01-05 13:22 - 000000000 ____D C:\Users\help\AppData\Local\Downloaded Installations
2021-01-05 13:21 - 2021-01-05 13:22 - 048647168 _____ (Devguru Co., LTD ) C:\Users\help\Downloads\Twomon_PC_Program_Win_2.0.67.0.exe
2021-01-05 11:08 - 2021-01-05 11:08 - 005812224 _____ C:\Users\help\Downloads\spacedesk_driver_Win_10_64_v0976_BETA.msi
2020-12-18 11:32 - 2020-12-18 11:32 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2020-12-18 11:15 - 2021-01-12 20:01 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-12-16 20:38 - 2020-12-16 20:38 - 000000000 ____D C:\Users\help\Documents\Записные книжки OneNote
2020-12-16 20:36 - 2020-12-16 20:36 - 001156872 _____ C:\Users\help\Downloads\17.2_-_chemical_tests_1c__-_edexcel_igcse_9-1__chemistry_qp.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-15 16:26 - 2019-03-19 08:52 - 000000000 ____D C:\Users\Все пользователи\regid.1991-06.com.microsoft
2021-01-15 16:26 - 2019-03-19 08:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-15 16:14 - 2017-12-19 22:20 - 000000000 __SHD C:\Users\help\IntelGraphicsProfiles
2021-01-15 16:12 - 2020-10-11 19:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-15 16:10 - 2019-03-19 08:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-01-15 16:07 - 2019-05-18 13:07 - 000000000 ____D C:\Users\help\Documents\ps
2021-01-15 15:46 - 2020-10-11 19:16 - 000000000 ____D C:\Users\help
2021-01-15 15:44 - 2020-10-11 19:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-15 15:28 - 2020-03-12 13:32 - 000000000 ____D C:\Users\Все пользователи\Mozilla
2021-01-15 15:28 - 2020-03-12 13:32 - 000000000 ____D C:\Users\help\AppData\LocalLow\Mozilla
2021-01-15 15:28 - 2020-03-12 13:32 - 000000000 ____D C:\ProgramData\Mozilla
2021-01-15 15:25 - 2017-12-19 19:31 - 000000000 ____D C:\Users\help\AppData\Local\Lavasoft
2021-01-15 15:25 - 2017-12-19 19:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2021-01-15 15:25 - 2017-12-19 19:30 - 000000000 ____D C:\Users\help\AppData\Roaming\Lavasoft
2021-01-15 15:25 - 2017-12-19 19:30 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2021-01-15 15:25 - 2017-12-19 19:29 - 000000000 ____D C:\Users\Все пользователи\Lavasoft
2021-01-15 15:25 - 2017-12-19 19:29 - 000000000 ____D C:\ProgramData\Lavasoft
2021-01-15 15:12 - 2019-03-19 08:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-01-15 14:48 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-01-15 14:43 - 2018-09-26 23:27 - 000000000 ____D C:\Users\help\AppData\Local\PlaceholderTileLogoFolder
2021-01-15 14:43 - 2017-12-31 22:18 - 000000000 ____D C:\Users\help\AppData\Local\Packages
2021-01-15 14:42 - 2019-03-19 08:52 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-15 14:15 - 2017-12-17 18:14 - 000000000 ____D C:\Users\help\AppData\Local\Microsoft Help
2021-01-15 14:14 - 2020-10-11 19:29 - 000005810 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-15 14:14 - 2019-03-19 15:34 - 000907668 _____ C:\WINDOWS\system32\perfh019.dat
2021-01-15 14:14 - 2019-03-19 15:34 - 000193872 _____ C:\WINDOWS\system32\perfc019.dat
2021-01-15 14:10 - 2017-12-31 22:41 - 000000000 ___RD C:\Users\help\3D Objects
2021-01-15 14:10 - 2017-12-17 18:01 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-01-15 14:08 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2021-01-15 14:06 - 2020-10-11 19:07 - 000448736 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-15 14:02 - 2019-03-19 08:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-15 14:02 - 2019-03-19 08:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-15 14:02 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-15 14:02 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-15 14:02 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-15 14:02 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-15 14:02 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-15 14:01 - 2019-03-19 08:52 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-15 14:01 - 2019-03-19 08:52 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-15 14:01 - 2019-03-19 08:52 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-15 14:01 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-15 14:01 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-15 14:01 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-15 14:01 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-15 14:01 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-15 14:01 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-15 14:01 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-01-15 14:01 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-15 14:01 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-15 14:01 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-15 13:59 - 2019-03-19 15:36 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-15 13:59 - 2019-03-19 15:36 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-01-15 13:59 - 2019-03-19 15:36 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-15 13:59 - 2019-03-19 08:52 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-15 13:59 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-15 13:59 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-15 13:59 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-15 13:59 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-01-15 13:59 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\IME
2021-01-15 13:59 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-15 13:59 - 2019-03-19 08:52 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-15 13:58 - 2019-03-19 08:50 - 000000000 ____D C:\WINDOWS\INF
2021-01-15 12:39 - 2019-03-19 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-15 12:36 - 2017-12-19 21:57 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-15 12:11 - 2017-12-19 21:57 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-01-15 11:51 - 2020-10-11 19:11 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-01-15 11:50 - 2020-10-11 19:38 - 000004166 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{190B990F-D040-43EF-9BD3-A499CDD0183D}
2021-01-14 17:44 - 2019-12-17 15:56 - 000000000 ____D C:\Users\help\Documents\Wondershare Filmora 9
2021-01-14 17:44 - 2017-12-24 23:03 - 000000000 ____D C:\Program Files (x86)\Wondershare
2021-01-14 14:24 - 2017-12-24 23:02 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2021-01-14 14:20 - 2020-09-05 08:55 - 000000000 ____D C:\Users\help\AppData\Roaming\Wondershare
2021-01-12 20:01 - 2020-03-17 10:39 - 000000660 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2223184529-1837807021-1881898419-1001.job
2021-01-12 20:01 - 2020-03-17 10:39 - 000000564 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2223184529-1837807021-1881898419-1001.job
2021-01-12 20:01 - 2020-03-12 13:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-01-12 19:50 - 2020-06-21 18:21 - 000000000 ____D C:\Program Files\DIFX
2021-01-12 19:32 - 2019-03-19 08:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-01-12 15:43 - 2017-12-17 21:17 - 000002297 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-09 22:51 - 2020-09-11 14:26 - 000002433 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-05 13:25 - 2017-12-17 21:16 - 000000000 ____D C:\Users\Все пользователи\Package Cache
2021-01-05 13:25 - 2017-12-17 21:16 - 000000000 ____D C:\ProgramData\Package Cache
2020-12-31 22:15 - 2020-10-11 19:38 - 000003828 _____ C:\WINDOWS\system32\Tasks\G2MUploadTask-S-1-5-21-2223184529-1837807021-1881898419-1001
2020-12-31 22:15 - 2020-10-11 19:38 - 000003732 _____ C:\WINDOWS\system32\Tasks\G2MUpdateTask-S-1-5-21-2223184529-1837807021-1881898419-1001
2020-12-31 22:15 - 2020-03-17 10:39 - 000000000 ____D C:\Users\help\AppData\Local\GoToMeeting
2020-12-18 11:32 - 2020-03-12 13:32 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-12-17 18:52 - 2020-10-11 19:38 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2223184529-1837807021-1881898419-1001
2020-12-17 18:52 - 2020-10-11 19:16 - 000002364 _____ C:\Users\help\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-12-17 18:52 - 2017-12-17 18:03 - 000000000 ___RD C:\Users\help\OneDrive
2020-12-16 08:51 - 2020-07-23 14:27 - 000000000 ____D C:\Users\help\Desktop\Saadat Y

==================== Files in the root of some directories ========

2019-11-30 21:28 - 2020-07-04 17:54 - 000000132 _____ () C:\Users\help\AppData\Roaming\Adobe PNG Format CS6 Prefs
2019-09-11 00:58 - 2019-09-11 00:58 - 000001147 _____ () C:\Users\help\AppData\Roaming\AppData - Shortcut.lnk
2019-06-17 12:57 - 2019-06-17 13:05 - 000000013 _____ () C:\Users\help\AppData\Roaming\doubleRunningProtection.txt
2019-05-17 22:23 - 2019-05-17 22:23 - 000000868 _____ () C:\Users\help\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
















Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-01-2021
Ran by help (15-01-2021 16:36:31)
Running from C:\Users\help\Downloads
Windows 10 Enterprise Version 1909 18363.1316 (X64) (2020-10-11 15:39:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

DefaultAccount (S-1-5-21-2223184529-1837807021-1881898419-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2223184529-1837807021-1881898419-1000 - Limited - Disabled) => C:\Users\defaultuser0
help (S-1-5-21-2223184529-1837807021-1881898419-1001 - Administrator - Enabled) => C:\Users\help
WDAGUtilityAccount (S-1-5-21-2223184529-1837807021-1881898419-504 - Limited - Disabled)
Администратор (S-1-5-21-2223184529-1837807021-1881898419-500 - Administrator - Disabled)
Гость (S-1-5-21-2223184529-1837807021-1881898419-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\uTorrent) (Version: 3.5.5.45628 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Russian (HKLM-x32\...\{AC76BA86-7AD7-1049-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Adobe Shockwave Player + Authorware Web Player (HKLM-x32\...\Adobe Shockwave Player + Authorware Web Player) (Version: v12.1.8.158 - Adobe Systems, Inc.)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.5.2 - Advanced Micro Devices, Inc.)
Anki (HKLM-x32\...\Anki) (Version: 2.1.38 - )
Apowersoft Online Launcher version 1.7.8 (HKLM-x32\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.7.8 - APOWERSOFT LIMITED)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - )
Branding64 (HKLM\...\{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{88DF5BD8-ECDC-C8D5-3BF2-B34D267A4EAC}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{6CECB174-D3F6-2273-7975-EC4C9A2C2A2B}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{FD4A7E74-34C1-45A6-CC98-2A733C3CFDF5}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{2510AF49-7D35-012F-FF7C-BC0DE1CBD1DE}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{6D1CD857-3315-EC3E-15C2-C455D3B58435}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{B8F467BC-FDE8-0026-69EA-FDCA59B1876A}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{F1866165-2781-1515-CB4A-02D8A6AEBD26}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{EF1BBF91-38E3-E7C8-4F09-A391D507B92D}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{F693598B-E1B5-6F2F-5334-90F5C1876466}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{003781D1-BDEE-4EA2-9732-82EB074FA4E3}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{CADEE18A-A69D-FB91-6524-804E5318A472}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{076C8B36-F8EF-5685-5A70-CEE81BC86B37}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{63264374-FEC2-8C52-B12E-EC4A5F477F7D}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{078DD9C3-3A83-280B-4515-6FFF43E0EE88}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{08C0E88B-E44D-1CFA-2269-B0886674F6F8}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{4D8AB00F-44BE-EAB4-9299-8795D7D16842}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{DC41E589-5399-B0BD-E7FF-E3AFCCA693F7}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{27E87D5B-DA2F-2586-0063-AE9806ACA82A}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{7B759E98-486F-D349-0F3B-4BD898D8A01D}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{8114EA06-77B9-029D-9ABA-B77610EA6FD0}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{7528D6F7-D0E1-0E7B-91E4-B3A4E35C469C}) (Version: 2017.0417.742.12039 - Advanced Micro Devices, Inc.) Hidden
DriverTools 1.0 (HKLM-x32\...\DriverTools) (Version: 1.0 - Huawei Technologies Co.,Ltd)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Fallout 3 (HKLM-x32\...\1454315831_is1) (Version: 1.7.0.3 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.141 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
GoTo Opener (HKLM-x32\...\{E69269DB-A77B-4BC1-8F39-241107B09F26}) (Version: 1.0.539 - LogMeIn, Inc.)
GoToMeeting 10.15.0.19228 (HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\GoToMeeting) (Version: 10.15.0.19228 - LogMeIn, Inc.)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.20.314 - SurfRight B.V.)
Huion Tablet v14.8.137.1273 (HKLM\...\{62047893-F186-48B8-83A5-1C74D8666D19}_is1) (Version: v14.8.137.1273 - )
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 25.20.100.6518 - Intel Corporation)
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
K-Lite Mega Codec Pack 11.2.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.2.0 - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\{ECC0FA07-863E-44BC-8B1D-DA22F96E5FB7}) (Version: 2.2.0.633 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.633 - LogMeIn, Inc.)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
McAfee Safe Connect (HKLM-x32\...\{095c98d4-cc8d-4a11-9c82-9ed357ac4f7f}) (Version: 2.4.2 - McAfee)
McAfee Safe Connect (HKLM-x32\...\{71600119-A99D-4260-8B69-7545BB4C21C0}) (Version: 2.4.2 - McAfee) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.75 - Корпорация Майкрософт)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft Office профессиональный плюс 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\Teams) (Version: 1.3.00.30866 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61135 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61135 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61135 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61135 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual C++ 2017 x86 Additional Runtime - 14.12.25711 (HKLM-x32\...\{8FDCF95F-4756-34F4-9DA2-D708E7FAC504}) (Version: 14.12.25711 - Microsoft Corporation)
Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.12.25711 (HKLM-x32\...\{6E894015-A182-3C1E-A7D2-3032CB2E1D43}) (Version: 14.12.25711 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{FD9D64F4-CAF5-3D23-845A-B843C78CC1A5}) (Version: 10.0.60830 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.4.1083.303 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.4.3 (HKLM-x32\...\{B561660D-8B3C-491D-9E3E-293F14FCAADA}_is1) (Version: 1.4.3 - Samuel Rodberg)
Mozilla Firefox 84.0 (x64 en-US) (HKLM\...\Mozilla Firefox 84.0 (x64 en-US)) (Version: 84.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 74.0 - Mozilla)
MPC-HC (HKLM\...\MPC-HC) (Version: - MPC-HC Team)
PDF Annotator 8.0.0.811 (HKLM\...\PDFAnnotator_is1) (Version: 8.0.0.811 - GRAHL software design)
Point Blank (HKLM-x32\...\Point Blank) (Version: 1.0.0 - Zepetto & nFinity)
PyCharm Community Edition 2020.1.2 (HKLM-x32\...\PyCharm Community Edition 2020.1.2) (Version: 201.7846.77 - JetBrains s.r.o.)
Python 3.7.4 (32-bit) (HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\{b66087e3-469e-4725-8b9b-f0981244afea}) (Version: 3.7.4150.0 - Python Software Foundation)
Python 3.7.4 Add to Path (32-bit) (HKLM-x32\...\{53C4AA04-FA4C-49B0-AC2E-E7134655B041}) (Version: 3.7.4150.0 - Python Software Foundation) Hidden
Python 3.7.4 Core Interpreter (32-bit) (HKLM-x32\...\{A56641A4-58A7-471F-A0AE-A6633F4FA2BB}) (Version: 3.7.4150.0 - Python Software Foundation) Hidden
Python 3.7.4 Development Libraries (32-bit) (HKLM-x32\...\{4816C66E-55BF-4A8D-A5CE-FEAC36F4D192}) (Version: 3.7.4150.0 - Python Software Foundation) Hidden
Python 3.7.4 Documentation (32-bit) (HKLM-x32\...\{BB344FE7-A97C-44F0-BAF4-AA0C7D6359BA}) (Version: 3.7.4150.0 - Python Software Foundation) Hidden
Python 3.7.4 Executables (32-bit) (HKLM-x32\...\{CE095720-010D-4605-872E-EF3673551DF0}) (Version: 3.7.4150.0 - Python Software Foundation) Hidden
Python 3.7.4 pip Bootstrap (32-bit) (HKLM-x32\...\{8DA900ED-69C5-41D9-8F85-416FBE1C89CB}) (Version: 3.7.4150.0 - Python Software Foundation) Hidden
Python 3.7.4 Standard Library (32-bit) (HKLM-x32\...\{236BB597-B9C7-4084-BD77-0DCCDA0D947F}) (Version: 3.7.4150.0 - Python Software Foundation) Hidden
Python 3.7.4 Tcl/Tk Support (32-bit) (HKLM-x32\...\{8F959BE9-8184-4C35-AB2A-87401C0279EB}) (Version: 3.7.4150.0 - Python Software Foundation) Hidden
Python 3.7.4 Test Suite (32-bit) (HKLM-x32\...\{D41CCB8E-4FD1-4EBF-9790-5B2218B5C5DD}) (Version: 3.7.4150.0 - Python Software Foundation) Hidden
Python 3.7.4 Utility Scripts (32-bit) (HKLM-x32\...\{DE70FA71-6C2C-48C2-9B54-4049CD25154C}) (Version: 3.7.4150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{D722DA3A-92F5-454A-BD5D-A48C94D82300}) (Version: 3.7.6762.0 - Python Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7977 - Realtek Semiconductor Corp.)
Roblox Player for help (HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\roblox-player) (Version: - Roblox Corporation)
Scratch Desktop 3.6.0 (HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\bad79d23-e888-5a7b-9e99-60ee89b6c8bf) (Version: 3.6.0 - Scratch Foundation)
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version: - 2K Games, Inc.)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Twomon PC Program (HKLM-x32\...\{ece4c973-e776-4195-9a56-b4f33ade8b84}) (Version: 2.0.67.0 - Devguru Co., LTD)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{0BAA0A93-3AD3-4B19-9105-4C8C3FA92A83}) (Version: 2.67.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{0746492E-47B6-4251-940C-44462DFD74BB}) (Version: 2.55.0.0 - Microsoft Corporation)
Visual Studio Community 2019 (HKLM-x32\...\8d4d67d9) (Version: 16.4.29905.134 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.10 - VideoLAN)
vs_filehandler_amd64 (HKLM-x32\...\{709D609A-B91C-4C1C-890B-966470991D67}) (Version: 16.4.29709 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{6BC9BFD7-46B4-46CF-B248-DEC2B7E2028B}) (Version: 16.4.29709 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{472A5337-3393-436B-8656-00810D36BD67}) (Version: 16.4.29709 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{EC04CD66-C03A-470D-B0D2-4BBC87F6382D}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Windows Driver Package - Graphics Tablet (WinUsb) USBDevice (04/10/2014 8.33.30.0) (HKLM\...\142118DF51345EA02D2B1583E102C8FB95FD6D52) (Version: 04/10/2014 8.33.30.0 - Graphics Tablet)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinRAR 5.20 (64-разрядная) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Zoom (HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)
Засоби перевірки правопису Microsoft Office 2013 – українська мова (HKLM-x32\...\{90150000-001F-0422-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Средства проверки правописания Microsoft Office 2013 — русский (HKLM-x32\...\{90150000-001F-0419-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

Packages:
=========
Cloud Drive! -> C:\Program Files\WindowsApps\5913DefineStudio.CloudDrive_4.9.5.0_x64__jj4r3mnwe2ey2 [2021-01-15] (Define Studio) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad]
Microsoft Remote Desktop -> C:\Program Files\WindowsApps\Microsoft.RemoteDesktop_10.2.1646.0_x64__8wekyb3d8bbwe [2021-01-14] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1102.0_x64__8wekyb3d8bbwe [2021-01-14] (Microsoft Studios) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_20.11214.5532.0_x64__8wekyb3d8bbwe [2021-01-12] (Microsoft Corporation)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2020-04-02] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-01-20] (Microsoft Corporation)
Synaptics TouchPad -> C:\Program Files\WindowsApps\SynapticsIncorporated.SynHPConsumerDApp_19005.35054.0.0_x64__807d65c4rvak2 [2020-10-14] (Synaptics Incorporated)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2223184529-1837807021-1881898419-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\help\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20275.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2223184529-1837807021-1881898419-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\help\AppData\Local\GoToMeeting\18962\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
CustomCLSID: HKU\S-1-5-21-2223184529-1837807021-1881898419-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\help\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-15] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-04-17] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki131191.inf_amd64_d668106cb6f2eae0\igfxDTCM.dll [2019-02-25] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-15] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.mjpg] => C:\WINDOWS\system32\bdmjpeg64.dll [17920 2011-09-19] () [File not signed]
HKLM\...\Drivers32: [vidc.mpeg] => C:\WINDOWS\system32\bdmpegv64.dll [62464 2011-09-19] () [File not signed]
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\WINDOWS\system32\bdmpega64.acm [62976 2011-09-19] () [File not signed]
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [15360 2011-09-19] () [File not signed]
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [58368 2011-09-19] () [File not signed]
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [58368 2011-09-19] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\help\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Дополнительные возможности.lnk -> C:\Windows\System32\fodhelper.exe (Microsoft Corporation) <==== Cyrillic
ShortcutWithArgument: C:\Users\help\Desktop\Saadat Y\lessons\Seadet - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\help\Desktop\Saadat Y\lessons\Sechenov Online.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=pndcfhhheooopfkgicbdcemgikagkgee
ShortcutWithArgument: C:\Users\help\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Отправка в OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation) -> /tsr <==== Cyrillic
ShortcutWithArgument: C:\Users\help\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sechenov Online.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=pndcfhhheooopfkgicbdcemgikagkgee
ShortcutWithArgument: C:\Users\help\AppData\Roaming\Microsoft\Windows\SendTo\Получатель факса.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo <==== Cyrillic

==================== Loaded Modules (Whitelisted) =============

2016-09-14 03:28 - 2016-09-14 03:28 - 000011776 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 002013696 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-14 03:29 - 2016-09-14 03:29 - 000739840 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-14 03:29 - 2016-09-14 03:29 - 000191488 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2016-09-14 03:29 - 2016-09-14 03:29 - 000071168 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-14 03:29 - 2016-09-14 03:29 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2017-04-17 07:40 - 2017-04-17 07:40 - 000851456 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\CNext\CNext\atiacm64.dll
2017-04-17 07:40 - 2017-04-17 07:40 - 000004608 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\CNext\CNext\atiamenu.dll
2021-01-12 19:50 - 2020-04-21 08:51 - 000221184 _____ (Graphics Tablet) [File not signed] C:\WINDOWS\system32\wintab32.dll
2020-09-05 08:56 - 2015-02-27 14:35 - 000489984 _____ (Newtonsoft) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.2.222\Newtonsoft.Json.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000049664 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qdds.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000029696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000037376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000459776 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjp2.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000236544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000275456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qmng.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000023552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000022528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000351744 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtiff.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000374784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 001212416 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2016-09-14 03:27 - 2016-09-14 03:27 - 000912384 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll
2016-09-14 03:27 - 2016-09-14 03:27 - 005496320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2016-09-14 03:27 - 2016-09-14 03:27 - 005804544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2016-09-14 03:27 - 2016-09-14 03:27 - 001061376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2016-09-14 03:27 - 2016-09-14 03:27 - 003187712 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2016-09-14 03:27 - 2016-09-14 03:27 - 002924544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2016-09-14 03:27 - 2016-09-14 03:27 - 000310784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 005444608 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000277504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2016-09-14 03:28 - 2016-09-14 03:28 - 000193024 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2020-09-05 08:56 - 2017-03-01 14:30 - 000087040 _____ (Wondershare) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.2.222\WsAppCollect.dll
2020-09-05 08:56 - 2017-03-01 14:30 - 000197632 _____ (Wondershare) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.2.222\WsAppCommon.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\AppData:CSM [476]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [234]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10454__171219__yaie
SearchScopes: HKU\S-1-5-21-2223184529-1837807021-1881898419-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10454__171219__yaie&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-21] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-21] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-19] (Oracle America, Inc. -> Oracle Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 15:47 - 2019-10-19 13:25 - 000000826 _____ C:\WINDOWS\system32\drivers\etc\hosts

2020-12-05 13:52 - 2020-12-05 13:52 - 000000521 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
192.168.137.1 DESKTOP-7AS2TU1.mshome.net # 2025 12 4 4 9 52 49 93
192.168.137.247 HUAWEI_P20_lite-f10eba60b.mshome.net # 2020 12 6 12 9 52 49 93

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\WINDOWS\System32\OpenSSH\;C:\Users\help\AppData\Local\Programs\Python\Python37-32\Scripts\;C:\Users\help\AppData\Local\Programs\Python\Python37-32\;C:\Users\help\AppData\Local\Microsoft\WindowsApps;C:\Program Files\JetBrains\PyCharm Community Edition 2019.20\bin;C:\Program Files\JetBrains\PyCharm Community Edition 2020.1\bin;C:\Users\help\adb;C:\adb;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\help\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\wallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "egui"
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\StartupApproved\StartupFolder: => "Отправка в OneNote.lnk"
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{5F81F707-46E7-4820-9504-10526DD6C009}C:\users\help\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\help\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{0A687651-1AAC-46E7-AA9A-9F085039D220}C:\users\help\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\help\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CE1E7F1A-49A5-4BFC-BBD5-EC957619411F}] => (Block) C:\program files (x86)\wondershare\mirrorgo\mirrorgo.exe => No File
FirewallRules: [{2E57C025-9CAB-42FF-9A6B-CBE69972691F}] => (Block) C:\program files (x86)\wondershare\mirrorgo\mirrorgo.exe => No File
FirewallRules: [UDP Query User{1DBEE767-B057-40BE-A564-234D1BCA384F}C:\program files (x86)\wondershare\mirrorgo\mirrorgo.exe] => (Allow) C:\program files (x86)\wondershare\mirrorgo\mirrorgo.exe => No File
FirewallRules: [TCP Query User{CBB85DD2-D721-4D8E-9702-5AEC4E4F0172}C:\program files (x86)\wondershare\mirrorgo\mirrorgo.exe] => (Allow) C:\program files (x86)\wondershare\mirrorgo\mirrorgo.exe => No File
FirewallRules: [UDP Query User{6992BEDF-5023-49FF-BC4C-4CFCED1EAF65}C:\program files\jetbrains\pycharm community edition 2020.1\bin\pycharm64.exe] => (Block) C:\program files\jetbrains\pycharm community edition 2020.1\bin\pycharm64.exe => No File
FirewallRules: [TCP Query User{591BFC78-5263-448C-A2BE-3A5AC6359B7E}C:\program files\jetbrains\pycharm community edition 2020.1\bin\pycharm64.exe] => (Block) C:\program files\jetbrains\pycharm community edition 2020.1\bin\pycharm64.exe => No File
FirewallRules: [{D612CFFB-F4DC-4719-8F78-0BADD147D5F2}] => (Block) C:\program files (x86)\soundwire server\soundwireserver.exe => No File
FirewallRules: [{E0EB25EA-4C50-45EC-BD93-CBC10E10BCBA}] => (Block) C:\program files (x86)\soundwire server\soundwireserver.exe => No File
FirewallRules: [UDP Query User{B0CCEB72-A155-4513-BA32-FBA987A93761}C:\program files (x86)\soundwire server\soundwireserver.exe] => (Allow) C:\program files (x86)\soundwire server\soundwireserver.exe => No File
FirewallRules: [TCP Query User{7736FD19-4E74-4BF6-A2BF-00AEF716E946}C:\program files (x86)\soundwire server\soundwireserver.exe] => (Allow) C:\program files (x86)\soundwire server\soundwireserver.exe => No File
FirewallRules: [{B9DF4D34-1BF5-4D3D-9C47-E3E73146D432}] => (Allow) C:\Users\help\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{64F931AD-E661-446E-9382-F7DAF9E1FC32}] => (Allow) C:\Users\help\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{D0BCEFEA-5817-4D6B-A55E-F9F029004BB6}] => (Allow) C:\Users\help\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{0EE148A4-591F-4765-B350-6FFFB2779702}] => (Allow) C:\Users\help\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [UDP Query User{55EE36FA-ACE7-4221-B106-07AE3BD6335F}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{EE0F5984-4967-4A70-9A7F-A0740BB9F3EC}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B2C2A20F-4B3D-4658-BE34-E6AB33D34BCB}] => (Allow) C:\Program Files (x86)\DroidCam\DroidCamApp.exe (DEV47 APPS -> )
FirewallRules: [{B4C61775-1FFC-44AF-917F-F0B55771E95C}] => (Allow) C:\Program Files (x86)\DroidCam\DroidCamApp.exe (DEV47 APPS -> )
FirewallRules: [{BB1DB2CC-6858-4AED-B64B-66E7CEC8930C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9401FB36-B146-44D8-8430-702F986A19A0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{426810FB-5151-48CC-8F6C-A670096F7941}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{66D6F477-B805-484C-BD5D-403A4CD30014}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => No File
FirewallRules: [UDP Query User{0E9C4FDD-696D-4D08-8E97-F39C63FDA543}C:\program files\jetbrains\pycharm community edition 2019.20\bin\pycharm64.exe] => (Block) C:\program files\jetbrains\pycharm community edition 2019.20\bin\pycharm64.exe => No File
FirewallRules: [TCP Query User{A978BB73-D675-44FB-AF6B-51E43E4BFEE8}C:\program files\jetbrains\pycharm community edition 2019.20\bin\pycharm64.exe] => (Block) C:\program files\jetbrains\pycharm community edition 2019.20\bin\pycharm64.exe => No File
FirewallRules: [UDP Query User{FB58B154-ADCF-4DA6-A92E-905856D2DC9E}C:\program files\jetbrains\pycharm community edition 2019.2\bin\pycharm64.exe] => (Block) C:\program files\jetbrains\pycharm community edition 2019.2\bin\pycharm64.exe => No File
FirewallRules: [TCP Query User{0C0DF857-C0F3-4F22-A850-2F6A8E91770D}C:\program files\jetbrains\pycharm community edition 2019.2\bin\pycharm64.exe] => (Block) C:\program files\jetbrains\pycharm community edition 2019.2\bin\pycharm64.exe => No File
FirewallRules: [UDP Query User{5429ECDC-381E-46A8-A7DE-F988A9AC91B3}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [TCP Query User{F44093D0-9C69-4D36-AFAE-907030F86951}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [{CC3CE764-A119-4DCB-B1E4-F4A0FA5AB4F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe () [File not signed]
FirewallRules: [{F92185F8-FF3F-47BC-85EC-D07580D9C3B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe () [File not signed]
FirewallRules: [{F9E56848-9984-4165-AACC-97C9D6BEC40B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{B24FBEEF-5F97-471E-9B32-7EF16A906D37}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{28088C6B-9479-47C1-8CD8-E01FB345DF5C}] => (Allow) C:\Program Files (x86)\TAM Game\PointBlank\PointBlank.exe (Zepetto -> )
FirewallRules: [{C981B3F3-C26A-4BB7-A3B5-37CF47E5BD8A}] => (Allow) C:\Program Files (x86)\TAM Game\PointBlank\PointBlank.exe (Zepetto -> )
FirewallRules: [UDP Query User{93AA08BE-D44C-4E05-83D5-53A440874E6C}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [TCP Query User{2898FC07-4A1A-414A-8B72-23E4845ECD6F}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [UDP Query User{78DB9BB4-1BE0-422A-A2E7-28A09E044D15}C:\program files\java\jre1.8.0_151\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [TCP Query User{A31AABDA-858E-4456-A59B-5EE34A781AA5}C:\program files\java\jre1.8.0_151\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [UDP Query User{17897952-EF6E-4E5F-B70F-408035D58D66}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe => No File
FirewallRules: [TCP Query User{BFCECCCF-1B66-4466-A71E-186D4F9B4E4F}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe => No File
FirewallRules: [UDP Query User{EA6D0874-661D-4C47-BB4A-7030F649EEE4}C:\program files (x86)\dont.starve.together.v249566\dont starve together v249566\bin\dontstarve_steam.exe] => (Allow) C:\program files (x86)\dont.starve.together.v249566\dont starve together v249566\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [TCP Query User{04E2EC14-29BA-4A24-B36A-B2EF36756E91}C:\program files (x86)\dont.starve.together.v249566\dont starve together v249566\bin\dontstarve_steam.exe] => (Allow) C:\program files (x86)\dont.starve.together.v249566\dont starve together v249566\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [{A78E525E-1932-4C99-BE84-180918451114}] => (Allow) C:\Users\help\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{E143C5DC-E792-4BD1-B396-DC78B9203490}] => (Allow) C:\Users\help\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{C8BC7B14-4B6F-44E8-AE54-DAB46A903A57}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6AABCB8E-E445-49F8-B7A1-438BB4967309}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe => No File
FirewallRules: [{AC83F53F-31DB-4A6B-A850-5AD0253D3178}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe => No File
FirewallRules: [{1D57C5D9-7D38-4CD4-B129-34AE882780EF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe => No File
FirewallRules: [{BCF48A05-B9F0-4E31-816F-ED9E8A9FE8DF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe => No File
FirewallRules: [{19C37E70-F3A2-485A-B559-0B98AED8BF47}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B365B651-2CCF-44B3-8116-356131274260}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{57353597-5C9B-41A5-B7D5-888C753611CF}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{58A86F91-8231-48C8-BC4A-6C82284DB465}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{06B73FE1-0812-4B6C-B488-ECCA14E3CA0E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{6FCA6386-69E8-42E9-A2FF-90801209DF3C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{B830D830-AB36-4E44-9E85-D95C9A4A8EBC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{56EAF88C-B4D8-4E6C-B2F4-22D26ACFD115}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{A3F2F4A0-8EE0-484F-A744-D59D141ADE82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{F011725B-70A2-4FF3-BD47-B1C572E25230}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{31614C76-3828-486F-A60E-7518D5850452}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe (Smartly Dressed Games Ltd. -> ) [File not signed]
FirewallRules: [{68C1CD99-3210-444F-BD4E-0DAAADD92C7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe (Smartly Dressed Games Ltd. -> ) [File not signed]
FirewallRules: [TCP Query User{F7F5A6E4-8CB3-4159-A0BA-71F221E08173}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe => No File
FirewallRules: [UDP Query User{26AAF99B-C3D4-47AB-9339-1E7C2F1AF31C}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe => No File
FirewallRules: [{31B92505-5861-4AFF-B116-06A8A23D21D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe (Firaxis Games) [File not signed]
FirewallRules: [{AA3A9156-626B-42B7-900C-CE06E5CA0994}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe (Firaxis Games) [File not signed]
FirewallRules: [TCP Query User{F3C80447-0C02-4A89-A9B4-8B7FFD09B6D2}C:\program files\java\jre1.8.0_151\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [UDP Query User{6F550524-9CA9-40B9-AEB9-439DFED9C6E9}C:\program files\java\jre1.8.0_151\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [{37BA80D1-B251-41C7-BAE1-38AE120E61C4}] => (Allow) C:\Program Files (x86)\TAM Game\PointBlank\PointBlank.exe (Zepetto -> )
FirewallRules: [{C2D75A47-4E36-469E-88C1-0132464DC01E}] => (Allow) C:\Program Files (x86)\TAM Game\PointBlank\PointBlank.exe (Zepetto -> )
FirewallRules: [TCP Query User{78280EF7-F07D-42FD-A2EB-31482C676F16}C:\program files (x86)\twomon pc program\twomon pc program.exe] => (Allow) C:\program files (x86)\twomon pc program\twomon pc program.exe (DEVGURU Co., Ltd. -> DEVGURU Co., LTD.(www.devguru.co.kr))
FirewallRules: [UDP Query User{B36A9B3B-10EC-4B47-AECE-240925084E29}C:\program files (x86)\twomon pc program\twomon pc program.exe] => (Allow) C:\program files (x86)\twomon pc program\twomon pc program.exe (DEVGURU Co., Ltd. -> DEVGURU Co., LTD.(www.devguru.co.kr))
FirewallRules: [{170EA62A-8F64-4B52-82D7-DB018181833D}] => (Block) C:\program files (x86)\twomon pc program\twomon pc program.exe (DEVGURU Co., Ltd. -> DEVGURU Co., LTD.(www.devguru.co.kr))
FirewallRules: [{DD9EC7B6-4057-4239-B533-B349E4AF968B}] => (Block) C:\program files (x86)\twomon pc program\twomon pc program.exe (DEVGURU Co., Ltd. -> DEVGURU Co., LTD.(www.devguru.co.kr))
FirewallRules: [{27C86693-A2FD-4503-901C-72300BF9A78A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D04ABD14-DD7F-49D3-823C-057B32C4FAB9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C85F3B0E-3E60-41E7-958F-5167A4BF60AD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1D881A71-58B9-48BE-947C-01A7C8B90468}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B7739A70-A52C-4B99-9499-1483FC28E9FB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{21F61028-2E0B-4F37-8FD3-89AA74F3884B}] => (Allow) C:\Users\help\AppData\Local\Temp\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{A8481366-F3E4-4EA1-9769-AD249664A6DD}] => (Allow) C:\Users\help\AppData\Local\Temp\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)

==================== Restore Points =========================

05-01-2021 13:23:28 Installed Microsoft Visual C++ 2005 Redistributable
13-01-2021 20:36:57 Запланированная контрольная точка
15-01-2021 13:47:20 Installed gdiview

==================== Faulty Device Manager Devices ============

Name: LogMeIn Hamachi Virtual Ethernet Adapter
Description: LogMeIn Hamachi Virtual Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn Inc.
Service: Hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (01/15/2021 04:31:34 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (10484,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (01/15/2021 04:23:06 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4524,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (01/15/2021 04:19:58 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/15/2021 04:17:30 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/15/2021 04:16:05 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (01/15/2021 03:57:51 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2644,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (01/15/2021 03:52:23 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/15/2021 03:52:02 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable


System errors:
=============
Error: (01/15/2021 04:10:42 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error:
Access is denied.

Error: (01/15/2021 04:10:41 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
Access is denied.

Error: (01/15/2021 04:10:41 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
Access is denied.

Error: (01/15/2021 04:10:41 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
Access is denied.

Error: (01/15/2021 04:10:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Антивирусная программа "Защитника Windows" service terminated with the following error:
General access denied error

Error: (01/15/2021 04:10:41 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
Access is denied.

Error: (01/15/2021 04:10:41 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for ImagePath with the following error:
Access is denied.

Error: (01/15/2021 04:10:40 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Security with the following error:
Access is denied.


Windows Defender:
===================================
Date: 2021-01-15 13:49:49.473
Description:
???????????? ????????? "???????? Windows" has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Wacatac.G!ml
ID: 2147749376
Severity: ???????????
Category: ?????
Path: file:_C:\Users\help\AppData\Local\Temp\23E04C4F32EF2158.exe
Detection Origin: ????????? ?????????
Detection Type: FastPath
Detection Source: ???????
Process Name: Unknown
Security intelligence Version: AV: 1.329.2160.0, AS: 1.329.2160.0, NIS: 1.329.2160.0
Engine Version: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2021-01-15 13:49:36.750
Description:
???????????? ????????? "???????? Windows" has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Ymacco.AADB
ID: 2147757202
Severity: ???????????
Category: ?????
Path: file:_C:\Users\help\Desktop\iobit_60016306256a8\FileSetup-v19.26.01.exe
Detection Origin: ????????? ?????????
Detection Type: FastPath
Detection Source: ?????? ? ???????? ???????:
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.329.2160.0, AS: 1.329.2160.0, NIS: 1.329.2160.0
Engine Version: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2021-01-15 13:49:26.842
Description:
???????????? ????????? "???????? Windows" has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Ymacco.AADB
ID: 2147757202
Severity: ???????????
Category: ?????
Path: file:_C:\Users\help\AppData\Local\Temp\7882645F6AF8B82B.exe; process:_pid:3180,ProcessStart:132551776415259433
Detection Origin: ????????? ?????????
Detection Type: FastPath
Detection Source: ???????
Process Name: C:\Users\help\AppData\Local\Temp\7882645F6AF8B82B.exe
Security intelligence Version: AV: 1.329.2160.0, AS: 1.329.2160.0, NIS: 1.329.2160.0
Engine Version: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2021-01-15 13:49:05.919
Description:
???????????? ????????? "???????? Windows" has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Ymacco.AADB
ID: 2147757202
Severity: ???????????
Category: ?????
Path: file:_C:\Users\help\Desktop\iobit_60016306256a8\FileSetup-v19.26.01.exe
Detection Origin: ????????? ?????????
Detection Type: FastPath
Detection Source: ?????? ? ???????? ???????:
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.329.2160.0, AS: 1.329.2160.0, NIS: 1.329.2160.0
Engine Version: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2021-01-15 13:47:51.234
Description:
???????????? ????????? "???????? Windows" has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Ymacco.AADB
ID: 2147757202
Severity: ???????????
Category: ?????
Path: file:_C:\Users\help\AppData\Local\Temp\7882645F6AF8B82B.exe
Detection Origin: ????????? ?????????
Detection Type: FastPath
Detection Source: ???????
Process Name: Unknown
Security intelligence Version: AV: 1.329.2160.0, AS: 1.329.2160.0, NIS: 1.329.2160.0
Engine Version: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2021-01-15 14:17:15.644
Description:
???????????? ????????? "???????? Windows" has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2219.0
Update Source: ?????? ?????? ?????????? ??????????
Security intelligence Type: ???????????? ?????????
Update Type: ??????
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x8024402c
Error description: ????????? ??????????? ?????? ??? ???????? ??????? ??????????. ?????????????? ???????? ?? ????????? ? ??????????? ?????????? ????? ????? ? ?????? ??????? ? ?????????.

Date: 2020-12-31 13:46:08.924
Description:
???????????? ????????? "???????? Windows" has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.545.0
Update Source: ????? ?????????? ?? ?????? ?? ??????????? ????????
Security intelligence Type: ???????????? ?????????
Update Type: ??????
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee7
Error description: ?? ??????? ????????? ??? ??? ????? ???????

Date: 2020-12-31 13:46:08.923
Description:
???????????? ????????? "???????? Windows" has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.545.0
Update Source: ????? ?????????? ?? ?????? ?? ??????????? ????????
Security intelligence Type: ????????????? ?????????
Update Type: ??????
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee7
Error description: ?? ??????? ????????? ??? ??? ????? ???????

Date: 2020-12-31 13:46:08.922
Description:
???????????? ????????? "???????? Windows" has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.545.0
Update Source: ????? ?????????? ?? ?????? ?? ??????????? ????????
Security intelligence Type: ???????????? ?????????
Update Type: ??????
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee7
Error description: ?? ??????? ????????? ??? ??? ????? ???????

Date: 2020-12-31 13:46:08.914
Description:
???????????? ????????? "???????? Windows" has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.545.0
Update Source: ????? ?????????? ?? ?????? ?? ??????????? ????????
Security intelligence Type: ???????????? ?????????
Update Type: ??????
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee7
Error description: ?? ??????? ????????? ??? ??? ????? ???????

CodeIntegrity:
===================================

Date: 2021-01-15 15:22:02.193
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-15 15:22:02.164
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-15 15:22:02.152
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-15 15:22:02.126
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-15 15:22:01.570
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-15 15:22:01.329
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-15 15:21:54.898
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-15 15:21:42.961
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: Insyde F.22 07/24/2017
Motherboard: HP 832B
Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 61%
Total physical RAM: 8108.91 MB
Available physical RAM: 3087.94 MB
Total Virtual: 9388.91 MB
Available Virtual: 4016.49 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:291.58 GB) (Free:178.49 GB) NTFS
Drive d: () (Fixed) (Total:638.54 GB) (Free:635.2 GB) NTFS

\\?\Volume{fc515ad7-0000-0000-0000-100000000000}\ (Зарезервировано системой) (Fixed) (Total:0.49 GB) (Free:0.44 GB) NTFS
\\?\Volume{fc515ad7-0000-0000-0000-600449000000}\ () (Fixed) (Total:0.9 GB) (Free:0.33 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: FC515AD7)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=291.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=922 MB) - (Type=27)
Partition 4: (Not Active) - (Size=638.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
 
Last edited by a moderator:

struppigel

Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
656
I am Karsten and will gladly help you with any malware-related problems.

Please familiarize yourself with the following ground rules before you start.
  • Read my instructions thoroughly, carry out each step in the given order.
  • Do not make any changes to your system, or run any tools other than those I provided. Do not delete, fix, uninstall, or install anything unless I tell you to.
  • If you are unsure about anything or if you encounter any problems, please stop and inform me about it.
  • Stick with me until I tell you that your computer is clean. Absence of symptoms does not mean that your computer is free of malware.
  • Back up important files before we start.
  • Note: On weekends I might be slow to reply
-------------------------------------------------------------------

1. Uninstall AV
Your system has a lot of security software installed. It seems you have installed them to deal with an infection, which was fine at the time.

However, having more than one Antivirus product permanently on your system will weaken security and slow down your system. AVs need to deeply ingrain into the system in order to fight malware. This and the fact that they carry malware patterns with them for malware detection makes them look like malware for other AV software. Different AVs may recognize each other as malicious and using them at the same time may have unforseen consequences.

For that reason I want you to decide for one AV product that you will keep. I found these AVs on your system:
  1. HitmanPro
  2. McAfee
  3. Malwarebytes
  4. and always inbuilt: Windows Defender

Please tell me which one of these you want to keep as your AV and uninstall the others.

2. Farbar Recovery Scan Tool (FRST) Script

Copy the following text including "Start::" and "End::"


Start::
CreateRestorePoint:
Reg: Reg Delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" /F
Reg: Reg Delete "HKEY_CURRENT_USER\SOFTWARE\Policies\Google\Chrome" /F

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\...\MountPoints2: {b8be1daf-580b-11ea-b4af-409f388e5364} - "F:\HiSuiteDownLoader.exe"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

Task: {7D73EE12-3957-4C4F-AA91-24EE9488358B} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
VirusTotal: C:\Users\help\AppData\Roaming\AppData - Shortcut.lnk
HKU\S-1-5-21-2223184529-1837807021-1881898419-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10454__171219__yaie
SearchScopes: HKU\S-1-5-21-2223184529-1837807021-1881898419-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10454__171219__yaie&p={searchTerms}
EmptyTemp:
End::


Run FRST64.exe and click on Fix.
A log (Fixlog.txt) will open on your desktop. Attach the log to your next reply.
 

ayte

New Member
Thread author
Jan 15, 2021
2
Thank you for your help, I have managed to fix it by myself already, appreciate your help
 

struppigel

Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
656
Alright, thanks for the notice. I am closing this thread now since the issue is resolved.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top