i already deletedWondershare Filmora X and Wondershare Helper Compact 2.6.0
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-08-2022
Ran by Admin (administrator) on ADMIN (07-09-2022 22:14:03)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1889 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe <4>
(C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlService.exe ->) (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtWLan.exe
(C:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(C:\Program Files\AVG\Antivirus\AVGSvc.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <18>
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(explorer.exe ->) (Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe
(explorer.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(SecurityHealthService.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler.exe
(SecurityHealthService.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\afwServ.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\avgToolsSvc.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlService.exe
(services.exe ->) (Tencent Technology(Shenzhen) Company Limited -> Tencent) C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11102816 2020-09-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [250664 2022-08-13] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (No File)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3476184 2022-07-27] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3071192 2022-08-31] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (No File)
HKLM\...\Policies\Explorer: [SettingsPageVisibility] hide:cortana
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-454367811-4070127646-2946200979-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4234600 2022-08-20] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-454367811-4070127646-2946200979-1001\...\Run: [MicrosoftEdgeAutoLaunch_5EFC0ECB77A7585FE9DCDD0B2E946A2B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3795360 2022-09-03] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-454367811-4070127646-2946200979-1001\...\Run: [GoogleChromeAutoLaunch_A5B343D047FD8BD2F268B0EA0F8DBD7C] => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 [2852640 2022-08-16] (Google LLC -> Google LLC)
HKU\S-1-5-21-454367811-4070127646-2946200979-1001\...\MountPoints2: {45a4bc46-39a5-11eb-924f-000f02478059} - "D:\Setup.exe" /s
HKU\S-1-5-21-454367811-4070127646-2946200979-1001\...\MountPoints2: {cea3a3f0-393e-11eb-924e-000f02478059} - "D:\Setup.exe" /s
HKU\S-1-5-21-454367811-4070127646-2946200979-1001\...\MountPoints2: {f3cfcb0d-3a7c-11eb-9251-000f02478059} - "D:\Setup.exe" /s
HKU\S-1-5-21-454367811-4070127646-2946200979-1001\...\MountPoints2: {f8f41d5d-7958-11eb-9260-000f02478059} - "D:\Setup.exe" /s
HKLM\...\Windows x64\Print Processors\Canon G2010 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDEG.DLL [482816 2017-08-22] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor G2010 series: C:\Windows\system32\CNMLMEG.DLL [1303040 2017-08-22] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\104.0.5112.102\Installer\chrmstp.exe [2022-08-23] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2020-09-12] (Adobe Inc. -> Adobe Systems, Inc.)
BootExecute: autocheck autochk * avgBoot.exe /M:50a06e75 /dir:"C:\Program Files\AVG\Antivirus"
GroupPolicy: Restriction - Windows Defender <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {047888B9-58FD-44B3-8CD0-DB16BEB6FF6F} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2022-09-07] (ESET, spol. s r.o. -> ESET)
Task: {091C8323-E4A9-49C9-87A8-E48E3236DF19} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {18A78079-EAF9-428F-928C-5D1EFE9900F7} - System32\Tasks\ConsoleAct
Task: {1B4A8F00-3E6E-4E2F-BF9A-99B29EE98B86} - System32\Tasks\Adobe Acrobat Update Task
Task: {2B3D41EC-7D64-4D10-8628-CA82995D4F02} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [61856 2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {33046822-AD3C-4390-9AA7-EB1B6EF5F9BB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23713200 2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {45357A29-02E4-4B4C-9BAF-1BC8F018EFA6} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23713200 2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {4727FE7A-C70E-42F2-8FBB-34A0CF0F7E57} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {48952201-FC5D-4B47-A399-CD8118A8A85E} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [145304 2022-08-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {4FA0F258-688E-4455-95E6-A1BA74E25ED3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8406496 2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {5E9C2223-9EF1-4DAE-B3E6-10D3623768DC} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3476184 2022-07-27] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {7375F025-8959-4965-9293-063A900F4538} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-08] (Google LLC -> Google LLC)
Task: {7A4C5605-B1E5-4C98-B073-AC24078C62B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-08] (Google LLC -> Google LLC)
Task: {8E0FB00B-71BF-4CE3-A981-4ED16DC0F3D1} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [145304 2022-08-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {8E2325B6-8F46-48E9-B27A-A98467AAD5D0} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-454367811-4070127646-2946200979-500
Task: {91762E98-4C5B-4EDD-9D6B-FA2C11A5B1FF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {95883405-45F9-47E2-B39E-AF09C112C138} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [4965672 2022-08-13] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {99EED1C4-37A9-4791-B437-EF958FD5A34B} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2287472 2022-05-25] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {C093EB18-2521-49C1-84D4-720B56C8D68A} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
Task: {DBB845CA-2044-4E51-959D-5BAD2845871A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DC52A498-B90A-4D59-B540-304084631136} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8406496 2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {EE928B3E-1ECB-4DB0-B169-78F97C4A77CF} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2022-09-07] (ESET, spol. s r.o. -> ESET)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
AutoConfigURL: [{84BB507B-0CAD-4DF4-886D-5C033A0A473E}] => hxxp://35.236.159.79/win.pac <==== ATTENTION
AutoConfigURL: [S-1-5-19] => <==== ATTENTION
AutoConfigURL: [S-1-5-21-454367811-4070127646-2946200979-1001] => hxxp://35.236.159.79/win.pac <==== ATTENTION
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0226d79a-ec79-467b-8e5d-a6b27a627764}: [DhcpNameServer] 192.168.32.2
Tcpip\..\Interfaces\{3a5fc32b-de6f-4a9c-99e4-6874894e5b03}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{6e6a9b71-51e6-4f30-abdc-94b1ffedb494}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{6e6a9b71-51e6-4f30-abdc-94b1ffedb494}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{acabb839-c790-4729-9f1d-5ade1d57eb6e}: [DhcpNameServer] 172.20.10.1
ManualProxies: 0hxxp://35.236.159.79/win.pac <==== ATTENTION
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default [2022-09-07]
Edge Notifications: Default -> hxxps://linkvertise.com
Edge HomePage: Default -> hxxp://google.com/
Edge StartupUrls: Default -> "hxxp://google.com/"
Edge Extension: (Tampermonkey) - C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\iikmkjmpaadaobahmlepeloendndfphd [2022-05-25]
Edge HKU\S-1-5-21-454367811-4070127646-2946200979-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx <not found>
FireFox:
========
FF DefaultProfile: tr63cse9.default
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tr63cse9.default [2022-06-16]
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z11dko08.default-release [2022-09-07]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-09-12] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2022-09-07]
CHR Extension: (Tampermonkey) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2022-05-15]
CHR Extension: (Xtreme Download Manager) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkckaoghoiffdbomfbbodbbgmhjblecj [2021-05-22]
CHR Extension: (OrangeMonkey) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekmeppjgajofkpiofbebgcbohbmfldaf [2022-03-26]
CHR Extension: (TubeBuddy) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkhmbddkmdggbhaaaodilponhnccicb [2022-09-03]
CHR Extension: (MetaMask) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2022-08-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (ProductionCrate Connect) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oagbohjaeipmkcfcjkjhnklieidnkpdo [2022-02-24]
CHR Extension: (vidIQ Vision for YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2022-08-26]
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-09-07]
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\System Profile [2022-07-19]
CHR HKU\S-1-5-21-454367811-4070127646-2946200979-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ekmeppjgajofkpiofbebgcbohbmfldaf]
CHR HKLM-x32\...\Chrome\Extension: [ekmeppjgajofkpiofbebgcbohbmfldaf]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-17] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3863256 2022-07-27] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3701464 2022-07-27] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [625960 2022-08-13] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVG Firewall; C:\Program Files\AVG\Antivirus\afwServ.exe [2086696 2022-09-06] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [625448 2022-08-13] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [8543840 2022-08-13] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109480 2021-06-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8901968 2021-03-08] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12102608 2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
R2 QMEmulatorService; C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe [198736 2020-08-15] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
R2 RealtekCU; C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlService.exe [36864 2012-05-10] (Realtek Semiconductor Corp.) [File not signed]
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [2114944 2022-08-14] (Rockstar Games, Inc. -> Rockstar Games)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6255896 2022-08-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10420944 2022-08-31] (Riot Games, Inc. -> Riot Games, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\NisSrv.exe [3125112 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe [133560 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 EasyAntiCheat; "C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aow_drv; C:\Program Files\TxGameAssistant\UI\3.21.1833.100\aow_drv_x64_ev.sys [913480 2020-12-09] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
S3 AppleKmdfFilter; C:\Windows\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [235736 2022-08-13] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriver.sys [389208 2022-08-13] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsh.sys [258128 2022-08-13] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniv.sys [105560 2022-08-13] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgElam; C:\Windows\System32\drivers\avgElam.sys [24528 2022-08-13] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [48144 2022-08-13] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [275176 2022-08-13] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgNetHub; C:\Windows\System32\drivers\avgNetHub.sys [554080 2022-08-13] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [114112 2022-08-13] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [89176 2022-08-13] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [862056 2022-08-31] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [670904 2022-08-13] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [221656 2022-08-13] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [324984 2022-08-13] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [287744 2022-04-14] (Microsoft Corporation) [File not signed]
S3 DroidCam; C:\Windows\System32\drivers\droidcam.sys [32240 2020-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Dev47Apps)
S3 DroidCamVideo; C:\Windows\System32\drivers\droidcamvideo.sys [33784 2020-10-04] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
S3 Netaapl; C:\Windows\System32\drivers\netaapl64.sys [32352 2017-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R1 TBoxDrv; C:\Program Files\AndroidTbox\TBoxDrv.sys [271600 2017-09-11] (Tencent Technology(Shenzhen) Company Limited -> Hyperv Corporation)
S3 tesrsdt; C:\Windows\system32\drivers\tesrsdt.sys [812208 2020-12-16] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S3 UniSafe; C:\Windows\system32\drivers\UniSafe.sys [581912 2021-01-05] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [70544 2021-09-28] (Tenorshare Co., Ltd. -> Apple, Inc.)
S3 usbscan; C:\Windows\system32\DRIVERS\usbscan.sys [49152 2020-09-28] (Microsoft Corporation) [File not signed]
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [8736232 2022-08-30] (Riot Games, Inc. -> Riot Games, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49576 2022-09-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [453904 2022-09-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [94480 2022-09-07] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-09-07 18:39 - 2022-09-07 22:14 - 000024571 _____ C:\Users\Admin\Desktop\FRST.txt
2022-09-07 18:37 - 2022-09-07 22:11 - 000003020 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onLogOn
2022-09-07 18:37 - 2022-09-07 22:11 - 000002640 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onTime
2022-09-07 18:36 - 2022-09-07 18:36 - 000012246 _____ C:\Users\Admin\Desktop\ESETScan.txt
2022-09-07 17:29 - 2022-09-07 17:29 - 000001413 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2022-09-07 17:29 - 2022-09-07 17:29 - 000001307 _____ C:\Users\Admin\Desktop\ESET Online Scanner.lnk
2022-09-07 17:29 - 2022-09-07 17:29 - 000000000 ____D C:\Users\Admin\AppData\Local\ESET
2022-09-07 17:27 - 2022-09-07 17:27 - 015274968 _____ (ESET) C:\Users\Admin\Desktop\esetonlinescanner.exe
2022-09-07 16:52 - 2022-09-07 16:56 - 171853622 _____ C:\Users\Admin\Desktop\Backyard Battle.mp4
2022-09-07 16:23 - 2022-09-07 16:23 - 000308727 _____ C:\Users\Admin\Downloads\Youtube animated green screen subscribe button with bell icon & like sound, clic.mp4
2022-09-07 16:21 - 2022-09-07 16:21 - 000238642 _____ C:\Users\Admin\Downloads\Simple 10 second countdown 4K with beep.mp4
2022-09-06 20:34 - 2022-09-06 20:38 - 000062688 _____ C:\Users\Admin\Downloads\Addition.txt
2022-09-06 20:27 - 2022-09-07 22:14 - 000000000 ____D C:\FRST
2022-09-06 20:27 - 2022-09-06 20:38 - 000038751 _____ C:\Users\Admin\Downloads\FRST.txt
2022-09-06 20:25 - 2022-09-06 20:26 - 002371072 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2022-09-06 13:49 - 2022-09-07 21:47 - 000001999 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Internet Security.lnk
2022-09-06 13:49 - 2022-09-06 13:49 - 000001987 _____ C:\Users\Public\Desktop\AVG Internet Security.lnk
2022-09-06 13:45 - 2022-08-13 10:48 - 000270632 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2022-09-06 02:16 - 2022-09-06 02:17 - 000000000 ____D C:\Users\Admin\AppData\Roaming\MSEdge
2022-09-06 02:16 - 2022-09-06 02:16 - 001099223 _____ (SQLite Development Team) C:\Users\Admin\AppData\LocalLow\sqlite3.dll
2022-09-06 02:16 - 2022-09-06 02:16 - 000254392 _____ (Mozilla Foundation) C:\Users\Admin\AppData\LocalLow\softokn3.dll
2022-09-06 02:15 - 2022-09-07 18:07 - 000000000 ____D C:\Program Files (x86)\PowerControl
2022-09-06 02:15 - 2022-09-06 02:18 - 000000000 ____D C:\Users\Admin\AppData\Local\cb71b30a-dacb-421a-bee2-21dfd5761abe
2022-09-06 02:15 - 2022-09-06 02:16 - 000684984 _____ (Mozilla Foundation) C:\Users\Admin\AppData\LocalLow\freebl3.dll
2022-09-06 02:15 - 2022-09-06 02:15 - 002042296 _____ (Mozilla Foundation) C:\Users\Admin\AppData\LocalLow\nss3.dll
2022-09-06 02:15 - 2022-09-06 02:15 - 000627128 _____ (Mozilla Foundation) C:\Users\Admin\AppData\LocalLow\mozglue.dll
2022-09-06 02:13 - 2022-09-06 13:39 - 000002024 __RSH C:\ProgramData\ntuser.pol
2022-08-31 19:24 - 2022-09-07 21:47 - 000000000 _____ C:\Users\Public\Documents\process.txt
2022-08-30 21:35 - 2022-09-07 21:47 - 000000105 _____ C:\Users\Public\Desktop\process.txt
2022-08-30 21:32 - 2022-08-30 21:32 - 000001627 _____ C:\Users\Public\Desktop\VALORANT.lnk
2022-08-30 16:59 - 2022-08-30 16:59 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2022-08-29 19:23 - 2022-09-02 14:00 - 000000000 ____D C:\Program Files\Riot Vanguard
2022-08-13 10:48 - 2022-08-13 10:48 - 000221656 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2022-08-12 18:21 - 2022-08-12 18:21 - 000581120 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr
2022-08-12 18:21 - 2022-08-12 18:21 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr
2022-08-12 18:21 - 2022-08-12 18:21 - 000060928 _____ C:\Windows\system32\runexehelper.exe
2022-08-12 18:21 - 2022-08-12 18:21 - 000011803 _____ C:\Windows\system32\DrtmAuthTxt.wim
2022-08-12 18:20 - 2022-08-12 18:20 - 000288768 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll
2022-08-12 18:20 - 2022-08-12 18:20 - 000162304 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2022-08-12 18:20 - 2022-08-12 18:20 - 000089088 _____ C:\Windows\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2022-08-12 18:20 - 2022-08-12 18:20 - 000073216 _____ C:\Windows\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2022-08-12 12:54 - 2022-08-12 12:54 - 000000000 ____D C:\Windows\ShellSys64
2022-08-12 12:27 - 2022-08-12 12:27 - 000000000 ___HD C:\$WinREAgent
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-09-07 22:13 - 2021-01-30 14:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2022-09-07 22:13 - 2021-01-30 14:15 - 000000000 ____D C:\ProgramData\Wondershare Filmora
2022-09-07 22:13 - 2021-01-30 14:15 - 000000000 ____D C:\Program Files\Wondershare
2022-09-07 22:11 - 2022-01-08 17:13 - 000002612 _____ C:\Windows\system32\Tasks\AdobeGCInvoker-1.0
2022-09-07 22:11 - 2020-12-08 10:37 - 000003348 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2022-09-07 22:11 - 2020-12-08 10:37 - 000003124 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2022-09-07 22:11 - 2020-12-06 09:48 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software
2022-09-07 22:11 - 2020-12-05 20:15 - 000003250 _____ C:\Windows\system32\Tasks\Antivirus Emergency Update
2022-09-07 22:11 - 2020-12-05 16:12 - 000000000 ____D C:\Program Files (x86)\Steam
2022-09-07 22:11 - 2020-09-27 22:36 - 000003464 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-09-07 22:11 - 2020-09-27 22:36 - 000003240 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-09-07 21:47 - 2021-11-20 10:15 - 000000001 _____ C:\Windows\vgkbootstatus.dat
2022-09-07 21:47 - 2021-11-20 01:48 - 000000000 ____D C:\ProgramData\Riot Games
2022-09-07 21:47 - 2021-11-08 07:18 - 000001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2022-09-07 21:47 - 2021-01-30 14:16 - 000000016 _____ C:\ProgramData\mntemp
2022-09-07 21:47 - 2020-12-08 10:50 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-09-07 21:47 - 2020-12-05 11:49 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2022-09-07 21:47 - 2020-12-05 11:49 - 000002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2022-09-07 21:47 - 2020-12-05 11:49 - 000002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2022-09-07 21:47 - 2020-12-05 11:48 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2022-09-07 21:47 - 2020-12-05 11:45 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2022-09-07 21:47 - 2020-09-27 22:36 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-09-07 21:39 - 2020-12-08 10:37 - 000000000 ____D C:\Program Files (x86)\Google
2022-09-07 21:24 - 2020-09-27 22:33 - 000000000 ____D C:\Windows\system32\SleepStudy
2022-09-07 18:10 - 2021-08-30 07:29 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Spectral_Engine
2022-09-07 18:07 - 2020-12-05 20:18 - 000000000 ____D C:\Program Files (x86)\PremierOpinion
2022-09-07 17:54 - 2020-12-05 20:12 - 000000000 ____D C:\Program Files\Cheat Engine 7.2
2022-09-07 17:07 - 2020-12-05 18:14 - 000000000 ____D C:\Users\Admin\AppData\Local\D3DSCache
2022-09-07 16:58 - 2019-12-07 17:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-09-07 16:21 - 2022-01-08 17:10 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2022-09-07 16:17 - 2020-09-27 22:34 - 000000000 ____D C:\Windows\system32\Drivers\wd
2022-09-07 16:15 - 2020-10-30 06:26 - 000005796 _____ C:\Windows\system32\PerfStringBackup.INI
2022-09-07 16:11 - 2020-12-05 20:12 - 000000000 ____D C:\ProgramData\AVG
2022-09-07 16:11 - 2020-12-05 11:44 - 000000000 ____D C:\ProgramData\NVIDIA
2022-09-07 16:11 - 2020-12-05 11:41 - 000008192 ___SH C:\DumpStack.log.tmp
2022-09-07 16:11 - 2020-09-27 22:34 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-09-06 21:04 - 2019-12-07 17:03 - 000262144 _____ C:\Windows\system32\config\BBI
2022-09-06 20:02 - 2020-12-05 16:04 - 000000000 ____D C:\Users\Admin\AppData\Local\ElevatedDiagnostics
2022-09-06 14:06 - 2020-12-05 11:49 - 000002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2022-09-06 13:45 - 2019-12-07 17:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2022-09-06 02:15 - 2021-07-08 18:45 - 000000000 ____D C:\Users\Admin\AppData\Local\Yandex
2022-09-06 02:15 - 2021-01-05 18:17 - 000000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2022-09-06 02:13 - 2019-12-07 17:14 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2022-09-06 02:13 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2022-09-06 02:11 - 2020-12-05 18:13 - 000000000 ____D C:\ProgramData\Package Cache
2022-09-04 21:09 - 2019-12-07 17:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-09-04 21:09 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\AppReadiness
2022-09-04 20:22 - 2021-07-05 13:23 - 000000000 ____D C:\Users\Admin\Desktop\new vid
2022-08-31 11:37 - 2020-12-05 20:15 - 000862056 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2022-08-30 21:35 - 2020-12-05 17:59 - 000000000 ____D C:\ProgramData\Epic
2022-08-30 21:32 - 2021-11-20 01:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2022-08-30 19:50 - 2020-10-30 06:22 - 000000000 ____D C:\Users\Admin\AppData\Local\Packages
2022-08-30 19:49 - 2021-03-25 20:36 - 000000000 ____D C:\Users\Admin\Downloads\Telegram Desktop
2022-08-30 19:27 - 2022-07-14 17:13 - 000000000 ____D C:\Program Files\MetaTrader
2022-08-30 19:27 - 2022-07-08 19:32 - 000000000 ____D C:\Users\Admin\AppData\Roaming\MetaQuotes
2022-08-30 17:20 - 2021-09-11 12:38 - 000000000 ____D C:\Users\Admin\Desktop\Video Editing Stuff
2022-08-30 17:19 - 2021-03-23 20:42 - 000000000 ____D C:\Users\Admin\Desktop\New folder
2022-08-30 17:18 - 2021-01-30 14:10 - 000000000 ____D C:\Users\Admin\Desktop\filmora
2022-08-30 17:17 - 2021-03-16 19:48 - 000000000 ____D C:\Users\Admin\Desktop\Video Song
2022-08-30 16:43 - 2022-02-15 22:40 - 000001491 _____ C:\Users\Public\Desktop\Riot Client.lnk
2022-08-29 19:24 - 2022-02-15 22:22 - 000000000 ____D C:\Riot Games
2022-08-29 19:10 - 2020-10-30 06:22 - 000000000 ____D C:\Users\Admin
2022-08-23 20:20 - 2020-12-08 10:50 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-08-22 16:02 - 2022-08-06 17:00 - 000000000 ____D C:\Program Files (x86)\XM Global MT4
2022-08-14 19:39 - 2020-12-07 10:17 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2022-08-14 19:39 - 2020-12-07 09:47 - 000000000 ____D C:\Program Files\Rockstar Games
2022-08-13 19:34 - 2020-12-05 11:48 - 000000000 ____D C:\Program Files\Microsoft Office
2022-08-13 14:03 - 2019-12-07 17:03 - 000000000 ____D C:\Windows\CbsTemp
2022-08-13 10:48 - 2022-06-28 19:49 - 000024528 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgElam.sys
2022-08-13 10:48 - 2020-12-05 20:15 - 000670904 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2022-08-13 10:48 - 2020-12-05 20:15 - 000554080 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNetHub.sys
2022-08-13 10:48 - 2020-12-05 20:15 - 000389208 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriver.sys
2022-08-13 10:48 - 2020-12-05 20:15 - 000324984 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2022-08-13 10:48 - 2020-12-05 20:15 - 000275176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2022-08-13 10:48 - 2020-12-05 20:15 - 000258128 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsh.sys
2022-08-13 10:48 - 2020-12-05 20:15 - 000235736 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2022-08-13 10:48 - 2020-12-05 20:15 - 000114112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2022-08-13 10:48 - 2020-12-05 20:15 - 000105560 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniv.sys
2022-08-13 10:48 - 2020-12-05 20:15 - 000089176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2022-08-13 10:48 - 2020-12-05 20:15 - 000048144 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgKbd.sys
2022-08-13 10:47 - 2019-12-07 17:13 - 000000000 ____D C:\Windows\INF
2022-08-13 02:38 - 2020-09-27 22:33 - 000439016 _____ C:\Windows\system32\FNTCACHE.DAT
2022-08-13 02:37 - 2019-12-07 17:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-08-13 02:37 - 2019-12-07 17:54 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-08-13 02:37 - 2019-12-07 17:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2022-08-13 02:37 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2022-08-13 02:37 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2022-08-13 02:37 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\SystemResources
2022-08-13 02:37 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2022-08-13 02:37 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2022-08-13 02:37 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\system32\oobe
2022-08-13 02:37 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\system32\Dism
2022-08-13 02:37 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\ShellExperiences
2022-08-13 02:37 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\bcastdvr
2022-08-12 18:20 - 2020-09-27 22:36 - 003011072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2022-08-12 14:37 - 2020-10-29 16:31 - 000803176 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2022-08-12 14:30 - 2022-07-16 15:54 - 000000000 ____D C:\Program Files (x86)\AximTrade MT4 Terminal
2022-08-12 14:26 - 2019-12-07 17:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2022-08-12 14:09 - 2022-04-28 00:07 - 000000000 _____ C:\Windows\system32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2022-08-12 14:09 - 2020-12-05 11:50 - 000000000 _____ C:\Windows\system32\Tasks\ConsoleAct
2022-08-12 14:09 - 2020-12-05 11:48 - 000000000 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2022-08-12 14:09 - 2020-10-30 06:20 - 000000000 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-454367811-4070127646-2946200979-500
2022-08-11 18:40 - 2020-12-09 02:54 - 000000000 ____D C:\Windows\system32\MRT
2022-08-11 18:38 - 2020-12-09 02:54 - 144534560 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2022-08-11 15:47 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
==================== Files in the root of some directories ========
2022-01-08 17:43 - 2022-01-08 17:43 - 000000000 _____ () C:\Users\Admin\AppData\Local\oobelibMkey.log
2021-02-02 15:20 - 2021-02-02 15:20 - 000007605 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-08-2022
Ran by Admin (07-09-2022 22:14:58)
Running from C:\Users\Admin\Desktop
Microsoft Windows 10 Pro Version 21H2 19044.1889 (X64) (2020-10-29 22:21:39)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Admin (S-1-5-21-454367811-4070127646-2946200979-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-454367811-4070127646-2946200979-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-454367811-4070127646-2946200979-503 - Limited - Disabled)
Guest (S-1-5-21-454367811-4070127646-2946200979-501 - Limited - Enabled)
Transfer (S-1-5-21-454367811-4070127646-2946200979-1003 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-454367811-4070127646-2946200979-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
FW: AVG Antivirus (Enabled) {2092F4DC-EC63-3680-C854-E2DACF7E736A}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}) (Version: 20.012.20048 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.0.0.11 - Adobe Inc.)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-001824458876}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AVG Internet Security (HKLM\...\AVG Antivirus) (Version: 22.7.3245 - AVG Technologies)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cheat Engine 7.2 (HKLM\...\Cheat Engine_is1) (Version: - Cheat Engine)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 104.0.5112.102 - Google LLC)
Grand Theft Auto V (HKLM-x32\...\{BEEFBEEF-6B87-43FC-9524-F9E967241741}) (Version: 1.0.1604.0 - Rockstar Games)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 105.0.1343.27 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 105.0.1343.27 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.15427.20210 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 (HKLM-x32\...\{3746f21b-c990-4045-bb33-1cf98cff7a68}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.30.30704 (HKLM-x32\...\{4d8dcf8c-a72a-43e1-9833-c12724db736e}) (Version: 14.30.30704.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 (HKLM\...\{F4499EE3-A166-496C-81BB-51D1BCDC70A9}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 (HKLM\...\{3407B900-37F5-4CC2-B612-5CD5D580A163}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.30.30704 (HKLM-x32\...\{BF08E976-B92E-4336-B56F-2171179476C4}) (Version: 14.30.30704 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.30.30704 (HKLM-x32\...\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}) (Version: 14.30.30704 - Microsoft Corporation) Hidden
NVIDIA Graphics Driver 457.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 457.09 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 26.0.2 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15427.20178 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15427.20148 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13127.20164 - Microsoft Corporation) Hidden
PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version: 210929 - Kakao Corp.)
PremierOpinion (HKLM-x32\...\{eeb86aef-4a5d-4b75-9d74-f16d438fc286}) (Version: 1.3.338.320 - VoiceFive, Inc.) <==== ATTENTION
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9018.1 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049509-055C-4CFF-A116-1D12312225EB}) (Version: 1.00.0199 - REALTEK Semiconductor Corp.)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.62.937 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.1.5.1 - Rockstar Games)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation)
VALORANT (HKU\S-1-5-21-454367811-4070127646-2946200979-1001\...\Riot Game valorant.live) (Version: - Riot Games, Inc)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)
WinRAR 6.02 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)
XM Global MT4 (HKLM-x32\...\XM Global MT4) (Version: 4.00 - MetaQuotes Ltd.)
Xtreme Download Manager 2020 (HKLM-x32\...\{2BDF6880-F5BF-42B8-AA50-7A54D26221DD}) (Version: 7.2.11 - subhra Das Gupta)
Packages:
=========
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2021-02-18] (Canon Inc.)
Notepads App -> C:\Program Files\WindowsApps\19282JackieLiu.Notepads-Beta_1.4.8.0_x64__echhpq9pdbte8 [2022-05-26] (Jackie Liu)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-07-01] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-454367811-4070127646-2946200979-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-454367811-4070127646-2946200979-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-454367811-4070127646-2946200979-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-454367811-4070127646-2946200979-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-454367811-4070127646-2946200979-1001_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender 2.91\BlendThumb.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2022-08-13] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2022-08-13] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2022-08-13] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2022-08-13] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2020-10-23] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2022-08-13] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube Music.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=cinhimbnkkaeohfgghhklpknlkffjgod
==================== Loaded Modules (Whitelisted) =============
2020-12-05 12:00 - 2012-08-08 21:56 - 000863232 _____ ( Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\P2PLib.dll
2020-12-05 12:00 - 2012-11-06 09:47 - 000114688 _____ () [File not signed] C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\EnumDevLib.dll
2020-12-05 11:49 - 2020-12-05 11:49 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2020-12-05 11:49 - 2020-12-05 11:49 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
2020-12-05 12:00 - 2012-11-06 14:31 - 000623616 _____ (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlLib.dll
2020-12-05 12:00 - 2012-09-13 09:25 - 000200704 _____ (Realtek) [File not signed] C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\IpLib.dll
2020-12-05 12:00 - 2012-05-07 14:23 - 000040960 _____ (Realtek) [File not signed] C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlICS.dll
2020-12-05 12:00 - 2012-10-12 10:25 - 000266240 _____ (Realtek) [File not signed] C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlIhvOid.dll
2020-12-05 12:00 - 2012-06-22 16:01 - 000044544 _____ (Realtek) [File not signed] C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlQRCode.dll
2020-12-05 12:00 - 2009-07-23 17:32 - 001122304 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\LIBEAY32.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\desktop.ini:CachedTiles [2586]
AlternateDataStreams: C:\Windows\System32:tdsrset_i.gfc [5846]
AlternateDataStreams: C:\ProgramData\DP45977C.lfl:677104FCAA [2594]
AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk:075A04AA92 [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Internet Security.lnk:A06F6D7FAF [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk:8096E45125 [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk:E77773B271 [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk:F20EF51E1F [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk:1DC1525F34 [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk:104946E0EA [2594]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [3672]
AlternateDataStreams: C:\Users\Public\Desktop\process.txt:16BEF1B8AB [2594]
AlternateDataStreams: C:\Users\Public\Documents\process.txt:59AF7E93CD [2594]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 17:14 - 2022-09-07 17:28 - 000000822 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-454367811-4070127646-2946200979-1001\Control Panel\Desktop\\Wallpaper -> c:\users\admin\downloads\12319.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: AdobeARMservice => 2
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-454367811-4070127646-2946200979-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-454367811-4070127646-2946200979-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-454367811-4070127646-2946200979-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-454367811-4070127646-2946200979-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_A5B343D047FD8BD2F268B0EA0F8DBD7C"
HKU\S-1-5-21-454367811-4070127646-2946200979-1001\...\StartupApproved\Run: => "XDM"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{1093CD58-4B5F-4AEC-883A-919B42C7150E}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) [File not signed]
FirewallRules: [{5F3B0F64-6EE1-4E20-83B2-F5AF4D091876}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) [File not signed]
FirewallRules: [{4D69B096-1B28-4EA7-BC96-6C648C73EAAF}] => (Allow) LPort=1542
FirewallRules: [{3A42592C-2D41-4C8B-AB52-A27C8B7913F5}] => (Allow) LPort=1542
FirewallRules: [{508FC67A-0EF8-45E3-AF78-7C3A2A81799F}] => (Allow) LPort=53
FirewallRules: [{9AE7A6F8-2760-400A-9D87-43B114B978CC}] => (Allow) LPort=67
FirewallRules: [{1CD034E0-D18A-4F28-99CA-ADA361E9127E}] => (Allow) LPort=68
FirewallRules: [{ECFF436A-29FA-4144-98E8-30842A0FED47}] => (Allow) LPort=53
FirewallRules: [{0B2DFB8D-723E-4D00-8F78-977FB3A6CFE7}] => (Allow) LPort=53
FirewallRules: [{8E613A85-F447-46A5-965F-721143B15328}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\Rtldhcp.exe (Realtek) [File not signed]
FirewallRules: [{9ACA2D8C-BC61-4604-8D48-2B1900B3DDF0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{5BEA4F23-F621-4C35-8E29-BE09827A0F03}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{B5F98844-3207-46C2-BB90-49C22E9A6B73}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{80C540EE-E458-478F-9C03-BCEC8FEC38CB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{361EFD62-BFA2-406B-86F0-B09D6D0C970B}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe => No File
FirewallRules: [{CE1D4E80-BA87-4F08-8733-85D7E0998B2E}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe => No File
FirewallRules: [{C1E02898-C917-4AD7-B4CD-3FF3267B39CD}] => (Allow) C:\Program Files\Epic Games\GTAV\GTA5.exe => No File
FirewallRules: [{687ACE44-03A2-4B79-936C-E3763E6A20C7}] => (Allow) C:\Program Files\Epic Games\GTAV\GTA5.exe => No File
FirewallRules: [TCP Query User{01F2C4B2-0EEC-4B00-88AB-30E7DE3872F9}C:\users\admin\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\admin\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe => No File
FirewallRules: [UDP Query User{2E5B94BE-B402-46D6-AB6A-3CD9FF752F29}C:\users\admin\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\admin\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe => No File
FirewallRules: [{97487DC7-F2C6-412A-A229-8A76D2085DC3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{7710E3E2-DC6F-42E9-BCD1-DDF05887DFC7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{9EBCD700-40D8-44B6-B9E2-7D999F9377F8}C:\users\admin\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\admin\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe => No File
FirewallRules: [UDP Query User{1D3594A1-E5A9-4613-B2A5-D808D93928B2}C:\users\admin\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\admin\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe => No File
FirewallRules: [{4386264E-64CB-4413-A7A3-E3DD347DF30A}] => (Allow) C:\Program Files\Epic Games\GTAV\GTA5.exe => No File
FirewallRules: [{531562F3-3AD9-4DC9-99A5-0FD227C882E6}] => (Allow) C:\Program Files\Epic Games\GTAV\GTA5.exe => No File
FirewallRules: [TCP Query User{4238C769-A66A-450A-9D1A-E222EF38A8F7}C:\program files (x86)\droidcam\droidcamapp.exe] => (Allow) C:\program files (x86)\droidcam\droidcamapp.exe => No File
FirewallRules: [UDP Query User{37087716-5F54-4409-8007-F444C3C8BEEC}C:\program files (x86)\droidcam\droidcamapp.exe] => (Allow) C:\program files (x86)\droidcam\droidcamapp.exe => No File
FirewallRules: [TCP Query User{43F93CA4-952B-49CA-A6C2-D5E0493C5DFB}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe => No File
FirewallRules: [UDP Query User{31DE45E8-2E7B-4DE0-9A97-947533787CFE}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe => No File
FirewallRules: [TCP Query User{4047378F-0687-46CC-860C-63C7904829FC}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe => No File
FirewallRules: [UDP Query User{E900E723-4FC8-4C10-ADF8-8DC27F1B0F02}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe => No File
FirewallRules: [{0F9D5760-E82B-425A-9C72-2D66F1BE6358}] => (Allow) c:\program files\txgameassistant\appmarket\AppMarket.exe => No File
FirewallRules: [{66C4A92E-DEBB-4786-AEAB-59F01B4C2E0A}] => (Allow) c:\program files\txgameassistant\appmarket\TInst.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{A639FB75-A6CC-4EB4-BC5E-378AD20E953E}] => (Allow) c:\program files\txgameassistant\appmarket\bugreport.exe (Tencent Technology(Shenzhen) Company Limited -> 腾讯公司)
FirewallRules: [{DC99A968-CCBC-40FA-9059-D101D8592723}] => (Allow) c:\program files\txgameassistant\appmarket\QQExternal.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{F1924E0C-CD2A-4A04-8493-B5300A9E5938}] => (Allow) c:\program files\txgameassistant\appmarket\GameDownload.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{86B275C0-1CC4-4EBA-886A-F2BD5DC2801A}] => (Allow) c:\program files\txgameassistant\appmarket\GF186\TUpdate.exe => No File
FirewallRules: [{5014D5C0-2825-4E83-9BB8-B4E1F92C630F}] => (Allow) C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{ECDE4CCA-6836-453A-AE39-77DB45A6597C}] => (Allow) C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{76072A9A-D866-4365-A4DF-4AAC13ABB218}] => (Allow) C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{E144BF9D-BBCD-443E-AEB3-73DCAA1F342C}] => (Allow) C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{981B4E93-51D9-4A61-B2C0-CB9BF8EE00F8}] => (Allow) c:\program files\txgameassistant\ui\AndroidEmulator.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{DDF94C68-E07C-45BB-9D0D-D40E8E7B2868}] => (Allow) c:\program files\txgameassistant\ui\adb.exe () [File not signed]
FirewallRules: [{DFFC8FE2-CA31-4783-B67A-F85271016DBC}] => (Allow) c:\program files\txgameassistant\ui\TInst.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{1E11006C-3A9E-4078-87B4-7A452407C33E}] => (Allow) c:\program files\txgameassistant\ui\bugreport.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{2EC2E7AF-BB8B-4908-9382-D1890B6C0B27}] => (Allow) c:\program files\txgameassistant\ui\TxGaDcc.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{70907A45-7D97-407D-B2B9-F9D1D00910C9}] => (Allow) C:\Program Files\AndroidTbox\THypervBox.exe (Tencent Technology(Shenzhen) Company Limited -> Hyperv Corporation)
FirewallRules: [{A5BEF2B1-FA2A-464C-9D2F-A89B14F2B4D4}] => (Allow) C:\Program Files\AndroidTbox\TBoxHeadless.exe (Tencent Technology(Shenzhen) Company Limited -> Hyperv Corporation)
FirewallRules: [{CA81EA16-17BC-4433-96A0-0C5A14E77716}] => (Allow) C:\Program Files\AndroidTbox\TBoxNetNAT.exe (Tencent Technology(Shenzhen) Company Limited -> Hyperv Corporation)
FirewallRules: [{A8F590B0-6749-4614-BC17-22E6CDE57553}] => (Allow) C:\Program Files\AndroidTbox\TBoxSDL.exe (Tencent Technology(Shenzhen) Company Limited -> Hyperv Corporation)
FirewallRules: [{3E7A2DA9-0285-4B7E-8F82-47232669A491}] => (Allow) C:\Program Files\AndroidTbox\TBoxExtPackHelperApp.exe (Tencent Technology(Shenzhen) Company Limited -> Hyperv Corporation)
FirewallRules: [{D7BBFD62-F894-4651-A11F-548DD6BCC5C3}] => (Allow) C:\Program Files\AndroidTbox\USBInstall.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{81D83126-64EF-451E-BB61-494F8DD501BF}] => (Allow) C:\Program Files\AndroidTbox\TBoxNetDHCP.exe (Tencent Technology(Shenzhen) Company Limited -> Hyperv Corporation)
FirewallRules: [{84B9C0F6-F3C6-438F-887A-A446BD0A8246}] => (Allow) C:\Program Files\AndroidTbox\TBoxManage.exe (Tencent Technology(Shenzhen) Company Limited -> Hyperv Corporation)
FirewallRules: [{F0AF2DA8-E110-4FB8-8E98-9276C053C796}] => (Allow) C:\Program Files\AndroidTbox\USBUninstall.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{62A1115D-266E-4A46-AF08-36FE952E9B7E}] => (Allow) C:\Program Files\AndroidTbox\TInst.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{EF2E6E2C-2459-420F-A37F-91B6B4A5000F}] => (Allow) C:\Program Files\AndroidTbox\SUPLoggerCtl.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{F6B77A8A-3312-40D7-895C-FFF66AD7DDD8}] => (Allow) C:\Program Files\AndroidTbox\NetFltUninstall.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{5397ED0E-00EC-48D3-BC00-A9A49F084AD4}] => (Allow) C:\Program Files\AndroidTbox\NetFltInstall.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{626F5BB5-AC95-4319-8632-6BDB1C149DC5}] => (Allow) C:\Program Files\AndroidTbox\SUPUninstall.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{9A9C5703-2B59-4307-9BAE-A9DCFC574FAA}] => (Allow) C:\Program Files\AndroidTbox\TBoxBalloonCtrl.exe (Tencent Technology(Shenzhen) Company Limited -> Hyperv Corporation)
FirewallRules: [{ED5B84EB-9FE2-4DF6-AB21-D133C8A6CE72}] => (Allow) C:\Program Files\AndroidTbox\SUPInstall.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{FB55C254-CE61-48C4-84C1-40461F8BF455}] => (Allow) C:\Program Files\AndroidTbox\TBoxSVC.exe (Tencent Technology(Shenzhen) Company Limited -> Hyperv Corporation)
FirewallRules: [TCP Query User{2141EB08-7191-4762-8D79-7E06CFB1227A}C:\users\admin\desktop\among.us.v2020.12.9s\among.us.v2020.12.9s\among us\among us.exe] => (Allow) C:\users\admin\desktop\among.us.v2020.12.9s\among.us.v2020.12.9s\among us\among us.exe => No File
FirewallRules: [UDP Query User{92ED285C-750C-4635-80C1-B4B572B7F6F4}C:\users\admin\desktop\among.us.v2020.12.9s\among.us.v2020.12.9s\among us\among us.exe] => (Allow) C:\users\admin\desktop\among.us.v2020.12.9s\among.us.v2020.12.9s\among us\among us.exe => No File
FirewallRules: [{C9D8AF13-DC80-4373-9C40-18B15A9D3E20}] => (Allow) C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{72AE483E-6861-417B-B241-4B7A27332C5F}] => (Allow) C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [TCP Query User{3507F2D2-E55B-40BC-875F-78F2B6AB7BFB}C:\program files\teamspeak 3 client\ts3client_win64.exe] => (Allow) C:\program files\teamspeak 3 client\ts3client_win64.exe => No File
FirewallRules: [UDP Query User{8B381707-963C-4AF0-94BE-C639EDDD13D7}C:\program files\teamspeak 3 client\ts3client_win64.exe] => (Allow) C:\program files\teamspeak 3 client\ts3client_win64.exe => No File
FirewallRules: [TCP Query User{1A85C713-6954-4CFB-AB77-E9180ECAE8EB}C:\program files\teamspeak 3 client\ts3client_win64.exe] => (Allow) C:\program files\teamspeak 3 client\ts3client_win64.exe => No File
FirewallRules: [UDP Query User{9394EA05-3E3F-46E6-981B-95752F9A0D1C}C:\program files\teamspeak 3 client\ts3client_win64.exe] => (Allow) C:\program files\teamspeak 3 client\ts3client_win64.exe => No File
FirewallRules: [TCP Query User{F6775C36-E3B4-43DF-93C2-E81CD4A4D7C2}C:\users\admin\desktop\among us\among us.exe] => (Block) C:\users\admin\desktop\among us\among us.exe => No File
FirewallRules: [TCP Query User{E1BF14DC-BFA2-4E5D-AE5F-E35BD22A866E}C:\users\admin\desktop\among us\among us.exe] => (Block) C:\users\admin\desktop\among us\among us.exe => No File
FirewallRules: [TCP Query User{FB2F924B-A9CC-4F19-980A-E0CCAC6C25E9}C:\users\admin\desktop\callofduty-modernwarfare2\call of duty - modern warfare 2\iw4sp.exe] => (Allow) C:\users\admin\desktop\callofduty-modernwarfare2\call of duty - modern warfare 2\iw4sp.exe => No File
FirewallRules: [UDP Query User{F945616B-57A0-41FF-8562-1B3A77144329}C:\users\admin\desktop\callofduty-modernwarfare2\call of duty - modern warfare 2\iw4sp.exe] => (Allow) C:\users\admin\desktop\callofduty-modernwarfare2\call of duty - modern warfare 2\iw4sp.exe => No File
FirewallRules: [TCP Query User{1B4FF5FC-C0F7-466D-A273-C8D1A5DD1B65}C:\users\admin\desktop\callofdutymodernwarfare3\call of duty modern warfare 3\call of duty modern warfare 3\iw5sp.exe] => (Allow) C:\users\admin\desktop\callofdutymodernwarfare3\call of duty modern warfare 3\call of duty modern warfare 3\iw5sp.exe => No File
FirewallRules: [UDP Query User{1AAD19EA-A675-476A-AEDC-25F4DACEFF95}C:\users\admin\desktop\callofdutymodernwarfare3\call of duty modern warfare 3\call of duty modern warfare 3\iw5sp.exe] => (Allow) C:\users\admin\desktop\callofdutymodernwarfare3\call of duty modern warfare 3\call of duty modern warfare 3\iw5sp.exe => No File
FirewallRules: [{AD042711-5C66-4DBC-B875-6BCC74F30E95}] => (Allow) C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe => No File
FirewallRules: [{274A6BD6-D55E-4332-89E5-2A0100FD8D2C}] => (Allow) C:\Users\Admin\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{8BB3A4C5-7828-4E73-AAD7-C1721E949AED}] => (Allow) C:\Users\Admin\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{BE7A903C-C618-44D6-9650-FC16B98F1995}] => (Allow) C:\Program Files\Epic Games\GTAV\GTA5.exe => No File
FirewallRules: [{ABCC3EEB-3E1E-4E82-B590-E296EC3805C6}] => (Allow) C:\Program Files\Epic Games\GTAV\GTA5.exe => No File
FirewallRules: [TCP Query User{44D5D53C-9BFC-40EC-95F5-965E754AE7CF}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [UDP Query User{07C50049-7C64-47F3-81C5-C5BDB303EC4B}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [{6DE88EC1-7007-417F-BF0D-2024BFC0DDB9}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe => No File
FirewallRules: [{571A6532-BD4E-4FDD-BD5E-D9D213816C9F}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe => No File
FirewallRules: [{18F3428E-6A13-4D7B-B723-C7A613276633}] => (Allow) C:\Program Files (x86)\Popcorn Time\nodejs\node.exe => No File
FirewallRules: [{7DEF18AA-8E7A-473E-B153-F27DD2233414}] => (Allow) C:\Program Files (x86)\Popcorn Time\nodejs\node.exe => No File
FirewallRules: [TCP Query User{F8C2E26F-387E-4AC8-8725-EB9E0B2EDF4F}C:\users\admin\desktop\worldwarz\world war z\world war z\en_us\client\bin\pc\wwzretailegs.exe] => (Allow) C:\users\admin\desktop\worldwarz\world war z\world war z\en_us\client\bin\pc\wwzretailegs.exe => No File
FirewallRules: [UDP Query User{B4A85250-C363-4689-A53D-FE0F5A2A662F}C:\users\admin\desktop\worldwarz\world war z\world war z\en_us\client\bin\pc\wwzretailegs.exe] => (Allow) C:\users\admin\desktop\worldwarz\world war z\world war z\en_us\client\bin\pc\wwzretailegs.exe => No File
FirewallRules: [TCP Query User{916560B5-10B6-4D55-9C95-CD765AA4CB9B}C:\users\admin\desktop\worldwarz\world war z\world war z\en_us\client\bin\pc\wwzretailegs.exe] => (Allow) C:\users\admin\desktop\worldwarz\world war z\world war z\en_us\client\bin\pc\wwzretailegs.exe => No File
FirewallRules: [UDP Query User{38C3ADF7-1EA5-4E76-98FE-8366C678854F}C:\users\admin\desktop\worldwarz\world war z\world war z\en_us\client\bin\pc\wwzretailegs.exe] => (Allow) C:\users\admin\desktop\worldwarz\world war z\world war z\en_us\client\bin\pc\wwzretailegs.exe => No File
FirewallRules: [{F61BE0E2-0C5F-4016-B467-E03A1A05EF20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTA5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{487808C3-AEAE-4227-BBD2-2138A058308D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTA5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{080A828B-478E-4D70-9D38-52DA7FE5C740}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTA5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{A1C7D87F-8E87-46F9-B32C-F052FC5FAF5C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTA5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{386584C3-822C-4A8C-B826-8E44F9B1C86F}C:\users\admin\appdata\roaming\telegram desktop\telegram.exe] => (Allow) C:\users\admin\appdata\roaming\telegram desktop\telegram.exe => No File
FirewallRules: [UDP Query User{150C0442-8D1F-457D-9F26-0AFFE915DF13}C:\users\admin\appdata\roaming\telegram desktop\telegram.exe] => (Allow) C:\users\admin\appdata\roaming\telegram desktop\telegram.exe => No File
FirewallRules: [TCP Query User{A24FD7D6-FD15-4092-8172-BEFE72C187EE}C:\users\admin\appdata\roaming\telegram desktop\telegram.exe] => (Allow) C:\users\admin\appdata\roaming\telegram desktop\telegram.exe => No File
FirewallRules: [UDP Query User{171AC631-C798-49A5-A509-C92A34523D67}C:\users\admin\appdata\roaming\telegram desktop\telegram.exe] => (Allow) C:\users\admin\appdata\roaming\telegram desktop\telegram.exe => No File
FirewallRules: [{8A348DB3-3D7B-42AB-8AC5-F6166EB70AAB}] => (Allow) C:\Program Files\BlueStacks_bgp64\HD-Player.exe => No File
FirewallRules: [{B96F1642-FE7F-4E9C-9F43-FE97E36379CD}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{7CC6CBD0-794F-4062-84CD-4582D6A0ABBB}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{E7E7A7AC-E85D-4839-8A03-89D25F5987B1}] => (Allow) C:\Users\Admin\Downloads\reiboot.exe => No File
FirewallRules: [{4133010B-B4F2-4DAD-86AC-AD11921DD82F}] => (Allow) C:\Users\Admin\Downloads\reiboot.exe => No File
FirewallRules: [{C5910369-1F4E-4629-9468-258303DDCA0D}] => (Allow) C:\Users\Admin\Downloads\ultdata-ios.exe => No File
FirewallRules: [{64523EE1-A9F7-41C2-8C98-D02102D72D66}] => (Allow) C:\Users\Admin\Downloads\ultdata-ios.exe => No File
FirewallRules: [{B52B4F2E-FB00-4CE3-BDA5-D9EF4ABD027B}] => (Allow) C:\Users\Admin\Downloads\ios-system-repair.exe => No File
FirewallRules: [{ECA55CEE-BCB7-4B84-8245-D96D93FC3827}] => (Allow) C:\Users\Admin\Downloads\ios-system-repair.exe => No File
FirewallRules: [{FFA0DADB-99B8-41A4-946C-A1AFAC09B28F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5D97C9C7-29E0-440B-8861-31EC5A3C937E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6A68B478-C2DA-461A-85BB-4D85D15D6D31}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{17868EFD-A383-4558-B3D6-A8A1B823A70B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{ABACFD34-F1D5-40E4-ACD6-F73F0EAA46FC}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [TCP Query User{A08D6C45-2D83-4C6C-B208-F4C52294E17F}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{E56D7FBB-695A-4603-B427-4E1E20CA0AC2}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [TCP Query User{E3ED1EA7-65A6-41B1-B6F7-8C5692A9D6E4}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{8BFC9340-A00E-4D22-990F-A0D459B32903}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{8EB3FAF2-23D3-42AD-90D1-1E952AB5F7FE}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{ADC045A6-7715-4714-B4B3-AF38A86FC1C0}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [TCP Query User{52A1E127-83AC-4FDF-B996-0AE9C54E0D8D}C:\users\admin\desktop\ultimate.epic.battle.simulator.v1.9\ultimate.epic.battle.simulator.v1.9\uebs.exe] => (Block) C:\users\admin\desktop\ultimate.epic.battle.simulator.v1.9\ultimate.epic.battle.simulator.v1.9\uebs.exe => No File
FirewallRules: [{BD346439-8DCF-40C4-A98A-5CCB3BD83D57}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{85CB2F9B-F6DC-404A-8575-0808B03F7581}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{512F7271-201A-464D-B373-4E7B00CA606A}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{7018E7B4-4570-428C-AF06-42D40154F698}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{3E34AA99-1787-4097-9DC6-39B352C2086D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{D13FA17A-7FF5-4F2C-9E3E-11D22530B8F5}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{7468A00C-06BD-4450-AF36-181B75C3D83F}] => (Allow) C:\Program Files (x86)\GoPro\GoPro Webcam\GoPro Webcam.exe => No File
FirewallRules: [{7A56D37C-7A80-4EBF-834C-738BA9F38A6D}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{81F3A8BA-B47E-434E-87C5-1741AE8D79B8}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{3E42C871-79C6-451D-9122-F75EBEAAA45B}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{FE657C38-8069-4BDE-B91A-D72E4219C8F6}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{929F8FF9-FB40-4668-910F-F77B8A815E28}] => (Allow) C:\Program Files\MetaTrader\metatester64.exe => No File
FirewallRules: [{3744A05E-B0ED-4A86-9896-6531E81AC369}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve Corp. -> )
FirewallRules: [{29A30C6E-7DCC-4C4E-9F17-A5147B6DDE5C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve Corp. -> )
FirewallRules: [{801042FD-00A1-4B0A-8CFE-71BFBE3F7478}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{C7D13E62-895F-4F42-8CAD-0D068B731709}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{A791A351-CFAE-450A-94CF-08D601203A73}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{1392BDC2-A999-4433-AF5B-40EE4ED5AE16}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{CCF09E5E-F3EC-403F-99E0-ECD583EC6C4A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{98B7F7DB-3E56-4E59-969B-CBFF9E717985}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\105.0.1343.27\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A03BA5E0-AD9D-4BA4-AD0C-45483F405CE2}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{4C0986A0-9164-43CE-84D4-3AE76C912AF3}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
StandardProfile\AuthorizedApplications: [C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe] => enabled:@shell32.dll,-1
==================== Restore Points =========================
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (09/06/2022 09:04:51 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.
Error: (09/06/2022 09:04:51 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
Error: (09/06/2022 02:15:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vSptjzxQegbSAhqaxmUADvxq.exe, version: 0.0.0.0, time stamp: 0x630a0fdb
Faulting module name: vSptjzxQegbSAhqaxmUADvxq.exe, version: 0.0.0.0, time stamp: 0x630a0fdb
Exception code: 0xc0000005
Fault offset: 0x000127b0
Faulting process id: 0x50dc
Faulting application start time: 0x01d8c15382417a49
Faulting application path: C:\Users\Admin\Pictures\Minor Policy\vSptjzxQegbSAhqaxmUADvxq.exe
Faulting module path: C:\Users\Admin\Pictures\Minor Policy\vSptjzxQegbSAhqaxmUADvxq.exe
Report Id: 3a797160-f215-40a2-866f-541e801dba57
Faulting package full name:
Faulting package-relative application ID:
Error: (09/06/2022 02:15:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vSptjzxQegbSAhqaxmUADvxq.exe, version: 0.0.0.0, time stamp: 0x630a0fdb
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xc35de58b
Faulting process id: 0x50dc
Faulting application start time: 0x01d8c15382417a49
Faulting application path: C:\Users\Admin\Pictures\Minor Policy\vSptjzxQegbSAhqaxmUADvxq.exe
Faulting module path: unknown
Report Id: b62bf5ec-f2c4-4ea6-bba7-f521eb1d7fb0
Faulting package full name:
Faulting package-relative application ID:
Error: (09/06/2022 02:15:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vSptjzxQegbSAhqaxmUADvxq.exe, version: 0.0.0.0, time stamp: 0x630a0fdb
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xc35de58b
Faulting process id: 0x50dc
Faulting application start time: 0x01d8c15382417a49
Faulting application path: C:\Users\Admin\Pictures\Minor Policy\vSptjzxQegbSAhqaxmUADvxq.exe
Faulting module path: unknown
Report Id: eedacdba-b945-473a-a803-ca895f9c0e67
Faulting package full name:
Faulting package-relative application ID:
Error: (09/06/2022 02:15:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vSptjzxQegbSAhqaxmUADvxq.exe, version: 0.0.0.0, time stamp: 0x630a0fdb
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xc35de58b
Faulting process id: 0x50dc
Faulting application start time: 0x01d8c15382417a49
Faulting application path: C:\Users\Admin\Pictures\Minor Policy\vSptjzxQegbSAhqaxmUADvxq.exe
Faulting module path: unknown
Report Id: a9fb74c0-4f19-4469-9be2-bc617a2d7ed8
Faulting package full name:
Faulting package-relative application ID:
Error: (09/06/2022 02:15:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vSptjzxQegbSAhqaxmUADvxq.exe, version: 0.0.0.0, time stamp: 0x630a0fdb
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xc35de58b
Faulting process id: 0x50dc
Faulting application start time: 0x01d8c15382417a49
Faulting application path: C:\Users\Admin\Pictures\Minor Policy\vSptjzxQegbSAhqaxmUADvxq.exe
Faulting module path: unknown
Report Id: a3a07b6e-fbb6-41c5-8cc6-001a50a8fafa
Faulting package full name:
Faulting package-relative application ID:
Error: (09/06/2022 02:15:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vSptjzxQegbSAhqaxmUADvxq.exe, version: 0.0.0.0, time stamp: 0x630a0fdb
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xc35de58b
Faulting process id: 0x50dc
Faulting application start time: 0x01d8c15382417a49
Faulting application path: C:\Users\Admin\Pictures\Minor Policy\vSptjzxQegbSAhqaxmUADvxq.exe
Faulting module path: unknown
Report Id: 53f31508-9173-4854-94a5-4d4880fcbc1f
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (09/07/2022 05:53:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (09/07/2022 05:53:37 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Admin\AppData\Local\Temp\ehdrv.sys
Error: (09/07/2022 05:53:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (09/07/2022 05:53:36 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Admin\AppData\Local\Temp\ehdrv.sys
Error: (09/07/2022 05:53:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (09/07/2022 05:53:36 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Admin\AppData\Local\Temp\ehdrv.sys
Error: (09/07/2022 05:53:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (09/07/2022 05:53:36 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Admin\AppData\Local\Temp\ehdrv.sys
Windows Defender:
================
Date: 2022-09-07 17:06:58
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-09-07 16:59:05
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-09-06 13:40:17
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: VirTool:Win32/DefenderTamperingRestore
Severity: Severe
Category: Tool
Path: regkeyvalue:_hklm\software\policies\microsoft\windows defender\real-time protection\\DisableBehaviorMonitoring
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.373.1613.0, AS: 1.373.1613.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.19500.2, NIS: 0.0.0.0
Date: 2022-09-05 16:42:58
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-09-03 16:00:32
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
Date: 2022-08-31 19:28:26
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.373.1226.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19500.2
Error code: 0x8024001e
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2022-08-30 16:50:30
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.373.1170.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19500.2
Error code: 0x8024001e
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2022-08-12 14:39:09
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.331.1972.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17800.5
Error code: 0x80240022
Error description: The program can't check for definition updates.
Date: 2022-08-12 14:39:09
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.331.1972.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17800.5
Error code: 0x80240022
Error description: The program can't check for definition updates.
Date: 2022-08-12 14:28:00
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.331.1972.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17800.5
Error code: 0x80070070
Error description: There is not enough space on the disk.
CodeIntegrity:
===============
Date: 2022-09-07 22:11:29
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\x86\aswAMSI.dll that did not meet the Microsoft signing level requirements.
Date: 2022-09-07 22:07:58
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 5409 01/07/2020
Motherboard: ASUSTeK COMPUTER INC. PRIME A320M-K
Processor: AMD Ryzen 5 2600 Six-Core Processor
Percentage of memory in use: 56%
Total physical RAM: 8123.39 MB
Available physical RAM: 3573.88 MB
Total Virtual: 10299.39 MB
Available Virtual: 3849.9 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:238.42 GB) (Free:4.06 GB) (Model: TS256GMTS830S) NTFS
Drive e: (XXXL) (Removable) (Total:7.46 GB) (Free:1.51 GB) FAT32
\\?\Volume{99b6b05c-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 99B6B05C)
Partition 1: (Active) - (Size=50 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)
==========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 04030201)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0B)
==================== End of Addition.txt =======================
