Featured Post

Avira Antivirus Pro - Review 2020 - PCMag India

Image
Avira Antivirus Pro - Review 2020 - PCMag IndiaAvira Antivirus Pro - Review 2020 - PCMag IndiaPosted: 11 Jun 2020 12:00 AM PDTEvery computer needs antivirus protection, and one way companies can support that aim is to provide free antivirus to the masses. But these companies can't survive unless some users shell out their hard-earned cash for paid antivirus utilities. Piling on pro-only tools and components is one way companies encourage upgrading to a paid antivirus. Avira Antivirus Pro adds several components not available to users of Avira Free Security, but they don't really add much value. The biggest reason to pay for it is if you want to use Avira in a commercial setting, which isn't allowed with the free version.Avira's pricing is undeniably on the high side, with a list price of $59.88 per year for one license, $71.88 for three, and $95.88 for five. Admittedly, it seems to be perpetually on sale; just now, the one-license price is discounted to $44.99. That…

After accidental malware download, computer is not the same - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer

I clicked on a link I know I shouldn't have, saw the urls changing rapidly and immediately closed the window. A week later my parental software flagged me trying to visit pornographic websites 100 times in a minute. I downloaded premium malwarebytes and removed 2 files, a PUP.Optional.InstallCore in my registry and a generic malware file called $RFHLJ6G.EXE in my recycle bin. I also installed symantec which flagged nothing except my process hacker. In the following days my newly installed malwarebytes tells me the parental software is visiting malicious websites through the proxy file multiple times, and I scan but nothing comes of it. My laptop has been tremendously slow and overheating for an unknown reason, the malware programs detect nothing and task manager says nothing is wrong. I'm almost ready to just factory reset. Here are my logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-06-2020
Ran by Ethan (ATTENTION: The user is not administrator) on ETHANLAPTOP (HUAWEI KPL-W0X) (13-06-2020 05:42:15)
Running from C:\Users\Ethan\Desktop
Loaded Profiles: Ethan
Platform: Windows 10 Home Version 1809 17763.1217 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <21>
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1910.0.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12006.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Qustodio Technologies, SL -> ) C:\Program Files (x86)\Qustodio\qapp\crashpad_handler.exe
(Qustodio Technologies, SL -> Qustodio Technologies) C:\Program Files (x86)\Qustodio\qapp\QAppTray.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5569.2100.105\Bin\ccSvcHst.exe
Failed to access process -> amdlogsr.exe
Failed to access process -> atieclxx.exe
Failed to access process -> atiesrxx.exe
Failed to access process -> ccSvcHst.exe
Failed to access process -> conhost.exe
Failed to access process -> crashpad_handler.exe
Failed to access process -> crashpad_handler.exe
Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
Failed to access process -> dasHost.exe
Failed to access process -> DAX3API.exe
Failed to access process -> dllhost.exe
Failed to access process -> dwm.exe
Failed to access process -> EvtEng.exe
Failed to access process -> FMService64.exe
Failed to access process -> fontdrvhost.exe
Failed to access process -> fontdrvhost.exe
Failed to access process -> GoogleCrashHandler.exe
Failed to access process -> GoogleCrashHandler64.exe
Failed to access process -> LCD_Service.exe
Failed to access process -> lsass.exe
Failed to access process -> MateBookService.exe
Failed to access process -> MBAMService.exe
Failed to access process -> OfficeClickToRun.exe
Failed to access process -> qengine.exe
Failed to access process -> QUpdateService.exe
Failed to access process -> RegSrvc.exe
Failed to access process -> RtkAudUService64.exe
Failed to access process -> RtkAudUService64.exe
Failed to access process -> SearchFilterHost.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> SearchProtocolHost.exe
Failed to access process -> SecurityHealthService.exe
Failed to access process -> sepWscSvc64.exe
Failed to access process -> services.exe
Failed to access process -> SgrmBroker.exe
Failed to access process -> smss.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> unsecapp.exe
Failed to access process -> wininit.exe
Failed to access process -> winlogon.exe
Failed to access process -> wlanext.exe
Failed to access process -> WMIADAP.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> ZeroConfigService.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [836672 2018-11-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-14] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3331264 2020-01-20] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKLM-x32\...\Run: [QAppTray] => C:\Program Files (x86)\Qustodio\qapp\QAppTray.exe [6429456 2020-06-04] (Qustodio Technologies, SL -> Qustodio Technologies)
HKU\S-1-5-21-1017088884-3281645122-1580351492-1002\...\Run: [GoogleChromeAutoLaunch_C4C526BDE8624B78F748783A47890366] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-1017088884-3281645122-1580351492-1002\...\Run: [launchOnStartup] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [13971528 2020-05-06] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-1017088884-3281645122-1580351492-1002\...\Run: [CCXProcess] => "C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe"
HKU\S-1-5-21-1017088884-3281645122-1580351492-1002\...\MountPoints2: {d731a143-c473-11e8-aff7-ef1b4a682e27} - "E:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-1017088884-3281645122-1580351492-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06132020053622750\...\Run: [GoogleChromeAutoLaunch_C4C526BDE8624B78F748783A47890366] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-1017088884-3281645122-1580351492-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06132020053622750\...\Run: [launchOnStartup] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [13971528 2020-05-06] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-1017088884-3281645122-1580351492-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06132020053622750\...\Run: [CCXProcess] => "C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe"
HKU\S-1-5-21-1017088884-3281645122-1580351492-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06132020053622750\...\RunOnce: [Application Restart #0] => C:\Windows\HelpPane.exe [1071616 2020-03-10] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1017088884-3281645122-1580351492-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06132020053622750\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --profile-directory=Default --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --restore-last-session
HKU\S-1-5-21-1017088884-3281645122-1580351492-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06132020053622750\...\MountPoints2: {d731a143-c473-11e8-aff7-ef1b4a682e27} - "E:\HiSuiteDownLoader.exe" 
HKLM\...\Windows x64\Print Processors\Canon iP110 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDCH.DLL [30208 2014-06-08] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon MX920 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBL.DLL [30208 2012-09-20] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MX920 series: C:\WINDOWS\system32\CNCALBL.DLL [303104 2012-09-21] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MX920 series: C:\WINDOWS\system32\CNMLMBL.DLL [390656 2012-09-20] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.97\Installer\chrmstp.exe [2020-06-05] (Google LLC -> Google LLC)
Startup: C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2019-11-29]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (No File)
Startup: C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-08-13]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{0fd44dc5-54d3-4548-a4de-121a058f2fb6}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{42687b4e-4fd5-4ba8-b5dc-191ac714846c}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{794c4cd7-35de-4e43-975d-105099c2323b}: [DhcpNameServer] 40.40.1.12
Tcpip\..\Interfaces\{a73bdab8-9a7e-48ee-b785-5ecc46657b1c}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Internet Explorer:
==================
HKU\S-1-5-21-1017088884-3281645122-1580351492-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
HKU\S-1-5-21-1017088884-3281645122-1580351492-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://OEM17SWIN10.MSN.COM/?PC=NSJE
HKU\S-1-5-21-1017088884-3281645122-1580351492-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06132020053622750\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
HKU\S-1-5-21-1017088884-3281645122-1580351492-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06132020053622750\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://OEM17SWIN10.MSN.COM/?PC=NSJE
URLSearchHook: [S-1-5-21-1017088884-3281645122-1580351492-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06132020053623422] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-21-1017088884-3281645122-1580351492-1002 -> DefaultScope {19DD036C-D3F6-4E92-AC6C-D795D806EB14} URL = 
SearchScopes: HKU\S-1-5-21-1017088884-3281645122-1580351492-1002 -> {19DD036C-D3F6-4E92-AC6C-D795D806EB14} URL = 
SearchScopes: HKU\S-1-5-21-1017088884-3281645122-1580351492-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06132020053622750 -> DefaultScope {19DD036C-D3F6-4E92-AC6C-D795D806EB14} URL = 
SearchScopes: HKU\S-1-5-21-1017088884-3281645122-1580351492-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06132020053622750 -> {19DD036C-D3F6-4E92-AC6C-D795D806EB14} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-01-13] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2018-07-28] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-07-28] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation)
DownloadDir: C:\Users\Ethan\Downloads
FF Plugin: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-07-28] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-07-28] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-01-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-1017088884-3281645122-1580351492-1002: @zoom.us/ZoomVideoPlugin -> C:\Users\Ethan\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-05-14] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-1017088884-3281645122-1580351492-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06132020053622750: @zoom.us/ZoomVideoPlugin -> C:\Users\Ethan\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-05-14] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
CHR DefaultProfile: Default
CHR Profile: C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default [2020-06-13]
CHR Notifications: Default -> hxxps://www.youtube.com
CHR StartupUrls: Default -> "chrome://newtab/","hxxps://mail.google.com/mail/u/0/#inbox"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Slides) - C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-07-27]
CHR Extension: (Docs) - C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-27]
CHR Extension: (Google Drive) - C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-12-21]
CHR Extension: (YouTube) - C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-27]
CHR Extension: (Honey) - C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2020-05-30]
CHR Extension: (Google Docs Offline) - C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-30]
CHR Extension: (Chrometana - Redirect Bing Somewhere Better) - C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaicbfmipfpfpjmlbpejaoaflfdnabnc [2018-07-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
CHR Extension: (AdBlocker Ultimate) - C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohahllgiabjaoigichmmfljhkcfikeof [2020-06-11]
CHR Extension: (Modern Flat) - C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdcjjgefkpoemmlcjfcfkeminneboaob [2018-09-05]
CHR Extension: (Gmail) - C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30]
CHR Extension: (Chrome Media Router) - C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-24]
CHR Extension: (Daily Crown Quiz Answering Extension) - C:\Users\Ethan\Documents\Other\Chrome Crowns Extension [2019-11-28]
CHR Profile: C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\System Profile [2020-06-08]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AALSvc; C:\AlphaAntiLeak\AAL\bin\server\AALSvc.exe [11439992 2020-06-09] (Constantin Schreiber -> )
S4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3673680 2020-05-05] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\u0355166.inf_amd64_b850e0f0c3bce936\B355483\atiesrxx.exe [529624 2020-05-27] (Advanced Micro Devices, Inc. -> AMD)
R2 AMD Log Utility; C:\WINDOWS\System32\amdlogsr.exe [483248 2020-05-05] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7356680 2018-10-03] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [10637168 2020-05-29] (Microsoft Corporation -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe [602544 2018-09-27] (Dolby Laboratories, Inc. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [781440 2018-08-17] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [294968 2018-09-19] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1748552 2020-05-06] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6821960 2020-05-06] (GOG Sp. z o.o. -> GOG.com)
R2 LCD_Service; C:\Program Files\Huawei\HwLcdEnhancement\LCD_Service.exe [25584 2020-01-10] (Huawei Technologies Co., Ltd. -> Microsoft)
R3 lmhosts; C:\WINDOWS\System32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 lmhosts; C:\WINDOWS\SysWOW64\svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 MBAMainService; C:\Program Files\Huawei\PCManager\MateBookService.exe [1005040 2020-01-10] (Huawei Technologies Co., Ltd. -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-05-20] (Malwarebytes Inc -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265864 2018-03-20] (Intel Corporation -> )
R2 NlaSvc; C:\WINDOWS\System32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NlaSvc; C:\WINDOWS\SysWOW64\svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 nsi; C:\WINDOWS\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 nsi; C:\WINDOWS\SysWOW64\svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 qengine; C:\Program Files (x86)\Qustodio\qproxy\qengine.exe [4139792 2020-06-04] (Qustodio Technologies, SL -> Qustodio Technologies)
R2 qupdate; C:\Program Files (x86)\Qustodio\qapp\QUpdateService.exe [2358544 2020-06-04] (Qustodio Technologies, SL -> Qustodio Technologies)
S4 SepLpsService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5569.2100.105\Bin\ccSvcHst.exe [159088 2020-05-20] (Symantec Corporation -> Symantec Corporation)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5569.2100.105\Bin\ccSvcHst.exe [159088 2020-05-20] (Symantec Corporation -> Symantec Corporation)
R2 sepWscSvc; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5569.2100.105\Bin64\sepWscSvc64.exe [1834776 2020-05-20] (Symantec Corporation -> Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5569.2100.105\Bin64\snac64.exe [394680 2020-05-20] (Symantec Corporation -> Symantec Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\NisSrv.exe [3304992 2020-05-01] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MsMpEng.exe [103376 2020-05-01] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3848328 2018-03-20] (Intel Corporation -> Intel® Corporation)
S2 EraserSvc11910; "C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\ccSvcHst.exe" /h ccCommon [X]
U4 weClientDataTransferService; "C:\Program Files\WE_Client\wecdt.exe" [X]
U4 weClientMessengerService; "C:\Program Files\WE_Client\wecmsg.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AALProtect; C:\AlphaAntiLeak\AAL\bin\server\AALProtect.sys [35984 2020-03-24] (OOO AMEKS -> )
R3 amdacpbus; C:\WINDOWS\System32\drivers\amdacpbus.sys [6170544 2020-05-19] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34664 2018-03-31] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 AMDHDAudBusService; C:\WINDOWS\System32\drivers\amdhdaudbus.sys [79224 2018-08-08] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 amdi2c; C:\WINDOWS\System32\drivers\amdi2c.sys [52680 2017-10-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\u0355166.inf_amd64_b850e0f0c3bce936\B355483\amdkmdag.sys [71066320 2020-05-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdlog; C:\WINDOWS\System32\drivers\amdlog.sys [89200 2020-05-05] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\drivers\amdpsp.sys [137104 2017-11-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [60216 2020-03-31] (Advanced Micro Devices, Inc. -> )
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [107936 2020-03-13] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S3 BEDaisy; C:\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys [2551864 2018-10-03] (BattlEye Innovations e.K. -> )
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5569.2100.105\Data\Definitions\BASHDefs\20200609.001\BHDrvx64.sys [1952136 2020-05-11] (Symantec Corporation -> Symantec Corporation)
R1 ccSettings_{D8E0573B-6B4C-4DC0-8F5C-4764B8E079F9}; C:\WINDOWS\System32\Drivers\SEP\0E0215C1\0834.105\x64\ccSetx64.sys [179416 2020-05-20] (Symantec Corporation -> Symantec Corporation)
S3 CH341SER_A64; C:\WINDOWS\System32\Drivers\CH341S64.SYS [69024 2019-05-29] (Microsoft Windows Hardware Compatibility Publisher -> www.winchiphead.com)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [516784 2020-05-20] (Symantec Corporation -> Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [154288 2020-05-23] (Symantec Corporation -> Symantec Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-05-20] (Malwarebytes Corporation -> Malwarebytes)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5569.2100.105\Data\Definitions\IPSDefs\20200611.061\IDSvia64.sys [1455288 2020-05-19] (Symantec Corporation -> Symantec Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-06-02] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-06-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [195432 2020-06-13] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73368 2020-06-13] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-06-13] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [131736 2020-06-13] (Malwarebytes Inc -> Malwarebytes)
R1 netfilter_wfp_ev_64; C:\WINDOWS\System32\drivers\netfilter_wfp_ev_64.sys [96864 2018-04-12] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
R1 qwdf64; C:\WINDOWS\system32\Drivers\qwdf64.sys [41872 2019-08-01] (Qustodio Technologies, SL -> Qustodio Technologies)
R1 qwdr64; C:\WINDOWS\system32\Drivers\qwdr64.sys [55696 2019-08-01] (Qustodio Technologies, SL -> Qustodio Technologies)
R2 qwfp; C:\WINDOWS\system32\Drivers\qwfp64.sys [47736 2019-08-01] (Microsoft Windows Hardware Compatibility Publisher -> Qustodio Technologies)
S3 SPUVCbv; C:\WINDOWS\System32\Drivers\SPUVCbv64.sys [766040 2017-10-26] (SUNPLUS INNOVATION TECHNOLOGY INC. -> Sunplus Innovation Technology Inc.)
R1 SRTSP; C:\WINDOWS\System32\Drivers\SEP\0E0215C1\0834.105\x64\SRTSP64.SYS [870792 2020-05-20] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\Drivers\SEP\0E0215C1\0834.105\x64\SRTSPX64.SYS [51080 2020-05-20] (Symantec Corporation -> Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5569.2100.105\Bin64\SyDvCtrl64.sys [44568 2020-05-20] (Symantec Corporation -> Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\symefasi\0603040.009\symefasi64.sys [1822600 2020-05-20] (Symantec Corporation -> Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\Drivers\SEP\0E0215C1\0834.105\x64\SymELAM.sys [26000 2020-05-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [99920 2020-05-20] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\Drivers\SEP\0E0215C1\0834.105\x64\Ironx64.SYS [311264 2020-05-20] (Symantec Corporation -> Symantec Corporation)
R1 SYMNETS; C:\WINDOWS\System32\Drivers\SEP\0E0215C1\0834.105\x64\SYMNETS.SYS [568712 2020-05-20] (Symantec Corporation -> Symantec Corporation)
R1 SysPlant; C:\WINDOWS\System32\Drivers\SysPlant.sys [231360 2020-05-20] (Symantec Corporation -> Symantec Corporation)
S3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
R1 Teefer2; C:\WINDOWS\system32\DRIVERS\Teefer.sys [132992 2020-05-20] (Symantec Corporation -> Symantec Corporation)
S3 USBTINSP; C:\WINDOWS\System32\drivers\tinspusb.sys [142848 2017-07-27] (Microsoft Windows Hardware Compatibility Publisher -> Texas Instruments)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45960 2020-05-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [394680 2020-05-01] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64944 2020-05-01] (Microsoft Windows -> Microsoft Corporation)
R3 WDTDrv; C:\WINDOWS\System32\Drivers\WDTDrv.sys [27048 2018-02-27] (Huawei Technologies Co., Ltd. -> Huawei Device)
S3 EraserUtilDrv11910; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11910.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-06-13 05:42 - 2020-06-13 05:42 - 000031721 _____ C:\Users\Ethan\Desktop\FRST.txt
2020-06-13 05:42 - 2020-06-13 05:42 - 000000000 ____D C:\FRST
2020-06-13 05:40 - 2020-06-13 05:40 - 002289152 _____ (Farbar) C:\Users\Ethan\Desktop\FRST64.exe
2020-06-13 05:36 - 2020-06-13 05:36 - 000195432 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2020-06-13 05:36 - 2020-06-13 05:36 - 000131736 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2020-06-13 05:36 - 2020-06-13 05:36 - 000073368 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-06-13 05:36 - 2020-06-13 05:36 - 000000000 ____D C:\Users\Ethan\AppData\LocalLow\IGDump
2020-06-13 05:30 - 2020-06-13 05:34 - 000417646 _____ C:\WINDOWS\ntbtlog.txt
2020-06-12 22:53 - 2020-06-12 22:53 - 001920738 _____ C:\Users\Ethan\Downloads\iCloud Photos.zip
2020-06-12 20:53 - 2020-06-12 22:54 - 000511438 _____ C:\Users\Ethan\Downloads\IMG_1020.JPEG
2020-06-12 19:02 - 2019-08-01 16:48 - 000055696 _____ (Qustodio Technologies) C:\WINDOWS\system32\Drivers\qwdr64.sys
2020-06-12 19:02 - 2019-08-01 16:48 - 000041872 _____ (Qustodio Technologies) C:\WINDOWS\system32\Drivers\qwdf64.sys
2020-06-12 07:53 - 2020-06-12 07:53 - 000002608 _____ C:\Users\Ethan\Downloads\Player.plr
2020-06-12 05:00 - 2020-06-12 05:00 - 000000000 ____D C:\Users\Ethan\Downloads\processhacker-2.39-bin
2020-06-12 04:59 - 2020-06-12 04:59 - 003392412 _____ C:\Users\Ethan\Downloads\processhacker-2.39-bin.zip
2020-06-12 02:28 - 2020-06-12 02:28 - 000000000 ____D C:\Users\Ethan\Desktop\tools
2020-06-09 19:06 - 2020-06-09 19:06 - 000002357 _____ C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lunar Client.lnk
2020-06-09 19:06 - 2020-06-09 19:06 - 000002349 _____ C:\Users\Ethan\Desktop\Lunar Client.lnk
2020-06-09 19:05 - 2020-06-09 19:05 - 000755688 _____ (Moonsworth, LLC) C:\Users\Ethan\Downloads\Lunar Client v2.0.2.exe
2020-06-09 01:47 - 2020-06-09 01:47 - 000000000 ____D C:\Users\Ethan\AppData\Local\ATI
2020-06-09 01:43 - 2020-06-09 01:43 - 000000000 ____D C:\Users\Ethan\Desktop\runtime
2020-06-09 01:42 - 2020-06-09 01:43 - 000000000 ____D C:\Users\Ethan\Desktop\game
2020-06-09 01:33 - 2020-06-12 02:28 - 002970008 _____ (Mojang) C:\Users\Ethan\Desktop\Minecraft.exe
2020-06-09 00:03 - 2020-06-09 00:03 - 009589547 _____ C:\Users\Ethan\Downloads\RevoUninstaller_Portable (1).zip
2020-06-08 23:35 - 2020-06-08 23:58 - 000000000 ____D C:\Users\Ethan\Downloads\RevoUninstaller_Portable
2020-06-08 23:34 - 2020-06-08 23:34 - 009589547 _____ C:\Users\Ethan\Downloads\RevoUninstaller_Portable.zip
2020-06-08 23:11 - 2020-06-08 23:11 - 000000761 _____ C:\Users\Ethan\Documents\Downloads.lnk
2020-06-08 22:13 - 2020-06-08 22:14 - 000000000 ___HD C:\temp
2020-06-08 09:38 - 2020-06-08 22:06 - 000000000 ____D C:\35cf2c581e43e0fd0f2302ce54fb
2020-06-08 09:29 - 2020-06-08 22:06 - 000000000 ____D C:\68e9a7aba4aecf4ec4
2020-06-08 08:06 - 2020-06-08 08:06 - 000000000 ___HD C:\ProgramData\CanonIJFAX
2020-06-07 23:17 - 2020-06-07 23:22 - 000000000 ____D C:\Users\Ethan\Epubee Library
2020-06-07 23:17 - 2020-06-07 23:17 - 000000000 ____D C:\Users\Ethan\BookManager
2020-06-07 23:17 - 2020-06-07 23:17 - 000000000 ____D C:\Users\Ethan\AppData\Roaming\.cover
2020-06-07 23:17 - 2020-06-07 23:17 - 000000000 ____D C:\Users\Ethan\.Epubor_Keys
2020-06-07 23:14 - 2020-06-08 22:16 - 000000000 ____D C:\Program Files (x86)\ePUBee
2020-06-05 23:17 - 2020-06-05 23:17 - 000000000 ____D C:\8527c8ea7501eb69401877adc732
2020-06-05 23:07 - 2020-06-05 23:07 - 000000000 ____D C:\de22f4d81bbf950b5e0f7a8642297b
2020-06-05 22:57 - 2020-06-05 22:57 - 000000000 ____D C:\f4b9a65bd3630368995b8ced06
2020-06-05 22:37 - 2020-06-05 22:37 - 000000000 ____D C:\faa6e5d10903a99a286ff6
2020-06-05 22:27 - 2020-06-05 22:28 - 000000000 ____D C:\4fa0f45da0c207e28fce354dfbcbb45a
2020-06-05 22:24 - 2020-06-05 22:24 - 000000000 ____D C:\Users\Ethan\AppData\Local\cache
2020-06-05 22:19 - 2020-06-05 22:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Software
2020-06-05 22:17 - 2020-06-05 22:22 - 000000000 ____D C:\25a06eb4cb678d6510bb02b4e69c
2020-06-05 22:17 - 2020-06-05 22:17 - 000000000 ____D C:\ProgramData\AMD
2020-06-05 22:04 - 2020-06-05 22:12 - 000000000 ____D C:\96699b5329d1ea66b0a663de302c5a
2020-06-05 22:03 - 2020-06-05 22:03 - 000000000 ____D C:\AMD
2020-06-05 21:56 - 2020-06-05 21:56 - 000000000 ____D C:\Users\Ethan\AppData\Local\RadeonSettings
2020-06-05 21:52 - 2020-06-05 22:12 - 000000000 ____D C:\59149044dd0aac2303de
2020-06-05 21:44 - 2020-06-05 22:12 - 000000000 ____D C:\bd86fd4774132980229e4d5232ae
2020-06-05 04:05 - 2020-06-05 21:37 - 000000000 ____D C:\873d716d2277afe5bee1c44e0b878d87
2020-06-05 03:54 - 2020-06-05 21:37 - 000000000 ____D C:\dbd59e3d47cf23fa38e6b2b4
2020-06-05 03:46 - 2020-06-05 21:37 - 000000000 ____D C:\8878178fedc450c4b9
2020-06-05 03:30 - 2020-06-05 21:37 - 000000000 ____D C:\3aa04f0e181a6ef6283335
2020-06-05 02:34 - 2020-06-05 21:37 - 000000000 ____D C:\b7af3d3859975eec9620db8b5a5f6e41
2020-06-05 02:26 - 2020-06-05 21:37 - 000000000 ____D C:\487c789bbfdb27e0f8
2020-06-05 02:14 - 2020-06-05 21:37 - 000000000 ____D C:\d88254605b4e82c096
2020-06-05 02:05 - 2020-06-05 21:37 - 000000000 ____D C:\e25ee765e720e9e181c0a4
2020-06-05 01:55 - 2020-06-05 21:37 - 000000000 ____D C:\8986be08c43b083cf019
2020-06-05 01:45 - 2020-06-05 21:37 - 000000000 ____D C:\24b77074821232b8eee377b656
2020-06-05 01:35 - 2020-06-05 21:37 - 000000000 ____D C:\76cca42bb37e3cd7e09f354112b60b
2020-06-05 01:25 - 2020-06-05 21:37 - 000000000 ____D C:\514f6c63d0b4235c42ea
2020-06-05 01:15 - 2020-06-05 21:37 - 000000000 ____D C:\a82951183443a4c4ff
2020-06-05 01:05 - 2020-06-05 21:37 - 000000000 ____D C:\1500873c57dc503bb2583144b776
2020-06-05 00:55 - 2020-06-05 21:37 - 000000000 ____D C:\2608ecb4b26d61af942bbe9aef91a4
2020-06-05 00:45 - 2020-06-05 21:37 - 000000000 ____D C:\d0bd3ae4cfc3cb2d19
2020-06-05 00:35 - 2020-06-05 21:37 - 000000000 ____D C:\b8593ace07e295202c
2020-06-05 00:25 - 2020-06-05 21:37 - 000000000 ____D C:\aefea5c399639a508a8d0cc319bada
2020-06-05 00:15 - 2020-06-05 21:37 - 000000000 ____D C:\d34e9191b27aad94f2aa2e6e
2020-06-05 00:05 - 2020-06-05 21:37 - 000000000 ____D C:\746cad1319b45c0fa13d3542b5
2020-06-04 23:55 - 2020-06-05 21:37 - 000000000 ____D C:\761aa80eda44dc967c55336087417a
2020-06-04 23:45 - 2020-06-05 21:37 - 000000000 ____D C:\0b015b1b5cce422460fcedb4
2020-06-04 23:35 - 2020-06-05 21:37 - 000000000 ____D C:\21bb368a3acf317e654c
2020-06-04 23:25 - 2020-06-05 21:37 - 000000000 ____D C:\1eb161e731e359e492622ac3330bc8
2020-06-04 23:15 - 2020-06-05 21:37 - 000000000 ____D C:\9954edefd2c4ee760f21
2020-06-04 23:05 - 2020-06-05 21:37 - 000000000 ____D C:\4996eff18111c7145a68
2020-06-04 22:55 - 2020-06-05 21:37 - 000000000 ____D C:\dbfc9b3663e052d664a93b73
2020-06-04 22:45 - 2020-06-05 21:37 - 000000000 ____D C:\e15f2439316aa3b95ecb
2020-06-04 22:35 - 2020-06-05 21:37 - 000000000 ____D C:\0812b054302348352f
2020-06-03 21:45 - 2020-06-05 21:42 - 000000000 ___HD C:\adobeTemp
2020-06-02 22:05 - 2020-06-02 22:05 - 000000000 ___HD C:\ProgramData\CanonBJ
2020-06-02 21:50 - 2020-06-02 21:50 - 000000000 ____D C:\Users\Ethan\AppData\Local\UXP
2020-06-02 21:49 - 2020-06-02 21:49 - 000000000 ____D C:\Users\Ethan\AppData\LocalLow\Adobe
2020-06-02 21:47 - 2020-06-08 22:09 - 000000000 ___RD C:\Users\Ethan\Creative Cloud Files
2020-06-02 21:42 - 2020-06-02 21:47 - 000000000 ____D C:\ProgramData\Adobe
2020-06-02 21:40 - 2020-06-08 22:13 - 000000000 ____D C:\Program Files\Common Files\Adobe
2020-06-02 21:40 - 2020-06-08 22:12 - 000000000 ____D C:\Program Files\Adobe
2020-06-02 21:38 - 2020-06-02 21:47 - 000000000 ____D C:\Users\Ethan\AppData\Local\Adobe
2020-06-02 17:15 - 2020-06-13 05:36 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-06-02 17:15 - 2020-06-02 17:15 - 000214496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-06-01 01:12 - 2020-06-01 01:12 - 000000000 ____D C:\Users\Ethan\AppData\Local\Adobe_Systems_Incorporate
2020-06-01 01:06 - 2020-06-08 23:12 - 000000000 ____D C:\Program Files (x86)\Adobe
2020-05-27 14:20 - 2020-05-27 14:20 - 064809688 _____ C:\WINDOWS\system32\amd_comgr.dll
2020-05-27 14:20 - 2020-05-27 14:20 - 053685456 _____ C:\WINDOWS\SysWOW64\amd_comgr32.dll
2020-05-27 14:20 - 2020-05-27 14:20 - 004631248 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll
2020-05-27 14:20 - 2020-05-27 14:20 - 004141776 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll
2020-05-27 14:20 - 2020-05-27 14:20 - 001784536 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2020-05-27 14:20 - 2020-05-27 14:20 - 001784536 _____ C:\WINDOWS\system32\vulkaninfo.exe
2020-05-27 14:20 - 2020-05-27 14:20 - 001775320 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2020-05-27 14:20 - 2020-05-27 14:20 - 001374936 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-05-27 14:20 - 2020-05-27 14:20 - 001374936 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2020-05-27 14:20 - 2020-05-27 14:20 - 001342168 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2020-05-27 14:20 - 2020-05-27 14:20 - 001342168 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2020-05-27 14:20 - 2020-05-27 14:20 - 001085976 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2020-05-27 14:20 - 2020-05-27 14:20 - 001085976 _____ C:\WINDOWS\system32\vulkan-1.dll
2020-05-27 14:20 - 2020-05-27 14:20 - 000944824 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2020-05-27 14:20 - 2020-05-27 14:20 - 000944824 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2020-05-27 14:20 - 2020-05-27 14:20 - 000761040 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2020-05-27 14:20 - 2020-05-27 14:20 - 000737496 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Rapidfire64.dll
2020-05-27 14:20 - 2020-05-27 14:20 - 000621784 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\Rapidfire.dll
2020-05-27 14:20 - 2020-05-27 14:20 - 000497360 _____ C:\WINDOWS\system32\GameManager64.dll
2020-05-27 14:20 - 2020-05-27 14:20 - 000493776 _____ C:\WINDOWS\system32\dgtrayicon.exe
2020-05-27 14:20 - 2020-05-27 14:20 - 000469200 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2020-05-27 14:20 - 2020-05-27 14:20 - 000456920 _____ C:\WINDOWS\system32\atieah64.exe
2020-05-27 14:20 - 2020-05-27 14:20 - 000433360 _____ C:\WINDOWS\system32\EEURestart.exe
2020-05-27 14:20 - 2020-05-27 14:20 - 000380624 _____ C:\WINDOWS\SysWOW64\GameManager32.dll
2020-05-27 14:20 - 2020-05-27 14:20 - 000352464 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2020-05-27 14:20 - 2020-05-27 14:20 - 000340176 _____ C:\WINDOWS\system32\clinfo.exe
2020-05-27 14:20 - 2020-05-27 14:20 - 000245976 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2020-05-27 14:20 - 2020-05-27 14:20 - 000213712 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2020-05-27 14:20 - 2020-05-27 14:20 - 000187600 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2020-05-27 14:20 - 2020-05-27 14:20 - 000183008 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2020-05-27 14:20 - 2020-05-27 14:20 - 000167632 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2020-05-27 14:20 - 2020-05-27 14:20 - 000167128 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2020-05-27 14:20 - 2020-05-27 14:20 - 000159264 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2020-05-27 14:20 - 2020-05-27 14:20 - 000157408 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2020-05-27 14:20 - 2020-05-27 14:20 - 000143056 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2020-05-27 14:20 - 2020-05-27 14:20 - 000141528 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2020-05-27 14:20 - 2020-05-27 14:20 - 000136400 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2020-05-27 14:20 - 2020-05-27 14:20 - 000135384 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2020-05-27 14:20 - 2020-05-27 14:20 - 000126160 _____ C:\WINDOWS\system32\atidxx64.dll
2020-05-27 14:20 - 2020-05-27 14:20 - 000123088 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2020-05-27 14:20 - 2020-05-27 14:20 - 000121048 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2020-05-27 14:20 - 2020-05-27 14:20 - 000108240 _____ C:\WINDOWS\SysWOW64\atidxx32.dll
2020-05-27 14:20 - 2020-05-27 14:20 - 000107728 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2020-05-27 14:20 - 2020-05-27 14:20 - 000091352 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mcl64.dll
2020-05-27 14:20 - 2020-05-27 14:20 - 000075984 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mcl32.dll
2020-05-27 14:20 - 2020-05-27 14:20 - 000070872 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll
2020-05-27 14:20 - 2020-05-27 14:20 - 000047320 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\RapidFireServer64.dll
2020-05-27 14:20 - 2020-05-27 14:20 - 000044248 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\RapidFireServer.dll
2020-05-27 14:20 - 2020-05-27 14:20 - 000020392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2020-05-27 14:20 - 2020-05-27 14:20 - 000020392 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2020-05-27 14:19 - 2020-05-27 14:19 - 071473360 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdhip64.dll
2020-05-27 14:19 - 2020-05-27 14:19 - 001686624 _____ (AMD) C:\WINDOWS\system32\amf-mft-mjpeg-decoder64.dll
2020-05-27 14:19 - 2020-05-27 14:19 - 001365984 _____ (AMD) C:\WINDOWS\SysWOW64\amf-mft-mjpeg-decoder32.dll
2020-05-27 14:19 - 2020-05-27 14:19 - 000941776 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2020-05-27 14:19 - 2020-05-27 14:19 - 000769232 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2020-05-27 14:19 - 2020-05-27 14:19 - 000554192 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmcl64.dll
2020-05-27 14:19 - 2020-05-27 14:19 - 000547424 _____ C:\WINDOWS\system32\amdmiracast.dll
2020-05-27 14:19 - 2020-05-27 14:19 - 000490192 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2020-05-27 14:19 - 2020-05-27 14:19 - 000467152 _____ C:\WINDOWS\system32\amdlogum.exe
2020-05-27 14:19 - 2020-05-27 14:19 - 000384208 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmcl32.dll
2020-05-27 14:19 - 2020-05-27 14:19 - 000380624 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2020-05-27 14:19 - 2020-05-27 14:19 - 000198928 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdihk64.dll
2020-05-27 14:19 - 2020-05-27 14:19 - 000168016 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdihk32.dll
2020-05-27 14:19 - 2020-05-27 14:19 - 000130864 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2020-05-27 14:19 - 2020-05-27 14:19 - 000130864 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2020-05-27 14:19 - 2020-05-27 14:19 - 000108880 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2020-05-27 14:19 - 2020-05-27 14:19 - 000108864 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2020-05-27 14:18 - 2020-05-27 14:18 - 000136544 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2020-05-27 14:18 - 2020-05-27 14:18 - 000120896 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2020-05-26 20:09 - 2020-05-26 20:09 - 000000000 ____D C:\Users\Ethan\AppData\Local\package.nw.new
2020-05-25 20:28 - 2020-05-25 20:28 - 003471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2020-05-25 20:28 - 2020-05-25 20:28 - 003437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2020-05-25 20:26 - 2020-05-25 20:26 - 000204952 _____ C:\WINDOWS\SysWOW64\ativvsvl.dat
2020-05-25 20:26 - 2020-05-25 20:26 - 000204952 _____ C:\WINDOWS\system32\ativvsvl.dat
2020-05-25 20:26 - 2020-05-25 20:26 - 000157144 _____ C:\WINDOWS\SysWOW64\ativvsva.dat
2020-05-25 20:26 - 2020-05-25 20:26 - 000157144 _____ C:\WINDOWS\system32\ativvsva.dat
2020-05-25 20:01 - 2020-05-25 20:01 - 000543400 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2020-05-25 20:01 - 2020-05-25 20:01 - 000543400 _____ C:\WINDOWS\system32\atiapfxx.blb
2020-05-24 02:33 - 2020-06-09 18:08 - 000001445 _____ C:\Users\Public\Desktop\Terraria.lnk
2020-05-24 02:23 - 2020-05-24 02:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2020-05-24 02:20 - 2020-05-24 02:33 - 000000000 ____D C:\ProgramData\GOG.com
2020-05-23 16:18 - 2020-06-12 05:07 - 000000000 ____D C:\Users\Ethan\AppData\Local\CrashDumps
2020-05-20 08:04 - 2020-06-13 05:26 - 000074800 _____ (Symantec Corporation) C:\WINDOWS\system32\msln.exe
2020-05-20 08:00 - 2020-05-20 08:00 - 000000000 ____D C:\Users\Ethan\AppData\Local\Symantec
2020-05-20 07:56 - 2020-05-20 07:56 - 000609208 _____ (Symantec Corporation) C:\WINDOWS\system32\SymVPN.dll
2020-05-20 07:56 - 2020-05-20 07:56 - 000505120 _____ (Symantec Corporation) C:\WINDOWS\system32\sysfer.dll
2020-05-20 07:56 - 2020-05-20 07:56 - 000485304 _____ (Symantec Corporation) C:\WINDOWS\SysWOW64\SymVPN.dll
2020-05-20 07:56 - 2020-05-20 07:56 - 000434976 _____ (Symantec Corporation) C:\WINDOWS\SysWOW64\sysfer.dll
2020-05-20 07:56 - 2020-05-20 07:56 - 000231360 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SysPlant.sys
2020-05-20 07:56 - 2020-05-20 07:56 - 000224184 _____ (Symantec Corporation) C:\WINDOWS\system32\FwsVpn.dll
2020-05-20 07:56 - 2020-05-20 07:56 - 000219576 _____ (Symantec Corporation) C:\WINDOWS\SysWOW64\FwsVpn.dll
2020-05-20 07:56 - 2020-05-20 07:56 - 000099920 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2020-05-20 07:56 - 2020-05-20 07:56 - 000096184 _____ (Symantec Corporation) C:\WINDOWS\system32\snacnp.dll
2020-05-20 07:56 - 2020-05-20 07:56 - 000085432 _____ (Symantec Corporation) C:\WINDOWS\SysWOW64\snacnp.dll
2020-05-20 07:56 - 2020-05-20 07:56 - 000048232 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\WGX64.SYS
2020-05-20 07:56 - 2020-05-20 07:56 - 000010396 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2020-05-20 07:56 - 2020-05-20 07:56 - 000000000 ____D C:\WINDOWS\system32\Drivers\symefasi
2020-05-20 07:56 - 2020-05-20 07:56 - 000000000 ____D C:\ProgramData\SymEFASI
2020-05-20 07:56 - 2020-05-20 07:56 - 000000000 ____D C:\Program Files\Common Files\Symantec Shared
2020-05-20 07:55 - 2020-05-20 16:02 - 000000000 ____D C:\ProgramData\Symantec
2020-05-20 07:55 - 2020-05-20 07:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
2020-05-20 07:55 - 2020-05-20 07:55 - 000000000 ____D C:\WINDOWS\system32\Drivers\SEP
2020-05-20 07:55 - 2020-05-20 07:55 - 000000000 ____D C:\ProgramData\regid.1992-12.com.symantec
2020-05-20 07:55 - 2020-05-20 07:55 - 000000000 ____D C:\Program Files (x86)\Symantec
2020-05-20 07:53 - 2020-05-20 07:53 - 000132992 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\Teefer.sys
2020-05-20 07:25 - 2020-06-02 17:14 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-05-20 07:25 - 2020-05-20 07:25 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-05-20 07:25 - 2020-05-20 07:25 - 000000000 ____D C:\Users\Ethan\AppData\Local\mbamtray
2020-05-20 07:25 - 2020-05-20 07:25 - 000000000 ____D C:\Users\Ethan\AppData\Local\mbam
2020-05-20 07:25 - 2020-05-20 07:24 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-05-20 07:24 - 2020-05-20 07:24 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-05-20 07:24 - 2020-05-20 07:24 - 000000000 ____D C:\Program Files\Malwarebytes
2020-05-19 11:20 - 2020-05-19 11:20 - 006170544 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\amdacpbus.sys
2020-05-16 22:50 - 2020-05-16 22:50 - 000000000 ____D C:\Users\Ethan\AppData\LocalLow\3D Aim Trainer
2020-05-16 22:50 - 2020-05-16 22:50 - 000000000 ____D C:\Users\Ethan\AppData\Local\3D Aim Trainer
2020-05-16 22:49 - 2020-05-16 22:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3D Aim Trainer
2020-05-16 22:49 - 2020-05-16 22:49 - 000000000 ____D C:\Program Files (x86)\3D Aim Trainer Launcher
2020-05-14 07:59 - 2020-05-14 07:59 - 000000000 ____D C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-06-13 05:43 - 2018-07-27 21:24 - 000013008 _____ C:\WINDOWS\SysWOW64\qengineOff.ini
2020-06-13 05:43 - 2018-07-27 21:24 - 000013008 _____ C:\WINDOWS\system32\qengineOff.ini
2020-06-13 05:42 - 2019-05-04 21:51 - 000840852 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-06-13 05:42 - 2018-09-15 09:31 - 000000000 ____D C:\WINDOWS\INF
2020-06-13 05:40 - 2018-07-27 21:20 - 000000000 ____D C:\ProgramData\Qustodio
2020-06-13 05:36 - 2020-04-03 14:18 - 000000000 ____D C:\ProgramData\boost_interprocess
2020-06-13 05:36 - 2019-05-04 21:52 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-06-13 05:36 - 2018-09-15 09:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-06-13 05:35 - 2019-06-28 22:15 - 000000000 ____D C:\Users\Ethan\AppData\Roaming\.minecraft
2020-06-13 05:29 - 2019-05-04 21:42 - 000000000 ____D C:\Users\Ethan
2020-06-13 05:28 - 2018-12-18 11:43 - 000000000 ____D C:\Users\Ethan\AppData\Roaming\discord
2020-06-13 04:54 - 2019-05-04 21:41 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-06-13 02:51 - 2018-09-25 19:31 - 000000000 ____D C:\WINDOWS\system32\AMD
2020-06-12 20:23 - 2019-03-19 09:02 - 000000000 ___HD C:\$WINDOWS.~BT
2020-06-12 19:59 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-06-12 19:57 - 2018-09-15 09:33 - 000000000 ___HD C:\Program Files\WindowsApps
2020-06-12 19:01 - 2018-09-14 19:13 - 000000000 ____D C:\Program Files (x86)\Qustodio
2020-06-12 19:01 - 2018-07-27 21:24 - 000000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin
2020-06-12 03:02 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-06-12 02:28 - 2020-04-06 17:11 - 000000000 ____D C:\Users\Ethan\AppData\Roaming\lunarclient
2020-06-11 03:58 - 2019-05-03 10:10 - 000000000 ___DC C:\WINDOWS\Panther
2020-06-09 22:11 - 2018-09-15 09:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-06-09 19:14 - 2020-03-24 13:02 - 000000000 ____D C:\Users\Ethan\.lunarclient
2020-06-09 18:08 - 2018-09-29 13:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Terraria [GOG.com]
2020-06-09 04:19 - 2019-05-04 21:51 - 000028578 _____ C:\WINDOWS\diagwrn.xml
2020-06-09 04:19 - 2019-05-04 21:51 - 000028578 _____ C:\WINDOWS\diagerr.xml
2020-06-09 03:07 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\Registration
2020-06-09 00:08 - 2018-07-27 21:22 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2020-06-08 23:57 - 2018-08-31 20:24 - 000000000 ____D C:\Users\Ethan\Documents\Church
2020-06-08 22:16 - 2018-07-27 21:35 - 000000000 ____D C:\Users\Ethan\AppData\Local\Packages
2020-06-08 22:12 - 2018-07-27 21:35 - 000000000 ____D C:\Users\Ethan\AppData\Roaming\Adobe
2020-06-08 22:06 - 2020-05-01 05:13 - 000000000 ____D C:\Program Files\Badlion Client
2020-06-08 22:06 - 2019-05-04 21:42 - 000000000 ____D C:\Users\dadministrator
2020-06-07 23:18 - 2018-07-27 21:35 - 000000000 ____D C:\Users\Ethan\AppData\Local\VirtualStore
2020-06-07 22:50 - 2018-07-30 00:34 - 000000000 ____D C:\Users\Ethan\AppData\Local\D3DSCache
2020-06-07 19:08 - 2019-05-04 21:41 - 000488632 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-06-05 22:24 - 2018-07-27 21:35 - 000000000 ____D C:\Users\Ethan\AppData\Local\AMD
2020-06-05 22:19 - 2018-05-03 21:32 - 000000000 ____D C:\Program Files\AMD
2020-06-05 02:56 - 2018-07-27 21:18 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-06-03 03:32 - 2018-09-15 09:36 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2020-06-03 03:32 - 2018-09-15 09:36 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2020-06-02 21:45 - 2018-07-28 19:27 - 000000000 ____D C:\ProgramData\Packages
2020-06-02 21:42 - 2018-05-03 20:44 - 000000000 ____D C:\ProgramData\Package Cache
2020-06-02 21:40 - 2018-09-15 09:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-05-24 02:27 - 2018-09-29 08:34 - 000000000 ____D C:\Program Files (x86)\GOG Galaxy
2020-05-20 07:56 - 2018-09-15 09:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-05-17 05:16 - 2018-09-15 08:09 - 000000000 ____D C:\WINDOWS\servicing
2020-05-14 07:59 - 2020-04-02 11:01 - 000000000 ____D C:\Users\Ethan\AppData\Roaming\Zoom
==================== Files in the root of some directories ========
2020-06-02 21:50 - 2020-06-02 21:50 - 000000000 _____ () C:\Users\Ethan\AppData\Local\oobelibMkey.log
2020-02-09 15:02 - 2020-02-09 15:02 - 000000218 _____ () C:\Users\Ethan\AppData\Local\recently-used.xbel
==================== FLock ==============================
2020-05-13 20:50 C:\PerfLogs
2020-06-12 19:49 C:\WINDOWS\system32\config
2018-09-15 09:33 C:\WINDOWS\system32\Configuration
2018-09-15 09:33 C:\WINDOWS\system32\DriverState
2018-09-15 09:33 C:\WINDOWS\system32\FxsTmp
2018-09-15 09:34 C:\WINDOWS\system32\ias
2018-09-15 09:34 C:\WINDOWS\system32\MsDtc
2018-09-15 09:33 C:\WINDOWS\system32\networklist
2020-06-13 04:54 C:\WINDOWS\system32\SleepStudy
2020-06-13 05:29 C:\WINDOWS\system32\sru
2020-06-05 22:22 C:\WINDOWS\system32\Tasks
2019-05-05 07:40 C:\WINDOWS\system32\Tasks_Migrated
2019-07-19 20:15 C:\WINDOWS\system32\WDI
2020-06-12 19:57 C:\Program Files\WindowsApps
2020-06-09 04:19 C:\WINDOWS\diagerr.xml
2020-06-09 04:19 C:\WINDOWS\diagwrn.xml
2019-05-05 07:38 C:\WINDOWS\InfusedApps
2020-06-12 03:02 C:\WINDOWS\LiveKernelReports
2020-02-15 18:45 C:\WINDOWS\Minidump
2018-09-15 09:33 C:\WINDOWS\ModemLogs
2020-06-13 05:42 C:\WINDOWS\Prefetch
2019-05-04 22:10 C:\WINDOWS\ServiceState
2020-06-13 05:41 C:\WINDOWS\Temp
2018-09-15 09:33 C:\WINDOWS\SysWOW64\config
2018-09-15 09:33 C:\WINDOWS\SysWOW64\Configuration
2018-09-15 09:33 C:\WINDOWS\SysWOW64\Msdtc
2018-09-15 09:33 C:\WINDOWS\SysWOW64\networklist
2018-09-15 09:33 C:\WINDOWS\SysWOW64\sru
2018-09-15 09:33 C:\WINDOWS\SysWOW64\Tasks
2018-09-15 09:33 C:\WINDOWS\system32\Drivers\DriverData
2020-06-08 22:06 C:\Users\dadministrator
2020-06-02 21:45 C:\ProgramData\Packages
2019-05-04 21:44 C:\ProgramData\USOPrivate
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
ATTENTION: ==> Could not access BCD. The user is not administrator -> The boot configuration data store could not be opened.
Access is denied.
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2020
Ran by Ethan (13-06-2020 05:43:40)
Running from C:\Users\Ethan\Desktop
Windows 10 Home Version 1809 17763.1217 (X64) (2019-05-04 19:53:29)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1017088884-3281645122-1580351492-500 - Administrator - Disabled)
dadministrator (S-1-5-21-1017088884-3281645122-1580351492-1001 - Administrator - Enabled) => C:\Users\dadministrator
DefaultAccount (S-1-5-21-1017088884-3281645122-1580351492-503 - Limited - Disabled)
Ethan (S-1-5-21-1017088884-3281645122-1580351492-1002 - Limited - Enabled) => C:\Users\Ethan
Guest (S-1-5-21-1017088884-3281645122-1580351492-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1017088884-3281645122-1580351492-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Symantec Endpoint Protection (Enabled - Up to date) {1122B19A-E671-38EC-8EAC-87048FD4528D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Symantec Endpoint Protection (Enabled) {291930BF-AC1E-39B4-A5F3-2E31710715F6}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
3D Aim Trainer Launcher version 1.01 (HKLM-x32\...\{DEBD852F-7476-4715-B6AC-8A3C560EAAAA}_is1) (Version: 1.01 - 3D Aim Trainer)
7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.5.1 - Advanced Micro Devices, Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Branding64 (HKLM\...\{856DA29A-EA4A-468B-BBC2-B5F60DD75BFE}) (Version: 1.00.0002 - Advanced Micro Devices, Inc.) Hidden
Discord (HKU\S-1-5-21-1017088884-3281645122-1580351492-1002\...\Discord) (Version: 0.0.306 - Discord Inc.)
Discord (HKU\S-1-5-21-1017088884-3281645122-1580351492-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06132020053622750\...\Discord) (Version: 0.0.306 - Discord Inc.)
EdgeDeflector (HKLM-x32\...\EdgeDeflector) (Version:  - )
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Glorious Model O Software (HKLM-x32\...\{0969D386-B5B4-41BD-98E3-4A1A7D32CB97}_is1) (Version: 1.0.9 - Glorious PC Gaming Race LLC.)
GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 83.0.4103.97 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{3c598844-1b8b-41f0-b5b2-bc1dcf4d47ad}) (Version: 20.50.0 - Intel Corporation)
Java 8 Update 181 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
KeePass Password Safe 2.44 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.44 - Dominik Reichl)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logger Pro 3.15 (HKLM-x32\...\{0096EA23-A525-41C3-9DBC-E7FA5F02608C}) (Version: 5.185.1506 - Vernier Software & Technology)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Lunar Client (HKU\S-1-5-21-1017088884-3281645122-1580351492-1002\...\1fcec38f-e773-5444-8669-32b8eb41524b) (Version: 2.0.2 - Moonsworth, LLC)
Lunar Client (HKU\S-1-5-21-1017088884-3281645122-1580351492-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06132020053622750\...\1fcec38f-e773-5444-8669-32b8eb41524b) (Version: 2.0.2 - Moonsworth, LLC)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.12827.20268 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{756E195A-CB58-4B99-917F-0DDA0D881204}) (Version: 1.0.4.0 - Mojang)
Minecraft Launcher (HKLM-x32\...\{E15F69FA-660D-45CC-B28F-6CBC4CAD2091}) (Version: 1.0.0.0 - Mojang)
OEM Application Profile (HKLM-x32\...\{12C2AEB0-ED60-4CCF-DD83-C65BC7CCFB50}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12827.20160 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12827.20160 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12827.20268 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12827.20160 - Microsoft Corporation) Hidden
PC Manager (HKLM\...\PC Manager) (Version: 10.0.5.51 - Huawei Technologies Co., Ltd.)
Popcorn-Time (HKU\S-1-5-21-1017088884-3281645122-1580351492-1002\...\Popcorn-Time) (Version: 0.4.1 - Popcorn Time)
Popcorn-Time (HKU\S-1-5-21-1017088884-3281645122-1580351492-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06132020053622750\...\Popcorn-Time) (Version: 0.4.1 - Popcorn Time)
Qustodio (HKLM-x32\...\{3BE72491-5A26-4935-9500-4EADA48A4068}) (Version: 181.11.274.0 - Qustodio Technologies) Hidden
Qustodio (HKLM-x32\...\Qustodio) (Version: 181.11.274.0 - Qustodio)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8459 - Realtek Semiconductor Corp.)
Symantec Endpoint Protection (HKLM\...\{CE2F0EC1-BF6B-42A6-993C-1D9655D0C9DF}) (Version: 14.2.5569.2100 - Symantec Corporation)
Terraria (HKLM-x32\...\1207665503_is1) (Version: v1.4.0.5 - GOG.com)
TI-Nspire™ CX Student Software (HKLM-x32\...\{0465DD59-DB1D-4245-9050-B5C04EED9F52}) (Version: 4.5.0.1180 - Texas Instruments Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
WDT Device Driver version 1.0.2.5 (HKLM-x32\...\{5B06CB06-0929-48BC-BE1F-7E41461440C7}_is1) (Version: 1.0.2.5 - Huawei Technologies Co., Ltd.)
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.)
Wizard101 (HKU\S-1-5-21-1017088884-3281645122-1580351492-1002\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Wizard101 (HKU\S-1-5-21-1017088884-3281645122-1580351492-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06132020053622750\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Zoom (HKU\S-1-5-21-1017088884-3281645122-1580351492-1002\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)
Zoom (HKU\S-1-5-21-1017088884-3281645122-1580351492-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06132020053622750\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)
Adobe Reader Touch -> C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobeReader_3.1.8.7675_x86__ynb6jyjzte8ga [0000-00-00] (Adobe Systems Incorporated)
Arduino IDE -> C:\Program Files\WindowsApps\ArduinoLLC.ArduinoIDE_1.8.33.0_x86__mdqgnx93n4wtt [0000-00-00] (Arduino LLC)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.0.2204.0_x64__rz1tebttyb220 [0000-00-00] (Dolby Laboratories)
Dolby Atmos Sound System -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAtmosSoundSystem_3.20201.249.0_x64__rz1tebttyb220 [0000-00-00] (Dolby Laboratories)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [0000-00-00] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [0000-00-00] (Microsoft Corporation) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [0000-00-00] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [0000-00-00] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.156.0_x64__dt26b99r8h8gj [0000-00-00] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0 [0000-00-00] (Spotify AB) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1017088884-3281645122-1580351492-1002_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-5AC63241FAAA} -> [Creative Cloud Files] => C:\Users\Ethan\Creative Cloud Files [2020-06-02 21:47]
CustomCLSID: HKU\S-1-5-21-1017088884-3281645122-1580351492-1002_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Ethan\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1017088884-3281645122-1580351492-1002_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Ethan\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1017088884-3281645122-1580351492-1002_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Ethan\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\amd64\FileSyncShell64.dll => No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [HwShareMenu] -> {41b3b91f-d6b3-3430-bb86-a143f85353ca} => C:\Program Files\Huawei\PCManager\HwShellMenu\HwShareMenu9.DLL [2020-01-10] (Huawei Technologies Co., Ltd. -> )
ContextMenuHandlers1: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5569.2100.105\Bin64\vpshell2.dll [2020-05-20] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers2: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5569.2100.105\Bin64\vpshell2.dll [2020-05-20] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-20] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2020-05-25] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5569.2100.105\Bin64\vpshell2.dll [2020-05-20] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-20] (Malwarebytes Corporation -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Ethan\Documents\Shortcuts\Chrome School.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Ethan\Documents\Shortcuts\Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Ethan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Ethan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Ethan - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\Ethan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\76f9e4d33b60b312\Popcorn-Time.lnk -> C:\Users\Ethan\AppData\Local\Popcorn-Time\Popcorn-Time.exe (The NW.js Community) -> --user-data-dir="C:\Users\Ethan\AppData\Local\Popcorn-Time\User Data" --profile-directory=Default --app-id=hecfofbbdfadifpemejbbdcjmfmboohj
==================== Loaded Modules (Whitelisted) =============
2019-07-18 11:23 - 2019-07-18 11:23 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2018-07-29 18:39 - 2018-04-30 14:00 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000413696 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000519168 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 001431040 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 001180672 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000135680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2020-05-25 14:17 - 2020-05-25 14:17 - 006010880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 006345216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 001078272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 004000256 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 003802624 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000171008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 001083904 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000205312 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000376320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 092323328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 005560832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000188416 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 002888704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000053760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000017408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000287232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000329216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000136192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000089088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000312320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2020-05-25 14:17 - 2020-05-25 14:17 - 000085504 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll
2019-07-31 18:28 - 2019-07-31 18:28 - 005112440 _____ (The Qt Company Oy -> The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Qustodio\qapp\Qt5Core.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\WINDOWS\system32\msln.exe:31b498626fde803a3eb44bd105d3469d [1818]
AlternateDataStreams: C:\Users\Ethan\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [118]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [482]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSettings_{D8E0573B-6B4C-4DC0-8F5C-4764B8E079F9}.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-09-29 15:46 - 2017-09-29 15:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
2018-07-30 02:34 - 2020-03-23 22:02 - 000000854 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
2.168.137.66 HUAWEI_Mate_10_lite-22508.mshome.net # 2020 3 3 25 17 48 50 703
135 Selims-android.mshome.net # 2020 3 2 17 12 35 10 156
68.137.72 iPhone.mshome.net # 2020 3 2 17 10 10 44 788
192.168.137.155 Ismails-iPhone.mshome.net # 2020 3 2 17 10 20 26 328
192.168.137.205 Mustafas-iPhone.mshome.net # 2020 3 2 17 11 31 44 941
192.168.137.135 Selims-android.mshome.net # 2020 3 2 17 11 34 45 162
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1017088884-3281645122-1580351492-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-1017088884-3281645122-1580351492-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06132020053622750\Control Panel\Desktop\\Wallpaper -> C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKU\S-1-5-21-1017088884-3281645122-1580351492-1002\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-1017088884-3281645122-1580351492-1002\...\StartupApproved\StartupFolder: => "Rainmeter.lnk"
HKU\S-1-5-21-1017088884-3281645122-1580351492-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1017088884-3281645122-1580351492-1002\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-1017088884-3281645122-1580351492-1002\...\StartupApproved\Run: => "NordVPN"
HKU\S-1-5-21-1017088884-3281645122-1580351492-1002\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-1017088884-3281645122-1580351492-1002\...\StartupApproved\Run: => "launchOnStartup"
HKU\S-1-5-21-1017088884-3281645122-1580351492-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06132020053622750\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-1017088884-3281645122-1580351492-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06132020053622750\...\StartupApproved\StartupFolder: => "Rainmeter.lnk"
HKU\S-1-5-21-1017088884-3281645122-1580351492-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06132020053622750\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1017088884-3281645122-1580351492-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06132020053622750\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-1017088884-3281645122-1580351492-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06132020053622750\...\StartupApproved\Run: => "NordVPN"
HKU\S-1-5-21-1017088884-3281645122-1580351492-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06132020053622750\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-1017088884-3281645122-1580351492-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06132020053622750\...\StartupApproved\Run: => "launchOnStartup"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{12F0F1BF-0F1F-4AB8-B85A-D9666E12CC7B}C:\program files\jetbrains\pycharm community edition 2018.2.4\bin\pycharm64.exe] => (Allow) C:\program files\jetbrains\pycharm community edition 2018.2.4\bin\pycharm64.exe => No File
FirewallRules: [TCP Query User{AAC7522B-41B2-483C-98AB-7D9706CC568C}C:\program files\jetbrains\pycharm community edition 2018.2.4\bin\pycharm64.exe] => (Allow) C:\program files\jetbrains\pycharm community edition 2018.2.4\bin\pycharm64.exe => No File
FirewallRules: [UDP Query User{B655ADFE-D471-4273-8DF6-3AA2EB7238D0}C:\users\ethan\appdata\local\popcorn-time\popcorn-time.exe] => (Block) C:\users\ethan\appdata\local\popcorn-time\popcorn-time.exe (The NW.js Community) [File not signed]
FirewallRules: [TCP Query User{3772B830-C4A3-434E-84E3-0675F7D0A32A}C:\users\ethan\appdata\local\popcorn-time\popcorn-time.exe] => (Block) C:\users\ethan\appdata\local\popcorn-time\popcorn-time.exe (The NW.js Community) [File not signed]
FirewallRules: [UDP Query User{88BB2546-D116-4625-B254-3335A5E7E666}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe => No File
FirewallRules: [TCP Query User{7AEAEE55-FD0D-4187-A7DD-74DF301A87D5}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe => No File
FirewallRules: [UDP Query User{EFD389F3-4BB9-4F23-877E-D3EFCF7F504E}C:\users\ethan\appdata\local\popcorn-time\popcorn-time.exe] => (Block) C:\users\ethan\appdata\local\popcorn-time\popcorn-time.exe (The NW.js Community) [File not signed]
FirewallRules: [TCP Query User{55312368-2298-429C-8470-337C2DFF83EB}C:\users\ethan\appdata\local\popcorn-time\popcorn-time.exe] => (Block) C:\users\ethan\appdata\local\popcorn-time\popcorn-time.exe (The NW.js Community) [File not signed]
FirewallRules: [UDP Query User{87D15FF9-546C-4936-80E1-FA5C69CFB167}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Block) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [TCP Query User{B3624AFD-AF17-4707-AE2A-1FA524548AE6}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Block) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [UDP Query User{BED176F5-E088-4E80-A439-A2E0C5296F65}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe => No File
FirewallRules: [TCP Query User{E8066C27-5541-4B56-82F1-DC100EEC4D6A}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe => No File
FirewallRules: [UDP Query User{EB916461-5625-4A23-8084-B456FFFB8368}C:\program files (x86)\ti education\ti-nspire cx student software\jre\bin\java.exe] => (Block) C:\program files (x86)\ti education\ti-nspire cx student software\jre\bin\java.exe
FirewallRules: [TCP Query User{FA84BDB4-5A67-486F-B1CD-3E992B6E3C80}C:\program files (x86)\ti education\ti-nspire cx student software\jre\bin\java.exe] => (Block) C:\program files (x86)\ti education\ti-nspire cx student software\jre\bin\java.exe
FirewallRules: [UDP Query User{36DCE1FF-F8D8-495A-A43E-D2BF089793F5}C:\program files (x86)\ti education\ti-nspire cx student software\ti-nspire cx student software.exe] => (Block) C:\program files (x86)\ti education\ti-nspire cx student software\ti-nspire cx student software.exe (Texas Instruments -> Texas Instruments Incorporated)
FirewallRules: [TCP Query User{645C505C-46E6-4752-9BC5-AA58291278D5}C:\program files (x86)\ti education\ti-nspire cx student software\ti-nspire cx student software.exe] => (Block) C:\program files (x86)\ti education\ti-nspire cx student software\ti-nspire cx student software.exe (Texas Instruments -> Texas Instruments Incorporated)
FirewallRules: [{36DD776C-BEF9-4E6F-AD69-D718727D2319}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [TCP Query User{CBBD9637-D57F-4C62-BCCE-9A803B3B51EE}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe => No File
FirewallRules: [UDP Query User{5276D7A7-B6C4-4FFB-8C82-6EFA3165BB39}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe => No File
FirewallRules: [TCP Query User{EF82179C-59B6-4ADE-A26D-446FA52A5CCD}C:\users\ethan\downloads\runtime\jre-x64\bin\javaw.exe] => (Block) C:\users\ethan\downloads\runtime\jre-x64\bin\javaw.exe => No File
FirewallRules: [UDP Query User{6A83EBA7-F319-4BCF-8D93-1EDB3C5AACFC}C:\users\ethan\downloads\runtime\jre-x64\bin\javaw.exe] => (Block) C:\users\ethan\downloads\runtime\jre-x64\bin\javaw.exe => No File
FirewallRules: [TCP Query User{3FCC1C5D-9C46-4511-A102-919442135289}C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{1AE9246F-C286-436B-BB56-3037FBD0481F}C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [TCP Query User{02EFDE10-5C83-432F-ADA9-8BB6C6F18B59}C:\program files\windowsapps\arduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe] => (Block) C:\program files\windowsapps\arduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe => No File
FirewallRules: [UDP Query User{984318C3-E844-45F5-95DF-9A4E8E08A073}C:\program files\windowsapps\arduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe] => (Block) C:\program files\windowsapps\arduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe => No File
FirewallRules: [TCP Query User{B552C42A-EC61-4C72-8990-FE2ED796B10F}C:\program files (x86)\ti education\ti-nspire cx student software\ti-nspire cx student software.exe] => (Block) C:\program files (x86)\ti education\ti-nspire cx student software\ti-nspire cx student software.exe (Texas Instruments -> Texas Instruments Incorporated)
FirewallRules: [UDP Query User{D3A17CA4-E12F-4B7A-96D3-066637371298}C:\program files (x86)\ti education\ti-nspire cx student software\ti-nspire cx student software.exe] => (Block) C:\program files (x86)\ti education\ti-nspire cx student software\ti-nspire cx student software.exe (Texas Instruments -> Texas Instruments Incorporated)
FirewallRules: [TCP Query User{9F107497-D41A-46D3-80D9-C6B45B400C64}C:\program files\windowsapps\arduinollc.arduinoide_1.8.33.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe] => (Block) C:\program files\windowsapps\arduinollc.arduinoide_1.8.33.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe
FirewallRules: [UDP Query User{5FF66BEF-280F-4A88-A2EF-C5DA5956F1AF}C:\program files\windowsapps\arduinollc.arduinoide_1.8.33.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe] => (Block) C:\program files\windowsapps\arduinollc.arduinoide_1.8.33.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe
FirewallRules: [TCP Query User{D1CECEFF-BED1-4434-B871-8D5885AB6954}C:\alphaantileak\aal\bin\server\alphaantileak.exe] => (Block) C:\alphaantileak\aal\bin\server\alphaantileak.exe (Constantin Schreiber -> )
FirewallRules: [UDP Query User{126BD9DD-AF43-48E6-B4D2-BD72730DC3FA}C:\alphaantileak\aal\bin\server\alphaantileak.exe] => (Block) C:\alphaantileak\aal\bin\server\alphaantileak.exe (Constantin Schreiber -> )
FirewallRules: [TCP Query User{9D7BDA86-7780-4BCB-9F94-9EF418916881}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{D5BF7527-430F-4B92-BCA0-899E2AF39F0A}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [{6FC5A841-7F25-40DE-8A63-9D024257A7B8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{81B37590-D222-4DC8-8999-59D3EDCA5718}C:\programdata\badlionclient\jre\bin\javaw.exe] => (Block) C:\programdata\badlionclient\jre\bin\javaw.exe
FirewallRules: [UDP Query User{14E58F6C-EBC9-4F1F-9F87-8795FF5F6FB8}C:\programdata\badlionclient\jre\bin\javaw.exe] => (Block) C:\programdata\badlionclient\jre\bin\javaw.exe
FirewallRules: [TCP Query User{250ED133-0730-488D-A1D2-179D8124346C}C:\program files\we_client\wecdt.exe] => (Allow) C:\program files\we_client\wecdt.exe => No File
FirewallRules: [UDP Query User{E77D4C9A-65EF-415A-A9F6-720AA01E83F1}C:\program files\we_client\wecdt.exe] => (Allow) C:\program files\we_client\wecdt.exe => No File
FirewallRules: [{BE86A0A2-2E3A-45BF-BD16-4FA988C2D2CF}] => (Allow) C:\Program Files\Huawei\PCManager\MBAMessageCenter.exe (Huawei Technologies Co., Ltd. -> )
FirewallRules: [{582DC69D-F666-438F-AEEF-F7A98301E425}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5569.2100.105\Bin\ccSvcHst.exe (Symantec Corporation -> Symantec Corporation)
FirewallRules: [{5B801E2C-89CA-45F2-8C8A-E34140BA5CB2}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5569.2100.105\Bin\ccSvcHst.exe (Symantec Corporation -> Symantec Corporation)
FirewallRules: [{D01E0175-B747-4800-B9EF-8D085402C350}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5569.2100.105\Bin64\snac64.exe (Symantec Corporation -> Symantec Corporation)
FirewallRules: [{3B512B5A-785E-4623-9D5E-A0B20854D1AA}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5569.2100.105\Bin64\snac64.exe (Symantec Corporation -> Symantec Corporation)
FirewallRules: [{EE510510-A744-49B4-A8FB-3BCD9EC53DF5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{398E3692-9769-4C56-8B5B-47860A11AC06}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AE3B13C3-5BAC-4FCD-925E-65903C1B41E6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{83D17164-7624-4A27-8562-A4FAD02C5D6A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7CE68124-5460-4E6B-9835-6B827DFAFEE4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{49B3A2C1-1884-4FBC-AEAB-3D91BAF96F05}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FA9DE9FF-0B3D-4BF4-9967-5F9758AC2AF9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{94F091D3-8AB0-4970-9FF7-69DFB31E5651}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7AEC1DCC-8FBC-4CAE-8D3D-3D42B7A3B744}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{C59750B7-A6AD-486A-886B-D9F7DC67C995}] => (Allow) %programfiles%\Qustodio\qapp\qwelcomewzd.exe => No File
FirewallRules: [{6C6EC456-3AE1-487B-A7E7-9E1897801E6B}] => (Allow) %programfiles%\Qustodio\qapp\QUpdateService.exe => No File
FirewallRules: [{68715DB0-C67D-4FF5-AA9C-FAE2AF083407}] => (Allow) %programfiles%\Qustodio\qapp\QReport.exe => No File
FirewallRules: [{32281869-1447-48F6-AB4A-0AE369098AD9}] => (Allow) %programfiles%\Qustodio\qproxy\qengine.exe => No File
FirewallRules: [{87EFFECC-2FD3-40DB-8A19-C7CE3164F080}] => (Allow) %programfiles%\Qustodio\qapp\QAppTray.exe => No File
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:237.36 GB) (Free:96.61 GB) (41%)
Check "VSS" service
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (06/13/2020 05:34:12 AM) (Source: Symantec Network Protection) (EventID: 400) (User: )
Description: Memory Exploit Mitigation is malfunctioning
Error: (06/13/2020 05:33:19 AM) (Source: Symantec AntiVirus) (EventID: 80) (User: )
Description: Symantec Endpoint Protection has failed to load the latest virus definitions.
Error: (06/13/2020 05:33:03 AM) (Source: Symantec AntiVirus) (EventID: 80) (User: )
Description: Symantec Endpoint Protection has failed to load the latest virus definitions.
Error: (06/13/2020 05:26:46 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found! Hacktool.ProcHack in File: c:\Users\Ethan\downloads\processhacker-2.39-bin\x64\kprocesshacker.sys by: Auto-Protect scan.  Action: Quarantine failed : Leave Alone failed.  Action Description: Reboot Processing
Error: (06/13/2020 05:26:44 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found! Hacktool.ProcHack in File: c:\Users\Ethan\downloads\processhacker-2.39-bin\x64\kprocesshacker.sys by: Auto-Protect scan.  Action: Quarantine failed : Leave Alone failed.  Action Description: Reboot Processing
Error: (06/13/2020 05:26:44 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found! Hacktool.ProcHack in File: c:\Users\Ethan\downloads\processhacker-2.39-bin\x64\kprocesshacker.sys by: Auto-Protect scan.  Action: Quarantine failed : Leave Alone failed.  Action Description: Reboot Processing
Error: (06/13/2020 05:26:44 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found! Hacktool.ProcHack in File: c:\Users\Ethan\downloads\processhacker-2.39-bin\x64\kprocesshacker.sys by: Auto-Protect scan.  Action: Quarantine failed : Leave Alone failed.  Action Description: Reboot Processing
Error: (06/13/2020 05:26:43 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found! Hacktool.ProcHack in File: c:\Users\Ethan\downloads\processhacker-2.39-bin\x64\kprocesshacker.sys by: Auto-Protect scan.  Action: Quarantine failed : Leave Alone failed.  Action Description: Reboot Processing
System errors:
=============
Error: (06/13/2020 05:42:37 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 and APPID 
{56BE716B-2F76-4DFA-8702-67AE10044F0B}
 to the user ETHANLAPTOP\Ethan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (06/13/2020 05:42:37 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 and APPID 
{56BE716B-2F76-4DFA-8702-67AE10044F0B}
 to the user ETHANLAPTOP\Ethan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (06/13/2020 05:42:37 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 and APPID 
{56BE716B-2F76-4DFA-8702-67AE10044F0B}
 to the user ETHANLAPTOP\Ethan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (06/13/2020 05:42:14 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 and APPID 
{56BE716B-2F76-4DFA-8702-67AE10044F0B}
 to the user ETHANLAPTOP\Ethan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (06/13/2020 05:42:14 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 and APPID 
{56BE716B-2F76-4DFA-8702-67AE10044F0B}
 to the user ETHANLAPTOP\Ethan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (06/13/2020 05:42:14 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 and APPID 
{56BE716B-2F76-4DFA-8702-67AE10044F0B}
 to the user ETHANLAPTOP\Ethan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (06/13/2020 05:38:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.SecurityAppBroker
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (06/13/2020 05:38:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscBrokerManager
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
CodeIntegrity:
===================================
Date: 2020-06-13 05:28:55.962
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5569.2100.105\Bin\WSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2020-06-13 05:28:55.958
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5569.2100.105\Bin\WSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2020-06-13 05:28:55.695
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5569.2100.105\Bin\WSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2020-06-13 05:28:55.690
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5569.2100.105\Bin\WSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2020-06-13 05:28:43.476
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5569.2100.105\Bin\WSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2020-06-13 05:28:43.473
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5569.2100.105\Bin\WSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2020-06-13 05:28:43.462
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5569.2100.105\Bin\WSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2020-06-13 05:28:43.458
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5569.2100.105\Bin\WSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info =========================== 
BIOS: HUAWEI 1.22 02/26/2019
Motherboard: HUAWEI KPL-W0X
Processor: AMD Ryzen 5 2500U with Radeon Vega Mobile Gfx 
Percentage of memory in use: 60%
Total physical RAM: 7069.58 MB
Available physical RAM: 2819.71 MB
Total Virtual: 17309.58 MB
Available Virtual: 11480.89 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:237.36 GB) (Free:96.61 GB) NTFS
\\?\Volume{38965f00-0083-43f6-a798-2a33a7b7f4a4}\ (WinRE) (Fixed) (Total:1 GB) (Free:0.59 GB) NTFS
\\?\Volume{a3c90bc4-f030-4e42-aae4-a27a0935a741}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==================== End of Addition.txt =======================



https://ift.tt/3cY8hxR

Comments

Popular Posts

System detected an overrun of a stack-based buffer in this application [FIX] - Windows Report

Valorant anti-cheat lead answers many questions on Reddit - Millenium US