[wild tangent games]PC is in danger

  Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-06-2021

  Ran by deval (administrator) on LAPTOP-4KJI0R9D (HP HP Laptop 15-dw2xxx) (09-06-2021 11:19:43)

  Running from C:\Users\deval\Downloads

  Loaded Profiles: deval

  Platform: Windows 10 Home Version 2004 19041.985 (X64) Language: English (United States)

  Default browser: Edge

  Boot Mode: Normal

  ====================Processes (Whitelisted)=================

  (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

  (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

  (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

  (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

  (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe

  (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe

  (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe

  (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\avgToolsSvc.exe

  (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe

  (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe

  (Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\AuthManager\AuthManSvr.exe

  (Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

  (Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe

  (Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\UpdaterService.exe

  (Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe

  (Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfService.exe

  (Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe

  (Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe

  (Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

  (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

  (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

  (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe

  (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\124.4.4910\QtWebEngineProcess.exe

  (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrl.exe

  (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe

  (Emsisoft Ltd -> Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe

  (Emsisoft Ltd -> Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe

  (Emsisoft Ltd -> Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\eppwsc.exe

  (Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64

  ssm.exe

  (Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe

  (Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe

  (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe

  (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe

  (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe

  (HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe

  (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_eb7ea98d07646ece\x64\TouchpointAnalyticsClientService.exe

  (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_eb7ea98d07646ece\x64\TouchpointGpuInfo.exe

  (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\AppHelperCap.exe

  (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\BridgeCommunication.exe

  (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\DiagsCap.exe

  (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\NetworkCap.exe

  (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\SysInfoCap.exe

  (HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPJumpStarts_1.9.1548.0_x64__v10z8vjag6ke6\HP.JumpStarts.exe

  (HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.1.21.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe

  (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_21306a77b30fd6e0\esif_uf.exe

  (Intel? Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_0b214be229a13e84\jhi_service.exe

  (Intel? pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_efb119a73d6b56f6\igfxCUIServiceN.exe

  (Intel? pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_efb119a73d6b56f6\igfxEMN.exe

  (Intel? pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_577b4722c749a41f\OneApp.IGCC.WinService.exe

  (Intel? pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_2b1d9e395a05d1c9\IntelCpHDCPSvc.exe

  (Intel? Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_ef0d14a478b232f4\RstMwService.exe

  (Intel? Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe

  (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

  (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

  (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\MSM\McSmtFwk.exe

  (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MAT\McPvTray.exe

  (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\VUL\McVulCtr.exe

  (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

  (Microsoft Corporation -> Microsoft Corporation) C:\Users\deval\AppData\Local\Microsoft\OneDrive\OneDrive.exe

  (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2103.17603.0_x64__8wekyb3d8bbwe\Cortana.exe

  (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

  (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

  (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe

  (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe

  (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe

  (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

  (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe

  (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

  (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe

  (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe

  (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe

  (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\PMA_A\PMA.exe

  (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\PMA_A\PMAService.exe

  (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe

  (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E_YATIQCE.EXE

  (Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\IAS\IntelAudioService.exe

  (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe

  ====================Registry (Whitelisted)===================

  (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

  HKLM\…\Run: [RtkAudUService]=> C:\windows\System32\RtkAudUService64.exe [1076000 2020-05-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

  HKLM\…\Run: [Emsisoft Anti-Malware]=> C:\Program Files\Emsisoft Anti-Malware\a2guard.exe [9331776 2021-03-03] (Emsisoft Ltd -> Emsisoft Ltd)

  HKLM\…\Run: [iTunesHelper]=> C:\Program Files\iTunes\iTunesHelper.exe [340440 2021-04-16] (Apple Inc. -> Apple Inc.)

  HKLM\…\Run: [AVGUI.exe]=> C:\Program Files\AVG\Antivirus\AvLaunch.exe [170240 2021-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

  HKLM-x32\…\Run: [ExpressVPNNotificationService]=> C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [471432 2020-05-15] (Express Vpn LLC -> ExpressVPN)

  HKLM-x32\…\Run: [ConnectionCenter]=> C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [798816 2020-10-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

  HKLM-x32\…\Run: [Redirector]=> C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [460896 2020-10-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

  HKLM-x32\…\Run: [Citrix Receiver]=> C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfService.exe [5262432 2020-09-20] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

  HKLM-x32\…\Run: [Dropbox]=> C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [8172320 2021-06-05] (Dropbox, Inc -> Dropbox, Inc.)

  HKLM-x32\…\Run: [FUFAXRCV]=> C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [670856 2020-04-25] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

  HKLM-x32\…\Run: [FUFAXSTM]=> C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [896136 2020-04-25] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

  HKLM-x32\…\Run: [EEventManager]=> C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1318024 2020-07-10] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

  HKU\S-1-5-21-4172828257-1784996619-1967803511-1001\…\Run: [EPLTarget\P0000000000000000]=> C:\windows\system32\spool\DRIVERS\x64\3\E_YATIQCE.EXE [418000 2016-07-13] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

  HKU\S-1-5-21-4172828257-1784996619-1967803511-1001\…\Run: [EPLTarget\P0000000000000001]=> C:\windows\system32\spool\DRIVERS\x64\3\E_YATIQCE.EXE [418000 2016-07-13] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

  HKU\S-1-5-21-4172828257-1784996619-1967803511-1001\…\RunOnce: [Delete Cached Update Binary]=> C:\windows\system32\cmd.exe /q /c del /q “C:\Users\deval\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe”

  HKU\S-1-5-21-4172828257-1784996619-1967803511-1001\…\RunOnce: [Delete Cached Standalone Update Binary]=> C:\windows\system32\cmd.exe /q /c del /q “C:\Users\deval\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe”

  HKU\S-1-5-21-4172828257-1784996619-1967803511-1001\…\RunOnce: [Uninstall 21.073.0411.0002\amd64]=> C:\windows\system32\cmd.exe /q /c rmdir /s /q “C:\Users\deval\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\amd64”

  HKU\S-1-5-21-4172828257-1784996619-1967803511-1001\…\RunOnce: [Uninstall 21.073.0411.0002]=> C:\windows\system32\cmd.exe /q /c rmdir /s /q “C:\Users\deval\AppData\Local\Microsoft\OneDrive\21.073.0411.0002”

  HKU\S-1-5-21-4172828257-1784996619-1967803511-1001\…\RunOnce: [Uninstall 21.083.0425.0003\amd64]=> C:\windows\system32\cmd.exe /q /c rmdir /s /q “C:\Users\deval\AppData\Local\Microsoft\OneDrive\21.083.0425.0003\amd64”

  HKU\S-1-5-21-4172828257-1784996619-1967803511-1001\…\RunOnce: [Uninstall 21.083.0425.0003]=> C:\windows\system32\cmd.exe /q /c rmdir /s /q “C:\Users\deval\AppData\Local\Microsoft\OneDrive\21.083.0425.0003”

  HKLM\…\Print\Monitors\EPSON PC-FAX Driver2 64Monitor: C:\windows\system32\EFXLM16A.DLL [182784 2020-04-25] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)

  HKLM\…\Print\Monitors\EPSON WF-4740 Series 64MonitorBE: C:\windows\system32\E_YLMBQCE.DLL [184832 2017-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)

  HKLM\…\Print\Monitors\EpsonNet Print Port: C:\windows\system32\enppmon.dll [500736 2016-09-14] (SEIKO EPSON CORPORATION) [File not signed]

  HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\91.0.4472.77\Installer\chrmstp.exe [2021-06-03] (Google LLC -> Google LLC)

  HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <====ATTENTION

  ====================Scheduled Tasks (Whitelisted)============

  (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

  Task: {02B7B57F-D8C9-4588-A60D-F4A5237DA5B9} – System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB=> C:\Program Files\Mozilla Firefox\default-browser-agent.exe [696304 2021-05-07] (Mozilla Corporation -> Mozilla Foundation)

  Task: {05FAFDA9-EFFA-4ADA-82D1-37024FEBA008} – System32\Tasks\Adobe Acrobat Update Task=> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)

  Task: {13CBC11F-9FA8-4C8E-A357-718E487E203E} – System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker=> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1139032 2021-02-25] (HP Inc. -> HP Inc.)

  Task: {154AD72D-246E-46EB-8C75-6DA668FF2C2E} – System32\Tasks\HP\Consent Manager Launcher=> sc start hptouchpointanalyticsservice

  Task: {3BAD449B-B607-45C9-AB66-F2C5CD94D875} – System32\Tasks\Microsoft\Office\Office Feature Updates Logon=> C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [147288 2021-05-28] (Microsoft Corporation -> Microsoft Corporation)

  Task: {4EE1EEC2-CB60-47E3-A1F1-B9C6B519D954} – System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor=> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23124336 2021-05-21] (Microsoft Corporation -> Microsoft Corporation)

  Task: {53EE921F-CB71-4C8C-B63B-307F481095E2} – System32\Tasks\Microsoft\Office\Office Feature Updates=> C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [147288 2021-05-28] (Microsoft Corporation -> Microsoft Corporation)

  Task: {5880740A-CCE4-4973-B1FA-E9CC6D2D980A} – System32\Tasks\EPSON WF-4740 Series Update {BE63A48C-2285-4575-AAF0-AA0448161468}=> C:\windows\system32\spool\DRIVERS\x64\3\E_YTSQCE.EXE [680440 2017-06-06] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

  Task: {5ACA60AF-0121-4835-AF7E-A27B856E6905} – System32\Tasks\Antivirus Emergency Update=> C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [4856576 2021-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

  Task: {5B4EBE61-C7EB-46A8-AA8C-6BFB153D8804} – System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report=> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [135000 2020-12-22] (HP Inc. -> HP Inc.)

  Task: {618DCE0F-B7F5-4258-B427-12855EF6C9F4} – System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan=> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1139032 2021-02-25] (HP Inc. -> HP Inc.)

  Task: {6A3D8001-6062-427A-A70D-9F43A0240E20} – System32\Tasks\DropboxUpdateTaskMachineUA=> C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2021-01-21] (Dropbox, Inc -> Dropbox, Inc.)

  Task: {772E8CF1-FFEE-4FFC-989B-9D0FE2D687F8} – System32\Tasks\Apple\AppleSoftwareUpdate=> C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)

  Task: {7AAE5ABC-8A42-404B-B7B8-28C65301BBC2} – System32\Tasks\GoogleUpdateTaskMachineCore=> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-20] (Google LLC -> Google LLC)

  Task: {856D21CA-A75D-4631-95E4-FCB321A9FF12} – System32\Tasks\HPAudioSwitch=> C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644472 2019-06-21] (HP Inc. -> HP Inc.)

  Task: {A464D623-30EE-495A-B82B-3F6A9DB29FB0} – System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice=> C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [555640 2021-04-16] (HP Inc. -> HP Inc.)

  Task: {B7A460BE-06FC-4C92-91E2-67E6AD025246} – System32\Tasks\GoogleUpdateTaskMachineUA=> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-20] (Google LLC -> Google LLC)

  Task: {BEA5D0CA-6275-4E7D-ACE7-1AE4D9343842} – System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0=> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23124336 2021-05-21] (Microsoft Corporation -> Microsoft Corporation)

  Task: {CAC7C09C-65EE-42E5-9B01-08FF5B76E829} – System32\Tasks\EPSON WF-4740 Series Update {C887F7B0-FF4C-431F-905C-650BA47F726C}=> C:\windows\system32\spool\DRIVERS\x64\3\E_YTSQCE.EXE [680440 2017-06-06] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

  Task: {D14208B0-64EC-44A6-BEB5-4039C0F22066} – System32\Tasks\DropboxUpdateTaskMachineCore=> C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2021-01-21] (Dropbox, Inc -> Dropbox, Inc.)

  Task: {D4A9EFB5-664C-4F52-A781-AC1FE4E72C76} – System32\Tasks\AVG\Overseer=> C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1821968 2021-06-08] (AVG Technologies USA, LLC -> AVG Technologies)

  (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

  Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job=> C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

  Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job=> C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

  Task: C:\windows\Tasks\EPSON WF-4740 Series Update {BE63A48C-2285-4575-AAF0-AA0448161468}.job=> C:\windows\system32\spool\DRIVERS\x64\3\E_YTSQCE.EXE:/EXE:{BE63A48C-2285-4575-AAF0-AA0448161468} /F:UpdateWORKGROUP\LAPTOP-4KJI0R9D$?Searches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

  Task: C:\windows\Tasks\EPSON WF-4740 Series Update {C887F7B0-FF4C-431F-905C-650BA47F726C}.job=> C:\windows\system32\spool\DRIVERS\x64\3\E_YTSQCE.EXE:/EXE:{C887F7B0-FF4C-431F-905C-650BA47F726C} /F:UpdateWORKGROUP\LAPTOP-4KJI0R9D$?Searches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

  ====================Internet (Whitelisted)====================

  (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

  Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)

  Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)

  Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

  Tcpip\..\Interfaces\{591eb05e-8779-48b1-906e-55007205b6fa}: [DhcpNameServer] 192.168.1.254

  Edge:

  =======

  Edge DefaultProfile: Default

  Edge Profile: C:\Users\deval\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-08]

  Edge Extension: (Malwarebytes Browser Guard) – C:\Users\deval\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-06-08]

  Edge HKLM-x32\…\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

  FireFox:

  ========

  FF DefaultProfile: uwakor11.default

  FF ProfilePath: C:\Users\deval\AppData\Roaming\Mozilla\Firefox\Profiles?r11.default [2020-12-20]

  FF ProfilePath: C:\Users\deval\AppData\Roaming\Mozilla\Firefox\Profiles\2u5v00d7.default-release [2021-06-09]

  FF Extension: (Malwarebytes Browser Guard) – C:\Users\deval\AppData\Roaming\Mozilla\Firefox\Profiles\2u5v00d7.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2021-06-08]

  FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)

  FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client

  picaN.dll [2020-10-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

  FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)

  FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR

  ppdf32.dll [2021-04-27] (Adobe Inc. -> Adobe Systems Inc.)

  Chrome:

  =======

  CHR DefaultProfile: Default

  CHR Profile: C:\Users\deval\AppData\Local\Google\Chrome\User Data\Default [2021-06-09]

  CHR Notifications: Default -> hxxps://last-news-cd7abvcd57vg6fb2.news-hot.xyz; hxxps://www2.news-back.org

  CHR Extension: (Adobe Acrobat) – C:\Users\deval\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-03-01]

  CHR Extension: (Chrome Web Store Payments) – C:\Users\deval\AppData\Local\Google\Chrome\User Data\Default\Extensions

  mmhkkegccagdldgiimedpiccmgmieda [2021-01-29]

  CHR Extension: (Chrome Media Router) – C:\Users\deval\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-04]

  CHR HKLM-x32\…\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

  CHR HKLM-x32\…\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

  ====================Services (Whitelisted)===================

  (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

  S2 0300511621351167mcinstcleanup; C:\ProgramData\McInstTemp0300511621351167\McInst.exe [864720 2021-01-14] (McAfee, LLC -> McAfee, LLC)

  R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9809008 2021-03-03] (Emsisoft Ltd -> Emsisoft Ltd)

  R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)

  R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-03-16] (Apple Inc. -> Apple Inc.)

  R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [623360 2021-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

  R2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [370944 2021-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

  R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [8198768 2021-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

  R2 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109480 2021-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

  R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11279752 2021-05-21] (Microsoft Corporation -> Microsoft Corporation)

  R2 CWAUpdaterService; C:\Program Files (x86)\Citrix\ICA Client\Receiver\UpdaterService.exe [43616 2020-10-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

  S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2021-01-21] (Dropbox, Inc -> Dropbox, Inc.)

  S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2021-01-21] (Dropbox, Inc -> Dropbox, Inc.)

  R2 DbxSvc; C:\windows\system32\DbxSvc.exe [44328 2021-06-05] (Dropbox, Inc -> Dropbox, Inc.)

  R2 EppWsc; C:\Program Files\Emsisoft Anti-Malware\EppWsc.exe [1445584 2021-03-03] (Emsisoft Ltd -> Emsisoft Ltd)

  R2 Epson PMAService A; C:\Program Files (x86)\Epson Software\PMA_A\PMAService.exe [113144 2017-03-28] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

  R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [145224 2020-02-18] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

  R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64

  ssm.exe [438664 2020-05-15] (Express Vpn LLC -> ExpressVPN)

  R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [905080 2020-03-18] (HP Inc. -> HP Inc.)

  R2 HPAppHelperCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\AppHelperCap.exe [731152 2021-03-24] (HP Inc. -> HP Inc.)

  R2 HPDiagsCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\DiagsCap.exe [728608 2021-03-24] (HP Inc. -> HP Inc.)

  R2 HPNetworkCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\NetworkCap.exe [728608 2021-03-24] (HP Inc. -> HP Inc.)

  R2 HPSysInfoCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\SysInfoCap.exe [729608 2021-03-24] (HP Inc. -> HP Inc.)

  R2 HpTouchpointAnalyticsService; C:\windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_eb7ea98d07646ece\x64\TouchpointAnalyticsClientService.exe [480280 2021-03-17] (HP Inc. -> HP Inc.)

  R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7391408 2021-05-18] (Malwarebytes Inc -> Malwarebytes)

  S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.4-0\NisSrv.exe [2644760 2021-06-08] (Microsoft Windows Publisher -> Microsoft Corporation)

  S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.4-0\MsMpEng.exe [136656 2021-06-08] (Microsoft Windows Publisher -> Microsoft Corporation)

  S3 mfefire; “C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe” [X]

  S2 mfemms; “C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe” [X]

  S3 mfevtp; no ImagePath

  S2 WildTangentHelper; “C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe” [X]

  =====================Drivers (Whitelisted)===================

  (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

  S3 AmUStor; C:\windows\system32\drivers\AmUStorU.sys [127936 2020-04-14] (Alcorlink Corp. -> )

  S0 avgArDisk; C:\windows\System32\drivers\avgArDisk.sys [35800 2021-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

  R1 avgArPot; C:\windows\System32\drivers\avgArPot.sys [216488 2021-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

  R1 avgbidsdriver; C:\windows\System32\drivers\avgbidsdriver.sys [365592 2021-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

  R0 avgbidsh; C:\windows\System32\drivers\avgbidsh.sys [250392 2021-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

  R0 avgbuniv; C:\windows\System32\drivers\avgbuniv.sys [99352 2021-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

  S0 avgElam; C:\windows\System32\drivers\avgElam.sys [17344 2021-06-08] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)

  R1 avgKbd; C:\windows\System32\drivers\avgKbd.sys [41424 2021-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

  R1 avgMonFlt; C:\windows\System32\drivers\avgMonFlt.sys [181072 2021-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

  R1 avgNetHub; C:\windows\System32\drivers\avgNetHub.sys [523016 2021-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

  R1 avgRdr; C:\windows\System32\drivers\avgRdr2.sys [107936 2021-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

  S0 avgRvrt; C:\windows\System32\drivers\avgRvrt.sys [83000 2021-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

  R1 avgSnx; C:\windows\System32\drivers\avgSnx.sys [851272 2021-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

  R1 avgSP; C:\windows\System32\drivers\avgSP.sys [471480 2021-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

  R2 avgStm; C:\windows\System32\drivers\avgStm.sys [215464 2021-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

  R0 avgVmm; C:\windows\System32\drivers\avgVmm.sys [327104 2021-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

  R1 epp; C:\Program Files\Emsisoft Anti-Malware\epp.sys [155112 2020-02-17] (Microsoft Windows Hardware Compatibility Publisher -> Emsisoft Ltd)

  R0 eppdisk; C:\windows\System32\drivers\eppdisk.sys [37776 2019-06-03] (Emsisoft Ltd -> Emsisoft Ltd)

  S0 EppElam; C:\windows\System32\drivers\EppElam.sys [16808 2021-03-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Emsisoft Ltd)

  R1 eppwfp; C:\Program Files\Emsisoft Anti-Malware\eppwfp.sys [126968 2021-03-03] (Microsoft Windows Hardware Compatibility Publisher -> Emsisoft Ltd)

  S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [28440 2020-05-15] (ExprsVPN LLC -> ExpressVPN)

  R3 HPCustomCapDriver; C:\windows\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1f5602eb8a12ac4c\x64\hpcustomcapdriver.sys [24096 2020-04-08] (HP Inc. -> HP Inc.)

  R3 iaLPSS2_GPIO2_ICL; C:\windows\System32\DriverStore\FileRepository\ialpss2_gpio2_icl.inf_amd64_90beccc7e046abab\iaLPSS2_GPIO2_ICL.sys [132872 2020-04-28] (Intel Corporation -> Intel Corporation)

  R3 iaLPSS2_I2C_ICL; C:\windows\System32\DriverStore\FileRepository\ialpss2_i2c_icl.inf_amd64_c8c0638291b9b209\iaLPSS2_I2C_ICL.sys [200456 2020-04-28] (Intel Corporation -> Intel Corporation)

  S3 iaLPSS2_SPI_ICL; C:\windows\System32\DriverStore\FileRepository\ialpss2_spi_icl.inf_amd64_7e39397aa93f0448\iaLPSS2_SPI_ICL.sys [157696 2020-04-23] (Intel? Embedded Subsystems and IP Blocks Group -> Intel Corporation)

  R3 iaLPSS2_UART2_ICL; C:\windows\System32\DriverStore\FileRepository\ialpss2_uart2_icl.inf_amd64_b535659b9405201a\iaLPSS2_UART2_ICL.sys [312600 2020-04-28] (Intel Corporation -> Intel Corporation)

  R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [220752 2021-05-18] (Malwarebytes Inc -> Malwarebytes)

  S0 MbamElam; C:\windows\System32\DRIVERS\MbamElam.sys [19912 2021-03-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)

  R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [248992 2021-05-18] (Malwarebytes Inc -> Malwarebytes)

  R3 tapexpressvpn; C:\windows\System32\drivers apexpressvpn.sys [44304 2020-05-15] (ExprsVPN LLC -> The OpenVPN Project)

  R1 vbdenum; C:\windows\System32\drivers\vbdenum.sys [119432 2020-08-21] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

  S3 WdBoot; C:\windows\system32\drivers\wd\WdBoot.sys [49560 2021-06-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

  S3 WdFilter; C:\windows\system32\drivers\wd\WdFilter.sys [425208 2021-06-08] (Microsoft Windows -> Microsoft Corporation)

  S3 WdNisDrv; C:\windows\System32\drivers\wd\WdNisDrv.sys [76008 2021-06-08] (Microsoft Windows -> Microsoft Corporation)

  R3 WirelessButtonDriver64; C:\windows\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP)

  S1 amsdk; \\C:\windows\system32\drivers\amsdk.sys [X]

  S0 cfwids; system32\drivers\cfwids.sys [X]

  R0 mfeaack; system32\drivers\mfeaack.sys [X]

  R0 mfeavfk; system32\drivers\mfeavfk.sys [X]

  S0 mfeelamk; system32\drivers\mfeelamk.sys [X]

  S0 mfefirek; system32\drivers\mfefirek.sys [X]

  R0 mfehidk; system32\drivers\mfehidk.sys [X]

  R0 mfeplk; system32\drivers\mfeplk.sys [X]

  R0 mfewfpk; system32\drivers\mfewfpk.sys [X]

  ====================NetSvcs (Whitelisted)===================

  (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

  ====================One month (created) (Whitelisted)=========

  (If an entry is included in the fixlist, the file/folder will be moved.)

  2021-06-09 11:19 – 2021-06-09 11:20 – 000032549 _____ C:\Users\deval\Downloads\FRST.txt

  2021-06-09 11:19 – 2021-06-09 11:19 – 000000000 ____D C:\FRST

  2021-06-09 11:18 – 2021-06-09 11:18 – 002300416 _____ (Farbar) C:\Users\deval\Downloads\FRST64.exe

  2021-06-08 19:19 – 2021-06-08 19:19 – 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox

  2021-06-08 12:00 – 2021-06-08 12:00 – 008534696 _____ (Malwarebytes) C:\Users\deval\Downloads\AdwCleaner(1).exe

  2021-06-08 11:57 – 2021-06-08 12:00 – 000962579 _____ C:\windows\ZAM.krnl.trace

  2021-06-08 11:57 – 2021-06-08 12:00 – 000000000 ____D C:\Users\deval\AppData\Local\AMSDK

  2021-06-08 11:57 – 2021-06-08 11:57 – 000000000 ____D C:\Users\deval\AppData\Local\Zemana

  2021-06-08 11:55 – 2021-06-08 11:55 – 013922376 _____ (Zemana Ltd. ) C:\Users\deval\Downloads\AntiMalware_Setup.exe

  2021-06-08 11:41 – 2021-06-08 11:41 – 007495512 _____ (VS Revo Group ) C:\Users\deval\Downloads\revosetup.exe

  2021-06-08 11:30 – 2021-06-08 11:36 – 000000000 ____D C:\Users\deval\AppData\Local\AVG

  2021-06-08 11:30 – 2021-06-08 11:30 – 000002082 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG AntiVirus FREE.lnk

  2021-06-08 11:30 – 2021-06-08 11:30 – 000002070 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk

  2021-06-08 11:30 – 2021-06-08 11:30 – 000002070 _____ c:\ProgramData\Desktop\AVG AntiVirus FREE.lnk

  2021-06-08 11:30 – 2021-06-08 11:30 – 000000000 ____D C:\Users\deval\AppData\Roaming\AVG

  2021-06-08 11:30 – 2021-06-08 11:30 – 000000000 ____D C:\Users\deval\AppData\Local\CEF

  2021-06-08 11:29 – 2021-06-08 11:29 – 000851272 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgSnx.sys

  2021-06-08 11:29 – 2021-06-08 11:29 – 000523016 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgNetHub.sys

  2021-06-08 11:29 – 2021-06-08 11:29 – 000471480 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgSP.sys

  2021-06-08 11:29 – 2021-06-08 11:29 – 000365592 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgbidsdriver.sys

  2021-06-08 11:29 – 2021-06-08 11:29 – 000340224 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\avgBoot.exe

  2021-06-08 11:29 – 2021-06-08 11:29 – 000327104 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgVmm.sys

  2021-06-08 11:29 – 2021-06-08 11:29 – 000250392 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgbidsh.sys

  2021-06-08 11:29 – 2021-06-08 11:29 – 000216488 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgArPot.sys

  2021-06-08 11:29 – 2021-06-08 11:29 – 000215464 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgStm.sys

  2021-06-08 11:29 – 2021-06-08 11:29 – 000181072 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgMonFlt.sys

  2021-06-08 11:29 – 2021-06-08 11:29 – 000107936 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgRdr2.sys

  2021-06-08 11:29 – 2021-06-08 11:29 – 000099352 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgbuniv.sys

  2021-06-08 11:29 – 2021-06-08 11:29 – 000083000 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgRvrt.sys

  2021-06-08 11:29 – 2021-06-08 11:29 – 000041424 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgKbd.sys

  2021-06-08 11:29 – 2021-06-08 11:29 – 000035800 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgArDisk.sys

  2021-06-08 11:29 – 2021-06-08 11:29 – 000017344 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgElam.sys

  2021-06-08 11:29 – 2021-06-08 11:29 – 000003992 _____ C:\windows\system32\Tasks\Antivirus Emergency Update

  2021-06-08 11:29 – 2021-06-08 11:29 – 000000000 ____D C:\windows\system32\Tasks\AVG

  2021-06-08 11:29 – 2021-06-08 11:29 – 000000000 ____D C:\Program Files\Common Files\AVG

  2021-06-08 11:29 – 2021-06-08 11:29 – 000000000 ____D C:\Program Files\AVG

  2021-06-08 11:28 – 2021-06-08 11:36 – 000000000 ____D C:\ProgramData\AVG

  2021-06-08 11:28 – 2021-06-08 11:28 – 000261448 _____ (AVG Technologies CZ, s.r.o.) C:\Users\deval\Downloads\avg_antivirus_free_setup.exe

  2021-06-05 06:51 – 2021-06-05 06:51 – 000047600 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-stable.sys

  2021-06-05 06:51 – 2021-06-05 06:51 – 000047600 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-dev.sys

  2021-06-05 06:51 – 2021-06-05 06:51 – 000047600 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-canary.sys

  2021-06-05 06:51 – 2021-06-05 06:51 – 000044328 _____ (Dropbox, Inc.) C:\windows\system32\DbxSvc.exe

  2021-05-26 21:52 – 2021-05-26 21:56 – 000000000 ____D C:\Users\deval\AppData\Roaming\Apple Computer

  2021-05-26 21:52 – 2021-05-26 21:52 – 000000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf

  2021-05-26 21:52 – 2021-05-26 21:52 – 000000000 ____D C:\Users\deval\AppData\Local\Apple Inc

  2021-05-26 21:52 – 2021-05-26 21:52 – 000000000 ____D C:\Users\deval\AppData\Local\Apple Computer

  2021-05-26 21:51 – 2021-05-26 21:51 – 000001823 _____ C:\Users\Public\Desktop\iTunes.lnk

  2021-05-26 21:51 – 2021-05-26 21:51 – 000001823 _____ c:\ProgramData\Desktop\iTunes.lnk

  2021-05-26 21:51 – 2021-05-26 21:51 – 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

  2021-05-26 21:51 – 2021-05-26 21:51 – 000000000 ____D C:\ProgramData\Apple Computer

  2021-05-26 21:51 – 2021-05-26 21:51 – 000000000 ____D C:\Program Files\iTunes

  2021-05-26 21:50 – 2021-05-26 21:50 – 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

  2021-05-26 21:50 – 2021-05-26 21:50 – 000000000 ____D C:\windows\system32\Tasks\Apple

  2021-05-26 21:50 – 2021-05-26 21:50 – 000000000 ____D C:\Users\deval\AppData\Local\Apple

  2021-05-26 21:50 – 2021-05-26 21:50 – 000000000 ____D C:\ProgramData\Apple

  2021-05-26 21:50 – 2021-05-26 21:50 – 000000000 ____D C:\Program Files\Common Files\Apple

  2021-05-26 21:50 – 2021-05-26 21:50 – 000000000 ____D C:\Program Files\Bonjour

  2021-05-26 21:50 – 2021-05-26 21:50 – 000000000 ____D C:\Program Files (x86)\Bonjour

  2021-05-26 21:50 – 2021-05-26 21:50 – 000000000 ____D C:\Program Files (x86)\Apple Software Update

  2021-05-26 21:49 – 2021-05-26 21:49 – 199436776 _____ (Apple Inc.) C:\Users\deval\Downloads\iTunes64Setup.exe

  2021-05-18 16:38 – 2021-05-18 16:38 – 000248992 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys

  2021-05-18 16:38 – 2021-05-18 16:38 – 000220752 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys

  2021-05-18 11:19 – 2021-05-18 11:19 – 000000000 ____D C:\ProgramData\McInstTemp0300511621351167

  2021-05-12 21:12 – 2021-05-12 21:12 – 002755584 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb

  2021-05-12 21:12 – 2021-05-12 21:12 – 002755584 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

  2021-05-12 21:12 – 2021-05-12 21:12 – 001823816 _____ (Microsoft Corporation) C:\windows\system32\winload.efi

  2021-05-12 21:12 – 2021-05-12 21:12 – 001687040 _____ C:\windows\system32\libcrypto.dll

  2021-05-12 21:12 – 2021-05-12 21:12 – 001393504 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi

  2021-05-12 21:12 – 2021-05-12 21:12 – 001314120 _____ (Microsoft Corporation) C:\windows\system32\SecConfig.efi

  2021-05-12 21:12 – 2021-05-12 21:12 – 001163776 _____ C:\windows\system32\MBR2GPT.EXE

  2021-05-12 21:12 – 2021-05-12 21:12 – 000700928 _____ C:\windows\system32\FsNVSDeviceSource.dll

  2021-05-12 21:12 – 2021-05-12 21:12 – 000165888 _____ C:\windows\system32\DataStoreCacheDumpTool.exe

  2021-05-12 21:12 – 2021-05-12 21:12 – 000060928 _____ C:\windows\system32\runexehelper.exe

  2021-05-12 21:12 – 2021-05-12 21:12 – 000013312 _____ C:\windows\system32\agentactivationruntimestarter.exe

  2021-05-12 21:12 – 2021-05-12 21:12 – 000011351 _____ C:\windows\system32\DrtmAuthTxt.wim

  ====================One month (modified)==================

  (If an entry is included in the fixlist, the file/folder will be moved.)

  2021-06-09 11:17 – 2021-03-03 21:45 – 000000000 ____D C:\Program Files\Emsisoft Anti-Malware

  2021-06-09 11:15 – 2020-05-06 04:58 – 000000000 ____D C:\windows\system32\SleepStudy

  2021-06-09 11:15 – 2019-12-07 05:14 – 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

  2021-06-08 19:19 – 2021-01-21 12:23 – 000000000 ____D C:\Program Files (x86)\Dropbox

  2021-06-08 16:17 – 2020-12-20 13:05 – 000003380 _____ C:\windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4172828257-1784996619-1967803511-1001

  2021-06-08 16:17 – 2020-12-20 13:05 – 000000000 ___RD C:\Users\deval\OneDrive

  2021-06-08 16:17 – 2020-12-20 13:01 – 000002374 _____ C:\Users\deval\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

  2021-06-08 13:08 – 2021-05-07 15:44 – 000000000 ____D C:\Program Files\Mozilla Firefox

  2021-06-08 11:42 – 2019-12-07 05:14 – 000000000 ___HD C:\windows\ELAMBKUP

  2021-06-08 11:42 – 2019-12-07 05:13 – 000000000 ____D C:\windows\INF

  2021-06-08 11:42 – 2019-12-07 05:03 – 000032768 _____ C:\windows\system32\config\ELAM

  2021-06-08 11:41 – 2020-12-10 13:50 – 000000000 ____D C:\ProgramData\McAfee

  2021-06-08 11:40 – 2020-12-10 13:50 – 000000000 ____D C:\Program Files\Common Files\McAfee

  2021-06-08 11:09 – 2020-05-06 04:58 – 000000000 ____D C:\windows\system32\Drivers\wd

  2021-06-08 11:05 – 2020-12-20 13:14 – 000000000 ____D C:\ProgramData\Mozilla

  2021-06-08 11:04 – 2020-12-20 13:14 – 000000000 ____D C:\Users\deval\AppData\LocalLow\Mozilla

  2021-06-04 19:01 – 2020-12-10 13:45 – 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk

  2021-06-04 19:01 – 2020-12-10 13:45 – 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk

  2021-06-04 19:01 – 2020-12-10 13:45 – 000002283 _____ c:\ProgramData\Desktop\Microsoft Edge.lnk

  2021-06-04 19:01 – 2019-12-07 05:14 – 000000000 ___HD C:\Program Files\WindowsApps

  2021-06-04 19:01 – 2019-12-07 05:14 – 000000000 ____D C:\windows\AppReadiness

  2021-06-04 08:19 – 2021-01-21 12:10 – 000000000 ___RD C:\Users\deval\Desktop\Quick Sales

  2021-06-03 18:48 – 2020-12-20 13:21 – 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

  2021-06-03 18:48 – 2020-12-20 13:21 – 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk

  2021-06-03 18:48 – 2020-12-20 13:21 – 000002213 _____ c:\ProgramData\Desktop\Google Chrome.lnk

  2021-05-28 23:50 – 2020-07-21 12:18 – 000000000 ____D C:\Program Files\Microsoft Office

  2021-05-28 23:50 – 2019-12-07 05:14 – 000000000 ____D C:\Program Files\Common Files\microsoft shared

  2021-05-27 19:49 – 2021-01-03 18:44 – 000000000 ____D C:\Users\deval\AppData\Local\Citrix

  2021-05-18 11:19 – 2020-12-10 13:50 – 000000000 ____D C:\Program Files (x86)\McAfee

  2021-05-14 22:47 – 2020-05-06 05:03 – 000846280 _____ C:\windows\system32\PerfStringBackup.INI

  2021-05-14 22:42 – 2020-12-20 13:04 – 000000000 __SHD C:\Users\deval\IntelGraphicsProfiles

  2021-05-14 22:42 – 2020-12-10 13:41 – 000000000 ____D C:\Intel

  2021-05-14 22:42 – 2020-05-06 04:58 – 000008192 ___SH C:\DumpStack.log.tmp

  2021-05-14 22:42 – 2020-05-06 04:58 – 000000006 ____H C:\windows\Tasks\SA.DAT

  2021-05-14 22:42 – 2019-12-07 05:14 – 000000000 ____D C:\windows\ServiceState

  2021-05-14 22:42 – 2019-12-07 05:03 – 000786432 _____ C:\windows\system32\config\BBI

  2021-05-12 21:43 – 2020-12-10 13:22 – 000000000 ____D C:\windows\HoloShell

  2021-05-12 21:42 – 2019-12-07 05:14 – 000000000 ___RD C:\windows\ImmersiveControlPanel

  2021-05-12 21:40 – 2021-01-21 12:23 – 000000938 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job

  2021-05-12 21:40 – 2021-01-21 12:23 – 000000934 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job

  2021-05-12 21:40 – 2020-12-20 13:14 – 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

  2021-05-12 21:40 – 2020-05-06 04:58 – 000460864 _____ C:\windows\system32\FNTCACHE.DAT

  2021-05-12 21:39 – 2019-12-07 05:50 – 000000000 ____D C:\windows\system32\OpenSSH

  2021-05-12 21:39 – 2019-12-07 05:14 – 000000000 ___RD C:\windows\PrintDialog

  2021-05-12 21:39 – 2019-12-07 05:14 – 000000000 ____D C:\windows\SysWOW64\WinMetadata

  2021-05-12 21:39 – 2019-12-07 05:14 – 000000000 ____D C:\windows\SysWOW64\setup

  2021-05-12 21:39 – 2019-12-07 05:14 – 000000000 ____D C:\windows\SysWOW64\oobe

  2021-05-12 21:39 – 2019-12-07 05:14 – 000000000 ____D C:\windows\SysWOW64\lt-LT

  2021-05-12 21:39 – 2019-12-07 05:14 – 000000000 ____D C:\windows\SysWOW64\Dism

  2021-05-12 21:39 – 2019-12-07 05:14 – 000000000 ____D C:\windows\SystemResources

  2021-05-12 21:39 – 2019-12-07 05:14 – 000000000 ____D C:\windows\system32\WinMetadata

  2021-05-12 21:39 – 2019-12-07 05:14 – 000000000 ____D C:\windows\system32\SystemResetPlatform

  2021-05-12 21:39 – 2019-12-07 05:14 – 000000000 ____D C:\windows\system32\setup

  2021-05-12 21:39 – 2019-12-07 05:14 – 000000000 ____D C:\windows\system32\oobe

  2021-05-12 21:39 – 2019-12-07 05:14 – 000000000 ____D C:\windows\system32\lt-LT

  2021-05-12 21:39 – 2019-12-07 05:14 – 000000000 ____D C:\windows\system32\Dism

  2021-05-12 21:39 – 2019-12-07 05:14 – 000000000 ____D C:\windows\Provisioning

  2021-05-12 21:39 – 2019-12-07 05:14 – 000000000 ____D C:\windows\PolicyDefinitions

  2021-05-12 21:39 – 2019-12-07 05:14 – 000000000 ____D C:\windows\DiagTrack

  2021-05-12 21:39 – 2019-12-07 05:14 – 000000000 ____D C:\windows\bcastdvr

  2021-05-12 21:14 – 2019-12-07 05:52 – 000023552 _____ (Microsoft Corporation) C:\windows\system32\OEMDefaultAssociations.dll

  2021-05-12 21:14 – 2019-12-07 05:03 – 000000000 ____D C:\windows\CbsTemp

  2021-05-12 16:33 – 2020-12-24 01:01 – 000000000 ____D C:\windows\system32\MRT

  2021-05-12 16:31 – 2020-12-24 01:01 – 132732536 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe

  2021-05-12 13:44 – 2020-12-23 14:17 – 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

  ====================SigCheck============================

  (There is no automatic fix for files that do not pass verification.)

  ====================End of FRST.txt========================

  Attached Files

  Attached File

  Farbar scan recovery tool addition.txt 46.7KB

  2 downloads

    copyright@HK Information|Beijing icp keep on record 05000846number
HK Information