• Technology
  • Electrical equipment
  • Material Industry
  • Digital life
  • Privacy Policy
  • O name
Location: Home / Technology / Infected with Trojans and Hijackers

Infected with Trojans and Hijackers

techserving |
1561
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-05-2022Ran by jo11y (administrator) on JIM (HP HP Laptop 15-dy1xxx) (19-05-2022 15:15:37)Running from C:\Users\jo11y\DownloadsLoaded Profiles: jo11yPlatform: Microsoft Windows 10 Home Version 21H2 19044.1645 (X64) Language: English (United States)Default browser: "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --single-argument %1Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies USA, LLC -> AVG Technologies) C:\Program Files (x86)\AVG\Browser\Update\1.8.1207.2\AVGBrowserCrashHandler.exe(AVG Technologies USA, LLC -> AVG Technologies) C:\Program Files (x86)\AVG\Browser\Update\1.8.1207.2\AVGBrowserCrashHandler64.exe(C:\Program Files\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe(C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe(C:\Program Files\RAVAntivirus\rsEngineSvc.exe ->) (Reason Cybersecurity Inc. -> Reason Cybersecurity Ltd.) C:\Program Files\RAVAntivirus\ui\RAVAntivirus.exe <5>(C:\Program Files\RAVAntivirus\rsEngineSvc.exe ->) (Reason Cybersecurity Inc. -> Reason Software Company Inc.) C:\Program Files\RAVAntivirus\rsHelper.exe(cmd.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\browserhost.exe(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <37>(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe(services.exe ->) () <==== ATTENTION [zero byte File/Folder] C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe#CE0C56ADEC42B647(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_a6e24179070178de\x64\TouchpointAnalyticsClientService.exe(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_82b4ea84f6cb4b64\x64\AppHelperCap.exe(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_82b4ea84f6cb4b64\x64\DiagsCap.exe(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_82b4ea84f6cb4b64\x64\NetworkCap.exe(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_82b4ea84f6cb4b64\x64\SysInfoCap.exe(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_21306a77b30fd6e0\esif_uf.exe(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_3ef70b9d5cc0699f\LMS.exe(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_3.63.31001.0_x64__8wekyb3d8bbwe\gamingservices.exe(services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_3.63.31001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe(services.exe ->) (Reason Cybersecurity Inc. -> Reason Software Company Inc.) C:\Program Files\RAVAntivirus\rsClientSvc.exe(services.exe ->) (Reason Cybersecurity Inc. -> Reason Software Company Inc.) C:\Program Files\RAVAntivirus\rsEngineSvc.exe(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1138976 2020-08-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [321112 2019-12-09] (Intel® Rapid Storage Technology -> Intel Corporation)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [339000 2021-10-26] (Apple Inc. -> Apple Inc.)HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [288184 2022-05-09] (Intel Corporation -> Intel)HKLM\...\Policies\Explorer: [HideSCAHealth] 1HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTIONHKU\S-1-5-21-2604515818-1322213993-119557030-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1HKU\S-1-5-21-2604515818-1322213993-119557030-1002\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe [525312 2021-09-19] (HP Inc.) [File not signed]HKU\S-1-5-21-2604515818-1322213993-119557030-1002\...\Run: [MicrosoftEdgeAutoLaunch_7F58F8FBA38B0EBE599599E95B4059D9] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3547048 2022-05-12] (Microsoft Corporation -> Microsoft Corporation)HKU\S-1-5-21-2604515818-1322213993-119557030-1002\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Anarc\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)HKU\S-1-5-21-2604515818-1322213993-119557030-1002\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Anarc\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)HKU\S-1-5-21-2604515818-1322213993-119557030-1002\...\RunOnce: [Uninstall 22.033.0213.0002] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Anarc\AppData\Local\Microsoft\OneDrive\22.033.0213.0002" (No File)HKU\S-1-5-21-2604515818-1322213993-119557030-1006\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe [525312 2021-09-19] (HP Inc.) [File not signed]HKU\S-1-5-21-2604515818-1322213993-119557030-1006\...\Run: [MicrosoftEdgeAutoLaunch_70D1FA60E9E3CD48403673AF4ACFE841] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3547048 2022-05-12] (Microsoft Corporation -> Microsoft Corporation)HKU\S-1-5-21-2604515818-1322213993-119557030-1006\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\james\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)HKU\S-1-5-21-2604515818-1322213993-119557030-1006\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\james\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)HKU\S-1-5-21-2604515818-1322213993-119557030-1006\...\RunOnce: [Uninstall 21.160.0808.0002\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\james\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\amd64" (No File)HKU\S-1-5-21-2604515818-1322213993-119557030-1006\...\RunOnce: [Uninstall 21.160.0808.0002] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\james\AppData\Local\Microsoft\OneDrive\21.160.0808.0002" (No File)HKLM\Software\Microsoft\Active Setup\Installed Components: [{48F69C39-1356-4A7B-A899-70E3539D4982}] -> C:\Program Files (x86)\AVG\Browser\Application\101.0.16219.56\Installer\chrmstp.exe [2022-05-17] (AVG Technologies USA, LLC -> AVG Technologies)HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\101.0.4951.67\Installer\chrmstp.exe [2022-05-17] (Google LLC -> Google LLC)AppInit_DLLs: C:\PROGRA~1\Virtual Desktop Streamer\VirtualDesktop.Injector64.dll => C:\Program Files\Virtual Desktop Streamer\VirtualDesktop.Injector64.dll [132376 2022-03-07] (Virtual Desktop, Inc. -> Virtual Desktop, Inc.)AppInit_DLLs-x32: C:\PROGRA~1\Virtual Desktop Streamer\VirtualDesktop.Injector32.dll => C:\Program Files\Virtual Desktop Streamer\VirtualDesktop.Injector32.dll [112408 2022-02-27] (Virtual Desktop, Inc. -> Virtual Desktop, Inc.) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0CDE0B2C-919C-425C-88B7-5779CEC0EB75} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)Task: {10752490-2E81-4BB0-BE48-F6474BF76C78} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe /c (No File)Task: {1F97C2F5-7B8C-4FBD-B1C2-1B91C2FC5ABE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-17] (Google LLC -> Google LLC)Task: {2E040FE3-743A-4C86-8E8A-600F3CA53256} - System32\Tasks\AVGUpdateTaskMachineCore => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [198040 2022-05-07] (AVG Technologies USA, LLC -> AVG Technologies)Task: {34B85866-1A84-4BF1-AF2B-A9A2750C9BDD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-17] (Google LLC -> Google LLC)Task: {3F98AB8A-9A25-4A12-B85A-5F61A8E709A5} - System32\Tasks\AVG Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe [2720400 2022-05-05] (AVG Technologies USA, LLC -> AVG Technologies)Task: {5481CAAD-43EB-4FD2-8706-64E4F11ACED1} - System32\Tasks\HP\Consent Manager Launcher => sc start hptouchpointanalyticsserviceTask: {62657967-09D0-466E-BA90-AD469DFE68C0} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe --automatic (No File)Task: {6317C0A2-5DBA-4B74-B636-FBFF9117E6EB} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144816 2022-05-16] (Microsoft Corporation -> Microsoft Corporation)Task: {673FDDE3-6ABC-42F4-AD8C-0DF3F4309587} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8377312 2022-05-16] (Microsoft Corporation -> Microsoft Corporation)Task: {6778D608-C436-43A5-80AA-749F2B4EB33C} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe /ua /installsource scheduler (No File)Task: {76F4C592-6406-4FDB-BA2E-D46ACF0677F5} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144816 2022-05-16] (Microsoft Corporation -> Microsoft Corporation)Task: {7B436225-E5C1-4DE0-B82F-844ABADA3674} - System32\Tasks\AVGUpdateTaskMachineUA => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [198040 2022-05-07] (AVG Technologies USA, LLC -> AVG Technologies)Task: {9F442D57-3963-4220-8703-0CF54C7F792C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22894544 2022-05-16] (Microsoft Corporation -> Microsoft Corporation)Task: {A237FB9F-10EA-4ACD-91AC-983B0D7331B5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe /send (No File)Task: {B3B63870-D97E-466E-B2D4-EA0C009FFC90} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22894544 2022-05-16] (Microsoft Corporation -> Microsoft Corporation)Task: {C26CC21E-A0A6-4A1E-997E-651EAF853E1D} - System32\Tasks\AVG Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe [2720400 2022-05-05] (AVG Technologies USA, LLC -> AVG Technologies)Task: {E8CEFF36-2B43-4F97-B552-B0357D1BD161} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8377312 2022-05-16] (Microsoft Corporation -> Microsoft Corporation)Task: {FC5657EE-5E35-4452-A69C-15FDBAD6415B} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [979416 2022-05-16] (Microsoft Corporation -> Microsoft Corporation)Task: {FCF0431E-4A26-4D58-A8D4-2B256DDD1146} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /f (No File)Task: {FF710ADA-C530-4E30-9EB8-A57E44BE102C} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [61336 2022-04-29] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.1.1Tcpip\..\Interfaces\{d388f4bc-ca12-4957-b49c-d479a9c9172e}: [DhcpNameServer] 192.168.1.1 Edge: =======DownloadDir: C:\Users\jo11y\DownloadsEdge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]Edge DefaultProfile: DefaultEdge Profile: C:\Users\jo11y\AppData\Local\Microsoft\Edge\User Data\Default [2022-05-19]Edge DownloadDir: Default -> C:\Users\jo11y\DownloadsEdge StartupUrls: Default -> "hxxp://google.com/"Edge Extension: (Jedge) - C:\Users\jo11y\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\elogaceacfigjcgkigebnbeligmgfagd [2022-05-07]Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee] FireFox:========FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-04-11] (Microsoft Corporation -> Microsoft Corporation)FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-04-11] (Microsoft Corporation -> Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-04-11] (Microsoft Corporation -> Microsoft Corporation)FF Plugin-x32: @update.avgbrowser.com/AVG Browser;version=3 -> C:\Program Files (x86)\AVG\Browser\Update\1.8.1207.2\npAvgBrowserUpdate3.dll [2022-05-07] (AVG Technologies USA, LLC -> AVG Technologies)FF Plugin-x32: @update.avgbrowser.com/AVG Browser;version=9 -> C:\Program Files (x86)\AVG\Browser\Update\1.8.1207.2\npAvgBrowserUpdate3.dll [2022-05-07] (AVG Technologies USA, LLC -> AVG Technologies)FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=3 -> C:\Program Files (x86)\CCleaner Browser\Update\1.7.913.0\npCCleanerBrowserUpdate3.dll [No File]FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=9 -> C:\Program Files (x86)\CCleaner Browser\Update\1.7.913.0\npCCleanerBrowserUpdate3.dll [No File] Chrome: =======CHR DefaultProfile: DefaultCHR Profile: C:\Users\jo11y\AppData\Local\Google\Chrome\User Data\Default [2022-05-19]CHR Notifications: Default -> hxxps://www.facebook.comCHR DefaultSearchURL: Default -> hxxps://ssl.gstatic.com/stadia/gamers/assets/app-icon-v2-128.pngCHR Extension: (McAfee® WebAdvisor) - C:\Users\jo11y\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-05-19]CHR Extension: (Google Docs Offline) - C:\Users\jo11y\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-05-19]CHR Extension: (Chrome Web Store Payments) - C:\Users\jo11y\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-28]CHR Extension: (Stadia) - C:\Users\jo11y\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnkcfpnngfokcnnijgkllghjlhkailce [2020-12-19]CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-08-20] (Apple Inc. -> Apple Inc.)S2 avg; C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [198040 2022-05-07] (AVG Technologies USA, LLC -> AVG Technologies)S3 avgm; C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [198040 2022-05-07] (AVG Technologies USA, LLC -> AVG Technologies)S3 AVGSecureBrowserElevationService; C:\Program Files (x86)\AVG\Browser\Application\101.0.16219.56\elevation_service.exe [1982784 2022-05-05] (AVG Technologies USA, LLC -> AVG Technologies)S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8901968 2022-05-07] (BattlEye Innovations e.K. -> )R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11759056 2022-05-16] (Microsoft Corporation -> Microsoft Corporation)S2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [39352 2022-05-09] (Intel Corporation -> Intel)S3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [184248 2022-05-09] (Intel Corporation -> Intel)S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [813032 2022-05-07] (EasyAntiCheat Oy -> Epic Games, Inc)S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934368 2022-03-03] (Epic Games Inc. -> Epic Games, Inc.)R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_82b4ea84f6cb4b64\x64\AppHelperCap.exe [764448 2022-03-30] (HP Inc. -> HP Inc.)R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_82b4ea84f6cb4b64\x64\DiagsCap.exe [763480 2022-03-30] (HP Inc. -> HP Inc.)R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_82b4ea84f6cb4b64\x64\NetworkCap.exe [759336 2022-03-30] (HP Inc. -> HP Inc.)R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_82b4ea84f6cb4b64\x64\SysInfoCap.exe [762904 2022-03-30] (HP Inc. -> HP Inc.)R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_a6e24179070178de\x64\TouchpointAnalyticsClientService.exe [497328 2022-03-30] (HP Inc. -> HP Inc.)R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7901368 2022-05-19] (Malwarebytes Inc -> Malwarebytes)R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [975088 2022-05-07] (McAfee, LLC -> McAfee, LLC)S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)R2 rsClientSvc; C:\Program Files\RAVAntivirus\rsClientSvc.exe [714600 2022-05-11] (Reason Cybersecurity Inc. -> Reason Software Company Inc.)R2 rsEngineSvc; C:\Program Files\RAVAntivirus\rsEngineSvc.exe [359216 2022-05-11] (Reason Cybersecurity Inc. -> Reason Software Company Inc.)S2 VirtualDesktop.Service.exe; C:\Program Files\Virtual Desktop\VirtualDesktop.Service.exe [1972504 2022-03-10] (Virtual Desktop, Inc. -> Virtual Desktop, Inc.)S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe [3116848 2022-04-07] (Microsoft Windows Publisher -> Microsoft Corporation)S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe [133544 2022-04-07] (Microsoft Windows Publisher -> Microsoft Corporation)S3 wuauserv; C:\WINDOWS\system32\svchost.exe [59952 2022-03-13] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)S3 wuauserv; C:\WINDOWS\SysWOW64\svchost.exe [49600 2022-03-13] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)S2 HP Comm Recover; "C:\Program Files\HPCommRecovery\HPCommRecovery.exe" [X]R2 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" [X]S2 rsSyncSvc; C:\Program Files\RAVAntivirus\x64\rsSyncSvc.exe -rpn:ravantivirus -lpn:rav_antivirus -url:hxxps://update.reasonsecurity.com/v1/liveS3 WildTangentHelper; "C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe" [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2022-05-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys [25592 2021-09-16] (HP Inc. -> HP Inc.)R3 iaLPSS2_I2C_ICL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_icl.inf_amd64_c8c0638291b9b209\iaLPSS2_I2C_ICL.sys [200456 2020-04-27] (Intel Corporation -> Intel Corporation)R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210352 2022-05-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2022-05-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [193448 2022-05-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2022-05-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2022-05-19] (Malwarebytes Inc -> Malwarebytes)R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [149424 2022-05-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)S3 PortTalk; C:\WINDOWS\System32\Drivers\PortTalk.sys [3567 2009-01-18] (Beyond Logic hxxp://www.beyondlogic.org) [File not signed]S3 PortTalk; C:\Windows\SysWOW64\Drivers\PortTalk.sys [3567 2009-01-18] (Beyond Logic hxxp://www.beyondlogic.org) [File not signed]R1 ReasonCamFilter; C:\WINDOWS\System32\DRIVERS\ReasonCamFilter.sys [49992 2022-05-11] (Reason CyberSecurity Inc. -> Reason Software Company)S0 rsElam; C:\WINDOWS\System32\drivers\rsElam.sys [19944 2022-05-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Reason CyberSecurity Inc.)R1 rsKernelEngine; C:\WINDOWS\System32\DRIVERS\rsKernelEngine.sys [49456 2022-05-11] (Reason CyberSecurity Inc. -> Windows ® Win 7 DDK provider)R3 vdvad_WaveExtensible; C:\WINDOWS\System32\drivers\vdvad.sys [44936 2022-02-14] (Virtual Desktop, Inc. -> Virtual Desktop, Inc.)R3 vdvge; C:\WINDOWS\System32\drivers\vdvge.sys [77864 2021-05-17] (Virtual Desktop, Inc. -> Virtual Desktop, Inc.)R3 VOICEMOD_Driver; C:\WINDOWS\system32\drivers\vmdrv.sys [48136 2022-02-23] (Voicemod Sociedad Limitada -> Windows ® Win 7 DDK provider)S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49600 2022-04-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [443664 2022-04-07] (Microsoft Windows -> Microsoft Corporation)S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90384 2022-04-07] (Microsoft Windows -> Microsoft Corporation)R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [37280 2021-11-23] (HP Inc. -> HP)S3 AmUStor; \SystemRoot\system32\drivers\AmUStorU.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2022-05-19 15:15 - 2022-05-19 15:15 - 000027025 _____ C:\Users\jo11y\Downloads\FRST.txt2022-05-19 15:12 - 2022-05-19 15:15 - 000000000 ____D C:\FRST2022-05-19 15:12 - 2022-05-19 15:12 - 002366464 _____ (Farbar) C:\Users\jo11y\Downloads\FRST64.exe2022-05-19 15:00 - 2022-05-19 15:01 - 000000000 ____D C:\AdwCleaner2022-05-19 15:00 - 2022-05-19 15:00 - 008551608 _____ (Malwarebytes) C:\Users\jo11y\Downloads\adwcleaner_8.3.2.exe2022-05-19 13:38 - 2022-05-19 13:38 - 000193448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys2022-05-19 13:38 - 2022-05-19 13:38 - 000149424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys2022-05-19 13:38 - 2022-05-19 13:38 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys2022-05-19 12:57 - 2022-05-19 12:57 - 000002048 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk2022-05-19 12:57 - 2022-05-19 12:57 - 000002036 _____ C:\Users\Public\Desktop\Malwarebytes.lnk2022-05-19 12:57 - 2022-05-19 12:57 - 000000000 ____D C:\Users\jo11y\AppData\Local\mbam2022-05-19 12:56 - 2022-05-19 12:56 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys2022-05-19 12:56 - 2022-05-19 12:56 - 000210352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys2022-05-19 12:55 - 2022-05-19 12:51 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys2022-05-19 12:53 - 2022-05-19 12:52 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys2022-05-19 12:51 - 2022-05-19 12:51 - 000000000 ____D C:\ProgramData\Malwarebytes2022-05-19 12:50 - 2022-05-19 12:51 - 000000000 ____D C:\Program Files\Malwarebytes2022-05-19 12:45 - 2022-05-19 12:46 - 200566968 _____ (Malwarebytes) C:\Users\jo11y\Downloads\MBSetup-0000870.0000870-4.4.11.149-1.0.1513-1.0.47333.exe2022-05-17 16:25 - 2022-05-17 16:25 - 000042040 _____ C:\Users\jo11y\Downloads\Hacked Skin Pack.zip2022-05-15 22:37 - 2022-05-15 22:37 - 000000000 ____D C:\Users\jo11y\AppData\Roaming\Blender Foundation2022-05-15 22:37 - 2022-05-15 22:37 - 000000000 ____D C:\Users\jo11y\.thumbnails2022-05-15 18:44 - 2022-05-15 18:44 - 002985984 _____ (Psycho Coding) C:\Users\jo11y\Downloads\PCPS (2).exe2022-05-15 18:28 - 2022-05-15 18:29 - 000002307 _____ C:\Users\jo11y\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fiddler ScriptEditor.lnk2022-05-15 18:28 - 2022-05-15 18:29 - 000002163 _____ C:\Users\jo11y\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fiddler Classic.lnk2022-05-15 18:24 - 2022-05-15 18:24 - 000000000 ____D C:\Users\jo11y\AppData\Roaming\PsychoCodingPartyTool2022-05-15 18:22 - 2022-05-15 18:23 - 001746432 _____ () C:\Users\jo11y\Downloads\XBL Party Tool (2).exe2022-05-15 18:07 - 2022-05-15 18:07 - 000934931 _____ C:\Users\jo11y\Downloads\Lanc v1 (lancremasteredpcps.com).rar2022-05-15 18:03 - 2022-05-15 18:45 - 000000000 ____D C:\Users\jo11y\AppData\Local\Psycho_Coding2022-05-15 18:03 - 2022-05-15 18:03 - 000000000 ____D C:\Users\jo11y\AppData\Roaming\PCPS2022-05-15 18:03 - 2022-05-15 18:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap2022-05-15 18:03 - 2022-05-15 18:03 - 000000000 ____D C:\Program Files (x86)\WinPcap2022-05-15 18:00 - 2022-05-15 18:00 - 002985984 _____ (Psycho Coding) C:\Users\jo11y\Downloads\PCPS.exe2022-05-15 17:59 - 2022-05-15 17:59 - 000915128 _____ (Riverbed Technology, Inc.) C:\Users\jo11y\Downloads\WinPcap_4_1_3.exe2022-05-11 18:45 - 2022-05-11 18:45 - 000001545 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver & Support Assistant.lnk2022-05-11 17:10 - 2019-11-04 00:49 - 000000000 ____D C:\Users\jo11y\Downloads\PREREQUISITES2022-05-11 16:58 - 2022-05-19 15:02 - 000000000 ____D C:\Users\jo11y\AppData\Roaming\rav-antivirus-client2022-05-11 16:58 - 2022-05-11 16:58 - 000001266 _____ C:\Users\jo11y\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RAV Endpoint Protection.lnk2022-05-11 16:57 - 2022-05-19 15:13 - 000000000 ____D C:\ProgramData\RAVAntivirus2022-05-11 16:57 - 2022-05-11 16:57 - 000049992 _____ (Reason Software Company) C:\WINDOWS\system32\Drivers\ReasonCamFilter.sys2022-05-11 16:57 - 2022-05-11 16:57 - 000049456 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\rsKernelEngine.sys2022-05-11 16:57 - 2022-05-11 16:57 - 000019944 _____ (Reason CyberSecurity Inc.) C:\WINDOWS\system32\Drivers\rsElam.sys2022-05-11 16:57 - 2022-05-11 16:57 - 000005036 _____ C:\ProgramData\rsEngine.config.backup2022-05-11 16:56 - 2022-05-11 16:57 - 000000000 ____D C:\Program Files\RAVAntivirus2022-05-08 18:30 - 2022-05-08 18:31 - 130643968 _____ C:\Users\jo11y\Downloads\download.iso2022-05-07 21:49 - 2022-05-07 21:49 - 000001039 _____ C:\Users\Public\Desktop\Steam.lnk2022-05-07 21:48 - 2022-05-07 21:48 - 002296488 _____ C:\Users\jo11y\Downloads\SteamSetup (1).exe2022-05-07 19:33 - 2022-05-07 19:33 - 000000000 ____D C:\Users\jo11y\AppData\Roaming\EasyAntiCheat2022-05-07 16:12 - 2022-05-07 16:12 - 000000000 ___SH C:\Users\Public\Shared Files2022-05-07 14:50 - 2022-05-17 15:26 - 000002386 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Secure Browser.lnk2022-05-07 14:50 - 2022-05-07 14:50 - 000003826 _____ C:\WINDOWS\system32\Tasks\AVG Secure Browser Heartbeat Task (Hourly)2022-05-07 14:50 - 2022-05-07 14:50 - 000003242 _____ C:\WINDOWS\system32\Tasks\AVG Secure Browser Heartbeat Task (Logon)2022-05-07 14:50 - 2022-05-07 14:50 - 000000000 ____D C:\Users\jo11y\AppData\Local\AVG2022-05-07 14:50 - 2022-05-07 14:50 - 000000000 ____D C:\ProgramData\AVG2022-05-07 14:49 - 2022-05-07 14:49 - 000003414 _____ C:\WINDOWS\system32\Tasks\AVGUpdateTaskMachineUA2022-05-07 14:49 - 2022-05-07 14:49 - 000003290 _____ C:\WINDOWS\system32\Tasks\AVGUpdateTaskMachineCore2022-05-07 14:49 - 2022-05-07 14:49 - 000000000 ____D C:\Program Files\McAfee2022-05-07 14:49 - 2022-05-07 14:49 - 000000000 ____D C:\Program Files (x86)\AVG2022-05-07 14:48 - 2022-05-07 14:48 - 000000000 ____D C:\ProgramData\McAfee2022-05-07 14:28 - 2022-05-07 14:28 - 000000000 ____D C:\Users\jo11y\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom2022-05-07 14:20 - 2022-05-07 14:20 - 000000000 ____D C:\Users\jo11y\AppData\Local\CrashReportClient2022-05-07 14:19 - 2022-05-07 14:19 - 000000000 ____D C:\Users\jo11y\AppData\Local\FortniteGame2022-05-07 14:19 - 2022-05-07 14:19 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat2022-05-07 13:55 - 2022-05-12 15:19 - 000000000 __SHD C:\ProgramData\AMD Driver2022-05-07 13:47 - 2022-05-07 13:55 - 000000000 ____D C:\Users\jo11y\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR2022-05-07 13:47 - 2022-05-07 13:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR2022-05-07 13:47 - 2022-05-07 13:55 - 000000000 ____D C:\Program Files\WinRAR2022-05-07 13:47 - 2022-05-07 13:47 - 000000000 ____D C:\Users\jo11y\AppData\Roaming\WinRAR2022-05-07 13:42 - 2022-05-07 13:42 - 000000000 ____D C:\Program Files\7-Zip2022-05-07 10:52 - 2022-05-07 10:52 - 000003354 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2604515818-1322213993-119557030-10022022-05-07 10:52 - 2022-05-07 10:52 - 000002386 _____ C:\Users\Anarc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk2022-05-07 10:51 - 2022-05-07 10:51 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2604515818-1322213993-119557030-10062022-05-07 10:51 - 2022-05-07 10:51 - 000003354 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2604515818-1322213993-119557030-10062022-05-07 10:51 - 2022-05-07 10:51 - 000002386 _____ C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk2022-05-07 10:46 - 2022-05-07 10:46 - 000000000 ____D C:\Users\james\AppData\Roaming\Apple Computer2022-05-07 10:46 - 2022-05-07 10:46 - 000000000 ____D C:\Users\james\AppData\Local\OneDrive2022-05-07 10:45 - 2022-05-07 10:47 - 000000000 ____D C:\Users\james\AppData\Local\Intel2022-05-04 19:17 - 2022-05-04 19:17 - 000003354 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2604515818-1322213993-119557030-10012022-05-04 19:16 - 2022-05-04 19:17 - 000002386 _____ C:\Users\jo11y\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk2022-04-30 11:47 - 2022-04-30 11:47 - 000801160 _____ (BlueStack Systems Inc.) C:\Users\jo11y\Downloads\BlueStacksInstaller_5.7.0.1064_native_119685ba22ef9f86cd67748b6bb892b0_0.exe2022-04-30 00:07 - 2022-04-30 00:07 - 000000000 ____D C:\Users\jo11y\AppData\Local\Cloud Game2022-04-29 23:55 - 2022-04-29 23:55 - 000801160 _____ (BlueStack Systems Inc.) C:\Users\jo11y\Downloads\BlueStacksInstaller_5.7.0.1064_native_9025c471a77c809deb4ef69e496e2431_0.exe2022-04-28 15:22 - 2022-04-28 15:22 - 000001161 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk2022-04-28 15:22 - 2022-04-28 15:22 - 000000000 ____D C:\Program Files\PCHealthCheck2022-04-27 15:33 - 2022-04-27 15:33 - 000000000 ____D C:\Users\jo11y\AppData\LocalLow\Unity2022-04-27 15:32 - 2022-04-27 15:32 - 000000000 ____D C:\Users\jo11y\AppData\LocalLow\VRChat2022-04-27 14:59 - 2022-04-27 14:59 - 000000000 ____D C:\WINDOWS\Panther2022-04-27 14:50 - 2022-04-27 14:50 - 002296488 _____ C:\Users\jo11y\Downloads\SteamSetup.exe2022-04-27 13:38 - 2022-04-27 13:38 - 000000000 ____D C:\Users\jo11y\AppData\Roaming\Virtual Desktop2022-04-27 13:37 - 2022-05-05 19:15 - 000000000 ____D C:\ProgramData\Virtual Desktop2022-04-27 13:37 - 2022-04-27 13:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Desktop Streamer2022-04-27 13:37 - 2022-04-27 13:37 - 000000000 ____D C:\Program Files\Virtual Desktop Streamer2022-04-27 13:37 - 2022-04-27 13:37 - 000000000 ____D C:\Program Files\Virtual Desktop2022-04-27 13:32 - 2022-04-27 13:32 - 053914856 _____ (Virtual Desktop, Inc.) C:\Users\jo11y\Downloads\VirtualDesktop.Streamer.Setup.exe2022-04-26 21:39 - 2022-04-26 21:39 - 000000000 ____D C:\Users\jo11y\AppData\Local\Apple Inc2022-04-26 21:39 - 2022-04-26 21:39 - 000000000 ____D C:\Users\jo11y\AppData\Local\Apple Computer2022-04-22 20:18 - 2022-04-22 20:18 - 000006877 _____ C:\Users\jo11y\-1.14-windows.xml2022-04-22 20:14 - 2022-05-18 16:39 - 000000000 ____D C:\Users\jo11y\AppData\Local\BlueStacks2022-04-22 20:14 - 2022-04-29 23:55 - 000000000 ____D C:\Users\Public\BlueStacks ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2022-05-19 15:03 - 2021-09-18 15:30 - 000936818 _____ C:\WINDOWS\system32\PerfStringBackup.INI2022-05-19 15:03 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF2022-05-19 15:02 - 2019-11-28 11:14 - 000000000 ____D C:\ProgramData\HP2022-05-19 15:01 - 2020-05-24 17:43 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard2022-05-19 15:01 - 2020-05-09 18:47 - 000000000 ____D C:\Users\jo11y\AppData\Roaming\Hewlett-Packard2022-05-19 15:01 - 2020-04-19 14:02 - 000000000 ____D C:\ProgramData\Hewlett-Packard2022-05-19 15:01 - 2019-10-29 13:52 - 000000000 ___HD C:\hp2022-05-19 14:58 - 2020-12-17 23:49 - 000000000 ____D C:\Program Files (x86)\Google2022-05-19 14:57 - 2020-05-09 18:30 - 000000000 __SHD C:\Users\jo11y\IntelGraphicsProfiles2022-05-19 13:38 - 2021-09-18 15:27 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT2022-05-19 13:38 - 2021-09-18 15:20 - 000008192 ___SH C:\DumpStack.log.tmp2022-05-19 13:38 - 2020-04-19 15:00 - 000000000 ____D C:\Intel2022-05-19 13:38 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState2022-05-19 13:38 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft2022-05-19 13:38 - 2019-12-07 04:03 - 001310720 _____ C:\WINDOWS\system32\config\BBI2022-05-19 13:00 - 2022-04-13 20:12 - 000000000 ____D C:\Users\jo11y\AppData\Roaming\.minecraft2022-05-19 12:55 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP2022-05-19 12:38 - 2020-05-09 19:01 - 000000000 ____D C:\Users\jo11y\AppData\Local\D3DSCache2022-05-19 12:31 - 2021-09-18 15:20 - 000000000 ____D C:\WINDOWS\system32\SleepStudy2022-05-18 16:35 - 2021-04-22 18:00 - 000000000 ____D C:\Users\jo11y\AppData\Local\Oculus2022-05-18 16:28 - 2020-12-16 23:45 - 000000000 ____D C:\Users\jo11y\AppData\Local\CrashDumps2022-05-18 16:11 - 2022-03-19 16:26 - 000000000 ____D C:\ProgramData\Voicemod2022-05-18 16:10 - 2022-03-19 16:26 - 000000000 ____D C:\Users\jo11y\AppData\Local\Voicemod2022-05-17 16:41 - 2020-05-09 18:28 - 000000000 ____D C:\Users\jo11y\AppData\Local\Packages2022-05-17 16:41 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps2022-05-17 16:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness2022-05-17 15:27 - 2020-12-17 23:50 - 000002256 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk2022-05-17 15:27 - 2020-12-17 23:50 - 000002215 _____ C:\Users\Public\Desktop\Google Chrome.lnk2022-05-16 19:19 - 2019-11-28 11:16 - 000000000 ____D C:\Program Files\Microsoft Office2022-05-16 15:49 - 2022-03-19 20:20 - 000000000 ____D C:\Users\jo11y\AppData\Roaming\discord2022-05-16 00:20 - 2022-03-19 20:20 - 000000000 ____D C:\Users\jo11y\AppData\Local\Discord2022-05-15 22:37 - 2021-09-18 15:23 - 000000000 ____D C:\Users\jo11y2022-05-15 16:43 - 2020-07-14 16:38 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk2022-05-15 16:43 - 2020-07-14 16:38 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk2022-05-13 23:29 - 2022-04-03 15:15 - 000000000 ____D C:\Users\jo11y\AppData\Roaming\obs-studio2022-05-12 15:19 - 2020-09-17 12:14 - 000000000 ____D C:\Program Files (x86)\Steam2022-05-12 15:16 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports2022-05-11 18:47 - 2020-05-09 18:52 - 000000000 ____D C:\ProgramData\Package Cache2022-05-11 18:45 - 2020-05-09 18:57 - 000000000 ____D C:\Program Files (x86)\Intel2022-05-11 17:15 - 2020-05-09 18:30 - 000000000 ____D C:\Users\jo11y\AppData\Local\ConnectedDevicesPlatform2022-05-11 17:15 - 2019-04-15 10:39 - 000000000 __RHD C:\Users\Public\AccountPictures2022-05-07 19:20 - 2022-04-18 14:12 - 000000000 ____D C:\XboxGames2022-05-07 16:12 - 2019-12-07 04:14 - 000000000 __SHD C:\Users\Public\Libraries2022-05-07 15:56 - 2022-04-03 15:18 - 000000015 _____ C:\Users\jo11y\AppData\Roaming\obs-virtualcam.txt2022-05-07 14:28 - 2022-03-19 15:45 - 000000000 ____D C:\Users\jo11y\AppData\Roaming\Zoom2022-05-07 14:20 - 2022-03-19 19:40 - 000000000 ____D C:\Users\jo11y\AppData\Local\UnrealEngine2022-05-07 14:20 - 2020-12-16 23:45 - 000000000 ____D C:\Users\jo11y\AppData\Local\NVIDIA Corporation2022-05-07 10:57 - 2021-09-17 19:27 - 000000000 __SHD C:\Users\Anarc\IntelGraphicsProfiles2022-05-07 10:57 - 2021-09-17 19:27 - 000000000 ____D C:\Users\Anarc\AppData\Local\Packages2022-05-07 10:57 - 2021-09-17 19:27 - 000000000 ____D C:\Users\Anarc\AppData\Local\Oculus2022-05-07 10:52 - 2022-01-31 17:18 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2604515818-1322213993-119557030-10022022-05-07 10:52 - 2021-09-17 19:30 - 000000000 ___RD C:\Users\Anarc\OneDrive2022-05-07 10:51 - 2021-09-18 17:26 - 000000000 ____D C:\Users\james\AppData\Local\Oculus2022-05-07 10:49 - 2021-09-18 17:26 - 000000000 ____D C:\Users\james\AppData\Local\Publishers2022-05-07 10:49 - 2021-09-18 17:26 - 000000000 ____D C:\Users\james\AppData\Local\Packages2022-05-07 10:46 - 2021-09-18 17:56 - 000000000 ____D C:\WINDOWS\HoloShell2022-05-07 10:46 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\PrintDialog2022-05-07 10:45 - 2021-09-18 17:26 - 000000000 __SHD C:\Users\james\IntelGraphicsProfiles2022-05-07 10:45 - 2021-09-18 17:26 - 000000000 ____D C:\Users\james\AppData\Local\ConnectedDevicesPlatform2022-05-07 10:33 - 2020-07-25 11:16 - 000000000 ____D C:\Users\jo11y\AppData\Local\Razer2022-05-07 10:33 - 2020-07-25 11:08 - 000000000 ____D C:\ProgramData\Razer2022-05-07 10:31 - 2020-05-18 16:50 - 000000000 ____D C:\ProgramData\Smart PC Utilities2022-05-07 10:31 - 2020-05-18 16:41 - 000000000 ____D C:\Users\jo11y\AppData\Local\Smart PC Utilities2022-05-07 10:28 - 2022-04-15 11:22 - 000000000 ____D C:\Users\jo11y\AppData\Local\Roblox2022-05-04 19:17 - 2022-02-24 17:10 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2604515818-1322213993-119557030-10012022-05-03 17:38 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp2022-05-02 15:26 - 2022-03-19 16:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voicemod2022-05-02 15:26 - 2022-03-19 16:26 - 000000000 ____D C:\Program Files\Voicemod Desktop2022-05-02 11:58 - 2020-05-09 18:32 - 000000000 ____D C:\Users\jo11y\AppData\Local\PlaceholderTileLogoFolder2022-04-28 15:25 - 2021-11-11 10:02 - 000003442 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d7accb3a3ea05e2022-04-28 15:25 - 2021-09-18 15:27 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA2022-04-27 15:03 - 2022-04-04 16:21 - 000000000 ____D C:\Users\jo11y\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam2022-04-26 21:39 - 2022-02-01 18:36 - 000000000 ____D C:\Users\jo11y\AppData\Roaming\Apple Computer2022-04-21 18:20 - 2022-04-14 08:28 - 000000000 ____D C:\Users\jo11y\AppData\Local\NG_Injector2022-04-20 15:17 - 2021-09-18 15:27 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA2022-04-20 15:17 - 2021-09-18 15:27 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore ==================== Files in the root of some directories ======== 2022-04-03 15:18 - 2022-05-07 15:56 - 000000015 _____ () C:\Users\jo11y\AppData\Roaming\obs-virtualcam.txt2020-05-14 15:47 - 2020-07-09 11:50 - 000007602 _____ () C:\Users\jo11y\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.)BCD (recoveryenabled=No -> recoveryenabled=Yes) <==== restored successfully==================== End of FRST.txt ========================

Infected with Trojans and Hijackers