Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Windows 10S stuck in Automatic Recovery mode

2K views 36 replies 4 participants last post by  DR.M 
#1 ·
I tried to run my laptop in Safe mode to try and remove .NEER malware.
But instead my laptop has gone into automatic recovery mode.
When it switches on it asks for the language preffered and then gives 2 options of troubleshoot or turn off .
I have tried multiple methods using command prompt of bootrec msconfig etc. None of them have worked yet .
Cant restore or recover from backup
 

Attachments

See less See more
3
#8 ·
OK, Couriant above suggested to remove this topic to the Malware Removal Forum. In that case, I would ask you to take some steps, in order to check if the computer can boot in Windows. I would like you to get an empty USB drive for that.

As for the decryption, there is a special site you upload samples of the encrypted files and they inform you if there is a possibility to decrypt them or not. But you can't do now, since you can't sign in Windows.

Let me know if you want me to move this topic to the Malware Removal Forum.
 
#9 ·
OK, Couriant above suggested to remove this topic to the Malware Removal Forum. In that case, I would ask you to take some steps, in order to check if the computer can boot in Windows. I would like you to get an empty USB drive for that.

As for the decryption, there is a special site you upload samples of the encrypted files and they inform you if there is a possibility to decrypt them or not. But you can't do now, since you can't sign in Windows.

Let me know if you want me to move this topic to the Malware Removal Forum.
I have an empty usb drive what do i do after that to boot into windows i have tried repairing startup using a windows media tool in usb flash it didn't work
 
#10 ·
I just asked for the topic removal.

1. Find some necessary stuff
  1. An empty USB flash drive
  2. A healthy computer (either yours or a friend's)

2. Protect the healthy computer and download FRST on the USB drive

Using the healthy computer:


2.1. As a layer of protection, to ensure autorun is blocked on the flash drive, install on the healthy computer dr_Bora's program, MCShield::Anti-Malware Tool::. This tool is a resident drive detector and scanner, meant not just to block the autorun.inf, but also to clean the malicious files from the drive.
  • Download it from here: MCShield
  • Save it on your Desktop.
  • Double click the MCShield-Setup.exe on your desktop, and follow the instructions until it gets installed (Yes, Next, I agree, Next, Install).
  • Click on Run to let it run.
  • Go to the General tab in the menu at the left and tick the option Always show the log file in case of infection.
  • OK and close the window.
2.2. Download the right version of FRST for your system, and save it on your USB drive.
Note: If you don't know which one to download, download and save both on your USB drive. Only the right version will run on your system, the other will throw an error message. The one that works is the one you should be using from now on.

3. Enter System Recovery Options

Using the faulty computer:
  • Start by shutting down your computer.
  • Press on the power button on the case to turn it on.
  • After the computer is about 3 - 5 seconds into the boot-up process, hold down the power button to shut down the computer.
  • Repeat the above process once again.
  • For the third time, turn on the computer and allow it to boot up.
  • If you completed the process correctly, a message saying Preparing Automatic Repair should appear.
  • In a few seconds, another message will appear stating Diagnosing your PC and Automatic Repair will open.
  • When you reach the Automatic Repair screen, click on Advanced Options.
  • At the next screen, select Troubleshoot.
  • When you see the next screen, select Advanced Options.
  • You will get the following options:
    • Startup Repair
    • Startup Settings
    • Command Prompt
    • Uninstall Updates
    • System Restore
    • System Image Recovery
  • Select Command Prompt.

Run FRST from the Command Prompt
  1. In the black window that will open, called command prompt, type notepad and press on Enter.
  2. Notepad will open. Click on the File menu and select Open.
  3. Click on Computer, find the letter for your USB Flash Drive, then close the window and Notepad.
  4. In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe) and press on Enter. As I told you before, run both of them if you are unsure about the architecture (x32 or x64) of your computer. Only the right one will run. IMPORTANT: Replace the letter e with the drive letter of your USB Flash Drive.
  5. FRST will open.
  6. Click on Yes to accept the disclaimer.
  7. Click on the Scan button and wait for the scan to complete.
  8. A log called FRST.txt will be saved on your USB Flash Drive.

4. Provide the FRST.txt

Using the healthy computer:

Insert the USB drive, open the FRST.txt, copy its content and paste it here, in your next reply.
 
#11 ·
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-07-2021
Ran by SYSTEM on MININT-VQFO9F7 (06-07-2021 16:50:32)
Running from f:\
Platform: Windows 10 Home Single Language Version 20H2 19042.985 (X64) Language: English (United States) -> English (United States)
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NerveCenterTray] => C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenterTray.exe [245088 2017-04-28] (LENOVO -> Lenovo(beijing) Limited)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18391088 2018-10-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506376 2018-10-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506376 2018-10-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-07-13] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [LenovoUtility] => C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe [911272 2017-07-26] (LENOVO -> Lenovo(beijing) Limited)
HKLM\...\Run: [Cm108BSound] => "C:\Program Files\KOTION EACH 7.1 GAMING HEADSET\CPL\FaceLift_x64.exe" /h /d
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [564152 2021-05-20] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [829632 2016-06-23] (Dolby Laboratories, Inc. -> )
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [449280 2017-07-05] (Power Software Limited -> Power Software Ltd)
HKLM-x32\...\Run: [$REGNAME] => "C:\Gaming Mouse\Gaming Driver.exe" /hide
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [704424 2017-06-15] (Autodesk, Inc -> Autodesk, Inc.)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272 2016-10-08] (Shenzhen Jia Xing Investment Co., Ltd. -> AimerSoft)
HKLM-x32\...\Run: [REDRAGON GRIFFIN Gaming Mouse] => C:\Program Files (x86)\REDRAGON GRIFFIN Gaming Mouse\hid.exe [955392 2017-11-13] ()
HKLM-x32\...\Run: [AirBackupHelper] => C:\Program Files (x86)\iMobie\AppTrans\AirBackupHelper.exe
HKU\Lenovo\...\Run: [livelywpf] => C:\Program Files (x86)\Lively Wallpaper\livelywpf.exe [195072 2021-06-26] (livelywpf)
HKU\Lenovo\...\Policies\Explorer: []
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [51032 2008-04-06] (Adobe Systems, Incorporated -> Adobe Systems Inc)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-10-01]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe (McAfee, Inc. -> McAfee, Inc.)
Startup: C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Coinoto.lnk [2018-01-03]
ShortcutTarget: Coinoto.lnk -> C:\windows\system32\config\systemprofile\AppData\Local\Programs\Coinoto\Coinoto.exe (No File)
Startup: C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2018-05-17]
ShortcutTarget: MEGAsync.lnk -> C:\windows\system32\config\systemprofile\AppData\Local\MEGAsync\MEGAsync.exe (No File)
Startup: C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2021-01-15]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0093DA60-DF41-47A5-9E38-26CEBD5665E4} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [144456 2021-05-19] (Lenovo -> Lenovo Group Ltd.)
Task: {08B7A778-F9F5-44CC-8DC2-95435C1036B6} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3421330294-541237824-4174931949-1001 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {09BB3A4D-8EC6-48C5-A7C0-B8E8F0C522DB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [24264 2017-09-13] (Microsoft Corporation -> )
Task: {0CD2FB2D-0EE6-4108-8F15-74A2CE18DBBA} - System32\Tasks\GridinSoft Anti-Malware => C:\Program Files\GridinSoft Anti-Malware\gsam.exe [25313544 2021-07-01] (GridinSoft, LLC -> Gridinsoft LLC)
Task: {0E2CF6CC-1DD1-40B6-8A75-E0FFAB6810EE} - System32\Tasks\OneDrive Standalone Update Task v2 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {12DF3F8A-9612-48CA-AE38-2818FA70CA73} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\Windows\System32\WinBioPlugIns\FaceFodUninstaller.exe [507392 2021-03-31] ()
Task: {13A799AC-1F20-4189-9C2E-516FDAF36CE3} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {141A3E42-DF0F-48AE-9DFA-1DE41CCE4693} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648048 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {163D3BE9-DD9F-4FBC-9C82-4BF2812B68CA} - System32\Tasks\Agent Activation Runtime\S-1-5-21-3421330294-541237824-4174931949-1001 => C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe [13312 2021-05-14] ()
Task: {1B05D1C3-291C-4820-9E5F-4400B56F10B2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
Task: {1CCB3D4A-A39D-4678-86A4-0676E224E1FF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-16] (Adobe Inc. -> Adobe)
Task: {1FF267D6-5C57-4816-8B71-DBFA1983540D} - System32\Tasks\Microsoft\Windows\MUI\Manager => C:\Users\Lenovo\AppData\Roaming\Adobe\Manager.exe
Task: {283F6416-ADEA-433D-95F0-4B6400944EC5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [14544792 2018-11-07] (Piriform Software Ltd -> Piriform Ltd)
Task: {2DCAE1CD-C9F3-4382-8B59-207DCB755D7F} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7-Logon => C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-10-14] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {39A16FAB-4384-4405-86E2-447ABFE2A3A4} - \Trans the Dead Storage demo -> No File <==== ATTENTION
Task: {3A5D3C22-10C5-4A0B-8489-0DDDD1DF85A9} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1012344 2017-05-25] (McAfee, Inc. -> McAfee, Inc.)
Task: {42E256F1-8D7E-4BAB-9841-115D59290E67} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {461620B1-51A8-41B6-88EF-314AB00BF14E} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [690616 2021-06-24] (Mozilla Corporation -> Mozilla Foundation)
Task: {479A84D8-D468-494E-A191-73B3318EAE71} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1642672 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {4BE40475-039E-410D-8CAF-8D50D65094F8} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-16] (Adobe Inc. -> Adobe)
Task: {53EB94A8-95FD-4E1A-BD3A-7D0C6748BADB} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5732E035-FB36-49ED-B910-34A92AD57666} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {57906077-29CA-4598-9481-C43F3E872F0A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\e43b4d30-6a57-4573-ba20-418bf96857e6 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81824 2021-03-14] (Lenovo -> Lenovo Group Ltd.)
Task: {5D919B78-0FD5-46DB-8A0D-F9342D46C9A6} - System32\Tasks\Opera scheduled Autoupdate 1500450554 => C:\Users\Lenovo\AppData\Local\Programs\Opera\launcher.exe
Task: {60CF45CC-852F-4807-9056-4DB68B4154C6} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {64189C04-6F8F-4268-9542-0486F46634C9} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [543536 2016-10-13] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {668CDD37-E047-402D-BDD9-111AD96E0BBC} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\Windows\system32\ImController.InfInstaller.exe [62392 2021-03-14] (Lenovo -> Lenovo Group Ltd.)
Task: {68B05CC1-C04F-493A-BB69-05D76590E0D7} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7 => C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-10-14] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {6AD630B6-C73A-409E-ABF6-55590D660D1F} - System32\Tasks\TaskbarX FRIDAYLenovo => C:\Users\Lenovo\Desktop\Taskbar\TaskbarX.exe [169984 2021-04-11] (Chris Andriessen)
Task: {6C054A03-AC72-436F-A84E-F67FC8551341} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\930b8806-079f-4997-8887-88f0c0f6b46b => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81824 2021-03-14] (Lenovo -> Lenovo Group Ltd.)
Task: {7132A806-C067-459E-BA4F-B387685B6304} - System32\Tasks\Microsoft\Windows\Multimedia\Driver => C:\Users\Lenovo\AppData\Roaming\Windows_x64_nheqminer-5c\nheqminer.exe -> -l zec-eu1.nanopool.org:6666 -u t1PNAHGdyDAhsdMT1ysFxFrshBZv5MayhsJ/C:\Users\Lenovo\AppData\Roaming -p x -t 7
Task: {7A86B163-90BD-4DB3-AE4F-138FE8E69C40} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849264 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {84C5B028-4F84-42D7-ADF4-8322AD38F49F} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => C:\Program Files\CUAssistant\culauncher.exe
Task: {8A555BB7-731B-4A0F-952F-735AE54A39DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-07-18] (Google Inc -> Google Inc.)
Task: {8D6F70C2-EE4D-4443-BD0A-DCC065C3E675} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {8E39A68D-9169-4DBD-B4BE-73C09A9641F9} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [590704 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {911E0B05-A832-44B7-8CD7-6CF4FDC0B67D} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1012344 2017-05-25] (McAfee, Inc. -> McAfee, Inc.)
Task: {94E8279B-30F4-46B3-8C9D-0F7A585CAA28} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849264 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {99F94F6A-6C8E-430A-BC88-8DF17D7ED6D1} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\7ea68cdc-8065-4596-b8a8-1cbb8ec93f26 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81824 2021-03-14] (Lenovo -> Lenovo Group Ltd.)
Task: {A15AAC00-5E54-4847-A699-ED737AE5997A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-07-18] (Google Inc -> Google Inc.)
Task: {A59A8D2F-E06A-4504-A452-41EEAD7E6230} - System32\Tasks\NerveCenterUpdate => C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenterUpdateAgent.exe [744800 2017-04-28] (LENOVO -> Lenovo(beijing) Limited)
Task: {A60C0B0A-EDCB-4D46-92D5-B9AF4A94CC50} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3728752 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AC620BD5-8392-487F-BE65-6A4A3EDB963F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [24264 2017-09-13] (Microsoft Corporation -> )
Task: {C0E83387-4DCB-46D7-A8AC-B122F32CCCDC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {C48FEB17-B78C-4F7B-AF09-977FB953D821} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-3421330294-541237824-4174931949-1001 => C:\Users\Lenovo\AppData\Local\MEGAsync\MEGAupdater.exe [1818360 2021-01-27] (Mega Limited -> Mega Limited)
Task: {CB9A7281-AA25-410F-A7B1-E8B00AD16597} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
Task: {D40C9B65-2E3F-4271-A932-CFF83326A206} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D54295AF-319F-4327-883A-3F4D4457DFD3} - System32\Tasks\Microsoft\Office\Microsoft Office Touchless Attach Notification => %CommonProgramFiles%\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
Task: {D5AD8509-8B5A-4781-A444-C32C8633BCCC} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {D64FFF00-6E53-47B7-B244-07193C9F80EA} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {D878792C-55AE-492A-9500-633CB2A8F31A} - System32\Tasks\Microsoft Office 15 Sync Maintenance for FRIDAY-Lenovo FRIDAY.PVF => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [469640 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {D92F9CD6-BD12-4EFB-B552-4D0548A64F8E} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4147912 2017-04-12] (McAfee, Inc. -> McAfee, Inc.)
Task: {DCD5D676-C497-4FBD-ACD6-AAB3D5D81797} - System32\Tasks\Firefox Default Browser Agent 67A18EBB626C7A0E => C:\Users\Lenovo\AppData\Roaming\wbcther.exe <==== ATTENTION
Task: {DD84D21F-DBFE-4B8C-8761-7DD5A66129E0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {EF75BE52-BC92-403D-88FC-F5C2EF659064} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
Task: {EF79F0CD-DB0F-4E32-8BBF-91CE9CFD7AD6} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [745296 2017-05-30] (McAfee, Inc. -> McAfee, Inc.)
Task: {F46F4361-B05A-4924-A8E4-07608EE02A61} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F7E8D62D-EC28-44E5-8463-D4E9312F21B7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {FBD889C0-65DD-4461-B16A-0A33C6309A7D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\158134fe-a53a-478e-b2da-cdc291645d9f => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81824 2021-03-14] (Lenovo -> Lenovo Group Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-16] (Adobe Inc. -> Adobe)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-02] (Apple Inc. -> Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8646752 2020-07-01] (BattlEye Innovations e.K. -> )
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1752992 2017-03-29] (McAfee, Inc. -> Intel Security)
S2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2018-09-25] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [781440 2018-12-09] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 GameRecorderSVC; C:\Program Files\Lenovo\Nerve Center\bin\x86\GameRecorderSVC.exe [392032 2017-04-28] (LENOVO -> Lenovo(beijing) Limited)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc. -> McAfee, Inc.)
S2 ImControllerService; C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81824 2021-03-14] (Lenovo -> Lenovo Group Ltd.)
S3 Intel(R) Online Connect; C:\Program Files\Intel\Intel(R) Online Connect\ioc.exe [25312 2016-11-01] (Intel(R) Online Connect -> Intel Corporation)
S2 Intel(R) Online Connect Helper; C:\Program Files\Intel\Intel(R) Online Connect\iocHelperService.exe [34528 2016-11-01] (Intel(R) Online Connect -> Intel Corporation)
S3 Intel(R) Online Connect Software Asset Manager; C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-10-14] (Intel(R) Software Asset Manager -> Intel Corporation)
S2 Intel(R) TechnologyAccessLegacyCSLoader; C:\Program Files\Intel\Intel(R) Online Connect Access\LegacyCsLoaderService.exe [173288 2016-10-17] (Intel(R) Online Connect Access -> Intel(R) Corporation)
S2 Intel(R) TechnologyAccessService; C:\Program Files\Intel\Intel(R) Online Connect Access\IntelTechnologyAccessService.exe [496872 2016-10-17] (Intel(R) Online Connect Access -> Intel(R) Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes Corporation -> Malwarebytes)
S2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [984480 2017-06-03] (McAfee, Inc. -> McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\mcafee\actwiz\McAWFwk.exe [454560 2016-11-15] (McAfee, Inc. -> McAfee, Inc.)
S2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc. -> McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe [404376 2017-09-05] (McAfee, Inc. -> McAfee, Inc.)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\\McCSPServiceHost.exe [2139832 2017-05-30] (McAfee, Inc. -> McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc. -> McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc. -> McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc. -> McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241656 2017-04-30] (McAfee, Inc. -> McAfee, Inc.)
S2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [390656 2017-04-30] (McAfee, Inc. -> McAfee, Inc.)
S3 mfevtp; C:\Windows\system32\mfevtps.exe [343544 2017-04-30] (McAfee, Inc. -> McAfee, Inc.)
S2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1543248 2017-05-31] (McAfee, Inc. -> McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc. -> McAfee, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2556048 2021-06-22] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3474584 2021-06-22] (Electronic Arts, Inc. -> Electronic Arts)
S2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1042288 2017-05-21] (McAfee, Inc. -> Intel Security, Inc.)
S2 PluginLoaderSvc; C:\Program Files\Lenovo\Nerve Center\bin\x64\PluginLoaderSvc.exe [966496 2017-04-28] (LENOVO -> Lenovo(beijing) Limited)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2017-09-13] (Even Balance, Inc. -> )
S4 ssh-agent; C:\Windows\System32\OpenSSH\ssh-agent.exe [382976 2021-05-14] ()
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13252624 2020-04-23] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 ucldr_battlegrounds_gl; C:\Program Files\Common Files\Uncheater\ucldr_battlegrounds_gl.exe [6995800 2020-07-04] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10322376 2021-05-20] (Riot Games, Inc. -> Riot Games, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [262880 2021-06-03] (Wondershare Technology Co.,Ltd -> Wondershare)
S2 DFWSIDService; C:\Program Files (x86)\Wondershare\drfone\WsidService.exe [X]
S2 ElevationService; C:\Program Files (x86)\Wondershare\drfone\Addins\Recovery\ElevationService.exe [X]
S2 HiPatchService; E:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [X]
S3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [X]
S2 McAfee WebAdvisor; "C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AcpiPmi; C:\Windows\System32\drivers\acpipmi.sys [18432 2019-12-07] (Microsoft Corporation)
S1 afunix; C:\Windows\system32\drivers\afunix.sys [41984 2021-03-31] (Microsoft Corporation)
S1 afunix; C:\Windows\SysWOW64\drivers\afunix.sys [29696 2021-03-31] (Microsoft Corporation)
S1 ahcache; C:\Windows\System32\DRIVERS\ahcache.sys [292352 2021-04-14] (Microsoft Corporation)
S3 applockerfltr; C:\Windows\System32\drivers\applockerfltr.sys [18432 2021-03-31] (Microsoft Corporation)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [9728 2019-12-07] (Windows (R) Win 7 DDK provider)
S1 Beep; C:\Windows\System32\Drivers\Beep.sys [10240 2019-12-07] (Microsoft Corporation)
S3 BHTPCRDR; C:\Windows\System32\drivers\bhtpcrdr.sys [173432 2016-08-10] (BayHub Technology Inc. -> BayHubTech/O2Micro)
S3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [117760 2021-03-31] (Microsoft Corporation)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [284672 2021-04-14] (Microsoft Corporation)
S3 BthEnum; C:\Windows\System32\drivers\BthEnum.sys [113664 2021-05-14] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\System32\drivers\BthHfAud.sys [65536 2019-12-07] (Microsoft Corporation)
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [106496 2021-03-31] (Microsoft Corporation)
S3 BthMini; C:\Windows\System32\drivers\BTHMINI.sys [45568 2021-05-14] (Microsoft Corporation)
S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [76800 2019-12-07] (Microsoft Corporation)
S3 BthPan; C:\Windows\System32\drivers\bthpan.sys [133632 2019-12-07] (Microsoft Corporation)
S3 BTHPORT; C:\Windows\System32\drivers\BTHport.sys [1560064 2021-05-14] (Microsoft Corporation)
S3 BTHUSB; C:\Windows\System32\drivers\BTHUSB.sys [110592 2021-05-14] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [76824 2017-05-02] (McAfee, Inc. -> McAfee, Inc.)
S1 CimFS; C:\Windows\System32\Drivers\CimFS.sys [91136 2021-03-31] ()
S3 circlass; C:\Windows\System32\drivers\circlass.sys [52224 2019-12-07] (Microsoft Corporation)
S2 CldFlt; C:\Windows\System32\drivers\cldflt.sys [495616 2021-05-14] (Microsoft Corporation)
S1 Dfsc; C:\Windows\System32\Drivers\dfsc.sys [152064 2021-03-31] (Microsoft Corporation)
S3 FBNetFilter; C:\Windows\system32\Drivers\FBNetFlt.sys [46576 2017-04-28] (Lenovo (Beijing) Co., Ltd. -> Lenovo(beijing) Limited)
S1 FileCrypt; C:\Windows\System32\drivers\filecrypt.sys [59392 2019-12-07] (Microsoft Corporation)
S1 GpuEnergyDrv; C:\Windows\System32\drivers\gpuenergydrv.sys [8704 2019-12-07] (Microsoft Corporation)
S3 GridinSoftInetSecurityDriver; C:\Windows\system32\DRIVERS\gsInetSecurity.sys [107784 2021-06-30] (GridinSoft, LLC -> GridinSoft LLC)
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [430080 2021-03-31] (Microsoft Corporation)
S3 HidBth; C:\Windows\System32\drivers\hidbth.sys [120320 2021-03-31] (Microsoft Corporation)
S3 HidIr; C:\Windows\System32\drivers\hidir.sys [48640 2019-12-07] (Microsoft Corporation)
S3 HidUsb; C:\Windows\System32\drivers\hidusb.sys [44032 2021-04-14] (Microsoft Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [209608 2017-05-31] (McAfee, Inc. -> McAfee, Inc.)
S3 HwNClx0101; C:\Windows\System32\Drivers\mshwnclx.sys [30208 2019-12-07] (Microsoft Corporation)
S3 IndirectKmd; C:\Windows\System32\drivers\IndirectKmd.sys [47104 2021-03-31] (Microsoft Corporation)
S3 intelpmax; C:\Windows\System32\drivers\intelpmax.sys [30720 2019-12-07] (Microsoft Corporation)
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [90112 2021-05-14] (Microsoft Corporation)
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [225280 2019-12-07] (Microsoft Corporation)
S2 lltdio; C:\Windows\System32\drivers\lltdio.sys [72704 2019-12-07] (Microsoft Corporation)
S2 luafv; C:\Windows\system32\drivers\luafv.sys [140800 2021-03-31] (Microsoft Corporation)
S0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253856 2021-07-05] (Malwarebytes Corporation -> Malwarebytes)
S3 MbbCx; C:\Windows\System32\drivers\MbbCx.sys [386048 2021-03-31] (Microsoft Corporation)
S3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [476176 2017-05-02] (McAfee, Inc. -> McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [353808 2017-05-02] (McAfee, Inc. -> McAfee, Inc.)
S3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [84536 2017-05-02] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [504336 2017-05-02] (McAfee, Inc. -> McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [918544 2017-05-02] (McAfee, Inc. -> McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [495632 2017-04-07] (McAfee, Inc. -> McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [107544 2017-04-07] (McAfee, Inc. -> McAfee, Inc.)
S3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [109072 2017-05-02] (McAfee, Inc. -> McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [252432 2017-05-02] (McAfee, Inc. -> McAfee, Inc.)
S3 Microsoft_Bluetooth_AvrcpTransport; C:\Windows\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys [65024 2019-12-07] (Microsoft Corporation)
S2 MMCSS; C:\Windows\system32\drivers\mmcss.sys [53248 2021-03-31] (Microsoft Corporation)
S3 Modem; C:\Windows\System32\drivers\modem.sys [47104 2021-03-31] (Microsoft Corporation)
S3 monitor; C:\Windows\System32\drivers\monitor.sys [80896 2021-03-31] (Microsoft Corporation)
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [157696 2019-12-07] (Microsoft Corporation)
S3 MsBridge; C:\Windows\System32\drivers\bridge.sys [127488 2019-12-07] (Microsoft Corporation)
S3 mshidumdf; C:\Windows\System32\drivers\mshidumdf.sys [12288 2019-12-07] (Microsoft Corporation)
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [34816 2021-03-31] (Microsoft Corporation)
S2 MsLldp; C:\Windows\System32\drivers\mslldp.sys [78848 2019-12-07] (Microsoft Corporation)
S3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [740864 2021-03-31] (Microsoft Corporation)
S1 NdisCap; C:\Windows\System32\drivers\ndiscap.sys [54272 2019-12-07] (Microsoft Corporation)
S3 NdisImPlatform; C:\Windows\System32\drivers\NdisImPlatform.sys [135168 2021-03-31] (Microsoft Corporation)
S1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [59792 2016-09-13] (Intel(R) Technology Access -> Intel Corporation)
S3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [28672 2021-03-31] (Microsoft Corporation)
S3 NdisWan; C:\Windows\System32\drivers\ndiswan.sys [206848 2021-03-31] (Microsoft Corporation)
S3 ndiswanlegacy; C:\Windows\System32\DRIVERS\ndiswan.sys [206848 2021-03-31] (Microsoft Corporation)
S3 ndproxy; C:\Windows\System32\DRIVERS\NDProxy.sys [93696 2021-03-31] (Microsoft Corporation)
S2 Ndu; C:\Windows\System32\drivers\Ndu.sys [131584 2019-12-07] (Microsoft Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [207360 2021-03-31] (Microsoft Corporation)
S1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [341504 2021-03-31] (Microsoft Corporation)
S3 Netwtw06; C:\Windows\System32\drivers\Netwtw06.sys [8803328 2019-12-07] (Intel Corporation)
S1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [48640 2021-03-31] (Microsoft Corporation)
S2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [822784 2021-03-31] (Microsoft Corporation)
S3 PNPMEM; C:\Windows\System32\drivers\pnpmem.sys [17408 2019-12-07] (Microsoft Corporation)
S3 PptpMiniport; C:\Windows\System32\drivers\raspptp.sys [101888 2021-03-31] (Microsoft Corporation)
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [53248 2019-12-07] (Microsoft Corporation)
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [20480 2021-03-31] (Microsoft Corporation)
S3 RasAgileVpn; C:\Windows\System32\drivers\AgileVpn.sys [113152 2021-05-14] (Microsoft Corporation)
S3 Rasl2tp; C:\Windows\System32\drivers\rasl2tp.sys [110080 2021-03-31] (Microsoft Corporation)
S3 RasSstp; C:\Windows\System32\drivers\rassstp.sys [86016 2021-03-31] (Microsoft Corporation)
S3 rdpbus; C:\Windows\System32\drivers\rdpbus.sys [28672 2019-12-07] (Microsoft Corporation)
S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [169984 2021-04-14] (Microsoft Corporation)
S3 RFCOMM; C:\Windows\System32\drivers\rfcomm.sys [213504 2019-12-07] (Microsoft Corporation)
S3 rhproxy; C:\Windows\System32\drivers\rhproxy.sys [115712 2019-12-07] (Microsoft Corporation)
S2 rspndr; C:\Windows\System32\drivers\rspndr.sys [89088 2019-12-07] (Microsoft Corporation)
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [44032 2021-03-31] (Microsoft Corporation)
S3 spaceparser; C:\Windows\System32\drivers\spaceparser.sys [26624 2019-12-07] (Microsoft Corporation)
S3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [787968 2021-05-14] (Microsoft Corporation)
S3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [315392 2021-03-31] (Microsoft Corporation)
S3 Synth3dVsc; C:\Windows\System32\drivers\Synth3dVsc.sys [6656 2021-04-14] (Microsoft Corporation)
S3 tapnordvpn; C:\Windows\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
S2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [54784 2019-12-07] (Microsoft Corporation)
S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [38216 2021-06-30] (GridinSoft, LLC -> GridinSoft LLC)
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [66560 2019-12-07] (Microsoft Corporation)
S3 TsUsbGD; C:\Windows\System32\drivers\TsUsbGD.sys [37888 2019-12-07] (Microsoft Corporation)
S3 tunnel; C:\Windows\System32\drivers\tunnel.sys [129024 2019-12-07] (Microsoft Corporation)
S3 UcmCx0101; C:\Windows\System32\Drivers\UcmCx.sys [166400 2021-04-14] (Microsoft Corporation)
S3 UcmTcpciCx0101; C:\Windows\System32\Drivers\UcmTcpciCx.sys [188416 2019-12-07] (Microsoft Corporation)
S3 UcmUcsiAcpiClient; C:\Windows\System32\drivers\UcmUcsiAcpiClient.sys [36864 2019-12-07] (Microsoft Corporation)
S3 UcmUcsiCx0101; C:\Windows\System32\Drivers\UcmUcsiCx.sys [113152 2021-03-31] (Microsoft Corporation)
S3 usbaudio; C:\Windows\system32\drivers\usbaudio.sys [210432 2021-05-14] (Microsoft Corporation)
S3 usbaudio2; C:\Windows\System32\drivers\usbaudio2.sys [260608 2019-12-07] (Microsoft Corporation)
S3 usbcir; C:\Windows\System32\drivers\usbcir.sys [107520 2019-12-07] (Microsoft Corporation)
S3 usbprint; C:\Windows\System32\drivers\usbprint.sys [35328 2019-12-07] (Microsoft Corporation)
S3 usbrndis6; C:\Windows\System32\drivers\usb80236.sys [24064 2021-03-31] (Microsoft Corporation)
S3 usbser; C:\Windows\System32\drivers\usbser.sys [88064 2021-04-14] (Microsoft Corporation)
S2 vcs; C:\Program Files (x86)\Common Files\Avnex\vcs64.sys [4096 2017-12-21] ()
S3 VCSVADHWSer; C:\Windows\System32\drivers\vcsvad.sys [29320 2015-10-01] (AVSOFT CORP. -> AVSOFT Corp.)
S1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [8182600 2021-05-20] (Riot Games, Inc. -> Riot Games, Inc.)
S3 VirtualRender; C:\Windows\System32\DriverStore\FileRepository\vrd.inf_amd64_81fbd405ff2470fc\vrd.sys [11264 2019-12-07] (Microsoft Corporation)
S2 wanarp; C:\Windows\System32\DRIVERS\wanarp.sys [93184 2021-03-31] (Microsoft Corporation)
S3 wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [93184 2021-03-31] (Microsoft Corporation)
S3 wcnfs; C:\Windows\system32\drivers\wcnfs.sys [93184 2021-03-31] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 wdiwifi; C:\Windows\System32\DRIVERS\wdiwifi.sys [958976 2021-03-31] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WinNat; C:\Windows\System32\drivers\winnat.sys [259584 2021-03-31] (Microsoft Corporation)
S3 WINUSB; C:\Windows\System32\drivers\WinUSB.SYS [107008 2019-12-07] (Microsoft Corporation)
S3 WsAudio_Device; C:\Windows\system32\drivers\VirtualAudio.sys [48424 2018-01-19] (Wondershare Technology Co.,Ltd -> Wondershare)
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [136192 2019-12-07] (Microsoft Corporation)
S3 WUDFRd; C:\Windows\System32\drivers\WUDFRd.sys [315392 2019-12-07] (Microsoft Corporation)
S3 WUDFWpdFs; C:\Windows\system32\DRIVERS\WUDFRd.sys [315392 2019-12-07] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [315392 2019-12-07] (Microsoft Corporation)
S3 xboxgip; C:\Windows\System32\drivers\xboxgip.sys [329216 2021-03-31] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [2740480 2020-07-07] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 xinputhid; C:\Windows\System32\drivers\xinputhid.sys [51712 2021-03-31] (Microsoft Corporation)
S1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [312776 2020-05-08] (Microsoft Windows Hardware Compatibility Publisher -> Nox Limited Corporation)
UpperFilters: [{4D36E96B-E325-11CE-BFC1-08002BE10318}] -> [SynTP kbdclass]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (All) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-06 16:50 - 2021-07-06 16:50 - 000000000 ____D C:\FRST
2021-07-05 21:45 - 2021-07-05 21:46 - 000000000 ____D C:\Windows\System32\config\backup
2021-07-05 21:39 - 2021-07-05 21:43 - 000000000 ____D C:\efi
2021-07-05 03:49 - 2021-07-05 03:49 - 000000001 _____ C:\Windows\vgkbootstatus.dat
2021-07-04 21:12 - 2021-07-04 21:12 - 030908712 _____ C:\Users\Lenovo\Desktop\SDR Scan ,Mon Jul 5 2021 10-42-08.DAT
2021-07-04 11:21 - 2021-07-04 11:21 - 026279538 _____ C:\Users\Lenovo\Desktop\SDR Scan ,Mon Jul 5 2021 00-50-57.DAT
2021-07-04 10:04 - 2021-07-04 11:20 - 000000000 ____D C:\Users\Lenovo\Desktop\#Root
2021-07-04 08:52 - 2021-07-04 19:56 - 000000000 _RSHD C:\ProgramData\Key-Base
2021-07-04 08:51 - 2021-07-04 08:51 - 000001109 _____ C:\Users\Lenovo\Desktop\Stellar Data Recovery.lnk
2021-07-04 08:51 - 2021-07-04 08:51 - 000000000 ____D C:\Program Files\Stellar Data Recovery
2021-07-04 08:51 - 2020-09-13 05:55 - 000000000 ____D C:\Users\Lenovo\Desktop\Stellar_Data_Recovery_Professional_9.0.0.5
2021-07-04 08:51 - 2020-05-08 07:52 - 000000059 _____ C:\Users\Lenovo\Desktop\Password Tealover.txt
2021-07-04 08:49 - 2021-07-04 08:50 - 117464857 _____ C:\Users\Lenovo\Downloads\steller Data Recovery.rar
2021-07-04 08:05 - 2021-07-04 19:32 - 000000000 ____D C:\Users\Lenovo\Desktop\testdisk-7.0
2021-07-04 08:05 - 2021-07-04 08:05 - 012444088 _____ C:\Users\Lenovo\Downloads\testdisk-7.0.win.zip
2021-07-04 08:02 - 2021-07-04 08:02 - 000000000 ____D C:\Users\Lenovo\Desktop\ShadowExplorerPortable-0.9
2021-07-04 08:02 - 2021-07-04 08:02 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\www.shadowexplorer.com
2021-07-04 07:57 - 2021-07-04 07:57 - 000137737 _____ C:\Users\Lenovo\Downloads\ShadowExplorer-0.9-portable.zip
2021-07-04 07:53 - 2021-07-04 07:53 - 001182144 _____ (Emsisoft Ltd.) C:\Users\Lenovo\Downloads\decrypt_STOPDjvu(1).exe
2021-07-04 07:36 - 2021-07-04 07:36 - 000003326 _____ C:\Windows\System32\Tasks\GridinSoft Anti-Malware
2021-07-04 07:34 - 2021-07-04 07:34 - 001182144 _____ (Emsisoft Ltd.) C:\Users\Lenovo\Downloads\decrypt_STOPDjvu.exe
2021-07-04 07:34 - 2021-07-04 07:34 - 000001138 _____ C:\Users\Public\Desktop\GridinSoft Anti-Malware.lnk
2021-07-04 07:34 - 2021-07-04 07:34 - 000000000 ____D C:\ProgramData\GridinSoft
2021-07-04 07:34 - 2021-07-04 07:34 - 000000000 ____D C:\Program Files\GridinSoft Anti-Malware
2021-07-04 07:32 - 2021-07-04 07:32 - 000989584 _____ (GridinSoft LLC) C:\Users\Lenovo\Downloads\install-antimalware-fix.exe
2021-07-04 05:09 - 2021-07-04 05:09 - 000008633 _____ C:\Users\Lenovo\Desktop\Contractor.xlsx
2021-07-04 05:01 - 2021-07-04 05:01 - 000008915 _____ C:\Users\Lenovo\Desktop\Consultants.xlsx
2021-07-04 04:47 - 2021-07-04 04:47 - 000008478 _____ C:\Users\Lenovo\Desktop\Labourers.xlsx
2021-07-04 04:41 - 2021-07-04 04:43 - 000008395 _____ C:\Users\Lenovo\Desktop\Clients.xlsx
2021-07-04 04:24 - 2021-07-04 04:24 - 000003718 _____ C:\Windows\System32\Tasks\Firefox Default Browser Agent 67A18EBB626C7A0E
2021-07-03 02:01 - 2021-07-04 04:26 - 001257869 _____ C:\Users\Lenovo\Downloads\RII_PPT,_Report_fomat.zip.neer
2021-07-02 04:27 - 2021-07-04 04:26 - 072871291 _____ C:\Users\Lenovo\Downloads\WE [v1.1.174].rar.neer
2021-07-02 04:19 - 2021-07-04 04:26 - 051579258 _____ C:\Users\Lenovo\Downloads\2489627541_nigth_stars_by_just_mikke.zip.neer
2021-07-02 04:14 - 2021-07-04 07:46 - 000000000 ____D C:\Users\Lenovo\Desktop\New folder (2)
2021-07-02 04:14 - 2021-07-04 07:46 - 000000000 ____D C:\Users\Lenovo\Desktop\New folder
2021-07-02 04:13 - 2021-07-04 04:26 - 073377813 _____ C:\Users\Lenovo\Downloads\2168062727_torii_road_parallax_effect_in_4k.zip.neer
2021-07-02 04:13 - 2021-07-04 04:26 - 027247582 _____ C:\Users\Lenovo\Downloads\2110592745_3d_spider_man_into_the_spider_verse_leap_of_faith_what_s_up_danger.zip.neer
2021-07-02 02:43 - 2021-07-02 02:43 - 000001152 _____ C:\Users\Public\Desktop\Lively Wallpaper.lnk
2021-07-02 02:22 - 2021-07-04 04:26 - 048709326 _____ C:\Users\Lenovo\Downloads\windowsdesktop-runtime-3.1.16-win-x86.exe
2021-07-02 02:22 - 2021-07-04 04:26 - 023529094 _____ C:\Users\Lenovo\Downloads\dotnet-runtime-3.1.16-win-x86.exe
2021-07-02 02:22 - 2021-07-02 02:22 - 000000000 _____ C:\Users\Lenovo\Downloads\windowsdesktop-runtime-3.1.16-win-x86.exe.neer
2021-07-02 02:22 - 2021-07-02 02:22 - 000000000 _____ C:\Users\Lenovo\Downloads\dotnet-runtime-3.1.16-win-x86.exe.neer
2021-07-01 02:59 - 2021-07-01 03:00 - 000000000 ____D C:\Users\Lenovo\AppData\LocalLow\gC9tT2iQ3s
2021-07-01 02:59 - 2021-07-01 02:59 - 000000000 ____D C:\Users\Lenovo\AppData\LocalLow\iK0eK1lK3k
2021-06-30 22:34 - 2021-06-30 22:34 - 000000000 ____D C:\Users\Lenovo\AppData\Local\FonePaw
2021-06-30 22:31 - 2021-06-30 22:31 - 000002088 _____ C:\Users\Public\Desktop\AppTrans.lnk
2021-06-30 22:31 - 2021-06-30 22:31 - 000000000 ____D C:\Users\Lenovo\AppData\Local\iMobie
2021-06-30 22:31 - 2017-12-08 14:25 - 000798520 _____ C:\Windows\SysWOW64\vulkan-1.dll
2021-06-30 22:31 - 2017-12-08 14:25 - 000490808 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2021-06-30 22:31 - 2017-12-08 14:24 - 000928568 _____ C:\Windows\System32\vulkan-1.dll
2021-06-30 22:31 - 2017-12-08 14:24 - 000591672 _____ C:\Windows\System32\vulkaninfo.exe
2021-06-30 22:30 - 2021-07-01 03:14 - 005396638 _____ C:\Users\Lenovo\Downloads\apptrans-pro-en-setup.exe.neer
2021-06-30 21:28 - 2021-06-30 21:28 - 000000000 ____D C:\Users\Lenovo\AppData\Local\FoneDog
2021-06-30 21:26 - 2021-07-01 03:14 - 001738510 _____ C:\Users\Lenovo\Downloads\fonedog-android-toolkit.exe.neer
2021-06-30 21:26 - 2021-06-30 21:26 - 000000000 ____D C:\Program Files\FoneDog
2021-06-30 21:17 - 2021-07-01 03:14 - 030129198 _____ C:\Users\Lenovo\Downloads\disk-drill-win.exe.neer
2021-06-30 20:42 - 2021-06-30 20:42 - 000000000 ____D C:\Users\Lenovo\AppData\Local\uts
2021-06-30 20:41 - 2021-06-30 22:32 - 000000000 ____D C:\Program Files (x86)\Kingo ROOT
2021-06-30 20:38 - 2021-06-30 20:57 - 019129014 _____ C:\Users\Lenovo\Downloads\android_root.exe.neer
2021-06-30 20:33 - 2021-06-30 20:57 - 001790550 _____ C:\Users\Lenovo\Downloads\android-data-recovery.exe.neer
2021-06-30 20:33 - 2021-06-30 20:57 - 001790550 _____ C:\Users\Lenovo\Downloads\android-data-recovery.exe
2021-06-30 20:33 - 2021-06-30 20:33 - 000000000 ____D C:\Program Files (x86)\FonePaw
2021-06-30 20:32 - 2021-06-30 20:32 - 000000000 ____D C:\Users\Lenovo\AppData\Local\iMobie_Inc
2021-06-30 20:31 - 2021-06-30 22:31 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\iMobie
2021-06-30 20:30 - 2021-07-01 03:05 - 000000000 ____D C:\Program Files (x86)\iMobie
2021-06-30 20:29 - 2021-06-30 20:57 - 001357438 _____ C:\Users\Lenovo\Downloads\phonerescue-android-en-setup.exe.neer
2021-06-30 20:03 - 2021-06-30 20:03 - 000001109 _____ C:\Users\Lenovo\_readme.txt
2021-06-30 20:02 - 2021-06-30 20:02 - 000000000 ____D C:\SystemID
2021-06-30 20:01 - 2021-07-04 07:46 - 000000000 ____D C:\Users\Lenovo\Documents\VlcpVideoV1.0.1
2021-06-30 20:01 - 2021-07-04 07:33 - 000000000 ____D C:\Program Files (x86)\Company
2021-06-30 20:01 - 2021-06-30 20:01 - 000000000 ____H C:\BIT24AA.tmp
2021-06-30 20:01 - 2021-06-30 20:01 - 000000000 ____D C:\Program Files\temp_files
2021-06-30 20:00 - 2021-07-04 07:34 - 000000000 ___HD C:\Users\Lenovo\AppData\Roaming\WinHost
2021-06-30 20:00 - 2021-06-30 20:00 - 001564823 _____ C:\ProgramData\5968
2021-06-30 20:00 - 2021-06-30 20:00 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Yandex
2021-06-30 19:53 - 2021-06-30 19:53 - 000000016 _____ C:\ProgramData\mntemp
2021-06-30 19:51 - 2021-06-30 22:31 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\Wondershare
2021-06-30 19:46 - 2021-06-30 20:57 - 001000374 _____ C:\Users\Lenovo\Downloads\drfone_recover_setup_full3366.exe.neer
2021-06-30 19:46 - 2021-06-07 20:50 - 001728480 _____ (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01009.dll
2021-06-30 19:46 - 2021-06-07 20:50 - 001009632 _____ (Microsoft Corporation) C:\Windows\System32\WinUSBCoInstaller2.dll
2021-06-30 19:44 - 2021-06-30 20:57 - 001805358 _____ C:\Users\Lenovo\Downloads\ultdata-android.exe.neer
2021-06-30 06:43 - 2021-06-30 06:43 - 000107784 _____ (GridinSoft LLC) C:\Windows\System32\Drivers\gsInetSecurity.sys
2021-06-30 06:43 - 2021-06-30 06:43 - 000038216 _____ (GridinSoft LLC) C:\Windows\System32\Drivers\gtkdrv.sys
2021-06-27 11:05 - 2021-06-27 11:05 - 000003362 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3421330294-541237824-4174931949-1001
2021-06-26 03:02 - 2021-06-26 03:02 - 000000000 ____D C:\Windows\System32\Tasks\Agent Activation Runtime
2021-06-26 03:01 - 2021-06-26 03:01 - 000000000 ____D C:\Windows\Panther
2021-06-25 11:48 - 2021-06-25 11:48 - 000000000 ____D C:\Windows\System32\Tasks\Mozilla
2021-06-24 10:36 - 2021-06-26 03:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2021-06-08 01:58 - 2021-06-30 20:57 - 159976411 _____ C:\Users\Lenovo\Downloads\engine_5.mp4.neer
2021-06-08 01:54 - 2021-06-30 20:57 - 015710050 _____ C:\Users\Lenovo\Downloads\1160682576.zip.neer
2021-06-08 01:40 - 2021-06-30 20:57 - 014360615 _____ C:\Users\Lenovo\Downloads\gas-mask-neon-with-crow-desktop-live-wallpaper.mp4.neer
2021-06-07 10:31 - 2021-06-07 10:31 - 000000812 _____ C:\Users\Public\Desktop\Assassin's Creed IV Black Flag.lnk
2021-06-07 10:12 - 2021-06-07 10:12 - 000000762 _____ C:\Users\Public\Desktop\Assassin's Creed II.lnk
2021-06-07 09:30 - 2021-06-30 20:57 - 000023308 _____ C:\Users\Lenovo\Downloads\Download-Assassins-Creed-II-[topxgame.com]-PrT2N.torrent.neer
2021-06-07 08:43 - 2021-06-07 10:21 - 000000000 ____D C:\Windows\SysWOW64\directx
2021-06-07 08:01 - 2021-06-30 20:57 - 000015164 _____ C:\Users\Lenovo\Downloads\Assassin-s_Creed_IV_Black_Flag_t1.torrent.neer
2021-06-07 07:48 - 2021-06-30 20:57 - 000021136 _____ C:\Users\Lenovo\Downloads\Assassins-Creed-II-Mod-Pack-RUS-ENG-Repack.rar.neer
2021-06-07 07:39 - 2021-06-07 07:39 - 000000000 ____D C:\Users\Lenovo\AppData\LocalLow\uTorrent

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-05 21:43 - 2019-12-07 01:14 - 000028672 _____ C:\Windows\System32\config\BCD-Template
2021-07-05 03:49 - 2021-03-31 22:35 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-07-05 03:49 - 2019-12-07 01:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-07-05 03:49 - 2019-12-07 01:03 - 000524288 _____ C:\Windows\System32\config\BBI
2021-07-05 03:49 - 2017-05-05 18:49 - 000000000 ____D C:\ProgramData\NVIDIA
2021-07-05 03:46 - 2021-03-31 22:35 - 000004210 _____ C:\Windows\System32\Tasks\CCleaner Update
2021-07-05 03:28 - 2021-03-31 22:25 - 000000000 ____D C:\Windows\System32\SleepStudy
2021-07-05 02:35 - 2017-08-17 21:29 - 000253856 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2021-07-04 23:58 - 2021-03-31 22:35 - 000005204 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for FRIDAY-Lenovo FRIDAY.PVF
2021-07-04 20:38 - 2019-12-07 01:13 - 000000000 ____D C:\Windows\INF
2021-07-04 20:07 - 2017-05-05 18:50 - 000000000 ____D C:\ProgramData\Intel
2021-07-04 13:19 - 2017-08-03 01:11 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\discord
2021-07-04 12:33 - 2017-07-27 22:25 - 000000000 ____D C:\Users\Lenovo\AppData\LocalLow\Mozilla
2021-07-04 12:23 - 2019-01-30 02:02 - 000000000 ____D C:\ProgramData\Mozilla
2021-07-04 11:30 - 2021-03-31 22:35 - 000004168 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E754714F-7964-413F-8366-59850B162197}
2021-07-04 08:48 - 2017-03-18 13:03 - 000000795 _____ C:\Windows\System32\Drivers\etc\hosts old
2021-07-04 08:05 - 2021-03-31 22:39 - 000840598 _____ C:\Windows\System32\PerfStringBackup.INI
2021-07-04 07:58 - 2021-03-31 22:25 - 000008192 ___SH C:\DumpStack.log.tmp
2021-07-04 07:58 - 2020-05-17 12:06 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-07-04 07:58 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\ServiceState
2021-07-04 07:58 - 2017-07-18 18:22 - 000000000 __SHD C:\Users\Lenovo\IntelGraphicsProfiles
2021-07-04 07:48 - 2019-11-15 09:58 - 000000000 ____D C:\Users\Lenovo\New folder
2021-07-04 07:48 - 2017-07-27 05:44 - 000000000 ____D C:\Users\Lenovo\vmlogs
2021-07-04 07:48 - 2017-07-22 02:04 - 000000000 ____D C:\Users\Lenovo\opera autoupdate
2021-07-04 07:48 - 2017-07-18 18:24 - 000000000 __RDL C:\Users\Lenovo\OneDrive
2021-07-04 07:47 - 2018-06-23 08:44 - 000000000 ____D C:\Users\Lenovo\Downloads\Assassins.Creed.Rogue.CODEX
2021-07-04 07:46 - 2021-05-31 19:24 - 000000000 ____D C:\Users\Lenovo\BentleyDownloads
2021-07-04 07:46 - 2021-05-03 01:24 - 000000000 ____D C:\Users\Lenovo\Desktop\Taskbar
2021-07-04 07:46 - 2021-02-07 04:12 - 000000000 ____D C:\Users\Lenovo\Desktop\SEM 7
2021-07-04 07:46 - 2020-04-14 08:06 - 000000000 ____D C:\Users\Lenovo\Desktop\Sketches
2021-07-04 07:46 - 2020-02-10 21:10 - 000000000 ____D C:\Users\Lenovo\Desktop\SEM 6th
2021-07-04 07:46 - 2019-04-22 03:04 - 000000000 ____D C:\Users\Lenovo\Documents\WWE2K19
2021-07-04 07:46 - 2018-11-13 22:02 - 000000000 ____D C:\Users\Lenovo\Documents\Assassin's Creed Unity
2021-07-04 07:46 - 2018-06-16 02:21 - 000000000 ____D C:\Users\Lenovo\Documents\Assassin's Creed IV Black Flag
2021-07-04 07:46 - 2017-09-28 22:57 - 000000000 ____D C:\Users\Lenovo\Desktop\GAMES
2021-07-04 07:46 - 2017-09-18 12:32 - 000000000 __SHD C:\Users\Lenovo\Desktop\PV STUFF
2021-07-04 07:46 - 2017-07-29 06:01 - 000000000 ____D C:\Users\Lenovo\Documents\Prototype
2021-07-04 07:46 - 2017-07-27 03:45 - 000000000 ____D C:\Users\Lenovo\Desktop\ODJADJOAJD
2021-07-04 07:46 - 2017-07-22 02:42 - 000000000 ____D C:\Users\Lenovo\Documents\Far Cry 3
2021-07-04 07:46 - 2017-07-19 11:28 - 000000000 ____D C:\Users\Lenovo\Desktop\Wallpaper
2021-07-04 07:45 - 2021-03-31 12:43 - 000000000 ____D C:\users\Lenovo
2021-07-04 07:45 - 2020-05-08 13:05 - 000000000 ____D C:\Users\Lenovo\.BigNox
2021-07-04 07:45 - 2017-07-27 05:45 - 000000000 ____D C:\Users\Lenovo\.android
2021-07-04 07:45 - 2017-07-27 05:16 - 000000000 ____D C:\Users\Lenovo\.TianTianVM
2021-07-04 07:45 - 2017-07-25 05:59 - 000000000 ____D C:\Users\Lenovo\.gimp-2.8
2021-07-04 07:43 - 2017-08-20 07:36 - 000000000 ____D C:\Intel_Drivers
2021-07-04 07:43 - 2017-07-22 02:14 - 000000000 ____D C:\Gaming Mouse
2021-07-04 07:43 - 2017-07-18 18:29 - 000000000 ____D C:\KMPlayer
2021-07-04 07:40 - 2017-08-01 06:13 - 000000000 ____D C:\AdwCleaner
2021-07-04 06:42 - 2017-07-18 18:22 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Packages
2021-07-04 04:46 - 2018-05-02 05:55 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Discord
2021-07-04 04:32 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\AppReadiness
2021-07-02 04:08 - 2021-04-01 08:45 - 000003386 _____ C:\Windows\System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d726c086646b65
2021-07-02 04:08 - 2021-03-31 22:35 - 000003480 _____ C:\Windows\System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-07-02 02:43 - 2021-05-03 01:00 - 000000000 ____D C:\Program Files (x86)\Lively Wallpaper
2021-07-02 02:36 - 2017-05-05 18:46 - 000000000 ____D C:\ProgramData\Package Cache
2021-07-02 02:33 - 2021-05-03 01:01 - 000000000 ____D C:\Program Files (x86)\dotnet
2021-07-01 03:07 - 2017-07-23 03:15 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\Skype
2021-07-01 03:06 - 2019-05-18 22:16 - 000000000 ____D C:\Users\Lenovo\Documents\GRIFFIN Gaming Mouse
2021-07-01 03:05 - 2017-05-05 18:30 - 000000000 ____D C:\Program Files\mcafee
2021-06-30 22:31 - 2017-08-16 05:06 - 000000000 ____D C:\ProgramData\Wondershare
2021-06-30 21:00 - 2017-07-18 18:22 - 000000000 ____D C:\Users\Lenovo\AppData\Local\VirtualStore
2021-06-30 20:57 - 2021-06-05 02:18 - 000491319 _____ C:\Users\Lenovo\Downloads\170904228endsemL1.pdf.neer
2021-06-30 20:57 - 2021-06-05 00:33 - 009950456 _____ C:\Users\Lenovo\Downloads\is.875.3.1987 (only map)(1).pdf.neer
2021-06-30 20:57 - 2021-06-05 00:32 - 009950456 _____ C:\Users\Lenovo\Downloads\is.875.3.1987 (only map).pdf.neer
2021-06-30 20:57 - 2021-06-04 21:56 - 000211399 _____ C:\Users\Lenovo\Downloads\170904228 A8L1.pdf.neer
2021-06-30 20:57 - 2021-06-04 06:32 - 000515091 _____ C:\Users\Lenovo\Downloads\170904228 A7L1.pdf.neer
2021-06-30 20:57 - 2021-06-03 21:52 - 008855722 _____ C:\Users\Lenovo\Downloads\OneDrive_1_6-4-2021.zip.neer
2021-06-30 20:57 - 2021-06-03 19:02 - 000388013 _____ C:\Users\Lenovo\Downloads\Scan 4 Jun 2021.pdf.neer
2021-06-30 20:57 - 2021-06-03 19:02 - 000382460 _____ C:\Users\Lenovo\Downloads\170904128 assign5.pdf.neer
2021-06-30 20:57 - 2021-06-02 23:37 - 000616187 _____ C:\Users\Lenovo\Downloads\170904228 A4L1.pdf.neer
2021-06-30 20:57 - 2021-06-02 13:12 - 000201026 _____ C:\Users\Lenovo\Downloads\170904228 A3L1.pdf.neer
2021-06-30 20:57 - 2021-06-01 22:36 - 000419696 _____ C:\Users\Lenovo\Downloads\170904228 A2L1.pdf.neer
2021-06-30 20:57 - 2021-05-30 02:54 - 000000000 ____D C:\Users\Lenovo\Documents\STAAD Foundation Advanced
2021-06-30 20:57 - 2021-05-06 22:37 - 000890929 _____ C:\Users\Lenovo\Downloads\MID TERM REPORT OF 8TH SEMESTER PROJECT.pptx.neer
2021-06-30 20:57 - 2021-05-06 21:02 - 000266590 _____ C:\Users\Lenovo\Downloads\MIDTERM REPORT.docx.neer
2021-06-30 20:57 - 2021-05-04 06:25 - 000757336 _____ C:\Users\Lenovo\Downloads\FINAL REPORT_MID TERM.pdf.neer
2021-06-30 20:57 - 2021-05-04 05:35 - 001335483 _____ C:\Users\Lenovo\Downloads\8th SEM Project.docx.neer
2021-06-30 20:57 - 2021-05-03 01:15 - 042717486 _____ C:\Users\Lenovo\Downloads\amatista-studio_4-cosmic-dreams.mp4.neer
2021-06-30 20:57 - 2021-05-03 01:15 - 027799495 _____ C:\Users\Lenovo\Downloads\amatista-studio_7-halo.mp4.neer
2021-06-30 20:57 - 2021-05-03 01:14 - 008948427 _____ C:\Users\Lenovo\Downloads\amatista-studio_37-doomsday.mp4.neer
2021-06-30 20:57 - 2021-05-03 00:59 - 198778237 _____ C:\Users\Lenovo\Downloads\lively_setup_x86_full_v1400.exe.neer
2021-06-30 20:57 - 2021-05-03 00:58 - 001944238 _____ C:\Users\Lenovo\Downloads\TaskbarX_1.6.9.0_x64.zip.neer
2021-06-30 20:57 - 2021-04-30 01:18 - 001011223 _____ C:\Users\Lenovo\Downloads\Zamani_2021_IOP_Conf._Ser.__Earth_Environ._Sci._682_012049(1).pdf.neer
2021-06-30 20:57 - 2021-04-30 01:18 - 000288485 _____ C:\Users\Lenovo\Downloads\(ASCE)ME.1943-5479.0000906 (1).pdf.neer
2021-06-30 20:57 - 2021-04-30 01:17 - 000766468 _____ C:\Users\Lenovo\Downloads\Biswas_2021_J._Phys.__Conf._Ser._1797_012054.pdf.neer
2021-06-30 20:57 - 2021-04-30 01:16 - 001011223 _____ C:\Users\Lenovo\Downloads\Zamani_2021_IOP_Conf._Ser.__Earth_Environ._Sci._682_012049.pdf.neer
2021-06-30 20:57 - 2021-04-30 01:15 - 002114893 _____ C:\Users\Lenovo\Downloads\ijerph-18-01559-v2.pdf.neer
2021-06-30 20:57 - 2021-04-30 01:15 - 000178549 _____ C:\Users\Lenovo\Downloads\Majumder-Biswas2021_Chapter_COVID-19ImpactsConstructionInd.pdf.neer
2021-06-30 20:57 - 2021-04-30 01:15 - 000047687 _____ C:\Users\Lenovo\Downloads\Biswas_2021_J._Phys.__Conf._Ser._1797_012054.docx.neer
2021-06-30 20:57 - 2021-04-28 02:54 - 003355107 _____ C:\Users\Lenovo\Downloads\Industrial training report ppt.pptx.neer
2021-06-30 20:57 - 2021-04-27 03:58 - 000191024 _____ C:\Users\Lenovo\Downloads\Pile notes 2.jpeg.neer
2021-06-30 20:57 - 2021-04-27 03:58 - 000113186 _____ C:\Users\Lenovo\Downloads\Pile notes1 (1).jpeg.neer
2021-06-30 20:57 - 2021-04-27 02:09 - 002600218 _____ C:\Users\Lenovo\Downloads\1134369_UoP_Walkthrough_Mod_0.3.5_Extended_Fulgrim.zip.neer
2021-06-30 20:57 - 2021-04-26 07:35 - 000153999 _____ C:\Users\Lenovo\Downloads\pdf2doc.zip.neer
2021-06-30 20:57 - 2021-04-26 07:31 - 001904190 _____ C:\Users\Lenovo\Downloads\intenship certificate.pdf.neer
2021-06-30 20:57 - 2021-02-14 10:22 - 000237921 _____ C:\Users\Lenovo\Downloads\CK7mod.rar.neer
2021-06-30 20:57 - 2021-02-14 00:37 - 001771078 _____ C:\Users\Lenovo\Downloads\SteamSetup.exe.neer
2021-06-30 20:57 - 2021-02-14 00:33 - 004033423 _____ C:\Users\Lenovo\Downloads\SteamUI(1).zip.neer
2021-06-30 20:57 - 2021-02-13 23:49 - 004728957 _____ C:\Users\Lenovo\Downloads\steamui.zip.neer
2021-06-30 20:57 - 2021-02-13 01:56 - 034857158 _____ C:\Users\Lenovo\Downloads\MEGAsyncSetup64.exe.neer
2021-06-30 20:57 - 2020-09-13 07:05 - 000033612 _____ C:\Users\Lenovo\Downloads\B123S88ApplicationForm(1).pdf.neer
2021-06-30 20:57 - 2020-09-13 07:01 - 000032943 _____ C:\Users\Lenovo\Downloads\B123S88ApplicationForm.pdf.neer
2021-06-30 20:57 - 2020-09-08 04:46 - 004498102 _____ C:\Users\Lenovo\Downloads\547-Precast Concrete Structures.pdf.neer
2021-06-30 20:57 - 2020-05-08 12:31 - 386404798 _____ C:\Users\Lenovo\Downloads\nox_setup_v6.6.0.6_full_intl.exe.neer
2021-06-30 20:57 - 2020-04-24 01:24 - 016008415 _____ C:\Users\Lenovo\Downloads\zoom-us-zoom.apk.neer
2021-06-30 20:57 - 2020-04-24 01:24 - 011359862 _____ C:\Users\Lenovo\Downloads\ZoomInstaller.exe.neer
2021-06-30 20:57 - 2020-04-24 01:20 - 003072950 _____ C:\Users\Lenovo\Downloads\zoom-us-zoom_2419489021.exe.neer
2021-06-30 20:57 - 2020-04-10 06:29 - 000000428 _____ C:\Users\Lenovo\Downloads\citation-316685501.txt.neer
2021-06-30 20:57 - 2019-12-20 11:20 - 000055463 _____ C:\Users\Lenovo\Downloads\503847_game.zip.neer
2021-06-30 20:57 - 2019-11-30 10:07 - 000001593 _____ C:\Users\Lenovo\Downloads\fan_patch.zip.neer
2021-06-30 20:57 - 2019-11-20 08:39 - 003659544 _____ C:\Users\Lenovo\Downloads\air-pollution-by-mn-raopdf_e12c251.zip.neer
2021-06-30 20:57 - 2019-11-20 08:37 - 018144732 _____ C:\Users\Lenovo\Downloads\kupdf.net_air-pollution-by-mn-rao-n-hvn-rao.pdf.neer
2021-06-30 20:57 - 2019-11-20 08:36 - 019272991 _____ C:\Users\Lenovo\Downloads\M N Rao, H V N Rao - Air Pollution (2007, Tata McGraw-Hill).pdf.neer
2021-06-30 20:57 - 2019-10-26 23:02 - 000256890 _____ C:\Users\Lenovo\Untitled.jpg.neer
2021-06-30 20:57 - 2019-10-26 23:01 - 001190617 _____ C:\Users\Lenovo\Untitled.jpg.png.neer
2021-06-30 20:57 - 2019-05-06 08:09 - 000065169 _____ C:\Users\Lenovo\Downloads\FOTM-CheatMenu-01-cldd.zip.neer
2021-06-30 20:57 - 2019-05-01 06:52 - 006176379 _____ C:\Users\Lenovo\Downloads\Calculus of Variation_Eeshan(1).pdf.neer
2021-06-30 20:57 - 2019-04-26 09:08 - 002926009 _____ C:\Users\Lenovo\Downloads\303543_my_4.0_walkthrough.rar.neer
2021-06-30 20:57 - 2019-04-20 22:34 - 023936881 _____ C:\Users\Lenovo\Downloads\Analysis of Indeterminate Structures_Eeshan.pdf.neer
2021-06-30 20:57 - 2019-04-19 02:34 - 000241525 _____ C:\Users\Lenovo\Downloads\WWE.2K19.v1.04.incl.DLC.torrent.neer
2021-06-30 20:57 - 2019-04-15 07:50 - 006176379 _____ C:\Users\Lenovo\Downloads\Calculus of Variation_Eeshan.pdf.neer
2021-06-30 20:57 - 2019-04-06 10:29 - 001843420 _____ C:\Users\Lenovo\Downloads\patch0.8.zip.neer
2021-06-30 20:57 - 2019-04-06 03:13 - 085769880 _____ C:\Users\Lenovo\Downloads\Applied Surveying_Eeshan.pdf.neer
2021-06-30 20:57 - 2019-04-06 01:22 - 005155558 _____ C:\Users\Lenovo\Downloads\WebpCodecSetup(1).exe.neer
2021-06-30 20:57 - 2019-04-05 03:45 - 005155558 _____ C:\Users\Lenovo\Downloads\WebpCodecSetup.exe.neer
2021-06-30 20:57 - 2019-04-05 03:22 - 000171989 _____ C:\Users\Lenovo\Downloads\276156_ICpatch.rar.neer
2021-06-30 20:57 - 2019-04-03 19:33 - 003778913 _____ C:\Users\Lenovo\Downloads\REDRAGON_GRIFFIN_Gaming_Mouse_20171113.rar.neer
2021-06-30 20:57 - 2019-03-29 02:10 - 000013596 _____ C:\Users\Lenovo\Downloads\267274_Walkthrough_v2.zip.neer
2021-06-30 20:57 - 2019-03-23 10:26 - 014513692 _____ C:\Users\Lenovo\Downloads\Indecent Desires - the Game - v003.pdf.neer
2021-06-30 20:57 - 2019-03-13 23:36 - 005251545 _____ C:\Users\Lenovo\Downloads\PL_LainsWalkthroughMod_v0-10.zip.neer
2021-06-30 20:57 - 2019-03-13 23:28 - 000344679 _____ C:\Users\Lenovo\Downloads\252281_game.rar.neer
2021-06-30 20:57 - 2019-03-08 21:17 - 000015199 _____ C:\Users\Lenovo\Downloads\My Sister, My Roommate [v12] + Chrunched + IncPatch.torrent.neer
2021-06-30 20:57 - 2019-03-05 02:52 - 000708678 _____ C:\Users\Lenovo\Downloads\Walkthrough_Vers_0.07.pdf.neer
2021-06-30 20:57 - 2019-02-13 02:57 - 063392478 _____ C:\Users\Lenovo\Downloads\OriginThinSetup.exe.neer
2021-06-30 20:57 - 2019-01-06 01:02 - 000000346 _____ C:\Users\Lenovo\Patient no..txt.neer
2021-06-30 20:57 - 2018-12-31 21:50 - 000001204 _____ C:\Users\Lenovo\Downloads\lewd_patcher.rpyc.neer
2021-06-30 20:57 - 2018-12-24 21:58 - 000001586 _____ C:\Users\Lenovo\Downloads\patch.rpy.neer
2021-06-30 20:57 - 2018-12-15 06:26 - 000007996 _____ C:\Users\Lenovo\Downloads\148737_Jessie-04-win.zip.torrent.neer
2021-06-30 20:57 - 2018-12-03 22:57 - 002114442 _____ C:\Users\Lenovo\Downloads\saves.zip.neer
2021-06-30 20:57 - 2018-12-03 22:52 - 000723606 _____ C:\Users\Lenovo\Downloads\SpotifySetup.exe.neer
2021-06-30 20:57 - 2018-11-16 03:38 - 017108586 _____ C:\Users\Lenovo\Downloads\RYSE.SOR.V1.0.ALL.CODEX.NODVD.ZIPd.neer
2021-06-30 20:57 - 2018-11-13 10:56 - 022398714 _____ C:\Users\Lenovo\Downloads\NEED.FOR.SPEED.R.V1.3.0.0.ALL.RELOADED.NODVD.ZIPd.neer
2021-06-30 20:57 - 2018-11-09 04:45 - 003268430 _____ C:\Users\Lenovo\Downloads\MossX64.exe.neer
2021-06-30 20:57 - 2018-11-08 22:11 - 000000771 _____ C:\Users\Lenovo\Downloads\131277_130870_rel_rest.rpy.neer
2021-06-30 20:57 - 2018-10-28 09:27 - 000188268 _____ C:\Users\Lenovo\Downloads\Melody_-_v0.06_Walkthrough_FINAL.pdf.neer
2021-06-30 20:57 - 2018-10-28 08:30 - 001376590 _____ C:\Users\Lenovo\Downloads\Melody-006-ExtrasIncluded-pc-crunched(1).7z.part.neer
2021-06-30 20:57 - 2018-10-25 21:40 - 000002656 _____ C:\Users\Lenovo\Downloads\ep5_walkthrough.txt.neer
2021-06-30 20:57 - 2018-10-25 09:39 - 021594446 _____ C:\Users\Lenovo\Downloads\FILF-08a_BETA-pc.rar.part.neer
2021-06-30 20:57 - 2018-10-25 09:27 - 000169762 _____ C:\Users\Lenovo\Downloads\Drawing2.dwg.neer
2021-06-30 20:57 - 2018-10-22 11:58 - 000362146 _____ C:\Users\Lenovo\Downloads\Walkthrough_Acting_Lessons_Ep6(1).pdf.neer
2021-06-30 20:57 - 2018-10-16 21:33 - 000014186 _____ C:\Users\Lenovo\Downloads\161709_FF_v0.11-ic-patch-v0.7(1).rpy.neer
2021-06-30 20:57 - 2018-10-08 22:39 - 016795150 _____ C:\Users\Lenovo\Downloads\ccsetup547pro.exe.neer
2021-06-30 20:57 - 2018-10-08 02:57 - 014064654 _____ C:\Users\Lenovo\Downloads\NordVPNSetup.exe.neer
2021-06-30 20:57 - 2018-09-23 02:09 - 062650078 _____ C:\Users\Lenovo\Downloads\SpotifyFullSetup.exe.neer
2021-06-30 20:57 - 2018-09-21 21:53 - 000362146 _____ C:\Users\Lenovo\Downloads\Walkthrough_Acting_Lessons_Ep6.pdf.neer
2021-06-30 20:57 - 2018-09-17 20:51 - 000014186 _____ C:\Users\Lenovo\Downloads\161709_FF_v0.11-ic-patch-v0.7.rpy.neer
2021-06-30 20:57 - 2018-09-06 07:19 - 003248462 _____ C:\Users\Lenovo\Downloads\OldExecutable.bak.neer
2021-06-30 20:57 - 2018-09-06 06:42 - 001756358 _____ C:\Users\Lenovo\Downloads\2018-09-06_082403_523441109_703326380.zip.neer
2021-06-30 20:57 - 2018-09-05 11:29 - 000046532 _____ C:\Users\Lenovo\Downloads\157159_Assembly-CSharp.zip.neer
2021-06-30 20:57 - 2018-09-02 03:50 - 019304418 _____ C:\Users\Lenovo\Downloads\surveying and levelling N N BASAK- By EasyEngineering.net.pdf.neer
2021-06-30 20:57 - 2018-09-02 01:21 - 002866681 _____ C:\Users\Lenovo\Downloads\Surveying-notes-pdf.pdf.neer
2021-06-30 20:57 - 2018-08-30 23:24 - 054554111 _____ C:\Users\Lenovo\Downloads\A_Text_Book_of_Fluid_Mechanics_and_Hydra.pdf.neer
2021-06-30 20:57 - 2018-08-29 06:33 - 008440338 _____ C:\Users\Lenovo\Downloads\Strength of Materials by S K Mondal.pdf.neer
2021-06-30 20:57 - 2018-08-23 08:07 - 000000434 _____ C:\Users\Lenovo\Downloads\Epic Games Account Two-Factor backup codes.txt.neer
2021-06-30 20:57 - 2018-08-23 01:18 - 000033457 _____ C:\Users\Lenovo\Downloads\Invoice.pdf.neer
2021-06-30 20:57 - 2018-08-18 12:03 - 337482556 _____ C:\Users\Lenovo\Downloads\HolidayIslands-Episode1-V8-pc.zip.neer
2021-06-30 20:57 - 2018-08-16 11:39 - 000012769 _____ C:\Users\Lenovo\Downloads\148623_FF_v0.10-ic-patch-v0.6.rpy.neer
2021-06-30 20:57 - 2018-07-28 11:47 - 284942863 _____ C:\Users\Lenovo\Downloads\mCkaNP.zip.neer
2021-06-30 20:57 - 2018-07-20 01:09 - 000008260 _____ C:\Users\Lenovo\Downloads\BQHyXfk.htm.neer
2021-06-30 20:57 - 2018-07-15 23:02 - 007893170 _____ C:\Users\Lenovo\Downloads\124792_saves.rar.neer
2021-06-30 20:57 - 2018-07-15 23:02 - 006067484 _____ C:\Users\Lenovo\Downloads\108198_saves.rar.neer
2021-06-30 20:57 - 2018-07-15 22:44 - 000002612 _____ C:\Users\Lenovo\Downloads\135992_update.rpyc.neer
2021-06-30 20:57 - 2018-07-09 19:49 - 000130273 _____ C:\Users\Lenovo\Downloads\Untitled.png.neer
2021-06-30 20:57 - 2018-06-09 01:15 - 000001228 _____ C:\Users\Lenovo\Downloads\DoD_zzkill_uncensor_patch(1).zip.neer
2021-06-30 20:57 - 2018-06-08 20:36 - 028795518 _____ C:\Users\Lenovo\Downloads\MEGAsyncSetup.exe.neer
2021-06-30 20:57 - 2018-06-08 07:53 - 136130179 _____ C:\Users\Lenovo\Downloads\dfd_ch9_09 - Copy.7z.neer
2021-06-30 20:57 - 2018-06-08 07:53 - 000484344 _____ C:\Users\Lenovo\Downloads\112204_DFD_BackUp - Copy.zip.neer
2021-06-30 20:57 - 2018-06-08 07:53 - 000186507 _____ C:\Users\Lenovo\Downloads\114924_Walkthrough_-_v0.18 - Copy.pdf.neer
2021-06-30 20:57 - 2018-06-01 06:03 - 000217983 _____ C:\Users\Lenovo\Downloads\DfD_chapter_2_backup.dat.neer
2021-06-30 20:57 - 2018-05-28 00:10 - 000579633 _____ C:\Users\Lenovo\Downloads\AttachmentB.Tech...pdf.neer
2021-06-30 20:57 - 2018-05-24 00:13 - 000602087 _____ C:\Users\Lenovo\Downloads\54862_College_Life_v0.0.9_Walkthrough.pdf.neer
2021-06-30 20:57 - 2018-05-21 07:37 - 000560324 _____ C:\Users\Lenovo\Downloads\call-of-duty-ghost.rar.neer
2021-06-30 20:57 - 2018-05-20 02:59 - 000207636 _____ C:\Users\Lenovo\Downloads\Walkthrough v0.1.1b(1).pdf.neer
2021-06-30 20:57 - 2018-05-07 23:24 - 000283349 _____ C:\Users\Lenovo\Downloads\107707_1-1-LT1.save.neer
2021-06-30 20:57 - 2018-05-03 09:47 - 032375118 _____ C:\Users\Lenovo\Downloads\EpicInstaller-7.9.2-fortnite-ebffb3af86e049a88e0846013792d828.msi.neer
2021-06-30 20:57 - 2018-05-02 05:52 - 060074662 _____ C:\Users\Lenovo\Downloads\DiscordSetup(3).exe.neer
2021-06-30 20:57 - 2018-04-26 11:09 - 021817734 _____ C:\Users\Lenovo\Downloads\MW3_v1.4.382_Full_Patch_mpgh.net.rar.neer
2021-06-30 20:57 - 2018-04-26 10:29 - 006350650 _____ C:\Users\Lenovo\Downloads\pollution(2).pptx.neer
2021-06-30 20:57 - 2018-04-26 00:16 - 006953377 _____ C:\Users\Lenovo\Downloads\361428677-Principles-of-Environmental-Sci-P-Venugopala-Rao.pdf.neer
2021-06-30 20:57 - 2018-04-26 00:16 - 006350650 _____ C:\Users\Lenovo\Downloads\pollution.pptx.neer
2021-06-30 20:57 - 2018-04-26 00:16 - 006350650 _____ C:\Users\Lenovo\Downloads\pollution(1).pptx.neer
2021-06-30 20:57 - 2018-04-19 05:02 - 008309926 _____ C:\Users\Lenovo\Downloads\netlimiter-4.0.35.0.exe.neer
2021-06-30 20:57 - 2018-04-15 03:15 - 001342582 _____ C:\Users\Lenovo\Downloads\93916_MyCuteCousin0.6.1WT.pdf.neer
2021-06-30 20:57 - 2018-04-15 01:22 - 754582443 _____ C:\Users\Lenovo\Downloads\My_cute_cousin-061ex-win.zip.neer
2021-06-30 20:57 - 2018-04-13 08:03 - 000879524 _____ C:\Users\Lenovo\Downloads\LAPLACE TRANSFORMS -full.pdf.neer
2021-06-30 20:57 - 2018-04-13 08:03 - 000762152 _____ C:\Users\Lenovo\Downloads\Multiple Integrals.pdf.neer
2021-06-30 20:57 - 2018-04-13 08:03 - 000640275 _____ C:\Users\Lenovo\Downloads\PARTIAL DIFFERENTIATION.pdf.neer
2021-06-30 20:57 - 2018-04-13 08:03 - 000632484 _____ C:\Users\Lenovo\Downloads\Infinite Series.pdf.neer
2021-06-30 20:57 - 2018-04-13 08:03 - 000563614 _____ C:\Users\Lenovo\Downloads\maxima and minima.pdf.neer
2021-06-30 20:57 - 2018-04-13 08:03 - 000495604 _____ C:\Users\Lenovo\Downloads\Beta Gamma Functins Material.pdf.neer
2021-06-30 20:57 - 2018-04-13 08:03 - 000363888 _____ C:\Users\Lenovo\Downloads\Sphere.pdf.neer
2021-06-30 20:57 - 2018-04-13 08:03 - 000099255 _____ C:\Users\Lenovo\Downloads\Triple Integral.pdf.neer
2021-06-30 20:57 - 2018-04-12 00:08 - 000207636 _____ C:\Users\Lenovo\Downloads\Walkthrough v0.1.1b.pdf.neer
2021-06-30 20:57 - 2018-04-10 01:13 - 030410814 _____ C:\Users\Lenovo\Downloads\Nahimic+2.5.29.exe.neer
2021-06-30 20:57 - 2018-04-09 06:51 - 000006819 _____ C:\Users\Lenovo\Downloads\BIology -Assignment 4.pdf.neer
2021-06-30 20:57 - 2018-04-08 03:11 - 139611054 _____ C:\Users\Lenovo\Downloads\WhatsAppSetup.exe.neer
2021-06-30 20:57 - 2018-04-02 06:31 - 003248765 _____ C:\Users\Lenovo\Downloads\synergy_steam_skin.zip.neer
2021-06-30 20:57 - 2018-04-02 06:28 - 001411184 _____ C:\Users\Lenovo\Downloads\ROCCAT-v1-skin.rar.neer
2021-06-30 20:57 - 2018-03-29 03:43 - 001653177 _____ C:\Users\Lenovo\Downloads\Autoruns.zip.neer
2021-06-30 20:57 - 2018-03-29 02:55 - 000095956 _____ C:\Users\Lenovo\Downloads\6(1).dwt.neer
2021-06-30 20:57 - 2018-02-19 00:54 - 034312639 _____ C:\Users\Lenovo\Downloads\Pin-ups and special renders_A.zip.neer
2021-06-30 20:57 - 2018-02-19 00:51 - 000575582 _____ C:\Users\Lenovo\Downloads\73838_Dreams_of_Desire_Episode_1-10_Walkthrough.pdf.neer
2021-06-30 20:57 - 2018-02-19 00:50 - 000001228 _____ C:\Users\Lenovo\Downloads\DoD_zzkill_uncensor_patch.zip.neer
2021-06-30 20:57 - 2018-02-18 05:06 - 000199037 _____ C:\Users\Lenovo\Downloads\80606_Timestamps-Bugfix0.0.3.3.rar.neer
2021-06-30 20:57 - 2018-02-15 00:55 - 000173963 _____ C:\Users\Lenovo\Downloads\79367_DMD_Walkthrough_-_v0.17.pdf.neer
2021-06-30 20:57 - 2018-02-15 00:46 - 000988174 _____ C:\Users\Lenovo\Downloads\imusic-win_setup_full2400(1).exe.neer
2021-06-30 20:57 - 2018-02-15 00:45 - 000988174 _____ C:\Users\Lenovo\Downloads\imusic-win_setup_full2400.exe.neer
2021-06-30 20:57 - 2018-02-14 22:49 - 006021038 _____ C:\Users\Lenovo\Downloads\netlimiter-4.0.33.0.exe.neer
2021-06-30 20:57 - 2018-02-02 21:37 - 000000536 _____ C:\Users\Lenovo\Cortex Command.url.neer
2021-06-30 20:57 - 2018-01-28 02:44 - 009386026 _____ C:\Users\Lenovo\Downloads\Forza Horizon 3.exe.neer
2021-06-30 20:57 - 2018-01-09 08:47 - 057955142 _____ C:\Users\Lenovo\Downloads\DiscordSetup(2).exe.neer
2021-06-30 20:57 - 2018-01-03 22:53 - 039314270 _____ C:\Users\Lenovo\Downloads\Coinoto Setup 1.1.1.exe.neer
2021-06-30 20:57 - 2018-01-03 07:47 - 000000374 _____ C:\Users\Lenovo\Downloads\BigBrother_v0120005.rar.neer
2021-06-30 20:57 - 2017-12-28 22:47 - 001861638 _____ C:\Users\Lenovo\Downloads\WGBSetup.exe.neer
2021-06-30 20:57 - 2017-12-28 22:45 - 163540046 _____ C:\Users\Lenovo\Downloads\RazerCortexSetup_8.4.17.561.exe.neer
2021-06-30 20:57 - 2017-12-21 01:09 - 001035814 _____ C:\Users\Lenovo\Downloads\vxlsetup.exe.neer
2021-06-30 20:57 - 2017-12-21 01:05 - 055009134 _____ C:\Users\Lenovo\Downloads\vcs_diamond.exe.neer
2021-06-30 20:57 - 2017-12-17 21:37 - 039234366 _____ C:\Users\Lenovo\Downloads\MSIAfterburnerSetup.zip.neer
2021-06-30 20:57 - 2017-12-17 21:32 - 003449670 _____ C:\Users\Lenovo\Downloads\AVG_Performance_709.exe.neer
2021-06-30 20:57 - 2017-12-12 20:23 - 001189691 _____ C:\Users\Lenovo\Downloads\saeko_theme_4abd3.zip.neer
2021-06-30 20:57 - 2017-12-12 20:23 - 001059143 _____ C:\Users\Lenovo\Downloads\black_rock_shooter_theme_v2.rar.neer
2021-06-30 20:57 - 2017-12-12 20:12 - 000950273 _____ C:\Users\Lenovo\Downloads\space.stskin.neer
2021-06-30 20:57 - 2017-12-12 20:12 - 000545799 _____ C:\Users\Lenovo\Downloads\Steam Futuristic.stskin.neer
2021-06-30 20:57 - 2017-12-12 20:09 - 000876163 _____ C:\Users\Lenovo\Downloads\Digitally_Unmastered_v2.0.zip.neer
2021-06-30 20:57 - 2017-12-11 09:29 - 000007341 _____ C:\Users\Lenovo\Downloads\nihal.cfg.neer
2021-06-30 20:57 - 2017-11-24 19:45 - 007595140 _____ C:\Users\Lenovo\Downloads\Grandtheft_feat._Delaney_Jane_-_Easy_Go_Original_Mix_(mp3.pm).mp3.neer
2021-06-30 20:57 - 2017-11-10 23:31 - 000000538 ____H C:\Users\Lenovo\Downloads\SOLIDS 17.dwl2.neer
2021-06-30 20:57 - 2017-11-10 23:31 - 000000388 ____H C:\Users\Lenovo\Downloads\SOLIDS 17.dwl.neer
2021-06-30 20:57 - 2017-10-05 22:02 - 332276542 _____ C:\Users\Lenovo\Downloads\ACRO9_Win_WEB_WWEFG.exe.neer
2021-06-30 20:57 - 2017-10-01 20:55 - 041191135 _____ C:\Users\Lenovo\Downloads\com.tdo.showbox_4.94-104.apk.neer
2021-06-30 20:57 - 2017-08-20 09:56 - 004982098 _____ C:\Users\Lenovo\Downloads\Imagination.themepack.neer
2021-06-30 20:57 - 2017-08-17 11:52 - 008185622 _____ C:\Users\Lenovo\Downloads\adwcleaner_7.0.1.0 (2).exe.neer
2021-06-30 20:57 - 2017-08-12 21:16 - 034051094 _____ C:\Users\Lenovo\Downloads\Firefox Setup 55.0.1.exe.neer
2021-06-30 20:57 - 2017-08-12 21:15 - 000246086 _____ C:\Users\Lenovo\Downloads\Firefox Installer.exe.neer
2021-06-30 20:57 - 2017-08-10 00:26 - 000172293 _____ C:\Users\Lenovo\Downloads\BB walthrough 0.6(2).pdf.neer
2021-06-30 20:57 - 2017-08-09 18:14 - 039473574 _____ C:\Users\Lenovo\Downloads\KMPlayer_4.2.1.4.exe.neer
2021-06-30 20:57 - 2017-08-06 08:30 - 006312166 _____ C:\Users\Lenovo\Downloads\SoundBoosterSetup.exe.neer
2021-06-30 20:57 - 2017-08-04 06:10 - 000382409 _____ C:\Users\Lenovo\Downloads\ilovepdf_jpg_to_pdf(6).pdf.neer
2021-06-30 20:57 - 2017-08-04 06:09 - 000213233 _____ C:\Users\Lenovo\Downloads\ilovepdf_jpg_to_pdf(5).pdf.neer
2021-06-30 20:57 - 2017-08-04 06:05 - 000187482 _____ C:\Users\Lenovo\Downloads\ilovepdf_jpg_to_pdf(4).pdf.neer
2021-06-30 20:57 - 2017-08-04 06:04 - 000502438 _____ C:\Users\Lenovo\Downloads\ilovepdf_jpg_to_pdf(2).pdf.neer
2021-06-30 20:57 - 2017-08-04 06:04 - 000239744 _____ C:\Users\Lenovo\Downloads\ilovepdf_jpg_to_pdf(3).pdf.neer
2021-06-30 20:57 - 2017-08-04 06:02 - 000096724 _____ C:\Users\Lenovo\Downloads\ilovepdf_jpg_to_pdf(1).pdf.neer
2021-06-30 20:57 - 2017-08-04 06:00 - 000269585 _____ C:\Users\Lenovo\Downloads\ilovepdf_jpg_to_pdf.pdf.neer
2021-06-30 20:57 - 2017-08-03 00:58 - 052554062 _____ C:\Users\Lenovo\Downloads\DiscordSetup(1).exe.neer
2021-06-30 20:57 - 2017-08-02 06:13 - 076156942 _____ C:\Users\Lenovo\Downloads\UplayInstaller.exe.neer
2021-06-30 20:57 - 2017-08-01 06:13 - 065034318 _____ C:\Users\Lenovo\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe.neer
2021-06-30 20:57 - 2017-08-01 06:13 - 008185622 _____ C:\Users\Lenovo\Downloads\adwcleaner_7.0.1.0.exe.neer
2021-06-30 20:57 - 2017-07-31 07:51 - 000015739 _____ C:\Users\Lenovo\Downloads\qLimAxzU19_Last_TCM_cfg.zip.neer
2021-06-30 20:57 - 2017-07-30 20:58 - 000202664 _____ C:\Users\Lenovo\Downloads\remote.zip.neer
2021-06-30 20:57 - 2017-07-30 02:46 - 005596951 _____ C:\Users\Lenovo\Downloads\UserBenchMark.exe.neer
2021-06-30 20:57 - 2017-07-29 02:18 - 000208434 _____ C:\Users\Lenovo\Downloads\16 - Road Rage - Franklin D. Roosevelt Drive, East River, NY.zip.neer
2021-06-30 20:57 - 2017-07-29 02:14 - 004273195 _____ C:\Users\Lenovo\Downloads\Crysis_2_HiResTexture_Pack.exe.part.neer
2021-06-30 20:57 - 2017-07-28 05:15 - 001733438 _____ C:\Users\Lenovo\Downloads\uTorrent.exe.neer
2021-06-30 20:57 - 2017-07-27 05:12 - 290530518 _____ C:\Users\Lenovo\Downloads\nox_setup_v5.0.0.0_full_intl.exe.neer
2021-06-30 20:57 - 2017-07-27 03:57 - 061349924 _____ C:\Users\Lenovo\Downloads\Shield+OS+Rainmeter+Skins+&+Themes+by+TechnologyMind.rar.neer
2021-06-30 20:57 - 2017-07-27 03:12 - 000087900 _____ C:\Users\Lenovo\Downloads\translucenttaskbar_1_2_by_arkenthera-dausz1z.rmskin.neer
2021-06-30 20:57 - 2017-07-27 03:11 - 193757416 _____ C:\Users\Lenovo\Downloads\hi_tech_desktop_v2_0__rainmeter__by_anahad2002-daligpz.rmskin.neer
2021-06-30 20:57 - 2017-07-27 02:22 - 002277510 _____ C:\Users\Lenovo\Downloads\Rainmeter-4.1-r2824-beta.exe.neer
2021-06-30 20:57 - 2017-07-27 02:04 - 052554062 _____ C:\Users\Lenovo\Downloads\DiscordSetup.exe.neer
2021-06-30 20:57 - 2017-07-27 01:40 - 261024406 _____ C:\Users\Lenovo\Downloads\iTunes64Setup.exe.neer
2021-06-30 20:57 - 2017-07-25 09:04 - 000025515 _____ C:\Users\Lenovo\Downloads\17437790_237322456743425_531993379634937856_n.jpg.neer
2021-06-30 20:57 - 2017-07-25 06:51 - 000058340 _____ C:\Users\Lenovo\Downloads\19424778_280450549085909_5579894427175878656_n.jpg.neer
2021-06-30 20:57 - 2017-07-25 06:14 - 012477166 _____ C:\Users\Lenovo\Downloads\texture-1395982.jpg.neer
2021-06-30 20:57 - 2017-07-25 05:00 - 001516841 _____ C:\Users\Lenovo\Downloads\IMG_20170720_160008.jpg.neer
2021-06-30 20:57 - 2017-07-25 05:00 - 001440475 _____ C:\Users\Lenovo\Downloads\IMG_20170720_155836.jpg.neer
2021-06-30 20:57 - 2017-07-25 05:00 - 001384286 _____ C:\Users\Lenovo\Downloads\IMG_20170720_155843.jpg.neer
2021-06-30 20:57 - 2017-07-25 04:54 - 089580006 _____ C:\Users\Lenovo\Downloads\gimp-2.8.22-setup.exe.neer
2021-06-30 20:57 - 2017-07-22 02:33 - 016016661 _____ C:\Users\Lenovo\Downloads\GHOST.RECON.FS.V1.0.ALL.SKIDROW.NODVD.ZIPd.neer
2021-06-30 20:57 - 2017-07-22 02:32 - 001355073 _____ C:\Users\Lenovo\Downloads\IMG_20170720_073229.pdf.neer
2021-06-30 20:57 - 2017-07-22 02:20 - 001497820 _____ C:\Users\Lenovo\Downloads\IMG_20170720_073212.pdf.neer
2021-06-30 20:57 - 2017-07-22 02:20 - 001320870 _____ C:\Users\Lenovo\Downloads\IMG_20170720_073054.pdf.neer
2021-06-30 20:57 - 2017-07-22 02:18 - 001302382 _____ C:\Users\Lenovo\Downloads\IMG_20170720_073114.pdf.neer
2021-06-30 20:57 - 2017-07-22 02:18 - 001302382 _____ C:\Users\Lenovo\Downloads\IMG_20170720_073114 (1).pdf.neer
2021-06-30 20:57 - 2017-07-18 23:51 - 012016526 _____ C:\Users\Lenovo\Downloads\Razer Cursors.zip.neer
2021-06-30 20:57 - 2017-07-18 23:50 - 001543724 _____ C:\Users\Lenovo\Downloads\dim_v3_0___technoblue_by_theblueguy07-d6618jv.zip.neer
2021-06-30 20:57 - 2017-07-18 23:50 - 001472412 _____ C:\Users\Lenovo\Downloads\night_diamond_v2_0___ruby_red_by_theblueguy07-d4fxlfo.zip.neer
2021-06-30 20:57 - 2017-07-18 23:50 - 000082749 _____ C:\Users\Lenovo\Downloads\radium_two_color_by_bingxueling.rar.neer
2021-06-30 20:57 - 2017-07-18 22:58 - 000037357 _____ C:\Users\Lenovo\battery-report.html.neer
2021-06-30 20:57 - 2017-07-18 20:49 - 001130662 _____ C:\Users\Lenovo\Downloads\ChromeSetup.exe.neer
2021-06-30 20:12 - 2017-12-17 21:38 - 000000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2021-06-30 20:03 - 2021-03-31 11:28 - 000000000 ___HD C:\$WinREAgent
2021-06-30 20:03 - 2021-02-14 06:58 - 000000000 ____D C:\Riot Games
2021-06-30 20:03 - 2019-11-21 15:13 - 000000000 ___HD C:\OneDriveTemp
2021-06-30 20:03 - 2017-10-20 09:16 - 000000000 ____D C:\Autodesk
2021-06-30 20:03 - 2017-05-05 20:06 - 000000000 ____D C:\Applications
2021-06-30 20:03 - 2017-05-05 18:29 - 000000000 ___HD C:\UserGuidePDF
2021-06-30 20:02 - 2021-03-31 22:25 - 000535744 _____ C:\Windows\System32\FNTCACHE.DAT
2021-06-30 19:58 - 2017-08-16 05:00 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2021-06-26 07:32 - 2021-02-11 11:04 - 000000000 ____D C:\ProgramData\Riot Games
2021-06-26 03:04 - 2018-08-13 08:27 - 000000000 ____D C:\Users\Lenovo\AppData\Local\D3DSCache
2021-06-26 03:01 - 2017-08-12 21:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-06-25 16:30 - 2019-02-13 03:00 - 000000000 ____D C:\Program Files (x86)\Origin
2021-06-25 16:03 - 2017-10-20 09:19 - 000000000 ____D C:\Program Files\Autodesk
2021-06-25 15:59 - 2019-12-07 01:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-06-25 15:59 - 2018-04-08 03:20 - 000000000 ____D C:\Users\Lenovo\AppData\Local\WhatsApp
2021-06-25 15:58 - 2017-10-20 09:20 - 000000000 ____D C:\Program Files (x86)\Autodesk
2021-06-25 15:58 - 2017-10-20 09:17 - 000000000 ____D C:\ProgramData\Autodesk
2021-06-22 11:08 - 2017-07-23 02:59 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\RenPy
2021-06-10 12:57 - 2020-10-29 04:28 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-06-08 02:04 - 2021-05-30 01:41 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Bentley
2021-06-07 11:39 - 2017-07-28 05:16 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\uTorrent
2021-06-07 09:26 - 2019-04-19 05:41 - 000000000 ____D C:\Users\Lenovo\AppData\Local\BitTorrentHelper
2021-06-07 07:37 - 2017-07-22 02:20 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-06-07 07:23 - 2017-08-01 22:59 - 000000000 ____D C:\Users\Lenovo\AppData\Local\ElevatedDiagnostics
2021-06-07 07:15 - 2017-07-22 02:21 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Ubisoft Game Launcher
2021-06-07 07:08 - 2019-02-13 02:58 - 000000000 ____D C:\ProgramData\Origin
2021-06-07 07:07 - 2019-02-13 02:58 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Origin
2021-06-07 06:54 - 2017-07-29 01:50 - 000000000 ____D C:\ProgramData\Ubisoft
2021-06-07 06:52 - 2017-07-22 13:21 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\Ubisoft

==================== KnownDLLs (Whitelisted) =========================

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\dllhost.exe => MD5 is legit
C:\Windows\SysWOW64\dllhost.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============

==================== Restore Points =========================

==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 16259.16 MB
Available physical RAM: 14694.69 MB
Total Virtual: 16259.16 MB
Available Virtual: 14727 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:118 GB) (Free:34.22 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:463.87 GB) (Free:119.33 GB) NTFS
Drive f: (TYAGA_1) (Removable) (Total:3.76 GB) (Free:3.75 GB) FAT32
Drive g: (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.51 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.49 GB) (Free:0.49 GB) NTFS
Drive y: (LENOVO) (Fixed) (Total:467.52 GB) (Free:88.77 GB) NTFS

\\?\Volume{028eb289-d689-4ae1-912b-a908ff74fb87}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: F65D6C6C)

Partition: GPT.

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 119.2 GB) (Disk ID: 5254BD3F)

Partition: GPT.

==========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 3.8 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=3.8 GB) - (Type=0B)
==================== End of FRST.txt ========================
 
#12 ·
Hi, Raj1231.

Taking a look in your log, no surprise you got infected. Patch things, pro programs probably not legally activated, torrents...

Let's see what we can do.

1. Prepare a FIX

Using the healthy computer


On the healthy computer you used before, open a notepad window (Start > All Programs > Accessories > Notepad), copy and paste the following code in it, and name it as fixlist.txt. Change the Save as Type to All Files and save it in the USB drive where the FRST64 is.

Be careful to select the whole content of the code below.

Code:
HKU\Lenovo\...\Policies\Explorer: []
Startup: C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Coinoto.lnk [2018-01-03]
ShortcutTarget: Coinoto.lnk -> C:\windows\system32\config\systemprofile\AppData\Local\Programs\Coinoto\Coinoto.exe (No File)
Startup: C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2018-05-17]
ShortcutTarget: MEGAsync.lnk -> C:\windows\system32\config\systemprofile\AppData\Local\MEGAsync\MEGAsync.exe (No File)
GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {1CCB3D4A-A39D-4678-86A4-0676E224E1FF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-16] (Adobe Inc. -> Adobe)
Task: {39A16FAB-4384-4405-86E2-447ABFE2A3A4} - \Trans the Dead Storage demo -> No File <==== ATTENTION
Task: {4BE40475-039E-410D-8CAF-8D50D65094F8} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-16] (Adobe Inc. -> Adobe)
Task: {7132A806-C067-459E-BA4F-B387685B6304} - System32\Tasks\Microsoft\Windows\Multimedia\Driver => C:\Users\Lenovo\AppData\Roaming\Windows_x64_nheqminer-5c\nheqminer.exe -> -l zec-eu1.nanopool.org:6666 -u t1PNAHGdyDAhsdMT1ysFxFrshBZv5MayhsJ/C:\Users\Lenovo\AppData\Roaming -p x -t 7
Task: {8D6F70C2-EE4D-4443-BD0A-DCC065C3E675} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {DCD5D676-C497-4FBD-ACD6-AAB3D5D81797} - System32\Tasks\Firefox Default Browser Agent 67A18EBB626C7A0E => C:\Users\Lenovo\AppData\Roaming\wbcther.exe <==== ATTENTION
S2 DFWSIDService; C:\Program Files (x86)\Wondershare\drfone\WsidService.exe [X]
S2 ElevationService; C:\Program Files (x86)\Wondershare\drfone\Addins\Recovery\ElevationService.exe [X]
S2 HiPatchService; E:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [X]
S3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [X]
S2 McAfee WebAdvisor; "C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe" [X]
C:\Windows\SysWOW64\Macromed
C:\Users\Lenovo\AppData\Roaming\Windows_x64_nheqminer-5c
C:\Users\Lenovo\AppData\Roaming\wbcther.exe
C:\Users\Lenovo\AppData\LocalLow\gC9tT2iQ3s
C:\Windows\System32\Drivers\gsInetSecurity.sys
C:\Users\Lenovo\AppData\LocalLow\uTorrent
C:\Users\Lenovo\AppData\Roaming\uTorrent
C:\Users\Lenovo\AppData\Local\BitTorrentHelper
emptytemp:
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system.

2. Enter System Recovery Options

Using the faulty computer:
  • Start by shutting down your computer.
  • Press on the power button on the case to turn it on.
  • After the computer is about 3 - 5 seconds into the boot-up process, hold down the power button to shut down the computer.
  • Repeat the above process once again.
  • For the third time, turn on the computer and allow it to boot up.
  • If you completed the process correctly, a message saying Preparing Automatic Repair should appear.
  • In a few seconds, another message will appear stating Diagnosing your PC and Automatic Repair will open.
  • When you reach the Automatic Repair screen, click on Advanced Options.
  • At the next screen, select Troubleshoot.
  • When you see the next screen, select Advanced Options.
  • You will get the following options:
    • Startup Repair
    • Startup Settings
    • Command Prompt
    • Uninstall Updates
    • System Restore
    • System Image Recovery
  • Select Command Prompt.

Run FRST FIX from the Command Prompt
  1. In the black window that will open, called command prompt, type notepad and press on Enter.
  2. Notepad will open. Click on the File menu and select Open.
  3. Click on Computer, find the letter for your USB Flash Drive, then close the window and Notepad.
  4. In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe) and press on Enter. As I told you before, run both of them if you are unsure about the architecture (x32 or x64) of your computer. Only the right one will run. IMPORTANT: Replace the letter e with the drive letter of your USB Flash Drive.
  5. FRST will open.
  6. Click on Yes to accept the disclaimer.
  7. Click on the FIX button and wait for the scan to complete.
  8. A log called fixlog.txt will be saved on your USB Flash Drive.

3. Provide the fixlog.txt

Using the healthy computer:

Insert the USB drive, open the fixlog.txt, copy its content and paste it here, in your next reply.

4. Try to boot in Windows

Try to boot normally in Windows using the faulty computer and report back.

In your next reply please post:
  1. The fixlog.txt
  2. Can you boot normally using the faulty computer?
 
#13 ·
Nope cannot boot in to windows normally sill showing the same problem.

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-07-2021
Ran by SYSTEM (07-07-2021 10:54:55) Run:1
Running from F:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
HKU\Lenovo\...\Policies\Explorer: []
Startup: C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Coinoto.lnk [2018-01-03]
ShortcutTarget: Coinoto.lnk -> C:\windows\system32\config\systemprofile\AppData\Local\Programs\Coinoto\Coinoto.exe (No File)
Startup: C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2018-05-17]
ShortcutTarget: MEGAsync.lnk -> C:\windows\system32\config\systemprofile\AppData\Local\MEGAsync\MEGAsync.exe (No File)
GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {1CCB3D4A-A39D-4678-86A4-0676E224E1FF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-16] (Adobe Inc. -> Adobe)
Task: {39A16FAB-4384-4405-86E2-447ABFE2A3A4} - \Trans the Dead Storage demo -> No File <==== ATTENTION
Task: {4BE40475-039E-410D-8CAF-8D50D65094F8} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-16] (Adobe Inc. -> Adobe)
Task: {7132A806-C067-459E-BA4F-B387685B6304} - System32\Tasks\Microsoft\Windows\Multimedia\Driver => C:\Users\Lenovo\AppData\Roaming\Windows_x64_nheqminer-5c\nheqminer.exe -> -l zec-eu1.nanopool.org:6666 -u t1PNAHGdyDAhsdMT1ysFxFrshBZv5MayhsJ/C:\Users\Lenovo\AppData\Roaming -p x -t 7
Task: {8D6F70C2-EE4D-4443-BD0A-DCC065C3E675} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {DCD5D676-C497-4FBD-ACD6-AAB3D5D81797} - System32\Tasks\Firefox Default Browser Agent 67A18EBB626C7A0E => C:\Users\Lenovo\AppData\Roaming\wbcther.exe <==== ATTENTION
S2 DFWSIDService; C:\Program Files (x86)\Wondershare\drfone\WsidService.exe [X]
S2 ElevationService; C:\Program Files (x86)\Wondershare\drfone\Addins\Recovery\ElevationService.exe [X]
S2 HiPatchService; E:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [X]
S3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [X]
S2 McAfee WebAdvisor; "C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe" [X]
C:\Windows\SysWOW64\Macromed
C:\Users\Lenovo\AppData\Roaming\Windows_x64_nheqminer-5c
C:\Users\Lenovo\AppData\Roaming\wbcther.exe
C:\Users\Lenovo\AppData\LocalLow\gC9tT2iQ3s
C:\Windows\System32\Drivers\gsInetSecurity.sys
C:\Users\Lenovo\AppData\LocalLow\uTorrent
C:\Users\Lenovo\AppData\Local\BitTorrentHelper
emptytemp:
*****************

"HKU\Lenovo\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\" => not found
C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Coinoto.lnk => moved successfully
"C:\windows\system32\config\systemprofile\AppData\Local\Programs\Coinoto\Coinoto.exe" => not found
C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk => moved successfully
"C:\windows\system32\config\systemprofile\AppData\Local\MEGAsync\MEGAsync.exe" => not found
C:\Windows\System32\GroupPolicy\Machine => moved successfully
C:\Windows\System32\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1CCB3D4A-A39D-4678-86A4-0676E224E1FF} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CCB3D4A-A39D-4678-86A4-0676E224E1FF} => removed successfully
C:\Windows\System32\Tasks\Adobe Flash Player Updater => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{39A16FAB-4384-4405-86E2-447ABFE2A3A4} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39A16FAB-4384-4405-86E2-447ABFE2A3A4} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Trans the Dead Storage demo => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4BE40475-039E-410D-8CAF-8D50D65094F8} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BE40475-039E-410D-8CAF-8D50D65094F8} => removed successfully
C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player NPAPI Notifier => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7132A806-C067-459E-BA4F-B387685B6304} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7132A806-C067-459E-BA4F-B387685B6304} => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\Driver => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\Driver => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D6F70C2-EE4D-4443-BD0A-DCC065C3E675} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D6F70C2-EE4D-4443-BD0A-DCC065C3E675} => removed successfully
C:\Windows\System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DCD5D676-C497-4FBD-ACD6-AAB3D5D81797} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCD5D676-C497-4FBD-ACD6-AAB3D5D81797} => removed successfully
C:\Windows\System32\Tasks\Firefox Default Browser Agent 67A18EBB626C7A0E => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Firefox Default Browser Agent 67A18EBB626C7A0E => removed successfully
HKLM\System\ControlSet001\Services\DFWSIDService => removed successfully
DFWSIDService => service removed successfully
HKLM\System\ControlSet001\Services\ElevationService => removed successfully
ElevationService => service removed successfully
HKLM\System\ControlSet001\Services\HiPatchService => removed successfully
HiPatchService => service removed successfully
HKLM\System\ControlSet001\Services\iPod Service => removed successfully
iPod Service => service removed successfully
HKLM\System\ControlSet001\Services\McAfee WebAdvisor => removed successfully
McAfee WebAdvisor => service removed successfully
C:\Windows\SysWOW64\Macromed => moved successfully
"C:\Users\Lenovo\AppData\Roaming\Windows_x64_nheqminer-5c" => not found
"C:\Users\Lenovo\AppData\Roaming\wbcther.exe" => not found
C:\Users\Lenovo\AppData\LocalLow\gC9tT2iQ3s => moved successfully
C:\Windows\System32\Drivers\gsInetSecurity.sys => moved successfully
C:\Users\Lenovo\AppData\LocalLow\uTorrent => moved successfully
C:\Users\Lenovo\AppData\Local\BitTorrentHelper => moved successfully
emptytemp: => Error: This directive works only outside recovery mode.

==== End of Fixlog 10:54:55 ====
 
#14 ·
Hi.

You said that you tried some commands.

Please try these:

From Advanced Options select Command Prompt. Once you're in the command prompt window, type the following commands in the same sequence, followed by Enter each time:

bootrec.exe /rebuildbcd

bootrec.exe /fixmbr

bootrec.exe /fixboot

Try to start up and let me know the result.
 
#22 ·
Unfortunately I can't see what is written in the screenshots. The analysis is bad.

We will need a recovery disk or a media installation tool with Windows 10.

Here is Microsoft's page from where you can download the media creation tool and then create a bootable media with Windows 10. Make sure that you select the S option, as you mentioned that your version of Windows includes the S mode.
 
#23 ·
When i click on system restore it says "To use system restore you must specify which windows installation to restore. Restart this computer ...and select.."

I have a flashdrive with windows 10 media tool and i have tried booting with it and doing a startup repair, it didnt do anything
 
#26 ·
Well, in that case, you can do a custom install of the Windows operating system.

See here: How to: Perform a Custom Installation of Windows - Microsoft Community

According to the article:

One of the benefits of performing a Custom Install, your Windows installation can be archived. After setup is complete, you can recover personal files and application data from the Windows.old folder. Learn more about recovering your files from Windows.old:
Recover personal files from the Windows.old Folder such as Documents Pictures and Windows Live Mail Emails in Windows 10
 
#31 ·
Windows.old contains everything in the partition where Windows is installed. So, in the Windows.old folder you can find C files. Since you are going to select Custom install Windows only, the other drives won't be affected, as far as I can tell.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top