Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My computer is Infected [Solved]

ytbn removal

  • This topic is locked This topic is locked

#1
Nimosh

Nimosh

    Member

  • Member
  • PipPip
  • 14 posts
Hai, my computer is infected, these are the scan reports as in below, can anyone suggest me a fix?
 
 FRST 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-04-2021
Ran by User (administrator) on DESKTOP-BV3TRHD (Hewlett-Packard HP Pavilion 15 Notebook PC) (06-04-2021 11:56:56)
Running from D:\Downloads
Loaded Profiles: User & MSSQL$SQLEXPRESS
Platform: Windows 10 Pro Version 20H2 19042.867 (X64) Language: English (United States)
Default browser: Brave
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe <28>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(LAVASOFT SOFTWARE CANADA INC -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(LAVASOFT SOFTWARE CANADA INC -> Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GetHelp_10.2101.40482.0_x64__8wekyb3d8bbwe\GetHelp.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(philandro Software GmbH -> philandro Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.10078\office6\wpscenter.exe <2>
(Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.10078\office6\wpscloudsvr.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8505088 2020-07-23] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2020-07-23] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [VMonitorVMUVC] => C:\Program Files (x86)\Business Card Scanner Driver\VMUVC\VMonitor.exe [135168 2008-03-26] (Vimicro Corporation) [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\User\AppData\Local\Microsoft\Teams\Update.exe [2452664 2020-10-06] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5536424 2021-03-06] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\Run: [btweb] => C:\Users\User\AppData\Roaming\BitTorrent Web\btweb.exe [5894176 2021-03-24] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [8520168 2021-04-03] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft)
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\Run: [uwuxdhs] => "C:\Users\User\xzuatgq.exe"
HKLM\...\Print\Monitors\Card Printer Language Monitor: C:\WINDOWS\system32\CITPJLMON.DLL [24576 2014-07-30] (Windows ® Codename Longhorn DDK provider) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe [2021-03-31] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\89.1.22.71\Installer\chrmstp.exe [2021-04-03] (Brave Software, Inc. -> Brave Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2020-12-06]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {225D577B-C753-4AD0-B888-F0E7859B7181} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3395FED9-E909-434B-912F-76EBE2AB53A0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {4A11AE65-1F4E-40CE-9A02-0710EDBCA675} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {512FF518-5F96-40BF-B0B5-74B1D31A9273} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {56377CD2-D0DD-492C-885C-64026D0027C4} - System32\Tasks\WpsExternal_User_20210330132923 => C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.10078\office6\wpscloudsvr.exe [1666760 2021-03-30] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {5DFAF5B0-BF7A-4DBA-9AE7-81922A095B81} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {6AB4CF25-5A94-4A40-A339-0555D48107F8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7991A201-C8F8-4586-9418-050BB8B7202D} - System32\Tasks\WpsUpdateTask_User => C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.10078\office6\wpsupdate.exe [164552 2021-03-30] (Zhuhai Kingsoft Office Software Co., Ltd. -> )
Task: {8475A5F6-8F3F-44A3-9115-5FB387E61693} - System32\Tasks\Firefox Default Browser Agent 9DB9BE15D51E873E => C:\Users\User\AppData\Roaming\rffeuce.exe <==== ATTENTION
Task: {AB5A68D6-A9FB-4078-BE13-83FA491F2820} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-02-07] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {C8D41B55-075F-4F36-8EE1-07F1521F04C6} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-02-07] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {D04DF89F-C788-41FC-87D4-43D8123B02E7} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {E4113526-7BDC-4C7D-8803-FB5786E125B5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-23] (Google LLC -> Google LLC)
Task: {E69B7745-B774-4723-BE93-F25D05188466} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {FCF9A923-E89D-45FE-8841-8D09440BC237} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-23] (Google LLC -> Google LLC)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\WpsExternal_User_20210330132923.job => C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.10078\office6\wpscloudsvr.exe/wpscloudlaunch /run_plugin /plugin_name=ktaskschdtool /plugin_entry=ktaskschdtool.dll
Task: C:\WINDOWS\Tasks\WpsUpdateTask_User.job => C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.10078\office6\wpsupdate.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 4.4.4.4 213.42.20.20
Tcpip\..\Interfaces\{493b22a1-ae1b-4a70-bc87-c56b48e39f43}: [DhcpNameServer] 8.8.8.8 4.4.4.4 213.42.20.20
Tcpip\..\Interfaces\{4fd26666-d2e6-4f6e-afd7-6f09370194e2}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{8e572f95-a2a5-4287-b9be-6aaa30275010}: [DhcpNameServer] 8.8.8.8 4.4.4.4 213.42.20.20
 
Edge: 
=======
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-06]
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-07-21] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-03-06] (Adobe Inc. -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2021-04-06]
CHR Notifications: Default -> hxxps://uae.microless.com
CHR Extension: (Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-07-23]
CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-07-23]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-07]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-07-23]
CHR Extension: (Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-07-23]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-07]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-11]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2020-11-09]
CHR Extension: (d8yI+Hf7rX) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\iamogogldpiipekcpojlcdhmbhdjdocm [2020-11-09]
CHR HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [moihledlmchhofenpacbhphnbnpakgmo]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [moihledlmchhofenpacbhphnbnpakgmo]
 
Opera: 
=======
OPR Profile: C:\Users\User\AppData\Roaming\Opera Software\Opera Stable [2021-04-03]
OPR Extension: (book_helper) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\iamogogldpiipekcpojlcdhmbhdjdocm [2020-11-09]
 
Brave: 
=======
BRA Profile: C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-04-06]
BRA DownloadDir: D:\Downloads
BRA Notifications: Default -> hxxps://usersdrive.com
BRA Extension: (Google Translate) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-03-30]
BRA Extension: (Safe Torrent Scanner) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2021-04-03]
BRA Extension: (Adobe Acrobat) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-03-22]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2021-02-07]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2021-04-06]
BRA Extension: (Brave User Model Installer) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\emgmepnebbddgnkhfmhdhmjifkglkamo [2021-03-31]
BRA Extension: (Brave NTP sponsored images) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2021-04-06]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2021-02-07]
BRA Extension: (Brave User Model Installer) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\kkjipiepeooghlclkedllogndmohhnhi [2021-03-31]
BRA Extension: (Crypto Wallets) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\odbfpeeihdkbihmopkbjmoonfanlbfcl [2021-04-01]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2021-03-31]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE [106952 2020-07-23] (Andrea Electronics -> Andrea Electronics Corporation)
R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3743464 2021-03-09] (philandro Software GmbH -> philandro Software GmbH)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-02-07] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-02-07] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-04-06] (Malwarebytes Inc -> Malwarebytes)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [370368 2014-02-21] (Microsoft Corporation -> Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2014-02-21] (Microsoft Corporation -> Microsoft Corporation)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [28136 2021-04-03] (LAVASOFT SOFTWARE CANADA INC -> )
S3 wpscloudsvr; C:\ProgramData\Kingsoft\office6\wpscloudsvr.exe [1482496 2020-12-07] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-04-06] (Malwarebytes Inc -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220616 2021-04-06] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-04-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198248 2021-04-06] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-04-06] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-04-06] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [155360 2021-04-06] (Malwarebytes Inc -> Malwarebytes)
R2 NPF; C:\Windows\SysWOW64\drivers\npf64.sys [36600 2019-06-27] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S4 RsFx0300; C:\WINDOWS\System32\DRIVERS\RsFx0300.sys [247488 2014-02-21] (Microsoft Corporation -> Microsoft Corporation)
R3 rtbth; C:\WINDOWS\System32\drivers\rtbth.sys [1219200 2020-07-23] (MEDIATEK INC. -> Ralink Technology, Corp.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-03-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-31] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP Inc. -> HP)
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-04-06 11:43 - 2021-04-06 11:57 - 000000000 ____D C:\FRST
2021-04-06 11:36 - 2021-04-06 11:36 - 000198248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-04-06 11:36 - 2021-04-06 11:36 - 000155360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-04-06 11:36 - 2021-04-06 11:36 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-04-06 11:33 - 2021-04-06 11:47 - 000000000 ____D C:\Users\User\AppData\Local\2f23593d-ec2c-4d9e-8fc5-a69f819b2451
2021-04-06 11:16 - 2021-04-06 11:16 - 000000000 ____D C:\Users\User\AppData\Local\mbam
2021-04-06 11:15 - 2021-04-06 11:15 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-04-06 11:15 - 2021-04-06 11:15 - 000220616 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-04-06 11:15 - 2021-04-06 11:15 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-04-06 11:15 - 2021-04-06 11:15 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-04-06 11:15 - 2021-04-06 11:14 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-04-06 11:15 - 2021-04-06 11:14 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-04-06 11:14 - 2021-04-06 11:14 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-04-06 11:14 - 2021-04-06 11:14 - 000000000 ____D C:\Program Files\Malwarebytes
2021-04-04 21:41 - 2021-04-04 21:41 - 000000000 ____D C:\ProgramData\IA9AG6FE1D7ACYIM799YZQM1Q
2021-04-04 21:38 - 2021-04-06 11:31 - 000000000 ____D C:\Users\User\AppData\Local\b75cb07c-192b-435c-b87c-a425760c7f94
2021-04-04 18:53 - 2021-04-04 18:53 - 000000032 _____ C:\Users\User\AppData\Roaming\8f9b.8f9b
2021-04-04 18:42 - 2021-04-06 11:30 - 000000000 ____D C:\Users\User\AppData\Local\5a5cfc91-a0c3-43b3-8b48-529cd5216d2c
2021-04-04 18:42 - 2021-04-04 18:43 - 000000000 ____D C:\ProgramData\6TXJ26K014UQ06YMRM1ASO4S8
2021-04-04 14:17 - 2021-04-06 11:31 - 000000000 ____D C:\WINDOWS\system32\Tasks\Updates
2021-04-04 14:16 - 2021-04-06 11:34 - 000000000 ____D C:\Users\User\AppData\Local\6831f20e-20c5-491b-8882-f5c56e50bebb
2021-04-04 09:31 - 2021-04-04 09:31 - 000000000 ____D C:\Users\User\AppData\Local\BandLab_Singapore_Pte_Ltd
2021-04-03 13:47 - 2021-04-03 14:04 - 015560526 _____ C:\Users\User\xzuatgq.exe.ytbn
2021-04-03 13:36 - 2021-04-06 11:31 - 000000000 ____D C:\Users\User\AppData\Roaming\SqJeGrFCmhTziVRi
2021-04-03 13:29 - 2021-04-03 13:29 - 000001108 _____ C:\Users\User\_readme.txt
2021-04-03 13:18 - 2021-04-03 13:18 - 000000560 _____ C:\Users\User\AppData\Local\bowsakkdestx.txt
2021-04-03 13:18 - 2021-04-03 13:18 - 000000000 ____D C:\SystemID
2021-04-03 13:17 - 2021-04-03 13:17 - 000000000 ____D C:\ProgramData\NW8B66FAI9WSC78MOS0RKZSYG
2021-04-03 13:16 - 2021-04-06 10:42 - 000003720 _____ C:\WINDOWS\system32\Tasks\Firefox Default Browser Agent 9DB9BE15D51E873E
2021-04-03 13:16 - 2021-04-03 13:16 - 000000000 ____D C:\ProgramData\6WH32XI5IMFLDEKVRD456Z3YV
2021-04-03 13:14 - 2021-04-03 13:14 - 000000000 ____D C:\Users\User\AppData\Local\Lavasoft
2021-04-03 13:14 - 2021-04-03 13:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2021-04-03 13:13 - 2021-04-03 13:13 - 000000000 ____D C:\Users\User\AppData\Roaming\Lavasoft
2021-04-03 13:13 - 2021-04-03 13:13 - 000000000 ____D C:\ProgramData\Lavasoft
2021-04-03 13:13 - 2021-04-03 13:13 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2021-04-03 13:12 - 2021-04-03 13:16 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2021-04-03 13:12 - 2021-04-03 13:12 - 000000000 ____D C:\ProgramData\EGD0BH0V1K36W4YSKOLOXMVJV
2021-04-03 13:11 - 2021-04-06 11:34 - 000000000 ___HD C:\WINDOWS\rss
2021-04-03 13:11 - 2021-04-03 13:49 - 000000000 ____D C:\Users\User\Documents\VlcpVideoV1.0.1
2021-04-03 13:11 - 2021-04-03 13:15 - 000141296 _____ (Oracle Corporation) C:\Program Files\dcpr.dll
2021-04-03 13:11 - 2021-04-03 13:15 - 000015856 _____ C:\Program Files\jp2native.dll
2021-04-03 13:11 - 2021-04-03 13:15 - 000000199 _____ C:\Program Files\unins.vbs
2021-04-03 13:11 - 2021-04-03 13:11 - 000000000 ____D C:\Users\User\AppData\Roaming\Strenge
2021-04-03 13:11 - 2021-04-03 13:11 - 000000000 ____D C:\Program Files\javcse
2021-04-03 13:10 - 2021-04-03 13:10 - 000000000 ____D C:\Program Files (x86)\67e16a30-3df6-4d4c-a838-a81a8806dda3
2021-04-03 12:47 - 2021-04-03 12:47 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2021-04-03 12:22 - 2021-04-03 12:22 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2021-04-03 12:22 - 2021-04-03 12:22 - 000000000 ____D C:\Users\User\AppData\Local\EpicGamesLauncher
2021-04-03 12:22 - 2021-04-03 12:22 - 000000000 ____D C:\Users\User\AppData\Local\DBG
2021-04-03 12:22 - 2021-04-03 12:22 - 000000000 ____D C:\Users\User\AppData\Local\CrashReportClient
2021-04-03 10:55 - 2021-04-03 10:55 - 000001250 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects 2021.lnk
2021-04-03 10:55 - 2021-04-03 10:55 - 000001238 _____ C:\Users\User\Desktop\Adobe After Effects 2021.lnk
2021-04-03 10:55 - 2021-04-03 10:55 - 000000000 ____D C:\ProgramData\Documents\Adobe
2021-04-03 10:51 - 2021-04-03 10:51 - 000000000 ____D C:\ProgramData\Documents\AdobeInstalledCodecs
2021-04-03 08:58 - 2021-04-03 08:58 - 000000000 ____D C:\Users\User\Documents\Adobe
2021-04-01 19:46 - 2021-04-04 10:15 - 000000000 ____D C:\Users\User\AppData\Local\D3DSCache
2021-04-01 19:46 - 2021-04-03 10:55 - 000000000 ____D C:\Program Files\Common Files\Adobe
2021-04-01 19:46 - 2021-04-03 10:55 - 000000000 ____D C:\Program Files\Adobe
2021-04-01 11:46 - 2021-04-03 10:26 - 000000000 ____D C:\Users\User\AppData\Roaming\vlc
2021-04-01 11:43 - 2021-04-01 11:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2021-04-01 11:42 - 2021-04-01 11:42 - 000000000 ____D C:\Program Files\VideoLAN
2021-04-01 09:53 - 2021-04-01 09:53 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-04-01 09:52 - 2021-04-01 09:52 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-04-01 09:52 - 2021-04-01 09:52 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-04-01 09:52 - 2021-04-01 09:52 - 000480256 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-04-01 09:52 - 2021-04-01 09:52 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-04-01 09:52 - 2021-04-01 09:52 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-04-01 09:52 - 2021-04-01 09:52 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-04-01 09:52 - 2021-04-01 09:52 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-04-01 09:52 - 2021-04-01 09:52 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-04-01 09:52 - 2021-04-01 09:52 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-04-01 09:51 - 2021-04-01 09:51 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-04-01 09:51 - 2021-04-01 09:51 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-04-01 09:51 - 2021-04-01 09:51 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-04-01 09:51 - 2021-04-01 09:51 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-04-01 09:51 - 2021-04-01 09:51 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-04-01 09:51 - 2021-04-01 09:51 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-04-01 09:51 - 2021-04-01 09:51 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-04-01 09:50 - 2021-04-01 09:50 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-04-01 09:50 - 2021-04-01 09:50 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-04-01 09:50 - 2021-04-01 09:50 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-04-01 09:50 - 2021-04-01 09:50 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-04-01 09:50 - 2021-04-01 09:50 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-04-01 09:50 - 2021-04-01 09:50 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-04-01 09:50 - 2021-04-01 09:50 - 000011359 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-04-01 09:49 - 2021-04-01 09:49 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-04-01 09:49 - 2021-04-01 09:49 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-04-01 09:49 - 2021-04-01 09:49 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2021-04-01 09:49 - 2021-04-01 09:49 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2021-04-01 09:48 - 2021-04-01 09:48 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-04-01 09:48 - 2021-04-01 09:48 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-04-01 09:48 - 2021-04-01 09:48 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-04-01 09:48 - 2021-04-01 09:48 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-04-01 09:48 - 2021-04-01 09:48 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-04-01 09:47 - 2021-04-01 09:47 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-04-01 09:47 - 2021-04-01 09:47 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-04-01 09:47 - 2021-04-01 09:47 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-04-01 09:47 - 2021-04-01 09:47 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2021-04-01 09:47 - 2021-04-01 09:47 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-04-01 09:47 - 2021-04-01 09:47 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2021-04-01 09:47 - 2021-04-01 09:47 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2021-04-01 09:46 - 2021-04-01 09:46 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-04-01 09:46 - 2021-04-01 09:46 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-04-01 09:46 - 2021-04-01 09:46 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2021-04-01 09:45 - 2021-04-01 09:45 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-04-01 09:45 - 2021-04-01 09:45 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-01 09:45 - 2021-04-01 09:45 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-04-01 09:45 - 2021-04-01 09:45 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-04-01 09:45 - 2021-04-01 09:45 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-04-01 09:45 - 2021-04-01 09:45 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-04-01 09:45 - 2021-04-01 09:45 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2021-04-01 09:44 - 2021-04-01 09:44 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-04-01 09:44 - 2021-04-01 09:44 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-04-01 09:44 - 2021-04-01 09:44 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-04-01 09:44 - 2021-04-01 09:44 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-04-01 09:43 - 2021-04-01 09:43 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll
2021-04-01 09:43 - 2021-04-01 09:43 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-04-01 09:41 - 2021-04-01 09:41 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-04-01 09:41 - 2021-04-01 09:41 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-04-01 09:41 - 2021-04-01 09:41 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-04-01 09:40 - 2021-04-01 09:40 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-04-01 09:40 - 2021-04-01 09:40 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-04-01 09:40 - 2021-04-01 09:40 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-04-01 09:40 - 2021-04-01 09:40 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2021-04-01 09:40 - 2021-04-01 09:40 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-04-01 09:40 - 2021-04-01 09:40 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-04-01 09:40 - 2021-04-01 09:40 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-04-01 09:08 - 2021-04-01 09:08 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-01 09:00 - 2021-04-03 13:29 - 000000000 ___HD C:\$WinREAgent
2021-03-31 16:21 - 2021-03-31 04:49 - 000000000 ____D C:\Windows.old
2021-03-31 16:16 - 2021-03-31 16:21 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-03-31 16:14 - 2021-03-31 16:14 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-03-31 16:08 - 2021-03-31 16:08 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-03-31 16:08 - 2021-03-31 16:08 - 000000000 ____D C:\Program Files\MSBuild
2021-03-31 16:08 - 2021-03-31 16:08 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-03-31 16:08 - 2021-03-31 16:08 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-03-31 08:36 - 2021-04-03 10:24 - 000000000 ____D C:\Users\User\AppData\Local\PlaceholderTileLogoFolder
2021-03-31 04:50 - 2021-03-31 04:53 - 000000000 ____D C:\Users\User\AppData\Local\ConnectedDevicesPlatform
2021-03-31 04:50 - 2021-03-31 04:50 - 000000020 ___SH C:\Users\User\ntuser.ini
2021-03-31 04:49 - 2021-03-31 04:49 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1875166542-2685140994-1970054088-500
2021-03-31 04:48 - 2021-04-06 08:49 - 000004166 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{43E7DC2E-3E7D-4748-B968-E358F7D22BB2}
2021-03-31 04:48 - 2021-03-31 04:49 - 000003366 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineUA
2021-03-31 04:48 - 2021-03-31 04:49 - 000003346 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-03-31 04:48 - 2021-03-31 04:49 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1875166542-2685140994-1970054088-1001
2021-03-31 04:48 - 2021-03-31 04:49 - 000002784 _____ C:\WINDOWS\system32\Tasks\WpsUpdateTask_User
2021-03-31 04:48 - 2021-03-31 04:48 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-03-31 04:48 - 2021-03-31 04:48 - 000003212 _____ C:\WINDOWS\system32\Tasks\WpsExternal_User_20210330132923
2021-03-31 04:48 - 2021-03-31 04:48 - 000003142 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineCore
2021-03-31 04:48 - 2021-03-31 04:48 - 000003122 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-03-31 04:47 - 2021-03-31 04:48 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2021-03-31 04:47 - 2021-03-31 04:48 - 000011433 _____ C:\WINDOWS\diagerr.xml
2021-03-31 04:40 - 2021-03-31 04:40 - 000000020 ___SH C:\Users\MSSQL$SQLEXPRESS\ntuser.ini
2021-03-31 04:33 - 2021-03-31 04:42 - 000000000 ____D C:\Users\MSSQL$SQLEXPRESS
2021-03-31 04:33 - 2019-12-07 13:10 - 000001105 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-31 04:33 - 2019-12-07 13:10 - 000001105 _____ C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-31 04:22 - 2021-04-06 11:34 - 000008192 ___SH C:\DumpStack.log.tmp
2021-03-31 03:30 - 2021-03-31 03:30 - 000016148 _____ C:\WINDOWS\system32\DESKTOP-BV3TRHD_User_HistoryPrediction.bin
2021-03-30 13:29 - 2021-03-31 02:46 - 000000710 _____ C:\WINDOWS\Tasks\WpsExternal_User_20210330132923.job
2021-03-30 09:31 - 2021-03-30 09:31 - 000815712 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
2021-03-30 09:31 - 2021-03-30 09:31 - 000716384 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2021-03-30 09:31 - 2021-03-30 09:31 - 000437344 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
2021-03-30 09:31 - 2021-03-30 09:31 - 000350816 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo59.dll
2021-03-30 09:31 - 2021-03-30 09:31 - 000289376 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
2021-03-30 09:31 - 2021-03-30 09:31 - 000066136 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynRMIHID_Aux.sys
2021-03-30 09:31 - 2021-03-30 09:31 - 000055384 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel_Aux.sys
2021-03-30 09:31 - 2021-03-30 09:31 - 000053848 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF_Aux.sys
2021-03-30 09:31 - 2018-05-11 17:37 - 000034944 _____ (HP) C:\WINDOWS\system32\Drivers\WirelessButtonDriver64.sys
2021-03-29 11:36 - 2021-03-31 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDAutomation.com QR-Code Font and Encoder
2021-03-29 11:35 - 2021-03-29 11:36 - 000000000 ____D C:\Program Files (x86)\IDAutomation.com QR-Code Font and Encoder
2021-03-29 11:14 - 2021-03-31 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIC 7
2021-03-29 11:14 - 2021-03-29 11:14 - 000246080 _____ (KEYLOK) C:\WINDOWS\system32\NWKL2_64.DLL
2021-03-29 11:14 - 2021-03-29 11:14 - 000235840 _____ (KEYLOK) C:\WINDOWS\system32\KL2DLL64.DLL
2021-03-29 11:14 - 2021-03-29 11:14 - 000228160 _____ (KEYLOK) C:\WINDOWS\SysWOW64\NWKL2_32.DLL
2021-03-29 11:14 - 2021-03-29 11:14 - 000123200 _____ (KEYLOK) C:\WINDOWS\SysWOW64\KL2DLL32.DLL
2021-03-29 11:14 - 2021-03-29 11:14 - 000041984 _____ C:\WINDOWS\system32\ppmon64.exe
2021-03-29 11:14 - 2021-03-29 11:14 - 000024136 _____ C:\WINDOWS\SysWOW64\ppmon.exe
2021-03-29 11:14 - 2021-03-29 11:14 - 000012480 _____ C:\WINDOWS\SysWOW64\KL2N.DLL
2021-03-29 11:14 - 2021-03-29 11:14 - 000007440 _____ C:\WINDOWS\SysWOW64\ppmon.dll
2021-03-29 11:14 - 2021-03-29 11:14 - 000002603 _____ C:\ProgramData\Desktop\MAGIC.lnk
2021-03-29 11:14 - 2021-03-29 11:14 - 000000000 ____D C:\Users\User\AppData\Local\KEYLOK
2021-03-29 11:14 - 2021-03-29 11:14 - 000000000 ____D C:\Program Files\DIFX
2021-03-29 11:13 - 2021-04-03 13:46 - 000000000 ____D C:\Cards7
2021-03-29 11:13 - 2021-03-29 11:14 - 000000000 ____D C:\Program Files (x86)\MAGIC7
2021-03-29 11:12 - 2019-03-10 17:48 - 003719168 _____ C:\MAGIC7_EPM.bak
2021-03-29 11:03 - 2021-03-29 11:03 - 000000000 ____D C:\WINDOWS\system32\RsFx
2021-03-29 10:55 - 2021-03-29 10:55 - 000000000 ____D C:\Users\User\AppData\Local\Microsoft_Corporation
2021-03-29 10:52 - 2021-03-29 11:10 - 000000000 ____D C:\Users\User\Documents\SQL Server Management Studio
2021-03-29 10:50 - 2021-03-31 16:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2021-03-29 10:49 - 2021-03-31 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2014
2021-03-29 10:48 - 2021-03-31 16:21 - 000000000 ____D C:\WINDOWS\SysWOW64\1033
2021-03-29 10:48 - 2021-03-29 10:48 - 000000000 ____D C:\Users\User\Documents\Visual Studio 2010
2021-03-29 10:47 - 2021-03-29 10:48 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0
2021-03-29 10:46 - 2021-03-31 16:21 - 000000000 ____D C:\WINDOWS\system32\1033
2021-03-29 10:46 - 2021-03-29 10:46 - 000000000 ____D C:\WINDOWS\symbols
2021-03-29 10:46 - 2021-03-29 10:46 - 000000000 ____D C:\Program Files\Microsoft Visual Studio 10.0
2021-03-29 10:46 - 2021-03-29 10:46 - 000000000 ____D C:\Program Files\Microsoft Help Viewer
2021-03-29 10:46 - 2021-03-29 10:46 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2021-03-29 10:33 - 2021-03-31 04:51 - 000000000 ___DC C:\WINDOWS\Panther
2021-03-29 10:24 - 2021-03-29 10:24 - 000000000 ____D C:\ProgramData\Synaptics
2021-03-25 12:46 - 2021-04-03 13:46 - 000006250 _____ C:\Users\User\Desktop\box.png.ytbn
2021-03-25 12:24 - 2021-04-03 13:46 - 000034316 _____ C:\Users\User\Desktop\cosec-vega-fax-banner-removebg-preview.png.ytbn
2021-03-25 12:09 - 2021-04-03 13:46 - 000064889 _____ C:\Users\User\Desktop\4024520392_1572874805.jpg.ytbn
2021-03-24 09:42 - 2021-03-24 09:49 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-03-24 09:41 - 2021-03-31 16:24 - 000000000 ____D C:\Program Files\rempl
2021-03-24 09:41 - 2021-03-24 14:57 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2021-03-24 09:41 - 2021-03-24 14:48 - 000000000 ____D C:\Program Files\CUAssistant
2021-03-23 09:25 - 2010-12-06 06:16 - 000090112 _____ (Vestris Inc.) C:\WINDOWS\system32\Vestris.ResourceLib.dll
2021-03-22 16:17 - 2021-04-03 13:46 - 000360782 _____ C:\Users\User\Documents\Database1.accdb.ytbn
2021-03-22 15:03 - 2021-04-03 13:46 - 000000000 ____D C:\AccessControl
2021-03-22 15:03 - 2021-03-31 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AccessControl
2021-03-22 15:03 - 2021-03-22 15:03 - 000001625 _____ C:\ProgramData\Desktop\AccessControl.lnk
2021-03-18 16:01 - 2021-03-31 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ApowerMirror
2021-03-18 16:01 - 2021-03-18 16:01 - 000000613 _____ C:\Users\User\Desktop\ApowerMirror.lnk
2021-03-18 14:28 - 2021-04-04 10:21 - 000000000 ____D C:\Users\User\AppData\Local\BitTorrentHelper
2021-03-18 14:28 - 2021-04-04 08:39 - 000000000 ____D C:\Users\User\AppData\Roaming\BitTorrent Web
2021-03-18 14:28 - 2021-04-03 13:49 - 000000000 ____D C:\Users\User\Downloads\BitTorrent Web Tutorial Video
2021-03-18 14:28 - 2021-04-03 12:46 - 000001892 _____ C:\Users\User\Desktop\BitTorrent Web.lnk
2021-03-18 14:28 - 2021-04-03 12:46 - 000001878 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitTorrent Web.lnk
2021-03-18 14:23 - 2021-03-18 14:24 - 000000000 ____D C:\Program Files\TAP-Windows
2021-03-18 12:26 - 2021-04-03 13:46 - 000000000 ____D C:\.android
2021-03-18 12:22 - 2021-03-18 12:26 - 000000000 ____D C:\ProgramData\Apple
2021-03-18 12:22 - 2021-03-18 12:22 - 000000000 ____D C:\Users\User\Documents\Apowersoft
2021-03-18 12:22 - 2021-03-18 12:22 - 000000000 ____D C:\Program Files\Bonjour
2021-03-18 12:22 - 2021-03-18 12:22 - 000000000 ____D C:\Program Files (x86)\Bonjour
2021-03-18 12:21 - 2021-03-18 12:21 - 000000000 ____D C:\Users\User\AppData\Roaming\Apowersoft
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-04-06 11:56 - 2019-12-07 13:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-06 11:42 - 2020-11-19 11:54 - 000982928 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-04-06 11:42 - 2019-12-07 13:13 - 000000000 ____D C:\WINDOWS\INF
2021-04-06 11:35 - 2020-07-23 21:59 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles
2021-04-06 11:34 - 2020-11-19 11:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-04-06 11:33 - 2019-12-07 13:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-04-06 11:15 - 2019-12-07 13:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-04-06 10:38 - 2020-07-23 22:28 - 000000000 ____D C:\Program Files\WinRAR
2021-04-06 10:36 - 2020-12-06 10:11 - 000000000 ____D C:\Program Files (x86)\AnyDesk
2021-04-06 09:47 - 2020-11-19 11:43 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-04-06 08:51 - 2020-10-06 21:21 - 000000000 ____D C:\Users\User\AppData\Local\Opera Software
2021-04-06 08:51 - 2020-10-06 21:20 - 000000000 ____D C:\Users\User\AppData\Roaming\Opera Software
2021-04-05 13:09 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-04-04 10:00 - 2020-07-23 22:28 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-04-04 10:00 - 2020-07-23 22:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-04-04 09:33 - 2020-11-26 23:55 - 000000000 ____D C:\Cakewalk Projects
2021-04-04 08:49 - 2019-12-07 13:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-04-04 08:49 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-04-04 08:48 - 2020-11-19 11:46 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-03 14:39 - 2021-02-07 12:32 - 000002364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2021-04-03 14:04 - 2020-07-24 06:45 - 000000000 ____D C:\Users\User\AppData\Local\VirtualStore
2021-04-03 13:49 - 2021-01-03 13:52 - 000000000 ____D C:\Users\User\Documents\Camtasia
2021-04-03 13:46 - 2021-01-24 09:22 - 000000000 ___RD C:\Users\User\3D Objects
2021-04-03 13:46 - 2021-01-10 09:14 - 000000000 ____D C:\SadpLog
2021-04-03 13:46 - 2021-01-03 12:23 - 000009466 _____ C:\Users\User\Desktop\New Text Document (2.1).ytbn.ytbn
2021-04-03 13:46 - 2021-01-02 09:51 - 000005012 _____ C:\Users\User\Desktop\New Text Document (2).txt.ytbn
2021-04-03 13:46 - 2020-12-28 10:23 - 000001276 _____ C:\Users\User\Desktop\New Text Document.txt.ytbn
2021-04-03 13:46 - 2020-12-10 13:03 - 000012882 _____ C:\Users\User\Desktop\Stock list December 2020.xlsx.ytbn
2021-04-03 13:46 - 2020-12-09 11:29 - 000002572 ____H C:\Users\User\Documents\Default.rdp.ytbn
2021-04-03 13:46 - 2020-12-08 09:55 - 000117957 _____ C:\Users\User\Desktop\IT Companies Data.xlsx.ytbn
2021-04-03 13:46 - 2020-12-06 09:49 - 000000000 ____D C:\Users\User\.android
2021-04-03 13:46 - 2020-10-08 14:26 - 000000000 ____D C:\Among Us V.2020.9.9
2021-04-03 13:46 - 2020-10-07 00:53 - 000000000 ____D C:\Trisha
2021-04-03 13:29 - 2020-12-24 10:47 - 000000000 ____D C:\kingsoft
2021-04-03 13:29 - 2020-11-26 23:50 - 000000000 ____D C:\Cakewalk Content
2021-04-03 12:52 - 2019-12-07 13:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-04-03 12:42 - 2021-01-05 10:11 - 000000000 ____D C:\Program Files (x86)\Balabolka
2021-04-03 12:35 - 2020-10-07 00:02 - 000000000 ____D C:\Users\User\AppData\Roaming\.minecraft
2021-04-03 12:22 - 2020-10-10 18:36 - 000000000 ____D C:\Program Files (x86)\Epic Games
2021-04-03 11:58 - 2020-10-07 00:00 - 000000000 ____D C:\Program Files\Badlion Client
2021-04-03 10:49 - 2020-10-09 21:45 - 000000000 ____D C:\ProgramData\Adobe
2021-04-03 08:58 - 2020-10-09 21:44 - 000000000 ____D C:\Users\User\AppData\Local\Adobe
2021-04-03 08:58 - 2020-07-24 06:45 - 000000000 ____D C:\Users\User\AppData\Roaming\Adobe
2021-04-03 08:48 - 2020-11-19 11:48 - 000000000 ____D C:\ProgramData\Packages
2021-04-01 20:11 - 2020-11-19 11:43 - 000485152 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-04-01 20:05 - 2019-12-07 13:54 - 000000000 ___SD C:\WINDOWS\system32\AppV
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-04-01 20:04 - 2019-12-07 13:54 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-04-01 20:04 - 2019-12-07 13:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-04-01 20:04 - 2019-12-07 13:54 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\IME
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-04-01 20:04 - 2019-12-07 13:03 - 000000000 ____D C:\WINDOWS\servicing
2021-04-01 19:46 - 2020-10-10 18:42 - 000000000 ____D C:\ProgramData\Package Cache
2021-04-01 15:06 - 2020-07-24 06:45 - 000000000 ____D C:\Users\User\AppData\Local\Packages
2021-04-01 11:28 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-04-01 09:39 - 2020-11-19 11:45 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-04-01 08:59 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-04-01 08:58 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\appcompat
2021-03-31 16:21 - 2021-01-31 09:06 - 000000000 ____D C:\WINDOWS\SysWOW64\shxfont
2021-03-31 16:21 - 2021-01-31 09:05 - 000000000 ____D C:\WINDOWS\SysWOW64\PS
2021-03-31 16:21 - 2021-01-31 09:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoDWG
2021-03-31 16:21 - 2021-01-10 09:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SADPTool
2021-03-31 16:21 - 2021-01-03 13:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2021-03-31 16:21 - 2020-12-28 15:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\POINTMAN
2021-03-31 16:21 - 2020-12-13 15:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CardScanner
2021-03-31 16:21 - 2020-12-13 15:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Business Card Scanner Driver
2021-03-31 16:21 - 2020-12-06 10:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyDesk
2021-03-31 16:21 - 2020-12-06 09:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2021-03-31 16:21 - 2020-07-23 22:38 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2021-03-31 16:21 - 2020-07-23 21:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2021-03-31 16:21 - 2020-07-23 21:51 - 000000000 ____D C:\Program Files\Intel
2021-03-31 16:21 - 2019-12-07 13:18 - 000000000 ____D C:\WINDOWS\Setup
2021-03-31 16:21 - 2019-12-07 13:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-03-31 16:21 - 2019-12-07 13:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-03-31 16:21 - 2015-07-10 17:14 - 000000000 ____D C:\WINDOWS\ShellNew
2021-03-31 16:21 - 2015-07-10 15:04 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-03-31 16:21 - 2015-07-10 15:04 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-03-31 16:20 - 2015-07-10 15:04 - 000000000 ____D C:\WINDOWS\InfusedApps
2021-03-31 16:16 - 2020-12-26 13:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2021-03-31 16:16 - 2020-11-27 00:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Celemony
2021-03-31 16:16 - 2020-11-26 23:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cakewalk
2021-03-31 16:16 - 2020-07-23 21:58 - 000000000 ____D C:\Program Files\Synaptics
2021-03-31 16:16 - 2020-07-23 21:56 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2021-03-31 16:16 - 2020-07-23 21:55 - 000000000 ____D C:\Program Files\Realtek
2021-03-31 16:16 - 2020-07-23 21:54 - 000000000 ____D C:\Program Files\AMD
2021-03-31 16:16 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\Resources
2021-03-31 16:08 - 2020-11-19 06:50 - 000443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2021-03-31 16:08 - 2020-11-19 06:50 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2021-03-31 16:08 - 2019-12-07 13:10 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2021-03-31 14:50 - 2020-11-19 11:46 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-03-31 14:50 - 2020-11-19 11:46 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-03-31 09:05 - 2020-11-19 11:43 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-03-31 04:51 - 2020-10-10 14:54 - 000000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2021-03-31 04:49 - 2019-12-07 13:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-03-31 04:46 - 2019-12-07 13:14 - 000000000 __RSD C:\WINDOWS\Media
2021-03-31 04:43 - 2020-07-23 21:59 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-03-31 04:38 - 2020-12-07 10:02 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WPS Office
2021-03-31 04:38 - 2020-11-26 23:34 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BandLab Technologies
2021-03-31 04:38 - 2020-10-07 13:59 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-03-31 04:38 - 2019-12-07 13:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-03-31 04:34 - 2021-01-04 09:31 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blender
2021-03-31 04:27 - 2020-07-23 21:55 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2021-03-31 03:36 - 2020-12-24 10:53 - 000000372 _____ C:\WINDOWS\Tasks\WpsUpdateTask_User.job
2021-03-30 10:32 - 2020-12-26 13:21 - 000000000 ____D C:\ProgramData\Wondershare Filmora
2021-03-29 11:09 - 2020-07-23 22:36 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2021-03-29 11:09 - 2020-07-23 22:36 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2021-03-29 10:51 - 2020-07-23 22:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-03-29 10:24 - 2020-10-06 21:18 - 000000000 ____D C:\Users\User\AppData\Roaming\Synaptics
2021-03-22 16:16 - 2021-01-21 10:07 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2021-03-20 08:55 - 2020-12-27 16:15 - 000000747 _____ C:\Users\User\Desktop\Video Editing - Shortcut.lnk
2021-03-15 09:13 - 2020-07-24 06:47 - 000000000 ___RD C:\Users\User\OneDrive
2021-03-13 09:43 - 2020-10-09 21:47 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
 
==================== Files in the root of some directories ========
 
2021-04-03 13:12 - 2021-04-03 13:16 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2021-04-03 13:11 - 2021-04-03 13:15 - 000022848 _____ (Microsoft Corporation) C:\Program Files\api-ms-win-crt-convert-l1-1-0.dll
2021-04-03 13:11 - 2021-04-03 13:15 - 000023360 _____ (Microsoft Corporation) C:\Program Files\api-ms-win-crt-runtime-l1-1-0.dll
2021-04-03 13:11 - 2021-04-03 13:15 - 000024896 _____ (Microsoft Corporation) C:\Program Files\api-ms-win-crt-string-l1-1-0.dll
2021-04-03 13:11 - 2021-04-03 13:15 - 000141296 _____ (Oracle Corporation) C:\Program Files\dcpr.dll
2021-04-03 13:11 - 2021-04-03 13:15 - 000015856 _____ () C:\Program Files\jp2native.dll
2021-04-03 13:11 - 2021-04-03 13:15 - 000000199 _____ () C:\Program Files\unins.vbs
2021-04-04 18:53 - 2021-04-04 18:53 - 000000032 _____ () C:\Users\User\AppData\Roaming\8f9b.8f9b
2021-04-03 13:18 - 2021-04-03 13:18 - 000000560 _____ () C:\Users\User\AppData\Local\bowsakkdestx.txt
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
 
Addition
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-04-2021
Ran by User (06-04-2021 12:01:13)
Running from D:\Downloads
Windows 10 Pro Version 20H2 19042.867 (X64) (2021-03-31 00:49:49)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1875166542-2685140994-1970054088-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1875166542-2685140994-1970054088-503 - Limited - Disabled)
Guest (S-1-5-21-1875166542-2685140994-1970054088-501 - Limited - Disabled)
User (S-1-5-21-1875166542-2685140994-1970054088-1001 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-1875166542-2685140994-1970054088-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Access Control (HKLM-x32\...\{B8202A3F-65A2-4921-B5CB-598FFA49FD11}) (Version: 7.51.81 - CSN)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.001.20145 - Adobe Systems Incorporated)
Adobe After Effects 2021 (HKLM-x32\...\AEFT_18_0_1) (Version: 18.0.1 - Adobe Inc.)
AdoptOpenJDK JDK with Hotspot 8.0.265.01 (x64) (HKLM\...\{2B68F6A3-4DF9-48A9-B59D-922F5A8D1A62}) (Version: 8.0.265.01 - AdoptOpenJDK)
Android Studio (HKLM\...\Android Studio) (Version: 4.1 - Google LLC)
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 6.2.3 - philandro Software GmbH)
ApowerMirror 1.4.7.33 (HKLM-x32\...\ApowerMirror_is1) (Version: 1.4.7.33 - lrepacks.ru)
BandLab Assistant 6.2.0 (HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\9b08bea4-021c-5f9d-a74e-ac0ceb51fb28) (Version: 6.2.0 - BandLab Technologies)
BitTorrent Web (HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\btweb) (Version: 1.2.0 - BitTorrent, Inc.)
Blender (HKLM\...\{64FCD268-AF5F-403D-B51B-00BC2D47DD0B}) (Version: 2.91.0 - Blender Foundation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 89.1.22.71 - Brave Software Inc)
Business Card Scanner Driver (HKLM-x32\...\{71A51A91-E7D3-11DB-A386-005056C00008}) (Version: 2010.03.02 - Deasy Corporation)
Cakewalk by BandLab (HKLM\...\Cakewalk Core_is1) (Version: 26.11.0.099 - BandLab Singapore Pte Ltd.)
Cakewalk Drum Replacer (HKLM\...\Cakewalk Drum Replacer_is1) (Version: 1.2.0.14 - BandLab Singapore Pte Ltd.)
Cakewalk Studio Instruments Suite (HKLM\...\Studio Instruments Suite_is1) (Version: 1.0.0.70 - BandLab Singapore Pte Ltd.)
Cakewalk Theme Editor (HKLM\...\Cakewalk Theme Editor_is1) (Version: 1.2.0.14 - BandLab Singapore Pte Ltd.)
Camtasia 2019 (HKLM\...\{FF10C4F0-9186-405F-809D-D2E8D5E39448}) (Version: 19.0.10.17662 - TechSmith Corporation) Hidden
Camtasia 2019 (HKLM-x32\...\{03e048a7-3690-409c-b9c4-27612f78bd68}) (Version: 19.0.10.17662 - TechSmith Corporation)
Card Printer (HKLM\...\Card Printer) (Version:  - )
CardScanner (HKLM-x32\...\{94E73CA7-027B-4F3D-9E2A-9FEE4F7DD9C5}) (Version: 3.0 - )
DWGSee Pro 2020 (HKLM-x32\...\{BE4B9B74-CEB0-499C-A0F4-4F17DF52B314}) (Version: 5.0 - AutoDWG)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
gdiview (HKLM-x32\...\{9A2A452C-3057-4F5E-8C7F-41B0D566B831}) (Version: 1.0.0 - gdiview)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.114 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 - Google LLC) Hidden
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
IDAutomation.com QR-Code Font and Encoder (HKLM-x32\...\IDAutomation.com QR-Code Font and Encoder) (Version:  - )
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{7563302D-BD6B-4153-BA7D-3E3432E7C22D}) (Version: 7.5.6 - Intel Corporation)
KX-TE Maintenance Console (HKLM-x32\...\{EF5B455C-7FAA-4978-BB92-29CEBD013C9C}) (Version: 3.000 - )
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
MAGIC7 (HKLM-x32\...\{75E7949C-6476-4F91-9BC8-5DDA7C45BCA4}) (Version: 1.0.0 - EPM)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Melodyne 4 (HKLM-x32\...\{16DF894D-FC3F-4B87-908D-671E201CD7A8}) (Version: 4.01.0111 - Celemony Software GmbH)
Melodyne Runtime 4.1 (x64) (HKLM\...\{721E4E34-AF7C-4345-93F9-282CCC8CCCB5}) (Version: 1.0.2 - Celemony Software GmbH)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.68 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{A106FA6F-E94C-44C9-8A0F-C34BD82C9FE6}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\OneDriveSetup.exe) (Version: 21.030.0211.0002 - Microsoft Corporation)
Microsoft Report Viewer 2014 Runtime (HKLM-x32\...\{327E9C0D-1687-414F-923E-F5979E549548}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2014 Policies  (HKLM-x32\...\{1C30FE7E-8A8C-4492-89D6-10CB20C3B0EB}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{0EEBDCCA-EF5D-4896-9FEA-D7D410A57E8A}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL Compiler Service  (HKLM\...\{59DE4D1C-690E-4397-8A44-B684934E863C}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\Teams) (Version: 1.3.00.26064 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.26.28720 (HKLM-x32\...\{7d607fb4-7e28-4c7a-a92f-3fcdaf555faf}) (Version: 14.26.28720.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.0.2000.8 - Microsoft Corporation)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.)
SADPTool (HKLM-x32\...\{7D9B79C2-B1B2-433B-844F-F4299B86F26E}) (Version: 3.0.1.8 - hikvision)
SQL Server 2014 Client Tools (HKLM\...\{2BA1811B-44C0-4C50-8C5A-CE68AB25ED71}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Client Tools (HKLM\...\{B5ECFA5C-AC4F-45A4-A12E-A76ABDD9CCBA}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{BD1CD96B-FE4B-4EAE-83D4-6EF55AB5779C}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{F7012F84-80F5-4C25-852E-B1BA03276FE6}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{17531BCD-C627-46A2-9F1E-7CC920E0E94A}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{5082A9F3-AEE5-4639-9BA7-C19661BA7331}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{ACC530B8-B6B4-40D6-B59B-152468CF47D0}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{D1B847A9-B06B-4264-9EF0-78E6E1571E65}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (HKLM\...\{75A54138-3B98-4705-92E4-F619825B121F}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (HKLM\...\{839EF29A-3055-43DC-ADCE-8E84893798D5}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.0.2000.8 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{6476DB81-F263-4C04-8574-AAD31136C304}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Update for Skype for Business 2016 (KB4032255) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{053B38B6-9400-4CCD-BD0C-95E28A4D5BC4}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB4032255) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{053B38B6-9400-4CCD-BD0C-95E28A4D5BC4}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB4032255) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{053B38B6-9400-4CCD-BD0C-95E28A4D5BC4}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{6753CC12-A884-47B2-9270-F5CD31B6F256}) (Version: 2.67.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{0746492E-47B6-4251-940C-44462DFD74BB}) (Version: 2.55.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{76A22428-2400-4521-96AF-7AC4A6174CA5}) (Version: 1.25.0.0 - Microsoft Corporation) Hidden
Versium Research 8.3 (HKLM-x32\...\Versium Research 8.3) (Version: 8.3 - 67e16a30-3df6-4d4c-a838-a81a8806dda3)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Web Companion (HKLM-x32\...\{14418827-509b-4471-a018-afabf36e0874}) (Version: 7.0.2417.4248 - Lavasoft)
Windows Driver Package - KEYLOK (usbkey) USB  (06/10/2010 64.0.0.0) (HKLM\...\B048A6D4B0188E5A802ADFF30A7C78FA4AD99BE0) (Version: 06/10/2010 64.0.0.0 - KEYLOK)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
Wondershare Filmora X(Build 10.0.6.8) (HKLM\...\Wondershare Filmora X_is1) (Version:  - Wondershare Software)
WPS Office (11.2.0.10078) (HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\Kingsoft Office) (Version: 11.2.0.10078 - Kingsoft Corp.)
 
Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-03-31] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-03-31] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-03-31] (Microsoft Studios) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2021-03-31] (Microsoft Corporation) [MS Ad]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1875166542-2685140994-1970054088-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1875166542-2685140994-1970054088-1001_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 -> C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.10078\office6\kwpsmenushellext64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1875166542-2685140994-1970054088-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel® pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1875166542-2685140994-1970054088-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1875166542-2685140994-1970054088-1001_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ContextMenuHandlers1: [DWGSeeMenu] -> {A6EAF440-149E-4AF3-AE84-5DA3CF791E3B} => C:\Program Files (x86)\AutoDWG\DWGSee Pro 2020\DWGSeeMenu64.dll [2012-07-13] (TODO: <Company name>) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-06] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2020-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-06] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-1875166542-2685140994-1970054088-1001: [          kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.10078\office6\kwpsmenushellext64.dll [2021-03-30] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
ContextMenuHandlers4_S-1-5-21-1875166542-2685140994-1970054088-1001: [          kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.10078\office6\kwpsmenushellext64.dll [2021-03-30] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2021-01-31 09:05 - 2012-07-13 04:28 - 000125952 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\AutoDWG\DWGSee Pro 2020\DWGSeeMenu64.dll
2020-12-28 15:33 - 2014-07-30 16:06 - 000024576 _____ (Windows ® Codename Longhorn DDK provider) [File not signed] C:\WINDOWS\System32\CITPJLMON.DLL
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\User:.repos [616611]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=AE190201&iDate=2021-04-03 09:14:26&iid=701bb811-ea24-4b28-9618-7c3aefafdafe&bName=
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxps://www.msn.com/en-ae/?ocid=iehp
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2018-07-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2018-07-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-23] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-06-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-06-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-06-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-06-12] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\webcompanion.com -> hxxp://webcompanion.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 15:04 - 2020-12-26 13:25 - 000000978 ____R C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 platform.wondershare.com
127.0.0.1 www.platform.wondershare.com
127.0.0.1 cbs.wondershare.com
127.0.0.1 www.cbs.wondershare.com
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64\compiler;C:\Program Files\AdoptOpenJDK\jdk-8.0.265.01-hotspot\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\ManagementStudio\;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\120\DTS\Binn\;C:\Program Files\Microsoft SQL Server\120\DTS\Binn\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\Control Panel\Desktop\\Wallpaper -> c:\users\user\downloads\wallpaperflare.com_wallpaper.jpg
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 8.8.8.8 - 4.4.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\StartupFolder: => "AnyDesk.lnk"
HKLM\...\StartupApproved\Run32: => "VMonitorVMUVC"
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\StartupApproved\Run: => "Adobe Reader Synchronizer"
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\StartupApproved\Run: => "btweb"
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\StartupApproved\Run: => "ColdHill"
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\StartupApproved\Run: => "SysHelper"
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\StartupApproved\Run: => "Opera GX Browser Assistant"
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\StartupApproved\Run: => "uwuxdhs"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{7109EECF-FE7B-43A5-805A-2892C5E0AB47}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{50959E13-E24E-48F4-9F68-A8C9D2E3AE6B}D:\apowermirror\apowermirror.exe] => (Allow) D:\apowermirror\apowermirror.exe => No File
FirewallRules: [TCP Query User{87E5E45A-AAFB-48B4-A2AE-9A5F84367A86}D:\apowermirror\apowermirror.exe] => (Allow) D:\apowermirror\apowermirror.exe => No File
FirewallRules: [{BB15D28C-05BE-4BE7-9470-3FB22D5035DE}] => (Allow) C:\Users\User\AppData\Roaming\BitTorrent Web\btweb.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{7BE1E337-68C7-4734-A9FA-9D7402DA7EEB}] => (Allow) C:\Users\User\AppData\Roaming\BitTorrent Web\btweb.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{D9BFC11A-AFBD-4C78-A66F-8B0D8FA554FE}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe => No File
FirewallRules: [{7303896D-5F16-4664-AFFA-6EC7F6F2A7FE}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe => No File
FirewallRules: [{59982179-E95D-4255-92A6-E701888CFD92}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3961424B-EA55-459B-A937-44772E52F443}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{039034B7-9C45-445D-B6F5-6FE15467602F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BE9CED34-384B-4002-B49A-1F43DE1734CF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [UDP Query User{3BBB5996-6FCC-48C6-8106-B0D42182BEDC}C:\program files (x86)\sadptool\sadptool.exe] => (Allow) C:\program files (x86)\sadptool\sadptool.exe (HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )
FirewallRules: [TCP Query User{1CA1D82E-5535-49A0-B16E-3CA236B60E5D}C:\program files (x86)\sadptool\sadptool.exe] => (Allow) C:\program files (x86)\sadptool\sadptool.exe (HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )
FirewallRules: [{B7FEDDAA-F21B-4C23-8E53-2EA2102A11E3}] => (Allow) LPort=8320
FirewallRules: [{98C271C3-96CB-4D53-81FB-BA8C8B432014}] => (Allow) C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.9747\office6\wpscloudsvr.exe => No File
FirewallRules: [{0EAD68A2-D6A6-4954-8ACB-34E20FEA6C5F}] => (Allow) C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.9747\office6\wps.exe => No File
FirewallRules: [UDP Query User{5A6BC344-44BA-4A9C-B442-B3BADCB9C321}C:\users\user\downloads\anydesk.exe] => (Allow) C:\users\user\downloads\anydesk.exe => No File
FirewallRules: [TCP Query User{2CAF999E-1F15-4619-88E7-7AE55EE8FFAA}C:\users\user\downloads\anydesk.exe] => (Allow) C:\users\user\downloads\anydesk.exe => No File
FirewallRules: [UDP Query User{DA94C7A5-B242-41DF-B3FA-2203E789B774}C:\users\user\appdata\local\programs\opera gx\71.0.3770.441\opera.exe] => (Allow) C:\users\user\appdata\local\programs\opera gx\71.0.3770.441\opera.exe => No File
FirewallRules: [TCP Query User{DD43A6A7-82AC-4DE7-A3AB-49967756F93B}C:\users\user\appdata\local\programs\opera gx\71.0.3770.441\opera.exe] => (Allow) C:\users\user\appdata\local\programs\opera gx\71.0.3770.441\opera.exe => No File
FirewallRules: [UDP Query User{04727518-53F2-4BD8-8E39-2D793CAF12C4}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [TCP Query User{CFCB1508-2125-4E5F-8AF4-9AED2664281A}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [{89FC2107-1EC2-49F0-8080-1507431889DE}] => (Allow) C:\Program Files\Cakewalk\Shared Utilities\StartPage\CakewalkStartScreen.exe (BandLab Singapore Pte Ltd. -> BandLab Singapore Pte Ltd.)
FirewallRules: [{19351964-04DE-4AFF-B931-26EFD5CABA12}] => (Allow) C:\Program Files\Cakewalk\Shared Utilities\StartPage\CakewalkStartScreen.exe (BandLab Singapore Pte Ltd. -> BandLab Singapore Pte Ltd.)
FirewallRules: [UDP Query User{AE38B650-87D6-4BA9-A4E8-7898FA7C9521}C:\users\user\appdata\local\programs\bandlab-assistant\bandlab assistant.exe] => (Allow) C:\users\user\appdata\local\programs\bandlab-assistant\bandlab assistant.exe (BandLab Singapore Pte Ltd. -> BandLab Technologies)
FirewallRules: [TCP Query User{30B4A390-6047-4E09-A396-633648DDFE63}C:\users\user\appdata\local\programs\bandlab-assistant\bandlab assistant.exe] => (Allow) C:\users\user\appdata\local\programs\bandlab-assistant\bandlab assistant.exe (BandLab Singapore Pte Ltd. -> BandLab Technologies)
FirewallRules: [UDP Query User{E16AFC31-7750-4644-AAC7-D76947520D4E}C:\users\user\appdata\local\programs\opera gx\71.0.3770.323\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera gx\71.0.3770.323\opera.exe => No File
FirewallRules: [TCP Query User{3D5B4DF6-D1C0-4530-8097-FDE3AC8431BD}C:\users\user\appdata\local\programs\opera gx\71.0.3770.323\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera gx\71.0.3770.323\opera.exe => No File
FirewallRules: [{A794E91C-B473-4035-A624-41C645B07F43}] => (Allow) C:\Users\User\AppData\Local\Temp\download\MiniThunderPlatform.exe => No File
FirewallRules: [{B60DCDA6-8C49-4C37-89B5-5988B4CEA648}] => (Allow) C:\Users\User\AppData\Local\Temp\download\MiniThunderPlatform.exe => No File
FirewallRules: [{A04C8C9F-FA39-4A1F-A3D9-347B8FB73EE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kingdom\Kingdom.exe => No File
FirewallRules: [{884E65F1-129A-4A6F-9D0D-3F85CA8DC0FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kingdom\Kingdom.exe => No File
FirewallRules: [UDP Query User{8D3AF02E-5023-4E57-9DA8-FC3B4A02338B}C:\users\user\appdata\local\programs\opera gx\71.0.3770.310\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera gx\71.0.3770.310\opera.exe => No File
FirewallRules: [TCP Query User{5EA7F371-4612-49E4-A1AD-E7B5A72508C1}C:\users\user\appdata\local\programs\opera gx\71.0.3770.310\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera gx\71.0.3770.310\opera.exe => No File
FirewallRules: [UDP Query User{974A5F2B-845C-46AC-9A12-C603BCD31A24}C:\users\user\appdata\local\programs\opera gx\71.0.3770.302\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera gx\71.0.3770.302\opera.exe => No File
FirewallRules: [TCP Query User{3AE32E50-FDFB-4309-9425-81FF909958EA}C:\users\user\appdata\local\programs\opera gx\71.0.3770.302\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera gx\71.0.3770.302\opera.exe => No File
FirewallRules: [UDP Query User{3ED1032A-28BA-4B85-9F87-3E3E4B1A1B7E}C:\users\user\appdata\local\programs\opera gx\71.0.3770.287\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera gx\71.0.3770.287\opera.exe => No File
FirewallRules: [TCP Query User{9CA387CB-705F-4A6F-8BF6-5FFA2D307878}C:\users\user\appdata\local\programs\opera gx\71.0.3770.287\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera gx\71.0.3770.287\opera.exe => No File
FirewallRules: [UDP Query User{2F03BFAD-4573-4A26-B43D-A653D76C57A6}C:\program files\adoptopenjdk\jdk-8.0.265.01-hotspot\jre\bin\javaw.exe] => (Allow) C:\program files\adoptopenjdk\jdk-8.0.265.01-hotspot\jre\bin\javaw.exe
FirewallRules: [TCP Query User{A05A573B-6BDF-4606-8883-E1C7B262FDE1}C:\program files\adoptopenjdk\jdk-8.0.265.01-hotspot\jre\bin\javaw.exe] => (Allow) C:\program files\adoptopenjdk\jdk-8.0.265.01-hotspot\jre\bin\javaw.exe
FirewallRules: [UDP Query User{BDFCB4A4-E1DF-4B24-9A81-6DB764399998}C:\among us v.2020.9.9\among us.exe] => (Allow) C:\among us v.2020.9.9\among us.exe => No File
FirewallRules: [TCP Query User{41495AC5-6992-40A5-B2B9-33FAD41D5656}C:\among us v.2020.9.9\among us.exe] => (Allow) C:\among us v.2020.9.9\among us.exe => No File
FirewallRules: [UDP Query User{3AC9F6C9-D32D-47E5-88AF-959B7785D685}C:\users\user\appdata\local\programs\opera gx\71.0.3770.234\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera gx\71.0.3770.234\opera.exe => No File
FirewallRules: [TCP Query User{ED9EB14F-6EC7-4C7E-8718-473C5F78B163}C:\users\user\appdata\local\programs\opera gx\71.0.3770.234\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera gx\71.0.3770.234\opera.exe => No File
FirewallRules: [{096BBC75-AF5A-431E-9593-C7EA82A4D6D7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{8FF6DA6B-D011-4A57-9E08-1E2F2804D492}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [UDP Query User{FD5AFBA7-C382-44F1-844A-1F8E933B1533}C:\users\user\appdata\local\programs\opera gx\71.0.3770.205\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera gx\71.0.3770.205\opera.exe => No File
FirewallRules: [TCP Query User{06438B15-F22A-4A16-9770-B0FD55A8A01F}C:\users\user\appdata\local\programs\opera gx\71.0.3770.205\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera gx\71.0.3770.205\opera.exe => No File
FirewallRules: [{88B59B03-A816-441B-8259-DF8FE627108B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Imagined Leviathan\The Imagined Leviathan WIN\The Imagined Leviathan.exe => No File
FirewallRules: [{11653273-9514-485D-9C32-F749781028A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Imagined Leviathan\The Imagined Leviathan WIN\The Imagined Leviathan.exe => No File
FirewallRules: [{A24FAAAE-9A87-4E41-B9F3-BE9A174A4468}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{71CA4F42-A533-4BD8-9410-7C1915E5C2DF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{C324FF48-4B9E-49C1-A59A-5AD102C2BD57}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{3EBEC606-E3D0-43B5-9B10-048A7BD638E4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [UDP Query User{4460A8C1-11DE-4C3A-B725-16451D63740C}C:\users\user\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\user\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{0E0F0A0D-0B25-44A8-9579-94DFE81FAAC9}C:\users\user\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\user\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{5C9BCD4B-9018-4D3E-92D1-34AF53DAFA35}C:\programdata\badlionclient\jre\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre\bin\javaw.exe
FirewallRules: [TCP Query User{F48BB3EC-1BE0-47E3-AB03-1563D980B23B}C:\programdata\badlionclient\jre\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre\bin\javaw.exe
FirewallRules: [{67476C21-3FA6-4EB8-B2D5-BFD2C5556A19}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{30DB716E-F20F-43D4-B8B6-B28F037C4CCA}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{17515E3C-B17F-4D7C-8AD5-B6BDB12AA72C}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{112FEAD7-8C5D-4070-9837-496F3BF89DEF}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6374F229-D68A-4057-B1EA-086BDD8B1AC6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E0FE3DC1-53F1-4BB0-8EA7-CEEAA9A03A9E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{17AA5971-6B4D-49D2-85D7-CB3AA9EFB1E5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0D225FB2-22CE-4763-BA7B-27807270BD9A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{20991701-8604-495D-A067-C561EEF27D65}C:\windows\syswow64\svchost.exe] => (Allow) C:\windows\syswow64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [UDP Query User{A409B505-3B51-4787-9B65-90812C078665}C:\windows\syswow64\svchost.exe] => (Allow) C:\windows\syswow64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{963974C6-5911-4007-84F6-8498E1788C19}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{FD8E33CC-02E2-42F1-9DF2-A67989C464D9}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{393E9EF0-C07B-4C12-A497-D949F8BED77E}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{73BD5526-B24B-4F34-ADB8-DC9E8F1AA22C}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{829ACBCC-6DC3-440A-80F7-8F1DBF3A0DA9}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{CF76CE94-6350-4756-9CD3-64A1B20C8EF9}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{1E13BB9F-EE77-4FB6-9C0B-9B1B65141538}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
 
==================== Restore Points =========================
 
04-04-2021 09:02:35 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (04/06/2021 11:36:32 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (04/06/2021 11:36:30 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (04/06/2021 10:57:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 5DC0.exe, version: 0.0.0.0, time stamp: 0x5d890137
Faulting module name: 5DC0.exe, version: 0.0.0.0, time stamp: 0x5d890137
Exception code: 0xc0000005
Fault offset: 0x000090ee
Faulting process id: 0x2430
Faulting application start time: 0x01d72aafc928e263
Faulting application path: C:\Users\User\AppData\Local\6831f20e-20c5-491b-8882-f5c56e50bebb\5DC0.exe
Faulting module path: C:\Users\User\AppData\Local\6831f20e-20c5-491b-8882-f5c56e50bebb\5DC0.exe
Report Id: 39c70469-d1dd-4bc6-8fae-f3585bc025ec
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/06/2021 10:40:30 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (04/06/2021 10:40:28 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (04/06/2021 10:36:40 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (04/06/2021 10:36:40 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (04/06/2021 10:36:40 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
 
System errors:
=============
Error: (04/06/2021 11:34:42 AM) (Source: IntelHaxm) (EventID: 10) (User: )
Description: HAXM can't work on system with VT disabled
 
Error: (04/06/2021 10:38:19 AM) (Source: IntelHaxm) (EventID: 10) (User: )
Description: HAXM can't work on system with VT disabled
 
Error: (04/06/2021 10:36:24 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (04/06/2021 10:36:18 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (04/06/2021 10:36:12 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (04/06/2021 10:36:05 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (04/06/2021 10:35:57 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (04/06/2021 10:35:50 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
 
Windows Defender:
================
Date: 2021-04-03 13:19:15
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Glupteba.AV!MTB
Severity: Severe
Category: Trojan
Path: file:_C:\Users\User\AppData\Local\88827002-09ba-4f78-af26-e846d392c127\E2F6.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\svchost.exe
Security intelligence Version: AV: 1.335.109.0, AS: 1.335.109.0, NIS: 1.335.109.0
Engine Version: AM: 1.1.18000.5, NIS: 1.1.18000.5
 
Date: 2021-04-03 13:18:44
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Wacatac.B!ml
Severity: Severe
Category: Trojan
Path: file:_C:\Users\User\AppData\Local\Temp\is-GTMR8.tmp\Setup.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\svchost.exe
Security intelligence Version: AV: 1.335.109.0, AS: 1.335.109.0, NIS: 1.335.109.0
Engine Version: AM: 1.1.18000.5, NIS: 1.1.18000.5
 
Date: 2021-04-03 13:18:42
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Mamson.A!ac
Severity: Severe
Category: Trojan
Path: file:_C:\Program Files (x86)\67e16a30-3df6-4d4c-a838-a81a8806dda3\Versium Research\LabPicV3.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\User\AppData\Local\Temp\is-GTMR8.tmp\Setup.exe
Security intelligence Version: AV: 1.335.109.0, AS: 1.335.109.0, NIS: 1.335.109.0
Engine Version: AM: 1.1.18000.5, NIS: 1.1.18000.5
 
Date: 2021-04-03 13:13:53
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Stealer.KA!MTB
Severity: Severe
Category: Trojan
Path: file:_C:\Users\User\AppData\Local\Temp\haleng.exe; regkey:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\haleng; runkey:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\haleng
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.335.109.0, AS: 1.335.109.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.18000.5, NIS: 0.0.0.0
 
Date: 2021-04-03 13:13:53
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Backdoor:Win32/Bladabindi!ml
Severity: Severe
Category: Backdoor
Path: file:_C:\Program Files (x86)\67e16a30-3df6-4d4c-a838-a81a8806dda3\Versium Research\RunWW.exe; process:_pid:11960,ProcessStart:132619146701968983
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\67e16a30-3df6-4d4c-a838-a81a8806dda3\Versium Research\RunWW.exe
Security intelligence Version: AV: 1.335.109.0, AS: 1.335.109.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.18000.5, NIS: 0.0.0.0
 
Date: 2021-04-03 13:18:43
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x8007041d
Error description: The service did not respond to the start or control request in a timely fashion. 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
==================== Memory info =========================== 
 
BIOS: Insyde F.14 10/04/2013
Motherboard: Hewlett-Packard 1970
Processor: Intel® Core™ i7-3632QM CPU @ 2.20GHz
Percentage of memory in use: 76%
Total physical RAM: 8090.35 MB
Available physical RAM: 1868.82 MB
Total Virtual: 9370.35 MB
Available Virtual: 2375.17 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:146.91 GB) (Free:39.51 GB) NTFS
Drive d: () (Fixed) (Total:155.27 GB) (Free:123.74 GB) NTFS
Drive e: () (Fixed) (Total:163.09 GB) (Free:87.06 GB) NTFS
 
\\?\Volume{c0944214-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: C0944214)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=155.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=163.1 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================

 


  • 0

Advertisements


#2
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,053 posts

Hi, Nimosh.
 
Welcome to GTG Forum.

 

I see that you are using an illegal method to bypass activation of at least one program you have installed in the computer. The tools and fixes we are going to use will remove these methods and therefore the affected programs will stop being activated.

 

Let me know if you agree with this, so I can provide further instructions.
 


  • 0

#3
Nimosh

Nimosh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Hi, Nimosh.
 
Welcome to GTG Forum.

 

I see that you are using an illegal method to bypass activation of at least one program you have installed in the computer. The tools and fixes we are going to use will remove these methods and therefore the affected programs will stop being activated.

 

Let me know if you agree with this, so I can provide further instructions.
 

 

 

Ok what should I do? I need to fix this


  • 0

#4
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,053 posts

OK, if you agree, then we can start and check your computer for malware.

First, I want you to adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
 
 
=================================
 
My first comments/instructions regarding your logs:


1. P2P programs

You have BitTorrent Web installed in your computer. This is a P2P program. P2P programs form a direct conduit on to a computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. If you don't uninstall it, your computer will probably get infected again, as soon as you use it again. But it is your computer and of course your decision.

  • If you decide to keep it, DON'T use it during the cleaning procedure.
  • If you decide to uninstall it, uninstall it along with the unwanted programs in Step 2  below.

 

2. Uninstall programs
 
2.1. Web Companion by Lavasoft

Did you intentionally installe Web Companion (by Lavasoft). It is supposed to be a legitimate program, but it also may have been bundled with a third party software, and has to be uninstalled.
 
2.2. Wondershare Filmora
 
It's not legally activated. The fix I'll propose will remove the bypassing activation method and therefore the program will stop function properly, So, please uninstall it.
 
 
To uninstall the above programs:

  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following programs in the list:
Web Companion
Wondershare Filmora 
BitTorrent*
  • Select the above programs one by one and click Uninstall.
  • Restart the computer.

 

3. Uninstall a Chrome extension

  • Open Chrome.
  • At the top right choose More (the three vertical dots) > More Tools > Extensions
  • Find d8yI+Hf7rX, and remove it, clicking on Remove.
  • Confirm the action by clicking Remove once again.

 

4. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
AlternateDataStreams: C:\Users\User:.repos [616611]
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=AE190201&iDate=2021-04-03 09:14:26&iid=701bb811-ea24-4b28-9618-7c3aefafdafe&bName=
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\webcompanion.com -> hxxp://webcompanion.com
FirewallRules: [UDP Query User{50959E13-E24E-48F4-9F68-A8C9D2E3AE6B}D:\apowermirror\apowermirror.exe] => (Allow) D:\apowermirror\apowermirror.exe => No File
FirewallRules: [TCP Query User{87E5E45A-AAFB-48B4-A2AE-9A5F84367A86}D:\apowermirror\apowermirror.exe] => (Allow) D:\apowermirror\apowermirror.exe => No File
FirewallRules: [{D9BFC11A-AFBD-4C78-A66F-8B0D8FA554FE}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe => No File
FirewallRules: [{7303896D-5F16-4664-AFFA-6EC7F6F2A7FE}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe => No File
FirewallRules: [{98C271C3-96CB-4D53-81FB-BA8C8B432014}] => (Allow) C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.9747\office6\wpscloudsvr.exe => No File
FirewallRules: [{0EAD68A2-D6A6-4954-8ACB-34E20FEA6C5F}] => (Allow) C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.9747\office6\wps.exe => No File
FirewallRules: [UDP Query User{5A6BC344-44BA-4A9C-B442-B3BADCB9C321}C:\users\user\downloads\anydesk.exe] => (Allow) C:\users\user\downloads\anydesk.exe => No File
FirewallRules: [TCP Query User{2CAF999E-1F15-4619-88E7-7AE55EE8FFAA}C:\users\user\downloads\anydesk.exe] => (Allow) C:\users\user\downloads\anydesk.exe => No File
FirewallRules: [UDP Query User{DA94C7A5-B242-41DF-B3FA-2203E789B774}C:\users\user\appdata\local\programs\opera gx\71.0.3770.441\opera.exe] => (Allow) C:\users\user\appdata\local\programs\opera gx\71.0.3770.441\opera.exe => No File
FirewallRules: [TCP Query User{DD43A6A7-82AC-4DE7-A3AB-49967756F93B}C:\users\user\appdata\local\programs\opera gx\71.0.3770.441\opera.exe] => (Allow) C:\users\user\appdata\local\programs\opera gx\71.0.3770.441\opera.exe => No File
FirewallRules: [UDP Query User{04727518-53F2-4BD8-8E39-2D793CAF12C4}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [TCP Query User{CFCB1508-2125-4E5F-8AF4-9AED2664281A}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [UDP Query User{E16AFC31-7750-4644-AAC7-D76947520D4E}C:\users\user\appdata\local\programs\opera gx\71.0.3770.323\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera gx\71.0.3770.323\opera.exe => No File
FirewallRules: [TCP Query User{3D5B4DF6-D1C0-4530-8097-FDE3AC8431BD}C:\users\user\appdata\local\programs\opera gx\71.0.3770.323\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera gx\71.0.3770.323\opera.exe => No File
FirewallRules: [{A794E91C-B473-4035-A624-41C645B07F43}] => (Allow) C:\Users\User\AppData\Local\Temp\download\MiniThunderPlatform.exe => No File
FirewallRules: [{B60DCDA6-8C49-4C37-89B5-5988B4CEA648}] => (Allow) C:\Users\User\AppData\Local\Temp\download\MiniThunderPlatform.exe => No File
FirewallRules: [{A04C8C9F-FA39-4A1F-A3D9-347B8FB73EE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kingdom\Kingdom.exe => No File
FirewallRules: [{884E65F1-129A-4A6F-9D0D-3F85CA8DC0FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kingdom\Kingdom.exe => No File
FirewallRules: [UDP Query User{8D3AF02E-5023-4E57-9DA8-FC3B4A02338B}C:\users\user\appdata\local\programs\opera gx\71.0.3770.310\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera gx\71.0.3770.310\opera.exe => No File
FirewallRules: [TCP Query User{5EA7F371-4612-49E4-A1AD-E7B5A72508C1}C:\users\user\appdata\local\programs\opera gx\71.0.3770.310\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera gx\71.0.3770.310\opera.exe => No File
FirewallRules: [UDP Query User{974A5F2B-845C-46AC-9A12-C603BCD31A24}C:\users\user\appdata\local\programs\opera gx\71.0.3770.302\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera gx\71.0.3770.302\opera.exe => No File
FirewallRules: [TCP Query User{3AE32E50-FDFB-4309-9425-81FF909958EA}C:\users\user\appdata\local\programs\opera gx\71.0.3770.302\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera gx\71.0.3770.302\opera.exe => No File
FirewallRules: [UDP Query User{3ED1032A-28BA-4B85-9F87-3E3E4B1A1B7E}C:\users\user\appdata\local\programs\opera gx\71.0.3770.287\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera gx\71.0.3770.287\opera.exe => No File
FirewallRules: [TCP Query User{9CA387CB-705F-4A6F-8BF6-5FFA2D307878}C:\users\user\appdata\local\programs\opera gx\71.0.3770.287\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera gx\71.0.3770.287\opera.exe => No File
FirewallRules: [UDP Query User{BDFCB4A4-E1DF-4B24-9A81-6DB764399998}C:\among us v.2020.9.9\among us.exe] => (Allow) C:\among us v.2020.9.9\among us.exe => No File
FirewallRules: [TCP Query User{41495AC5-6992-40A5-B2B9-33FAD41D5656}C:\among us v.2020.9.9\among us.exe] => (Allow) C:\among us v.2020.9.9\among us.exe => No File
FirewallRules: [UDP Query User{3AC9F6C9-D32D-47E5-88AF-959B7785D685}C:\users\user\appdata\local\programs\opera gx\71.0.3770.234\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera gx\71.0.3770.234\opera.exe => No File
FirewallRules: [TCP Query User{ED9EB14F-6EC7-4C7E-8718-473C5F78B163}C:\users\user\appdata\local\programs\opera gx\71.0.3770.234\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera gx\71.0.3770.234\opera.exe => No File
FirewallRules: [{096BBC75-AF5A-431E-9593-C7EA82A4D6D7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{8FF6DA6B-D011-4A57-9E08-1E2F2804D492}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [UDP Query User{FD5AFBA7-C382-44F1-844A-1F8E933B1533}C:\users\user\appdata\local\programs\opera gx\71.0.3770.205\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera gx\71.0.3770.205\opera.exe => No File
FirewallRules: [TCP Query User{06438B15-F22A-4A16-9770-B0FD55A8A01F}C:\users\user\appdata\local\programs\opera gx\71.0.3770.205\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera gx\71.0.3770.205\opera.exe => No File
FirewallRules: [{88B59B03-A816-441B-8259-DF8FE627108B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Imagined Leviathan\The Imagined Leviathan WIN\The Imagined Leviathan.exe => No File
FirewallRules: [{11653273-9514-485D-9C32-F749781028A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Imagined Leviathan\The Imagined Leviathan WIN\The Imagined Leviathan.exe => No File
FirewallRules: [{A24FAAAE-9A87-4E41-B9F3-BE9A174A4468}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{71CA4F42-A533-4BD8-9410-7C1915E5C2DF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{C324FF48-4B9E-49C1-A59A-5AD102C2BD57}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{3EBEC606-E3D0-43B5-9B10-048A7BD638E4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [8520168 2021-04-03] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft)
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\Run: [uwuxdhs] => "C:\Users\User\xzuatgq.exe"
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {8475A5F6-8F3F-44A3-9115-5FB387E61693} - System32\Tasks\Firefox Default Browser Agent 9DB9BE15D51E873E => C:\Users\User\AppData\Roaming\rffeuce.exe <==== ATTENTION
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [28136 2021-04-03] (LAVASOFT SOFTWARE CANADA INC -> )
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
2021-04-03 13:47 - 2021-04-03 14:04 - 015560526 _____ C:\Users\User\xzuatgq.exe.ytbn
2021-04-03 13:14 - 2021-04-03 13:14 - 000000000 ____D C:\Users\User\AppData\Local\Lavasoft
2021-04-03 13:14 - 2021-04-03 13:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2021-04-03 13:13 - 2021-04-03 13:13 - 000000000 ____D C:\Users\User\AppData\Roaming\Lavasoft
2021-04-03 13:13 - 2021-04-03 13:13 - 000000000 ____D C:\ProgramData\Lavasoft
2021-04-03 13:13 - 2021-04-03 13:13 - 000000000 ____D C:\Program Files (x86)\Lavasoft
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\StartupApproved\Run: => "uwuxdhs"
C:\Users\User\xzuatgq.exe
C:\Users\User\AppData\Roaming\rffeuce.exe
VirusTotal: C:\Program Files\jp2native.dll; C:\Program Files\unins.vbs; C:\Users\User\AppData\Roaming\8f9b.8f9b; C:\Users\User\AppData\Local\bowsakkdestx.txt
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

In your next reply please post:

 

1. The fixlog.txt


  • 0

#5
Nimosh

Nimosh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Hai DR M, Thanks for the support, I have  done what you mentioned in the guide line

 

only the extension named d8yI+Hf7rX is not found, but removed all existing extensions in the browser

 

Frst log is below

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-04-2021
Ran by User (06-04-2021 15:19:07) Run:2
Running from D:\Downloads
Loaded Profiles: User & MSSQL$SQLEXPRESS
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
AlternateDataStreams: C:\Users\User:.repos [616611]
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=AE190201&iDate=2021-04-03 09:14:26&iid=701bb811-ea24-4b28-9618-7c3aefafdafe&bName=
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\webcompanion.com -> hxxp://webcompanion.com
FirewallRules: [UDP Query User{50959E13-E24E-48F4-9F68-A8C9D2E3AE6B}D:\apowermirror\apowermirror.exe] => (Allow) D:\apowermirror\apowermirror.exe => No File
FirewallRules: [TCP Query User{87E5E45A-AAFB-48B4-A2AE-9A5F84367A86}D:\apowermirror\apowermirror.exe] => (Allow) D:\apowermirror\apowermirror.exe => No File
FirewallRules: [{D9BFC11A-AFBD-4C78-A66F-8B0D8FA554FE}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe => No File
FirewallRules: [{7303896D-5F16-4664-AFFA-6EC7F6F2A7FE}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe => No File
FirewallRules: [{98C271C3-96CB-4D53-81FB-BA8C8B432014}] => (Allow) C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.9747\office6\wpscloudsvr.exe => No File
FirewallRules: [{0EAD68A2-D6A6-4954-8ACB-34E20FEA6C5F}] => (Allow) C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.9747\office6\wps.exe => No File
FirewallRules: [UDP Query User{5A6BC344-44BA-4A9C-B442-B3BADCB9C321}C:\users\user\downloads\anydesk.exe] => (Allow) C:\users\user\downloads\anydesk.exe => No File
FirewallRules: [TCP Query User{2CAF999E-1F15-4619-88E7-7AE55EE8FFAA}C:\users\user\downloads\anydesk.exe] => (Allow) C:\users\user\downloads\anydesk.exe => No File
FirewallRules: [UDP Query User{DA94C7A5-B242-41DF-B3FA-2203E789B774}C:\users\user\appdata\local\programs\opera gx\71.0.3770.441\opera.exe] => (Allow) C:\users\user\appdata\local\programs\opera gx\71.0.3770.441\opera.exe => No File
FirewallRules: [TCP Query User{DD43A6A7-82AC-4DE7-A3AB-49967756F93B}C:\users\user\appdata\local\programs\opera gx\71.0.3770.441\opera.exe] => (Allow) C:\users\user\appdata\local\programs\opera gx\71.0.3770.441\opera.exe => No File
FirewallRules: [UDP Query User{04727518-53F2-4BD8-8E39-2D793CAF12C4}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [TCP Query User{CFCB1508-2125-4E5F-8AF4-9AED2664281A}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [UDP Query User{E16AFC31-7750-4644-AAC7-D76947520D4E}C:\users\user\appdata\local\programs\opera gx\71.0.3770.323\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera gx\71.0.3770.323\opera.exe => No File
FirewallRules: [TCP Query User{3D5B4DF6-D1C0-4530-8097-FDE3AC8431BD}C:\users\user\appdata\local\programs\opera gx\71.0.3770.323\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera gx\71.0.3770.323\opera.exe => No File
FirewallRules: [{A794E91C-B473-4035-A624-41C645B07F43}] => (Allow) C:\Users\User\AppData\Local\Temp\download\MiniThunderPlatform.exe => No File
FirewallRules: [{B60DCDA6-8C49-4C37-89B5-5988B4CEA648}] => (Allow) C:\Users\User\AppData\Local\Temp\download\MiniThunderPlatform.exe => No File
FirewallRules: [{A04C8C9F-FA39-4A1F-A3D9-347B8FB73EE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kingdom\Kingdom.exe => No File
FirewallRules: [{884E65F1-129A-4A6F-9D0D-3F85CA8DC0FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kingdom\Kingdom.exe => No File
FirewallRules: [UDP Query User{8D3AF02E-5023-4E57-9DA8-FC3B4A02338B}C:\users\user\appdata\local\programs\opera gx\71.0.3770.310\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera gx\71.0.3770.310\opera.exe => No File
FirewallRules: [TCP Query User{5EA7F371-4612-49E4-A1AD-E7B5A72508C1}C:\users\user\appdata\local\programs\opera gx\71.0.3770.310\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera gx\71.0.3770.310\opera.exe => No File
FirewallRules: [UDP Query User{974A5F2B-845C-46AC-9A12-C603BCD31A24}C:\users\user\appdata\local\programs\opera gx\71.0.3770.302\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera gx\71.0.3770.302\opera.exe => No File
FirewallRules: [TCP Query User{3AE32E50-FDFB-4309-9425-81FF909958EA}C:\users\user\appdata\local\programs\opera gx\71.0.3770.302\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera gx\71.0.3770.302\opera.exe => No File
FirewallRules: [UDP Query User{3ED1032A-28BA-4B85-9F87-3E3E4B1A1B7E}C:\users\user\appdata\local\programs\opera gx\71.0.3770.287\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera gx\71.0.3770.287\opera.exe => No File
FirewallRules: [TCP Query User{9CA387CB-705F-4A6F-8BF6-5FFA2D307878}C:\users\user\appdata\local\programs\opera gx\71.0.3770.287\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera gx\71.0.3770.287\opera.exe => No File
FirewallRules: [UDP Query User{BDFCB4A4-E1DF-4B24-9A81-6DB764399998}C:\among us v.2020.9.9\among us.exe] => (Allow) C:\among us v.2020.9.9\among us.exe => No File
FirewallRules: [TCP Query User{41495AC5-6992-40A5-B2B9-33FAD41D5656}C:\among us v.2020.9.9\among us.exe] => (Allow) C:\among us v.2020.9.9\among us.exe => No File
FirewallRules: [UDP Query User{3AC9F6C9-D32D-47E5-88AF-959B7785D685}C:\users\user\appdata\local\programs\opera gx\71.0.3770.234\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera gx\71.0.3770.234\opera.exe => No File
FirewallRules: [TCP Query User{ED9EB14F-6EC7-4C7E-8718-473C5F78B163}C:\users\user\appdata\local\programs\opera gx\71.0.3770.234\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera gx\71.0.3770.234\opera.exe => No File
FirewallRules: [{096BBC75-AF5A-431E-9593-C7EA82A4D6D7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{8FF6DA6B-D011-4A57-9E08-1E2F2804D492}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [UDP Query User{FD5AFBA7-C382-44F1-844A-1F8E933B1533}C:\users\user\appdata\local\programs\opera gx\71.0.3770.205\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera gx\71.0.3770.205\opera.exe => No File
FirewallRules: [TCP Query User{06438B15-F22A-4A16-9770-B0FD55A8A01F}C:\users\user\appdata\local\programs\opera gx\71.0.3770.205\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera gx\71.0.3770.205\opera.exe => No File
FirewallRules: [{88B59B03-A816-441B-8259-DF8FE627108B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Imagined Leviathan\The Imagined Leviathan WIN\The Imagined Leviathan.exe => No File
FirewallRules: [{11653273-9514-485D-9C32-F749781028A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Imagined Leviathan\The Imagined Leviathan WIN\The Imagined Leviathan.exe => No File
FirewallRules: [{A24FAAAE-9A87-4E41-B9F3-BE9A174A4468}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{71CA4F42-A533-4BD8-9410-7C1915E5C2DF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{C324FF48-4B9E-49C1-A59A-5AD102C2BD57}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{3EBEC606-E3D0-43B5-9B10-048A7BD638E4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [8520168 2021-04-03] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft)
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\Run: [uwuxdhs] => "C:\Users\User\xzuatgq.exe"
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {8475A5F6-8F3F-44A3-9115-5FB387E61693} - System32\Tasks\Firefox Default Browser Agent 9DB9BE15D51E873E => C:\Users\User\AppData\Roaming\rffeuce.exe <==== ATTENTION
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [28136 2021-04-03] (LAVASOFT SOFTWARE CANADA INC -> )
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
2021-04-03 13:47 - 2021-04-03 14:04 - 015560526 _____ C:\Users\User\xzuatgq.exe.ytbn
2021-04-03 13:14 - 2021-04-03 13:14 - 000000000 ____D C:\Users\User\AppData\Local\Lavasoft
2021-04-03 13:14 - 2021-04-03 13:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2021-04-03 13:13 - 2021-04-03 13:13 - 000000000 ____D C:\Users\User\AppData\Roaming\Lavasoft
2021-04-03 13:13 - 2021-04-03 13:13 - 000000000 ____D C:\ProgramData\Lavasoft
2021-04-03 13:13 - 2021-04-03 13:13 - 000000000 ____D C:\Program Files (x86)\Lavasoft
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\StartupApproved\Run: => "uwuxdhs"
C:\Users\User\xzuatgq.exe
C:\Users\User\AppData\Roaming\rffeuce.exe
VirusTotal: C:\Program Files\jp2native.dll; C:\Program Files\unins.vbs; C:\Users\User\AppData\Roaming\8f9b.8f9b; C:\Users\User\AppData\Local\bowsakkdestx.txt
EmptyTemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => not found
"C:\Users\User" => ":.repos" ADS not found.
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\Software\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft..../?LinkId=69157"=> value restored successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => not found
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{50959E13-E24E-48F4-9F68-A8C9D2E3AE6B}D:\apowermirror\apowermirror.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{87E5E45A-AAFB-48B4-A2AE-9A5F84367A86}D:\apowermirror\apowermirror.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D9BFC11A-AFBD-4C78-A66F-8B0D8FA554FE}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7303896D-5F16-4664-AFFA-6EC7F6F2A7FE}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{98C271C3-96CB-4D53-81FB-BA8C8B432014}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0EAD68A2-D6A6-4954-8ACB-34E20FEA6C5F}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5A6BC344-44BA-4A9C-B442-B3BADCB9C321}C:\users\user\downloads\anydesk.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2CAF999E-1F15-4619-88E7-7AE55EE8FFAA}C:\users\user\downloads\anydesk.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{DA94C7A5-B242-41DF-B3FA-2203E789B774}C:\users\user\appdata\local\programs\opera gx\71.0.3770.441\opera.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{DD43A6A7-82AC-4DE7-A3AB-49967756F93B}C:\users\user\appdata\local\programs\opera gx\71.0.3770.441\opera.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{04727518-53F2-4BD8-8E39-2D793CAF12C4}C:\users\user\appdata\roaming\spotify\spotify.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CFCB1508-2125-4E5F-8AF4-9AED2664281A}C:\users\user\appdata\roaming\spotify\spotify.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E16AFC31-7750-4644-AAC7-D76947520D4E}C:\users\user\appdata\local\programs\opera gx\71.0.3770.323\opera.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3D5B4DF6-D1C0-4530-8097-FDE3AC8431BD}C:\users\user\appdata\local\programs\opera gx\71.0.3770.323\opera.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A794E91C-B473-4035-A624-41C645B07F43}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B60DCDA6-8C49-4C37-89B5-5988B4CEA648}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A04C8C9F-FA39-4A1F-A3D9-347B8FB73EE3}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{884E65F1-129A-4A6F-9D0D-3F85CA8DC0FA}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8D3AF02E-5023-4E57-9DA8-FC3B4A02338B}C:\users\user\appdata\local\programs\opera gx\71.0.3770.310\opera.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5EA7F371-4612-49E4-A1AD-E7B5A72508C1}C:\users\user\appdata\local\programs\opera gx\71.0.3770.310\opera.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{974A5F2B-845C-46AC-9A12-C603BCD31A24}C:\users\user\appdata\local\programs\opera gx\71.0.3770.302\opera.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3AE32E50-FDFB-4309-9425-81FF909958EA}C:\users\user\appdata\local\programs\opera gx\71.0.3770.302\opera.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3ED1032A-28BA-4B85-9F87-3E3E4B1A1B7E}C:\users\user\appdata\local\programs\opera gx\71.0.3770.287\opera.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9CA387CB-705F-4A6F-8BF6-5FFA2D307878}C:\users\user\appdata\local\programs\opera gx\71.0.3770.287\opera.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BDFCB4A4-E1DF-4B24-9A81-6DB764399998}C:\among us v.2020.9.9\among us.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{41495AC5-6992-40A5-B2B9-33FAD41D5656}C:\among us v.2020.9.9\among us.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3AC9F6C9-D32D-47E5-88AF-959B7785D685}C:\users\user\appdata\local\programs\opera gx\71.0.3770.234\opera.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{ED9EB14F-6EC7-4C7E-8718-473C5F78B163}C:\users\user\appdata\local\programs\opera gx\71.0.3770.234\opera.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{096BBC75-AF5A-431E-9593-C7EA82A4D6D7}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8FF6DA6B-D011-4A57-9E08-1E2F2804D492}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{FD5AFBA7-C382-44F1-844A-1F8E933B1533}C:\users\user\appdata\local\programs\opera gx\71.0.3770.205\opera.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{06438B15-F22A-4A16-9770-B0FD55A8A01F}C:\users\user\appdata\local\programs\opera gx\71.0.3770.205\opera.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{88B59B03-A816-441B-8259-DF8FE627108B}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{11653273-9514-485D-9C32-F749781028A1}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A24FAAAE-9A87-4E41-B9F3-BE9A174A4468}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{71CA4F42-A533-4BD8-9410-7C1915E5C2DF}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C324FF48-4B9E-49C1-A59A-5AD102C2BD57}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3EBEC606-E3D0-43B5-9B10-048A7BD638E4}" => not found
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion" => not found
"HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\Software\Microsoft\Windows\CurrentVersion\Run\\uwuxdhs" => not found
HKLM\SOFTWARE\Policies\Google => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8475A5F6-8F3F-44A3-9115-5FB387E61693}" => not found
"C:\WINDOWS\System32\Tasks\Firefox Default Browser Agent 9DB9BE15D51E873E" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Firefox Default Browser Agent 9DB9BE15D51E873E" => not found
WCAssistantService => service not found.
intaud_WaveExtensible => service not found.
"C:\Users\User\xzuatgq.exe.ytbn" => not found
"C:\Users\User\AppData\Local\Lavasoft" => not found
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft" => not found
"C:\Users\User\AppData\Roaming\Lavasoft" => not found
"C:\ProgramData\Lavasoft" => not found
"C:\Program Files (x86)\Lavasoft" => not found
"HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\uwuxdhs" => not found
"HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\uwuxdhs" => not found
"C:\Users\User\xzuatgq.exe" => not found
"C:\Users\User\AppData\Roaming\rffeuce.exe" => not found
VirusTotal: C:\Program Files\jp2native.dll => https://www.virustot...433a-1592725235
VirusTotal: C:\Program Files\unins.vbs => https://www.virustot...145e-1617107940
VirusTotal: C:\Users\User\AppData\Roaming\8f9b.8f9b => https://www.virustot...1d18-1617705895
VirusTotal: C:\Users\User\AppData\Local\bowsakkdestx.txt => https://www.virustot...2b3c-1617705895
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6410552 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 394314 B
Edge => 0 B
Chrome => 0 B
Brave => 251532128 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
User => 10251725 B
MSSQL$SQLEXPRESS => 10251725 B
 
RecycleBin => 0 B
EmptyTemp: => 273.4 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 15:28:19 ====

  • 0

#6
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,053 posts

Hi, Nimosh.
 
Thank you for the log. It seems that you ran the fix twice, and that's why you got "Not found" in all the entries.
 
Let's move on.

1. Run AdwCleaner (Scan mode)

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

 

2. Run Malwarebytes (Scan mode)

  • Open Malwarebytes you have already installed in your computer.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is unchecked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.

If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.

  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

In your next reply, please post:

  • The AdwCleaner[S0*].txt
  • The Malwarebytes report

  • 0

#7
Nimosh

Nimosh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thanks for the Update DR M, 
 
The AdwCleaner Report is in below
 
# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build:    03-22-2021
# Database: 2021-04-01.1 (Cloud)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    04-07-2021
# Duration: 00:00:14
# OS:       Windows 10 Pro
# Scanned:  31969
# Detected: 6
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
Trojan.Agent                    C:\Windows\rss
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.DriverPack         HKCU\Software\drpsu
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
PUP.Optional.WebCompanion       HKCU\Software\Lavasoft\Web Companion
PUP.Optional.WebCompanion       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Trojan.Agent                    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|SysHelper
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries found.
 
***** [ Preinstalled Software ] *****
 
No Preinstalled Software found.
 
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 
Malwarebytes report is Below
 
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 4/7/21
Scan Time: 8:45 AM
Log File: 14a7c5f2-975c-11eb-8ec0-a0481c0b0639.json
 
-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1249
Update Package Version: 1.0.39177
License: Trial
 
-System Information-
OS: Windows 10 (Build 19042.867)
CPU: x64
File System: NTFS
User: DESKTOP-BV3TRHD\User
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 328301
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 58 min, 6 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)

  • 0

#8
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,053 posts

Hi, Nimosh.
 
Malwarebytes didn't detect anything malicious, but AdwCleaner did. Let's clean.
 
 
1. AdwCleaner (Clean mode)

  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it (no such software was found, so you may skip this)
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

 

2. ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.

  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time. Actually, it may take a couple of hours or more.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

 

3. Fresh FRST logs

  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

 

In your next reply, please post:

  • The AdwCleaner[C0*].txt
  • The eset.txt
  • The fresh FRST logs, FRST.txt and Addition.txt

  • 0

#9
Nimosh

Nimosh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Hai DR M, Thanks for the update. Below are the reports

 

 

AdwCleaner Report

 

 

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build:    03-22-2021
# Database: 2021-04-01.1 (Cloud)
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-07-2021
# Duration: 00:00:06
# OS:       Windows 10 Pro
# Cleaned:  6
# Failed:   0
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
Deleted       C:\Windows\rss
 
***** [ Files ] *****
 
No malicious files cleaned.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
Deleted       HKCU\Software\Lavasoft\Web Companion
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|SysHelper
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted       HKCU\Software\drpsu
Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs cleaned.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries cleaned.
 
***** [ Preinstalled Software ] *****
 
No Preinstalled Software cleaned.
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
AdwCleaner[S00].txt - [1833 octets] - [07/04/2021 08:31:04]
AdwCleaner_Debug.log - [1894 octets] - [07/04/2021 08:37:53]
AdwCleaner[S01].txt - [1956 octets] - [07/04/2021 10:55:23]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
 
 
 
eset Report
 
 
4/7/2021 19:06:04 PM
Files scanned: 486567
Detected files: 265
Cleaned files: 265
Total scan time 06:40:10
Scan status: Finished
 
 
C:\$WinREAgent\Scratch\_readme.txt Win32/Filecoder.STOP trojan deleted
C:\$WinREAgent\_readme.txt Win32/Filecoder.STOP trojan deleted
C:\.android\_readme.txt Win32/Filecoder.STOP trojan deleted
C:\AccessControl\BACKUP\_readme.txt Win32/Filecoder.STOP trojan deleted
C:\AccessControl\PHOTO\_readme.txt Win32/Filecoder.STOP trojan deleted
C:\AccessControl\zh-CHS\_readme.txt Win32/Filecoder.STOP trojan deleted
C:\AccessControl\zh-CHT\_readme.txt Win32/Filecoder.STOP trojan deleted
C:\AccessControl\_readme.txt Win32/Filecoder.STOP trojan deleted
C:\Among Us V.2020.9.9\Among Us_Data\_readme.txt Win32/Filecoder.STOP trojan deleted
C:\Among Us V.2020.9.9\_readme.txt Win32/Filecoder.STOP trojan deleted
C:\Cakewalk Content\Audio Library\_readme.txt Win32/Filecoder.STOP trojan deleted
C:\Cakewalk Content\Cakewalk Core\_readme.txt Win32/Filecoder.STOP trojan deleted
C:\Cakewalk Content\Cakewalk Themes\_readme.txt Win32/Filecoder.STOP trojan deleted
C:\Cakewalk Content\Demo Projects\_readme.txt Win32/Filecoder.STOP trojan deleted
C:\Cakewalk Content\Drum Replacer\_readme.txt Win32/Filecoder.STOP trojan deleted
C:\Cakewalk Content\MIDI Library\_readme.txt Win32/Filecoder.STOP trojan deleted
C:\Cakewalk Content\_readme.txt Win32/Filecoder.STOP trojan deleted
C:\Cakewalk Projects\Audio Data\_readme.txt Win32/Filecoder.STOP trojan deleted
C:\Cakewalk Projects\new\_readme.txt Win32/Filecoder.STOP trojan deleted
C:\Cakewalk Projects\Picture Cache\_readme.txt Win32/Filecoder.STOP trojan deleted
C:\Cakewalk Projects\_readme.txt Win32/Filecoder.STOP trojan deleted
C:\Cards7\_readme.txt Win32/Filecoder.STOP trojan deleted
C:\Drivers\USB\_readme.txt Win32/Filecoder.STOP trojan deleted
C:\Drivers\_readme.txt Win32/Filecoder.STOP trojan deleted
C:\kingsoft\wps\_readme.txt Win32/Filecoder.STOP trojan deleted
C:\kingsoft\_readme.txt Win32/Filecoder.STOP trojan deleted
C:\Program Files (x86)\67e16a30-3df6-4d4c-a838-a81a8806dda3\Versium Research\lylal220.exe a variant of Win32/TrojanDownloader.Adload.NUT trojan cleaned by deleting
C:\SadpLog\_readme.txt Win32/Filecoder.STOP trojan deleted
C:\Trisha\12th grade\_readme.txt Win32/Filecoder.STOP trojan deleted
C:\Trisha\General\_readme.txt Win32/Filecoder.STOP trojan deleted
C:\Trisha\_readme.txt Win32/Filecoder.STOP trojan deleted
C:\Users\User\AppData\Local\VirtualStore\_readme.txt Win32/Filecoder.STOP trojan deleted
C:\Users\User\AppData\Roaming\wps_download\4478BC4F6FD6CEB9029EC84F59E476B7\setup_urls_default.500.2006.exe a variant of Win32/KingSoft.G potentially unwanted application cleaned by deleting
C:\Users\User\_readme.txt Win32/Filecoder.STOP trojan deleted
C:\Windows.old\Users\User\AppData\Local\Temp\9497F521A0CD32F5.exe a variant of Win32/Packed.NSIS.BT trojan cleaned by deleting
D:\.android\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\acb\LauncherConfig\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\acb\PB\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\acb\Resources\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\acb\SoundData\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\acb\Support\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\acb\Videos\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\acb\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Age of Empires II\age2_x1\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Age of Empires II\AI\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Age of Empires II\Avi\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Age of Empires II\Campaign\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Age of Empires II\Data\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Age of Empires II\History\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Age of Empires II\Learn\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Age of Empires II\Random\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Age of Empires II\SaveGame\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Age of Empires II\Scenario\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Age of Empires II\Sound\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Age of Empires II\Support\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Age of Empires II\Taunt\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Age of Empires II\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Age Of Empires II+Age of Empires 2 - The Conquerors Expansion+stuff with online play\Age of Empires 2 - The Conquerors Expansion\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Age Of Empires II+Age of Empires 2 - The Conquerors Expansion+stuff with online play\Age Of Empires II\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Age Of Empires II+Age of Empires 2 - The Conquerors Expansion+stuff with online play\Aoe2 patchs and cracks\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Age Of Empires II+Age of Empires 2 - The Conquerors Expansion+stuff with online play\gamebooster122\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Age Of Empires II+Age of Empires 2 - The Conquerors Expansion+stuff with online play\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\ApowerMirror\android\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\ApowerMirror\Help\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\ApowerMirror\Lang\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\ApowerMirror\PreDriver\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\ApowerMirror\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\bin\css\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\bin\img\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\bin\js\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\bin\languages\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\bin\Tools\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\bin\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\catalog\node_modules\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\catalog\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Desktop\id\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Desktop\Mass Mailing\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Desktop\New folder\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Desktop\setup\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Desktop\Timepaq NEW\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Desktop\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Downloads\Ae.2021_18.0.1.1\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Downloads\ApowerMirror\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Downloads\BitTorrent Web Tutorial Video\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Downloads\IDAutomation_QRCodeWindowsFontEncoder\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Downloads\MAGIC7StandardFullSetup_7.6_oem\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Downloads\New folder\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Downloads\SQL 2014\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Downloads\SQLEXPRWT_x64_ENU\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Downloads\SQLManagementStudio_x64_ENU\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Downloads\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\drivers\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Grass Valley Edius Pro 7.53 Build 010 + Crack - Crackingpatching.com\Crack\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Grass Valley Edius Pro 7.53 Build 010 + Crack - Crackingpatching.com\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\index\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\programs\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\riya webapp\riya webapp\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\riya webapp\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Video Editing\Audio\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Video Editing\Clips To Edit\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Video Editing\Editing\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Video Editing\Images\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Video Editing\Royalty Free Video Footage\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Video Editing\Test\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Video Editing\Text to Speech Software by Wideo_files\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Video Editing\Text to Speech_files\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Video Editing\Wallpaper\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Video Editing\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Wondershare UniConverter\Burned\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Wondershare UniConverter\Compressed\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Wondershare UniConverter\Converted\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Wondershare UniConverter\Downloaded\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\Wondershare UniConverter\_readme.txt Win32/Filecoder.STOP trojan deleted
D:\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\1 trisha 9r\Movie\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\1 trisha 9r\movies\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\1 trisha 9r\Pictures\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\1 trisha 9r\pt\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\1 trisha 9r\QBasic 64\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\1 trisha 9r\Trisha Hehe\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\1 trisha 9r\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\1 trisha XO\1 svp\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\1 trisha XO\a) school stuff\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\1 trisha XO\EDITS\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\1 trisha XO\eh... might complete\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\1 trisha XO\Games\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\1 trisha XO\MAPS\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\1 trisha XO\Movie\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\1 trisha XO\Pictures\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\1 trisha XO\pt\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\1 trisha XO\PyCharm\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\1 trisha XO\Sublime\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\1 trisha XO\uTorrent\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\1 trisha XO\wallpapers\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\1 trisha XO\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Activator\hwid.kms38.gen.mk6\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Activator\Ra1nAct1vat0r_v10RC8_16072017\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Activator\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Backup\MCRS\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Backup\MCRS-old\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Backup\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Downloads\BusinessRefinery.Barcode.CrystalReport.Evaluation\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Downloads\ColorPic\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Downloads\IDAutomation_Code-39_CrystalNativeBarcodeGeneratorDEMO\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Downloads\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\EIDA Toolkit\API\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\EIDA Toolkit\Docs\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\EIDA Toolkit\Libs\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\EIDA Toolkit\Samples\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\EIDA Toolkit\WebComponents\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\EIDA Toolkit\WebServices\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\EIDA Toolkit\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Emirate id card\SDK\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Emirate id card\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Garv Grade 7\English\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Garv Grade 7\Holiday Homework\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Garv Grade 7\Math\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Garv Grade 7\Science\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Garv Grade 7\Social Science\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Garv Grade 7\Steam\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Garv Grade 7\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\GSS\Data\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\GSS\LotusPay\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\GSS\New folder\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\GSS\Payis setup\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\GSS\PayRoll\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\GSS\Tristar\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\GSS\WJ\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\GSS\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Gupta\MeetingRoomManagementSystem_files\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Gupta\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Gupta LG\Audio\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Gupta LG\Camera\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Gupta LG\Images\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Gupta LG\Video\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Gupta LG\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\IMP\Emirates id\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\IMP\Kundali\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\IMP\manu\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\IMP\passportcopy\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\IMP\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\KeepVid Pro Converted\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\KeepVid Pro Downloaded\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\KeepVid Pro Recorded\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\m\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Medical Report\MRI\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Medical Report\Prescription\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Medical Report\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Microsoft Office Enterprise 2010 Corporate Final (full activated)\Access.en-us\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Microsoft Office Enterprise 2010 Corporate Final (full activated)\Admin\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Microsoft Office Enterprise 2010 Corporate Final (full activated)\Catalog\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Microsoft Office Enterprise 2010 Corporate Final (full activated)\Excel.en-us\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Microsoft Office Enterprise 2010 Corporate Final (full activated)\Groove.en-us\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Microsoft Office Enterprise 2010 Corporate Final (full activated)\InfoPath.en-us\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Microsoft Office Enterprise 2010 Corporate Final (full activated)\Office 2010 Toolkit\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Microsoft Office Enterprise 2010 Corporate Final (full activated)\Office.en-us\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Microsoft Office Enterprise 2010 Corporate Final (full activated)\Office64.en-us\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Microsoft Office Enterprise 2010 Corporate Final (full activated)\OneNote.en-us\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Microsoft Office Enterprise 2010 Corporate Final (full activated)\Outlook.en-us\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Microsoft Office Enterprise 2010 Corporate Final (full activated)\PowerPoint.en-us\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Microsoft Office Enterprise 2010 Corporate Final (full activated)\Proofing.en-us\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Microsoft Office Enterprise 2010 Corporate Final (full activated)\ProPlus.WW\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Microsoft Office Enterprise 2010 Corporate Final (full activated)\Publisher.en-us\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Microsoft Office Enterprise 2010 Corporate Final (full activated)\Rosebud.en-us\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Microsoft Office Enterprise 2010 Corporate Final (full activated)\Updates\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Microsoft Office Enterprise 2010 Corporate Final (full activated)\Word.en-us\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Microsoft Office Enterprise 2010 Corporate Final (full activated)\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\msdownld.tmp\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Programming\QBasic\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Programming\Visual Studio\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Programming\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Secureworld\mai dubai\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Secureworld\MeetingRoomManagementSystem\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Secureworld\PAD\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Secureworld\RAK Bank\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Secureworld\SDK\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Secureworld\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Setup\CRforVS_redist_install_64bit_13_0_7\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Setup\DotNetFX40Client\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Setup\Office2007PIARedist\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Setup\ReportViewer\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Setup\SqlExpress2008\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Setup\VSTOR40\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Setup\WindowsInstaller3_1\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Setup\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\sharepoint\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\shivam\URGENT PRINTS\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\shivam\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Softwares\DotNet2005\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Softwares\Microsoft Office Professional 2013 with Serial\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Softwares\SQL Server 2008 R2 Express\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Softwares\Visual Studio 2010 Ultimate (x86) - DVD (English)\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Softwares\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Testwork\EID\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Testwork\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Ticket\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\trishagarv\books\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\trishagarv\Fee REceipt\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\trishagarv\garv\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\trishagarv\Garv Grade 5\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\trishagarv\Images\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\trishagarv\Passport copy\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\trishagarv\Report Card\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\trishagarv\trisha\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\trishagarv\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Users\.NET v2.0\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Users\.NET v2.0 Classic\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Users\.NET v4.5\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Users\.NET v4.5 Classic\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Users\Classic .NET AppPool\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Users\Default\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Users\Default.migrated\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Users\DefaultAppPool\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Users\EIDDemo\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Users\PREETI PC\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DCR.dll a variant of Win32/Adware.Mobogenie.A application cleaned by deleting
E:\Users\PREETI PC\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Device.dll a variant of Win32/Adware.Mobogenie.A application cleaned by deleting
E:\Users\PREETI PC\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Users\PreetiG\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Users\trish_000\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\Users\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\utility\EmailApp\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\utility\ODBCDataManager\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\utility\PDFToExcel\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\utility\_readme.txt Win32/Filecoder.STOP trojan deleted
E:\_readme.txt Win32/Filecoder.STOP trojan deleted
 
 
FRST Report
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-04-2021
Ran by User (administrator) on DESKTOP-BV3TRHD (Hewlett-Packard HP Pavilion 15 Notebook PC) (07-04-2021 19:10:04)
Running from D:\Downloads
Loaded Profiles: User & MSSQL$SQLEXPRESS
Platform: Windows 10 Pro Version 20H2 19042.867 (X64) Language: English (United States)
Default browser: Brave
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdredline.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe <30>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc -> Malwarebytes) D:\Downloads\AdwCleaner.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12101.1001.14.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(philandro Software GmbH -> philandro Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe <4>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.10078\office6\wpscenter.exe <2>
(Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.10078\office6\wpscloudsvr.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8505088 2020-07-23] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2020-07-23] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [VMonitorVMUVC] => C:\Program Files (x86)\Business Card Scanner Driver\VMUVC\VMonitor.exe [135168 2008-03-26] (Vimicro Corporation) [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\User\AppData\Local\Microsoft\Teams\Update.exe [2452664 2020-10-06] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5536424 2021-03-06] (Adobe Inc. -> Adobe Systems Incorporated)
HKLM\...\Print\Monitors\Card Printer Language Monitor: C:\WINDOWS\system32\CITPJLMON.DLL [24576 2014-07-30] (Windows ® Codename Longhorn DDK provider) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe [2021-03-31] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\89.1.22.71\Installer\chrmstp.exe [2021-04-03] (Brave Software, Inc. -> Brave Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2020-12-06]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {06BEA5F9-8D9E-437E-8C9A-9C112297BB9F} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [888232 2021-01-29] (Bitdefender SRL -> Bitdefender)
Task: {0712F140-B255-4E6E-8540-C2DF9933A81A} - System32\Tasks\EOSv3 Scheduler onTime => D:\Downloads\esetonlinescanner.exe [15019488 2021-04-07] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {225D577B-C753-4AD0-B888-F0E7859B7181} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3395FED9-E909-434B-912F-76EBE2AB53A0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {4A11AE65-1F4E-40CE-9A02-0710EDBCA675} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4FA59A2D-C5DF-4A43-9657-2F79A76F9925} - System32\Tasks\EOSv3 Scheduler onLogOn => D:\Downloads\esetonlinescanner.exe [15019488 2021-04-07] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {512FF518-5F96-40BF-B0B5-74B1D31A9273} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {56377CD2-D0DD-492C-885C-64026D0027C4} - System32\Tasks\WpsExternal_User_20210330132923 => C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.10078\office6\wpscloudsvr.exe [1666760 2021-03-30] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {5DFAF5B0-BF7A-4DBA-9AE7-81922A095B81} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {6AB4CF25-5A94-4A40-A339-0555D48107F8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7991A201-C8F8-4586-9418-050BB8B7202D} - System32\Tasks\WpsUpdateTask_User => C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.10078\office6\wpsupdate.exe [164552 2021-03-30] (Zhuhai Kingsoft Office Software Co., Ltd. -> )
Task: {AB5A68D6-A9FB-4078-BE13-83FA491F2820} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-02-07] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {C8D41B55-075F-4F36-8EE1-07F1521F04C6} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-02-07] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {D04DF89F-C788-41FC-87D4-43D8123B02E7} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {E4113526-7BDC-4C7D-8803-FB5786E125B5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-23] (Google LLC -> Google LLC)
Task: {E69B7745-B774-4723-BE93-F25D05188466} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {FCF9A923-E89D-45FE-8841-8D09440BC237} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-23] (Google LLC -> Google LLC)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\WpsExternal_User_20210330132923.job => C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.10078\office6\wpscloudsvr.exe/wpscloudlaunch /run_plugin /plugin_name=ktaskschdtool /plugin_entry=ktaskschdtool.dll
Task: C:\WINDOWS\Tasks\WpsUpdateTask_User.job => C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.10078\office6\wpsupdate.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 4.4.4.4 213.42.20.20
Tcpip\..\Interfaces\{493b22a1-ae1b-4a70-bc87-c56b48e39f43}: [DhcpNameServer] 8.8.8.8 4.4.4.4 213.42.20.20
Tcpip\..\Interfaces\{4fd26666-d2e6-4f6e-afd7-6f09370194e2}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{8e572f95-a2a5-4287-b9be-6aaa30275010}: [DhcpNameServer] 8.8.8.8 4.4.4.4 213.42.20.20
 
Edge: 
=======
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-06]
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-07-21] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-03-06] (Adobe Inc. -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2021-04-06]
CHR Notifications: Default -> hxxps://uae.microless.com
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-07]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-07-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-07]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-11]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2021-04-06]
CHR Extension: (d8yI+Hf7rX) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\iamogogldpiipekcpojlcdhmbhdjdocm [2020-11-09]
CHR HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [moihledlmchhofenpacbhphnbnpakgmo]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [moihledlmchhofenpacbhphnbnpakgmo]
 
Opera: 
=======
OPR Profile: C:\Users\User\AppData\Roaming\Opera Software\Opera Stable [2021-04-06]
OPR Extension: (book_helper) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\iamogogldpiipekcpojlcdhmbhdjdocm [2020-11-09]
 
Brave: 
=======
BRA Profile: C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-04-07]
BRA DownloadDir: D:\Downloads
BRA Notifications: Default -> hxxps://usersdrive.com
BRA Extension: (Brave Local Data Files Updater) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2021-02-07]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2021-04-07]
BRA Extension: (Brave User Model Installer) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\emgmepnebbddgnkhfmhdhmjifkglkamo [2021-03-31]
BRA Extension: (Brave NTP sponsored images) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2021-04-07]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2021-02-07]
BRA Extension: (Brave User Model Installer) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\kkjipiepeooghlclkedllogndmohhnhi [2021-03-31]
BRA Extension: (Crypto Wallets) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\odbfpeeihdkbihmopkbjmoonfanlbfcl [2021-04-01]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2021-04-07]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE [106952 2020-07-23] (Andrea Electronics -> Andrea Electronics Corporation)
R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3743464 2021-03-09] (philandro Software GmbH -> philandro Software GmbH)
R2 bdredline; C:\Program Files\Bitdefender Antivirus Free\bdredline.exe [2461792 2021-04-07] (Bitdefender SRL -> Bitdefender)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-02-07] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-02-07] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-04-07] (Malwarebytes Inc -> Malwarebytes)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [370368 2014-02-21] (Microsoft Corporation -> Microsoft Corporation)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1358248 2021-01-29] (Bitdefender SRL -> Bitdefender)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2014-02-21] (Microsoft Corporation -> Microsoft Corporation)
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [236128 2021-04-07] (Bitdefender SRL -> Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [559200 2021-04-07] (Bitdefender SRL -> Bitdefender)
R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [240352 2021-04-07] (Bitdefender SRL -> Bitdefender)
S3 wpscloudsvr; C:\ProgramData\Kingsoft\office6\wpscloudsvr.exe [1482496 2020-12-07] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [2718744 2021-02-26] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [802976 2020-12-04] (Bitdefender SRL -> Bitdefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [22976 2021-04-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
S3 edrsensor; C:\WINDOWS\System32\DRIVERS\edrsensor.sys [309120 2020-02-03] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-04-07] (Malwarebytes Inc -> Malwarebytes)
R1 Gemma; C:\WINDOWS\System32\DRIVERS\gemma.sys [488592 2021-02-16] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220616 2021-04-07] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-04-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198248 2021-04-07] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-04-07] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-04-07] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [155360 2021-04-07] (Malwarebytes Inc -> Malwarebytes)
R2 NPF; C:\Windows\SysWOW64\drivers\npf64.sys [36600 2019-06-27] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S4 RsFx0300; C:\WINDOWS\System32\DRIVERS\RsFx0300.sys [247488 2014-02-21] (Microsoft Corporation -> Microsoft Corporation)
R3 rtbth; C:\WINDOWS\System32\drivers\rtbth.sys [1219200 2020-07-23] (MEDIATEK INC. -> Ralink Technology, Corp.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R2 trufos; C:\WINDOWS\System32\drivers\trufos.sys [641728 2021-02-26] (Bitdefender SRL -> Bitdefender)
R0 vlflt; C:\WINDOWS\System32\DRIVERS\vlflt.sys [386800 2020-10-20] (Bitdefender SRL -> Bitdefender)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-03-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-31] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP Inc. -> HP)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-04-07 19:07 - 2021-04-07 19:07 - 000003778 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2021-04-07 19:07 - 2021-04-07 19:07 - 000003336 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2021-04-07 19:06 - 2021-04-07 19:06 - 000042484 _____ C:\Users\User\Desktop\eset.txt
2021-04-07 11:10 - 2021-04-07 11:10 - 000001000 _____ C:\Users\User\Desktop\esetonlinescanner.exe - Shortcut.lnk
2021-04-07 11:10 - 2021-04-07 11:10 - 000000627 _____ C:\Users\User\Desktop\ESET Online Scanner.lnk
2021-04-07 11:09 - 2021-04-07 11:09 - 000000725 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-04-07 11:09 - 2021-04-07 11:09 - 000000000 ____D C:\Users\User\AppData\Local\ESET
2021-04-07 11:03 - 2021-04-07 11:03 - 000198248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-04-07 11:03 - 2021-04-07 11:03 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-04-07 11:02 - 2021-04-07 11:02 - 000155360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-04-07 08:41 - 2021-04-07 08:41 - 000220616 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-04-07 08:41 - 2021-04-07 08:41 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-04-07 08:41 - 2021-04-07 08:41 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-04-07 08:40 - 2021-04-07 08:40 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-04-07 08:40 - 2021-04-07 08:39 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-04-07 08:40 - 2021-04-07 08:39 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-04-07 08:39 - 2021-04-07 08:39 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-04-07 08:38 - 2021-04-07 08:38 - 000000000 ____D C:\Program Files\Malwarebytes
2021-04-07 08:34 - 2021-04-07 11:07 - 000000951 _____ C:\Users\User\Desktop\AdwCleaner - Shortcut.lnk
2021-04-07 08:30 - 2021-04-07 10:56 - 000000000 ____D C:\AdwCleaner
2021-04-06 14:41 - 2021-04-07 19:09 - 000000921 _____ C:\Users\User\Desktop\FRST64 - Shortcut.lnk
2021-04-06 14:14 - 2021-04-06 14:14 - 000000113 _____ C:\WINDOWS\wininit.ini
2021-04-06 13:19 - 2021-04-06 13:19 - 000087732 _____ C:\ProgramData\agent.update.1617700768.bdinstall.v2.bin
2021-04-06 13:18 - 2021-04-06 13:18 - 000001196 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free.lnk
2021-04-06 13:17 - 2021-04-06 13:17 - 000000000 ____D C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4
2021-04-06 13:14 - 2021-04-07 14:32 - 000022976 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2021-04-06 13:13 - 2021-04-06 13:13 - 000001211 _____ C:\ProgramData\Desktop\Bitdefender Antivirus Free.lnk
2021-04-06 13:13 - 2021-04-06 13:13 - 000000000 ____D C:\ProgramData\Bitdefender
2021-04-06 13:13 - 2021-02-26 17:31 - 000641728 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\trufos.sys
2021-04-06 13:12 - 2021-04-06 13:12 - 000003802 _____ C:\WINDOWS\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2021-04-06 13:12 - 2021-02-26 12:40 - 002718744 _____ (Bitdefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\atc.sys
2021-04-06 13:12 - 2021-02-16 14:31 - 000488592 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\gemma.sys
2021-04-06 13:12 - 2020-12-04 15:15 - 000802976 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bddci.sys
2021-04-06 13:12 - 2020-10-20 13:18 - 000386800 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\vlflt.sys
2021-04-06 13:12 - 2020-02-03 15:53 - 000309120 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\edrsensor.sys
2021-04-06 13:11 - 2021-04-07 19:13 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2021-04-06 13:10 - 2021-04-06 13:20 - 000000000 ____D C:\Program Files\Bitdefender Agent
2021-04-06 13:10 - 2021-04-06 13:10 - 000115748 _____ C:\ProgramData\agent.1617700201.bdinstall.v2.bin
2021-04-06 13:10 - 2021-04-06 13:10 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2021-04-06 11:43 - 2021-04-07 19:11 - 000000000 ____D C:\FRST
2021-04-06 11:33 - 2021-04-06 11:47 - 000000000 ____D C:\Users\User\AppData\Local\2f23593d-ec2c-4d9e-8fc5-a69f819b2451
2021-04-06 11:16 - 2021-04-06 11:16 - 000000000 ____D C:\Users\User\AppData\Local\mbam
2021-04-04 21:41 - 2021-04-04 21:41 - 000000000 ____D C:\ProgramData\IA9AG6FE1D7ACYIM799YZQM1Q
2021-04-04 21:38 - 2021-04-06 11:31 - 000000000 ____D C:\Users\User\AppData\Local\b75cb07c-192b-435c-b87c-a425760c7f94
2021-04-04 18:53 - 2021-04-04 18:53 - 000000032 _____ C:\Users\User\AppData\Roaming\8f9b.8f9b
2021-04-04 18:42 - 2021-04-06 11:30 - 000000000 ____D C:\Users\User\AppData\Local\5a5cfc91-a0c3-43b3-8b48-529cd5216d2c
2021-04-04 18:42 - 2021-04-04 18:43 - 000000000 ____D C:\ProgramData\6TXJ26K014UQ06YMRM1ASO4S8
2021-04-04 14:17 - 2021-04-06 11:31 - 000000000 ____D C:\WINDOWS\system32\Tasks\Updates
2021-04-04 14:16 - 2021-04-06 11:34 - 000000000 ____D C:\Users\User\AppData\Local\6831f20e-20c5-491b-8882-f5c56e50bebb
2021-04-04 09:31 - 2021-04-04 09:31 - 000000000 ____D C:\Users\User\AppData\Local\BandLab_Singapore_Pte_Ltd
2021-04-03 13:36 - 2021-04-06 11:31 - 000000000 ____D C:\Users\User\AppData\Roaming\SqJeGrFCmhTziVRi
2021-04-03 13:18 - 2021-04-03 13:18 - 000000560 _____ C:\Users\User\AppData\Local\bowsakkdestx.txt
2021-04-03 13:18 - 2021-04-03 13:18 - 000000000 ____D C:\SystemID
2021-04-03 13:17 - 2021-04-03 13:17 - 000000000 ____D C:\ProgramData\NW8B66FAI9WSC78MOS0RKZSYG
2021-04-03 13:16 - 2021-04-03 13:16 - 000000000 ____D C:\ProgramData\6WH32XI5IMFLDEKVRD456Z3YV
2021-04-03 13:12 - 2021-04-03 13:16 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2021-04-03 13:12 - 2021-04-03 13:12 - 000000000 ____D C:\ProgramData\EGD0BH0V1K36W4YSKOLOXMVJV
2021-04-03 13:11 - 2021-04-07 09:04 - 000000000 ____D C:\Program Files\javcse
2021-04-03 13:11 - 2021-04-03 13:49 - 000000000 ____D C:\Users\User\Documents\VlcpVideoV1.0.1
2021-04-03 13:11 - 2021-04-03 13:15 - 000141296 _____ (Oracle Corporation) C:\Program Files\dcpr.dll
2021-04-03 13:11 - 2021-04-03 13:15 - 000015856 _____ C:\Program Files\jp2native.dll
2021-04-03 13:11 - 2021-04-03 13:15 - 000000199 _____ C:\Program Files\unins.vbs
2021-04-03 13:11 - 2021-04-03 13:11 - 000000000 ____D C:\Users\User\AppData\Roaming\Strenge
2021-04-03 13:10 - 2021-04-03 13:10 - 000000000 ____D C:\Program Files (x86)\67e16a30-3df6-4d4c-a838-a81a8806dda3
2021-04-03 12:47 - 2021-04-03 12:47 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2021-04-03 12:22 - 2021-04-03 12:22 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2021-04-03 12:22 - 2021-04-03 12:22 - 000000000 ____D C:\Users\User\AppData\Local\EpicGamesLauncher
2021-04-03 12:22 - 2021-04-03 12:22 - 000000000 ____D C:\Users\User\AppData\Local\DBG
2021-04-03 12:22 - 2021-04-03 12:22 - 000000000 ____D C:\Users\User\AppData\Local\CrashReportClient
2021-04-03 10:55 - 2021-04-03 10:55 - 000001250 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects 2021.lnk
2021-04-03 10:55 - 2021-04-03 10:55 - 000001238 _____ C:\Users\User\Desktop\Adobe After Effects 2021.lnk
2021-04-03 10:55 - 2021-04-03 10:55 - 000000000 ____D C:\ProgramData\Documents\Adobe
2021-04-03 10:51 - 2021-04-03 10:51 - 000000000 ____D C:\ProgramData\Documents\AdobeInstalledCodecs
2021-04-03 08:58 - 2021-04-03 08:58 - 000000000 ____D C:\Users\User\Documents\Adobe
2021-04-01 19:46 - 2021-04-06 12:32 - 000000000 ____D C:\Users\User\AppData\Local\D3DSCache
2021-04-01 19:46 - 2021-04-03 10:55 - 000000000 ____D C:\Program Files\Common Files\Adobe
2021-04-01 19:46 - 2021-04-03 10:55 - 000000000 ____D C:\Program Files\Adobe
2021-04-01 11:46 - 2021-04-03 10:26 - 000000000 ____D C:\Users\User\AppData\Roaming\vlc
2021-04-01 11:43 - 2021-04-01 11:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2021-04-01 11:42 - 2021-04-01 11:42 - 000000000 ____D C:\Program Files\VideoLAN
2021-04-01 09:53 - 2021-04-01 09:53 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-04-01 09:52 - 2021-04-01 09:52 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-04-01 09:52 - 2021-04-01 09:52 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-04-01 09:52 - 2021-04-01 09:52 - 000480256 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-04-01 09:52 - 2021-04-01 09:52 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-04-01 09:52 - 2021-04-01 09:52 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-04-01 09:52 - 2021-04-01 09:52 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-04-01 09:52 - 2021-04-01 09:52 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-04-01 09:52 - 2021-04-01 09:52 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-04-01 09:52 - 2021-04-01 09:52 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-04-01 09:51 - 2021-04-01 09:51 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-04-01 09:51 - 2021-04-01 09:51 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-04-01 09:51 - 2021-04-01 09:51 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-04-01 09:51 - 2021-04-01 09:51 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-04-01 09:51 - 2021-04-01 09:51 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-04-01 09:51 - 2021-04-01 09:51 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-04-01 09:51 - 2021-04-01 09:51 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-04-01 09:50 - 2021-04-01 09:50 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-04-01 09:50 - 2021-04-01 09:50 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-04-01 09:50 - 2021-04-01 09:50 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-04-01 09:50 - 2021-04-01 09:50 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-04-01 09:50 - 2021-04-01 09:50 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-04-01 09:50 - 2021-04-01 09:50 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-04-01 09:50 - 2021-04-01 09:50 - 000011359 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-04-01 09:49 - 2021-04-01 09:49 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-04-01 09:49 - 2021-04-01 09:49 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-04-01 09:49 - 2021-04-01 09:49 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2021-04-01 09:49 - 2021-04-01 09:49 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2021-04-01 09:48 - 2021-04-01 09:48 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-04-01 09:48 - 2021-04-01 09:48 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-04-01 09:48 - 2021-04-01 09:48 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-04-01 09:48 - 2021-04-01 09:48 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-04-01 09:48 - 2021-04-01 09:48 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-04-01 09:47 - 2021-04-01 09:47 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-04-01 09:47 - 2021-04-01 09:47 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-04-01 09:47 - 2021-04-01 09:47 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-04-01 09:47 - 2021-04-01 09:47 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2021-04-01 09:47 - 2021-04-01 09:47 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-04-01 09:47 - 2021-04-01 09:47 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2021-04-01 09:47 - 2021-04-01 09:47 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2021-04-01 09:46 - 2021-04-01 09:46 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-04-01 09:46 - 2021-04-01 09:46 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-04-01 09:46 - 2021-04-01 09:46 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2021-04-01 09:45 - 2021-04-01 09:45 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-04-01 09:45 - 2021-04-01 09:45 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-01 09:45 - 2021-04-01 09:45 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-04-01 09:45 - 2021-04-01 09:45 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-04-01 09:45 - 2021-04-01 09:45 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-04-01 09:45 - 2021-04-01 09:45 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-04-01 09:45 - 2021-04-01 09:45 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2021-04-01 09:44 - 2021-04-01 09:44 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-04-01 09:44 - 2021-04-01 09:44 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-04-01 09:44 - 2021-04-01 09:44 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-04-01 09:44 - 2021-04-01 09:44 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-04-01 09:43 - 2021-04-01 09:43 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll
2021-04-01 09:43 - 2021-04-01 09:43 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-04-01 09:41 - 2021-04-01 09:41 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-04-01 09:41 - 2021-04-01 09:41 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-04-01 09:41 - 2021-04-01 09:41 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-04-01 09:40 - 2021-04-01 09:40 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-04-01 09:40 - 2021-04-01 09:40 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-04-01 09:40 - 2021-04-01 09:40 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-04-01 09:40 - 2021-04-01 09:40 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2021-04-01 09:40 - 2021-04-01 09:40 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-04-01 09:40 - 2021-04-01 09:40 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-04-01 09:40 - 2021-04-01 09:40 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-04-01 09:08 - 2021-04-01 09:08 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-01 09:00 - 2021-04-07 11:18 - 000000000 ___HD C:\$WinREAgent
2021-03-31 16:21 - 2021-03-31 04:49 - 000000000 ____D C:\Windows.old
2021-03-31 16:16 - 2021-03-31 16:21 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-03-31 16:14 - 2021-03-31 16:14 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-03-31 16:08 - 2021-03-31 16:08 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-03-31 16:08 - 2021-03-31 16:08 - 000000000 ____D C:\Program Files\MSBuild
2021-03-31 16:08 - 2021-03-31 16:08 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-03-31 16:08 - 2021-03-31 16:08 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-03-31 08:36 - 2021-04-03 10:24 - 000000000 ____D C:\Users\User\AppData\Local\PlaceholderTileLogoFolder
2021-03-31 04:50 - 2021-03-31 04:53 - 000000000 ____D C:\Users\User\AppData\Local\ConnectedDevicesPlatform
2021-03-31 04:50 - 2021-03-31 04:50 - 000000020 ___SH C:\Users\User\ntuser.ini
2021-03-31 04:49 - 2021-03-31 04:49 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1875166542-2685140994-1970054088-500
2021-03-31 04:48 - 2021-04-07 17:51 - 000004166 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{43E7DC2E-3E7D-4748-B968-E358F7D22BB2}
2021-03-31 04:48 - 2021-03-31 04:49 - 000003366 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineUA
2021-03-31 04:48 - 2021-03-31 04:49 - 000003346 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-03-31 04:48 - 2021-03-31 04:49 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1875166542-2685140994-1970054088-1001
2021-03-31 04:48 - 2021-03-31 04:49 - 000002784 _____ C:\WINDOWS\system32\Tasks\WpsUpdateTask_User
2021-03-31 04:48 - 2021-03-31 04:48 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-03-31 04:48 - 2021-03-31 04:48 - 000003212 _____ C:\WINDOWS\system32\Tasks\WpsExternal_User_20210330132923
2021-03-31 04:48 - 2021-03-31 04:48 - 000003142 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineCore
2021-03-31 04:48 - 2021-03-31 04:48 - 000003122 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-03-31 04:47 - 2021-03-31 04:48 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2021-03-31 04:47 - 2021-03-31 04:48 - 000011433 _____ C:\WINDOWS\diagerr.xml
2021-03-31 04:40 - 2021-03-31 04:40 - 000000020 ___SH C:\Users\MSSQL$SQLEXPRESS\ntuser.ini
2021-03-31 04:33 - 2021-03-31 04:42 - 000000000 ____D C:\Users\MSSQL$SQLEXPRESS
2021-03-31 04:33 - 2019-12-07 13:10 - 000001105 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-31 04:33 - 2019-12-07 13:10 - 000001105 _____ C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-31 04:22 - 2021-04-07 11:01 - 000008192 ___SH C:\DumpStack.log.tmp
2021-03-31 03:30 - 2021-03-31 03:30 - 000016148 _____ C:\WINDOWS\system32\DESKTOP-BV3TRHD_User_HistoryPrediction.bin
2021-03-30 13:29 - 2021-03-31 02:46 - 000000710 _____ C:\WINDOWS\Tasks\WpsExternal_User_20210330132923.job
2021-03-30 09:31 - 2021-03-30 09:31 - 000815712 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
2021-03-30 09:31 - 2021-03-30 09:31 - 000716384 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2021-03-30 09:31 - 2021-03-30 09:31 - 000437344 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
2021-03-30 09:31 - 2021-03-30 09:31 - 000350816 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo59.dll
2021-03-30 09:31 - 2021-03-30 09:31 - 000289376 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
2021-03-30 09:31 - 2021-03-30 09:31 - 000066136 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynRMIHID_Aux.sys
2021-03-30 09:31 - 2021-03-30 09:31 - 000055384 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel_Aux.sys
2021-03-30 09:31 - 2021-03-30 09:31 - 000053848 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF_Aux.sys
2021-03-30 09:31 - 2018-05-11 17:37 - 000034944 _____ (HP) C:\WINDOWS\system32\Drivers\WirelessButtonDriver64.sys
2021-03-29 11:36 - 2021-03-31 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDAutomation.com QR-Code Font and Encoder
2021-03-29 11:35 - 2021-03-29 11:36 - 000000000 ____D C:\Program Files (x86)\IDAutomation.com QR-Code Font and Encoder
2021-03-29 11:14 - 2021-03-31 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIC 7
2021-03-29 11:14 - 2021-03-29 11:14 - 000246080 _____ (KEYLOK) C:\WINDOWS\system32\NWKL2_64.DLL
2021-03-29 11:14 - 2021-03-29 11:14 - 000235840 _____ (KEYLOK) C:\WINDOWS\system32\KL2DLL64.DLL
2021-03-29 11:14 - 2021-03-29 11:14 - 000228160 _____ (KEYLOK) C:\WINDOWS\SysWOW64\NWKL2_32.DLL
2021-03-29 11:14 - 2021-03-29 11:14 - 000123200 _____ (KEYLOK) C:\WINDOWS\SysWOW64\KL2DLL32.DLL
2021-03-29 11:14 - 2021-03-29 11:14 - 000041984 _____ C:\WINDOWS\system32\ppmon64.exe
2021-03-29 11:14 - 2021-03-29 11:14 - 000024136 _____ C:\WINDOWS\SysWOW64\ppmon.exe
2021-03-29 11:14 - 2021-03-29 11:14 - 000012480 _____ C:\WINDOWS\SysWOW64\KL2N.DLL
2021-03-29 11:14 - 2021-03-29 11:14 - 000007440 _____ C:\WINDOWS\SysWOW64\ppmon.dll
2021-03-29 11:14 - 2021-03-29 11:14 - 000002603 _____ C:\ProgramData\Desktop\MAGIC.lnk
2021-03-29 11:14 - 2021-03-29 11:14 - 000000000 ____D C:\Users\User\AppData\Local\KEYLOK
2021-03-29 11:14 - 2021-03-29 11:14 - 000000000 ____D C:\Program Files\DIFX
2021-03-29 11:13 - 2021-04-07 11:21 - 000000000 ____D C:\Cards7
2021-03-29 11:13 - 2021-03-29 11:14 - 000000000 ____D C:\Program Files (x86)\MAGIC7
2021-03-29 11:12 - 2019-03-10 17:48 - 003719168 _____ C:\MAGIC7_EPM.bak
2021-03-29 11:03 - 2021-03-29 11:03 - 000000000 ____D C:\WINDOWS\system32\RsFx
2021-03-29 10:55 - 2021-03-29 10:55 - 000000000 ____D C:\Users\User\AppData\Local\Microsoft_Corporation
2021-03-29 10:52 - 2021-03-29 11:10 - 000000000 ____D C:\Users\User\Documents\SQL Server Management Studio
2021-03-29 10:50 - 2021-03-31 16:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2021-03-29 10:49 - 2021-03-31 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2014
2021-03-29 10:48 - 2021-03-31 16:21 - 000000000 ____D C:\WINDOWS\SysWOW64\1033
2021-03-29 10:48 - 2021-03-29 10:48 - 000000000 ____D C:\Users\User\Documents\Visual Studio 2010
2021-03-29 10:47 - 2021-03-29 10:48 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0
2021-03-29 10:46 - 2021-03-31 16:21 - 000000000 ____D C:\WINDOWS\system32\1033
2021-03-29 10:46 - 2021-03-29 10:46 - 000000000 ____D C:\WINDOWS\symbols
2021-03-29 10:46 - 2021-03-29 10:46 - 000000000 ____D C:\Program Files\Microsoft Visual Studio 10.0
2021-03-29 10:46 - 2021-03-29 10:46 - 000000000 ____D C:\Program Files\Microsoft Help Viewer
2021-03-29 10:46 - 2021-03-29 10:46 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2021-03-29 10:33 - 2021-03-31 04:51 - 000000000 ___DC C:\WINDOWS\Panther
2021-03-29 10:24 - 2021-03-29 10:24 - 000000000 ____D C:\ProgramData\Synaptics
2021-03-25 12:46 - 2021-04-03 13:46 - 000006250 _____ C:\Users\User\Desktop\box.png.ytbn
2021-03-25 12:24 - 2021-04-03 13:46 - 000034316 _____ C:\Users\User\Desktop\cosec-vega-fax-banner-removebg-preview.png.ytbn
2021-03-25 12:09 - 2021-04-03 13:46 - 000064889 _____ C:\Users\User\Desktop\4024520392_1572874805.jpg.ytbn
2021-03-24 09:42 - 2021-03-24 09:49 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-03-24 09:41 - 2021-03-31 16:24 - 000000000 ____D C:\Program Files\rempl
2021-03-24 09:41 - 2021-03-24 14:57 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2021-03-24 09:41 - 2021-03-24 14:48 - 000000000 ____D C:\Program Files\CUAssistant
2021-03-23 09:25 - 2010-12-06 06:16 - 000090112 _____ (Vestris Inc.) C:\WINDOWS\system32\Vestris.ResourceLib.dll
2021-03-22 16:17 - 2021-04-03 13:46 - 000360782 _____ C:\Users\User\Documents\Database1.accdb.ytbn
2021-03-22 15:03 - 2021-04-07 11:18 - 000000000 ____D C:\AccessControl
2021-03-22 15:03 - 2021-03-31 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AccessControl
2021-03-22 15:03 - 2021-03-22 15:03 - 000001625 _____ C:\ProgramData\Desktop\AccessControl.lnk
2021-03-18 16:01 - 2021-03-31 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ApowerMirror
2021-03-18 16:01 - 2021-03-18 16:01 - 000000613 _____ C:\Users\User\Desktop\ApowerMirror.lnk
2021-03-18 14:28 - 2021-04-04 10:21 - 000000000 ____D C:\Users\User\AppData\Local\BitTorrentHelper
2021-03-18 14:28 - 2021-04-03 13:49 - 000000000 ____D C:\Users\User\Downloads\BitTorrent Web Tutorial Video
2021-03-18 14:28 - 2021-04-03 12:46 - 000001878 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitTorrent Web.lnk
2021-03-18 14:23 - 2021-03-18 14:24 - 000000000 ____D C:\Program Files\TAP-Windows
2021-03-18 12:26 - 2021-04-07 11:18 - 000000000 ____D C:\.android
2021-03-18 12:22 - 2021-03-18 12:26 - 000000000 ____D C:\ProgramData\Apple
2021-03-18 12:22 - 2021-03-18 12:22 - 000000000 ____D C:\Users\User\Documents\Apowersoft
2021-03-18 12:22 - 2021-03-18 12:22 - 000000000 ____D C:\Program Files\Bonjour
2021-03-18 12:22 - 2021-03-18 12:22 - 000000000 ____D C:\Program Files (x86)\Bonjour
2021-03-18 12:21 - 2021-03-18 12:21 - 000000000 ____D C:\Users\User\AppData\Roaming\Apowersoft
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-04-07 19:03 - 2020-11-19 11:43 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-04-07 19:03 - 2019-12-07 13:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-07 18:37 - 2019-12-07 13:03 - 000065536 _____ C:\WINDOWS\system32\config\ELAM
2021-04-07 14:20 - 2021-01-21 10:07 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2021-04-07 13:34 - 2020-12-06 10:11 - 000000000 ____D C:\Program Files (x86)\AnyDesk
2021-04-07 13:14 - 2020-07-24 06:45 - 000000000 ____D C:\Users\User\AppData\Local\VirtualStore
2021-04-07 12:33 - 2020-10-07 00:53 - 000000000 ____D C:\Trisha
2021-04-07 12:32 - 2021-01-10 09:14 - 000000000 ____D C:\SadpLog
2021-04-07 11:21 - 2020-12-24 10:47 - 000000000 ____D C:\kingsoft
2021-04-07 11:21 - 2020-11-26 23:55 - 000000000 ____D C:\Cakewalk Projects
2021-04-07 11:21 - 2020-11-26 23:50 - 000000000 ____D C:\Cakewalk Content
2021-04-07 11:19 - 2020-10-08 14:26 - 000000000 ____D C:\Among Us V.2020.9.9
2021-04-07 11:02 - 2020-07-23 21:59 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles
2021-04-07 11:01 - 2020-11-19 11:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-04-07 11:00 - 2019-12-07 13:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-04-07 08:40 - 2019-12-07 13:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-04-06 15:34 - 2020-12-06 10:11 - 000000000 ____D C:\ProgramData\AnyDesk
2021-04-06 15:05 - 2020-11-19 11:54 - 000982928 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-04-06 15:05 - 2019-12-07 13:13 - 000000000 ____D C:\WINDOWS\INF
2021-04-06 14:24 - 2020-12-26 13:21 - 000000000 ____D C:\Program Files\Wondershare
2021-04-06 14:22 - 2020-12-26 13:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2021-04-06 10:38 - 2020-07-23 22:28 - 000000000 ____D C:\Program Files\WinRAR
2021-04-06 08:51 - 2020-10-06 21:21 - 000000000 ____D C:\Users\User\AppData\Local\Opera Software
2021-04-06 08:51 - 2020-10-06 21:20 - 000000000 ____D C:\Users\User\AppData\Roaming\Opera Software
2021-04-05 13:09 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-04-04 10:00 - 2020-07-23 22:28 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-04-04 10:00 - 2020-07-23 22:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-04-04 08:49 - 2019-12-07 13:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-04-04 08:49 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-04-04 08:48 - 2020-11-19 11:46 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-03 14:39 - 2021-02-07 12:32 - 000002364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2021-04-03 13:49 - 2021-01-03 13:52 - 000000000 ____D C:\Users\User\Documents\Camtasia
2021-04-03 13:46 - 2021-01-24 09:22 - 000000000 ___RD C:\Users\User\3D Objects
2021-04-03 13:46 - 2021-01-03 12:23 - 000009466 _____ C:\Users\User\Desktop\New Text Document (2.1).ytbn.ytbn
2021-04-03 13:46 - 2021-01-02 09:51 - 000005012 _____ C:\Users\User\Desktop\New Text Document (2).txt.ytbn
2021-04-03 13:46 - 2020-12-28 10:23 - 000001276 _____ C:\Users\User\Desktop\New Text Document.txt.ytbn
2021-04-03 13:46 - 2020-12-10 13:03 - 000012882 _____ C:\Users\User\Desktop\Stock list December 2020.xlsx.ytbn
2021-04-03 13:46 - 2020-12-09 11:29 - 000002572 ____H C:\Users\User\Documents\Default.rdp.ytbn
2021-04-03 13:46 - 2020-12-08 09:55 - 000117957 _____ C:\Users\User\Desktop\IT Companies Data.xlsx.ytbn
2021-04-03 13:46 - 2020-12-06 09:49 - 000000000 ____D C:\Users\User\.android
2021-04-03 12:52 - 2019-12-07 13:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-04-03 12:42 - 2021-01-05 10:11 - 000000000 ____D C:\Program Files (x86)\Balabolka
2021-04-03 12:35 - 2020-10-07 00:02 - 000000000 ____D C:\Users\User\AppData\Roaming\.minecraft
2021-04-03 12:22 - 2020-10-10 18:36 - 000000000 ____D C:\Program Files (x86)\Epic Games
2021-04-03 11:58 - 2020-10-07 00:00 - 000000000 ____D C:\Program Files\Badlion Client
2021-04-03 10:49 - 2020-10-09 21:45 - 000000000 ____D C:\ProgramData\Adobe
2021-04-03 08:58 - 2020-10-09 21:44 - 000000000 ____D C:\Users\User\AppData\Local\Adobe
2021-04-03 08:58 - 2020-07-24 06:45 - 000000000 ____D C:\Users\User\AppData\Roaming\Adobe
2021-04-03 08:48 - 2020-11-19 11:48 - 000000000 ____D C:\ProgramData\Packages
2021-04-01 20:11 - 2020-11-19 11:43 - 000485152 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-04-01 20:05 - 2019-12-07 13:54 - 000000000 ___SD C:\WINDOWS\system32\AppV
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-04-01 20:04 - 2019-12-07 13:54 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-04-01 20:04 - 2019-12-07 13:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-04-01 20:04 - 2019-12-07 13:54 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\IME
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-04-01 20:04 - 2019-12-07 13:03 - 000000000 ____D C:\WINDOWS\servicing
2021-04-01 19:46 - 2020-10-10 18:42 - 000000000 ____D C:\ProgramData\Package Cache
2021-04-01 15:06 - 2020-07-24 06:45 - 000000000 ____D C:\Users\User\AppData\Local\Packages
2021-04-01 11:28 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-04-01 09:39 - 2020-11-19 11:45 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-04-01 08:59 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-04-01 08:58 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\appcompat
2021-03-31 16:21 - 2021-01-31 09:06 - 000000000 ____D C:\WINDOWS\SysWOW64\shxfont
2021-03-31 16:21 - 2021-01-31 09:05 - 000000000 ____D C:\WINDOWS\SysWOW64\PS
2021-03-31 16:21 - 2021-01-31 09:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoDWG
2021-03-31 16:21 - 2021-01-10 09:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SADPTool
2021-03-31 16:21 - 2021-01-03 13:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2021-03-31 16:21 - 2020-12-28 15:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\POINTMAN
2021-03-31 16:21 - 2020-12-13 15:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CardScanner
2021-03-31 16:21 - 2020-12-13 15:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Business Card Scanner Driver
2021-03-31 16:21 - 2020-12-06 10:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyDesk
2021-03-31 16:21 - 2020-12-06 09:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2021-03-31 16:21 - 2020-07-23 22:38 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2021-03-31 16:21 - 2020-07-23 21:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2021-03-31 16:21 - 2020-07-23 21:51 - 000000000 ____D C:\Program Files\Intel
2021-03-31 16:21 - 2019-12-07 13:18 - 000000000 ____D C:\WINDOWS\Setup
2021-03-31 16:21 - 2019-12-07 13:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-03-31 16:21 - 2019-12-07 13:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-03-31 16:21 - 2015-07-10 17:14 - 000000000 ____D C:\WINDOWS\ShellNew
2021-03-31 16:21 - 2015-07-10 15:04 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-03-31 16:21 - 2015-07-10 15:04 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-03-31 16:20 - 2015-07-10 15:04 - 000000000 ____D C:\WINDOWS\InfusedApps
2021-03-31 16:16 - 2020-11-27 00:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Celemony
2021-03-31 16:16 - 2020-11-26 23:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cakewalk
2021-03-31 16:16 - 2020-07-23 21:58 - 000000000 ____D C:\Program Files\Synaptics
2021-03-31 16:16 - 2020-07-23 21:56 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2021-03-31 16:16 - 2020-07-23 21:55 - 000000000 ____D C:\Program Files\Realtek
2021-03-31 16:16 - 2020-07-23 21:54 - 000000000 ____D C:\Program Files\AMD
2021-03-31 16:16 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\Resources
2021-03-31 16:08 - 2020-11-19 06:50 - 000443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2021-03-31 16:08 - 2020-11-19 06:50 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2021-03-31 16:08 - 2019-12-07 13:10 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2021-03-31 14:50 - 2020-11-19 11:46 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-03-31 14:50 - 2020-11-19 11:46 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-03-31 09:05 - 2020-11-19 11:43 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-03-31 04:51 - 2020-10-10 14:54 - 000000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2021-03-31 04:49 - 2019-12-07 13:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-03-31 04:46 - 2019-12-07 13:14 - 000000000 __RSD C:\WINDOWS\Media
2021-03-31 04:43 - 2020-07-23 21:59 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-03-31 04:38 - 2020-12-07 10:02 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WPS Office
2021-03-31 04:38 - 2020-11-26 23:34 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BandLab Technologies
2021-03-31 04:38 - 2020-10-07 13:59 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-03-31 04:34 - 2021-01-04 09:31 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blender
2021-03-31 04:27 - 2020-07-23 21:55 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2021-03-31 03:36 - 2020-12-24 10:53 - 000000372 _____ C:\WINDOWS\Tasks\WpsUpdateTask_User.job
2021-03-29 11:09 - 2020-07-23 22:36 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2021-03-29 11:09 - 2020-07-23 22:36 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2021-03-29 10:51 - 2020-07-23 22:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-03-29 10:24 - 2020-10-06 21:18 - 000000000 ____D C:\Users\User\AppData\Roaming\Synaptics
2021-03-20 08:55 - 2020-12-27 16:15 - 000000747 _____ C:\Users\User\Desktop\Video Editing - Shortcut.lnk
2021-03-15 09:13 - 2020-07-24 06:47 - 000000000 ___RD C:\Users\User\OneDrive
2021-03-13 09:43 - 2020-10-09 21:47 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
 
==================== Files in the root of some directories ========
 
2021-04-03 13:12 - 2021-04-03 13:16 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2021-04-03 13:11 - 2021-04-03 13:15 - 000022848 _____ (Microsoft Corporation) C:\Program Files\api-ms-win-crt-convert-l1-1-0.dll
2021-04-03 13:11 - 2021-04-03 13:15 - 000023360 _____ (Microsoft Corporation) C:\Program Files\api-ms-win-crt-runtime-l1-1-0.dll
2021-04-03 13:11 - 2021-04-03 13:15 - 000024896 _____ (Microsoft Corporation) C:\Program Files\api-ms-win-crt-string-l1-1-0.dll
2021-04-03 13:11 - 2021-04-03 13:15 - 000141296 _____ (Oracle Corporation) C:\Program Files\dcpr.dll
2021-04-03 13:11 - 2021-04-03 13:15 - 000015856 _____ () C:\Program Files\jp2native.dll
2021-04-03 13:11 - 2021-04-03 13:15 - 000000199 _____ () C:\Program Files\unins.vbs
2021-04-04 18:53 - 2021-04-04 18:53 - 000000032 _____ () C:\Users\User\AppData\Roaming\8f9b.8f9b
2021-04-03 13:18 - 2021-04-03 13:18 - 000000560 _____ () C:\Users\User\AppData\Local\bowsakkdestx.txt
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Addition Report
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-04-2021
Ran by User (07-04-2021 19:16:36)
Running from D:\Downloads
Windows 10 Pro Version 20H2 19042.867 (X64) (2021-03-31 00:49:49)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1875166542-2685140994-1970054088-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1875166542-2685140994-1970054088-503 - Limited - Disabled)
Guest (S-1-5-21-1875166542-2685140994-1970054088-501 - Limited - Disabled)
User (S-1-5-21-1875166542-2685140994-1970054088-1001 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-1875166542-2685140994-1970054088-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Access Control (HKLM-x32\...\{B8202A3F-65A2-4921-B5CB-598FFA49FD11}) (Version: 7.51.81 - CSN)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.001.20145 - Adobe Systems Incorporated)
Adobe After Effects 2021 (HKLM-x32\...\AEFT_18_0_1) (Version: 18.0.1 - Adobe Inc.)
AdoptOpenJDK JDK with Hotspot 8.0.265.01 (x64) (HKLM\...\{2B68F6A3-4DF9-48A9-B59D-922F5A8D1A62}) (Version: 8.0.265.01 - AdoptOpenJDK)
Android Studio (HKLM\...\Android Studio) (Version: 4.1 - Google LLC)
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 6.2.3 - philandro Software GmbH)
BandLab Assistant 6.2.0 (HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\9b08bea4-021c-5f9d-a74e-ac0ceb51fb28) (Version: 6.2.0 - BandLab Technologies)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 25.0.1.177 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.21.227 - Bitdefender)
Blender (HKLM\...\{64FCD268-AF5F-403D-B51B-00BC2D47DD0B}) (Version: 2.91.0 - Blender Foundation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 89.1.22.71 - Brave Software Inc)
Business Card Scanner Driver (HKLM-x32\...\{71A51A91-E7D3-11DB-A386-005056C00008}) (Version: 2010.03.02 - Deasy Corporation)
Cakewalk by BandLab (HKLM\...\Cakewalk Core_is1) (Version: 26.11.0.099 - BandLab Singapore Pte Ltd.)
Cakewalk Drum Replacer (HKLM\...\Cakewalk Drum Replacer_is1) (Version: 1.2.0.14 - BandLab Singapore Pte Ltd.)
Cakewalk Studio Instruments Suite (HKLM\...\Studio Instruments Suite_is1) (Version: 1.0.0.70 - BandLab Singapore Pte Ltd.)
Cakewalk Theme Editor (HKLM\...\Cakewalk Theme Editor_is1) (Version: 1.2.0.14 - BandLab Singapore Pte Ltd.)
Camtasia 2019 (HKLM\...\{FF10C4F0-9186-405F-809D-D2E8D5E39448}) (Version: 19.0.10.17662 - TechSmith Corporation) Hidden
Camtasia 2019 (HKLM-x32\...\{03e048a7-3690-409c-b9c4-27612f78bd68}) (Version: 19.0.10.17662 - TechSmith Corporation)
Card Printer (HKLM\...\Card Printer) (Version:  - )
CardScanner (HKLM-x32\...\{94E73CA7-027B-4F3D-9E2A-9FEE4F7DD9C5}) (Version: 3.0 - )
DWGSee Pro 2020 (HKLM-x32\...\{BE4B9B74-CEB0-499C-A0F4-4F17DF52B314}) (Version: 5.0 - AutoDWG)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
gdiview (HKLM-x32\...\{9A2A452C-3057-4F5E-8C7F-41B0D566B831}) (Version: 1.0.0 - gdiview)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.114 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 - Google LLC) Hidden
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
IDAutomation.com QR-Code Font and Encoder (HKLM-x32\...\IDAutomation.com QR-Code Font and Encoder) (Version:  - )
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{7563302D-BD6B-4153-BA7D-3E3432E7C22D}) (Version: 7.5.6 - Intel Corporation)
KX-TE Maintenance Console (HKLM-x32\...\{EF5B455C-7FAA-4978-BB92-29CEBD013C9C}) (Version: 3.000 - )
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
MAGIC7 (HKLM-x32\...\{75E7949C-6476-4F91-9BC8-5DDA7C45BCA4}) (Version: 1.0.0 - EPM)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Melodyne 4 (HKLM-x32\...\{16DF894D-FC3F-4B87-908D-671E201CD7A8}) (Version: 4.01.0111 - Celemony Software GmbH)
Melodyne Runtime 4.1 (x64) (HKLM\...\{721E4E34-AF7C-4345-93F9-282CCC8CCCB5}) (Version: 1.0.2 - Celemony Software GmbH)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.68 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{A106FA6F-E94C-44C9-8A0F-C34BD82C9FE6}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\OneDriveSetup.exe) (Version: 21.030.0211.0002 - Microsoft Corporation)
Microsoft Report Viewer 2014 Runtime (HKLM-x32\...\{327E9C0D-1687-414F-923E-F5979E549548}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2014 Policies  (HKLM-x32\...\{1C30FE7E-8A8C-4492-89D6-10CB20C3B0EB}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{0EEBDCCA-EF5D-4896-9FEA-D7D410A57E8A}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL Compiler Service  (HKLM\...\{59DE4D1C-690E-4397-8A44-B684934E863C}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\Teams) (Version: 1.3.00.26064 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.26.28720 (HKLM-x32\...\{7d607fb4-7e28-4c7a-a92f-3fcdaf555faf}) (Version: 14.26.28720.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.0.2000.8 - Microsoft Corporation)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.)
SADPTool (HKLM-x32\...\{7D9B79C2-B1B2-433B-844F-F4299B86F26E}) (Version: 3.0.1.8 - hikvision)
SQL Server 2014 Client Tools (HKLM\...\{2BA1811B-44C0-4C50-8C5A-CE68AB25ED71}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Client Tools (HKLM\...\{B5ECFA5C-AC4F-45A4-A12E-A76ABDD9CCBA}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{BD1CD96B-FE4B-4EAE-83D4-6EF55AB5779C}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{F7012F84-80F5-4C25-852E-B1BA03276FE6}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{17531BCD-C627-46A2-9F1E-7CC920E0E94A}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{5082A9F3-AEE5-4639-9BA7-C19661BA7331}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{ACC530B8-B6B4-40D6-B59B-152468CF47D0}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{D1B847A9-B06B-4264-9EF0-78E6E1571E65}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (HKLM\...\{75A54138-3B98-4705-92E4-F619825B121F}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (HKLM\...\{839EF29A-3055-43DC-ADCE-8E84893798D5}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.0.2000.8 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{6476DB81-F263-4C04-8574-AAD31136C304}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Update for Skype for Business 2016 (KB4032255) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{053B38B6-9400-4CCD-BD0C-95E28A4D5BC4}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB4032255) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{053B38B6-9400-4CCD-BD0C-95E28A4D5BC4}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB4032255) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{053B38B6-9400-4CCD-BD0C-95E28A4D5BC4}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{6753CC12-A884-47B2-9270-F5CD31B6F256}) (Version: 2.67.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{0746492E-47B6-4251-940C-44462DFD74BB}) (Version: 2.55.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{76A22428-2400-4521-96AF-7AC4A6174CA5}) (Version: 1.25.0.0 - Microsoft Corporation) Hidden
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Windows Driver Package - KEYLOK (usbkey) USB  (06/10/2010 64.0.0.0) (HKLM\...\B048A6D4B0188E5A802ADFF30A7C78FA4AD99BE0) (Version: 06/10/2010 64.0.0.0 - KEYLOK)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
WPS Office (11.2.0.10078) (HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\Kingsoft Office) (Version: 11.2.0.10078 - Kingsoft Corp.)
 
Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-03-31] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-03-31] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-03-31] (Microsoft Studios) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2021-03-31] (Microsoft Corporation) [MS Ad]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1875166542-2685140994-1970054088-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1875166542-2685140994-1970054088-1001_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 -> C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.10078\office6\kwpsmenushellext64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1875166542-2685140994-1970054088-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel® pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1875166542-2685140994-1970054088-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1875166542-2685140994-1970054088-1001_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ContextMenuHandlers1: [DWGSeeMenu] -> {A6EAF440-149E-4AF3-AE84-5DA3CF791E3B} => C:\Program Files (x86)\AutoDWG\DWGSee Pro 2020\DWGSeeMenu64.dll [2012-07-13] (TODO: <Company name>) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-07] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2020-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-07] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-1875166542-2685140994-1970054088-1001: [          kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.10078\office6\kwpsmenushellext64.dll [2021-03-30] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
ContextMenuHandlers4_S-1-5-21-1875166542-2685140994-1970054088-1001: [          kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.10078\office6\kwpsmenushellext64.dll [2021-03-30] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2021-04-07 13:34 - 2021-04-07 13:34 - 000394240 _____ (Google Inc.) [File not signed] C:\Program Files (x86)\AnyDesk\gcapi.dll
2021-01-31 09:05 - 2012-07-13 04:28 - 000125952 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\AutoDWG\DWGSee Pro 2020\DWGSeeMenu64.dll
2020-12-28 15:33 - 2014-07-30 16:06 - 000024576 _____ (Windows ® Codename Longhorn DDK provider) [File not signed] C:\WINDOWS\System32\CITPJLMON.DLL
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxps://www.msn.com/en-ae/?ocid=iehp
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2018-07-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2018-07-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-23] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-06-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-06-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-06-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-06-12] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\localhost -> localhost
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 15:04 - 2020-12-26 13:25 - 000000978 ____R C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 platform.wondershare.com
127.0.0.1 www.platform.wondershare.com
127.0.0.1 cbs.wondershare.com
127.0.0.1 www.cbs.wondershare.com
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64\compiler;C:\Program Files\AdoptOpenJDK\jdk-8.0.265.01-hotspot\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\ManagementStudio\;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\120\DTS\Binn\;C:\Program Files\Microsoft SQL Server\120\DTS\Binn\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\Control Panel\Desktop\\Wallpaper -> c:\users\user\downloads\wallpaperflare.com_wallpaper.jpg
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 8.8.8.8 - 4.4.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\StartupFolder: => "AnyDesk.lnk"
HKLM\...\StartupApproved\Run32: => "VMonitorVMUVC"
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\StartupApproved\Run: => "Adobe Reader Synchronizer"
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\StartupApproved\Run: => "btweb"
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\StartupApproved\Run: => "ColdHill"
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\StartupApproved\Run: => "Opera GX Browser Assistant"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{7109EECF-FE7B-43A5-805A-2892C5E0AB47}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{59982179-E95D-4255-92A6-E701888CFD92}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3961424B-EA55-459B-A937-44772E52F443}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{039034B7-9C45-445D-B6F5-6FE15467602F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BE9CED34-384B-4002-B49A-1F43DE1734CF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [UDP Query User{3BBB5996-6FCC-48C6-8106-B0D42182BEDC}C:\program files (x86)\sadptool\sadptool.exe] => (Allow) C:\program files (x86)\sadptool\sadptool.exe (HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )
FirewallRules: [TCP Query User{1CA1D82E-5535-49A0-B16E-3CA236B60E5D}C:\program files (x86)\sadptool\sadptool.exe] => (Allow) C:\program files (x86)\sadptool\sadptool.exe (HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )
FirewallRules: [{B7FEDDAA-F21B-4C23-8E53-2EA2102A11E3}] => (Allow) LPort=8320
FirewallRules: [{89FC2107-1EC2-49F0-8080-1507431889DE}] => (Allow) C:\Program Files\Cakewalk\Shared Utilities\StartPage\CakewalkStartScreen.exe (BandLab Singapore Pte Ltd. -> BandLab Singapore Pte Ltd.)
FirewallRules: [{19351964-04DE-4AFF-B931-26EFD5CABA12}] => (Allow) C:\Program Files\Cakewalk\Shared Utilities\StartPage\CakewalkStartScreen.exe (BandLab Singapore Pte Ltd. -> BandLab Singapore Pte Ltd.)
FirewallRules: [UDP Query User{AE38B650-87D6-4BA9-A4E8-7898FA7C9521}C:\users\user\appdata\local\programs\bandlab-assistant\bandlab assistant.exe] => (Allow) C:\users\user\appdata\local\programs\bandlab-assistant\bandlab assistant.exe (BandLab Singapore Pte Ltd. -> BandLab Technologies)
FirewallRules: [TCP Query User{30B4A390-6047-4E09-A396-633648DDFE63}C:\users\user\appdata\local\programs\bandlab-assistant\bandlab assistant.exe] => (Allow) C:\users\user\appdata\local\programs\bandlab-assistant\bandlab assistant.exe (BandLab Singapore Pte Ltd. -> BandLab Technologies)
FirewallRules: [UDP Query User{2F03BFAD-4573-4A26-B43D-A653D76C57A6}C:\program files\adoptopenjdk\jdk-8.0.265.01-hotspot\jre\bin\javaw.exe] => (Allow) C:\program files\adoptopenjdk\jdk-8.0.265.01-hotspot\jre\bin\javaw.exe
FirewallRules: [TCP Query User{A05A573B-6BDF-4606-8883-E1C7B262FDE1}C:\program files\adoptopenjdk\jdk-8.0.265.01-hotspot\jre\bin\javaw.exe] => (Allow) C:\program files\adoptopenjdk\jdk-8.0.265.01-hotspot\jre\bin\javaw.exe
FirewallRules: [UDP Query User{4460A8C1-11DE-4C3A-B725-16451D63740C}C:\users\user\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\user\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{0E0F0A0D-0B25-44A8-9579-94DFE81FAAC9}C:\users\user\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\user\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{5C9BCD4B-9018-4D3E-92D1-34AF53DAFA35}C:\programdata\badlionclient\jre\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre\bin\javaw.exe
FirewallRules: [TCP Query User{F48BB3EC-1BE0-47E3-AB03-1563D980B23B}C:\programdata\badlionclient\jre\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre\bin\javaw.exe
FirewallRules: [{67476C21-3FA6-4EB8-B2D5-BFD2C5556A19}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{30DB716E-F20F-43D4-B8B6-B28F037C4CCA}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{17515E3C-B17F-4D7C-8AD5-B6BDB12AA72C}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{112FEAD7-8C5D-4070-9837-496F3BF89DEF}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6374F229-D68A-4057-B1EA-086BDD8B1AC6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E0FE3DC1-53F1-4BB0-8EA7-CEEAA9A03A9E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{17AA5971-6B4D-49D2-85D7-CB3AA9EFB1E5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0D225FB2-22CE-4763-BA7B-27807270BD9A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{20991701-8604-495D-A067-C561EEF27D65}C:\windows\syswow64\svchost.exe] => (Allow) C:\windows\syswow64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [UDP Query User{A409B505-3B51-4787-9B65-90812C078665}C:\windows\syswow64\svchost.exe] => (Allow) C:\windows\syswow64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{963974C6-5911-4007-84F6-8498E1788C19}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{027B5786-4338-49D3-B69C-E7106E3D4BCC}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{6E52BC3C-6030-4CAE-9659-60003B47999C}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{C29D9E6C-B47D-4343-BF4E-DEB5EE567793}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{C9254373-61E1-4B8D-94FD-B5907E0FB279}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{B92C6CAA-4117-47D9-84A2-CE907954DD74}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{CEA974CA-C5AC-4191-A5DF-C7C7883B8691}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
 
==================== Restore Points =========================
 
04-04-2021 09:02:35 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (04/07/2021 07:04:36 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent
 
Error: (04/07/2021 07:02:00 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on System Reserved because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Error: (04/07/2021 05:05:38 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent
 
Error: (04/07/2021 04:47:07 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on System Reserved because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Error: (04/07/2021 03:05:07 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent
 
Error: (04/07/2021 02:19:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Calculator.exe, version: 10.2101.10.0, time stamp: 0x601859de
Faulting module name: Microsoft.UI.Xaml.dll, version: 2.4.2007.9001, time stamp: 0x5f074a5f
Exception code: 0xc0000005
Fault offset: 0x0000000000061144
Faulting process id: 0x1ecc
Faulting application start time: 0x01d72b9783d44760
Faulting application path: C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2101.10.0_x64__8wekyb3d8bbwe\Calculator.exe
Faulting module path: C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.4_2.42007.9001.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
Report Id: 7f0f9ef0-a83c-4571-9b4b-d7273e0bcbb7
Faulting package full name: Microsoft.WindowsCalculator_10.2101.10.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App
 
Error: (04/07/2021 01:03:52 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent
 
Error: (04/07/2021 12:36:55 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on System Reserved because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
 
System errors:
=============
Error: (04/07/2021 11:18:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (04/07/2021 11:18:25 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\User\AppData\Local\Temp\ehdrv.sys
 
Error: (04/07/2021 11:18:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (04/07/2021 11:18:24 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\User\AppData\Local\Temp\ehdrv.sys
 
Error: (04/07/2021 11:18:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (04/07/2021 11:18:24 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\User\AppData\Local\Temp\ehdrv.sys
 
Error: (04/07/2021 11:18:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (04/07/2021 11:18:24 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\User\AppData\Local\Temp\ehdrv.sys
 
 
Windows Defender:
================
Date: 2021-04-03 13:19:15
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Glupteba.AV!MTB
Severity: Severe
Category: Trojan
Path: file:_C:\Users\User\AppData\Local\88827002-09ba-4f78-af26-e846d392c127\E2F6.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\svchost.exe
Security intelligence Version: AV: 1.335.109.0, AS: 1.335.109.0, NIS: 1.335.109.0
Engine Version: AM: 1.1.18000.5, NIS: 1.1.18000.5
 
Date: 2021-04-03 13:18:44
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Wacatac.B!ml
Severity: Severe
Category: Trojan
Path: file:_C:\Users\User\AppData\Local\Temp\is-GTMR8.tmp\Setup.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\svchost.exe
Security intelligence Version: AV: 1.335.109.0, AS: 1.335.109.0, NIS: 1.335.109.0
Engine Version: AM: 1.1.18000.5, NIS: 1.1.18000.5
 
Date: 2021-04-03 13:18:42
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Mamson.A!ac
Severity: Severe
Category: Trojan
Path: file:_C:\Program Files (x86)\67e16a30-3df6-4d4c-a838-a81a8806dda3\Versium Research\LabPicV3.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\User\AppData\Local\Temp\is-GTMR8.tmp\Setup.exe
Security intelligence Version: AV: 1.335.109.0, AS: 1.335.109.0, NIS: 1.335.109.0
Engine Version: AM: 1.1.18000.5, NIS: 1.1.18000.5
 
Date: 2021-04-03 13:13:53
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Stealer.KA!MTB
Severity: Severe
Category: Trojan
Path: file:_C:\Users\User\AppData\Local\Temp\haleng.exe; regkey:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\haleng; runkey:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\haleng
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.335.109.0, AS: 1.335.109.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.18000.5, NIS: 0.0.0.0
 
Date: 2021-04-03 13:13:53
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Backdoor:Win32/Bladabindi!ml
Severity: Severe
Category: Backdoor
Path: file:_C:\Program Files (x86)\67e16a30-3df6-4d4c-a838-a81a8806dda3\Versium Research\RunWW.exe; process:_pid:11960,ProcessStart:132619146701968983
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\67e16a30-3df6-4d4c-a838-a81a8806dda3\Versium Research\RunWW.exe
Security intelligence Version: AV: 1.335.109.0, AS: 1.335.109.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.18000.5, NIS: 0.0.0.0
 
Date: 2021-04-03 13:18:43
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x8007041d
Error description: The service did not respond to the start or control request in a timely fashion. 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
CodeIntegrity:
===============
Date: 2021-04-07 19:04:01
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender Antivirus Free\bdamsi\265245302951969804\antimalware_provider64.dll that did not meet the Windows signing level requirements.
 
Date: 2021-04-07 14:37:02
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender Antivirus Free\connectagent.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2021-04-07 12:40:27
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender Antivirus Free\bdamsi\265136431135510000\antimalware_provider64.dll that did not meet the Windows signing level requirements.
 
Date: 2021-04-07 12:19:48
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender Antivirus Free\bdamsi\265136431135510000\antimalware_provider64.dll that did not meet the Windows signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: Insyde F.14 10/04/2013
Motherboard: Hewlett-Packard 1970
Processor: Intel® Core™ i7-3632QM CPU @ 2.20GHz
Percentage of memory in use: 85%
Total physical RAM: 8090.35 MB
Available physical RAM: 1184.57 MB
Total Virtual: 10326.7 MB
Available Virtual: 1562.2 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:146.91 GB) (Free:30.65 GB) NTFS
Drive d: () (Fixed) (Total:155.27 GB) (Free:123.63 GB) NTFS
Drive e: () (Fixed) (Total:163.09 GB) (Free:86.98 GB) NTFS
 
\\?\Volume{c0944214-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: C0944214)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=155.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=163.1 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================

  • 0

#10
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,053 posts

Hi, Nimosh.
 
I'm reviewing your logs, but first I want to remind you what I asked you in my first post in this thread:
 

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

 

I see that you have installed BitDefender.

 

Do you want to keep it as your default antivirus? If yes, make sure that it is working fine, as I don't see it as enabled in your logs. Instead, Windows Defender is enabled.

 

Please let me know what do you want to do. Keep BitDefender or Windows Defender?

 

Having said that, installing new programs during the cleaning procedure makes things difficult for me, since the logs appear different every time you post.  So please, stop doing that.

 

Thank you.


  • 0

Advertisements


#11
Nimosh

Nimosh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Hai DR M, Sorry for the troubles, I was only used windows defender previously. Now its stopped working.

 

so I will keep the BitDefender


  • 0

#12
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,053 posts

Thanks for letting me know.

 

I will be back to you as soon as I review your logs. :thumbsup:


  • 0

#13
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,053 posts

Hi, Nimosh.
 
Please, move FRST tool on your Desktop. You can just drag it from the Downloads folder (D) and move it on the Desktop.
 
 
1. Ransomware Note!
 
It should be mentioned from the very very beginning. Although you tagged the phrase "ytbn removal", you didn't explained that you had been "hit" by Ransomware and you have encrypted files. I should also ask you about that earlier.
 
Eset Online Scanner revealed the extension _readme.txt which has been used by the Ransomware.
 
And at least these files seem to be encrypted:
 
2021-03-25 12:46 - 2021-04-03 13:46 - 000006250 _____ C:\Users\User\Desktop\box.png.ytbn
2021-03-25 12:24 - 2021-04-03 13:46 - 000034316 _____ C:\Users\User\Desktop\cosec-vega-fax-banner-removebg-preview.png.ytbn
2021-03-25 12:09 - 2021-04-03 13:46 - 000064889 _____ C:\Users\User\Desktop\4024520392_1572874805.jpg.ytbn
2021-03-22 16:17 - 2021-04-03 13:46 - 000360782 _____ C:\Users\User\Documents\Database1.accdb.ytbn
2021-04-03 13:46 - 2021-01-03 12:23 - 000009466 _____ C:\Users\User\Desktop\New Text Document (2.1).ytbn.ytbn
2021-04-03 13:46 - 2021-01-02 09:51 - 000005012 _____ C:\Users\User\Desktop\New Text Document (2).txt.ytbn
2021-04-03 13:46 - 2020-12-28 10:23 - 000001276 _____ C:\Users\User\Desktop\New Text Document.txt.ytbn
2021-04-03 13:46 - 2020-12-10 13:03 - 000012882 _____ C:\Users\User\Desktop\Stock list December 2020.xlsx.ytbn
2021-04-03 13:46 - 2020-12-09 11:29 - 000002572 ____H C:\Users\User\Documents\Default.rdp.ytbn
2021-04-03 13:46 - 2020-12-08 09:55 - 000117957 _____ C:\Users\User\Desktop\IT Companies Data.xlsx.ytbn
 

 

You didn't mentioned that you need to decrypt your files, but if you want to do this, when we finish from here, you have to upload samples of encrypted files, ransom notes and any contact email addresses or hyperlinks provided by the cyber-criminals to ID Ransomware (IDR). This service is strictly for identifying what ransomware may have encrypted your files. It will attempt to point you in the right direction, and let you know if there is a known way of decrypting your files.

 
2. Malwarebytes

Although you already ran Malwarebytes before, I would like you to run it once again in Safe mode this time.

Restart with Safe mode

  • Press the Windows icon on the keyboard together with the letter I, to get into the Settings.
  • Choose Update and Security.
  • From the menu at the left, choose Recovery.
  • Under the title Advanced startup at the right, choose Restart now.
  • From the window that will appear choose Troubleshoot and then Advanced options.
  • Choose Startup Settings and then Restart.
  • Press number 5, for choosing Safe mode with networking.
  • You will know that you are in Safe mode, if the background is black and Safe mode is written at the four corners of the screen.

 

Run Malwarebytes (Clean mode)

  • Double click the program's icon on your Desktop, as you did before.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is unchecked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
  • You may need to restart the computer.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

3. Remove an extension

  • Open Chrome.
  • At the top right choose More (the three vertical dots) > More Tools > Extensions
  • Find book_helper, and remove it, clicking on Remove.
  • Confirm the action by clicking Remove once again.

Repeat the procedure about the same extension in Opera browser.
 
 
4. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\StartupApproved\Run: => "btweb"
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Task: {0712F140-B255-4E6E-8540-C2DF9933A81A} - System32\Tasks\EOSv3 Scheduler onTime => D:\Downloads\esetonlinescanner.exe [15019488 2021-04-07] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {4FA59A2D-C5DF-4A43-9657-2F79A76F9925} - System32\Tasks\EOSv3 Scheduler onLogOn => D:\Downloads\esetonlinescanner.exe [15019488 2021-04-07] (ESET, spol. s r.o. -> ESET spol. s r.o.)
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitTorrent Web.lnk
hosts:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

In your next reply please post:

  1. The Malwarebytes report
  2. The fixlog.txt
  3. ANY remaining issues with this computer

  • 0

#14
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,053 posts

Hi, Nimosh.

 

Do you need any help regarding the above?


  • 0

#15
Nimosh

Nimosh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Hai DR M, 

 

This one is not working in my system

 

Under the title Windows Security Center (Premium only) the option is unchecked.

 

This one is ticked while scanning,

 

 

 

The Malwarebytes report

 

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 4/8/21
Scan Time: 5:18 PM
Log File: f9c17be0-986c-11eb-9c75-a0481c0b0639.json
 
-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1249
Update Package Version: 1.0.39239
License: Trial
 
-System Information-
OS: Windows 10 (Build 19042.867)
CPU: x64
File System: NTFS
User: DESKTOP-BV3TRHD\User
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 327963
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 23 min, 54 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 1
Rootkit.Pitou.c.MBR, 0, Replace-on-Reboot, 17468, 514127, 0.0.0, , ame, , , 
 
WMI: 0
(No malicious items detected)
 
 
(end)
 
 
 
The fixlog.txt
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 05-04-2021
Ran by User (08-04-2021 21:49:17) Run:3
Running from C:\Users\User\Desktop
Loaded Profiles: User & MSSQL$SQLEXPRESS
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\StartupApproved\Run: => "btweb"
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Task: {0712F140-B255-4E6E-8540-C2DF9933A81A} - System32\Tasks\EOSv3 Scheduler onTime => D:\Downloads\esetonlinescanner.exe [15019488 2021-04-07] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {4FA59A2D-C5DF-4A43-9657-2F79A76F9925} - System32\Tasks\EOSv3 Scheduler onLogOn => D:\Downloads\esetonlinescanner.exe [15019488 2021-04-07] (ESET, spol. s r.o. -> ESET spol. s r.o.)
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitTorrent Web.lnk
hosts:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft..../?LinkId=69157"=> value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft..../?LinkId=69157"=> value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft..../?LinkId=69157"=> value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft..../?LinkId=69157"=> value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft..../?LinkId=54896"=> value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft..../?LinkId=54896"=> value restored successfully
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\Software\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft..../?LinkId=69157"=> value restored successfully
"HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\btweb" => removed successfully
"HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\btweb" => not found
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0712F140-B255-4E6E-8540-C2DF9933A81A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0712F140-B255-4E6E-8540-C2DF9933A81A}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4FA59A2D-C5DF-4A43-9657-2F79A76F9925}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4FA59A2D-C5DF-4A43-9657-2F79A76F9925}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onLogOn => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => removed successfully
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitTorrent Web.lnk => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
 
The system needed a reboot.
 
==== End of Fixlog 21:50:20 ====
 
 
 
My windows Defender is not working
 
If the Ransomware is not removable what you suggest me to do?
 

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP