Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My computer is Infected [Solved]

Started by Nimosh , Apr 06 2021 02:10 AM
ytbn removal

  • This topic is locked This topic is locked

#16
Nimosh
Posted 08 April 2021 - 12:23 PM

Nimosh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Hai DR M, 

 

This one is not working in my system

 

Under the title Windows Security Center (Premium only) the option is unchecked.

 

This one is ticked while scanning,

 

 

 

The Malwarebytes report

 

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 4/8/21
Scan Time: 5:18 PM
Log File: f9c17be0-986c-11eb-9c75-a0481c0b0639.json
 
-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1249
Update Package Version: 1.0.39239
License: Trial
 
-System Information-
OS: Windows 10 (Build 19042.867)
CPU: x64
File System: NTFS
User: DESKTOP-BV3TRHD\User
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 327963
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 23 min, 54 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 1
Rootkit.Pitou.c.MBR, 0, Replace-on-Reboot, 17468, 514127, 0.0.0, , ame, , , 
 
WMI: 0
(No malicious items detected)
 
 
(end)
 
 
 
The fixlog.txt
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 05-04-2021
Ran by User (08-04-2021 21:49:17) Run:3
Running from C:\Users\User\Desktop
Loaded Profiles: User & MSSQL$SQLEXPRESS
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\StartupApproved\Run: => "btweb"
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Task: {0712F140-B255-4E6E-8540-C2DF9933A81A} - System32\Tasks\EOSv3 Scheduler onTime => D:\Downloads\esetonlinescanner.exe [15019488 2021-04-07] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {4FA59A2D-C5DF-4A43-9657-2F79A76F9925} - System32\Tasks\EOSv3 Scheduler onLogOn => D:\Downloads\esetonlinescanner.exe [15019488 2021-04-07] (ESET, spol. s r.o. -> ESET spol. s r.o.)
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitTorrent Web.lnk
hosts:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft..../?LinkId=69157"=> value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft..../?LinkId=69157"=> value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft..../?LinkId=69157"=> value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft..../?LinkId=69157"=> value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft..../?LinkId=54896"=> value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft..../?LinkId=54896"=> value restored successfully
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\Software\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft..../?LinkId=69157"=> value restored successfully
"HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\btweb" => removed successfully
"HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\btweb" => not found
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0712F140-B255-4E6E-8540-C2DF9933A81A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0712F140-B255-4E6E-8540-C2DF9933A81A}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4FA59A2D-C5DF-4A43-9657-2F79A76F9925}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4FA59A2D-C5DF-4A43-9657-2F79A76F9925}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onLogOn => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => removed successfully
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitTorrent Web.lnk => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
 
The system needed a reboot.
 
==== End of Fixlog 21:50:20 ====
 
 
 
My windows Defender is not working
 
If the Ransomware is not removable what you suggest me to do?
 

  • 0

Advertisements

#17
DR M
Posted 09 April 2021 - 03:21 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,113 posts

Hi, Nimosh.

 

I was online until late last evening but I didn't receive a notification for your reply.

 

Windows Defender is disabled now, because you decided to install BitDefender. As soon as a new antivirus is detected, Windows Defender disables itself. As I asked you earlier, make sure that BitDefender is working properly.

 

The computer seems to be clean now. However, I would like to see fresh FRST logs once more (FRST.txt and Addition.txt).

 

Have you uploaded samples of your encrypted files to see if there is a way to decrypt them?


  • 0

#18
Nimosh
Posted 09 April 2021 - 04:19 AM

Nimosh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Hai DR M, I tried to attach the file

 

one error is showing " Error You aren't permitted to upload this kind of file "

 

How can I Upload the File?

 

 

FRST log

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-04-2021

Ran by User (administrator) on DESKTOP-BV3TRHD (Hewlett-Packard HP Pavilion 15 Notebook PC) (09-04-2021 14:03:14)
Running from C:\Users\User\Desktop
Loaded Profiles: User & MSSQL$SQLEXPRESS
Platform: Windows 10 Pro Version 20H2 19042.867 (X64) Language: English (United States)
Default browser: Brave
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdredline.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe <26>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(philandro Software GmbH -> philandro Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe <3>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.10078\office6\wpscenter.exe <2>
(Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.10078\office6\wpscloudsvr.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8505088 2020-07-23] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2020-07-23] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [VMonitorVMUVC] => C:\Program Files (x86)\Business Card Scanner Driver\VMUVC\VMonitor.exe [135168 2008-03-26] (Vimicro Corporation) [File not signed]
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\User\AppData\Local\Microsoft\Teams\Update.exe [2452664 2020-10-06] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5536424 2021-03-06] (Adobe Inc. -> Adobe Systems Incorporated)
HKLM\...\Print\Monitors\Card Printer Language Monitor: C:\WINDOWS\system32\CITPJLMON.DLL [24576 2014-07-30] (Windows ® Codename Longhorn DDK provider) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe [2021-03-31] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\89.1.22.71\Installer\chrmstp.exe [2021-04-03] (Brave Software, Inc. -> Brave Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2020-12-06]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {06BEA5F9-8D9E-437E-8C9A-9C112297BB9F} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [888232 2021-01-29] (Bitdefender SRL -> Bitdefender)
Task: {225D577B-C753-4AD0-B888-F0E7859B7181} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3395FED9-E909-434B-912F-76EBE2AB53A0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {4A11AE65-1F4E-40CE-9A02-0710EDBCA675} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {512FF518-5F96-40BF-B0B5-74B1D31A9273} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {56377CD2-D0DD-492C-885C-64026D0027C4} - System32\Tasks\WpsExternal_User_20210330132923 => C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.10078\office6\wpscloudsvr.exe [1666760 2021-03-30] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {5DFAF5B0-BF7A-4DBA-9AE7-81922A095B81} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {6AB4CF25-5A94-4A40-A339-0555D48107F8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7991A201-C8F8-4586-9418-050BB8B7202D} - System32\Tasks\WpsUpdateTask_User => C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.10078\office6\wpsupdate.exe [164552 2021-03-30] (Zhuhai Kingsoft Office Software Co., Ltd. -> )
Task: {AB5A68D6-A9FB-4078-BE13-83FA491F2820} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-02-07] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {C8D41B55-075F-4F36-8EE1-07F1521F04C6} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-02-07] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {D04DF89F-C788-41FC-87D4-43D8123B02E7} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {E4113526-7BDC-4C7D-8803-FB5786E125B5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-23] (Google LLC -> Google LLC)
Task: {E69B7745-B774-4723-BE93-F25D05188466} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {FCF9A923-E89D-45FE-8841-8D09440BC237} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-23] (Google LLC -> Google LLC)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\WpsExternal_User_20210330132923.job => C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.10078\office6\wpscloudsvr.exe/wpscloudlaunch /run_plugin /plugin_name=ktaskschdtool /plugin_entry=ktaskschdtool.dll
Task: C:\WINDOWS\Tasks\WpsUpdateTask_User.job => C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.10078\office6\wpsupdate.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 4.4.4.4 213.42.20.20
Tcpip\..\Interfaces\{493b22a1-ae1b-4a70-bc87-c56b48e39f43}: [DhcpNameServer] 8.8.8.8 4.4.4.4 192.168.1.1
Tcpip\..\Interfaces\{4fd26666-d2e6-4f6e-afd7-6f09370194e2}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{8e572f95-a2a5-4287-b9be-6aaa30275010}: [DhcpNameServer] 8.8.8.8 4.4.4.4 213.42.20.20
 
Edge: 
=======
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-08]
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-07-21] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-03-06] (Adobe Inc. -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2021-04-08]
CHR Notifications: Default -> hxxps://uae.microless.com
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-07]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-07-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-07]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-11]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2021-04-06]
CHR Extension: (d8yI+Hf7rX) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\iamogogldpiipekcpojlcdhmbhdjdocm [2020-11-09]
CHR HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [moihledlmchhofenpacbhphnbnpakgmo]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [moihledlmchhofenpacbhphnbnpakgmo]
 
Opera: 
=======
OPR Profile: C:\Users\User\AppData\Roaming\Opera Software\Opera Stable [2021-04-06]
OPR Extension: (book_helper) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\iamogogldpiipekcpojlcdhmbhdjdocm [2020-11-09]
 
Brave: 
=======
BRA Profile: C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-04-09]
BRA DownloadDir: D:\Downloads
BRA Notifications: Default -> hxxps://usersdrive.com
BRA Extension: (Brave Local Data Files Updater) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2021-02-07]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2021-04-09]
BRA Extension: (Brave User Model Installer) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\emgmepnebbddgnkhfmhdhmjifkglkamo [2021-03-31]
BRA Extension: (Brave NTP sponsored images) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2021-04-09]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2021-02-07]
BRA Extension: (Brave User Model Installer) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\kkjipiepeooghlclkedllogndmohhnhi [2021-03-31]
BRA Extension: (Crypto Wallets) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\odbfpeeihdkbihmopkbjmoonfanlbfcl [2021-04-01]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2021-04-07]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE [106952 2020-07-23] (Andrea Electronics -> Andrea Electronics Corporation)
R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3743464 2021-03-09] (philandro Software GmbH -> philandro Software GmbH)
R2 bdredline; C:\Program Files\Bitdefender Antivirus Free\bdredline.exe [2461792 2021-04-07] (Bitdefender SRL -> Bitdefender)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-02-07] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-02-07] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-04-07] (Malwarebytes Inc -> Malwarebytes)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [370368 2014-02-21] (Microsoft Corporation -> Microsoft Corporation)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1358248 2021-01-29] (Bitdefender SRL -> Bitdefender)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2014-02-21] (Microsoft Corporation -> Microsoft Corporation)
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [236128 2021-04-07] (Bitdefender SRL -> Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [559200 2021-04-07] (Bitdefender SRL -> Bitdefender)
R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [240352 2021-04-07] (Bitdefender SRL -> Bitdefender)
S3 wpscloudsvr; C:\ProgramData\Kingsoft\office6\wpscloudsvr.exe [1482496 2020-12-07] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [2718744 2021-02-26] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [802976 2020-12-04] (Bitdefender SRL -> Bitdefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [22976 2021-04-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
S3 edrsensor; C:\WINDOWS\System32\DRIVERS\edrsensor.sys [309120 2020-02-03] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-04-07] (Malwarebytes Inc -> Malwarebytes)
R1 Gemma; C:\WINDOWS\System32\DRIVERS\gemma.sys [488592 2021-02-16] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220616 2021-04-08] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-04-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198248 2021-04-08] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-04-08] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-04-08] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [155360 2021-04-08] (Malwarebytes Inc -> Malwarebytes)
R2 NPF; C:\Windows\SysWOW64\drivers\npf64.sys [36600 2019-06-27] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S4 RsFx0300; C:\WINDOWS\System32\DRIVERS\RsFx0300.sys [247488 2014-02-21] (Microsoft Corporation -> Microsoft Corporation)
R3 rtbth; C:\WINDOWS\System32\drivers\rtbth.sys [1219200 2020-07-23] (MEDIATEK INC. -> Ralink Technology, Corp.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R2 trufos; C:\WINDOWS\System32\drivers\trufos.sys [641728 2021-02-26] (Bitdefender SRL -> Bitdefender)
R0 vlflt; C:\WINDOWS\System32\DRIVERS\vlflt.sys [386800 2020-10-20] (Bitdefender SRL -> Bitdefender)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-03-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-31] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP Inc. -> HP)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-04-09 14:03 - 2021-04-09 14:05 - 000020551 _____ C:\Users\User\Desktop\FRST.txt
2021-04-08 21:55 - 2021-04-08 21:55 - 000198248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-04-08 21:55 - 2021-04-08 21:55 - 000155360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-04-08 21:55 - 2021-04-08 21:55 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-04-08 21:49 - 2021-04-08 22:20 - 000004310 _____ C:\Users\User\Desktop\Fixlog.txt
2021-04-08 17:07 - 2021-04-08 18:44 - 000207964 _____ C:\WINDOWS\ntbtlog.txt
2021-04-08 17:07 - 2021-04-08 17:07 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-04-08 16:57 - 2021-04-06 11:42 - 002298368 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2021-04-07 19:06 - 2021-04-07 19:06 - 000042484 _____ C:\Users\User\Desktop\eset.txt
2021-04-07 11:10 - 2021-04-07 11:10 - 000001000 _____ C:\Users\User\Desktop\esetonlinescanner.exe - Shortcut.lnk
2021-04-07 11:10 - 2021-04-07 11:10 - 000000627 _____ C:\Users\User\Desktop\ESET Online Scanner.lnk
2021-04-07 11:09 - 2021-04-08 17:07 - 000000000 ____D C:\Users\User\AppData\Local\ESET
2021-04-07 11:09 - 2021-04-07 11:09 - 000000725 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-04-07 08:41 - 2021-04-08 17:08 - 000220616 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-04-07 08:41 - 2021-04-07 08:41 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-04-07 08:41 - 2021-04-07 08:41 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-04-07 08:40 - 2021-04-08 21:55 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-04-07 08:40 - 2021-04-07 08:39 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-04-07 08:40 - 2021-04-07 08:39 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-04-07 08:39 - 2021-04-07 08:39 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-04-07 08:38 - 2021-04-07 08:38 - 000000000 ____D C:\Program Files\Malwarebytes
2021-04-07 08:34 - 2021-04-07 11:07 - 000000951 _____ C:\Users\User\Desktop\AdwCleaner - Shortcut.lnk
2021-04-07 08:30 - 2021-04-07 10:56 - 000000000 ____D C:\AdwCleaner
2021-04-06 14:14 - 2021-04-06 14:14 - 000000113 _____ C:\WINDOWS\wininit.ini
2021-04-06 13:19 - 2021-04-06 13:19 - 000087732 _____ C:\ProgramData\agent.update.1617700768.bdinstall.v2.bin
2021-04-06 13:18 - 2021-04-06 13:18 - 000001196 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free.lnk
2021-04-06 13:17 - 2021-04-06 13:17 - 000000000 ____D C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4
2021-04-06 13:14 - 2021-04-07 14:32 - 000022976 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2021-04-06 13:13 - 2021-04-06 13:13 - 000001211 _____ C:\ProgramData\Desktop\Bitdefender Antivirus Free.lnk
2021-04-06 13:13 - 2021-04-06 13:13 - 000000000 ____D C:\ProgramData\Bitdefender
2021-04-06 13:13 - 2021-02-26 17:31 - 000641728 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\trufos.sys
2021-04-06 13:12 - 2021-04-06 13:12 - 000003802 _____ C:\WINDOWS\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2021-04-06 13:12 - 2021-02-26 12:40 - 002718744 _____ (Bitdefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\atc.sys
2021-04-06 13:12 - 2021-02-16 14:31 - 000488592 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\gemma.sys
2021-04-06 13:12 - 2020-12-04 15:15 - 000802976 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bddci.sys
2021-04-06 13:12 - 2020-10-20 13:18 - 000386800 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\vlflt.sys
2021-04-06 13:12 - 2020-02-03 15:53 - 000309120 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\edrsensor.sys
2021-04-06 13:11 - 2021-04-09 14:02 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2021-04-06 13:10 - 2021-04-06 13:20 - 000000000 ____D C:\Program Files\Bitdefender Agent
2021-04-06 13:10 - 2021-04-06 13:10 - 000115748 _____ C:\ProgramData\agent.1617700201.bdinstall.v2.bin
2021-04-06 13:10 - 2021-04-06 13:10 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2021-04-06 11:43 - 2021-04-09 14:04 - 000000000 ____D C:\FRST
2021-04-06 11:33 - 2021-04-06 11:47 - 000000000 ____D C:\Users\User\AppData\Local\2f23593d-ec2c-4d9e-8fc5-a69f819b2451
2021-04-06 11:16 - 2021-04-06 11:16 - 000000000 ____D C:\Users\User\AppData\Local\mbam
2021-04-04 21:41 - 2021-04-04 21:41 - 000000000 ____D C:\ProgramData\IA9AG6FE1D7ACYIM799YZQM1Q
2021-04-04 21:38 - 2021-04-06 11:31 - 000000000 ____D C:\Users\User\AppData\Local\b75cb07c-192b-435c-b87c-a425760c7f94
2021-04-04 18:53 - 2021-04-04 18:53 - 000000032 _____ C:\Users\User\AppData\Roaming\8f9b.8f9b
2021-04-04 18:42 - 2021-04-06 11:30 - 000000000 ____D C:\Users\User\AppData\Local\5a5cfc91-a0c3-43b3-8b48-529cd5216d2c
2021-04-04 18:42 - 2021-04-04 18:43 - 000000000 ____D C:\ProgramData\6TXJ26K014UQ06YMRM1ASO4S8
2021-04-04 14:17 - 2021-04-06 11:31 - 000000000 ____D C:\WINDOWS\system32\Tasks\Updates
2021-04-04 14:16 - 2021-04-06 11:34 - 000000000 ____D C:\Users\User\AppData\Local\6831f20e-20c5-491b-8882-f5c56e50bebb
2021-04-04 09:31 - 2021-04-04 09:31 - 000000000 ____D C:\Users\User\AppData\Local\BandLab_Singapore_Pte_Ltd
2021-04-03 13:36 - 2021-04-06 11:31 - 000000000 ____D C:\Users\User\AppData\Roaming\SqJeGrFCmhTziVRi
2021-04-03 13:18 - 2021-04-03 13:18 - 000000560 _____ C:\Users\User\AppData\Local\bowsakkdestx.txt
2021-04-03 13:18 - 2021-04-03 13:18 - 000000000 ____D C:\SystemID
2021-04-03 13:17 - 2021-04-03 13:17 - 000000000 ____D C:\ProgramData\NW8B66FAI9WSC78MOS0RKZSYG
2021-04-03 13:16 - 2021-04-03 13:16 - 000000000 ____D C:\ProgramData\6WH32XI5IMFLDEKVRD456Z3YV
2021-04-03 13:12 - 2021-04-03 13:16 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2021-04-03 13:12 - 2021-04-03 13:12 - 000000000 ____D C:\ProgramData\EGD0BH0V1K36W4YSKOLOXMVJV
2021-04-03 13:11 - 2021-04-07 09:04 - 000000000 ____D C:\Program Files\javcse
2021-04-03 13:11 - 2021-04-03 13:49 - 000000000 ____D C:\Users\User\Documents\VlcpVideoV1.0.1
2021-04-03 13:11 - 2021-04-03 13:15 - 000141296 _____ (Oracle Corporation) C:\Program Files\dcpr.dll
2021-04-03 13:11 - 2021-04-03 13:15 - 000015856 _____ C:\Program Files\jp2native.dll
2021-04-03 13:11 - 2021-04-03 13:15 - 000000199 _____ C:\Program Files\unins.vbs
2021-04-03 13:11 - 2021-04-03 13:11 - 000000000 ____D C:\Users\User\AppData\Roaming\Strenge
2021-04-03 13:10 - 2021-04-03 13:10 - 000000000 ____D C:\Program Files (x86)\67e16a30-3df6-4d4c-a838-a81a8806dda3
2021-04-03 12:47 - 2021-04-03 12:47 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2021-04-03 12:22 - 2021-04-03 12:22 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2021-04-03 12:22 - 2021-04-03 12:22 - 000000000 ____D C:\Users\User\AppData\Local\EpicGamesLauncher
2021-04-03 12:22 - 2021-04-03 12:22 - 000000000 ____D C:\Users\User\AppData\Local\DBG
2021-04-03 12:22 - 2021-04-03 12:22 - 000000000 ____D C:\Users\User\AppData\Local\CrashReportClient
2021-04-03 10:55 - 2021-04-03 10:55 - 000001250 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects 2021.lnk
2021-04-03 10:55 - 2021-04-03 10:55 - 000001238 _____ C:\Users\User\Desktop\Adobe After Effects 2021.lnk
2021-04-03 10:55 - 2021-04-03 10:55 - 000000000 ____D C:\ProgramData\Documents\Adobe
2021-04-03 10:51 - 2021-04-03 10:51 - 000000000 ____D C:\ProgramData\Documents\AdobeInstalledCodecs
2021-04-03 08:58 - 2021-04-03 08:58 - 000000000 ____D C:\Users\User\Documents\Adobe
2021-04-01 19:46 - 2021-04-06 12:32 - 000000000 ____D C:\Users\User\AppData\Local\D3DSCache
2021-04-01 19:46 - 2021-04-03 10:55 - 000000000 ____D C:\Program Files\Common Files\Adobe
2021-04-01 19:46 - 2021-04-03 10:55 - 000000000 ____D C:\Program Files\Adobe
2021-04-01 11:46 - 2021-04-03 10:26 - 000000000 ____D C:\Users\User\AppData\Roaming\vlc
2021-04-01 11:43 - 2021-04-01 11:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2021-04-01 11:42 - 2021-04-01 11:42 - 000000000 ____D C:\Program Files\VideoLAN
2021-04-01 09:53 - 2021-04-01 09:53 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-04-01 09:52 - 2021-04-01 09:52 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-04-01 09:52 - 2021-04-01 09:52 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-04-01 09:52 - 2021-04-01 09:52 - 000480256 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-04-01 09:52 - 2021-04-01 09:52 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-04-01 09:52 - 2021-04-01 09:52 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-04-01 09:52 - 2021-04-01 09:52 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-04-01 09:52 - 2021-04-01 09:52 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-04-01 09:52 - 2021-04-01 09:52 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-04-01 09:52 - 2021-04-01 09:52 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-04-01 09:51 - 2021-04-01 09:51 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-04-01 09:51 - 2021-04-01 09:51 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-04-01 09:51 - 2021-04-01 09:51 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-04-01 09:51 - 2021-04-01 09:51 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-04-01 09:51 - 2021-04-01 09:51 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-04-01 09:51 - 2021-04-01 09:51 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-04-01 09:51 - 2021-04-01 09:51 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-04-01 09:50 - 2021-04-01 09:50 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-04-01 09:50 - 2021-04-01 09:50 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-04-01 09:50 - 2021-04-01 09:50 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-04-01 09:50 - 2021-04-01 09:50 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-04-01 09:50 - 2021-04-01 09:50 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-04-01 09:50 - 2021-04-01 09:50 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-04-01 09:50 - 2021-04-01 09:50 - 000011359 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-04-01 09:49 - 2021-04-01 09:49 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-04-01 09:49 - 2021-04-01 09:49 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-04-01 09:49 - 2021-04-01 09:49 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2021-04-01 09:49 - 2021-04-01 09:49 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2021-04-01 09:48 - 2021-04-01 09:48 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-04-01 09:48 - 2021-04-01 09:48 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-04-01 09:48 - 2021-04-01 09:48 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-04-01 09:48 - 2021-04-01 09:48 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-04-01 09:48 - 2021-04-01 09:48 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-04-01 09:47 - 2021-04-01 09:47 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-04-01 09:47 - 2021-04-01 09:47 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-04-01 09:47 - 2021-04-01 09:47 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-04-01 09:47 - 2021-04-01 09:47 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2021-04-01 09:47 - 2021-04-01 09:47 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-04-01 09:47 - 2021-04-01 09:47 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2021-04-01 09:47 - 2021-04-01 09:47 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2021-04-01 09:46 - 2021-04-01 09:46 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-04-01 09:46 - 2021-04-01 09:46 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-04-01 09:46 - 2021-04-01 09:46 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2021-04-01 09:45 - 2021-04-01 09:45 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-04-01 09:45 - 2021-04-01 09:45 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-01 09:45 - 2021-04-01 09:45 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-04-01 09:45 - 2021-04-01 09:45 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-04-01 09:45 - 2021-04-01 09:45 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-04-01 09:45 - 2021-04-01 09:45 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-04-01 09:45 - 2021-04-01 09:45 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2021-04-01 09:44 - 2021-04-01 09:44 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-04-01 09:44 - 2021-04-01 09:44 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-04-01 09:44 - 2021-04-01 09:44 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-04-01 09:44 - 2021-04-01 09:44 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-04-01 09:43 - 2021-04-01 09:43 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll
2021-04-01 09:43 - 2021-04-01 09:43 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-04-01 09:41 - 2021-04-01 09:41 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-04-01 09:41 - 2021-04-01 09:41 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-04-01 09:41 - 2021-04-01 09:41 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-04-01 09:40 - 2021-04-01 09:40 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-04-01 09:40 - 2021-04-01 09:40 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-04-01 09:40 - 2021-04-01 09:40 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-04-01 09:40 - 2021-04-01 09:40 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2021-04-01 09:40 - 2021-04-01 09:40 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-04-01 09:40 - 2021-04-01 09:40 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-04-01 09:40 - 2021-04-01 09:40 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-04-01 09:08 - 2021-04-01 09:08 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-01 09:00 - 2021-04-07 11:18 - 000000000 ___HD C:\$WinREAgent
2021-03-31 16:21 - 2021-03-31 04:49 - 000000000 ____D C:\Windows.old
2021-03-31 16:16 - 2021-03-31 16:21 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-03-31 16:14 - 2021-03-31 16:14 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-03-31 16:08 - 2021-03-31 16:08 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-03-31 16:08 - 2021-03-31 16:08 - 000000000 ____D C:\Program Files\MSBuild
2021-03-31 16:08 - 2021-03-31 16:08 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-03-31 16:08 - 2021-03-31 16:08 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-03-31 08:36 - 2021-04-03 10:24 - 000000000 ____D C:\Users\User\AppData\Local\PlaceholderTileLogoFolder
2021-03-31 04:50 - 2021-03-31 04:53 - 000000000 ____D C:\Users\User\AppData\Local\ConnectedDevicesPlatform
2021-03-31 04:50 - 2021-03-31 04:50 - 000000020 ___SH C:\Users\User\ntuser.ini
2021-03-31 04:49 - 2021-03-31 04:49 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1875166542-2685140994-1970054088-500
2021-03-31 04:48 - 2021-04-09 08:58 - 000004166 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{43E7DC2E-3E7D-4748-B968-E358F7D22BB2}
2021-03-31 04:48 - 2021-03-31 04:49 - 000003366 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineUA
2021-03-31 04:48 - 2021-03-31 04:49 - 000003346 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-03-31 04:48 - 2021-03-31 04:49 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1875166542-2685140994-1970054088-1001
2021-03-31 04:48 - 2021-03-31 04:49 - 000002784 _____ C:\WINDOWS\system32\Tasks\WpsUpdateTask_User
2021-03-31 04:48 - 2021-03-31 04:48 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-03-31 04:48 - 2021-03-31 04:48 - 000003212 _____ C:\WINDOWS\system32\Tasks\WpsExternal_User_20210330132923
2021-03-31 04:48 - 2021-03-31 04:48 - 000003142 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineCore
2021-03-31 04:48 - 2021-03-31 04:48 - 000003122 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-03-31 04:47 - 2021-03-31 04:48 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2021-03-31 04:47 - 2021-03-31 04:48 - 000011433 _____ C:\WINDOWS\diagerr.xml
2021-03-31 04:40 - 2021-03-31 04:40 - 000000020 ___SH C:\Users\MSSQL$SQLEXPRESS\ntuser.ini
2021-03-31 04:33 - 2021-03-31 04:42 - 000000000 ____D C:\Users\MSSQL$SQLEXPRESS
2021-03-31 04:33 - 2019-12-07 13:10 - 000001105 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-31 04:33 - 2019-12-07 13:10 - 000001105 _____ C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-31 04:22 - 2021-04-08 21:53 - 000008192 ___SH C:\DumpStack.log.tmp
2021-03-31 03:30 - 2021-03-31 03:30 - 000016148 _____ C:\WINDOWS\system32\DESKTOP-BV3TRHD_User_HistoryPrediction.bin
2021-03-30 13:29 - 2021-03-31 02:46 - 000000710 _____ C:\WINDOWS\Tasks\WpsExternal_User_20210330132923.job
2021-03-30 09:31 - 2021-03-30 09:31 - 000815712 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
2021-03-30 09:31 - 2021-03-30 09:31 - 000716384 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2021-03-30 09:31 - 2021-03-30 09:31 - 000437344 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
2021-03-30 09:31 - 2021-03-30 09:31 - 000350816 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo59.dll
2021-03-30 09:31 - 2021-03-30 09:31 - 000289376 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
2021-03-30 09:31 - 2021-03-30 09:31 - 000066136 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynRMIHID_Aux.sys
2021-03-30 09:31 - 2021-03-30 09:31 - 000055384 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel_Aux.sys
2021-03-30 09:31 - 2021-03-30 09:31 - 000053848 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF_Aux.sys
2021-03-30 09:31 - 2018-05-11 17:37 - 000034944 _____ (HP) C:\WINDOWS\system32\Drivers\WirelessButtonDriver64.sys
2021-03-29 11:36 - 2021-03-31 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDAutomation.com QR-Code Font and Encoder
2021-03-29 11:35 - 2021-03-29 11:36 - 000000000 ____D C:\Program Files (x86)\IDAutomation.com QR-Code Font and Encoder
2021-03-29 11:14 - 2021-03-31 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIC 7
2021-03-29 11:14 - 2021-03-29 11:14 - 000246080 _____ (KEYLOK) C:\WINDOWS\system32\NWKL2_64.DLL
2021-03-29 11:14 - 2021-03-29 11:14 - 000235840 _____ (KEYLOK) C:\WINDOWS\system32\KL2DLL64.DLL
2021-03-29 11:14 - 2021-03-29 11:14 - 000228160 _____ (KEYLOK) C:\WINDOWS\SysWOW64\NWKL2_32.DLL
2021-03-29 11:14 - 2021-03-29 11:14 - 000123200 _____ (KEYLOK) C:\WINDOWS\SysWOW64\KL2DLL32.DLL
2021-03-29 11:14 - 2021-03-29 11:14 - 000041984 _____ C:\WINDOWS\system32\ppmon64.exe
2021-03-29 11:14 - 2021-03-29 11:14 - 000024136 _____ C:\WINDOWS\SysWOW64\ppmon.exe
2021-03-29 11:14 - 2021-03-29 11:14 - 000012480 _____ C:\WINDOWS\SysWOW64\KL2N.DLL
2021-03-29 11:14 - 2021-03-29 11:14 - 000007440 _____ C:\WINDOWS\SysWOW64\ppmon.dll
2021-03-29 11:14 - 2021-03-29 11:14 - 000002603 _____ C:\ProgramData\Desktop\MAGIC.lnk
2021-03-29 11:14 - 2021-03-29 11:14 - 000000000 ____D C:\Users\User\AppData\Local\KEYLOK
2021-03-29 11:14 - 2021-03-29 11:14 - 000000000 ____D C:\Program Files\DIFX
2021-03-29 11:13 - 2021-04-07 11:21 - 000000000 ____D C:\Cards7
2021-03-29 11:13 - 2021-03-29 11:14 - 000000000 ____D C:\Program Files (x86)\MAGIC7
2021-03-29 11:12 - 2019-03-10 17:48 - 003719168 _____ C:\MAGIC7_EPM.bak
2021-03-29 11:03 - 2021-03-29 11:03 - 000000000 ____D C:\WINDOWS\system32\RsFx
2021-03-29 10:55 - 2021-03-29 10:55 - 000000000 ____D C:\Users\User\AppData\Local\Microsoft_Corporation
2021-03-29 10:52 - 2021-03-29 11:10 - 000000000 ____D C:\Users\User\Documents\SQL Server Management Studio
2021-03-29 10:50 - 2021-03-31 16:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2021-03-29 10:49 - 2021-03-31 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2014
2021-03-29 10:48 - 2021-03-31 16:21 - 000000000 ____D C:\WINDOWS\SysWOW64\1033
2021-03-29 10:48 - 2021-03-29 10:48 - 000000000 ____D C:\Users\User\Documents\Visual Studio 2010
2021-03-29 10:47 - 2021-03-29 10:48 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0
2021-03-29 10:46 - 2021-03-31 16:21 - 000000000 ____D C:\WINDOWS\system32\1033
2021-03-29 10:46 - 2021-03-29 10:46 - 000000000 ____D C:\WINDOWS\symbols
2021-03-29 10:46 - 2021-03-29 10:46 - 000000000 ____D C:\Program Files\Microsoft Visual Studio 10.0
2021-03-29 10:46 - 2021-03-29 10:46 - 000000000 ____D C:\Program Files\Microsoft Help Viewer
2021-03-29 10:46 - 2021-03-29 10:46 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2021-03-29 10:33 - 2021-03-31 04:51 - 000000000 ___DC C:\WINDOWS\Panther
2021-03-29 10:24 - 2021-03-29 10:24 - 000000000 ____D C:\ProgramData\Synaptics
2021-03-25 12:46 - 2021-04-03 13:46 - 000006250 _____ C:\Users\User\Desktop\box.png.ytbn
2021-03-25 12:24 - 2021-04-03 13:46 - 000034316 _____ C:\Users\User\Desktop\cosec-vega-fax-banner-removebg-preview.png.ytbn
2021-03-25 12:09 - 2021-04-03 13:46 - 000064889 _____ C:\Users\User\Desktop\4024520392_1572874805.jpg.ytbn
2021-03-24 09:42 - 2021-03-24 09:49 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-03-24 09:41 - 2021-03-31 16:24 - 000000000 ____D C:\Program Files\rempl
2021-03-24 09:41 - 2021-03-24 14:57 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2021-03-24 09:41 - 2021-03-24 14:48 - 000000000 ____D C:\Program Files\CUAssistant
2021-03-23 09:25 - 2010-12-06 06:16 - 000090112 _____ (Vestris Inc.) C:\WINDOWS\system32\Vestris.ResourceLib.dll
2021-03-22 16:17 - 2021-04-03 13:46 - 000360782 _____ C:\Users\User\Documents\Database1.accdb.ytbn
2021-03-22 15:03 - 2021-04-07 11:18 - 000000000 ____D C:\AccessControl
2021-03-22 15:03 - 2021-03-31 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AccessControl
2021-03-22 15:03 - 2021-03-22 15:03 - 000001625 _____ C:\ProgramData\Desktop\AccessControl.lnk
2021-03-18 16:01 - 2021-03-31 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ApowerMirror
2021-03-18 16:01 - 2021-03-18 16:01 - 000000613 _____ C:\Users\User\Desktop\ApowerMirror.lnk
2021-03-18 14:28 - 2021-04-04 10:21 - 000000000 ____D C:\Users\User\AppData\Local\BitTorrentHelper
2021-03-18 14:28 - 2021-04-03 13:49 - 000000000 ____D C:\Users\User\Downloads\BitTorrent Web Tutorial Video
2021-03-18 14:23 - 2021-03-18 14:24 - 000000000 ____D C:\Program Files\TAP-Windows
2021-03-18 12:26 - 2021-04-07 11:18 - 000000000 ____D C:\.android
2021-03-18 12:22 - 2021-03-18 12:26 - 000000000 ____D C:\ProgramData\Apple
2021-03-18 12:22 - 2021-03-18 12:22 - 000000000 ____D C:\Users\User\Documents\Apowersoft
2021-03-18 12:22 - 2021-03-18 12:22 - 000000000 ____D C:\Program Files\Bonjour
2021-03-18 12:22 - 2021-03-18 12:22 - 000000000 ____D C:\Program Files (x86)\Bonjour
2021-03-18 12:21 - 2021-03-18 12:21 - 000000000 ____D C:\Users\User\AppData\Roaming\Apowersoft
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-04-09 14:01 - 2020-11-19 11:43 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-04-09 13:58 - 2019-12-07 13:03 - 000065536 _____ C:\WINDOWS\system32\config\ELAM
2021-04-09 11:55 - 2019-12-07 13:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-08 21:56 - 2020-07-23 21:59 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles
2021-04-08 21:54 - 2020-11-19 11:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-04-08 21:53 - 2019-12-07 13:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-04-08 18:44 - 2020-12-06 10:11 - 000000000 ____D C:\Program Files (x86)\AnyDesk
2021-04-07 14:20 - 2021-01-21 10:07 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2021-04-07 13:14 - 2020-07-24 06:45 - 000000000 ____D C:\Users\User\AppData\Local\VirtualStore
2021-04-07 12:33 - 2020-10-07 00:53 - 000000000 ____D C:\Trisha
2021-04-07 12:32 - 2021-01-10 09:14 - 000000000 ____D C:\SadpLog
2021-04-07 11:21 - 2020-12-24 10:47 - 000000000 ____D C:\kingsoft
2021-04-07 11:21 - 2020-11-26 23:55 - 000000000 ____D C:\Cakewalk Projects
2021-04-07 11:21 - 2020-11-26 23:50 - 000000000 ____D C:\Cakewalk Content
2021-04-07 11:19 - 2020-10-08 14:26 - 000000000 ____D C:\Among Us V.2020.9.9
2021-04-07 08:40 - 2019-12-07 13:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-04-06 15:34 - 2020-12-06 10:11 - 000000000 ____D C:\ProgramData\AnyDesk
2021-04-06 15:05 - 2020-11-19 11:54 - 000982928 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-04-06 15:05 - 2019-12-07 13:13 - 000000000 ____D C:\WINDOWS\INF
2021-04-06 14:24 - 2020-12-26 13:21 - 000000000 ____D C:\Program Files\Wondershare
2021-04-06 14:22 - 2020-12-26 13:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2021-04-06 10:38 - 2020-07-23 22:28 - 000000000 ____D C:\Program Files\WinRAR
2021-04-06 08:51 - 2020-10-06 21:21 - 000000000 ____D C:\Users\User\AppData\Local\Opera Software
2021-04-06 08:51 - 2020-10-06 21:20 - 000000000 ____D C:\Users\User\AppData\Roaming\Opera Software
2021-04-05 13:09 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-04-04 10:00 - 2020-07-23 22:28 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-04-04 10:00 - 2020-07-23 22:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-04-04 08:49 - 2019-12-07 13:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-04-04 08:49 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-04-04 08:48 - 2020-11-19 11:46 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-03 14:39 - 2021-02-07 12:32 - 000002364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2021-04-03 13:49 - 2021-01-03 13:52 - 000000000 ____D C:\Users\User\Documents\Camtasia
2021-04-03 13:46 - 2021-01-24 09:22 - 000000000 ___RD C:\Users\User\3D Objects
2021-04-03 13:46 - 2021-01-03 12:23 - 000009466 _____ C:\Users\User\Desktop\New Text Document (2.1).ytbn.ytbn
2021-04-03 13:46 - 2021-01-02 09:51 - 000005012 _____ C:\Users\User\Desktop\New Text Document (2).txt.ytbn
2021-04-03 13:46 - 2020-12-28 10:23 - 000001276 _____ C:\Users\User\Desktop\New Text Document.txt.ytbn
2021-04-03 13:46 - 2020-12-10 13:03 - 000012882 _____ C:\Users\User\Desktop\Stock list December 2020.xlsx.ytbn
2021-04-03 13:46 - 2020-12-09 11:29 - 000002572 ____H C:\Users\User\Documents\Default.rdp.ytbn
2021-04-03 13:46 - 2020-12-08 09:55 - 000117957 _____ C:\Users\User\Desktop\IT Companies Data.xlsx.ytbn
2021-04-03 13:46 - 2020-12-06 09:49 - 000000000 ____D C:\Users\User\.android
2021-04-03 12:52 - 2019-12-07 13:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-04-03 12:42 - 2021-01-05 10:11 - 000000000 ____D C:\Program Files (x86)\Balabolka
2021-04-03 12:35 - 2020-10-07 00:02 - 000000000 ____D C:\Users\User\AppData\Roaming\.minecraft
2021-04-03 12:22 - 2020-10-10 18:36 - 000000000 ____D C:\Program Files (x86)\Epic Games
2021-04-03 11:58 - 2020-10-07 00:00 - 000000000 ____D C:\Program Files\Badlion Client
2021-04-03 10:49 - 2020-10-09 21:45 - 000000000 ____D C:\ProgramData\Adobe
2021-04-03 08:58 - 2020-10-09 21:44 - 000000000 ____D C:\Users\User\AppData\Local\Adobe
2021-04-03 08:58 - 2020-07-24 06:45 - 000000000 ____D C:\Users\User\AppData\Roaming\Adobe
2021-04-03 08:48 - 2020-11-19 11:48 - 000000000 ____D C:\ProgramData\Packages
2021-04-01 20:11 - 2020-11-19 11:43 - 000485152 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-04-01 20:05 - 2019-12-07 13:54 - 000000000 ___SD C:\WINDOWS\system32\AppV
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-04-01 20:04 - 2019-12-07 13:54 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-04-01 20:04 - 2019-12-07 13:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-04-01 20:04 - 2019-12-07 13:54 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\IME
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-04-01 20:04 - 2019-12-07 13:03 - 000000000 ____D C:\WINDOWS\servicing
2021-04-01 19:46 - 2020-10-10 18:42 - 000000000 ____D C:\ProgramData\Package Cache
2021-04-01 15:06 - 2020-07-24 06:45 - 000000000 ____D C:\Users\User\AppData\Local\Packages
2021-04-01 11:28 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-04-01 09:39 - 2020-11-19 11:45 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-04-01 08:59 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-04-01 08:58 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\appcompat
2021-03-31 16:21 - 2021-01-31 09:06 - 000000000 ____D C:\WINDOWS\SysWOW64\shxfont
2021-03-31 16:21 - 2021-01-31 09:05 - 000000000 ____D C:\WINDOWS\SysWOW64\PS
2021-03-31 16:21 - 2021-01-31 09:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoDWG
2021-03-31 16:21 - 2021-01-10 09:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SADPTool
2021-03-31 16:21 - 2021-01-03 13:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2021-03-31 16:21 - 2020-12-28 15:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\POINTMAN
2021-03-31 16:21 - 2020-12-13 15:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CardScanner
2021-03-31 16:21 - 2020-12-13 15:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Business Card Scanner Driver
2021-03-31 16:21 - 2020-12-06 10:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyDesk
2021-03-31 16:21 - 2020-12-06 09:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2021-03-31 16:21 - 2020-07-23 22:38 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2021-03-31 16:21 - 2020-07-23 21:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2021-03-31 16:21 - 2020-07-23 21:51 - 000000000 ____D C:\Program Files\Intel
2021-03-31 16:21 - 2019-12-07 13:18 - 000000000 ____D C:\WINDOWS\Setup
2021-03-31 16:21 - 2019-12-07 13:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-03-31 16:21 - 2019-12-07 13:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-03-31 16:21 - 2015-07-10 17:14 - 000000000 ____D C:\WINDOWS\ShellNew
2021-03-31 16:21 - 2015-07-10 15:04 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-03-31 16:21 - 2015-07-10 15:04 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-03-31 16:20 - 2015-07-10 15:04 - 000000000 ____D C:\WINDOWS\InfusedApps
2021-03-31 16:16 - 2020-11-27 00:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Celemony
2021-03-31 16:16 - 2020-11-26 23:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cakewalk
2021-03-31 16:16 - 2020-07-23 21:58 - 000000000 ____D C:\Program Files\Synaptics
2021-03-31 16:16 - 2020-07-23 21:56 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2021-03-31 16:16 - 2020-07-23 21:55 - 000000000 ____D C:\Program Files\Realtek
2021-03-31 16:16 - 2020-07-23 21:54 - 000000000 ____D C:\Program Files\AMD
2021-03-31 16:16 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\Resources
2021-03-31 16:08 - 2020-11-19 06:50 - 000443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2021-03-31 16:08 - 2020-11-19 06:50 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2021-03-31 16:08 - 2019-12-07 13:10 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2021-03-31 14:50 - 2020-11-19 11:46 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-03-31 14:50 - 2020-11-19 11:46 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-03-31 09:05 - 2020-11-19 11:43 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-03-31 04:51 - 2020-10-10 14:54 - 000000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2021-03-31 04:49 - 2019-12-07 13:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-03-31 04:46 - 2019-12-07 13:14 - 000000000 __RSD C:\WINDOWS\Media
2021-03-31 04:43 - 2020-07-23 21:59 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-03-31 04:38 - 2020-12-07 10:02 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WPS Office
2021-03-31 04:38 - 2020-11-26 23:34 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BandLab Technologies
2021-03-31 04:38 - 2020-10-07 13:59 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-03-31 04:34 - 2021-01-04 09:31 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blender
2021-03-31 04:27 - 2020-07-23 21:55 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2021-03-31 03:36 - 2020-12-24 10:53 - 000000372 _____ C:\WINDOWS\Tasks\WpsUpdateTask_User.job
2021-03-29 11:09 - 2020-07-23 22:36 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2021-03-29 11:09 - 2020-07-23 22:36 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2021-03-29 10:51 - 2020-07-23 22:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-03-29 10:24 - 2020-10-06 21:18 - 000000000 ____D C:\Users\User\AppData\Roaming\Synaptics
2021-03-20 08:55 - 2020-12-27 16:15 - 000000747 _____ C:\Users\User\Desktop\Video Editing - Shortcut.lnk
2021-03-15 09:13 - 2020-07-24 06:47 - 000000000 ___RD C:\Users\User\OneDrive
2021-03-13 09:43 - 2020-10-09 21:47 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
 
==================== Files in the root of some directories ========
 
2021-04-03 13:12 - 2021-04-03 13:16 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2021-04-03 13:11 - 2021-04-03 13:15 - 000022848 _____ (Microsoft Corporation) C:\Program Files\api-ms-win-crt-convert-l1-1-0.dll
2021-04-03 13:11 - 2021-04-03 13:15 - 000023360 _____ (Microsoft Corporation) C:\Program Files\api-ms-win-crt-runtime-l1-1-0.dll
2021-04-03 13:11 - 2021-04-03 13:15 - 000024896 _____ (Microsoft Corporation) C:\Program Files\api-ms-win-crt-string-l1-1-0.dll
2021-04-03 13:11 - 2021-04-03 13:15 - 000141296 _____ (Oracle Corporation) C:\Program Files\dcpr.dll
2021-04-03 13:11 - 2021-04-03 13:15 - 000015856 _____ () C:\Program Files\jp2native.dll
2021-04-03 13:11 - 2021-04-03 13:15 - 000000199 _____ () C:\Program Files\unins.vbs
2021-04-04 18:53 - 2021-04-04 18:53 - 000000032 _____ () C:\Users\User\AppData\Roaming\8f9b.8f9b
2021-04-03 13:18 - 2021-04-03 13:18 - 000000560 _____ () C:\Users\User\AppData\Local\bowsakkdestx.txt
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
 
Addition
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-04-2021
Ran by User (09-04-2021 14:09:31)
Running from C:\Users\User\Desktop
Windows 10 Pro Version 20H2 19042.867 (X64) (2021-03-31 00:49:49)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1875166542-2685140994-1970054088-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1875166542-2685140994-1970054088-503 - Limited - Disabled)
Guest (S-1-5-21-1875166542-2685140994-1970054088-501 - Limited - Disabled)
User (S-1-5-21-1875166542-2685140994-1970054088-1001 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-1875166542-2685140994-1970054088-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Access Control (HKLM-x32\...\{B8202A3F-65A2-4921-B5CB-598FFA49FD11}) (Version: 7.51.81 - CSN)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.001.20145 - Adobe Systems Incorporated)
Adobe After Effects 2021 (HKLM-x32\...\AEFT_18_0_1) (Version: 18.0.1 - Adobe Inc.)
AdoptOpenJDK JDK with Hotspot 8.0.265.01 (x64) (HKLM\...\{2B68F6A3-4DF9-48A9-B59D-922F5A8D1A62}) (Version: 8.0.265.01 - AdoptOpenJDK)
Android Studio (HKLM\...\Android Studio) (Version: 4.1 - Google LLC)
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 6.2.3 - philandro Software GmbH)
BandLab Assistant 6.2.0 (HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\9b08bea4-021c-5f9d-a74e-ac0ceb51fb28) (Version: 6.2.0 - BandLab Technologies)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 25.0.1.177 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.21.227 - Bitdefender)
Blender (HKLM\...\{64FCD268-AF5F-403D-B51B-00BC2D47DD0B}) (Version: 2.91.0 - Blender Foundation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 89.1.22.71 - Brave Software Inc)
Business Card Scanner Driver (HKLM-x32\...\{71A51A91-E7D3-11DB-A386-005056C00008}) (Version: 2010.03.02 - Deasy Corporation)
Cakewalk by BandLab (HKLM\...\Cakewalk Core_is1) (Version: 26.11.0.099 - BandLab Singapore Pte Ltd.)
Cakewalk Drum Replacer (HKLM\...\Cakewalk Drum Replacer_is1) (Version: 1.2.0.14 - BandLab Singapore Pte Ltd.)
Cakewalk Studio Instruments Suite (HKLM\...\Studio Instruments Suite_is1) (Version: 1.0.0.70 - BandLab Singapore Pte Ltd.)
Cakewalk Theme Editor (HKLM\...\Cakewalk Theme Editor_is1) (Version: 1.2.0.14 - BandLab Singapore Pte Ltd.)
Camtasia 2019 (HKLM\...\{FF10C4F0-9186-405F-809D-D2E8D5E39448}) (Version: 19.0.10.17662 - TechSmith Corporation) Hidden
Camtasia 2019 (HKLM-x32\...\{03e048a7-3690-409c-b9c4-27612f78bd68}) (Version: 19.0.10.17662 - TechSmith Corporation)
Card Printer (HKLM\...\Card Printer) (Version:  - )
CardScanner (HKLM-x32\...\{94E73CA7-027B-4F3D-9E2A-9FEE4F7DD9C5}) (Version: 3.0 - )
DWGSee Pro 2020 (HKLM-x32\...\{BE4B9B74-CEB0-499C-A0F4-4F17DF52B314}) (Version: 5.0 - AutoDWG)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
gdiview (HKLM-x32\...\{9A2A452C-3057-4F5E-8C7F-41B0D566B831}) (Version: 1.0.0 - gdiview)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.114 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 - Google LLC) Hidden
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
IDAutomation.com QR-Code Font and Encoder (HKLM-x32\...\IDAutomation.com QR-Code Font and Encoder) (Version:  - )
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{7563302D-BD6B-4153-BA7D-3E3432E7C22D}) (Version: 7.5.6 - Intel Corporation)
KX-TE Maintenance Console (HKLM-x32\...\{EF5B455C-7FAA-4978-BB92-29CEBD013C9C}) (Version: 3.000 - )
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
MAGIC7 (HKLM-x32\...\{75E7949C-6476-4F91-9BC8-5DDA7C45BCA4}) (Version: 1.0.0 - EPM)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Melodyne 4 (HKLM-x32\...\{16DF894D-FC3F-4B87-908D-671E201CD7A8}) (Version: 4.01.0111 - Celemony Software GmbH)
Melodyne Runtime 4.1 (x64) (HKLM\...\{721E4E34-AF7C-4345-93F9-282CCC8CCCB5}) (Version: 1.0.2 - Celemony Software GmbH)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.68 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{A106FA6F-E94C-44C9-8A0F-C34BD82C9FE6}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\OneDriveSetup.exe) (Version: 21.030.0211.0002 - Microsoft Corporation)
Microsoft Report Viewer 2014 Runtime (HKLM-x32\...\{327E9C0D-1687-414F-923E-F5979E549548}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2014 Policies  (HKLM-x32\...\{1C30FE7E-8A8C-4492-89D6-10CB20C3B0EB}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{0EEBDCCA-EF5D-4896-9FEA-D7D410A57E8A}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL Compiler Service  (HKLM\...\{59DE4D1C-690E-4397-8A44-B684934E863C}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\Teams) (Version: 1.3.00.26064 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.26.28720 (HKLM-x32\...\{7d607fb4-7e28-4c7a-a92f-3fcdaf555faf}) (Version: 14.26.28720.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.0.2000.8 - Microsoft Corporation)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.)
SADPTool (HKLM-x32\...\{7D9B79C2-B1B2-433B-844F-F4299B86F26E}) (Version: 3.0.1.8 - hikvision)
SQL Server 2014 Client Tools (HKLM\...\{2BA1811B-44C0-4C50-8C5A-CE68AB25ED71}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Client Tools (HKLM\...\{B5ECFA5C-AC4F-45A4-A12E-A76ABDD9CCBA}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{BD1CD96B-FE4B-4EAE-83D4-6EF55AB5779C}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{F7012F84-80F5-4C25-852E-B1BA03276FE6}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{17531BCD-C627-46A2-9F1E-7CC920E0E94A}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{5082A9F3-AEE5-4639-9BA7-C19661BA7331}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{ACC530B8-B6B4-40D6-B59B-152468CF47D0}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{D1B847A9-B06B-4264-9EF0-78E6E1571E65}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (HKLM\...\{75A54138-3B98-4705-92E4-F619825B121F}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (HKLM\...\{839EF29A-3055-43DC-ADCE-8E84893798D5}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.0.2000.8 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{6476DB81-F263-4C04-8574-AAD31136C304}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Update for Skype for Business 2016 (KB4032255) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{053B38B6-9400-4CCD-BD0C-95E28A4D5BC4}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB4032255) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{053B38B6-9400-4CCD-BD0C-95E28A4D5BC4}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB4032255) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{053B38B6-9400-4CCD-BD0C-95E28A4D5BC4}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{6753CC12-A884-47B2-9270-F5CD31B6F256}) (Version: 2.67.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{0746492E-47B6-4251-940C-44462DFD74BB}) (Version: 2.55.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{76A22428-2400-4521-96AF-7AC4A6174CA5}) (Version: 1.25.0.0 - Microsoft Corporation) Hidden
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Windows Driver Package - KEYLOK (usbkey) USB  (06/10/2010 64.0.0.0) (HKLM\...\B048A6D4B0188E5A802ADFF30A7C78FA4AD99BE0) (Version: 06/10/2010 64.0.0.0 - KEYLOK)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
WPS Office (11.2.0.10078) (HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\Kingsoft Office) (Version: 11.2.0.10078 - Kingsoft Corp.)
 
Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-03-31] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-03-31] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-03-31] (Microsoft Studios) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2021-03-31] (Microsoft Corporation) [MS Ad]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1875166542-2685140994-1970054088-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1875166542-2685140994-1970054088-1001_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 -> C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.10078\office6\kwpsmenushellext64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1875166542-2685140994-1970054088-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel® pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1875166542-2685140994-1970054088-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1875166542-2685140994-1970054088-1001_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ContextMenuHandlers1: [DWGSeeMenu] -> {A6EAF440-149E-4AF3-AE84-5DA3CF791E3B} => C:\Program Files (x86)\AutoDWG\DWGSee Pro 2020\DWGSeeMenu64.dll [2012-07-13] (TODO: <Company name>) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-07] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2020-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-07] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-1875166542-2685140994-1970054088-1001: [          kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.10078\office6\kwpsmenushellext64.dll [2021-03-30] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
ContextMenuHandlers4_S-1-5-21-1875166542-2685140994-1970054088-1001: [          kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.10078\office6\kwpsmenushellext64.dll [2021-03-30] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2021-01-31 09:05 - 2012-07-13 04:28 - 000125952 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\AutoDWG\DWGSee Pro 2020\DWGSeeMenu64.dll
2020-12-28 15:33 - 2014-07-30 16:06 - 000024576 _____ (Windows ® Codename Longhorn DDK provider) [File not signed] C:\WINDOWS\System32\CITPJLMON.DLL
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxps://www.msn.com/en-ae/?ocid=iehp
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2018-07-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2018-07-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-23] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-06-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-06-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-06-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-06-12] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\localhost -> localhost
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 15:04 - 2021-04-08 21:50 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1       localhost
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64\compiler;C:\Program Files\AdoptOpenJDK\jdk-8.0.265.01-hotspot\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\ManagementStudio\;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\120\DTS\Binn\;C:\Program Files\Microsoft SQL Server\120\DTS\Binn\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\Control Panel\Desktop\\Wallpaper -> c:\users\user\downloads\wallpaperflare.com_wallpaper.jpg
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 8.8.8.8 - 4.4.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\StartupFolder: => "AnyDesk.lnk"
HKLM\...\StartupApproved\Run32: => "VMonitorVMUVC"
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\StartupApproved\Run: => "Adobe Reader Synchronizer"
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\StartupApproved\Run: => "ColdHill"
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\StartupApproved\Run: => "Opera GX Browser Assistant"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{7109EECF-FE7B-43A5-805A-2892C5E0AB47}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{59982179-E95D-4255-92A6-E701888CFD92}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3961424B-EA55-459B-A937-44772E52F443}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{039034B7-9C45-445D-B6F5-6FE15467602F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BE9CED34-384B-4002-B49A-1F43DE1734CF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [UDP Query User{3BBB5996-6FCC-48C6-8106-B0D42182BEDC}C:\program files (x86)\sadptool\sadptool.exe] => (Allow) C:\program files (x86)\sadptool\sadptool.exe (HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )
FirewallRules: [TCP Query User{1CA1D82E-5535-49A0-B16E-3CA236B60E5D}C:\program files (x86)\sadptool\sadptool.exe] => (Allow) C:\program files (x86)\sadptool\sadptool.exe (HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )
FirewallRules: [{B7FEDDAA-F21B-4C23-8E53-2EA2102A11E3}] => (Allow) LPort=8320
FirewallRules: [{89FC2107-1EC2-49F0-8080-1507431889DE}] => (Allow) C:\Program Files\Cakewalk\Shared Utilities\StartPage\CakewalkStartScreen.exe (BandLab Singapore Pte Ltd. -> BandLab Singapore Pte Ltd.)
FirewallRules: [{19351964-04DE-4AFF-B931-26EFD5CABA12}] => (Allow) C:\Program Files\Cakewalk\Shared Utilities\StartPage\CakewalkStartScreen.exe (BandLab Singapore Pte Ltd. -> BandLab Singapore Pte Ltd.)
FirewallRules: [UDP Query User{AE38B650-87D6-4BA9-A4E8-7898FA7C9521}C:\users\user\appdata\local\programs\bandlab-assistant\bandlab assistant.exe] => (Allow) C:\users\user\appdata\local\programs\bandlab-assistant\bandlab assistant.exe (BandLab Singapore Pte Ltd. -> BandLab Technologies)
FirewallRules: [TCP Query User{30B4A390-6047-4E09-A396-633648DDFE63}C:\users\user\appdata\local\programs\bandlab-assistant\bandlab assistant.exe] => (Allow) C:\users\user\appdata\local\programs\bandlab-assistant\bandlab assistant.exe (BandLab Singapore Pte Ltd. -> BandLab Technologies)
FirewallRules: [UDP Query User{2F03BFAD-4573-4A26-B43D-A653D76C57A6}C:\program files\adoptopenjdk\jdk-8.0.265.01-hotspot\jre\bin\javaw.exe] => (Allow) C:\program files\adoptopenjdk\jdk-8.0.265.01-hotspot\jre\bin\javaw.exe
FirewallRules: [TCP Query User{A05A573B-6BDF-4606-8883-E1C7B262FDE1}C:\program files\adoptopenjdk\jdk-8.0.265.01-hotspot\jre\bin\javaw.exe] => (Allow) C:\program files\adoptopenjdk\jdk-8.0.265.01-hotspot\jre\bin\javaw.exe
FirewallRules: [UDP Query User{4460A8C1-11DE-4C3A-B725-16451D63740C}C:\users\user\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\user\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{0E0F0A0D-0B25-44A8-9579-94DFE81FAAC9}C:\users\user\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\user\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{5C9BCD4B-9018-4D3E-92D1-34AF53DAFA35}C:\programdata\badlionclient\jre\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre\bin\javaw.exe
FirewallRules: [TCP Query User{F48BB3EC-1BE0-47E3-AB03-1563D980B23B}C:\programdata\badlionclient\jre\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre\bin\javaw.exe
FirewallRules: [{67476C21-3FA6-4EB8-B2D5-BFD2C5556A19}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{30DB716E-F20F-43D4-B8B6-B28F037C4CCA}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{17515E3C-B17F-4D7C-8AD5-B6BDB12AA72C}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{112FEAD7-8C5D-4070-9837-496F3BF89DEF}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6374F229-D68A-4057-B1EA-086BDD8B1AC6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E0FE3DC1-53F1-4BB0-8EA7-CEEAA9A03A9E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{17AA5971-6B4D-49D2-85D7-CB3AA9EFB1E5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0D225FB2-22CE-4763-BA7B-27807270BD9A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{20991701-8604-495D-A067-C561EEF27D65}C:\windows\syswow64\svchost.exe] => (Allow) C:\windows\syswow64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [UDP Query User{A409B505-3B51-4787-9B65-90812C078665}C:\windows\syswow64\svchost.exe] => (Allow) C:\windows\syswow64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{963974C6-5911-4007-84F6-8498E1788C19}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{1314C217-144D-4793-AE0B-04494310D515}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{2711FF43-19AD-4200-9722-13FBDE119F05}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{57F4E5ED-3A95-422D-89FA-DF0B2AAF2605}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{D89587EB-FA1D-44AE-ACB8-C061326A74A5}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{7FFC42C2-2465-49E5-A331-2A8C5252B5B9}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{320F82E9-9DF1-4A76-A648-886A8A6071E7}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
 
==================== Restore Points =========================
 
04-04-2021 09:02:35 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (04/09/2021 01:56:33 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent
 
Error: (04/09/2021 11:57:10 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent
 
Error: (04/09/2021 11:56:09 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent
 
Error: (04/09/2021 09:57:07 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent
 
Error: (04/09/2021 09:56:02 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent
 
Error: (04/09/2021 07:57:06 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent
 
Error: (04/09/2021 07:56:26 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent
 
Error: (04/09/2021 05:57:04 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent
 
 
System errors:
=============
Error: (04/08/2021 09:54:13 PM) (Source: IntelHaxm) (EventID: 10) (User: )
Description: HAXM can't work on system with VT disabled
 
Error: (04/08/2021 09:50:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (04/08/2021 09:50:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (04/08/2021 09:50:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server (SQLEXPRESS) service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/08/2021 09:50:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ProductAgentService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/08/2021 09:50:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SQL Server Browser service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (04/08/2021 09:50:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The AnyDesk Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (04/08/2021 09:50:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Windows Defender:
================
Date: 2021-04-03 13:19:15
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Glupteba.AV!MTB
Severity: Severe
Category: Trojan
Path: file:_C:\Users\User\AppData\Local\88827002-09ba-4f78-af26-e846d392c127\E2F6.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\svchost.exe
Security intelligence Version: AV: 1.335.109.0, AS: 1.335.109.0, NIS: 1.335.109.0
Engine Version: AM: 1.1.18000.5, NIS: 1.1.18000.5
 
Date: 2021-04-03 13:18:44
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Wacatac.B!ml
Severity: Severe
Category: Trojan
Path: file:_C:\Users\User\AppData\Local\Temp\is-GTMR8.tmp\Setup.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\svchost.exe
Security intelligence Version: AV: 1.335.109.0, AS: 1.335.109.0, NIS: 1.335.109.0
Engine Version: AM: 1.1.18000.5, NIS: 1.1.18000.5
 
Date: 2021-04-03 13:18:42
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Mamson.A!ac
Severity: Severe
Category: Trojan
Path: file:_C:\Program Files (x86)\67e16a30-3df6-4d4c-a838-a81a8806dda3\Versium Research\LabPicV3.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\User\AppData\Local\Temp\is-GTMR8.tmp\Setup.exe
Security intelligence Version: AV: 1.335.109.0, AS: 1.335.109.0, NIS: 1.335.109.0
Engine Version: AM: 1.1.18000.5, NIS: 1.1.18000.5
 
Date: 2021-04-03 13:13:53
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Stealer.KA!MTB
Severity: Severe
Category: Trojan
Path: file:_C:\Users\User\AppData\Local\Temp\haleng.exe; regkey:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\haleng; runkey:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\haleng
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.335.109.0, AS: 1.335.109.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.18000.5, NIS: 0.0.0.0
 
Date: 2021-04-03 13:13:53
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Backdoor:Win32/Bladabindi!ml
Severity: Severe
Category: Backdoor
Path: file:_C:\Program Files (x86)\67e16a30-3df6-4d4c-a838-a81a8806dda3\Versium Research\RunWW.exe; process:_pid:11960,ProcessStart:132619146701968983
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\67e16a30-3df6-4d4c-a838-a81a8806dda3\Versium Research\RunWW.exe
Security intelligence Version: AV: 1.335.109.0, AS: 1.335.109.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.18000.5, NIS: 0.0.0.0
 
Date: 2021-04-03 13:18:43
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x8007041d
Error description: The service did not respond to the start or control request in a timely fashion. 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
CodeIntegrity:
===============
Date: 2021-04-09 11:57:26
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender Antivirus Free\bdamsi\265245302951969804\antimalware_provider64.dll that did not meet the Windows signing level requirements.
 
Date: 2021-04-09 04:25:47
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender Antivirus Free\bdamsi\265245302951969804\antimalware_provider64.dll that did not meet the Windows signing level requirements.
 
Date: 2021-04-08 21:54:44
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender Antivirus Free\connectagent.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: Insyde F.14 10/04/2013
Motherboard: Hewlett-Packard 1970
Processor: Intel® Core™ i7-3632QM CPU @ 2.20GHz
Percentage of memory in use: 70%
Total physical RAM: 8090.35 MB
Available physical RAM: 2420.77 MB
Total Virtual: 9370.35 MB
Available Virtual: 2781.74 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:146.91 GB) (Free:27.84 GB) NTFS
Drive d: () (Fixed) (Total:155.27 GB) (Free:123.63 GB) NTFS
Drive e: () (Fixed) (Total:163.09 GB) (Free:86.98 GB) NTFS
 
\\?\Volume{c0944214-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: C0944214)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=155.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=163.1 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================

  • 0

#19
DR M
Posted 09 April 2021 - 07:03 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,113 posts

Hi, Nimosh.
 
In the logs I see that Microsoft (Windows) Defender is enabled and BitDefender is not shown in the Security Center. Have you checked if BitDefender is running fine and provides real time protection?
 
Also, I see that you didn't remove the extension in Chrome and Opera as I asked you here. Please, do it now.

 

How can I Upload the File?

 

You mean about the encrypted files at ID Ransomware (IDR)?


  • 0

#20
Nimosh
Posted 09 April 2021 - 08:14 AM

Nimosh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Hai DR M, I uploaded the encrypted file and note, link is Down

 

https://id-ransomwar...7107451e8bae30c

 

I checked the extension, removed all the extensions previously, not visible any other


  • 0

#21
DR M
Posted 09 April 2021 - 08:18 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,113 posts

Have you tried the Emsisoft Decryptor as suggested in the link you posted above?

 

What do you mean you removed the extensions previously? By removing an extension you don't decrypt your file.


  • 0

#22
Nimosh
Posted 09 April 2021 - 08:51 AM

Nimosh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Yeah I tried Emsisoft, Its need orginal file  and encrypted file, files all are encrypted so its not worked for me

 

Here you can see already replied for the extensions 


  • 0

#23
DR M
Posted 09 April 2021 - 08:57 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,113 posts

Yeah I tried Emsisoft, Its need orginal file  and encrypted file, files all are encrypted so its not worked for me

 

That's too bad... I hope you hadn't got important files in there and that a decryption solution will be available soon.

 

As for the Chrome and Opera extension, here (step 3) I am referring to another name. Please go for it now and report back what happened.
 
 


  • 0

#24
Nimosh
Posted 09 April 2021 - 09:11 AM

Nimosh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

There is no extension visible, if there is any extension visible, I can remove but nothing is there, all available extension are already removed


  • 0

#25
DR M
Posted 09 April 2021 - 09:43 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,113 posts

You mean that you don't see the extension book_helper?

 

If not in Chrome, at least in Opera browser?


  • 0

Advertisements

#26
Nimosh
Posted 09 April 2021 - 11:31 PM

Nimosh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

yeah i tried that also, i managed to scan with Emsisoft. Its not possible to decrypt files.

 

Their suggestion is to take a backup and rebuild new windows, may be in future it can be decrypted

 

Thank you for your support


  • 0

#27
DR M
Posted 10 April 2021 - 01:21 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,113 posts

Hi, Nimosh.

Let's make a fresh, clean install of Chrome and Opera.

Chrome

1. Backup your Bookmarks

If your Chrome Bookmarks are important do this first:
Go to this link: http://www.wikihow.c...rks-from-Chrome follow the instructions and Export your Bookmarks from Chrome and save them to your Desktop. Note the instructions can also be used to Import the bookmarks.

2. Get ready - Download Chrome installer

Download Chrome installer and save to install later: https://www.google.c...ktop/index.html https://www.google.c...ktop/index.html

4. Completely uninstall Chrome

5. Install Google Chrome

  • Install Google Chrome using the installer you have already downloaded.
  • Import your Bookmarks.

Opera

This site explains very detailed how to do a clean install of Opera browser. Follow the instructions to the end. If you don't want another browser (you have already many) just don't install Opera again.

================================

After the above, make an FRST scan and provide the FRST.txt.

 

I don't need Addition.txt this time.


  • 0

#28
Nimosh
Posted 10 April 2021 - 06:06 AM

Nimosh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Hai DR M, I had given my laptop to service center. the will check, Thank you for your support


  • 0

#29
DR M
Posted 10 April 2021 - 06:24 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,113 posts

Thanks for letting me know. The computer is clean, but that type of infection is serious, so the decision was up to you.

 

I'll mark the thread as solved.

 

You are very welcome.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP