Hai DR M, I tried to attach the file
one error is showing " Error You aren't permitted to upload this kind of file "
How can I Upload the File?
FRST log
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-04-2021
Ran by User (administrator) on DESKTOP-BV3TRHD (Hewlett-Packard HP Pavilion 15 Notebook PC) (09-04-2021 14:03:14)
Running from C:\Users\User\Desktop
Loaded Profiles: User & MSSQL$SQLEXPRESS
Platform: Windows 10 Pro Version 20H2 19042.867 (X64) Language: English (United States)
Default browser: Brave
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdredline.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe <26>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(philandro Software GmbH -> philandro Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe <3>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.10078\office6\wpscenter.exe <2>
(Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.10078\office6\wpscloudsvr.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8505088 2020-07-23] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2020-07-23] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [VMonitorVMUVC] => C:\Program Files (x86)\Business Card Scanner Driver\VMUVC\VMonitor.exe [135168 2008-03-26] (Vimicro Corporation) [File not signed]
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\User\AppData\Local\Microsoft\Teams\Update.exe [2452664 2020-10-06] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5536424 2021-03-06] (Adobe Inc. -> Adobe Systems Incorporated)
HKLM\...\Print\Monitors\Card Printer Language Monitor: C:\WINDOWS\system32\CITPJLMON.DLL [24576 2014-07-30] (Windows ® Codename Longhorn DDK provider) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe [2021-03-31] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\89.1.22.71\Installer\chrmstp.exe [2021-04-03] (Brave Software, Inc. -> Brave Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2020-12-06]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {06BEA5F9-8D9E-437E-8C9A-9C112297BB9F} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [888232 2021-01-29] (Bitdefender SRL -> Bitdefender)
Task: {225D577B-C753-4AD0-B888-F0E7859B7181} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3395FED9-E909-434B-912F-76EBE2AB53A0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {4A11AE65-1F4E-40CE-9A02-0710EDBCA675} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {512FF518-5F96-40BF-B0B5-74B1D31A9273} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {56377CD2-D0DD-492C-885C-64026D0027C4} - System32\Tasks\WpsExternal_User_20210330132923 => C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.10078\office6\wpscloudsvr.exe [1666760 2021-03-30] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {5DFAF5B0-BF7A-4DBA-9AE7-81922A095B81} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {6AB4CF25-5A94-4A40-A339-0555D48107F8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7991A201-C8F8-4586-9418-050BB8B7202D} - System32\Tasks\WpsUpdateTask_User => C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.10078\office6\wpsupdate.exe [164552 2021-03-30] (Zhuhai Kingsoft Office Software Co., Ltd. -> )
Task: {AB5A68D6-A9FB-4078-BE13-83FA491F2820} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-02-07] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {C8D41B55-075F-4F36-8EE1-07F1521F04C6} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-02-07] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {D04DF89F-C788-41FC-87D4-43D8123B02E7} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {E4113526-7BDC-4C7D-8803-FB5786E125B5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-23] (Google LLC -> Google LLC)
Task: {E69B7745-B774-4723-BE93-F25D05188466} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {FCF9A923-E89D-45FE-8841-8D09440BC237} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-23] (Google LLC -> Google LLC)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\WpsExternal_User_20210330132923.job => C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.10078\office6\wpscloudsvr.exe/wpscloudlaunch /run_plugin /plugin_name=ktaskschdtool /plugin_entry=ktaskschdtool.dll
Task: C:\WINDOWS\Tasks\WpsUpdateTask_User.job => C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.10078\office6\wpsupdate.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 4.4.4.4 213.42.20.20
Tcpip\..\Interfaces\{493b22a1-ae1b-4a70-bc87-c56b48e39f43}: [DhcpNameServer] 8.8.8.8 4.4.4.4 192.168.1.1
Tcpip\..\Interfaces\{4fd26666-d2e6-4f6e-afd7-6f09370194e2}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{8e572f95-a2a5-4287-b9be-6aaa30275010}: [DhcpNameServer] 8.8.8.8 4.4.4.4 213.42.20.20
Edge:
=======
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-08]
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-07-21] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-03-06] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2021-04-08]
CHR Notifications: Default -> hxxps://uae.microless.com
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-07]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-07-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-07]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-11]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2021-04-06]
CHR Extension: (d8yI+Hf7rX) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\iamogogldpiipekcpojlcdhmbhdjdocm [2020-11-09]
CHR HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [moihledlmchhofenpacbhphnbnpakgmo]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [moihledlmchhofenpacbhphnbnpakgmo]
Opera:
=======
OPR Profile: C:\Users\User\AppData\Roaming\Opera Software\Opera Stable [2021-04-06]
OPR Extension: (book_helper) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\iamogogldpiipekcpojlcdhmbhdjdocm [2020-11-09]
Brave:
=======
BRA Profile: C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-04-09]
BRA DownloadDir: D:\Downloads
BRA Notifications: Default -> hxxps://usersdrive.com
BRA Extension: (Brave Local Data Files Updater) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2021-02-07]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2021-04-09]
BRA Extension: (Brave User Model Installer) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\emgmepnebbddgnkhfmhdhmjifkglkamo [2021-03-31]
BRA Extension: (Brave NTP sponsored images) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2021-04-09]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2021-02-07]
BRA Extension: (Brave User Model Installer) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\kkjipiepeooghlclkedllogndmohhnhi [2021-03-31]
BRA Extension: (Crypto Wallets) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\odbfpeeihdkbihmopkbjmoonfanlbfcl [2021-04-01]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2021-04-07]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE [106952 2020-07-23] (Andrea Electronics -> Andrea Electronics Corporation)
R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3743464 2021-03-09] (philandro Software GmbH -> philandro Software GmbH)
R2 bdredline; C:\Program Files\Bitdefender Antivirus Free\bdredline.exe [2461792 2021-04-07] (Bitdefender SRL -> Bitdefender)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-02-07] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-02-07] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-04-07] (Malwarebytes Inc -> Malwarebytes)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [370368 2014-02-21] (Microsoft Corporation -> Microsoft Corporation)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1358248 2021-01-29] (Bitdefender SRL -> Bitdefender)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2014-02-21] (Microsoft Corporation -> Microsoft Corporation)
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [236128 2021-04-07] (Bitdefender SRL -> Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [559200 2021-04-07] (Bitdefender SRL -> Bitdefender)
R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [240352 2021-04-07] (Bitdefender SRL -> Bitdefender)
S3 wpscloudsvr; C:\ProgramData\Kingsoft\office6\wpscloudsvr.exe [1482496 2020-12-07] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [2718744 2021-02-26] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [802976 2020-12-04] (Bitdefender SRL -> Bitdefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [22976 2021-04-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
S3 edrsensor; C:\WINDOWS\System32\DRIVERS\edrsensor.sys [309120 2020-02-03] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-04-07] (Malwarebytes Inc -> Malwarebytes)
R1 Gemma; C:\WINDOWS\System32\DRIVERS\gemma.sys [488592 2021-02-16] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220616 2021-04-08] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-04-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198248 2021-04-08] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-04-08] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-04-08] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [155360 2021-04-08] (Malwarebytes Inc -> Malwarebytes)
R2 NPF; C:\Windows\SysWOW64\drivers\npf64.sys [36600 2019-06-27] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S4 RsFx0300; C:\WINDOWS\System32\DRIVERS\RsFx0300.sys [247488 2014-02-21] (Microsoft Corporation -> Microsoft Corporation)
R3 rtbth; C:\WINDOWS\System32\drivers\rtbth.sys [1219200 2020-07-23] (MEDIATEK INC. -> Ralink Technology, Corp.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R2 trufos; C:\WINDOWS\System32\drivers\trufos.sys [641728 2021-02-26] (Bitdefender SRL -> Bitdefender)
R0 vlflt; C:\WINDOWS\System32\DRIVERS\vlflt.sys [386800 2020-10-20] (Bitdefender SRL -> Bitdefender)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-03-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-31] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP Inc. -> HP)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-04-09 14:03 - 2021-04-09 14:05 - 000020551 _____ C:\Users\User\Desktop\FRST.txt
2021-04-08 21:55 - 2021-04-08 21:55 - 000198248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-04-08 21:55 - 2021-04-08 21:55 - 000155360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-04-08 21:55 - 2021-04-08 21:55 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-04-08 21:49 - 2021-04-08 22:20 - 000004310 _____ C:\Users\User\Desktop\Fixlog.txt
2021-04-08 17:07 - 2021-04-08 18:44 - 000207964 _____ C:\WINDOWS\ntbtlog.txt
2021-04-08 17:07 - 2021-04-08 17:07 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-04-08 16:57 - 2021-04-06 11:42 - 002298368 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2021-04-07 19:06 - 2021-04-07 19:06 - 000042484 _____ C:\Users\User\Desktop\eset.txt
2021-04-07 11:10 - 2021-04-07 11:10 - 000001000 _____ C:\Users\User\Desktop\esetonlinescanner.exe - Shortcut.lnk
2021-04-07 11:10 - 2021-04-07 11:10 - 000000627 _____ C:\Users\User\Desktop\ESET Online Scanner.lnk
2021-04-07 11:09 - 2021-04-08 17:07 - 000000000 ____D C:\Users\User\AppData\Local\ESET
2021-04-07 11:09 - 2021-04-07 11:09 - 000000725 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-04-07 08:41 - 2021-04-08 17:08 - 000220616 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-04-07 08:41 - 2021-04-07 08:41 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-04-07 08:41 - 2021-04-07 08:41 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-04-07 08:40 - 2021-04-08 21:55 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-04-07 08:40 - 2021-04-07 08:39 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-04-07 08:40 - 2021-04-07 08:39 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-04-07 08:39 - 2021-04-07 08:39 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-04-07 08:38 - 2021-04-07 08:38 - 000000000 ____D C:\Program Files\Malwarebytes
2021-04-07 08:34 - 2021-04-07 11:07 - 000000951 _____ C:\Users\User\Desktop\AdwCleaner - Shortcut.lnk
2021-04-07 08:30 - 2021-04-07 10:56 - 000000000 ____D C:\AdwCleaner
2021-04-06 14:14 - 2021-04-06 14:14 - 000000113 _____ C:\WINDOWS\wininit.ini
2021-04-06 13:19 - 2021-04-06 13:19 - 000087732 _____ C:\ProgramData\agent.update.1617700768.bdinstall.v2.bin
2021-04-06 13:18 - 2021-04-06 13:18 - 000001196 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free.lnk
2021-04-06 13:17 - 2021-04-06 13:17 - 000000000 ____D C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4
2021-04-06 13:14 - 2021-04-07 14:32 - 000022976 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2021-04-06 13:13 - 2021-04-06 13:13 - 000001211 _____ C:\ProgramData\Desktop\Bitdefender Antivirus Free.lnk
2021-04-06 13:13 - 2021-04-06 13:13 - 000000000 ____D C:\ProgramData\Bitdefender
2021-04-06 13:13 - 2021-02-26 17:31 - 000641728 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\trufos.sys
2021-04-06 13:12 - 2021-04-06 13:12 - 000003802 _____ C:\WINDOWS\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2021-04-06 13:12 - 2021-02-26 12:40 - 002718744 _____ (Bitdefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\atc.sys
2021-04-06 13:12 - 2021-02-16 14:31 - 000488592 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\gemma.sys
2021-04-06 13:12 - 2020-12-04 15:15 - 000802976 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bddci.sys
2021-04-06 13:12 - 2020-10-20 13:18 - 000386800 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\vlflt.sys
2021-04-06 13:12 - 2020-02-03 15:53 - 000309120 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\edrsensor.sys
2021-04-06 13:11 - 2021-04-09 14:02 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2021-04-06 13:10 - 2021-04-06 13:20 - 000000000 ____D C:\Program Files\Bitdefender Agent
2021-04-06 13:10 - 2021-04-06 13:10 - 000115748 _____ C:\ProgramData\agent.1617700201.bdinstall.v2.bin
2021-04-06 13:10 - 2021-04-06 13:10 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2021-04-06 11:43 - 2021-04-09 14:04 - 000000000 ____D C:\FRST
2021-04-06 11:33 - 2021-04-06 11:47 - 000000000 ____D C:\Users\User\AppData\Local\2f23593d-ec2c-4d9e-8fc5-a69f819b2451
2021-04-06 11:16 - 2021-04-06 11:16 - 000000000 ____D C:\Users\User\AppData\Local\mbam
2021-04-04 21:41 - 2021-04-04 21:41 - 000000000 ____D C:\ProgramData\IA9AG6FE1D7ACYIM799YZQM1Q
2021-04-04 21:38 - 2021-04-06 11:31 - 000000000 ____D C:\Users\User\AppData\Local\b75cb07c-192b-435c-b87c-a425760c7f94
2021-04-04 18:53 - 2021-04-04 18:53 - 000000032 _____ C:\Users\User\AppData\Roaming\8f9b.8f9b
2021-04-04 18:42 - 2021-04-06 11:30 - 000000000 ____D C:\Users\User\AppData\Local\5a5cfc91-a0c3-43b3-8b48-529cd5216d2c
2021-04-04 18:42 - 2021-04-04 18:43 - 000000000 ____D C:\ProgramData\6TXJ26K014UQ06YMRM1ASO4S8
2021-04-04 14:17 - 2021-04-06 11:31 - 000000000 ____D C:\WINDOWS\system32\Tasks\Updates
2021-04-04 14:16 - 2021-04-06 11:34 - 000000000 ____D C:\Users\User\AppData\Local\6831f20e-20c5-491b-8882-f5c56e50bebb
2021-04-04 09:31 - 2021-04-04 09:31 - 000000000 ____D C:\Users\User\AppData\Local\BandLab_Singapore_Pte_Ltd
2021-04-03 13:36 - 2021-04-06 11:31 - 000000000 ____D C:\Users\User\AppData\Roaming\SqJeGrFCmhTziVRi
2021-04-03 13:18 - 2021-04-03 13:18 - 000000560 _____ C:\Users\User\AppData\Local\bowsakkdestx.txt
2021-04-03 13:18 - 2021-04-03 13:18 - 000000000 ____D C:\SystemID
2021-04-03 13:17 - 2021-04-03 13:17 - 000000000 ____D C:\ProgramData\NW8B66FAI9WSC78MOS0RKZSYG
2021-04-03 13:16 - 2021-04-03 13:16 - 000000000 ____D C:\ProgramData\6WH32XI5IMFLDEKVRD456Z3YV
2021-04-03 13:12 - 2021-04-03 13:16 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2021-04-03 13:12 - 2021-04-03 13:12 - 000000000 ____D C:\ProgramData\EGD0BH0V1K36W4YSKOLOXMVJV
2021-04-03 13:11 - 2021-04-07 09:04 - 000000000 ____D C:\Program Files\javcse
2021-04-03 13:11 - 2021-04-03 13:49 - 000000000 ____D C:\Users\User\Documents\VlcpVideoV1.0.1
2021-04-03 13:11 - 2021-04-03 13:15 - 000141296 _____ (Oracle Corporation) C:\Program Files\dcpr.dll
2021-04-03 13:11 - 2021-04-03 13:15 - 000015856 _____ C:\Program Files\jp2native.dll
2021-04-03 13:11 - 2021-04-03 13:15 - 000000199 _____ C:\Program Files\unins.vbs
2021-04-03 13:11 - 2021-04-03 13:11 - 000000000 ____D C:\Users\User\AppData\Roaming\Strenge
2021-04-03 13:10 - 2021-04-03 13:10 - 000000000 ____D C:\Program Files (x86)\67e16a30-3df6-4d4c-a838-a81a8806dda3
2021-04-03 12:47 - 2021-04-03 12:47 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2021-04-03 12:22 - 2021-04-03 12:22 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2021-04-03 12:22 - 2021-04-03 12:22 - 000000000 ____D C:\Users\User\AppData\Local\EpicGamesLauncher
2021-04-03 12:22 - 2021-04-03 12:22 - 000000000 ____D C:\Users\User\AppData\Local\DBG
2021-04-03 12:22 - 2021-04-03 12:22 - 000000000 ____D C:\Users\User\AppData\Local\CrashReportClient
2021-04-03 10:55 - 2021-04-03 10:55 - 000001250 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects 2021.lnk
2021-04-03 10:55 - 2021-04-03 10:55 - 000001238 _____ C:\Users\User\Desktop\Adobe After Effects 2021.lnk
2021-04-03 10:55 - 2021-04-03 10:55 - 000000000 ____D C:\ProgramData\Documents\Adobe
2021-04-03 10:51 - 2021-04-03 10:51 - 000000000 ____D C:\ProgramData\Documents\AdobeInstalledCodecs
2021-04-03 08:58 - 2021-04-03 08:58 - 000000000 ____D C:\Users\User\Documents\Adobe
2021-04-01 19:46 - 2021-04-06 12:32 - 000000000 ____D C:\Users\User\AppData\Local\D3DSCache
2021-04-01 19:46 - 2021-04-03 10:55 - 000000000 ____D C:\Program Files\Common Files\Adobe
2021-04-01 19:46 - 2021-04-03 10:55 - 000000000 ____D C:\Program Files\Adobe
2021-04-01 11:46 - 2021-04-03 10:26 - 000000000 ____D C:\Users\User\AppData\Roaming\vlc
2021-04-01 11:43 - 2021-04-01 11:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2021-04-01 11:42 - 2021-04-01 11:42 - 000000000 ____D C:\Program Files\VideoLAN
2021-04-01 09:53 - 2021-04-01 09:53 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-04-01 09:52 - 2021-04-01 09:52 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-04-01 09:52 - 2021-04-01 09:52 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-04-01 09:52 - 2021-04-01 09:52 - 000480256 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-04-01 09:52 - 2021-04-01 09:52 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-04-01 09:52 - 2021-04-01 09:52 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-04-01 09:52 - 2021-04-01 09:52 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-04-01 09:52 - 2021-04-01 09:52 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-04-01 09:52 - 2021-04-01 09:52 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-04-01 09:52 - 2021-04-01 09:52 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-04-01 09:51 - 2021-04-01 09:51 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-04-01 09:51 - 2021-04-01 09:51 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-04-01 09:51 - 2021-04-01 09:51 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-04-01 09:51 - 2021-04-01 09:51 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-04-01 09:51 - 2021-04-01 09:51 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-04-01 09:51 - 2021-04-01 09:51 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-04-01 09:51 - 2021-04-01 09:51 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-04-01 09:50 - 2021-04-01 09:50 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-04-01 09:50 - 2021-04-01 09:50 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-04-01 09:50 - 2021-04-01 09:50 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-04-01 09:50 - 2021-04-01 09:50 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-04-01 09:50 - 2021-04-01 09:50 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-04-01 09:50 - 2021-04-01 09:50 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-04-01 09:50 - 2021-04-01 09:50 - 000011359 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-04-01 09:49 - 2021-04-01 09:49 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-04-01 09:49 - 2021-04-01 09:49 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-04-01 09:49 - 2021-04-01 09:49 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2021-04-01 09:49 - 2021-04-01 09:49 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2021-04-01 09:48 - 2021-04-01 09:48 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-04-01 09:48 - 2021-04-01 09:48 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-04-01 09:48 - 2021-04-01 09:48 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-04-01 09:48 - 2021-04-01 09:48 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-04-01 09:48 - 2021-04-01 09:48 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-04-01 09:47 - 2021-04-01 09:47 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-04-01 09:47 - 2021-04-01 09:47 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-04-01 09:47 - 2021-04-01 09:47 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-04-01 09:47 - 2021-04-01 09:47 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2021-04-01 09:47 - 2021-04-01 09:47 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-04-01 09:47 - 2021-04-01 09:47 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2021-04-01 09:47 - 2021-04-01 09:47 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2021-04-01 09:46 - 2021-04-01 09:46 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-04-01 09:46 - 2021-04-01 09:46 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-04-01 09:46 - 2021-04-01 09:46 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2021-04-01 09:45 - 2021-04-01 09:45 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-04-01 09:45 - 2021-04-01 09:45 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-01 09:45 - 2021-04-01 09:45 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-04-01 09:45 - 2021-04-01 09:45 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-04-01 09:45 - 2021-04-01 09:45 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-04-01 09:45 - 2021-04-01 09:45 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-04-01 09:45 - 2021-04-01 09:45 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2021-04-01 09:44 - 2021-04-01 09:44 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-04-01 09:44 - 2021-04-01 09:44 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-04-01 09:44 - 2021-04-01 09:44 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-04-01 09:44 - 2021-04-01 09:44 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-04-01 09:43 - 2021-04-01 09:43 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll
2021-04-01 09:43 - 2021-04-01 09:43 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-04-01 09:41 - 2021-04-01 09:41 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-04-01 09:41 - 2021-04-01 09:41 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-04-01 09:41 - 2021-04-01 09:41 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-04-01 09:40 - 2021-04-01 09:40 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-04-01 09:40 - 2021-04-01 09:40 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-04-01 09:40 - 2021-04-01 09:40 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-04-01 09:40 - 2021-04-01 09:40 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2021-04-01 09:40 - 2021-04-01 09:40 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-04-01 09:40 - 2021-04-01 09:40 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-04-01 09:40 - 2021-04-01 09:40 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-04-01 09:08 - 2021-04-01 09:08 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-01 09:00 - 2021-04-07 11:18 - 000000000 ___HD C:\$WinREAgent
2021-03-31 16:21 - 2021-03-31 04:49 - 000000000 ____D C:\Windows.old
2021-03-31 16:16 - 2021-03-31 16:21 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-03-31 16:14 - 2021-03-31 16:14 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-03-31 16:08 - 2021-03-31 16:08 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-03-31 16:08 - 2021-03-31 16:08 - 000000000 ____D C:\Program Files\MSBuild
2021-03-31 16:08 - 2021-03-31 16:08 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-03-31 16:08 - 2021-03-31 16:08 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-03-31 08:36 - 2021-04-03 10:24 - 000000000 ____D C:\Users\User\AppData\Local\PlaceholderTileLogoFolder
2021-03-31 04:50 - 2021-03-31 04:53 - 000000000 ____D C:\Users\User\AppData\Local\ConnectedDevicesPlatform
2021-03-31 04:50 - 2021-03-31 04:50 - 000000020 ___SH C:\Users\User\ntuser.ini
2021-03-31 04:49 - 2021-03-31 04:49 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1875166542-2685140994-1970054088-500
2021-03-31 04:48 - 2021-04-09 08:58 - 000004166 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{43E7DC2E-3E7D-4748-B968-E358F7D22BB2}
2021-03-31 04:48 - 2021-03-31 04:49 - 000003366 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineUA
2021-03-31 04:48 - 2021-03-31 04:49 - 000003346 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-03-31 04:48 - 2021-03-31 04:49 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1875166542-2685140994-1970054088-1001
2021-03-31 04:48 - 2021-03-31 04:49 - 000002784 _____ C:\WINDOWS\system32\Tasks\WpsUpdateTask_User
2021-03-31 04:48 - 2021-03-31 04:48 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-03-31 04:48 - 2021-03-31 04:48 - 000003212 _____ C:\WINDOWS\system32\Tasks\WpsExternal_User_20210330132923
2021-03-31 04:48 - 2021-03-31 04:48 - 000003142 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineCore
2021-03-31 04:48 - 2021-03-31 04:48 - 000003122 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-03-31 04:47 - 2021-03-31 04:48 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2021-03-31 04:47 - 2021-03-31 04:48 - 000011433 _____ C:\WINDOWS\diagerr.xml
2021-03-31 04:40 - 2021-03-31 04:40 - 000000020 ___SH C:\Users\MSSQL$SQLEXPRESS\ntuser.ini
2021-03-31 04:33 - 2021-03-31 04:42 - 000000000 ____D C:\Users\MSSQL$SQLEXPRESS
2021-03-31 04:33 - 2019-12-07 13:10 - 000001105 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-31 04:33 - 2019-12-07 13:10 - 000001105 _____ C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-31 04:22 - 2021-04-08 21:53 - 000008192 ___SH C:\DumpStack.log.tmp
2021-03-31 03:30 - 2021-03-31 03:30 - 000016148 _____ C:\WINDOWS\system32\DESKTOP-BV3TRHD_User_HistoryPrediction.bin
2021-03-30 13:29 - 2021-03-31 02:46 - 000000710 _____ C:\WINDOWS\Tasks\WpsExternal_User_20210330132923.job
2021-03-30 09:31 - 2021-03-30 09:31 - 000815712 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
2021-03-30 09:31 - 2021-03-30 09:31 - 000716384 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2021-03-30 09:31 - 2021-03-30 09:31 - 000437344 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
2021-03-30 09:31 - 2021-03-30 09:31 - 000350816 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo59.dll
2021-03-30 09:31 - 2021-03-30 09:31 - 000289376 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
2021-03-30 09:31 - 2021-03-30 09:31 - 000066136 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynRMIHID_Aux.sys
2021-03-30 09:31 - 2021-03-30 09:31 - 000055384 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel_Aux.sys
2021-03-30 09:31 - 2021-03-30 09:31 - 000053848 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF_Aux.sys
2021-03-30 09:31 - 2018-05-11 17:37 - 000034944 _____ (HP) C:\WINDOWS\system32\Drivers\WirelessButtonDriver64.sys
2021-03-29 11:36 - 2021-03-31 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDAutomation.com QR-Code Font and Encoder
2021-03-29 11:35 - 2021-03-29 11:36 - 000000000 ____D C:\Program Files (x86)\IDAutomation.com QR-Code Font and Encoder
2021-03-29 11:14 - 2021-03-31 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIC 7
2021-03-29 11:14 - 2021-03-29 11:14 - 000246080 _____ (KEYLOK) C:\WINDOWS\system32\NWKL2_64.DLL
2021-03-29 11:14 - 2021-03-29 11:14 - 000235840 _____ (KEYLOK) C:\WINDOWS\system32\KL2DLL64.DLL
2021-03-29 11:14 - 2021-03-29 11:14 - 000228160 _____ (KEYLOK) C:\WINDOWS\SysWOW64\NWKL2_32.DLL
2021-03-29 11:14 - 2021-03-29 11:14 - 000123200 _____ (KEYLOK) C:\WINDOWS\SysWOW64\KL2DLL32.DLL
2021-03-29 11:14 - 2021-03-29 11:14 - 000041984 _____ C:\WINDOWS\system32\ppmon64.exe
2021-03-29 11:14 - 2021-03-29 11:14 - 000024136 _____ C:\WINDOWS\SysWOW64\ppmon.exe
2021-03-29 11:14 - 2021-03-29 11:14 - 000012480 _____ C:\WINDOWS\SysWOW64\KL2N.DLL
2021-03-29 11:14 - 2021-03-29 11:14 - 000007440 _____ C:\WINDOWS\SysWOW64\ppmon.dll
2021-03-29 11:14 - 2021-03-29 11:14 - 000002603 _____ C:\ProgramData\Desktop\MAGIC.lnk
2021-03-29 11:14 - 2021-03-29 11:14 - 000000000 ____D C:\Users\User\AppData\Local\KEYLOK
2021-03-29 11:14 - 2021-03-29 11:14 - 000000000 ____D C:\Program Files\DIFX
2021-03-29 11:13 - 2021-04-07 11:21 - 000000000 ____D C:\Cards7
2021-03-29 11:13 - 2021-03-29 11:14 - 000000000 ____D C:\Program Files (x86)\MAGIC7
2021-03-29 11:12 - 2019-03-10 17:48 - 003719168 _____ C:\MAGIC7_EPM.bak
2021-03-29 11:03 - 2021-03-29 11:03 - 000000000 ____D C:\WINDOWS\system32\RsFx
2021-03-29 10:55 - 2021-03-29 10:55 - 000000000 ____D C:\Users\User\AppData\Local\Microsoft_Corporation
2021-03-29 10:52 - 2021-03-29 11:10 - 000000000 ____D C:\Users\User\Documents\SQL Server Management Studio
2021-03-29 10:50 - 2021-03-31 16:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2021-03-29 10:49 - 2021-03-31 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2014
2021-03-29 10:48 - 2021-03-31 16:21 - 000000000 ____D C:\WINDOWS\SysWOW64\1033
2021-03-29 10:48 - 2021-03-29 10:48 - 000000000 ____D C:\Users\User\Documents\Visual Studio 2010
2021-03-29 10:47 - 2021-03-29 10:48 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0
2021-03-29 10:46 - 2021-03-31 16:21 - 000000000 ____D C:\WINDOWS\system32\1033
2021-03-29 10:46 - 2021-03-29 10:46 - 000000000 ____D C:\WINDOWS\symbols
2021-03-29 10:46 - 2021-03-29 10:46 - 000000000 ____D C:\Program Files\Microsoft Visual Studio 10.0
2021-03-29 10:46 - 2021-03-29 10:46 - 000000000 ____D C:\Program Files\Microsoft Help Viewer
2021-03-29 10:46 - 2021-03-29 10:46 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2021-03-29 10:33 - 2021-03-31 04:51 - 000000000 ___DC C:\WINDOWS\Panther
2021-03-29 10:24 - 2021-03-29 10:24 - 000000000 ____D C:\ProgramData\Synaptics
2021-03-25 12:46 - 2021-04-03 13:46 - 000006250 _____ C:\Users\User\Desktop\box.png.ytbn
2021-03-25 12:24 - 2021-04-03 13:46 - 000034316 _____ C:\Users\User\Desktop\cosec-vega-fax-banner-removebg-preview.png.ytbn
2021-03-25 12:09 - 2021-04-03 13:46 - 000064889 _____ C:\Users\User\Desktop\4024520392_1572874805.jpg.ytbn
2021-03-24 09:42 - 2021-03-24 09:49 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-03-24 09:41 - 2021-03-31 16:24 - 000000000 ____D C:\Program Files\rempl
2021-03-24 09:41 - 2021-03-24 14:57 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2021-03-24 09:41 - 2021-03-24 14:48 - 000000000 ____D C:\Program Files\CUAssistant
2021-03-23 09:25 - 2010-12-06 06:16 - 000090112 _____ (Vestris Inc.) C:\WINDOWS\system32\Vestris.ResourceLib.dll
2021-03-22 16:17 - 2021-04-03 13:46 - 000360782 _____ C:\Users\User\Documents\Database1.accdb.ytbn
2021-03-22 15:03 - 2021-04-07 11:18 - 000000000 ____D C:\AccessControl
2021-03-22 15:03 - 2021-03-31 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AccessControl
2021-03-22 15:03 - 2021-03-22 15:03 - 000001625 _____ C:\ProgramData\Desktop\AccessControl.lnk
2021-03-18 16:01 - 2021-03-31 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ApowerMirror
2021-03-18 16:01 - 2021-03-18 16:01 - 000000613 _____ C:\Users\User\Desktop\ApowerMirror.lnk
2021-03-18 14:28 - 2021-04-04 10:21 - 000000000 ____D C:\Users\User\AppData\Local\BitTorrentHelper
2021-03-18 14:28 - 2021-04-03 13:49 - 000000000 ____D C:\Users\User\Downloads\BitTorrent Web Tutorial Video
2021-03-18 14:23 - 2021-03-18 14:24 - 000000000 ____D C:\Program Files\TAP-Windows
2021-03-18 12:26 - 2021-04-07 11:18 - 000000000 ____D C:\.android
2021-03-18 12:22 - 2021-03-18 12:26 - 000000000 ____D C:\ProgramData\Apple
2021-03-18 12:22 - 2021-03-18 12:22 - 000000000 ____D C:\Users\User\Documents\Apowersoft
2021-03-18 12:22 - 2021-03-18 12:22 - 000000000 ____D C:\Program Files\Bonjour
2021-03-18 12:22 - 2021-03-18 12:22 - 000000000 ____D C:\Program Files (x86)\Bonjour
2021-03-18 12:21 - 2021-03-18 12:21 - 000000000 ____D C:\Users\User\AppData\Roaming\Apowersoft
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-04-09 14:01 - 2020-11-19 11:43 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-04-09 13:58 - 2019-12-07 13:03 - 000065536 _____ C:\WINDOWS\system32\config\ELAM
2021-04-09 11:55 - 2019-12-07 13:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-08 21:56 - 2020-07-23 21:59 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles
2021-04-08 21:54 - 2020-11-19 11:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-04-08 21:53 - 2019-12-07 13:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-04-08 18:44 - 2020-12-06 10:11 - 000000000 ____D C:\Program Files (x86)\AnyDesk
2021-04-07 14:20 - 2021-01-21 10:07 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2021-04-07 13:14 - 2020-07-24 06:45 - 000000000 ____D C:\Users\User\AppData\Local\VirtualStore
2021-04-07 12:33 - 2020-10-07 00:53 - 000000000 ____D C:\Trisha
2021-04-07 12:32 - 2021-01-10 09:14 - 000000000 ____D C:\SadpLog
2021-04-07 11:21 - 2020-12-24 10:47 - 000000000 ____D C:\kingsoft
2021-04-07 11:21 - 2020-11-26 23:55 - 000000000 ____D C:\Cakewalk Projects
2021-04-07 11:21 - 2020-11-26 23:50 - 000000000 ____D C:\Cakewalk Content
2021-04-07 11:19 - 2020-10-08 14:26 - 000000000 ____D C:\Among Us V.2020.9.9
2021-04-07 08:40 - 2019-12-07 13:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-04-06 15:34 - 2020-12-06 10:11 - 000000000 ____D C:\ProgramData\AnyDesk
2021-04-06 15:05 - 2020-11-19 11:54 - 000982928 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-04-06 15:05 - 2019-12-07 13:13 - 000000000 ____D C:\WINDOWS\INF
2021-04-06 14:24 - 2020-12-26 13:21 - 000000000 ____D C:\Program Files\Wondershare
2021-04-06 14:22 - 2020-12-26 13:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2021-04-06 10:38 - 2020-07-23 22:28 - 000000000 ____D C:\Program Files\WinRAR
2021-04-06 08:51 - 2020-10-06 21:21 - 000000000 ____D C:\Users\User\AppData\Local\Opera Software
2021-04-06 08:51 - 2020-10-06 21:20 - 000000000 ____D C:\Users\User\AppData\Roaming\Opera Software
2021-04-05 13:09 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-04-04 10:00 - 2020-07-23 22:28 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-04-04 10:00 - 2020-07-23 22:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-04-04 08:49 - 2019-12-07 13:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-04-04 08:49 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-04-04 08:48 - 2020-11-19 11:46 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-03 14:39 - 2021-02-07 12:32 - 000002364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2021-04-03 13:49 - 2021-01-03 13:52 - 000000000 ____D C:\Users\User\Documents\Camtasia
2021-04-03 13:46 - 2021-01-24 09:22 - 000000000 ___RD C:\Users\User\3D Objects
2021-04-03 13:46 - 2021-01-03 12:23 - 000009466 _____ C:\Users\User\Desktop\New Text Document (2.1).ytbn.ytbn
2021-04-03 13:46 - 2021-01-02 09:51 - 000005012 _____ C:\Users\User\Desktop\New Text Document (2).txt.ytbn
2021-04-03 13:46 - 2020-12-28 10:23 - 000001276 _____ C:\Users\User\Desktop\New Text Document.txt.ytbn
2021-04-03 13:46 - 2020-12-10 13:03 - 000012882 _____ C:\Users\User\Desktop\Stock list December 2020.xlsx.ytbn
2021-04-03 13:46 - 2020-12-09 11:29 - 000002572 ____H C:\Users\User\Documents\Default.rdp.ytbn
2021-04-03 13:46 - 2020-12-08 09:55 - 000117957 _____ C:\Users\User\Desktop\IT Companies Data.xlsx.ytbn
2021-04-03 13:46 - 2020-12-06 09:49 - 000000000 ____D C:\Users\User\.android
2021-04-03 12:52 - 2019-12-07 13:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-04-03 12:42 - 2021-01-05 10:11 - 000000000 ____D C:\Program Files (x86)\Balabolka
2021-04-03 12:35 - 2020-10-07 00:02 - 000000000 ____D C:\Users\User\AppData\Roaming\.minecraft
2021-04-03 12:22 - 2020-10-10 18:36 - 000000000 ____D C:\Program Files (x86)\Epic Games
2021-04-03 11:58 - 2020-10-07 00:00 - 000000000 ____D C:\Program Files\Badlion Client
2021-04-03 10:49 - 2020-10-09 21:45 - 000000000 ____D C:\ProgramData\Adobe
2021-04-03 08:58 - 2020-10-09 21:44 - 000000000 ____D C:\Users\User\AppData\Local\Adobe
2021-04-03 08:58 - 2020-07-24 06:45 - 000000000 ____D C:\Users\User\AppData\Roaming\Adobe
2021-04-03 08:48 - 2020-11-19 11:48 - 000000000 ____D C:\ProgramData\Packages
2021-04-01 20:11 - 2020-11-19 11:43 - 000485152 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-04-01 20:05 - 2019-12-07 13:54 - 000000000 ___SD C:\WINDOWS\system32\AppV
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-04-01 20:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-04-01 20:04 - 2019-12-07 13:54 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-04-01 20:04 - 2019-12-07 13:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-04-01 20:04 - 2019-12-07 13:54 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\IME
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-04-01 20:04 - 2019-12-07 13:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-04-01 20:04 - 2019-12-07 13:03 - 000000000 ____D C:\WINDOWS\servicing
2021-04-01 19:46 - 2020-10-10 18:42 - 000000000 ____D C:\ProgramData\Package Cache
2021-04-01 15:06 - 2020-07-24 06:45 - 000000000 ____D C:\Users\User\AppData\Local\Packages
2021-04-01 11:28 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-04-01 09:39 - 2020-11-19 11:45 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-04-01 08:59 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-04-01 08:58 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\appcompat
2021-03-31 16:21 - 2021-01-31 09:06 - 000000000 ____D C:\WINDOWS\SysWOW64\shxfont
2021-03-31 16:21 - 2021-01-31 09:05 - 000000000 ____D C:\WINDOWS\SysWOW64\PS
2021-03-31 16:21 - 2021-01-31 09:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoDWG
2021-03-31 16:21 - 2021-01-10 09:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SADPTool
2021-03-31 16:21 - 2021-01-03 13:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2021-03-31 16:21 - 2020-12-28 15:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\POINTMAN
2021-03-31 16:21 - 2020-12-13 15:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CardScanner
2021-03-31 16:21 - 2020-12-13 15:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Business Card Scanner Driver
2021-03-31 16:21 - 2020-12-06 10:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyDesk
2021-03-31 16:21 - 2020-12-06 09:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2021-03-31 16:21 - 2020-07-23 22:38 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2021-03-31 16:21 - 2020-07-23 21:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2021-03-31 16:21 - 2020-07-23 21:51 - 000000000 ____D C:\Program Files\Intel
2021-03-31 16:21 - 2019-12-07 13:18 - 000000000 ____D C:\WINDOWS\Setup
2021-03-31 16:21 - 2019-12-07 13:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-03-31 16:21 - 2019-12-07 13:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-03-31 16:21 - 2015-07-10 17:14 - 000000000 ____D C:\WINDOWS\ShellNew
2021-03-31 16:21 - 2015-07-10 15:04 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-03-31 16:21 - 2015-07-10 15:04 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-03-31 16:20 - 2015-07-10 15:04 - 000000000 ____D C:\WINDOWS\InfusedApps
2021-03-31 16:16 - 2020-11-27 00:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Celemony
2021-03-31 16:16 - 2020-11-26 23:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cakewalk
2021-03-31 16:16 - 2020-07-23 21:58 - 000000000 ____D C:\Program Files\Synaptics
2021-03-31 16:16 - 2020-07-23 21:56 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2021-03-31 16:16 - 2020-07-23 21:55 - 000000000 ____D C:\Program Files\Realtek
2021-03-31 16:16 - 2020-07-23 21:54 - 000000000 ____D C:\Program Files\AMD
2021-03-31 16:16 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\Resources
2021-03-31 16:08 - 2020-11-19 06:50 - 000443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2021-03-31 16:08 - 2020-11-19 06:50 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2021-03-31 16:08 - 2019-12-07 13:10 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2021-03-31 14:50 - 2020-11-19 11:46 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-03-31 14:50 - 2020-11-19 11:46 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-03-31 09:05 - 2020-11-19 11:43 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-03-31 04:51 - 2020-10-10 14:54 - 000000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2021-03-31 04:49 - 2019-12-07 13:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-03-31 04:46 - 2019-12-07 13:14 - 000000000 __RSD C:\WINDOWS\Media
2021-03-31 04:43 - 2020-07-23 21:59 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-03-31 04:38 - 2020-12-07 10:02 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WPS Office
2021-03-31 04:38 - 2020-11-26 23:34 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BandLab Technologies
2021-03-31 04:38 - 2020-10-07 13:59 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-03-31 04:34 - 2021-01-04 09:31 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blender
2021-03-31 04:27 - 2020-07-23 21:55 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2021-03-31 03:36 - 2020-12-24 10:53 - 000000372 _____ C:\WINDOWS\Tasks\WpsUpdateTask_User.job
2021-03-29 11:09 - 2020-07-23 22:36 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2021-03-29 11:09 - 2020-07-23 22:36 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2021-03-29 10:51 - 2020-07-23 22:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-03-29 10:24 - 2020-10-06 21:18 - 000000000 ____D C:\Users\User\AppData\Roaming\Synaptics
2021-03-20 08:55 - 2020-12-27 16:15 - 000000747 _____ C:\Users\User\Desktop\Video Editing - Shortcut.lnk
2021-03-15 09:13 - 2020-07-24 06:47 - 000000000 ___RD C:\Users\User\OneDrive
2021-03-13 09:43 - 2020-10-09 21:47 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
==================== Files in the root of some directories ========
2021-04-03 13:12 - 2021-04-03 13:16 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2021-04-03 13:11 - 2021-04-03 13:15 - 000022848 _____ (Microsoft Corporation) C:\Program Files\api-ms-win-crt-convert-l1-1-0.dll
2021-04-03 13:11 - 2021-04-03 13:15 - 000023360 _____ (Microsoft Corporation) C:\Program Files\api-ms-win-crt-runtime-l1-1-0.dll
2021-04-03 13:11 - 2021-04-03 13:15 - 000024896 _____ (Microsoft Corporation) C:\Program Files\api-ms-win-crt-string-l1-1-0.dll
2021-04-03 13:11 - 2021-04-03 13:15 - 000141296 _____ (Oracle Corporation) C:\Program Files\dcpr.dll
2021-04-03 13:11 - 2021-04-03 13:15 - 000015856 _____ () C:\Program Files\jp2native.dll
2021-04-03 13:11 - 2021-04-03 13:15 - 000000199 _____ () C:\Program Files\unins.vbs
2021-04-04 18:53 - 2021-04-04 18:53 - 000000032 _____ () C:\Users\User\AppData\Roaming\8f9b.8f9b
2021-04-03 13:18 - 2021-04-03 13:18 - 000000560 _____ () C:\Users\User\AppData\Local\bowsakkdestx.txt
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-04-2021
Ran by User (09-04-2021 14:09:31)
Running from C:\Users\User\Desktop
Windows 10 Pro Version 20H2 19042.867 (X64) (2021-03-31 00:49:49)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1875166542-2685140994-1970054088-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1875166542-2685140994-1970054088-503 - Limited - Disabled)
Guest (S-1-5-21-1875166542-2685140994-1970054088-501 - Limited - Disabled)
User (S-1-5-21-1875166542-2685140994-1970054088-1001 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-1875166542-2685140994-1970054088-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Access Control (HKLM-x32\...\{B8202A3F-65A2-4921-B5CB-598FFA49FD11}) (Version: 7.51.81 - CSN)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.001.20145 - Adobe Systems Incorporated)
Adobe After Effects 2021 (HKLM-x32\...\AEFT_18_0_1) (Version: 18.0.1 - Adobe Inc.)
AdoptOpenJDK JDK with Hotspot 8.0.265.01 (x64) (HKLM\...\{2B68F6A3-4DF9-48A9-B59D-922F5A8D1A62}) (Version: 8.0.265.01 - AdoptOpenJDK)
Android Studio (HKLM\...\Android Studio) (Version: 4.1 - Google LLC)
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 6.2.3 - philandro Software GmbH)
BandLab Assistant 6.2.0 (HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\9b08bea4-021c-5f9d-a74e-ac0ceb51fb28) (Version: 6.2.0 - BandLab Technologies)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 25.0.1.177 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.21.227 - Bitdefender)
Blender (HKLM\...\{64FCD268-AF5F-403D-B51B-00BC2D47DD0B}) (Version: 2.91.0 - Blender Foundation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 89.1.22.71 - Brave Software Inc)
Business Card Scanner Driver (HKLM-x32\...\{71A51A91-E7D3-11DB-A386-005056C00008}) (Version: 2010.03.02 - Deasy Corporation)
Cakewalk by BandLab (HKLM\...\Cakewalk Core_is1) (Version: 26.11.0.099 - BandLab Singapore Pte Ltd.)
Cakewalk Drum Replacer (HKLM\...\Cakewalk Drum Replacer_is1) (Version: 1.2.0.14 - BandLab Singapore Pte Ltd.)
Cakewalk Studio Instruments Suite (HKLM\...\Studio Instruments Suite_is1) (Version: 1.0.0.70 - BandLab Singapore Pte Ltd.)
Cakewalk Theme Editor (HKLM\...\Cakewalk Theme Editor_is1) (Version: 1.2.0.14 - BandLab Singapore Pte Ltd.)
Camtasia 2019 (HKLM\...\{FF10C4F0-9186-405F-809D-D2E8D5E39448}) (Version: 19.0.10.17662 - TechSmith Corporation) Hidden
Camtasia 2019 (HKLM-x32\...\{03e048a7-3690-409c-b9c4-27612f78bd68}) (Version: 19.0.10.17662 - TechSmith Corporation)
Card Printer (HKLM\...\Card Printer) (Version: - )
CardScanner (HKLM-x32\...\{94E73CA7-027B-4F3D-9E2A-9FEE4F7DD9C5}) (Version: 3.0 - )
DWGSee Pro 2020 (HKLM-x32\...\{BE4B9B74-CEB0-499C-A0F4-4F17DF52B314}) (Version: 5.0 - AutoDWG)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
gdiview (HKLM-x32\...\{9A2A452C-3057-4F5E-8C7F-41B0D566B831}) (Version: 1.0.0 - gdiview)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.114 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 - Google LLC) Hidden
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
IDAutomation.com QR-Code Font and Encoder (HKLM-x32\...\IDAutomation.com QR-Code Font and Encoder) (Version: - )
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{7563302D-BD6B-4153-BA7D-3E3432E7C22D}) (Version: 7.5.6 - Intel Corporation)
KX-TE Maintenance Console (HKLM-x32\...\{EF5B455C-7FAA-4978-BB92-29CEBD013C9C}) (Version: 3.000 - )
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
MAGIC7 (HKLM-x32\...\{75E7949C-6476-4F91-9BC8-5DDA7C45BCA4}) (Version: 1.0.0 - EPM)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Melodyne 4 (HKLM-x32\...\{16DF894D-FC3F-4B87-908D-671E201CD7A8}) (Version: 4.01.0111 - Celemony Software GmbH)
Melodyne Runtime 4.1 (x64) (HKLM\...\{721E4E34-AF7C-4345-93F9-282CCC8CCCB5}) (Version: 1.0.2 - Celemony Software GmbH)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.68 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{A106FA6F-E94C-44C9-8A0F-C34BD82C9FE6}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\OneDriveSetup.exe) (Version: 21.030.0211.0002 - Microsoft Corporation)
Microsoft Report Viewer 2014 Runtime (HKLM-x32\...\{327E9C0D-1687-414F-923E-F5979E549548}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version: - Microsoft Corporation)
Microsoft SQL Server 2014 Policies (HKLM-x32\...\{1C30FE7E-8A8C-4492-89D6-10CB20C3B0EB}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{0EEBDCCA-EF5D-4896-9FEA-D7D410A57E8A}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL Compiler Service (HKLM\...\{59DE4D1C-690E-4397-8A44-B684934E863C}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\Teams) (Version: 1.3.00.26064 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.26.28720 (HKLM-x32\...\{7d607fb4-7e28-4c7a-a92f-3fcdaf555faf}) (Version: 14.26.28720.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.0.2000.8 - Microsoft Corporation)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.)
SADPTool (HKLM-x32\...\{7D9B79C2-B1B2-433B-844F-F4299B86F26E}) (Version: 3.0.1.8 - hikvision)
SQL Server 2014 Client Tools (HKLM\...\{2BA1811B-44C0-4C50-8C5A-CE68AB25ED71}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Client Tools (HKLM\...\{B5ECFA5C-AC4F-45A4-A12E-A76ABDD9CCBA}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{BD1CD96B-FE4B-4EAE-83D4-6EF55AB5779C}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{F7012F84-80F5-4C25-852E-B1BA03276FE6}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{17531BCD-C627-46A2-9F1E-7CC920E0E94A}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{5082A9F3-AEE5-4639-9BA7-C19661BA7331}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{ACC530B8-B6B4-40D6-B59B-152468CF47D0}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{D1B847A9-B06B-4264-9EF0-78E6E1571E65}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (HKLM\...\{75A54138-3B98-4705-92E4-F619825B121F}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (HKLM\...\{839EF29A-3055-43DC-ADCE-8E84893798D5}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.0.2000.8 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{6476DB81-F263-4C04-8574-AAD31136C304}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Update for Skype for Business 2016 (KB4032255) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{053B38B6-9400-4CCD-BD0C-95E28A4D5BC4}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB4032255) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{053B38B6-9400-4CCD-BD0C-95E28A4D5BC4}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB4032255) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{053B38B6-9400-4CCD-BD0C-95E28A4D5BC4}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{6753CC12-A884-47B2-9270-F5CD31B6F256}) (Version: 2.67.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{0746492E-47B6-4251-940C-44462DFD74BB}) (Version: 2.55.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{76A22428-2400-4521-96AF-7AC4A6174CA5}) (Version: 1.25.0.0 - Microsoft Corporation) Hidden
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Windows Driver Package - KEYLOK (usbkey) USB (06/10/2010 64.0.0.0) (HKLM\...\B048A6D4B0188E5A802ADFF30A7C78FA4AD99BE0) (Version: 06/10/2010 64.0.0.0 - KEYLOK)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
WPS Office (11.2.0.10078) (HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\Kingsoft Office) (Version: 11.2.0.10078 - Kingsoft Corp.)
Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-03-31] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-03-31] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-03-31] (Microsoft Studios) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2021-03-31] (Microsoft Corporation) [MS Ad]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1875166542-2685140994-1970054088-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1875166542-2685140994-1970054088-1001_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 -> C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.10078\office6\kwpsmenushellext64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1875166542-2685140994-1970054088-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel® pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1875166542-2685140994-1970054088-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1875166542-2685140994-1970054088-1001_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ContextMenuHandlers1: [DWGSeeMenu] -> {A6EAF440-149E-4AF3-AE84-5DA3CF791E3B} => C:\Program Files (x86)\AutoDWG\DWGSee Pro 2020\DWGSeeMenu64.dll [2012-07-13] (TODO: <Company name>) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-07] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2020-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-07] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-1875166542-2685140994-1970054088-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.10078\office6\kwpsmenushellext64.dll [2021-03-30] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
ContextMenuHandlers4_S-1-5-21-1875166542-2685140994-1970054088-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\User\AppData\Local\Kingsoft\WPS Office\11.2.0.10078\office6\kwpsmenushellext64.dll [2021-03-30] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2021-01-31 09:05 - 2012-07-13 04:28 - 000125952 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\AutoDWG\DWGSee Pro 2020\DWGSeeMenu64.dll
2020-12-28 15:33 - 2014-07-30 16:06 - 000024576 _____ (Windows ® Codename Longhorn DDK provider) [File not signed] C:\WINDOWS\System32\CITPJLMON.DLL
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxps://www.msn.com/en-ae/?ocid=iehp
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2018-07-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2018-07-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-23] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-06-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-06-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-06-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-06-12] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\localhost -> localhost
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 15:04 - 2021-04-08 21:50 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64\compiler;C:\Program Files\AdoptOpenJDK\jdk-8.0.265.01-hotspot\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\ManagementStudio\;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\120\DTS\Binn\;C:\Program Files\Microsoft SQL Server\120\DTS\Binn\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\Control Panel\Desktop\\Wallpaper -> c:\users\user\downloads\wallpaperflare.com_wallpaper.jpg
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 8.8.8.8 - 4.4.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\StartupFolder: => "AnyDesk.lnk"
HKLM\...\StartupApproved\Run32: => "VMonitorVMUVC"
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\StartupApproved\Run: => "Adobe Reader Synchronizer"
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\StartupApproved\Run: => "ColdHill"
HKU\S-1-5-21-1875166542-2685140994-1970054088-1001\...\StartupApproved\Run: => "Opera GX Browser Assistant"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{7109EECF-FE7B-43A5-805A-2892C5E0AB47}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{59982179-E95D-4255-92A6-E701888CFD92}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3961424B-EA55-459B-A937-44772E52F443}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{039034B7-9C45-445D-B6F5-6FE15467602F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BE9CED34-384B-4002-B49A-1F43DE1734CF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [UDP Query User{3BBB5996-6FCC-48C6-8106-B0D42182BEDC}C:\program files (x86)\sadptool\sadptool.exe] => (Allow) C:\program files (x86)\sadptool\sadptool.exe (HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )
FirewallRules: [TCP Query User{1CA1D82E-5535-49A0-B16E-3CA236B60E5D}C:\program files (x86)\sadptool\sadptool.exe] => (Allow) C:\program files (x86)\sadptool\sadptool.exe (HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )
FirewallRules: [{B7FEDDAA-F21B-4C23-8E53-2EA2102A11E3}] => (Allow) LPort=8320
FirewallRules: [{89FC2107-1EC2-49F0-8080-1507431889DE}] => (Allow) C:\Program Files\Cakewalk\Shared Utilities\StartPage\CakewalkStartScreen.exe (BandLab Singapore Pte Ltd. -> BandLab Singapore Pte Ltd.)
FirewallRules: [{19351964-04DE-4AFF-B931-26EFD5CABA12}] => (Allow) C:\Program Files\Cakewalk\Shared Utilities\StartPage\CakewalkStartScreen.exe (BandLab Singapore Pte Ltd. -> BandLab Singapore Pte Ltd.)
FirewallRules: [UDP Query User{AE38B650-87D6-4BA9-A4E8-7898FA7C9521}C:\users\user\appdata\local\programs\bandlab-assistant\bandlab assistant.exe] => (Allow) C:\users\user\appdata\local\programs\bandlab-assistant\bandlab assistant.exe (BandLab Singapore Pte Ltd. -> BandLab Technologies)
FirewallRules: [TCP Query User{30B4A390-6047-4E09-A396-633648DDFE63}C:\users\user\appdata\local\programs\bandlab-assistant\bandlab assistant.exe] => (Allow) C:\users\user\appdata\local\programs\bandlab-assistant\bandlab assistant.exe (BandLab Singapore Pte Ltd. -> BandLab Technologies)
FirewallRules: [UDP Query User{2F03BFAD-4573-4A26-B43D-A653D76C57A6}C:\program files\adoptopenjdk\jdk-8.0.265.01-hotspot\jre\bin\javaw.exe] => (Allow) C:\program files\adoptopenjdk\jdk-8.0.265.01-hotspot\jre\bin\javaw.exe
FirewallRules: [TCP Query User{A05A573B-6BDF-4606-8883-E1C7B262FDE1}C:\program files\adoptopenjdk\jdk-8.0.265.01-hotspot\jre\bin\javaw.exe] => (Allow) C:\program files\adoptopenjdk\jdk-8.0.265.01-hotspot\jre\bin\javaw.exe
FirewallRules: [UDP Query User{4460A8C1-11DE-4C3A-B725-16451D63740C}C:\users\user\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\user\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{0E0F0A0D-0B25-44A8-9579-94DFE81FAAC9}C:\users\user\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\user\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{5C9BCD4B-9018-4D3E-92D1-34AF53DAFA35}C:\programdata\badlionclient\jre\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre\bin\javaw.exe
FirewallRules: [TCP Query User{F48BB3EC-1BE0-47E3-AB03-1563D980B23B}C:\programdata\badlionclient\jre\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre\bin\javaw.exe
FirewallRules: [{67476C21-3FA6-4EB8-B2D5-BFD2C5556A19}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{30DB716E-F20F-43D4-B8B6-B28F037C4CCA}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{17515E3C-B17F-4D7C-8AD5-B6BDB12AA72C}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{112FEAD7-8C5D-4070-9837-496F3BF89DEF}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6374F229-D68A-4057-B1EA-086BDD8B1AC6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E0FE3DC1-53F1-4BB0-8EA7-CEEAA9A03A9E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{17AA5971-6B4D-49D2-85D7-CB3AA9EFB1E5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0D225FB2-22CE-4763-BA7B-27807270BD9A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{20991701-8604-495D-A067-C561EEF27D65}C:\windows\syswow64\svchost.exe] => (Allow) C:\windows\syswow64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [UDP Query User{A409B505-3B51-4787-9B65-90812C078665}C:\windows\syswow64\svchost.exe] => (Allow) C:\windows\syswow64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{963974C6-5911-4007-84F6-8498E1788C19}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{1314C217-144D-4793-AE0B-04494310D515}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{2711FF43-19AD-4200-9722-13FBDE119F05}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{57F4E5ED-3A95-422D-89FA-DF0B2AAF2605}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{D89587EB-FA1D-44AE-ACB8-C061326A74A5}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{7FFC42C2-2465-49E5-A331-2A8C5252B5B9}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{320F82E9-9DF1-4A76-A648-886A8A6071E7}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
==================== Restore Points =========================
04-04-2021 09:02:35 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (04/09/2021 01:56:33 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent
Error: (04/09/2021 11:57:10 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent
Error: (04/09/2021 11:56:09 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent
Error: (04/09/2021 09:57:07 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent
Error: (04/09/2021 09:56:02 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent
Error: (04/09/2021 07:57:06 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent
Error: (04/09/2021 07:56:26 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent
Error: (04/09/2021 05:57:04 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent
System errors:
=============
Error: (04/08/2021 09:54:13 PM) (Source: IntelHaxm) (EventID: 10) (User: )
Description: HAXM can't work on system with VT disabled
Error: (04/08/2021 09:50:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
Error: (04/08/2021 09:50:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (04/08/2021 09:50:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server (SQLEXPRESS) service terminated unexpectedly. It has done this 1 time(s).
Error: (04/08/2021 09:50:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ProductAgentService service terminated unexpectedly. It has done this 1 time(s).
Error: (04/08/2021 09:50:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SQL Server Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (04/08/2021 09:50:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The AnyDesk Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
Error: (04/08/2021 09:50:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
Windows Defender:
================
Date: 2021-04-03 13:19:15
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Glupteba.AV!MTB
Severity: Severe
Category: Trojan
Path: file:_C:\Users\User\AppData\Local\88827002-09ba-4f78-af26-e846d392c127\E2F6.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\svchost.exe
Security intelligence Version: AV: 1.335.109.0, AS: 1.335.109.0, NIS: 1.335.109.0
Engine Version: AM: 1.1.18000.5, NIS: 1.1.18000.5
Date: 2021-04-03 13:18:44
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Wacatac.B!ml
Severity: Severe
Category: Trojan
Path: file:_C:\Users\User\AppData\Local\Temp\is-GTMR8.tmp\Setup.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\svchost.exe
Security intelligence Version: AV: 1.335.109.0, AS: 1.335.109.0, NIS: 1.335.109.0
Engine Version: AM: 1.1.18000.5, NIS: 1.1.18000.5
Date: 2021-04-03 13:18:42
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Mamson.A!ac
Severity: Severe
Category: Trojan
Path: file:_C:\Program Files (x86)\67e16a30-3df6-4d4c-a838-a81a8806dda3\Versium Research\LabPicV3.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\User\AppData\Local\Temp\is-GTMR8.tmp\Setup.exe
Security intelligence Version: AV: 1.335.109.0, AS: 1.335.109.0, NIS: 1.335.109.0
Engine Version: AM: 1.1.18000.5, NIS: 1.1.18000.5
Date: 2021-04-03 13:13:53
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Stealer.KA!MTB
Severity: Severe
Category: Trojan
Path: file:_C:\Users\User\AppData\Local\Temp\haleng.exe; regkey:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\haleng; runkey:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\haleng
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.335.109.0, AS: 1.335.109.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.18000.5, NIS: 0.0.0.0
Date: 2021-04-03 13:13:53
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Backdoor:Win32/Bladabindi!ml
Severity: Severe
Category: Backdoor
Path: file:_C:\Program Files (x86)\67e16a30-3df6-4d4c-a838-a81a8806dda3\Versium Research\RunWW.exe; process:_pid:11960,ProcessStart:132619146701968983
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\67e16a30-3df6-4d4c-a838-a81a8806dda3\Versium Research\RunWW.exe
Security intelligence Version: AV: 1.335.109.0, AS: 1.335.109.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.18000.5, NIS: 0.0.0.0
Date: 2021-04-03 13:18:43
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x8007041d
Error description: The service did not respond to the start or control request in a timely fashion.
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
CodeIntegrity:
===============
Date: 2021-04-09 11:57:26
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender Antivirus Free\bdamsi\265245302951969804\antimalware_provider64.dll that did not meet the Windows signing level requirements.
Date: 2021-04-09 04:25:47
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender Antivirus Free\bdamsi\265245302951969804\antimalware_provider64.dll that did not meet the Windows signing level requirements.
Date: 2021-04-08 21:54:44
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender Antivirus Free\connectagent.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: Insyde F.14 10/04/2013
Motherboard: Hewlett-Packard 1970
Processor: Intel® Core i7-3632QM CPU @ 2.20GHz
Percentage of memory in use: 70%
Total physical RAM: 8090.35 MB
Available physical RAM: 2420.77 MB
Total Virtual: 9370.35 MB
Available Virtual: 2781.74 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:146.91 GB) (Free:27.84 GB) NTFS
Drive d: () (Fixed) (Total:155.27 GB) (Free:123.63 GB) NTFS
Drive e: () (Fixed) (Total:163.09 GB) (Free:86.98 GB) NTFS
\\?\Volume{c0944214-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: C0944214)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=155.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=163.1 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================