iamthefutureofall

Addition.txtFRST.txt

also I got another problem with the windows firewall , I run the tool WindowsFirewall.diagcab and this is the result

I figure it out . here are the Files , and I did another scan with 90 days cheked . can I provide you with that too? Also I have the windows built in Antivirus package right now, I did no not how yo disable it , I run the programs with windows smartscreen off but with the antivirus on windows and firewall on. is that ok? or I can run it again no problem without the windows antivirus If you tell me Addition.txt mb.txt AdwCleaner[S06].txt FRST.txt

where do i deactivate windows smart screen? I deactivated from EDGE but the pop up of smart screen appears

Another thing is that AdwCleaner never went to reboot after scanning, maybe I did wrong the FRST logs? I execute FRST from desktop and the first time I deleted the FRST.exe without the uninstall method . and went to download it again , and when I did the uninstall.exe (before that I have deleted the .OldFRST folder manually ) then another thing that Maybe i did wrong was when you asked me to give you the logs again Because you couldn't read them from the clipboard I just copied them from the clipboard and put them in .txt file , then I gave the logs. (maybe If I did wrong I'm sorry )

is this another threat ? Here in the chatbox , Right now , I just submitted for 1 file only . and when I wanted to edit the post to be more clear I encountered the keto.png

Another scary thing. I put the directory of Warzone (where it was the malware shortcut attached to msiexec.exe on SysWOW64) into the Address bar of Google Chrome then automatically downloaded the file from the location of my drive to the browser. is that normal ? then if I proceed here's a picture of the entries that I was telling you about and are those @netlogon a threat too ?

the file it's not in the right location its supposed to be in system32 not SysWOW64 . can you tell me I'm wrong?

do I delete the file msiexec.exe? or do I delete the shortcut ? either way that is going to delete msiexec.exe . isn't that a windows process?

Hi How are you? In one folder that I removed the Malware now I have an Uninstall shortcut that is linking to Windows/SysWOW64/msiexec.exe from Programs folder

what browser do you recommend?

Thanks , I had like 20 extensions when in extensions I have only 4 . that is a temporary fix or It's now fixed? do I have to do something more? it is better to uninstall / install chrome? do you recommend to reset chrome too?

can you help me about the report or should I open a new topic? MalwareBytes its saying that chrome.exe is infected with malware .

Thank you, I have this issue Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 3/16/21 Protection Event Time: 1:04 AM Log File: 18e46718-8615-11eb-94de-d05099abd555.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1217 Update Package Version: 1.0.38221 License: Trial -System Information- OS: Windows 10 (Build 19041.867) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Google\Chrome\Application\chrome.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Malware Domain: IP Address: 45.56.121.35 Port: 80 Type: Outbound File: C:\Program Files\Google\Chrome\Application\chrome.exe (end)

its fine you can close this topic

MB.txt Addition.txt AdwCleaner[S03].txt FRST.txt

No. no option was given to me on the MalwareBytes program to quarantine that file and the file was a shortcut when I went into the folder location , the shortcut had no route , a windows error appeared when searching for his location. then I deleted the shortcut

I didn't know . I've used Hijackthis before , I've used that tool on my routines. I've learned how to use it. that was on windows xp. Now it's running fine. im a little concerned about the malware Ai that the Malwarebytes program didn't do any action

thanks . I had to repair it first i understand now. but i had AVG for years. I was not sure. and they did not respond to my inquiries as fast as you . do you recommend using Hijackthis just to try it?

but I uninstalled AVG and when it rebooted Apache was not anymore inside bitnami stack manager. I uninstalled AVG couse for that I told you and because the program was not working properly , I had to activate some features manually every time the computer started , I used a used key just to have more features maybe it was that ? what do you recommend to my case? is it better doing a windows reset? how have you encountered the logs that I had sent to you?

Hi kevinf80 i really don't know how to reinstall it I did an avg clean up with the avg clean tool and now the apache server is gone it does not show on the bitnami stack, only mysql. I did a ticket with bitnami support. but I have a question for you maybe you can help me. I unninstall AVG becouse of this : first I have 3 AVG instances running , maybe that's fine but when I go to Properties - Details It shows in all instances Original file name AvastUI.exe

Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/14/21 Scan Time: 1:07 PM Log File: c841ab0a-84e7-11eb-a33c-d05099abd555.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1217 Update Package Version: 1.0.38139 License: Trial -System Information- OS: Windows 10 (Build 19042.867) CPU: x64 File System: NTFS User: DESKTOP-E8BVDK8\lux -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 394404 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 1 hr, 19 min, 3 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) # ------------------------------- # Malwarebytes AdwCleaner 8.1.0.0 # ------------------------------- # Build: 02-15-2021 # Database: 2021-01-11.1 (Local) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 03-14-2021 # Duration: 00:00:36 # OS: Windows 10 Pro # Scanned: 3147 # Detected: 0 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ***** [ Hosts File Entries ] ***** No malicious hosts file entries found. ***** [ Preinstalled Software ] ***** No Preinstalled Software found. AdwCleaner[S00].txt - [1813 octets] - [12/03/2021 12:12:35] AdwCleaner[C00].txt - [1910 octets] - [12/03/2021 12:13:46] AdwCleaner[S01].txt - [1526 octets] - [12/03/2021 18:01:35] AdwCleaner[S02].txt - [1587 octets] - [12/03/2021 18:06:45] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S03].txt ########## Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-03-2021 Ran by lux (administrator) on DESKTOP-E8BVDK8 (14-03-2021 14:47:43) Running from C:\Users\lux\Desktop\FIRST Loaded Profiles: lux Platform: Windows 10 Pro Version 20H2 19042.867 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Bitnami\wordpress-5.6-3\mysql\bin\mysqld.exe <2> (Adobe Systems Incorporated) C:\Program Files\WindowsApps\Adobe.CC.XD_25.3.12.1_x64__adky2gkssdxte\XD.exe (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0361132.inf_amd64_4863ccf4c1b997c9\B361196\atiesrxx.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\afwServ.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\avgToolsSvc.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe <3> (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe (Avid Technology, Inc. -> M-Audio) C:\Program Files (x86)\M-Audio\Fast Track\AudioDevMon.exe (Flexera Software LLC -> Flexera) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SurfRight B.V. -> SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-05-26] (Corel Corporation -> Corel Corporation) HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [124032 2018-05-26] (Corel Corporation -> WinZip Computing) HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [436416 2018-05-26] (WinZip Computing LLC -> WinZip Computing, S.L.) HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [164608 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [18727048 2018-10-05] (Logitech Inc -> Logitech Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [331064 2020-10-16] (Apple Inc. -> Apple Inc.) HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2021-01-04] (Adobe Inc. -> ) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32726088 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2021-01-04] (Adobe Inc. -> ) HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11221496 2021-03-09] (Support.com Inc -> SUPERAntiSpyware) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\89.0.4389.90\Installer\chrmstp.exe [2021-03-12] (Google LLC -> Google LLC) Startup: C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GenuineService.lnk [2019-08-01] ShortcutTarget: GenuineService.lnk -> C:\Users\lux\Autodesk\Genuine Service\GenuineService.exe (Autodesk, Inc. -> Autodesk) Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01A04EEC-D266-47C6-8ADD-FF966248287A} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {0A4FB83A-1270-4965-91B6-680438E2F205} - System32\Tasks\Mozilla\Firefox Developer Edition Default Browser Agent CA9422711AE1A81C => C:\Program Files\Firefox Developer Edition\default-browser-agent.exe do-task "CA9422711AE1A81C" Task: {1406319A-9FA7-446C-AF35-8280D92A044A} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [4730624 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) Task: {21C83A50-A09B-47BF-8865-F5469F008F33} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [694752 2021-03-06] (Mozilla Corporation -> Mozilla Foundation) Task: {25DFC818-592C-4F1E-8A47-946ADB76658F} - System32\Tasks\Mozilla\Firefox Nightly Default Browser Agent 6F193CCC56814779 => C:\Program Files\Firefox Nightly\default-browser-agent.exe do-task "6F193CCC56814779" Task: {2E352502-2149-4F32-8A79-42005652AF6D} - System32\Tasks\BlueStacksHelper => G:\BLUESTACKS\BlueStacks\Client\Helper\BlueStacksHelper.exe [754104 2021-01-07] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.) Task: {3876FCD3-C190-47B2-8DC8-3865B4991A0D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-30] (Google LLC -> Google LLC) Task: {43912CE4-F6E9-4955-969E-8557BE97E7A7} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4022856778-3193992897-3864231476-1001 => C:\Users\lux\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task: {46D1C481-5130-4D61-9D33-0F2BD2308980} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-05-26] (Corel Corporation -> Corel Corporation) Task: {49FB58B4-DD4B-4519-9206-9B69F501BB2E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.) Task: {57828313-D46B-4DE3-918D-00A4CF78BB82} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {821141F5-F23A-4F86-A008-FDB5CCD5A346} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1822976 2021-02-23] (AVG Technologies USA, LLC -> AVG Technologies) Task: {994054D5-6822-45FF-89C4-9C133A0C43D0} - System32\Tasks\SUPERAntiSpyware Scheduled Task f670f671-a83d-4db4-af77-19ffa5594347 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2021-01-09] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) -> "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:f670f671-a83d-4db4-af77-19ffa5594347 Task: {9F26A201-557A-4803-A6BF-2541A4EF421E} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-05-26] (Corel Corporation -> Corel Corporation) Task: {B6462D50-60A9-49F7-BC85-911014C5C53D} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-05-26] (Corel Corporation -> Corel Corporation) Task: {B70DDA39-D8A1-41F8-840C-E5B7DE12AEF2} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [1710464 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {BC84898B-089D-4A76-9331-286EFD5930BD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27168840 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd) Task: {D17D65C3-2279-43EE-8C27-AD00AF3D841F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-03-05] (Piriform Software Ltd -> Piriform) Task: {D977AB8B-28E7-4CE4-9AD9-B4EAD98B3CED} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {DF3F98B6-0381-4DB6-9F50-78364C6EFAE7} - System32\Tasks\SUPERAntiSpyware Scheduled Task d7b383c5-6fed-4ab5-a88a-e04bda5480a0 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2021-01-09] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) -> "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:d7b383c5-6fed-4ab5-a88a-e04bda5480a0 Task: {E560DDA1-0B98-4B0F-9145-54E31B6E7F6C} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {F0DC8573-8780-481F-9B08-401CEE6FEE9E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-30] (Google LLC -> Google LLC) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d7b383c5-6fed-4ab5-a88a-e04bda5480a0.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task f670f671-a83d-4db4-af77-19ffa5594347.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 200.42.4.198 200.49.130.40 Tcpip\..\Interfaces\{588c67e1-02d4-490e-be08-ba8568127598}: [DhcpNameServer] 200.42.4.198 200.49.130.40 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\lux\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-14] Edge HomePage: Default -> hxxp://www.google.com/ncr FireFox: ======== FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-12] (Adobe Systems Incorporated -> Adobe Systems) FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-12] (Adobe Systems Incorporated -> Adobe Systems) StartMenuInternet: Firefox-6F193CCC56814779 - C:\Program Files\Firefox Nightly\firefox.exe Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default [2021-03-14] CHR StartupUrls: Default -> "hxxps://bitnami.com/","hxxps://miloserdov.org/?p=2655","hxxps://community.bitnami.com/t/apache-server-doesnt-run-after-httpd-exe-was-removed-by-antivirus/92805","hxxps://forums.malwarebytes.com/topic/271618-malware-keeps-coming-back/","hxxps://support.clio.com/hc/en-us/articles/360008609034-How-Do-I-Clear-Saved-Auto-Fill-Passwords-in-Google-Chrome-on-Desktop","hxxps://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1615648602&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f0%2f%3fstate%3d1%26redirectTo%3daHR0cHM6Ly9vdXRsb29rLmxpdmUuY29tL21haWwvMC9pbmJveA%26RpsCsrfState%3d76a8757c-8742-09a9-50fd-26b08ff6d0f3&id=292841&aadredir=1&whr=hotmail.com&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015","hxxps://www.google.com/search?q=what+cloud+bitnami+uses&oq=what+cloud+bitnami+uses&aqs=chrome..69i57j0i22i30l5.6087j0j7&sourceid=chrome&ie=UTF-8","chrome://newtab/","hxxps://bitnami.com/sign_in" CHR DefaultSearchURL: Default -> hxxps://sf16-sg.tiktokcdn.com/obj/eden-sg/uvkuhyieh7lpqpbj/pwa/512x512.png CHR Extension: (TikTok) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahoadnkmomodgfkfokbclmabbfdaejpe [2021-02-03] CHR Extension: (Tema oscuro para Google Chrome) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\annfbnbieaamhaimclajlajpijgkdblo [2021-03-10] CHR Extension: (Google Drive) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-26] CHR Extension: (TT Downloader) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbckhiepgpniilpmlionnkjoeehhgao [2020-11-06] CHR Extension: (YouTube) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-10-26] CHR Extension: (Adblock Plus - bloqueador de anuncios gratis) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-29] CHR Extension: (Video Downloader professional) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2020-11-30] CHR Extension: (WhatFont) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\enfmjcmgehfjmhdbdceflcijljnpjfjh [2021-03-01] CHR Extension: (Documentos de Google sin conexión) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-10] CHR Extension: (WhatFont) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2021-03-01] CHR Extension: (Tema oscuro para cualquier sitio web) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhodgikjfpkmcfeokjkanalglikhcgoh [2021-03-13] CHR Extension: (Right Click Opens Link New Tab Correct Order) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhjkeimpgjokbjmioglhlngefbddppnn [2020-11-05] CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29] CHR Extension: (Video Downloader by Skyload) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\pebcmofchocakhnljflecpkhadfplaea [2020-11-19] CHR Extension: (Gmail) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-26] CHR Extension: (Chrome Media Router) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-03] CHR Profile: C:\Users\lux\AppData\Local\Google\Chrome\User Data\System Profile [2021-03-13] CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2021-01-09] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) S3 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated) S3 AdskLicensingService; C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingService\AdskLicensingService.exe [16939312 2019-01-08] (Autodesk, Inc. -> Autodesk) S3 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated) S3 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated) S3 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-09-24] (Apple Inc. -> Apple Inc.) R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [622184 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R2 AVG Firewall; C:\Program Files\AVG\Antivirus\afwServ.exe [1301208 2021-03-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [353024 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) S3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [8091704 2021-03-06] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R2 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109464 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8736880 2021-01-02] (BattlEye Innovations e.K. -> ) S4 DialogBlockingService; C:\WINDOWS\System32\DialogBlockingService.dll [76288 2021-03-14] (Microsoft Windows -> Microsoft Corporation) R2 FastTrackAudioDevMon; C:\Program Files (x86)\M-Audio\Fast Track\AudioDevMon.exe [1962768 2013-05-21] (Avid Technology, Inc. -> M-Audio) R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [5136328 2021-03-08] (SurfRight B.V. -> SurfRight B.V.) R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [206472 2018-10-05] (Logitech Inc -> Logitech Inc.) S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-03-10] (Malwarebytes Inc -> Malwarebytes) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5352528 2021-03-14] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.7-0\NisSrv.exe [3284840 2020-02-04] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.7-0\MsMpEng.exe [103168 2020-02-04] (Microsoft Windows Publisher -> Microsoft Corporation) R2 wordpressMySQL; C:\Bitnami\wordpress-5.6-3\mysql\bin\mysqld.exe [49974272 2020-09-23] () [File not signed] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [62056 2020-07-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [208176 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [357400 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [249368 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [98840 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [16832 2020-12-09] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.) R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [41424 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R1 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [175368 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R1 avgNetHub; C:\WINDOWS\System32\drivers\avgNetHub.sys [521472 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [107920 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [83496 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [850248 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [465800 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) S2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [215464 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [327104 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R2 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv_bgp.sys [315976 2020-10-04] (Bluestack Systems, Inc -> Bluestack System Inc.) R1 hmpalert; C:\WINDOWS\system32\drivers\hmpalert.sys [429800 2021-03-08] (SurfRight B.V. -> SurfRight B.V.) R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech) R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2018-10-05] (Logitech Inc -> Logitech Inc.) R3 MAUSBFASTTRACK; C:\WINDOWS\System32\drivers\MAudioFastTrack.sys [460048 2013-05-21] (Avid Technology, Inc. -> M-Audio) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-03-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-03-10] (Malwarebytes Inc -> Malwarebytes) S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2016-06-15] (OpenVPN Technologies, Inc. -> The OpenVPN Project) S3 Revoflt; C:\WINDOWS\System32\DRIVERS\revoflt.sys [38400 2020-10-14] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions) S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2018-07-31] (TunnelBear, Inc. -> The OpenVPN Project) S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project) S3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [44976 2018-09-07] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project) S3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2018-07-13] (Windscribe Limited -> The OpenVPN Project) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45960 2020-02-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [376032 2020-02-04] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2020-02-04] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-03-14 14:40 - 2021-03-14 14:40 - 000000020 _____ C:\Users\lux\Desktop\avg.txt 2021-03-14 14:34 - 2021-03-14 14:34 - 000001648 _____ C:\Users\lux\Desktop\AdwCleaner[S03].txt 2021-03-14 14:31 - 2021-03-14 14:32 - 008463216 _____ (Malwarebytes) C:\Users\lux\Downloads\adwcleaner_8.1.exe 2021-03-14 14:27 - 2021-03-14 14:27 - 000001234 _____ C:\Users\lux\Desktop\MB.txt 2021-03-14 13:42 - 2021-03-14 10:40 - 000000000 ____D C:\Windows.old 2021-03-14 13:29 - 2021-03-14 13:42 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate 2021-03-14 13:25 - 2021-03-14 13:28 - 000000000 ____D C:\WINDOWS\ServiceProfiles 2021-03-14 13:24 - 2021-03-14 13:24 - 000008192 _____ C:\WINDOWS\system32\config\userdiff 2021-03-14 13:17 - 2021-03-14 13:17 - 000000000 ____D C:\ProgramData\ssh 2021-03-14 13:04 - 2021-03-14 13:04 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll 2021-03-14 13:03 - 2021-03-14 13:03 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr 2021-03-14 13:03 - 2021-03-14 13:03 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr 2021-03-14 13:03 - 2021-03-14 13:03 - 000480256 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll 2021-03-14 13:03 - 2021-03-14 13:03 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll 2021-03-14 13:03 - 2021-03-14 13:03 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll 2021-03-14 13:03 - 2021-03-14 13:03 - 000111616 _____ C:\WINDOWS\system32\RDVGHelper.exe 2021-03-14 13:03 - 2021-03-14 13:03 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll 2021-03-14 13:02 - 2021-03-14 13:02 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2021-03-14 13:02 - 2021-03-14 13:02 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax 2021-03-14 13:02 - 2021-03-14 13:02 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax 2021-03-14 13:02 - 2021-03-14 13:02 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax 2021-03-14 13:02 - 2021-03-14 13:02 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx 2021-03-14 13:02 - 2021-03-14 13:02 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl 2021-03-14 13:01 - 2021-03-14 13:01 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx 2021-03-14 13:01 - 2021-03-14 13:01 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl 2021-03-14 13:01 - 2021-03-14 13:01 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax 2021-03-14 13:01 - 2021-03-14 13:01 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax 2021-03-14 13:01 - 2021-03-14 13:01 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax 2021-03-14 13:01 - 2021-03-14 13:01 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl 2021-03-14 13:01 - 2021-03-14 13:01 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll 2021-03-14 13:01 - 2021-03-14 13:01 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll 2021-03-14 13:00 - 2021-03-14 13:00 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll 2021-03-14 13:00 - 2021-03-14 13:00 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2021-03-14 13:00 - 2021-03-14 13:00 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2021-03-14 13:00 - 2021-03-14 13:00 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll 2021-03-14 13:00 - 2021-03-14 13:00 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll 2021-03-14 13:00 - 2021-03-14 13:00 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll 2021-03-14 13:00 - 2021-03-14 13:00 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx 2021-03-14 13:00 - 2021-03-14 13:00 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl 2021-03-14 13:00 - 2021-03-14 13:00 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl 2021-03-14 13:00 - 2021-03-14 13:00 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl 2021-03-14 13:00 - 2021-03-14 13:00 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx 2021-03-14 13:00 - 2021-03-14 13:00 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll 2021-03-14 13:00 - 2021-03-14 13:00 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll 2021-03-14 13:00 - 2021-03-14 13:00 - 000011359 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-03-14 12:59 - 2021-03-14 12:59 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll 2021-03-14 12:59 - 2021-03-14 12:59 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll 2021-03-14 12:59 - 2021-03-14 12:59 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll 2021-03-14 12:59 - 2021-03-14 12:59 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl 2021-03-14 12:59 - 2021-03-14 12:59 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll 2021-03-14 12:59 - 2021-03-14 12:59 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl 2021-03-14 12:59 - 2021-03-14 12:59 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\activeds.tlb 2021-03-14 12:59 - 2021-03-14 12:59 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll 2021-03-14 12:59 - 2021-03-14 12:59 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2021-03-14 12:58 - 2021-03-14 12:58 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll 2021-03-14 12:58 - 2021-03-14 12:58 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll 2021-03-14 12:58 - 2021-03-14 12:58 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE 2021-03-14 12:58 - 2021-03-14 12:58 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll 2021-03-14 12:58 - 2021-03-14 12:58 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll 2021-03-14 12:58 - 2021-03-14 12:58 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2021-03-14 12:58 - 2021-03-14 12:58 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll 2021-03-14 12:58 - 2021-03-14 12:58 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll 2021-03-14 12:58 - 2021-03-14 12:58 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll 2021-03-14 12:58 - 2021-03-14 12:58 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl 2021-03-14 12:58 - 2021-03-14 12:58 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll 2021-03-14 12:58 - 2021-03-14 12:58 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.drv 2021-03-14 12:58 - 2021-03-14 12:58 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe 2021-03-14 12:58 - 2021-03-14 12:58 - 000000000 ___HD C:\$SysReset 2021-03-14 12:57 - 2021-03-14 12:57 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl 2021-03-14 12:57 - 2021-03-14 12:57 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl 2021-03-14 12:57 - 2021-03-14 12:57 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe 2021-03-14 12:57 - 2021-03-14 12:57 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2021-03-14 12:56 - 2021-03-14 12:56 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll 2021-03-14 12:56 - 2021-03-14 12:56 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2021-03-14 12:56 - 2021-03-14 12:56 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2021-03-14 12:56 - 2021-03-14 12:56 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl 2021-03-14 12:56 - 2021-03-14 12:56 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl 2021-03-14 12:56 - 2021-03-14 12:56 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll 2021-03-14 12:56 - 2021-03-14 12:56 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll 2021-03-14 12:56 - 2021-03-14 12:56 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe 2021-03-14 12:56 - 2021-03-14 12:56 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\activeds.tlb 2021-03-14 12:56 - 2021-03-14 12:56 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys 2021-03-14 12:56 - 2021-03-14 12:56 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt 2021-03-14 12:55 - 2021-03-14 12:55 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll 2021-03-14 12:55 - 2021-03-14 12:55 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll 2021-03-14 12:55 - 2021-03-14 12:55 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll 2021-03-14 12:55 - 2021-03-14 12:55 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll 2021-03-14 12:55 - 2021-03-14 12:55 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll 2021-03-14 12:55 - 2021-03-14 12:55 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll 2021-03-14 12:55 - 2021-03-14 12:55 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll 2021-03-14 12:54 - 2021-03-14 12:54 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin 2021-03-14 12:54 - 2021-03-14 12:54 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2021-03-14 12:54 - 2021-03-14 12:54 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll 2021-03-14 12:54 - 2021-03-14 12:54 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll 2021-03-14 12:54 - 2021-03-14 12:54 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll 2021-03-14 12:54 - 2021-03-14 12:54 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl 2021-03-14 12:54 - 2021-03-14 12:54 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll 2021-03-14 12:54 - 2021-03-14 12:54 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2021-03-14 12:54 - 2021-03-14 12:54 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll 2021-03-14 12:54 - 2021-03-14 12:54 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll 2021-03-14 12:54 - 2021-03-14 12:54 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll 2021-03-14 12:54 - 2021-03-14 12:54 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll 2021-03-14 12:54 - 2021-03-14 12:54 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.drv 2021-03-14 12:54 - 2021-03-14 12:54 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe 2021-03-14 12:22 - 2021-03-14 12:22 - 000417792 _____ C:\WINDOWS\system32\d3dconfig.exe 2021-03-14 12:22 - 2021-03-14 12:22 - 000374784 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DXCpl.exe 2021-03-14 12:22 - 2021-03-14 12:22 - 000365056 _____ C:\WINDOWS\SysWOW64\d3dconfig.exe 2021-03-14 12:22 - 2021-03-14 12:22 - 000347136 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DXCpl.exe 2021-03-14 12:22 - 2021-03-14 12:22 - 000002060 _____ C:\WINDOWS\system32\noise.jpn 2021-03-14 12:16 - 2021-03-14 12:16 - 000346834 _____ C:\WINDOWS\system32\perfi00A.dat 2021-03-14 12:16 - 2021-03-14 12:16 - 000043954 _____ C:\WINDOWS\system32\perfd00A.dat 2021-03-14 12:16 - 2021-03-14 12:16 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer 2021-03-14 12:16 - 2021-03-14 12:16 - 000000000 ____D C:\WINDOWS\SysWOW64\es 2021-03-14 12:16 - 2021-03-14 12:16 - 000000000 ____D C:\WINDOWS\system32\es 2021-03-14 12:16 - 2021-03-14 12:07 - 000782996 _____ C:\WINDOWS\system32\perfh00A.dat 2021-03-14 12:16 - 2021-03-14 12:07 - 000152612 _____ C:\WINDOWS\system32\perfc00A.dat 2021-03-14 12:01 - 2021-03-14 12:01 - 000000000 ____D C:\Program Files\Reference Assemblies 2021-03-14 12:01 - 2021-03-14 12:01 - 000000000 ____D C:\Program Files\MSBuild 2021-03-14 12:01 - 2021-03-14 12:01 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies 2021-03-14 12:01 - 2021-03-14 12:01 - 000000000 ____D C:\Program Files (x86)\MSBuild 2021-03-14 10:47 - 2021-03-14 10:47 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2021-03-14 10:40 - 2021-03-14 10:40 - 000000020 ___SH C:\Users\lux\ntuser.ini 2021-03-14 10:37 - 2021-03-14 14:15 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2021-03-14 10:37 - 2021-03-14 14:10 - 000004266 _____ C:\WINDOWS\system32\Tasks\Antivirus Emergency Update 2021-03-14 10:37 - 2021-03-14 12:57 - 000003382 _____ C:\WINDOWS\system32\Tasks\SUPERAntiSpyware Scheduled Task f670f671-a83d-4db4-af77-19ffa5594347 2021-03-14 10:37 - 2021-03-14 12:57 - 000003124 _____ C:\WINDOWS\system32\Tasks\SUPERAntiSpyware Scheduled Task d7b383c5-6fed-4ab5-a88a-e04bda5480a0 2021-03-14 10:37 - 2021-03-14 12:57 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4022856778-3193992897-3864231476-1001 2021-03-14 10:37 - 2021-03-14 12:57 - 000002220 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC 2021-03-14 10:37 - 2021-03-14 12:57 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software 2021-03-14 10:37 - 2021-03-14 12:00 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-03-14 10:37 - 2021-03-14 10:38 - 000003406 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2021-03-14 10:37 - 2021-03-14 10:38 - 000003366 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{46C008D5-D1E8-4A00-B94C-58EEA7E7B826} 2021-03-14 10:37 - 2021-03-14 10:38 - 000002754 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 2 2021-03-14 10:37 - 2021-03-14 10:38 - 000002752 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 3 2021-03-14 10:37 - 2021-03-14 10:38 - 000002672 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0 2021-03-14 10:37 - 2021-03-14 10:38 - 000002516 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate 2021-03-14 10:37 - 2021-03-14 10:37 - 000003468 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-03-14 10:37 - 2021-03-14 10:37 - 000003244 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2021-03-14 10:37 - 2021-03-14 10:37 - 000003182 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2021-03-14 10:37 - 2021-03-14 10:37 - 000003024 _____ C:\WINDOWS\system32\Tasks\BlueStacksHelper 2021-03-14 10:37 - 2021-03-14 10:37 - 000002752 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 1 2021-03-14 10:37 - 2021-03-14 10:37 - 000002448 _____ C:\WINDOWS\system32\Tasks\ModifyLinkUpdate 2021-03-14 10:37 - 2021-03-14 10:37 - 000002262 _____ C:\WINDOWS\system32\Tasks\StartCN 2021-03-14 10:37 - 2021-03-14 10:37 - 000002182 _____ C:\WINDOWS\system32\Tasks\StartDVR 2021-03-14 10:37 - 2021-03-14 10:37 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation 2021-03-14 10:37 - 2021-03-14 10:37 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software 2021-03-14 10:37 - 2021-03-14 10:37 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2021-03-14 10:37 - 2021-03-14 10:37 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVG 2021-03-14 10:37 - 2021-03-14 10:37 - 000000000 ____D C:\WINDOWS\system32\Tasks\Apple 2021-03-14 10:35 - 2021-03-14 10:36 - 000007623 _____ C:\WINDOWS\diagwrn.xml 2021-03-14 10:35 - 2021-03-14 10:36 - 000007623 _____ C:\WINDOWS\diagerr.xml 2021-03-14 10:11 - 2021-03-14 12:07 - 001767126 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-03-14 09:54 - 2021-03-14 10:40 - 000000000 ____D C:\Users\lux 2021-03-14 09:54 - 2019-12-07 05:10 - 000001105 _____ C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-03-14 09:43 - 2021-03-14 14:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-03-14 09:43 - 2021-03-14 09:44 - 005146496 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-03-14 09:42 - 2021-03-14 11:59 - 000008192 ___SH C:\DumpStack.log.tmp 2021-03-13 13:32 - 2021-03-14 10:41 - 000000000 ___DC C:\WINDOWS\Panther 2021-03-13 12:50 - 2021-03-13 12:50 - 000000000 ___HD C:\$WinREAgent 2021-03-13 12:09 - 2021-03-13 12:09 - 032003126 _____ C:\Users\lux\Downloads\bnsupport-linux-x64.run 2021-03-13 09:51 - 2021-03-13 09:51 - 000000008 __RSH C:\ProgramData\ntuser.pol 2021-03-13 08:15 - 2021-03-14 14:47 - 000000000 ____D C:\Users\lux\Desktop\FIRST 2021-03-12 23:11 - 2021-03-12 23:11 - 000000000 ___HD C:\$Windows.~WS 2021-03-12 20:55 - 2021-03-13 03:33 - 000000000 ____D C:\ESD 2021-03-12 16:06 - 2021-03-14 14:48 - 000000000 ____D C:\FRST 2021-03-12 12:08 - 2021-03-12 12:13 - 000000000 ____D C:\AdwCleaner 2021-03-12 12:03 - 2021-03-10 16:07 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2021-03-12 10:44 - 2021-03-14 12:57 - 000000538 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task f670f671-a83d-4db4-af77-19ffa5594347.job 2021-03-12 10:44 - 2021-03-14 12:57 - 000000538 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d7b383c5-6fed-4ab5-a88a-e04bda5480a0.job 2021-03-12 05:59 - 2021-03-12 10:23 - 000000000 ____D C:\Users\TEMP.DESKTOP-E8BVDK8.001 2021-03-12 05:59 - 2019-03-19 00:46 - 000001105 _____ C:\Users\TEMP.DESKTOP-E8BVDK8.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-03-12 05:58 - 2021-03-12 05:59 - 000000000 ____D C:\Users\TEMP.DESKTOP-E8BVDK8.000 2021-03-12 05:58 - 2021-03-12 05:58 - 000000000 ____D C:\Users\TEMP.DESKTOP-E8BVDK8 2021-03-12 05:58 - 2019-03-19 00:46 - 000001105 _____ C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-03-12 05:58 - 2019-03-19 00:46 - 000001105 _____ C:\Users\TEMP.DESKTOP-E8BVDK8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-03-12 05:57 - 2021-03-12 05:58 - 000000000 ____D C:\Users\TEMP 2021-03-11 16:12 - 2021-03-11 16:13 - 000000000 ____D C:\windows update fix 2021-03-11 16:08 - 2021-03-11 16:08 - 000000000 ____D C:\Users\lux\AppData\Roaming\SUPERAntiSpyware.com 2021-03-11 16:06 - 2021-03-14 10:00 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2021-03-11 16:06 - 2021-03-11 16:08 - 000000000 ____D C:\Program Files\SUPERAntiSpyware 2021-03-11 16:06 - 2021-03-11 16:06 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2021-03-11 16:02 - 2021-03-11 16:02 - 000000000 ____D C:\Users\lux\AppData\Local\ElevatedDiagnostics 2021-03-11 15:33 - 2021-03-11 15:50 - 000000000 ____D C:\Users\lux\AppData\Local\NPE 2021-03-11 11:49 - 2021-03-14 11:55 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2021-03-10 16:11 - 2021-03-12 12:04 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-03-10 16:11 - 2021-03-10 16:11 - 000000000 ____D C:\Users\lux\AppData\Local\mbam 2021-03-10 16:10 - 2021-03-10 16:10 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2021-03-10 16:10 - 2021-03-10 16:07 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2021-03-10 16:07 - 2021-03-10 16:07 - 000000000 ____D C:\ProgramData\Malwarebytes 2021-03-10 16:06 - 2021-03-10 16:06 - 000000000 ____D C:\Program Files\Malwarebytes 2021-03-09 19:33 - 2021-03-13 18:50 - 000000000 ____D C:\Users\lux\AppData\Local\CrashDumps 2021-03-09 17:41 - 2021-03-09 17:41 - 000000000 ____D C:\ProgramData\Sophos 2021-03-09 17:40 - 2021-03-14 13:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos 2021-03-09 17:40 - 2021-03-09 17:40 - 000002775 _____ C:\ProgramData\Desktop\Sophos Virus Removal Tool.lnk 2021-03-09 17:40 - 2021-03-09 17:40 - 000000000 ____D C:\Program Files (x86)\Sophos 2021-03-09 04:28 - 2021-03-09 04:28 - 000000000 ____D C:\Users\lux\AppData\Local\VS Revo Group 2021-03-09 04:21 - 2021-03-14 13:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro 2021-03-09 04:21 - 2021-03-09 04:21 - 000001122 _____ C:\ProgramData\Desktop\Revo Uninstaller Pro.lnk 2021-03-09 04:21 - 2021-03-09 04:21 - 000000000 ____D C:\ProgramData\VS Revo Group 2021-03-09 04:21 - 2021-03-09 04:21 - 000000000 ____D C:\Program Files\VS Revo Group 2021-03-09 04:21 - 2020-10-14 04:07 - 000038400 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys 2021-03-08 09:02 - 2021-03-08 09:02 - 000001999 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Internet Security.lnk 2021-03-08 09:02 - 2021-02-22 17:03 - 000340224 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe 2021-03-08 08:40 - 2021-03-14 13:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert 2021-03-08 08:40 - 2021-03-14 12:00 - 000000000 ____D C:\ProgramData\HitmanPro.Alert 2021-03-08 08:40 - 2021-03-08 08:40 - 001006032 _____ (SurfRight B.V.) C:\WINDOWS\system32\hmpalert.dll 2021-03-08 08:40 - 2021-03-08 08:40 - 001004496 _____ (SurfRight B.V.) C:\WINDOWS\SysWOW64\hmpalert.dll 2021-03-08 08:40 - 2021-03-08 08:40 - 000429800 _____ (SurfRight B.V.) C:\WINDOWS\system32\Drivers\hmpalert.sys 2021-03-08 08:40 - 2021-03-08 08:40 - 000179144 _____ (SurfRight B.V.) C:\WINDOWS\system32\hmpshell.dll 2021-03-08 08:40 - 2021-03-08 08:40 - 000000000 ____D C:\Program Files (x86)\HitmanPro.Alert 2021-03-07 23:16 - 2021-03-07 23:16 - 000001912 _____ C:\ProgramData\Desktop\BlueStacks.lnk 2021-03-07 23:06 - 2021-03-07 23:06 - 000000000 ____D C:\Program Files\BlueStacks 2021-03-06 04:50 - 2021-03-06 04:50 - 000000000 _____ C:\Users\lux\Desktop\Nice Cookies style.txt 2021-03-04 15:06 - 2021-03-13 21:04 - 000001315 _____ C:\Users\lux\Desktop\cookies terms.txt 2021-03-01 06:26 - 2021-03-01 07:13 - 000000000 ____D C:\Users\lux\Documents\OrbComposer 2021-03-01 06:22 - 2021-03-01 07:46 - 000000000 ____D C:\Users\lux\AppData\Roaming\com.hexachords.OrbComposer 2021-03-01 06:22 - 2018-05-16 17:23 - 000116272 _____ (Bome Software GmbH & Co. KG) C:\WINDOWS\system32\bomemidi_coinst.dll 2021-03-01 00:31 - 2021-03-01 00:31 - 000002120 _____ C:\Users\lux\Desktop\third party cookies note bluehost website.txt 2021-02-28 23:17 - 2021-02-28 23:17 - 000001389 _____ C:\Users\lux\Desktop\Adobe XD.lnk 2021-02-28 22:19 - 2021-02-28 22:19 - 000000000 ___HD C:\$AV_AVG 2021-02-28 10:10 - 2021-03-14 06:21 - 000000000 ____D C:\Users\lux\AppData\LocalLow\IGDump 2021-02-26 06:17 - 2021-02-26 06:29 - 000000000 ____D C:\Program Files\Firefox Developer Edition 2021-02-22 17:04 - 2021-02-22 17:03 - 000215464 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys 2021-02-20 00:58 - 2021-02-20 00:58 - 000035058 _____ C:\Users\lux\Documents\WINAMP.m3u8 2021-02-18 20:55 - 2021-02-18 20:55 - 000000000 ____D C:\Users\lux\Documents\Adobe 2021-02-18 20:19 - 2021-02-18 20:19 - 000000941 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2017.lnk 2021-02-18 20:19 - 2021-02-18 20:19 - 000000000 ____D C:\ProgramData\Documents\Adobe 2021-02-14 05:27 - 2021-02-14 05:27 - 000000000 ____D C:\backup 2021-02-12 03:24 - 2021-02-12 03:25 - 000001068 _____ C:\Users\lux\Documents\cc_20210212_032454.reg 2021-02-12 03:24 - 2021-02-12 03:24 - 000015302 _____ C:\Users\lux\Documents\cc_20210212_032357.reg ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-03-14 14:22 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-03-14 13:42 - 2021-02-05 03:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Software 2021-03-14 13:42 - 2021-02-05 03:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Bug Report Tool 2021-03-14 13:42 - 2021-02-03 12:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2021-03-14 13:42 - 2021-01-31 11:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitnami WordPress Stack 2021-03-14 13:42 - 2021-01-13 14:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2021-03-14 13:42 - 2020-07-20 20:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam 2021-03-14 13:42 - 2020-07-11 21:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonic Charge 2021-03-14 13:42 - 2020-07-09 16:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2021-03-14 13:42 - 2020-06-28 11:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jBridge 2021-03-14 13:42 - 2020-06-27 18:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLicenser 2021-03-14 13:42 - 2020-06-24 19:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 2019.4.1f1 (64-bit) 2021-03-14 13:42 - 2020-06-17 20:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3 FreeMultiplayer 2021-03-14 13:42 - 2020-04-23 23:29 - 000000000 ____D C:\WINDOWS\system32\UnityInjector 2021-03-14 13:42 - 2020-02-07 23:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield 2021-03-14 13:42 - 2019-12-07 05:18 - 000000000 ____D C:\WINDOWS\Setup 2021-03-14 13:42 - 2019-12-07 05:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template 2021-03-14 13:42 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files 2021-03-14 13:42 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2021-03-14 13:42 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase 2021-03-14 13:42 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\spool 2021-03-14 13:42 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\NDF 2021-03-14 13:42 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Macromed 2021-03-14 13:42 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2021-03-14 13:42 - 2019-08-19 01:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Borderless Gaming 2021-03-14 13:42 - 2019-08-01 20:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2020 - English 2021-03-14 13:42 - 2019-07-22 14:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAXON 2021-03-14 13:42 - 2019-07-20 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN 2021-03-14 13:42 - 2019-06-23 20:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk 2021-03-14 13:42 - 2019-06-19 03:48 - 000000000 ____D C:\Program Files\UNP 2021-03-14 13:42 - 2019-06-14 15:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoulseekQt 2021-03-14 13:42 - 2019-06-03 17:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CSS WaZrOnE 2021-03-14 13:42 - 2019-06-03 17:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter Strike Source WaRzOnE 2021-03-14 13:42 - 2019-06-01 14:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2021-03-14 13:42 - 2019-04-03 00:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart2DCutting 3 2021-03-14 13:42 - 2019-04-01 02:53 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2021-03-14 13:42 - 2019-03-31 22:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulk Image Downloader 2021-03-14 13:42 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated 2021-03-14 13:42 - 2019-01-26 04:20 - 000000000 ____D C:\WINDOWS\system32\myApp 2021-03-14 13:42 - 2018-12-18 05:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74 2021-03-14 13:42 - 2018-12-03 02:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer 2021-03-14 13:42 - 2018-11-22 08:03 - 000000000 ____D C:\WINDOWS\system32\appmgmt 2021-03-14 13:42 - 2018-09-30 02:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2021-03-14 13:42 - 2018-09-18 23:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2021-03-14 13:42 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\MsDtc 2021-03-14 13:42 - 2018-09-05 19:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp 2021-03-14 13:42 - 2018-09-05 10:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8 2021-03-14 13:42 - 2018-08-28 11:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2018 2021-03-14 13:42 - 2018-08-27 05:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2021-03-14 13:42 - 2018-08-27 05:14 - 000000000 ____D C:\Program Files\IIS 2021-03-14 13:42 - 2018-04-11 19:38 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy 2021-03-14 13:31 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Resources 2021-03-14 13:31 - 2019-05-11 01:32 - 000000000 ____D C:\WINDOWS\system32\AMD 2021-03-14 13:29 - 2021-02-06 18:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio 2021-03-14 13:29 - 2020-07-13 22:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2019 2021-03-14 13:29 - 2020-07-05 13:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia 2021-03-14 13:29 - 2020-06-28 00:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments 2021-03-14 13:29 - 2020-06-27 18:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arturia 2021-03-14 13:29 - 2020-04-06 13:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XCOM - Enemy Unknown [GOG.com] 2021-03-14 13:29 - 2019-08-19 01:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MWGraphics 2021-03-14 13:29 - 2019-05-24 18:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire 2021-03-14 13:29 - 2018-08-27 04:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017 2021-03-14 13:17 - 2019-12-07 05:54 - 000000000 ___SD C:\WINDOWS\system32\AppV 2021-03-14 13:17 - 2019-12-07 05:54 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2021-03-14 13:17 - 2019-12-07 05:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2021-03-14 13:17 - 2019-12-07 05:54 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12 2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs 2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\UNP 2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\F12 2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation 2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz 2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords 2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX 2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com 2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers 2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources 2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep 2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences 2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup 2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation 2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\migwiz 2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Keywords 2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\es-MX 2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Com 2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\appraiser 2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers 2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellExperiences 2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellComponents 2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning 2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\IME 2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\DiagTrack 2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\System 2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender 2021-03-14 13:17 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\servicing 2021-03-14 13:14 - 2019-12-07 05:54 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll 2021-03-14 13:14 - 2019-12-07 05:54 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml 2021-03-14 13:03 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-03-14 12:25 - 2018-09-26 14:43 - 000000000 ____D C:\ProgramData\AVG 2021-03-14 12:23 - 2019-12-07 05:52 - 000000000 ____D C:\WINDOWS\OCR 2021-03-14 12:16 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm 2021-03-14 12:16 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN 2021-03-14 12:16 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr 2021-03-14 12:16 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts 2021-03-14 12:16 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\system32\winrm 2021-03-14 12:16 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\system32\WCN 2021-03-14 12:16 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\system32\slmgr 2021-03-14 12:16 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts 2021-03-14 12:16 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\dsc 2021-03-14 12:16 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI 2021-03-14 12:16 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\MUI 2021-03-14 12:09 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2021-03-14 12:09 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF 2021-03-14 11:58 - 2019-12-07 05:03 - 000262144 _____ C:\WINDOWS\system32\config\BBI 2021-03-14 11:58 - 2018-08-26 11:09 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin 2021-03-14 11:57 - 2018-08-30 21:47 - 000000000 ____D C:\ProgramData\HitmanPro 2021-03-14 11:54 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-03-14 11:37 - 2018-08-26 12:35 - 000000000 ____D C:\Users\lux\AppData\Local\D3DSCache 2021-03-14 11:03 - 2018-08-26 10:52 - 000000000 ____D C:\Users\lux\AppData\Local\Packages 2021-03-14 11:00 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\PrintDialog 2021-03-14 10:57 - 2020-12-29 05:38 - 000000000 ____D C:\Users\lux\AppData\Local\PlaceholderTileLogoFolder 2021-03-14 10:44 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-03-14 10:44 - 2018-08-26 11:09 - 000000000 ____D C:\ProgramData\Packages 2021-03-14 10:42 - 2018-08-26 10:52 - 000000000 ___RD C:\Users\lux\3D Objects 2021-03-14 10:41 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\USOPrivate 2021-03-14 10:41 - 2018-09-30 02:19 - 000000000 ____D C:\Program Files\CCleaner 2021-03-14 10:40 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-03-14 10:37 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Windows Defender 2021-03-14 10:37 - 2019-12-07 05:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2021-03-14 10:33 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-03-14 10:13 - 2020-08-02 20:46 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-03-14 10:11 - 2020-10-30 02:09 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-03-14 10:00 - 2020-07-01 19:00 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments Pro-53 2021-03-14 10:00 - 2020-06-28 00:32 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Arturia 2021-03-14 10:00 - 2020-01-30 02:54 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder 2021-03-14 10:00 - 2019-05-11 08:22 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hitman Codename 47 2021-03-14 10:00 - 2018-11-20 14:19 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code 2021-03-14 10:00 - 2018-09-25 01:44 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2021-03-14 09:56 - 2021-02-03 17:25 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome 2021-03-14 09:56 - 2020-07-29 21:49 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blender 2021-03-14 09:56 - 2020-07-05 03:22 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iZotope 2021-03-14 09:56 - 2020-06-30 14:29 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments FM7 2021-03-14 09:56 - 2020-06-30 14:13 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Modartt 2021-03-14 09:56 - 2020-06-28 14:27 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Voxengo 2021-03-14 09:56 - 2020-06-27 23:42 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton 2021-03-14 09:56 - 2019-03-16 07:07 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D 2021-03-14 09:50 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\appcompat 2021-03-14 09:43 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState 2021-03-14 07:19 - 2018-08-26 19:33 - 000008192 __RSH C:\BOOTSECT.BAK 2021-03-14 02:48 - 2018-08-26 19:33 - 000413738 __RSH C:\bootmgr 2021-03-14 02:48 - 2018-08-26 19:33 - 000000001 ___SH C:\BOOTNXT 2021-03-13 11:02 - 2020-12-06 11:08 - 000000000 ____D C:\Program Files\Common Files\ChaosGroup 2021-03-13 08:10 - 2020-07-13 02:04 - 000000000 ____D C:\Users\lux\AppData\Roaming\vlc 2021-03-12 08:17 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\TextInput 2021-03-12 00:34 - 2018-08-27 04:17 - 000000000 ____D C:\Program Files\dotnet 2021-03-12 00:34 - 2018-08-26 11:10 - 000000000 ____D C:\ProgramData\Package Cache 2021-03-11 15:38 - 2018-08-26 11:00 - 000000000 ____D C:\ProgramData\Norton 2021-03-11 15:28 - 2020-08-16 10:50 - 000000000 ____D C:\unreal 2021-03-11 11:57 - 2018-08-26 15:16 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-03-11 11:46 - 2018-08-26 15:15 - 131005360 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2021-03-10 09:35 - 2018-08-27 04:10 - 000000000 ____D C:\Program Files (x86)\Windows Kits 2021-03-10 09:35 - 2018-08-27 04:10 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs 2021-03-10 09:34 - 2019-06-23 22:08 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server 2021-03-10 09:20 - 2018-08-27 04:02 - 000000000 ____D C:\Users\lux\AppData\Roaming\Visual Studio Setup 2021-03-10 09:19 - 2018-08-27 04:02 - 000001433 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk 2021-03-10 09:19 - 2018-08-27 04:02 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 2021-03-09 15:50 - 2020-07-20 20:04 - 000000000 ____D C:\Users\lux\Documents\Bandicam 2021-03-09 10:32 - 2019-10-04 04:02 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData 2021-03-09 06:45 - 2019-06-23 22:15 - 000000000 ____D C:\Program Files (x86)\Autodesk 2021-03-09 06:39 - 2018-09-01 11:34 - 000000000 ____D C:\Program Files\Epic Games 2021-03-09 05:45 - 2019-03-31 22:07 - 000000000 ____D C:\Users\lux\Documents\Bulk Image Downloader 2021-03-09 04:12 - 2018-10-06 15:37 - 000000000 ____D C:\Users\lux\AppData\Local\Opera Software 2021-03-09 04:12 - 2018-10-06 15:35 - 000000000 ____D C:\Users\lux\AppData\Roaming\Opera Software 2021-03-08 04:35 - 2018-12-13 17:22 - 000000000 ____D C:\ProgramData\Mozilla 2021-03-08 03:17 - 2018-08-26 18:13 - 000000000 ____D C:\Users\lux\AppData\LocalLow\Mozilla 2021-03-07 23:21 - 2020-07-21 03:29 - 000000000 ____D C:\Users\lux\AppData\Local\BlueStacksSetup 2021-03-07 23:16 - 2020-07-21 03:42 - 000001924 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks.lnk 2021-03-07 23:16 - 2020-07-21 03:42 - 000001295 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks Multi-Instance Manager.lnk 2021-03-07 22:55 - 2020-02-04 00:26 - 000000000 ____D C:\Users\lux\AppData\Local\BlueStacks 2021-03-07 12:43 - 2018-08-30 14:50 - 000280904 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr 2021-03-07 12:42 - 2019-05-04 03:22 - 000280904 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0 2021-03-07 11:46 - 2018-08-26 14:28 - 000000000 ____D C:\ProgramData\Origin 2021-03-07 05:41 - 2020-06-17 09:11 - 000000000 ____D C:\Users\lux\AppData\Local\nintend01337 2021-03-06 11:40 - 2021-01-04 01:18 - 000000000 ____D C:\Program Files\Mozilla Firefox 2021-03-06 11:40 - 2018-11-29 22:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2021-03-06 06:10 - 2018-11-29 22:42 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2021-03-05 08:33 - 2018-08-27 02:46 - 000000000 ____D C:\Users\lux\AppData\Roaming\Code 2021-03-02 23:54 - 2020-06-28 11:37 - 000000000 ____D C:\Users\lux\Documents\Max 8 2021-03-01 06:14 - 2019-05-30 10:50 - 000000000 ____D C:\Users\lux\AppData\Local\BitTorrentHelper 2021-02-28 23:10 - 2020-11-03 23:43 - 000000000 ____D C:\Program Files\Common Files\Adobe 2021-02-26 06:19 - 2020-08-16 05:58 - 000001075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Developer Edition.lnk 2021-02-25 03:30 - 2021-01-29 20:33 - 000000033 _____ C:\Users\lux\AppData\Roaming\AdobeWLCMCache.dat 2021-02-23 23:15 - 2019-06-27 02:45 - 000000000 ____D C:\Users\lux\AppData\Roaming\audacity 2021-02-23 14:49 - 2018-08-28 02:48 - 000000000 ____D C:\Users\lux\AppData\Local\.IdentityService 2021-02-22 17:04 - 2020-10-14 11:58 - 000175368 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys 2021-02-22 17:04 - 2018-10-16 23:14 - 000465800 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys 2021-02-22 17:04 - 2018-10-16 23:14 - 000327104 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys 2021-02-22 17:03 - 2020-06-19 09:01 - 000521472 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgNetHub.sys 2021-02-22 17:03 - 2019-01-14 14:48 - 000357400 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys 2021-02-22 17:03 - 2019-01-04 12:18 - 000249368 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys 2021-02-22 17:03 - 2019-01-04 12:18 - 000098840 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys 2021-02-22 17:03 - 2018-10-16 23:14 - 000850248 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys 2021-02-22 17:03 - 2018-10-16 23:14 - 000208176 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys 2021-02-22 17:03 - 2018-10-16 23:14 - 000107920 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys 2021-02-22 17:03 - 2018-10-16 23:14 - 000083496 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys 2021-02-22 17:03 - 2018-10-16 23:14 - 000041424 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys 2021-02-19 07:04 - 2021-02-05 03:57 - 000000000 ____D C:\Users\lux\AppData\Local\AMD_Common 2021-02-18 21:06 - 2018-08-26 10:52 - 000000000 ____D C:\Users\lux\AppData\Roaming\Adobe 2021-02-18 20:19 - 2021-01-04 08:08 - 000000000 ____D C:\Program Files\Adobe 2021-02-14 00:16 - 2021-01-31 11:33 - 000000000 ____D C:\Bitnami ==================== Files in the root of some directories ======== 2021-01-29 20:33 - 2021-02-25 03:30 - 000000033 _____ () C:\Users\lux\AppData\Roaming\AdobeWLCMCache.dat 2020-06-27 19:14 - 2020-06-28 12:44 - 000000016 _____ () C:\Users\lux\AppData\Roaming\msregsvv.dll 2019-04-21 01:12 - 2019-04-21 01:12 - 000000000 _____ () C:\Users\lux\AppData\Local\oobelibMkey.log 2019-05-01 04:20 - 2019-05-01 04:28 - 000007605 _____ () C:\Users\lux\AppData\Local\resmon.resmoncfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-03-2021 Ran by lux (14-03-2021 14:55:16) Running from C:\Users\lux\Desktop\FIRST Windows 10 Pro Version 20H2 19042.867 (X64) (2021-03-14 14:40:24) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4022856778-3193992897-3864231476-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-4022856778-3193992897-3864231476-503 - Limited - Disabled) Guest (S-1-5-21-4022856778-3193992897-3864231476-501 - Limited - Disabled) lux (S-1-5-21-4022856778-3193992897-3864231476-1001 - Administrator - Enabled) => C:\Users\lux WDAGUtilityAccount (S-1-5-21-4022856778-3193992897-3864231476-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: AVG Antivirus (Disabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411} AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: AVG Antivirus (Enabled - Up to date) {A3C8941D-8036-3856-D9BB-709D4A2A7EAC} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: AVG Antivirus (Disabled) {2092F4DC-EC63-3680-C854-E2DACF7E736A} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov) Ableton Live 10 Suite (HKLM\...\{FE06C730-0296-42D9-B869-4E819D7F47A3}) (Version: 10.0.0.0 - Ableton) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.0.327 - Adobe Systems Incorporated) Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe) Adobe Illustrator 2021 (HKLM-x32\...\ILST_25_0_1) (Version: 25.0.1 - Adobe Inc.) Adobe Illustrator CC 2017 (HKLM-x32\...\ILST_21_0_0) (Version: 21.0.0 - Adobe Systems Incorporated) Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_1_0) (Version: 11.1.0 - Adobe Systems Incorporated) AIDA64 Extreme v6.00 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 6.00 - FinalWire Ltd.) AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.11.2 - Advanced Micro Devices, Inc.) AmpliTube2 (HKLM-x32\...\{C95AACD4-9507-4F5C-9D53-22B1ACCFECD1}) (Version: 2.1.0 - IK Multimedia) Apple Mobile Device Support (HKLM\...\{F9CEF01A-3907-4614-824F-CF5D3E4675EF}) (Version: 14.1.0.35 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.) Arturia Moog Modular V v1.1 (HKLM-x32\...\Arturia Moog Modular V v1.1) (Version: - ) Audacity 2.3.2 (HKLM-x32\...\Audacity_is1) (Version: 2.3.2 - Audacity Team) AutoCAD 2016 - Español (Spanish) (HKLM\...\{5783F2D7-F001-040A-2102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden AutoCAD 2020 - English (HKLM\...\{28B89EEF-3001-0409-2102-CF3F3A09B77D}) (Version: 23.1.47.0 - Autodesk) Hidden Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.15 - Autodesk) Autodesk AutoCAD 2016 - Español (Spanish) (HKLM\...\AutoCAD 2016 - Español (Spanish)) (Version: 20.1.49.0 - Autodesk) Autodesk AutoCAD 2020 - English (HKLM\...\AutoCAD 2020 - English) (Version: 23.1.47.0 - Autodesk) Autodesk Genuine Service (HKLM-x32\...\{317D67F2-9027-4E85-9ED1-ADF4D765AE02}) (Version: 3.0.11 - Autodesk) AVG Internet Security (HKLM-x32\...\AVG Antivirus) (Version: 21.1.3164 - AVG Technologies) Bandicam (HKLM-x32\...\Bandicam) (Version: 4.6.1.1688 - Bandicam.com) Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandicam.com) Bitnami WordPress Stack (HKLM\...\Bitnami WordPress Stack 5.6-3) (Version: 5.6-3 - Bitnami) Blender (HKLM\...\{A239FF96-639F-4269-9673-E7ED60D5C74D}) (Version: 2.83.3 - Blender Foundation) BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.270.0.1053 - BlueStack Systems, Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Borderless Gaming (HKLM-x32\...\Borderless Gaming_is1) (Version: 9.5.6 - Andrew Sampson) Branding64 (HKLM\...\{856DA29A-EA4A-468B-BBC2-B5F60DD75BFE}) (Version: 1.00.0002 - Advanced Micro Devices, Inc.) Hidden Bulk Image Downloader v4.91.0.0 (HKLM-x32\...\Bulk Image Downloader_is1) (Version: - Antibody Software) CCleaner (HKLM\...\CCleaner) (Version: 5.77 - Piriform) Cinema 4D 20.026 (HKLM\...\MAXONE3565005) (Version: 20.026 - MAXON Computer GmbH) Counter Strike Source WaRzOnE (HKLM-x32\...\{3F77C740-D6C8-4BDB-B730-49C8D8BCA9ED}) (Version: 2.0 - Warzone) Hidden DXTBmp (HKLM-x32\...\{2C1544E4-5DA6-4A72-B1BA-E4692991C1DC}) (Version: 1.00.000 - ) eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: - Steinberg Media Technologies GmbH) Enscape | BcgTeam | (HKLM\...\{F894D868-CEE6-4CE5-9F77-F39EEBA486A5}) (Version: 2.8.0.26218 - Enscape GmbH) FARO LS 1.1.502.0 (64bit) (HKLM-x32\...\{66D83FE0-D798-4B38-86FE-FB48151E5AEF}) (Version: 5.2.0.35213 - FARO Scanner Production) FastStone Image Viewer 6.7 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.7 - FastStone Soft) FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes) Firefox Developer Edition 87.0 (x64 en-US) (HKLM\...\Firefox Developer Edition 87.0 (x64 en-US)) (Version: 87.0 - Mozilla) GIMP 2.10.20 (HKLM\...\GIMP-2_is1) (Version: 2.10.20 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.90 - Google LLC) Google Earth Pro (HKLM\...\{FB8010D4-05F4-420D-8DFC-2F911A6DD100}) (Version: 7.3.3.7786 - Google) Google SketchUp Pro 8 (HKLM-x32\...\{88A47643-0A80-4FA8-A568-E9A63AAA98F4}) (Version: 3.0.14346 - Google, Inc.) HitmanPro.Alert 3 (HKLM\...\HitmanPro.Alert) (Version: 3.8.8.889 - SurfRight B.V.) Hotspot Shield 8.4.6 (HKLM-x32\...\{5a448f6b-7c15-4a0d-a10e-4f94eaf65bbb}) (Version: 8.4.6.11320 - AnchorFree Inc.) Hotspot Shield 8.4.6 (HKLM-x32\...\{AF599C42-A2E5-4251-B7EE-4925D1670F5B}) (Version: 8.4.6.11320 - AnchorFree Inc.) Hidden Hotspot Shield 8.4.6 (HKLM-x32\...\HotspotShield) (Version: 8.4.6 - AnchorFree Inc.) Hidden ILLUSION プレイクラブ (HKLM-x32\...\{EDA7A566-434A-4784-AE98-74AFA46A2485}) (Version: 1.00.0000 - ILLUSION) Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{3DAC4F8C-80E6-4204-8A58-747FA4CBAA03}) (Version: 16.0.246 - Intel Corporation) iTunes (HKLM\...\{0F55124A-C00E-4227-A543-19389E732653}) (Version: 12.10.10.2 - Apple Inc.) Java SE Development Kit 8 Update 181 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180181}) (Version: 8.0.1810.13 - Oracle Corporation) Java SE Development Kit 8 Update 181 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180181}) (Version: 8.0.1810.13 - Oracle Corporation) JBridge (HKLM-x32\...\JBridge) (Version: - JBridge) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Logitech Gaming Software 9.02 (HKLM\...\Logitech Gaming Software) (Version: 9.02.65 - Logitech Inc.) Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes) M-Audio Fast Track 6.1.12 (x64) (HKLM\...\{102B819F-54FB-4CD3-8B48-B80C210D55BC}) (Version: 6.1.12 - M-Audio) Microsoft .NET Core Runtime - 2.1.26 (x64) (HKLM-x32\...\{50acab5a-426e-4788-8de9-99b047dbe1c5}) (Version: 2.1.26.29812 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.400 (x64) (HKLM-x32\...\{341254ab-6143-402e-9b7e-944f8b63e97d}) (Version: 2.1.400 - Microsoft Corporation) Microsoft ASP.NET Core 2.1.26 - Shared Framework (HKLM-x32\...\{8faa55cd-6b10-43b4-a759-4880f79eeac3}) (Version: 2.1.26.45833 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.50 - Microsoft Corporation) Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{52EBC484-44A1-4DC5-824A-0A503735ABD8}) (Version: 12.1.4100.1 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29325 (HKLM-x32\...\{33628a12-6787-4b9f-95a1-92449f69fae0}) (Version: 14.28.29325.2 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.26.28808 (HKLM-x32\...\{12410e80-cba2-4479-8539-12de3513ff53}) (Version: 14.26.28808.1 - Microsoft Corporation) Microsoft Visual Studio Code (User) (HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.54.1 - Microsoft Corporation) Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.9.3352.28579 - Microsoft Corporation) Microsoft Web Deploy 4.0 (HKLM\...\{BBCDB523-F5B7-4E53-A911-C85191E3BDF0}) (Version: 10.0.2606 - Microsoft Corporation) Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation) Mozilla Firefox 86.0 (x64 en-US) (HKLM\...\Mozilla Firefox 86.0 (x64 en-US)) (Version: 86.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 82.0 - Mozilla) N.I Pro-53 v3.0-OxYGeN (HKLM-x32\...\N.I Pro-53 v3.0-OxYGeN) (Version: - ) Native Instruments FM7 v1.10.006 (HKLM-x32\...\Native Instruments FM7 v1.10.006) (Version: - ) Nightly 84.0a1 (x64 en-US) (HKLM\...\Nightly 84.0a1 (x64 en-US)) (Version: 84.0a1 - Mozilla) Pianoteq v2.2.0 (HKLM-x32\...\Pianoteq22) (Version: - ) Revo Uninstaller Pro 4.4.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.4.2 - VS Revo Group, Ltd.) SketchUp 2018 (HKLM\...\{C702DD60-EBF4-4961-8B7D-F209B361F985}) (Version: 18.0.16975 - Trimble, Inc.) Smart2DCutting 3.5 Demo (HKLM-x32\...\Smart2DCutting_is1) (Version: - ) Sonic Charge Synplant 1.0 (HKLM-x32\...\Sonic Charge Synplant_is1) (Version: - ) Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.8.0 - Sophos Limited) SoulseekQt version 2017.2.20 (HKLM-x32\...\{8A4E1646-488C-4E5B-AC31-F784400E8D2D}_is1) (Version: 2017.2.20 - Soulseek LLC) Spotify (HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\Spotify) (Version: 1.1.45.621.gdddebadc - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1220 - SUPERAntiSpyware.com) UE4 Prerequisites (x64) (HKLM\...\{F9EC45F9-074A-48BF-92E9-A8CADD56F693}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden UE4 Prerequisites (x64) (HKLM-x32\...\{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden Universal CRT Redistributable (HKLM-x32\...\{B6273353-8B54-1F89-1A16-5940925104CE}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden VideoPad, editor de vídeo (HKLM-x32\...\VideoPad) (Version: 6.26 - NCH Software) Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.11 - VideoLAN) Voxengo Analogflux Suite 1.3 (HKLM-x32\...\Voxengo Analogflux Suite) (Version: - ) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22589 - Microsoft Corporation) Windows SDK AddOn (HKLM-x32\...\{E6F877A1-2F65-4BF0-87B6-A4071B7663D3}) (Version: 10.1.0.0 - Microsoft Corporation) Packages: ========= Adblock Plus -> C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.19.0_neutral__d55gg7py3s0m0 [2021-03-14] (eyeo GmbH) Adobe XD -> C:\Program Files\WindowsApps\Adobe.CC.XD_25.3.12.1_x64__adky2gkssdxte [2021-02-28] (Adobe Systems Incorporated) Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2021-03-14] (Microsoft Corporation) Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.7.2026.0_x64__rz1tebttyb220 [2021-03-13] (Dolby Laboratories) Excel Mobile -> C:\Program Files\WindowsApps\Microsoft.Office.Excel_16001.13801.20274.0_x64__8wekyb3d8bbwe [2021-03-09] (Microsoft Corporation) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-03-14] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-03-14] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-03-14] (Microsoft Studios) [MS Ad] Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-13] (Microsoft Corporation) PicsArt - Photo Studio -> C:\Program Files\WindowsApps\2FE3CB00.PICSART-PHOTOSTUDIO_9.3.4.0_x64__crhqpqs3x1ygc [2021-02-18] (PicsArt Inc.) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> G:\Program Files\AutoCAD 2016\acad.exe (Autodesk, Inc -> Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> G:\Program Files\AutoCAD 2016\acad.exe (Autodesk, Inc -> Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001_Classes\CLSID\{4AC6DFE1-607B-45B2-B289-D7FBCD44169C}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2020\acad.exe (Autodesk, Inc. -> Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> G:\Program Files\AutoCAD 2016\acad.exe (Autodesk, Inc -> Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001_Classes\CLSID\{74D0CE91-F931-4FAC-BEA9-EE32E43EAD37}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2020\acad.exe (Autodesk, Inc. -> Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001_Classes\CLSID\{D1DE6864-2236-48B7-99C3-D29C757903A4}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2020\acad.exe (Autodesk, Inc. -> Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> G:\Program Files\AutoCAD 2016\es-ES\acadficn.dll (Autodesk Development Sarl -> Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2019-01-30] (Autodesk, Inc. -> Autodesk, Inc.) ShellIconOverlayIdentifiers: [HitmanPro.Alert Shell Extension] -> {6FAC02B7-77D6-418B-AC11-962C65CDE8DD} => C:\WINDOWS\system32\hmpshell.dll [2021-03-08] (SurfRight B.V. -> SurfRight B.V.) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> ) ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2019-01-30] (Autodesk, Inc. -> Autodesk) ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) ContextMenuHandlers3-x32: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files (x86)\FileASSASSIN\FileASSASSINExt.dll [2007-03-30] (Malwarebytes) [File not signed] ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-10] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed] ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2020-11-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> ) ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-10] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2020-09-28] (VS Revo Group Ltd. -> VS Revo Group) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [105984 2018-09-25] (Beepa P/L) [File not signed] HKLM\...\Drivers32: [vidc.mjpg] => C:\WINDOWS\system32\bdmjpeg64.dll [75248 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [vidc.mpeg] => C:\WINDOWS\system32\bdmpegv64.dll [75272 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [msacm.bdmpeg] => C:\WINDOWS\system32\bdmpega64.acm [75784 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2018-09-25] (Beepa P/L) [File not signed] HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> ) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hitman Codename 47\Run Registry Patch.lnk -> C:\Program Files (x86)\Hitman Codename 47\setup.bat () Shortcut: C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D\DAZStudio4\Online Documentation.lnk -> hxxp:docs.daz3d.com\doku.php\public\software\dazstudio Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Nightly.lnk -> C:\Program Files\Firefox Nightly\firefox.exe (Mozilla Corporation) ShortcutWithArgument: C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\TikTok.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=ahoadnkmomodgfkfokbclmabbfdaejpe ==================== Loaded Modules (Whitelisted) ============= 2021-01-31 11:34 - 2020-09-23 10:31 - 000553472 _____ (Google Inc.) [File not signed] C:\Bitnami\wordpress-5.6-3\mysql\bin\libprotobuf-lite.dll 2018-09-18 23:24 - 2018-04-30 08:00 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll 2021-03-14 09:59 - 2021-03-14 09:59 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL 2021-03-14 09:59 - 2021-03-14 09:59 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL 2021-01-31 11:34 - 2020-07-22 17:07 - 003422720 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Bitnami\wordpress-5.6-3\mysql\bin\libcrypto-1_1-x64.dll 2021-01-31 11:34 - 2020-07-22 17:07 - 000686592 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Bitnami\wordpress-5.6-3\mysql\bin\libssl-1_1-x64.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\Software\Classes\.scr: AutoCADScriptFile => ==================== Internet Explorer (Whitelisted) ========== HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT171002&iDate=2020-07-26 01:16:55&bName= (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\localhost -> localhost ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-11-01 13:43 - 2021-03-13 09:10 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64_win\compiler;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Common Files\Autodesk Shared\ HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg DNS Servers: Media is not connected to internet. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) MpsSvc => Firewall Service is not running. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\Services: dbupdate => 2 MSCONFIG\Services: dbupdatem => 3 MSCONFIG\Services: XblAuthManager => 3 HKLM\...\StartupApproved\Run: => "WinZip FAH" HKLM\...\StartupApproved\Run: => "Launch LCore" HKLM\...\StartupApproved\Run: => "WinZip PreLoader" HKLM\...\StartupApproved\Run: => "WinZip UN" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run: => "pac" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE" HKLM\...\StartupApproved\Run32: => "Dropbox" HKLM\...\StartupApproved\Run32: => "SwitchBoard" HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKLM\...\StartupApproved\Run32: => "WinZip PreLoader" HKLM\...\StartupApproved\Run32: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess" HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0" HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\StartupFolder: => "GenuineService.lnk" HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "antMR" HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "Windscribe" HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "EpicGamesLauncher" HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "CyberGhost" HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning" HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "IDMan" HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "Opera Browser Assistant" HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "iCloudServices" HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "Gaijin.Net Updater" HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "CCXProcess" HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "SUPERAntiSpyware" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{D4948004-361D-4076-86E7-5ABB319A00A8}G:\program files (x86)\epic games\twinmotion\twinmotion\binaries\win64\twinmotion-win64-shipping.exe] => (Allow) G:\program files (x86)\epic games\twinmotion\twinmotion\binaries\win64\twinmotion-win64-shipping.exe (Epic Games, Inc. -> Epic Games) FirewallRules: [TCP Query User{96A140D4-1CB0-47D8-ACA9-5F8D34B79EEE}G:\program files (x86)\epic games\twinmotion\twinmotion\binaries\win64\twinmotion-win64-shipping.exe] => (Allow) G:\program files (x86)\epic games\twinmotion\twinmotion\binaries\win64\twinmotion-win64-shipping.exe (Epic Games, Inc. -> Epic Games) FirewallRules: [{525A587F-CAE8-4FBD-90ED-EED1BF716125}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{1E6FED81-AB16-4F29-BDCC-5B4518AD3CB0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{2CC9B6F6-1FBC-4B98-8A39-D42A09E61F74}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{49F7E302-7337-4890-A38F-5A2E4A449201}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{1D6D3354-2C38-4906-BC3C-89D87047FC67}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [UDP Query User{14CD318F-06C1-4976-A70D-0935FA648005}C:\users\lux\appdata\local\programs\microsoft vs code\code.exe] => (Allow) C:\users\lux\appdata\local\programs\microsoft vs code\code.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{C8D3CEB3-49FB-4C61-9E47-B5DCDE4F54FA}C:\users\lux\appdata\local\programs\microsoft vs code\code.exe] => (Allow) C:\users\lux\appdata\local\programs\microsoft vs code\code.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{A012426A-AF53-4AA8-9C24-F1941D4BC685}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{B484DAF7-D825-4122-8B3E-E23270E2BD6A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{4497B2D4-F967-4811-93B1-38A39CBD5A5E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{C3F448DB-750B-4371-934D-4F2CF89CEBE2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{73D36F44-B8FC-46F9-BD86-85ACCF0ED44D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{8618C14C-AFE8-43F1-924F-A4DCE06BD46D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{8B4EC4A2-75F5-4443-B3C5-1BA336AE293A}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform) FirewallRules: [{E8B93944-6E12-4C1B-B8C4-AEFFF4363FE7}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform) FirewallRules: [UDP Query User{0CA4B7AA-3BFB-49C1-999D-01FC8F4E2DB9}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.) FirewallRules: [TCP Query User{DDA22431-DB1F-476C-8187-C3466203AF33}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.) FirewallRules: [{67F106EE-0F28-4878-A08A-733B4EF576F4}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.) FirewallRules: [{685A9BDF-993F-4ADB-A0AC-9735DF5FF493}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.) FirewallRules: [UDP Query User{E00E4221-64BA-43AC-B760-80353239B723}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.) FirewallRules: [TCP Query User{0842BE26-2C89-4EA5-92A3-BCD0CB5AE75E}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.) FirewallRules: [TCP Query User{4132A5E6-FBD7-484E-B9B9-126A5751257C}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe () [File not signed] FirewallRules: [UDP Query User{45CFE5A9-734A-433F-961F-DCC2D0ABE5AD}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe () [File not signed] FirewallRules: [TCP Query User{1C743F75-4ED1-4179-980A-E861F4789287}C:\program files\maxon\cinema 4d r20\cinema 4d.exe] => (Block) C:\program files\maxon\cinema 4d r20\cinema 4d.exe (MAXON Computer GmbH -> MAXON Computer GmbH) FirewallRules: [UDP Query User{345B7D43-516F-4009-9CBB-C94BB3CB26BD}C:\program files\maxon\cinema 4d r20\cinema 4d.exe] => (Block) C:\program files\maxon\cinema 4d r20\cinema 4d.exe (MAXON Computer GmbH -> MAXON Computer GmbH) FirewallRules: [TCP Query User{84E8E9E1-917B-4C3C-9480-89A3716AD041}C:\program files\epic games\twinmotion\twinmotion\binaries\win64\twinmotion-win64-shipping.exe] => (Allow) C:\program files\epic games\twinmotion\twinmotion\binaries\win64\twinmotion-win64-shipping.exe => No File FirewallRules: [UDP Query User{DC3E93A4-8B5B-4F9F-ACD5-64FB5669939F}C:\program files\epic games\twinmotion\twinmotion\binaries\win64\twinmotion-win64-shipping.exe] => (Allow) C:\program files\epic games\twinmotion\twinmotion\binaries\win64\twinmotion-win64-shipping.exe => No File FirewallRules: [AITech.Hss] => (Block) C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe (AnchorFree Inc -> AnchorFree Inc.) FirewallRules: [TCP Query User{DCF0D657-09B1-4288-869E-77C13A2A570A}C:\users\lux\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lux\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{74D27538-2737-4EE2-9C5B-DDF738C2308B}C:\users\lux\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lux\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [TCP Query User{FC98E2F6-2EBE-4679-9C08-105C212D5A82}C:\users\lux\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\lux\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{9AE3A485-6746-4AC9-803E-F645FAE0DA45}C:\users\lux\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\lux\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{D4BE90EA-6954-4650-8AD7-06997CE00DE0}] => (Allow) C:\Program Files\Firefox Nightly\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{32A441C7-2B41-4729-81E4-B8246ED8D1CC}] => (Allow) C:\Program Files\Firefox Nightly\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{46F01F67-F913-426B-9367-FDF633F82839}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{C0A300DA-C7FE-46CB-AB64-24D54259F22E}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{70AA0E45-01FB-4AD6-A31C-6CA7B6853F69}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Block) C:\program files (x86)\soulseekqt\soulseekqt.exe () [File not signed] FirewallRules: [UDP Query User{6844176F-0359-470A-ACB1-3E788B31823D}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Block) C:\program files (x86)\soulseekqt\soulseekqt.exe () [File not signed] FirewallRules: [{4068B1FC-33AA-48F9-9B21-91A41B0894C8}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [TCP Query User{6540525A-8759-44FF-86D1-2A716E385E99}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [UDP Query User{09AF76EC-7182-427E-B7EC-776933EFA317}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [{399E0CE8-30DB-4E57-B375-981327FDE6FA}] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [{7E9E0B21-3EC0-48A5-9D11-53E899A305FD}] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [TCP Query User{A90EA75F-BFCD-40BF-9647-7DCC4685D987}C:\program files\sketchup\sketchup 2018\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2018\sketchup.exe (Trimble Navigation -> Trimble, Inc.) [File not signed] FirewallRules: [UDP Query User{A2523DDD-C391-4592-84D4-E20DD37D53D2}C:\program files\sketchup\sketchup 2018\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2018\sketchup.exe (Trimble Navigation -> Trimble, Inc.) [File not signed] FirewallRules: [TCP Query User{4063BC32-126F-4281-8B00-E0E50E9D02AC}C:\program files\sketchup\sketchup 2018\sketchup.exe] => (Block) C:\program files\sketchup\sketchup 2018\sketchup.exe (Trimble Navigation -> Trimble, Inc.) [File not signed] FirewallRules: [UDP Query User{79E87D8A-CF81-4C2D-8025-087F136D1279}C:\program files\sketchup\sketchup 2018\sketchup.exe] => (Block) C:\program files\sketchup\sketchup 2018\sketchup.exe (Trimble Navigation -> Trimble, Inc.) [File not signed] FirewallRules: [TCP Query User{F67527AE-B139-4693-87D9-F0CE98F895E1}C:\program files\epic games\twinmotion\twinmotion\binaries\win64\twinmotion-win64-shipping.exe] => (Block) C:\program files\epic games\twinmotion\twinmotion\binaries\win64\twinmotion-win64-shipping.exe => No File FirewallRules: [UDP Query User{15EE96A1-0D00-4B59-B3F4-0C9372359DFF}C:\program files\epic games\twinmotion\twinmotion\binaries\win64\twinmotion-win64-shipping.exe] => (Block) C:\program files\epic games\twinmotion\twinmotion\binaries\win64\twinmotion-win64-shipping.exe => No File FirewallRules: [TCP Query User{2EFCB0ED-73F4-4202-AEC2-6214D6563B7C}C:\bitnami\wordpress-5.6-3\mysql\bin\mysqld.exe] => (Allow) C:\bitnami\wordpress-5.6-3\mysql\bin\mysqld.exe () [File not signed] FirewallRules: [UDP Query User{2B81AA42-F74A-4C97-BBC5-9DF9A94BEE1B}C:\bitnami\wordpress-5.6-3\mysql\bin\mysqld.exe] => (Allow) C:\bitnami\wordpress-5.6-3\mysql\bin\mysqld.exe () [File not signed] FirewallRules: [TCP Query User{024CCE94-12F7-408D-9659-DBD2BF5C6C35}C:\bitnami\wordpress-5.6-3\apache2\bin\httpd.exe] => (Allow) C:\bitnami\wordpress-5.6-3\apache2\bin\httpd.exe => No File FirewallRules: [UDP Query User{EBCFC915-82C7-4565-A11C-014716BB5405}C:\bitnami\wordpress-5.6-3\apache2\bin\httpd.exe] => (Allow) C:\bitnami\wordpress-5.6-3\apache2\bin\httpd.exe => No File FirewallRules: [{4FC22BC9-E9B1-4CAE-AE76-D764372CF704}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{F8894969-DBB7-46CD-8C17-DB43EE686206}] => (Allow) G:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File FirewallRules: [{7C4459D1-94AF-4735-BB83-E422076FB4B3}] => (Allow) G:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File FirewallRules: [{7E7D8DDA-2903-4810-B234-3E9A3190A219}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.) ==================== Restore Points ========================= 14-03-2021 11:43:13 Windows Modules Installer 14-03-2021 11:46:59 Windows Modules Installer 14-03-2021 11:53:36 Windows Modules Installer ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (03/14/2021 01:17:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: XD.exe, version: 25.3.12.1, time stamp: 0x5e2041c6 Faulting module name: KERNELBASE.dll, version: 10.0.19041.804, time stamp: 0x0e9c5eae Exception code: 0xc000027b Fault offset: 0x000000000010bd5c Faulting process id: 0x26b4 Faulting application start time: 0x01d718ed7ff21c53 Faulting application path: C:\Program Files\WindowsApps\Adobe.CC.XD_25.3.12.1_x64__adky2gkssdxte\XD.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 9cb14f74-b088-43e7-8e4d-a17f97b8fc96 Faulting package full name: Adobe.CC.XD_25.3.12.1_x64__adky2gkssdxte Faulting package-relative application ID: App Error: (03/14/2021 01:04:18 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: hmpalert.exe, version: 3.8.8.889, time stamp: 0x5fcb59be Faulting module name: ntdll.dll, version: 10.0.19041.844, time stamp: 0xa9ac4e88 Exception code: 0xc000070a Fault offset: 0x001048ad Faulting process id: 0x12f8 Faulting application start time: 0x01d718ec4894e822 Faulting application path: C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: e91fcfc4-0c82-47d8-8fd6-946613e47a6a Faulting package full name: Faulting package-relative application ID: Error: (03/14/2021 11:57:56 AM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (03/14/2021 10:49:58 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program SystemSettings.exe version 10.0.19041.789 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 29f0 Start Time: 01d718e1108a926b Termination Time: 4294967295 Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Report Id: edfb3071-a634-4b06-a1aa-c65ddc0fd92b Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel Hang type: Quiesce Error: (03/14/2021 09:50:58 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program drvinst.exe version 10.0.19041.844 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 7ec Start Time: 01d718d874bea348 Termination Time: 5 Application Path: C:\Windows\System32\drvinst.exe Report Id: b2a678f4-e4b9-472c-ae45-22de32bd4d2e Faulting package full name: Faulting package-relative application ID: Hang type: Cross-process Error: (03/14/2021 09:46:50 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: ) Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1409. System errors: ============= Error: (03/14/2021 12:55:35 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-E8BVDK8) Description: Unable to start a DCOM Server: Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe!App.AppX7jktj9tkq9wvy6vgdmk01c27hm98yt2s.mca as Unavailable/Unavailable. The error: "2147942402" Happened while starting this command: "C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca Error: (03/14/2021 12:55:33 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-E8BVDK8) Description: Unable to start a DCOM Server: Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe!App.AppX65n3t4j73ch7cremsjxn7q8bph1ma8jw.mca as Unavailable/Unavailable. The error: "2147942402" Happened while starting this command: "C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca Error: (03/14/2021 12:55:05 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-E8BVDK8) Description: Unable to start a DCOM Server: Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe!App.AppX7jktj9tkq9wvy6vgdmk01c27hm98yt2s.mca as Unavailable/Unavailable. The error: "2147942402" Happened while starting this command: "C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca Error: (03/14/2021 12:55:03 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-E8BVDK8) Description: Unable to start a DCOM Server: Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe!App.AppX65n3t4j73ch7cremsjxn7q8bph1ma8jw.mca as Unavailable/Unavailable. The error: "2147942402" Happened while starting this command: "C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca Error: (03/14/2021 12:54:57 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-E8BVDK8) Description: Unable to start a DCOM Server: Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe!App.AppX7jktj9tkq9wvy6vgdmk01c27hm98yt2s.mca as Unavailable/Unavailable. The error: "2147942402" Happened while starting this command: "C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca Error: (03/14/2021 12:54:52 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-E8BVDK8) Description: Unable to start a DCOM Server: Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe!App.AppX65n3t4j73ch7cremsjxn7q8bph1ma8jw.mca as Unavailable/Unavailable. The error: "2147942402" Happened while starting this command: "C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca Error: (03/14/2021 12:49:42 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-E8BVDK8) Description: Unable to start a DCOM Server: Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe!App.AppX7jktj9tkq9wvy6vgdmk01c27hm98yt2s.mca as Unavailable/Unavailable. The error: "2147942402" Happened while starting this command: "C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca Error: (03/14/2021 12:44:42 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-E8BVDK8) Description: Unable to start a DCOM Server: Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca as Unavailable/Unavailable. The error: "2147942402" Happened while starting this command: "C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca CodeIntegrity: =============== Date: 2021-03-14 14:47:30 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2021-03-14 14:45:44 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. P1.00 10/05/2015 Motherboard: ASRock N68-GS4/USB3 FX R2.0 Processor: AMD FX(tm)-4100 Quad-Core Processor Percentage of memory in use: 53% Total physical RAM: 8175.24 MB Available physical RAM: 3779.26 MB Total Virtual: 8943.24 MB Available Virtual: 4073.88 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:148.23 GB) (Free:54.83 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:465.75 GB) (Free:14.87 GB) NTFS Drive e: (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.28 GB) NTFS ==>[system with boot components (obtained from drive)] Drive f: (inthestudio) (Fixed) (Total:230 GB) (Free:4.9 GB) NTFS Drive g: () (Fixed) (Total:1402.67 GB) (Free:121.72 GB) NTFS Drive h: () (Fixed) (Total:232.88 GB) (Free:12.3 GB) NTFS Drive i: (inthestudio) (Fixed) (Total:230 GB) (Free:3.8 GB) NTFS Drive j: (DAT) (Fixed) (Total:232.88 GB) (Free:1.18 GB) NTFS \\?\Volume{465b29d7-0000-0000-0000-800e25000000}\ () (Fixed) (Total:0.81 GB) (Free:0.38 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149 GB) (Disk ID: 465B29D7) Partition 1: (Active) - (Size=148.2 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=833 MB) - (Type=27) ========================================================== Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 3A233A22) Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.8 GB) - (Type=0F Extended) ========================================================== Disk: 2 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: E474C32A) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1402.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=230 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=230 GB) - (Type=0F Extended) ==================== End of Addition.txt =======================

Briefing of the situation: The malware was located at \UTORRENT\UPDATES\3.5.5_45838.EXE and it was not .EXE it was a shortcut and it had no location when searching for file location. I deleted the shortcut maybe I did wrong. I Just Want to make sure Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/11/21 Scan Time: 2:41 AM Log File: bfc8d76a-8234-11eb-8b93-d05099abd555.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1173 Update Package Version: 1.0.37965 License: Trial -System Information- OS: Windows 10 (Build 17763.1457) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 361419 Threats Detected: 1 Threats Quarantined: 0 Time Elapsed: 16 min, 33 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Malware.AI.1728243281, C:\USERS\LUX\APPDATA\ROAMING\UTORRENT\UPDATES\3.5.5_45838.EXE, No Action By User, 1000000, 0, 1.0.37965, 1C711AA08B7D515A6702E651, dds, 01151714, 6A8B93E27DCCFF2F250A22B8BDC93168, 50BAEE75B0BB181B5280A1F60B32F7E75ABDA8A4E06CBF32074B1444D73A9CF7 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)

The file was flagged as trojan and compromise . I'll try to do that Thanks for all

Hi . Thanks Now the pc is responding better but the file httpd.exe was removed so now I can't run Apache server where I have a project going, for everything else it seems it's running better now. do you recommend running another antivirus software? like combofix hijackthis ?