Jump to content

Malware.AI.1728243281

iamthefutureofall
 Share

Recommended Posts

iamthefutureofall

iamthefutureofall

Posted
Posted

Briefing of the situation:  The malware was located at  \UTORRENT\UPDATES\3.5.5_45838.EXE  and it was not .EXE it was a shortcut and it had no location when searching for file location. I deleted the shortcut maybe I did wrong. I Just Want to make sure

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/11/21
Scan Time: 2:41 AM
Log File: bfc8d76a-8234-11eb-8b93-d05099abd555.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1173
Update Package Version: 1.0.37965
License: Trial

-System Information-
OS: Windows 10 (Build 17763.1457)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 361419
Threats Detected: 1
Threats Quarantined: 0
Time Elapsed: 16 min, 33 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Malware.AI.1728243281, C:\USERS\LUX\APPDATA\ROAMING\UTORRENT\UPDATES\3.5.5_45838.EXE, No Action By User, 1000000, 0, 1.0.37965, 1C711AA08B7D515A6702E651, dds, 01151714, 6A8B93E27DCCFF2F250A22B8BDC93168, 50BAEE75B0BB181B5280A1F60B32F7E75ABDA8A4E06CBF32074B1444D73A9CF7

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Link to post
Share on other sites
  • Replies 60
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

AdvancedSetup
AdvancedSetup

Stop using Chrome would be my suggestion 😄   Please follow the directions from the following topic and let us know if that corrects the issue for you.   Thank you  

AdvancedSetup
AdvancedSetup

Thank you @iamthefutureofall Okay, please run the following updated fix and then post back the new FIXLOG.txt file.  Also, let me know if the Firewall error comes back up or not  

AdvancedSetup
AdvancedSetup

Not the fixlog. That is the Windows Defender log. It simply is showing that the Explorer process was accessing the file when it was caught and flagged.  

Posted Images

  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Hello @iamthefutureofall

 

Please run the following steps and post back the logs as an attachment when ready.
Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans are completed.
Temporarily disable Microsoft SmartScreen to download software below if needed. Make sure to turn it back on once the scans are completed.
If you still have trouble downloading the software please click on Reveal Hidden Contents below for examples of how to allow the download.
 

Spoiler
 
 
 
 

 

Spoiler

 

When downloading with some browsers you may see a different style of screens that may block FRST from downloading. The program is safe and used hundreds of times a week by many users.

Example of Microsoft Edge blocking the download

image.png

image.png

image.png

 

 



STEP 01

  • If you already have Malwarebytes installed then open Malwarebytes and click on the Scan button. It will automatically check for updates and run a Threat Scan.
  • If you don't have Malwarebytes installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed make sure you have it quarantine any detections it finds.
  • If no detections were found click on the Save results drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If there were detections then once the quarantine has completed click on the View report button, Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know in your next reply that the scanner would not run.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Double-click to run the program
  • Accept the End User License Agreement.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, if items are found please click Quarantine.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Attach or Copy its content into your next reply.

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here each time
  • Please attach the Additions.txt log to your reply as well.
  • On your next reply, you should be attaching frst.txt and additions.txt to your post, every time.

 

Thanks

Link to post
Share on other sites
iamthefutureofall

iamthefutureofall

Posted
  • Author
Posted

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/14/21
Scan Time: 1:07 PM
Log File: c841ab0a-84e7-11eb-a33c-d05099abd555.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1217
Update Package Version: 1.0.38139
License: Trial

-System Information-
OS: Windows 10 (Build 19042.867)
CPU: x64
File System: NTFS
User: DESKTOP-E8BVDK8\lux

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 394404
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 hr, 19 min, 3 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

 

 

# -------------------------------
# Malwarebytes AdwCleaner 8.1.0.0
# -------------------------------
# Build:    02-15-2021
# Database: 2021-01-11.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    03-14-2021
# Duration: 00:00:36
# OS:       Windows 10 Pro
# Scanned:  3147
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [1813 octets] - [12/03/2021 12:12:35]
AdwCleaner[C00].txt - [1910 octets] - [12/03/2021 12:13:46]
AdwCleaner[S01].txt - [1526 octets] - [12/03/2021 18:01:35]
AdwCleaner[S02].txt - [1587 octets] - [12/03/2021 18:06:45]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S03].txt ##########
 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-03-2021
Ran by lux (administrator) on DESKTOP-E8BVDK8 (14-03-2021 14:47:43)
Running from C:\Users\lux\Desktop\FIRST
Loaded Profiles: lux
Platform: Windows 10 Pro Version 20H2 19042.867 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Bitnami\wordpress-5.6-3\mysql\bin\mysqld.exe <2>
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\Adobe.CC.XD_25.3.12.1_x64__adky2gkssdxte\XD.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0361132.inf_amd64_4863ccf4c1b997c9\B361196\atiesrxx.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\afwServ.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\avgToolsSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe <3>
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe
(Avid Technology, Inc. -> M-Audio) C:\Program Files (x86)\M-Audio\Fast Track\AudioDevMon.exe
(Flexera Software LLC -> Flexera) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(SurfRight B.V. -> SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-05-26] (Corel Corporation -> Corel Corporation)
HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [124032 2018-05-26] (Corel Corporation -> WinZip Computing)
HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [436416 2018-05-26] (WinZip Computing LLC -> WinZip Computing, S.L.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [164608 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [18727048 2018-10-05] (Logitech Inc -> Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [331064 2020-10-16] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2021-01-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32726088 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2021-01-04] (Adobe Inc. -> )
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11221496 2021-03-09] (Support.com Inc -> SUPERAntiSpyware)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\89.0.4389.90\Installer\chrmstp.exe [2021-03-12] (Google LLC -> Google LLC)
Startup: C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GenuineService.lnk [2019-08-01]
ShortcutTarget: GenuineService.lnk -> C:\Users\lux\Autodesk\Genuine Service\GenuineService.exe (Autodesk, Inc. -> Autodesk)
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01A04EEC-D266-47C6-8ADD-FF966248287A} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {0A4FB83A-1270-4965-91B6-680438E2F205} - System32\Tasks\Mozilla\Firefox Developer Edition Default Browser Agent CA9422711AE1A81C => C:\Program Files\Firefox Developer Edition\default-browser-agent.exe do-task "CA9422711AE1A81C"
Task: {1406319A-9FA7-446C-AF35-8280D92A044A} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [4730624 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {21C83A50-A09B-47BF-8865-F5469F008F33} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [694752 2021-03-06] (Mozilla Corporation -> Mozilla Foundation)
Task: {25DFC818-592C-4F1E-8A47-946ADB76658F} - System32\Tasks\Mozilla\Firefox Nightly Default Browser Agent 6F193CCC56814779 => C:\Program Files\Firefox Nightly\default-browser-agent.exe do-task "6F193CCC56814779"
Task: {2E352502-2149-4F32-8A79-42005652AF6D} - System32\Tasks\BlueStacksHelper => G:\BLUESTACKS\BlueStacks\Client\Helper\BlueStacksHelper.exe [754104 2021-01-07] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {3876FCD3-C190-47B2-8DC8-3865B4991A0D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-30] (Google LLC -> Google LLC)
Task: {43912CE4-F6E9-4955-969E-8557BE97E7A7} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4022856778-3193992897-3864231476-1001 => C:\Users\lux\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {46D1C481-5130-4D61-9D33-0F2BD2308980} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-05-26] (Corel Corporation -> Corel Corporation)
Task: {49FB58B4-DD4B-4519-9206-9B69F501BB2E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {57828313-D46B-4DE3-918D-00A4CF78BB82} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {821141F5-F23A-4F86-A008-FDB5CCD5A346} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1822976 2021-02-23] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {994054D5-6822-45FF-89C4-9C133A0C43D0} - System32\Tasks\SUPERAntiSpyware Scheduled Task f670f671-a83d-4db4-af77-19ffa5594347 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2021-01-09] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) -> "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:f670f671-a83d-4db4-af77-19ffa5594347
Task: {9F26A201-557A-4803-A6BF-2541A4EF421E} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-05-26] (Corel Corporation -> Corel Corporation)
Task: {B6462D50-60A9-49F7-BC85-911014C5C53D} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-05-26] (Corel Corporation -> Corel Corporation)
Task: {B70DDA39-D8A1-41F8-840C-E5B7DE12AEF2} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [1710464 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {BC84898B-089D-4A76-9331-286EFD5930BD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27168840 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {D17D65C3-2279-43EE-8C27-AD00AF3D841F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-03-05] (Piriform Software Ltd -> Piriform)
Task: {D977AB8B-28E7-4CE4-9AD9-B4EAD98B3CED} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {DF3F98B6-0381-4DB6-9F50-78364C6EFAE7} - System32\Tasks\SUPERAntiSpyware Scheduled Task d7b383c5-6fed-4ab5-a88a-e04bda5480a0 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2021-01-09] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) -> "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:d7b383c5-6fed-4ab5-a88a-e04bda5480a0
Task: {E560DDA1-0B98-4B0F-9145-54E31B6E7F6C} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {F0DC8573-8780-481F-9B08-401CEE6FEE9E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-30] (Google LLC -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d7b383c5-6fed-4ab5-a88a-e04bda5480a0.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task f670f671-a83d-4db4-af77-19ffa5594347.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 200.42.4.198 200.49.130.40
Tcpip\..\Interfaces\{588c67e1-02d4-490e-be08-ba8568127598}: [DhcpNameServer] 200.42.4.198 200.49.130.40

Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\lux\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-14]
Edge HomePage: Default -> hxxp://www.google.com/ncr

FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-12] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-12] (Adobe Systems Incorporated -> Adobe Systems)
StartMenuInternet: Firefox-6F193CCC56814779 - C:\Program Files\Firefox Nightly\firefox.exe

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default [2021-03-14]
CHR StartupUrls: Default -> "hxxps://bitnami.com/","hxxps://miloserdov.org/?p=2655","hxxps://community.bitnami.com/t/apache-server-doesnt-run-after-httpd-exe-was-removed-by-antivirus/92805","hxxps://forums.malwarebytes.com/topic/271618-malware-keeps-coming-back/","hxxps://support.clio.com/hc/en-us/articles/360008609034-How-Do-I-Clear-Saved-Auto-Fill-Passwords-in-Google-Chrome-on-Desktop","hxxps://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1615648602&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f0%2f%3fstate%3d1%26redirectTo%3daHR0cHM6Ly9vdXRsb29rLmxpdmUuY29tL21haWwvMC9pbmJveA%26RpsCsrfState%3d76a8757c-8742-09a9-50fd-26b08ff6d0f3&id=292841&aadredir=1&whr=hotmail.com&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015","hxxps://www.google.com/search?q=what+cloud+bitnami+uses&oq=what+cloud+bitnami+uses&aqs=chrome..69i57j0i22i30l5.6087j0j7&sourceid=chrome&ie=UTF-8","chrome://newtab/","hxxps://bitnami.com/sign_in"
CHR DefaultSearchURL: Default -> hxxps://sf16-sg.tiktokcdn.com/obj/eden-sg/uvkuhyieh7lpqpbj/pwa/512x512.png
CHR Extension: (TikTok) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahoadnkmomodgfkfokbclmabbfdaejpe [2021-02-03]
CHR Extension: (Tema oscuro para Google Chrome) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\annfbnbieaamhaimclajlajpijgkdblo [2021-03-10]
CHR Extension: (Google Drive) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-26]
CHR Extension: (TT Downloader) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbckhiepgpniilpmlionnkjoeehhgao [2020-11-06]
CHR Extension: (YouTube) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-10-26]
CHR Extension: (Adblock Plus - bloqueador de anuncios gratis) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-29]
CHR Extension: (Video Downloader professional) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2020-11-30]
CHR Extension: (WhatFont) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\enfmjcmgehfjmhdbdceflcijljnpjfjh [2021-03-01]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-10]
CHR Extension: (WhatFont) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2021-03-01]
CHR Extension: (Tema oscuro para cualquier sitio web) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhodgikjfpkmcfeokjkanalglikhcgoh [2021-03-13]
CHR Extension: (Right Click Opens Link New Tab Correct Order) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhjkeimpgjokbjmioglhlngefbddppnn [2020-11-05]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Video Downloader by Skyload) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\pebcmofchocakhnljflecpkhadfplaea [2020-11-19]
CHR Extension: (Gmail) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-26]
CHR Extension: (Chrome Media Router) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-03]
CHR Profile: C:\Users\lux\AppData\Local\Google\Chrome\User Data\System Profile [2021-03-13]
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2021-01-09] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
S3 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
S3 AdskLicensingService; C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingService\AdskLicensingService.exe [16939312 2019-01-08] (Autodesk, Inc. -> Autodesk)
S3 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-09-24] (Apple Inc. -> Apple Inc.)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [622184 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVG Firewall; C:\Program Files\AVG\Antivirus\afwServ.exe [1301208 2021-03-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [353024 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [8091704 2021-03-06] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109464 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8736880 2021-01-02] (BattlEye Innovations e.K. -> )
S4 DialogBlockingService; C:\WINDOWS\System32\DialogBlockingService.dll [76288 2021-03-14] (Microsoft Windows -> Microsoft Corporation)
R2 FastTrackAudioDevMon; C:\Program Files (x86)\M-Audio\Fast Track\AudioDevMon.exe [1962768 2013-05-21] (Avid Technology, Inc. -> M-Audio)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [5136328 2021-03-08] (SurfRight B.V. -> SurfRight B.V.)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [206472 2018-10-05] (Logitech Inc -> Logitech Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-03-10] (Malwarebytes Inc -> Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5352528 2021-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.7-0\NisSrv.exe [3284840 2020-02-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.7-0\MsMpEng.exe [103168 2020-02-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 wordpressMySQL; C:\Bitnami\wordpress-5.6-3\mysql\bin\mysqld.exe [49974272 2020-09-23] () [File not signed]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [62056 2020-07-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [208176 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [357400 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [249368 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [98840 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [16832 2020-12-09] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [41424 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [175368 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgNetHub; C:\WINDOWS\System32\drivers\avgNetHub.sys [521472 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [107920 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [83496 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [850248 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [465800 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [215464 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [327104 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv_bgp.sys [315976 2020-10-04] (Bluestack Systems, Inc -> Bluestack System Inc.)
R1 hmpalert; C:\WINDOWS\system32\drivers\hmpalert.sys [429800 2021-03-08] (SurfRight B.V. -> SurfRight B.V.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2018-10-05] (Logitech Inc -> Logitech Inc.)
R3 MAUSBFASTTRACK; C:\WINDOWS\System32\drivers\MAudioFastTrack.sys [460048 2013-05-21] (Avid Technology, Inc. -> M-Audio)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-03-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-03-10] (Malwarebytes Inc -> Malwarebytes)
S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2016-06-15] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 Revoflt; C:\WINDOWS\System32\DRIVERS\revoflt.sys [38400 2020-10-14] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2018-07-31] (TunnelBear, Inc. -> The OpenVPN Project)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [44976 2018-09-07] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2018-07-13] (Windscribe Limited -> The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45960 2020-02-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [376032 2020-02-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2020-02-04] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-14 14:40 - 2021-03-14 14:40 - 000000020 _____ C:\Users\lux\Desktop\avg.txt
2021-03-14 14:34 - 2021-03-14 14:34 - 000001648 _____ C:\Users\lux\Desktop\AdwCleaner[S03].txt
2021-03-14 14:31 - 2021-03-14 14:32 - 008463216 _____ (Malwarebytes) C:\Users\lux\Downloads\adwcleaner_8.1.exe
2021-03-14 14:27 - 2021-03-14 14:27 - 000001234 _____ C:\Users\lux\Desktop\MB.txt
2021-03-14 13:42 - 2021-03-14 10:40 - 000000000 ____D C:\Windows.old
2021-03-14 13:29 - 2021-03-14 13:42 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-03-14 13:25 - 2021-03-14 13:28 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-03-14 13:24 - 2021-03-14 13:24 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-03-14 13:17 - 2021-03-14 13:17 - 000000000 ____D C:\ProgramData\ssh
2021-03-14 13:04 - 2021-03-14 13:04 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-03-14 13:03 - 2021-03-14 13:03 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-03-14 13:03 - 2021-03-14 13:03 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-03-14 13:03 - 2021-03-14 13:03 - 000480256 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-03-14 13:03 - 2021-03-14 13:03 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-03-14 13:03 - 2021-03-14 13:03 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-03-14 13:03 - 2021-03-14 13:03 - 000111616 _____ C:\WINDOWS\system32\RDVGHelper.exe
2021-03-14 13:03 - 2021-03-14 13:03 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-03-14 13:02 - 2021-03-14 13:02 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-03-14 13:02 - 2021-03-14 13:02 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-03-14 13:02 - 2021-03-14 13:02 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2021-03-14 13:02 - 2021-03-14 13:02 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-03-14 13:02 - 2021-03-14 13:02 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-03-14 13:02 - 2021-03-14 13:02 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-03-14 13:01 - 2021-03-14 13:01 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-03-14 13:01 - 2021-03-14 13:01 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-03-14 13:01 - 2021-03-14 13:01 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-03-14 13:01 - 2021-03-14 13:01 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2021-03-14 13:01 - 2021-03-14 13:01 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-03-14 13:01 - 2021-03-14 13:01 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-03-14 13:01 - 2021-03-14 13:01 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-03-14 13:01 - 2021-03-14 13:01 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll
2021-03-14 13:00 - 2021-03-14 13:00 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2021-03-14 13:00 - 2021-03-14 13:00 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-03-14 13:00 - 2021-03-14 13:00 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-03-14 13:00 - 2021-03-14 13:00 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2021-03-14 13:00 - 2021-03-14 13:00 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2021-03-14 13:00 - 2021-03-14 13:00 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2021-03-14 13:00 - 2021-03-14 13:00 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-03-14 13:00 - 2021-03-14 13:00 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-03-14 13:00 - 2021-03-14 13:00 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-03-14 13:00 - 2021-03-14 13:00 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2021-03-14 13:00 - 2021-03-14 13:00 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-03-14 13:00 - 2021-03-14 13:00 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-03-14 13:00 - 2021-03-14 13:00 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2021-03-14 13:00 - 2021-03-14 13:00 - 000011359 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-03-14 12:59 - 2021-03-14 12:59 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-03-14 12:59 - 2021-03-14 12:59 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-03-14 12:59 - 2021-03-14 12:59 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-03-14 12:59 - 2021-03-14 12:59 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-03-14 12:59 - 2021-03-14 12:59 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-03-14 12:59 - 2021-03-14 12:59 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2021-03-14 12:59 - 2021-03-14 12:59 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\activeds.tlb
2021-03-14 12:59 - 2021-03-14 12:59 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll
2021-03-14 12:59 - 2021-03-14 12:59 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2021-03-14 12:58 - 2021-03-14 12:58 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2021-03-14 12:58 - 2021-03-14 12:58 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2021-03-14 12:58 - 2021-03-14 12:58 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-03-14 12:58 - 2021-03-14 12:58 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2021-03-14 12:58 - 2021-03-14 12:58 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2021-03-14 12:58 - 2021-03-14 12:58 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-03-14 12:58 - 2021-03-14 12:58 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-03-14 12:58 - 2021-03-14 12:58 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-03-14 12:58 - 2021-03-14 12:58 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2021-03-14 12:58 - 2021-03-14 12:58 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-03-14 12:58 - 2021-03-14 12:58 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2021-03-14 12:58 - 2021-03-14 12:58 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.drv
2021-03-14 12:58 - 2021-03-14 12:58 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2021-03-14 12:58 - 2021-03-14 12:58 - 000000000 ___HD C:\$SysReset
2021-03-14 12:57 - 2021-03-14 12:57 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-03-14 12:57 - 2021-03-14 12:57 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2021-03-14 12:57 - 2021-03-14 12:57 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-03-14 12:57 - 2021-03-14 12:57 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2021-03-14 12:56 - 2021-03-14 12:56 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-03-14 12:56 - 2021-03-14 12:56 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-03-14 12:56 - 2021-03-14 12:56 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-03-14 12:56 - 2021-03-14 12:56 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-03-14 12:56 - 2021-03-14 12:56 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2021-03-14 12:56 - 2021-03-14 12:56 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-03-14 12:56 - 2021-03-14 12:56 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-03-14 12:56 - 2021-03-14 12:56 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-03-14 12:56 - 2021-03-14 12:56 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\activeds.tlb
2021-03-14 12:56 - 2021-03-14 12:56 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-03-14 12:56 - 2021-03-14 12:56 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2021-03-14 12:55 - 2021-03-14 12:55 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-03-14 12:55 - 2021-03-14 12:55 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-03-14 12:55 - 2021-03-14 12:55 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll
2021-03-14 12:55 - 2021-03-14 12:55 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-03-14 12:55 - 2021-03-14 12:55 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-03-14 12:55 - 2021-03-14 12:55 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2021-03-14 12:55 - 2021-03-14 12:55 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll
2021-03-14 12:54 - 2021-03-14 12:54 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2021-03-14 12:54 - 2021-03-14 12:54 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-03-14 12:54 - 2021-03-14 12:54 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-03-14 12:54 - 2021-03-14 12:54 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-03-14 12:54 - 2021-03-14 12:54 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-03-14 12:54 - 2021-03-14 12:54 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-03-14 12:54 - 2021-03-14 12:54 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll
2021-03-14 12:54 - 2021-03-14 12:54 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-03-14 12:54 - 2021-03-14 12:54 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2021-03-14 12:54 - 2021-03-14 12:54 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-03-14 12:54 - 2021-03-14 12:54 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-03-14 12:54 - 2021-03-14 12:54 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll
2021-03-14 12:54 - 2021-03-14 12:54 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.drv
2021-03-14 12:54 - 2021-03-14 12:54 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-03-14 12:22 - 2021-03-14 12:22 - 000417792 _____ C:\WINDOWS\system32\d3dconfig.exe
2021-03-14 12:22 - 2021-03-14 12:22 - 000374784 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DXCpl.exe
2021-03-14 12:22 - 2021-03-14 12:22 - 000365056 _____ C:\WINDOWS\SysWOW64\d3dconfig.exe
2021-03-14 12:22 - 2021-03-14 12:22 - 000347136 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DXCpl.exe
2021-03-14 12:22 - 2021-03-14 12:22 - 000002060 _____ C:\WINDOWS\system32\noise.jpn
2021-03-14 12:16 - 2021-03-14 12:16 - 000346834 _____ C:\WINDOWS\system32\perfi00A.dat
2021-03-14 12:16 - 2021-03-14 12:16 - 000043954 _____ C:\WINDOWS\system32\perfd00A.dat
2021-03-14 12:16 - 2021-03-14 12:16 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2021-03-14 12:16 - 2021-03-14 12:16 - 000000000 ____D C:\WINDOWS\SysWOW64\es
2021-03-14 12:16 - 2021-03-14 12:16 - 000000000 ____D C:\WINDOWS\system32\es
2021-03-14 12:16 - 2021-03-14 12:07 - 000782996 _____ C:\WINDOWS\system32\perfh00A.dat
2021-03-14 12:16 - 2021-03-14 12:07 - 000152612 _____ C:\WINDOWS\system32\perfc00A.dat
2021-03-14 12:01 - 2021-03-14 12:01 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-03-14 12:01 - 2021-03-14 12:01 - 000000000 ____D C:\Program Files\MSBuild
2021-03-14 12:01 - 2021-03-14 12:01 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-03-14 12:01 - 2021-03-14 12:01 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-03-14 10:47 - 2021-03-14 10:47 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-03-14 10:40 - 2021-03-14 10:40 - 000000020 ___SH C:\Users\lux\ntuser.ini
2021-03-14 10:37 - 2021-03-14 14:15 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-03-14 10:37 - 2021-03-14 14:10 - 000004266 _____ C:\WINDOWS\system32\Tasks\Antivirus Emergency Update
2021-03-14 10:37 - 2021-03-14 12:57 - 000003382 _____ C:\WINDOWS\system32\Tasks\SUPERAntiSpyware Scheduled Task f670f671-a83d-4db4-af77-19ffa5594347
2021-03-14 10:37 - 2021-03-14 12:57 - 000003124 _____ C:\WINDOWS\system32\Tasks\SUPERAntiSpyware Scheduled Task d7b383c5-6fed-4ab5-a88a-e04bda5480a0
2021-03-14 10:37 - 2021-03-14 12:57 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4022856778-3193992897-3864231476-1001
2021-03-14 10:37 - 2021-03-14 12:57 - 000002220 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2021-03-14 10:37 - 2021-03-14 12:57 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2021-03-14 10:37 - 2021-03-14 12:00 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-03-14 10:37 - 2021-03-14 10:38 - 000003406 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-03-14 10:37 - 2021-03-14 10:38 - 000003366 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{46C008D5-D1E8-4A00-B94C-58EEA7E7B826}
2021-03-14 10:37 - 2021-03-14 10:38 - 000002754 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 2
2021-03-14 10:37 - 2021-03-14 10:38 - 000002752 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 3
2021-03-14 10:37 - 2021-03-14 10:38 - 000002672 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2021-03-14 10:37 - 2021-03-14 10:38 - 000002516 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate
2021-03-14 10:37 - 2021-03-14 10:37 - 000003468 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-03-14 10:37 - 2021-03-14 10:37 - 000003244 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-03-14 10:37 - 2021-03-14 10:37 - 000003182 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-03-14 10:37 - 2021-03-14 10:37 - 000003024 _____ C:\WINDOWS\system32\Tasks\BlueStacksHelper
2021-03-14 10:37 - 2021-03-14 10:37 - 000002752 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 1
2021-03-14 10:37 - 2021-03-14 10:37 - 000002448 _____ C:\WINDOWS\system32\Tasks\ModifyLinkUpdate
2021-03-14 10:37 - 2021-03-14 10:37 - 000002262 _____ C:\WINDOWS\system32\Tasks\StartCN
2021-03-14 10:37 - 2021-03-14 10:37 - 000002182 _____ C:\WINDOWS\system32\Tasks\StartDVR
2021-03-14 10:37 - 2021-03-14 10:37 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation
2021-03-14 10:37 - 2021-03-14 10:37 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
2021-03-14 10:37 - 2021-03-14 10:37 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-03-14 10:37 - 2021-03-14 10:37 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVG
2021-03-14 10:37 - 2021-03-14 10:37 - 000000000 ____D C:\WINDOWS\system32\Tasks\Apple
2021-03-14 10:35 - 2021-03-14 10:36 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2021-03-14 10:35 - 2021-03-14 10:36 - 000007623 _____ C:\WINDOWS\diagerr.xml
2021-03-14 10:11 - 2021-03-14 12:07 - 001767126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-03-14 09:54 - 2021-03-14 10:40 - 000000000 ____D C:\Users\lux
2021-03-14 09:54 - 2019-12-07 05:10 - 000001105 _____ C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-14 09:43 - 2021-03-14 14:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-03-14 09:43 - 2021-03-14 09:44 - 005146496 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-03-14 09:42 - 2021-03-14 11:59 - 000008192 ___SH C:\DumpStack.log.tmp
2021-03-13 13:32 - 2021-03-14 10:41 - 000000000 ___DC C:\WINDOWS\Panther
2021-03-13 12:50 - 2021-03-13 12:50 - 000000000 ___HD C:\$WinREAgent
2021-03-13 12:09 - 2021-03-13 12:09 - 032003126 _____ C:\Users\lux\Downloads\bnsupport-linux-x64.run
2021-03-13 09:51 - 2021-03-13 09:51 - 000000008 __RSH C:\ProgramData\ntuser.pol
2021-03-13 08:15 - 2021-03-14 14:47 - 000000000 ____D C:\Users\lux\Desktop\FIRST
2021-03-12 23:11 - 2021-03-12 23:11 - 000000000 ___HD C:\$Windows.~WS
2021-03-12 20:55 - 2021-03-13 03:33 - 000000000 ____D C:\ESD
2021-03-12 16:06 - 2021-03-14 14:48 - 000000000 ____D C:\FRST
2021-03-12 12:08 - 2021-03-12 12:13 - 000000000 ____D C:\AdwCleaner
2021-03-12 12:03 - 2021-03-10 16:07 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-03-12 10:44 - 2021-03-14 12:57 - 000000538 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task f670f671-a83d-4db4-af77-19ffa5594347.job
2021-03-12 10:44 - 2021-03-14 12:57 - 000000538 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d7b383c5-6fed-4ab5-a88a-e04bda5480a0.job
2021-03-12 05:59 - 2021-03-12 10:23 - 000000000 ____D C:\Users\TEMP.DESKTOP-E8BVDK8.001
2021-03-12 05:59 - 2019-03-19 00:46 - 000001105 _____ C:\Users\TEMP.DESKTOP-E8BVDK8.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-12 05:58 - 2021-03-12 05:59 - 000000000 ____D C:\Users\TEMP.DESKTOP-E8BVDK8.000
2021-03-12 05:58 - 2021-03-12 05:58 - 000000000 ____D C:\Users\TEMP.DESKTOP-E8BVDK8
2021-03-12 05:58 - 2019-03-19 00:46 - 000001105 _____ C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-12 05:58 - 2019-03-19 00:46 - 000001105 _____ C:\Users\TEMP.DESKTOP-E8BVDK8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-12 05:57 - 2021-03-12 05:58 - 000000000 ____D C:\Users\TEMP
2021-03-11 16:12 - 2021-03-11 16:13 - 000000000 ____D C:\windows update fix
2021-03-11 16:08 - 2021-03-11 16:08 - 000000000 ____D C:\Users\lux\AppData\Roaming\SUPERAntiSpyware.com
2021-03-11 16:06 - 2021-03-14 10:00 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2021-03-11 16:06 - 2021-03-11 16:08 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2021-03-11 16:06 - 2021-03-11 16:06 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2021-03-11 16:02 - 2021-03-11 16:02 - 000000000 ____D C:\Users\lux\AppData\Local\ElevatedDiagnostics
2021-03-11 15:33 - 2021-03-11 15:50 - 000000000 ____D C:\Users\lux\AppData\Local\NPE
2021-03-11 11:49 - 2021-03-14 11:55 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-03-10 16:11 - 2021-03-12 12:04 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-03-10 16:11 - 2021-03-10 16:11 - 000000000 ____D C:\Users\lux\AppData\Local\mbam
2021-03-10 16:10 - 2021-03-10 16:10 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-03-10 16:10 - 2021-03-10 16:07 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-03-10 16:07 - 2021-03-10 16:07 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-03-10 16:06 - 2021-03-10 16:06 - 000000000 ____D C:\Program Files\Malwarebytes
2021-03-09 19:33 - 2021-03-13 18:50 - 000000000 ____D C:\Users\lux\AppData\Local\CrashDumps
2021-03-09 17:41 - 2021-03-09 17:41 - 000000000 ____D C:\ProgramData\Sophos
2021-03-09 17:40 - 2021-03-14 13:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2021-03-09 17:40 - 2021-03-09 17:40 - 000002775 _____ C:\ProgramData\Desktop\Sophos Virus Removal Tool.lnk
2021-03-09 17:40 - 2021-03-09 17:40 - 000000000 ____D C:\Program Files (x86)\Sophos
2021-03-09 04:28 - 2021-03-09 04:28 - 000000000 ____D C:\Users\lux\AppData\Local\VS Revo Group
2021-03-09 04:21 - 2021-03-14 13:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2021-03-09 04:21 - 2021-03-09 04:21 - 000001122 _____ C:\ProgramData\Desktop\Revo Uninstaller Pro.lnk
2021-03-09 04:21 - 2021-03-09 04:21 - 000000000 ____D C:\ProgramData\VS Revo Group
2021-03-09 04:21 - 2021-03-09 04:21 - 000000000 ____D C:\Program Files\VS Revo Group
2021-03-09 04:21 - 2020-10-14 04:07 - 000038400 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2021-03-08 09:02 - 2021-03-08 09:02 - 000001999 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Internet Security.lnk
2021-03-08 09:02 - 2021-02-22 17:03 - 000340224 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2021-03-08 08:40 - 2021-03-14 13:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2021-03-08 08:40 - 2021-03-14 12:00 - 000000000 ____D C:\ProgramData\HitmanPro.Alert
2021-03-08 08:40 - 2021-03-08 08:40 - 001006032 _____ (SurfRight B.V.) C:\WINDOWS\system32\hmpalert.dll
2021-03-08 08:40 - 2021-03-08 08:40 - 001004496 _____ (SurfRight B.V.) C:\WINDOWS\SysWOW64\hmpalert.dll
2021-03-08 08:40 - 2021-03-08 08:40 - 000429800 _____ (SurfRight B.V.) C:\WINDOWS\system32\Drivers\hmpalert.sys
2021-03-08 08:40 - 2021-03-08 08:40 - 000179144 _____ (SurfRight B.V.) C:\WINDOWS\system32\hmpshell.dll
2021-03-08 08:40 - 2021-03-08 08:40 - 000000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2021-03-07 23:16 - 2021-03-07 23:16 - 000001912 _____ C:\ProgramData\Desktop\BlueStacks.lnk
2021-03-07 23:06 - 2021-03-07 23:06 - 000000000 ____D C:\Program Files\BlueStacks
2021-03-06 04:50 - 2021-03-06 04:50 - 000000000 _____ C:\Users\lux\Desktop\Nice Cookies style.txt
2021-03-04 15:06 - 2021-03-13 21:04 - 000001315 _____ C:\Users\lux\Desktop\cookies terms.txt
2021-03-01 06:26 - 2021-03-01 07:13 - 000000000 ____D C:\Users\lux\Documents\OrbComposer
2021-03-01 06:22 - 2021-03-01 07:46 - 000000000 ____D C:\Users\lux\AppData\Roaming\com.hexachords.OrbComposer
2021-03-01 06:22 - 2018-05-16 17:23 - 000116272 _____ (Bome Software GmbH & Co. KG) C:\WINDOWS\system32\bomemidi_coinst.dll
2021-03-01 00:31 - 2021-03-01 00:31 - 000002120 _____ C:\Users\lux\Desktop\third party cookies note bluehost website.txt
2021-02-28 23:17 - 2021-02-28 23:17 - 000001389 _____ C:\Users\lux\Desktop\Adobe XD.lnk
2021-02-28 22:19 - 2021-02-28 22:19 - 000000000 ___HD C:\$AV_AVG
2021-02-28 10:10 - 2021-03-14 06:21 - 000000000 ____D C:\Users\lux\AppData\LocalLow\IGDump
2021-02-26 06:17 - 2021-02-26 06:29 - 000000000 ____D C:\Program Files\Firefox Developer Edition
2021-02-22 17:04 - 2021-02-22 17:03 - 000215464 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2021-02-20 00:58 - 2021-02-20 00:58 - 000035058 _____ C:\Users\lux\Documents\WINAMP.m3u8
2021-02-18 20:55 - 2021-02-18 20:55 - 000000000 ____D C:\Users\lux\Documents\Adobe
2021-02-18 20:19 - 2021-02-18 20:19 - 000000941 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2017.lnk
2021-02-18 20:19 - 2021-02-18 20:19 - 000000000 ____D C:\ProgramData\Documents\Adobe
2021-02-14 05:27 - 2021-02-14 05:27 - 000000000 ____D C:\backup
2021-02-12 03:24 - 2021-02-12 03:25 - 000001068 _____ C:\Users\lux\Documents\cc_20210212_032454.reg
2021-02-12 03:24 - 2021-02-12 03:24 - 000015302 _____ C:\Users\lux\Documents\cc_20210212_032357.reg

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-14 14:22 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-03-14 13:42 - 2021-02-05 03:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Software
2021-03-14 13:42 - 2021-02-05 03:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Bug Report Tool
2021-03-14 13:42 - 2021-02-03 12:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2021-03-14 13:42 - 2021-01-31 11:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitnami WordPress Stack
2021-03-14 13:42 - 2021-01-13 14:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2021-03-14 13:42 - 2020-07-20 20:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
2021-03-14 13:42 - 2020-07-11 21:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonic Charge
2021-03-14 13:42 - 2020-07-09 16:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2021-03-14 13:42 - 2020-06-28 11:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jBridge
2021-03-14 13:42 - 2020-06-27 18:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLicenser
2021-03-14 13:42 - 2020-06-24 19:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 2019.4.1f1 (64-bit)
2021-03-14 13:42 - 2020-06-17 20:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3 FreeMultiplayer
2021-03-14 13:42 - 2020-04-23 23:29 - 000000000 ____D C:\WINDOWS\system32\UnityInjector
2021-03-14 13:42 - 2020-02-07 23:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
2021-03-14 13:42 - 2019-12-07 05:18 - 000000000 ____D C:\WINDOWS\Setup
2021-03-14 13:42 - 2019-12-07 05:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-03-14 13:42 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2021-03-14 13:42 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2021-03-14 13:42 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-03-14 13:42 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\spool
2021-03-14 13:42 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-03-14 13:42 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Macromed
2021-03-14 13:42 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-03-14 13:42 - 2019-08-19 01:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Borderless Gaming
2021-03-14 13:42 - 2019-08-01 20:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2020 - English
2021-03-14 13:42 - 2019-07-22 14:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAXON
2021-03-14 13:42 - 2019-07-20 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2021-03-14 13:42 - 2019-06-23 20:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2021-03-14 13:42 - 2019-06-19 03:48 - 000000000 ____D C:\Program Files\UNP
2021-03-14 13:42 - 2019-06-14 15:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoulseekQt
2021-03-14 13:42 - 2019-06-03 17:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CSS WaZrOnE
2021-03-14 13:42 - 2019-06-03 17:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter Strike Source WaRzOnE
2021-03-14 13:42 - 2019-06-01 14:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2021-03-14 13:42 - 2019-04-03 00:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart2DCutting 3
2021-03-14 13:42 - 2019-04-01 02:53 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2021-03-14 13:42 - 2019-03-31 22:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulk Image Downloader
2021-03-14 13:42 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-03-14 13:42 - 2019-01-26 04:20 - 000000000 ____D C:\WINDOWS\system32\myApp
2021-03-14 13:42 - 2018-12-18 05:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
2021-03-14 13:42 - 2018-12-03 02:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
2021-03-14 13:42 - 2018-11-22 08:03 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2021-03-14 13:42 - 2018-09-30 02:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2021-03-14 13:42 - 2018-09-18 23:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2021-03-14 13:42 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-03-14 13:42 - 2018-09-05 19:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2021-03-14 13:42 - 2018-09-05 10:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8
2021-03-14 13:42 - 2018-08-28 11:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2018
2021-03-14 13:42 - 2018-08-27 05:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2021-03-14 13:42 - 2018-08-27 05:14 - 000000000 ____D C:\Program Files\IIS
2021-03-14 13:42 - 2018-04-11 19:38 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-03-14 13:31 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Resources
2021-03-14 13:31 - 2019-05-11 01:32 - 000000000 ____D C:\WINDOWS\system32\AMD
2021-03-14 13:29 - 2021-02-06 18:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio
2021-03-14 13:29 - 2020-07-13 22:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2019
2021-03-14 13:29 - 2020-07-05 13:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia
2021-03-14 13:29 - 2020-06-28 00:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2021-03-14 13:29 - 2020-06-27 18:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arturia
2021-03-14 13:29 - 2020-04-06 13:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XCOM - Enemy Unknown [GOG.com]
2021-03-14 13:29 - 2019-08-19 01:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MWGraphics
2021-03-14 13:29 - 2019-05-24 18:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire
2021-03-14 13:29 - 2018-08-27 04:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017
2021-03-14 13:17 - 2019-12-07 05:54 - 000000000 ___SD C:\WINDOWS\system32\AppV
2021-03-14 13:17 - 2019-12-07 05:54 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-03-14 13:17 - 2019-12-07 05:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-03-14 13:17 - 2019-12-07 05:54 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\IME
2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-03-14 13:17 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-03-14 13:17 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\servicing
2021-03-14 13:14 - 2019-12-07 05:54 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-03-14 13:14 - 2019-12-07 05:54 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2021-03-14 13:03 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-03-14 12:25 - 2018-09-26 14:43 - 000000000 ____D C:\ProgramData\AVG
2021-03-14 12:23 - 2019-12-07 05:52 - 000000000 ____D C:\WINDOWS\OCR
2021-03-14 12:16 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2021-03-14 12:16 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2021-03-14 12:16 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2021-03-14 12:16 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2021-03-14 12:16 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\system32\winrm
2021-03-14 12:16 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\system32\WCN
2021-03-14 12:16 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\system32\slmgr
2021-03-14 12:16 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2021-03-14 12:16 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\dsc
2021-03-14 12:16 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2021-03-14 12:16 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\MUI
2021-03-14 12:09 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-03-14 12:09 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2021-03-14 11:58 - 2019-12-07 05:03 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2021-03-14 11:58 - 2018-08-26 11:09 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2021-03-14 11:57 - 2018-08-30 21:47 - 000000000 ____D C:\ProgramData\HitmanPro
2021-03-14 11:54 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-03-14 11:37 - 2018-08-26 12:35 - 000000000 ____D C:\Users\lux\AppData\Local\D3DSCache
2021-03-14 11:03 - 2018-08-26 10:52 - 000000000 ____D C:\Users\lux\AppData\Local\Packages
2021-03-14 11:00 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-03-14 10:57 - 2020-12-29 05:38 - 000000000 ____D C:\Users\lux\AppData\Local\PlaceholderTileLogoFolder
2021-03-14 10:44 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-03-14 10:44 - 2018-08-26 11:09 - 000000000 ____D C:\ProgramData\Packages
2021-03-14 10:42 - 2018-08-26 10:52 - 000000000 ___RD C:\Users\lux\3D Objects
2021-03-14 10:41 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-03-14 10:41 - 2018-09-30 02:19 - 000000000 ____D C:\Program Files\CCleaner
2021-03-14 10:40 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-03-14 10:37 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-03-14 10:37 - 2019-12-07 05:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-03-14 10:33 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-03-14 10:13 - 2020-08-02 20:46 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-03-14 10:11 - 2020-10-30 02:09 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-03-14 10:00 - 2020-07-01 19:00 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments Pro-53
2021-03-14 10:00 - 2020-06-28 00:32 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Arturia
2021-03-14 10:00 - 2020-01-30 02:54 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
2021-03-14 10:00 - 2019-05-11 08:22 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hitman Codename 47
2021-03-14 10:00 - 2018-11-20 14:19 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code
2021-03-14 10:00 - 2018-09-25 01:44 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-03-14 09:56 - 2021-02-03 17:25 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome
2021-03-14 09:56 - 2020-07-29 21:49 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blender
2021-03-14 09:56 - 2020-07-05 03:22 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iZotope
2021-03-14 09:56 - 2020-06-30 14:29 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments FM7
2021-03-14 09:56 - 2020-06-30 14:13 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Modartt
2021-03-14 09:56 - 2020-06-28 14:27 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Voxengo
2021-03-14 09:56 - 2020-06-27 23:42 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton
2021-03-14 09:56 - 2019-03-16 07:07 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D
2021-03-14 09:50 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\appcompat
2021-03-14 09:43 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-03-14 07:19 - 2018-08-26 19:33 - 000008192 __RSH C:\BOOTSECT.BAK
2021-03-14 02:48 - 2018-08-26 19:33 - 000413738 __RSH C:\bootmgr
2021-03-14 02:48 - 2018-08-26 19:33 - 000000001 ___SH C:\BOOTNXT
2021-03-13 11:02 - 2020-12-06 11:08 - 000000000 ____D C:\Program Files\Common Files\ChaosGroup
2021-03-13 08:10 - 2020-07-13 02:04 - 000000000 ____D C:\Users\lux\AppData\Roaming\vlc
2021-03-12 08:17 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\TextInput
2021-03-12 00:34 - 2018-08-27 04:17 - 000000000 ____D C:\Program Files\dotnet
2021-03-12 00:34 - 2018-08-26 11:10 - 000000000 ____D C:\ProgramData\Package Cache
2021-03-11 15:38 - 2018-08-26 11:00 - 000000000 ____D C:\ProgramData\Norton
2021-03-11 15:28 - 2020-08-16 10:50 - 000000000 ____D C:\unreal
2021-03-11 11:57 - 2018-08-26 15:16 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-03-11 11:46 - 2018-08-26 15:15 - 131005360 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-03-10 09:35 - 2018-08-27 04:10 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2021-03-10 09:35 - 2018-08-27 04:10 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2021-03-10 09:34 - 2019-06-23 22:08 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2021-03-10 09:20 - 2018-08-27 04:02 - 000000000 ____D C:\Users\lux\AppData\Roaming\Visual Studio Setup
2021-03-10 09:19 - 2018-08-27 04:02 - 000001433 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2021-03-10 09:19 - 2018-08-27 04:02 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2021-03-09 15:50 - 2020-07-20 20:04 - 000000000 ____D C:\Users\lux\Documents\Bandicam
2021-03-09 10:32 - 2019-10-04 04:02 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2021-03-09 06:45 - 2019-06-23 22:15 - 000000000 ____D C:\Program Files (x86)\Autodesk
2021-03-09 06:39 - 2018-09-01 11:34 - 000000000 ____D C:\Program Files\Epic Games
2021-03-09 05:45 - 2019-03-31 22:07 - 000000000 ____D C:\Users\lux\Documents\Bulk Image Downloader
2021-03-09 04:12 - 2018-10-06 15:37 - 000000000 ____D C:\Users\lux\AppData\Local\Opera Software
2021-03-09 04:12 - 2018-10-06 15:35 - 000000000 ____D C:\Users\lux\AppData\Roaming\Opera Software
2021-03-08 04:35 - 2018-12-13 17:22 - 000000000 ____D C:\ProgramData\Mozilla
2021-03-08 03:17 - 2018-08-26 18:13 - 000000000 ____D C:\Users\lux\AppData\LocalLow\Mozilla
2021-03-07 23:21 - 2020-07-21 03:29 - 000000000 ____D C:\Users\lux\AppData\Local\BlueStacksSetup
2021-03-07 23:16 - 2020-07-21 03:42 - 000001924 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks.lnk
2021-03-07 23:16 - 2020-07-21 03:42 - 000001295 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks Multi-Instance Manager.lnk
2021-03-07 22:55 - 2020-02-04 00:26 - 000000000 ____D C:\Users\lux\AppData\Local\BlueStacks
2021-03-07 12:43 - 2018-08-30 14:50 - 000280904 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2021-03-07 12:42 - 2019-05-04 03:22 - 000280904 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2021-03-07 11:46 - 2018-08-26 14:28 - 000000000 ____D C:\ProgramData\Origin
2021-03-07 05:41 - 2020-06-17 09:11 - 000000000 ____D C:\Users\lux\AppData\Local\nintend01337
2021-03-06 11:40 - 2021-01-04 01:18 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-03-06 11:40 - 2018-11-29 22:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-03-06 06:10 - 2018-11-29 22:42 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-03-05 08:33 - 2018-08-27 02:46 - 000000000 ____D C:\Users\lux\AppData\Roaming\Code
2021-03-02 23:54 - 2020-06-28 11:37 - 000000000 ____D C:\Users\lux\Documents\Max 8
2021-03-01 06:14 - 2019-05-30 10:50 - 000000000 ____D C:\Users\lux\AppData\Local\BitTorrentHelper
2021-02-28 23:10 - 2020-11-03 23:43 - 000000000 ____D C:\Program Files\Common Files\Adobe
2021-02-26 06:19 - 2020-08-16 05:58 - 000001075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Developer Edition.lnk
2021-02-25 03:30 - 2021-01-29 20:33 - 000000033 _____ C:\Users\lux\AppData\Roaming\AdobeWLCMCache.dat
2021-02-23 23:15 - 2019-06-27 02:45 - 000000000 ____D C:\Users\lux\AppData\Roaming\audacity
2021-02-23 14:49 - 2018-08-28 02:48 - 000000000 ____D C:\Users\lux\AppData\Local\.IdentityService
2021-02-22 17:04 - 2020-10-14 11:58 - 000175368 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2021-02-22 17:04 - 2018-10-16 23:14 - 000465800 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2021-02-22 17:04 - 2018-10-16 23:14 - 000327104 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2021-02-22 17:03 - 2020-06-19 09:01 - 000521472 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgNetHub.sys
2021-02-22 17:03 - 2019-01-14 14:48 - 000357400 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys
2021-02-22 17:03 - 2019-01-04 12:18 - 000249368 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys
2021-02-22 17:03 - 2019-01-04 12:18 - 000098840 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys
2021-02-22 17:03 - 2018-10-16 23:14 - 000850248 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2021-02-22 17:03 - 2018-10-16 23:14 - 000208176 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2021-02-22 17:03 - 2018-10-16 23:14 - 000107920 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2021-02-22 17:03 - 2018-10-16 23:14 - 000083496 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2021-02-22 17:03 - 2018-10-16 23:14 - 000041424 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys
2021-02-19 07:04 - 2021-02-05 03:57 - 000000000 ____D C:\Users\lux\AppData\Local\AMD_Common
2021-02-18 21:06 - 2018-08-26 10:52 - 000000000 ____D C:\Users\lux\AppData\Roaming\Adobe
2021-02-18 20:19 - 2021-01-04 08:08 - 000000000 ____D C:\Program Files\Adobe
2021-02-14 00:16 - 2021-01-31 11:33 - 000000000 ____D C:\Bitnami

==================== Files in the root of some directories ========

2021-01-29 20:33 - 2021-02-25 03:30 - 000000033 _____ () C:\Users\lux\AppData\Roaming\AdobeWLCMCache.dat
2020-06-27 19:14 - 2020-06-28 12:44 - 000000016 _____ () C:\Users\lux\AppData\Roaming\msregsvv.dll
2019-04-21 01:12 - 2019-04-21 01:12 - 000000000 _____ () C:\Users\lux\AppData\Local\oobelibMkey.log
2019-05-01 04:20 - 2019-05-01 04:28 - 000007605 _____ () C:\Users\lux\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-03-2021
Ran by lux (14-03-2021 14:55:16)
Running from C:\Users\lux\Desktop\FIRST
Windows 10 Pro Version 20H2 19042.867 (X64) (2021-03-14 14:40:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4022856778-3193992897-3864231476-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4022856778-3193992897-3864231476-503 - Limited - Disabled)
Guest (S-1-5-21-4022856778-3193992897-3864231476-501 - Limited - Disabled)
lux (S-1-5-21-4022856778-3193992897-3864231476-1001 - Administrator - Enabled) => C:\Users\lux
WDAGUtilityAccount (S-1-5-21-4022856778-3193992897-3864231476-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Disabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: AVG Antivirus (Enabled - Up to date) {A3C8941D-8036-3856-D9BB-709D4A2A7EAC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Antivirus (Disabled) {2092F4DC-EC63-3680-C854-E2DACF7E736A}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
Ableton Live 10 Suite (HKLM\...\{FE06C730-0296-42D9-B869-4E819D7F47A3}) (Version: 10.0.0.0 - Ableton)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.0.327 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version:  - Adobe)
Adobe Illustrator 2021 (HKLM-x32\...\ILST_25_0_1) (Version: 25.0.1 - Adobe Inc.)
Adobe Illustrator CC 2017 (HKLM-x32\...\ILST_21_0_0) (Version: 21.0.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_1_0) (Version: 11.1.0 - Adobe Systems Incorporated)
AIDA64 Extreme v6.00 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 6.00 - FinalWire Ltd.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.11.2 - Advanced Micro Devices, Inc.)
AmpliTube2 (HKLM-x32\...\{C95AACD4-9507-4F5C-9D53-22B1ACCFECD1}) (Version: 2.1.0 - IK Multimedia)
Apple Mobile Device Support (HKLM\...\{F9CEF01A-3907-4614-824F-CF5D3E4675EF}) (Version: 14.1.0.35 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Arturia Moog Modular V v1.1 (HKLM-x32\...\Arturia Moog Modular V v1.1) (Version:  - )
Audacity 2.3.2 (HKLM-x32\...\Audacity_is1) (Version: 2.3.2 - Audacity Team)
AutoCAD 2016 - Español (Spanish) (HKLM\...\{5783F2D7-F001-040A-2102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2020 - English (HKLM\...\{28B89EEF-3001-0409-2102-CF3F3A09B77D}) (Version: 23.1.47.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.15 - Autodesk)
Autodesk AutoCAD 2016 - Español (Spanish) (HKLM\...\AutoCAD 2016 - Español (Spanish)) (Version: 20.1.49.0 - Autodesk)
Autodesk AutoCAD 2020 - English (HKLM\...\AutoCAD 2020 - English) (Version: 23.1.47.0 - Autodesk)
Autodesk Genuine Service (HKLM-x32\...\{317D67F2-9027-4E85-9ED1-ADF4D765AE02}) (Version: 3.0.11 - Autodesk)
AVG Internet Security (HKLM-x32\...\AVG Antivirus) (Version: 21.1.3164 - AVG Technologies)
Bandicam (HKLM-x32\...\Bandicam) (Version: 4.6.1.1688 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandicam.com)
Bitnami WordPress Stack (HKLM\...\Bitnami WordPress Stack 5.6-3) (Version: 5.6-3 - Bitnami)
Blender (HKLM\...\{A239FF96-639F-4269-9673-E7ED60D5C74D}) (Version: 2.83.3 - Blender Foundation)
BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.270.0.1053 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Borderless Gaming (HKLM-x32\...\Borderless Gaming_is1) (Version: 9.5.6 - Andrew Sampson)
Branding64 (HKLM\...\{856DA29A-EA4A-468B-BBC2-B5F60DD75BFE}) (Version: 1.00.0002 - Advanced Micro Devices, Inc.) Hidden
Bulk Image Downloader v4.91.0.0 (HKLM-x32\...\Bulk Image Downloader_is1) (Version:  - Antibody Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.77 - Piriform)
Cinema 4D 20.026 (HKLM\...\MAXONE3565005) (Version: 20.026 - MAXON Computer GmbH)
Counter Strike Source WaRzOnE (HKLM-x32\...\{3F77C740-D6C8-4BDB-B730-49C8D8BCA9ED}) (Version: 2.0 - Warzone) Hidden
DXTBmp (HKLM-x32\...\{2C1544E4-5DA6-4A72-B1BA-E4692991C1DC}) (Version: 1.00.000 - )
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version:  - Steinberg Media Technologies GmbH)
Enscape | BcgTeam | (HKLM\...\{F894D868-CEE6-4CE5-9F77-F39EEBA486A5}) (Version: 2.8.0.26218 - Enscape GmbH)
FARO LS 1.1.502.0 (64bit) (HKLM-x32\...\{66D83FE0-D798-4B38-86FE-FB48151E5AEF}) (Version: 5.2.0.35213 - FARO Scanner Production)
FastStone Image Viewer 6.7 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.7 - FastStone Soft)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Firefox Developer Edition 87.0 (x64 en-US) (HKLM\...\Firefox Developer Edition 87.0 (x64 en-US)) (Version: 87.0 - Mozilla)
GIMP 2.10.20 (HKLM\...\GIMP-2_is1) (Version: 2.10.20 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.90 - Google LLC)
Google Earth Pro (HKLM\...\{FB8010D4-05F4-420D-8DFC-2F911A6DD100}) (Version: 7.3.3.7786 - Google)
Google SketchUp Pro 8 (HKLM-x32\...\{88A47643-0A80-4FA8-A568-E9A63AAA98F4}) (Version: 3.0.14346 - Google, Inc.)
HitmanPro.Alert 3 (HKLM\...\HitmanPro.Alert) (Version: 3.8.8.889 - SurfRight B.V.)
Hotspot Shield 8.4.6 (HKLM-x32\...\{5a448f6b-7c15-4a0d-a10e-4f94eaf65bbb}) (Version: 8.4.6.11320 - AnchorFree Inc.)
Hotspot Shield 8.4.6 (HKLM-x32\...\{AF599C42-A2E5-4251-B7EE-4925D1670F5B}) (Version: 8.4.6.11320 - AnchorFree Inc.) Hidden
Hotspot Shield 8.4.6 (HKLM-x32\...\HotspotShield) (Version: 8.4.6 - AnchorFree Inc.) Hidden
ILLUSION プレイクラブ (HKLM-x32\...\{EDA7A566-434A-4784-AE98-74AFA46A2485}) (Version: 1.00.0000 - ILLUSION)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{3DAC4F8C-80E6-4204-8A58-747FA4CBAA03}) (Version: 16.0.246 - Intel Corporation)
iTunes (HKLM\...\{0F55124A-C00E-4227-A543-19389E732653}) (Version: 12.10.10.2 - Apple Inc.)
Java SE Development Kit 8 Update 181 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180181}) (Version: 8.0.1810.13 - Oracle Corporation)
Java SE Development Kit 8 Update 181 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180181}) (Version: 8.0.1810.13 - Oracle Corporation)
JBridge (HKLM-x32\...\JBridge) (Version:  - JBridge)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech Gaming Software 9.02 (HKLM\...\Logitech Gaming Software) (Version: 9.02.65 - Logitech Inc.)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
M-Audio Fast Track 6.1.12 (x64) (HKLM\...\{102B819F-54FB-4CD3-8B48-B80C210D55BC}) (Version: 6.1.12 - M-Audio)
Microsoft .NET Core Runtime - 2.1.26 (x64) (HKLM-x32\...\{50acab5a-426e-4788-8de9-99b047dbe1c5}) (Version: 2.1.26.29812 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.400 (x64) (HKLM-x32\...\{341254ab-6143-402e-9b7e-944f8b63e97d}) (Version: 2.1.400 - Microsoft Corporation)
Microsoft ASP.NET Core 2.1.26 - Shared Framework (HKLM-x32\...\{8faa55cd-6b10-43b4-a759-4880f79eeac3}) (Version: 2.1.26.45833 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.50 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{52EBC484-44A1-4DC5-824A-0A503735ABD8}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29325 (HKLM-x32\...\{33628a12-6787-4b9f-95a1-92449f69fae0}) (Version: 14.28.29325.2 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.26.28808 (HKLM-x32\...\{12410e80-cba2-4479-8539-12de3513ff53}) (Version: 14.26.28808.1 - Microsoft Corporation)
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.54.1 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.9.3352.28579 - Microsoft Corporation)
Microsoft Web Deploy 4.0 (HKLM\...\{BBCDB523-F5B7-4E53-A911-C85191E3BDF0}) (Version: 10.0.2606 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Mozilla Firefox 86.0 (x64 en-US) (HKLM\...\Mozilla Firefox 86.0 (x64 en-US)) (Version: 86.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 82.0 - Mozilla)
N.I Pro-53 v3.0-OxYGeN (HKLM-x32\...\N.I Pro-53 v3.0-OxYGeN) (Version:  - )
Native Instruments FM7 v1.10.006 (HKLM-x32\...\Native Instruments FM7 v1.10.006) (Version:  - )
Nightly 84.0a1 (x64 en-US) (HKLM\...\Nightly 84.0a1 (x64 en-US)) (Version: 84.0a1 - Mozilla)
Pianoteq v2.2.0 (HKLM-x32\...\Pianoteq22) (Version:  - )
Revo Uninstaller Pro 4.4.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.4.2 - VS Revo Group, Ltd.)
SketchUp 2018 (HKLM\...\{C702DD60-EBF4-4961-8B7D-F209B361F985}) (Version: 18.0.16975 - Trimble, Inc.)
Smart2DCutting 3.5 Demo (HKLM-x32\...\Smart2DCutting_is1) (Version:  - )
Sonic Charge Synplant 1.0 (HKLM-x32\...\Sonic Charge Synplant_is1) (Version:  - )
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.8.0 - Sophos Limited)
SoulseekQt version 2017.2.20 (HKLM-x32\...\{8A4E1646-488C-4E5B-AC31-F784400E8D2D}_is1) (Version: 2017.2.20 - Soulseek LLC)
Spotify (HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\Spotify) (Version: 1.1.45.621.gdddebadc - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1220 - SUPERAntiSpyware.com)
UE4 Prerequisites (x64) (HKLM\...\{F9EC45F9-074A-48BF-92E9-A8CADD56F693}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Universal CRT Redistributable (HKLM-x32\...\{B6273353-8B54-1F89-1A16-5940925104CE}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
VideoPad, editor de vídeo (HKLM-x32\...\VideoPad) (Version: 6.26 - NCH Software)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Voxengo Analogflux Suite 1.3 (HKLM-x32\...\Voxengo Analogflux Suite) (Version:  - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22589 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{E6F877A1-2F65-4BF0-87B6-A4071B7663D3}) (Version: 10.1.0.0 - Microsoft Corporation)

Packages:
=========
Adblock Plus -> C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.19.0_neutral__d55gg7py3s0m0 [2021-03-14] (eyeo GmbH)
Adobe XD -> C:\Program Files\WindowsApps\Adobe.CC.XD_25.3.12.1_x64__adky2gkssdxte [2021-02-28] (Adobe Systems Incorporated)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2021-03-14] (Microsoft Corporation)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.7.2026.0_x64__rz1tebttyb220 [2021-03-13] (Dolby Laboratories)
Excel Mobile -> C:\Program Files\WindowsApps\Microsoft.Office.Excel_16001.13801.20274.0_x64__8wekyb3d8bbwe [2021-03-09] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-03-14] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-03-14] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-03-14] (Microsoft Studios) [MS Ad]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-13] (Microsoft Corporation)
PicsArt - Photo Studio -> C:\Program Files\WindowsApps\2FE3CB00.PICSART-PHOTOSTUDIO_9.3.4.0_x64__crhqpqs3x1ygc [2021-02-18] (PicsArt Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> G:\Program Files\AutoCAD 2016\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> G:\Program Files\AutoCAD 2016\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001_Classes\CLSID\{4AC6DFE1-607B-45B2-B289-D7FBCD44169C}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2020\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> G:\Program Files\AutoCAD 2016\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001_Classes\CLSID\{74D0CE91-F931-4FAC-BEA9-EE32E43EAD37}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2020\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001_Classes\CLSID\{D1DE6864-2236-48B7-99C3-D29C757903A4}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2020\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> G:\Program Files\AutoCAD 2016\es-ES\acadficn.dll (Autodesk Development Sarl -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2019-01-30] (Autodesk, Inc. -> Autodesk, Inc.)
ShellIconOverlayIdentifiers: [HitmanPro.Alert Shell Extension] -> {6FAC02B7-77D6-418B-AC11-962C65CDE8DD} => C:\WINDOWS\system32\hmpshell.dll [2021-03-08] (SurfRight B.V. -> SurfRight B.V.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2019-01-30] (Autodesk, Inc. -> Autodesk)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3-x32: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files (x86)\FileASSASSIN\FileASSASSINExt.dll [2007-03-30] (Malwarebytes) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2020-11-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2020-09-28] (VS Revo Group Ltd. -> VS Revo Group)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [105984 2018-09-25] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [vidc.mjpg] => C:\WINDOWS\system32\bdmjpeg64.dll [75248 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\WINDOWS\system32\bdmpegv64.dll [75272 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\WINDOWS\system32\bdmpega64.acm [75784 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2018-09-25] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> )

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hitman Codename 47\Run Registry Patch.lnk -> C:\Program Files (x86)\Hitman Codename 47\setup.bat ()
Shortcut: C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D\DAZStudio4\Online Documentation.lnk -> hxxp:docs.daz3d.com\doku.php\public\software\dazstudio
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Nightly.lnk -> C:\Program Files\Firefox Nightly\firefox.exe (Mozilla Corporation)
ShortcutWithArgument: C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\TikTok.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=ahoadnkmomodgfkfokbclmabbfdaejpe

==================== Loaded Modules (Whitelisted) =============

2021-01-31 11:34 - 2020-09-23 10:31 - 000553472 _____ (Google Inc.) [File not signed] C:\Bitnami\wordpress-5.6-3\mysql\bin\libprotobuf-lite.dll
2018-09-18 23:24 - 2018-04-30 08:00 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2021-03-14 09:59 - 2021-03-14 09:59 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2021-03-14 09:59 - 2021-03-14 09:59 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
2021-01-31 11:34 - 2020-07-22 17:07 - 003422720 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Bitnami\wordpress-5.6-3\mysql\bin\libcrypto-1_1-x64.dll
2021-01-31 11:34 - 2020-07-22 17:07 - 000686592 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Bitnami\wordpress-5.6-3\mysql\bin\libssl-1_1-x64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\Software\Classes\.scr: AutoCADScriptFile => 

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT171002&iDate=2020-07-26 01:16:55&bName=

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-11-01 13:43 - 2021-03-13 09:10 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1       localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64_win\compiler;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Common Files\Autodesk Shared\
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
MpsSvc => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: XblAuthManager => 3
HKLM\...\StartupApproved\Run: => "WinZip FAH"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run: => "WinZip PreLoader"
HKLM\...\StartupApproved\Run: => "WinZip UN"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "pac"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "WinZip PreLoader"
HKLM\...\StartupApproved\Run32: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\StartupFolder: => "GenuineService.lnk"
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "antMR"
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "Windscribe"
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "Opera Browser Assistant"
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "Gaijin.Net Updater"
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{D4948004-361D-4076-86E7-5ABB319A00A8}G:\program files (x86)\epic games\twinmotion\twinmotion\binaries\win64\twinmotion-win64-shipping.exe] => (Allow) G:\program files (x86)\epic games\twinmotion\twinmotion\binaries\win64\twinmotion-win64-shipping.exe (Epic Games, Inc. -> Epic Games)
FirewallRules: [TCP Query User{96A140D4-1CB0-47D8-ACA9-5F8D34B79EEE}G:\program files (x86)\epic games\twinmotion\twinmotion\binaries\win64\twinmotion-win64-shipping.exe] => (Allow) G:\program files (x86)\epic games\twinmotion\twinmotion\binaries\win64\twinmotion-win64-shipping.exe (Epic Games, Inc. -> Epic Games)
FirewallRules: [{525A587F-CAE8-4FBD-90ED-EED1BF716125}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1E6FED81-AB16-4F29-BDCC-5B4518AD3CB0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2CC9B6F6-1FBC-4B98-8A39-D42A09E61F74}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{49F7E302-7337-4890-A38F-5A2E4A449201}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1D6D3354-2C38-4906-BC3C-89D87047FC67}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{14CD318F-06C1-4976-A70D-0935FA648005}C:\users\lux\appdata\local\programs\microsoft vs code\code.exe] => (Allow) C:\users\lux\appdata\local\programs\microsoft vs code\code.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{C8D3CEB3-49FB-4C61-9E47-B5DCDE4F54FA}C:\users\lux\appdata\local\programs\microsoft vs code\code.exe] => (Allow) C:\users\lux\appdata\local\programs\microsoft vs code\code.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A012426A-AF53-4AA8-9C24-F1941D4BC685}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B484DAF7-D825-4122-8B3E-E23270E2BD6A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4497B2D4-F967-4811-93B1-38A39CBD5A5E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C3F448DB-750B-4371-934D-4F2CF89CEBE2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{73D36F44-B8FC-46F9-BD86-85ACCF0ED44D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8618C14C-AFE8-43F1-924F-A4DCE06BD46D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8B4EC4A2-75F5-4443-B3C5-1BA336AE293A}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{E8B93944-6E12-4C1B-B8C4-AEFFF4363FE7}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [UDP Query User{0CA4B7AA-3BFB-49C1-999D-01FC8F4E2DB9}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [TCP Query User{DDA22431-DB1F-476C-8187-C3466203AF33}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [{67F106EE-0F28-4878-A08A-733B4EF576F4}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{685A9BDF-993F-4ADB-A0AC-9735DF5FF493}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [UDP Query User{E00E4221-64BA-43AC-B760-80353239B723}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [TCP Query User{0842BE26-2C89-4EA5-92A3-BCD0CB5AE75E}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [TCP Query User{4132A5E6-FBD7-484E-B9B9-126A5751257C}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe () [File not signed]
FirewallRules: [UDP Query User{45CFE5A9-734A-433F-961F-DCC2D0ABE5AD}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe () [File not signed]
FirewallRules: [TCP Query User{1C743F75-4ED1-4179-980A-E861F4789287}C:\program files\maxon\cinema 4d r20\cinema 4d.exe] => (Block) C:\program files\maxon\cinema 4d r20\cinema 4d.exe (MAXON Computer GmbH -> MAXON Computer GmbH)
FirewallRules: [UDP Query User{345B7D43-516F-4009-9CBB-C94BB3CB26BD}C:\program files\maxon\cinema 4d r20\cinema 4d.exe] => (Block) C:\program files\maxon\cinema 4d r20\cinema 4d.exe (MAXON Computer GmbH -> MAXON Computer GmbH)
FirewallRules: [TCP Query User{84E8E9E1-917B-4C3C-9480-89A3716AD041}C:\program files\epic games\twinmotion\twinmotion\binaries\win64\twinmotion-win64-shipping.exe] => (Allow) C:\program files\epic games\twinmotion\twinmotion\binaries\win64\twinmotion-win64-shipping.exe => No File
FirewallRules: [UDP Query User{DC3E93A4-8B5B-4F9F-ACD5-64FB5669939F}C:\program files\epic games\twinmotion\twinmotion\binaries\win64\twinmotion-win64-shipping.exe] => (Allow) C:\program files\epic games\twinmotion\twinmotion\binaries\win64\twinmotion-win64-shipping.exe => No File
FirewallRules: [AITech.Hss] => (Block) C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe (AnchorFree Inc -> AnchorFree Inc.)
FirewallRules: [TCP Query User{DCF0D657-09B1-4288-869E-77C13A2A570A}C:\users\lux\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lux\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{74D27538-2737-4EE2-9C5B-DDF738C2308B}C:\users\lux\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lux\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{FC98E2F6-2EBE-4679-9C08-105C212D5A82}C:\users\lux\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\lux\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{9AE3A485-6746-4AC9-803E-F645FAE0DA45}C:\users\lux\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\lux\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D4BE90EA-6954-4650-8AD7-06997CE00DE0}] => (Allow) C:\Program Files\Firefox Nightly\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{32A441C7-2B41-4729-81E4-B8246ED8D1CC}] => (Allow) C:\Program Files\Firefox Nightly\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{46F01F67-F913-426B-9367-FDF633F82839}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C0A300DA-C7FE-46CB-AB64-24D54259F22E}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{70AA0E45-01FB-4AD6-A31C-6CA7B6853F69}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Block) C:\program files (x86)\soulseekqt\soulseekqt.exe () [File not signed]
FirewallRules: [UDP Query User{6844176F-0359-470A-ACB1-3E788B31823D}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Block) C:\program files (x86)\soulseekqt\soulseekqt.exe () [File not signed]
FirewallRules: [{4068B1FC-33AA-48F9-9B21-91A41B0894C8}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{6540525A-8759-44FF-86D1-2A716E385E99}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{09AF76EC-7182-427E-B7EC-776933EFA317}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{399E0CE8-30DB-4E57-B375-981327FDE6FA}] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{7E9E0B21-3EC0-48A5-9D11-53E899A305FD}] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{A90EA75F-BFCD-40BF-9647-7DCC4685D987}C:\program files\sketchup\sketchup 2018\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2018\sketchup.exe (Trimble Navigation -> Trimble, Inc.) [File not signed]
FirewallRules: [UDP Query User{A2523DDD-C391-4592-84D4-E20DD37D53D2}C:\program files\sketchup\sketchup 2018\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2018\sketchup.exe (Trimble Navigation -> Trimble, Inc.) [File not signed]
FirewallRules: [TCP Query User{4063BC32-126F-4281-8B00-E0E50E9D02AC}C:\program files\sketchup\sketchup 2018\sketchup.exe] => (Block) C:\program files\sketchup\sketchup 2018\sketchup.exe (Trimble Navigation -> Trimble, Inc.) [File not signed]
FirewallRules: [UDP Query User{79E87D8A-CF81-4C2D-8025-087F136D1279}C:\program files\sketchup\sketchup 2018\sketchup.exe] => (Block) C:\program files\sketchup\sketchup 2018\sketchup.exe (Trimble Navigation -> Trimble, Inc.) [File not signed]
FirewallRules: [TCP Query User{F67527AE-B139-4693-87D9-F0CE98F895E1}C:\program files\epic games\twinmotion\twinmotion\binaries\win64\twinmotion-win64-shipping.exe] => (Block) C:\program files\epic games\twinmotion\twinmotion\binaries\win64\twinmotion-win64-shipping.exe => No File
FirewallRules: [UDP Query User{15EE96A1-0D00-4B59-B3F4-0C9372359DFF}C:\program files\epic games\twinmotion\twinmotion\binaries\win64\twinmotion-win64-shipping.exe] => (Block) C:\program files\epic games\twinmotion\twinmotion\binaries\win64\twinmotion-win64-shipping.exe => No File
FirewallRules: [TCP Query User{2EFCB0ED-73F4-4202-AEC2-6214D6563B7C}C:\bitnami\wordpress-5.6-3\mysql\bin\mysqld.exe] => (Allow) C:\bitnami\wordpress-5.6-3\mysql\bin\mysqld.exe () [File not signed]
FirewallRules: [UDP Query User{2B81AA42-F74A-4C97-BBC5-9DF9A94BEE1B}C:\bitnami\wordpress-5.6-3\mysql\bin\mysqld.exe] => (Allow) C:\bitnami\wordpress-5.6-3\mysql\bin\mysqld.exe () [File not signed]
FirewallRules: [TCP Query User{024CCE94-12F7-408D-9659-DBD2BF5C6C35}C:\bitnami\wordpress-5.6-3\apache2\bin\httpd.exe] => (Allow) C:\bitnami\wordpress-5.6-3\apache2\bin\httpd.exe => No File
FirewallRules: [UDP Query User{EBCFC915-82C7-4565-A11C-014716BB5405}C:\bitnami\wordpress-5.6-3\apache2\bin\httpd.exe] => (Allow) C:\bitnami\wordpress-5.6-3\apache2\bin\httpd.exe => No File
FirewallRules: [{4FC22BC9-E9B1-4CAE-AE76-D764372CF704}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F8894969-DBB7-46CD-8C17-DB43EE686206}] => (Allow) G:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{7C4459D1-94AF-4735-BB83-E422076FB4B3}] => (Allow) G:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{7E7D8DDA-2903-4810-B234-3E9A3190A219}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)

==================== Restore Points =========================

14-03-2021 11:43:13 Windows Modules Installer
14-03-2021 11:46:59 Windows Modules Installer
14-03-2021 11:53:36 Windows Modules Installer

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (03/14/2021 01:17:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: XD.exe, version: 25.3.12.1, time stamp: 0x5e2041c6
Faulting module name: KERNELBASE.dll, version: 10.0.19041.804, time stamp: 0x0e9c5eae
Exception code: 0xc000027b
Fault offset: 0x000000000010bd5c
Faulting process id: 0x26b4
Faulting application start time: 0x01d718ed7ff21c53
Faulting application path: C:\Program Files\WindowsApps\Adobe.CC.XD_25.3.12.1_x64__adky2gkssdxte\XD.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 9cb14f74-b088-43e7-8e4d-a17f97b8fc96
Faulting package full name: Adobe.CC.XD_25.3.12.1_x64__adky2gkssdxte
Faulting package-relative application ID: App

Error: (03/14/2021 01:04:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hmpalert.exe, version: 3.8.8.889, time stamp: 0x5fcb59be
Faulting module name: ntdll.dll, version: 10.0.19041.844, time stamp: 0xa9ac4e88
Exception code: 0xc000070a
Fault offset: 0x001048ad
Faulting process id: 0x12f8
Faulting application start time: 0x01d718ec4894e822
Faulting application path: C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: e91fcfc4-0c82-47d8-8fd6-946613e47a6a
Faulting package full name: 
Faulting package-relative application ID:

Error: (03/14/2021 11:57:56 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (03/14/2021 10:49:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 10.0.19041.789 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 29f0

Start Time: 01d718e1108a926b

Termination Time: 4294967295

Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe

Report Id: edfb3071-a634-4b06-a1aa-c65ddc0fd92b

Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Hang type: Quiesce

Error: (03/14/2021 09:50:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program drvinst.exe version 10.0.19041.844 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 7ec

Start Time: 01d718d874bea348

Termination Time: 5

Application Path: C:\Windows\System32\drvinst.exe

Report Id: b2a678f4-e4b9-472c-ae45-22de32bd4d2e

Faulting package full name: 

Faulting package-relative application ID: 

Hang type: Cross-process

Error: (03/14/2021 09:46:50 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1409.


System errors:
=============
Error: (03/14/2021 12:55:35 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-E8BVDK8)
Description: Unable to start a DCOM Server: Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe!App.AppX7jktj9tkq9wvy6vgdmk01c27hm98yt2s.mca as Unavailable/Unavailable. The error:
"2147942402"
Happened while starting this command:
"C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca

Error: (03/14/2021 12:55:33 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-E8BVDK8)
Description: Unable to start a DCOM Server: Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe!App.AppX65n3t4j73ch7cremsjxn7q8bph1ma8jw.mca as Unavailable/Unavailable. The error:
"2147942402"
Happened while starting this command:
"C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca

Error: (03/14/2021 12:55:05 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-E8BVDK8)
Description: Unable to start a DCOM Server: Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe!App.AppX7jktj9tkq9wvy6vgdmk01c27hm98yt2s.mca as Unavailable/Unavailable. The error:
"2147942402"
Happened while starting this command:
"C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca

Error: (03/14/2021 12:55:03 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-E8BVDK8)
Description: Unable to start a DCOM Server: Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe!App.AppX65n3t4j73ch7cremsjxn7q8bph1ma8jw.mca as Unavailable/Unavailable. The error:
"2147942402"
Happened while starting this command:
"C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca

Error: (03/14/2021 12:54:57 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-E8BVDK8)
Description: Unable to start a DCOM Server: Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe!App.AppX7jktj9tkq9wvy6vgdmk01c27hm98yt2s.mca as Unavailable/Unavailable. The error:
"2147942402"
Happened while starting this command:
"C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca

Error: (03/14/2021 12:54:52 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-E8BVDK8)
Description: Unable to start a DCOM Server: Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe!App.AppX65n3t4j73ch7cremsjxn7q8bph1ma8jw.mca as Unavailable/Unavailable. The error:
"2147942402"
Happened while starting this command:
"C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca

Error: (03/14/2021 12:49:42 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-E8BVDK8)
Description: Unable to start a DCOM Server: Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe!App.AppX7jktj9tkq9wvy6vgdmk01c27hm98yt2s.mca as Unavailable/Unavailable. The error:
"2147942402"
Happened while starting this command:
"C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca

Error: (03/14/2021 12:44:42 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-E8BVDK8)
Description: Unable to start a DCOM Server: Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca as Unavailable/Unavailable. The error:
"2147942402"
Happened while starting this command:
"C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca


CodeIntegrity:
===============
Date: 2021-03-14 14:47:30
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-03-14 14:45:44
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.


==================== Memory info =========================== 

BIOS: American Megatrends Inc. P1.00 10/05/2015
Motherboard: ASRock N68-GS4/USB3 FX R2.0
Processor: AMD FX(tm)-4100 Quad-Core Processor 
Percentage of memory in use: 53%
Total physical RAM: 8175.24 MB
Available physical RAM: 3779.26 MB
Total Virtual: 8943.24 MB
Available Virtual: 4073.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.23 GB) (Free:54.83 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:465.75 GB) (Free:14.87 GB) NTFS
Drive e: (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.28 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (inthestudio) (Fixed) (Total:230 GB) (Free:4.9 GB) NTFS
Drive g: () (Fixed) (Total:1402.67 GB) (Free:121.72 GB) NTFS
Drive h: () (Fixed) (Total:232.88 GB) (Free:12.3 GB) NTFS
Drive i: (inthestudio) (Fixed) (Total:230 GB) (Free:3.8 GB) NTFS
Drive j: (DAT) (Fixed) (Total:232.88 GB) (Free:1.18 GB) NTFS

\\?\Volume{465b29d7-0000-0000-0000-800e25000000}\ () (Fixed) (Total:0.81 GB) (Free:0.38 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149 GB) (Disk ID: 465B29D7)
Partition 1: (Active) - (Size=148.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=833 MB) - (Type=27)

==========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 3A233A22)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.8 GB) - (Type=0F Extended)

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: E474C32A)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1402.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=230 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=230 GB) - (Type=0F Extended)

==================== End of Addition.txt =======================

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

The logs overall don't show an infection. A few recommendations.

AVG was sold out long ago and bought up by Avast - if you're using a paid version of Malwarebytes you might want to consider removing AVG and using Windows Defender with Malwarebytes

If you do decide you want to keep AVG then I'd suggests an uninstall and reinstall as older installations often seem to cause issues and the reinstall can sometimes fix it.

 

Please go to Control Panel, Programs, Programs and Features and uninstall the following

Bonjour
Java SE Development Kit 8 Update 181
 

What exactly is mDNSResponder.exe? (Bonjour)

https://www.groovypost.com/howto/howto/what-is-mdnsresponder-exe-and-why-is-it-running/

MDNSResponder, also known as Bonjour, is Apple’s native zero-configuration networking process for Mac that was ported over to Windows and associated with MDNSNSP.DLL.  On a Mac or iOS device, this program is used for networking nearly everything.  On Windows, this process is only necessary for sharing libraries via iTunes and other Mac applications like the Apple TV that were ported to Windows.  Bonjour allows different computers running iTunes to communicate with each other regardless of network configuration, this is because it enables automatic network discovery.

What Is mDNSResponder.exe / Bonjour and How Can I Uninstall or Remove It?
https://www.howtogeek.com/howto/6456/what-is-mdnsresponder.exe-bonjour-and-how-can-i-uninstall-or-remove-it/

 

 

If you really have to have Java then keep it up to date at all times.

 

Other than that no real major issues shown in the logs

 

Link to post
Share on other sites
iamthefutureofall

iamthefutureofall

Posted
  • Author
Posted

Thank you, I have this issue 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 3/16/21
Protection Event Time: 1:04 AM
Log File: 18e46718-8615-11eb-94de-d05099abd555.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1217
Update Package Version: 1.0.38221
License: Trial

-System Information-
OS: Windows 10 (Build 19041.867)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Google\Chrome\Application\chrome.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: Malware
Domain: 
IP Address: 45.56.121.35
Port: 80
Type: Outbound
File: C:\Program Files\Google\Chrome\Application\chrome.exe

(end)

Link to post
Share on other sites
iamthefutureofall

iamthefutureofall

Posted
  • Author
Posted
4 hours ago, AdvancedSetup said:

Stop using Chrome would be my suggestion 😄

 

Please follow the directions from the following topic and let us know if that corrects the issue for you.

 

Thank you

 

Thanks , I had like 20 extensions when in extensions I have only 4 . that is a temporary fix or It's now fixed? do I have to do something more? it is better to uninstall / install chrome? do you recommend to reset chrome too? 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

As long as it's now  cleaned up and no errors or detections you should be good to go now.

Malwarebytes should be coming back clean now.

We can run another AV scanner though just to make sure.

 

 

Let me have you run a different scanner to double-check. I don't expect it to find anything, but no harm in checking.

I would suggest a free scan with the ESET Online Scanner

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

  • It will start a download of "esetonlinescanner.exe"
  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started. 
  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes 
  • When prompted for scan type, Click on Full scan 
  • Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button.
  • Have patience.  The entire process may take an hour or more. There is an initial update download.
  • There is a progress window display.
  • You should ignore all prompts to get the ESET antivirus software program.   ( e.g.  their standard program).   You do not need to buy or get or install anything else.
  • When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
  • Click The blue “Save scan log” to save the log.
  • If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at bottom).
  • Press Continue when all done.  You should click to off the offer for “periodic scanning”.

 

 

Link to post
Share on other sites
iamthefutureofall

iamthefutureofall

Posted
  • Author
Posted (edited)
10 hours ago, AdvancedSetup said:

Just the shortcut - do not delete the msiexec.exe program. That is a valid MS Windows file

Thanks @iamthefutureofall

 

 the file it's not in the right location its supposed to be in system32 not SysWOW64 . can you tell me I'm wrong?  

Edited by iamthefutureofall
Link to post
Share on other sites
iamthefutureofall

iamthefutureofall

Posted
  • Author
Posted (edited)

 

 Another scary thing. I put the directory of Warzone (where it was the malware shortcut attached to msiexec.exe on SysWOW64) into the Address bar of Google Chrome then  automatically downloaded the file from the location of my drive to the browser. is that normal ?

then if I proceed here's a picture of the entries that I was telling you about

and are those @netlogon a threat too ?

Untitled.jpeg

 

Edited by AlexSmith
Removed Keto spam image
Link to post
Share on other sites
iamthefutureofall

iamthefutureofall

Posted
  • Author
Posted (edited)

Another thing  is that AdwCleaner never  went to reboot after scanning, maybe I did wrong the FRST logs? I execute FRST from desktop and the first time I deleted the FRST.exe without the uninstall method . and went to download it again , and when I did the uninstall.exe (before that I have deleted the .OldFRST folder manually ) then another thing that  Maybe i did wrong was when you asked me to give you the logs again Because you couldn't read them from the clipboard I just copied them from the clipboard and put them in .txt file , then I gave the logs. (maybe If I did wrong I'm sorry )

Edited by iamthefutureofall
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Our forum software is preventing posts about K e t o

Please run the following again for me and we'll see what else is going on.

 

 

Please run the following steps and post back the logs as an attachment when ready.
Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans are completed.
Temporarily disable Microsoft SmartScreen to download software below if needed. Make sure to turn it back on once the scans are completed.
If you still have trouble downloading the software please click on Reveal Hidden Contents below for examples of how to allow the download.
 

Spoiler
 
 
 
 

 

Spoiler

 

When downloading with some browsers you may see a different style of screens that may block FRST from downloading. The program is safe and used hundreds of times a week by many users.

Example of Microsoft Edge blocking the download

image.png

image.png

image.png

 

 



STEP 01

  • If you already have Malwarebytes installed then open Malwarebytes and click on the Scan button. It will automatically check for updates and run a Threat Scan.
  • If you don't have Malwarebytes installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed make sure you have it quarantine any detections it finds.
  • If no detections were found click on the Save results drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If there were detections then once the quarantine has completed click on the View report button, Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know in your next reply that the scanner would not run.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Double-click to run the program
  • Accept the End User License Agreement.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, if items are found please click Quarantine.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Attach or Copy its content into your next reply.

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here each time
  • Please attach the Additions.txt log to your reply as well.
  • On your next reply, you should be attaching frst.txt and additions.txt to your post, every time.

 

Thanks

Link to post
Share on other sites
iamthefutureofall

iamthefutureofall

Posted
  • Author
Posted (edited)

I figure it out . here are the Files , and I did another scan with 90 days cheked . can I provide you with that too? Also I have the windows built in Antivirus package right now, I did no not how yo disable it , I run the programs with windows smartscreen off but with the antivirus on windows and firewall on. is that ok? or I can run it again no problem without the windows antivirus If you tell me 

 

Addition.txt mb.txt AdwCleaner[S06].txt FRST.txt

Edited by iamthefutureofall
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept