Blog

AntiRecuvaAndDB.exe svchost.exe envoie à IP en Chine un ransomware chiffré – Bien monter son serveur

Le 19 juin 2021 , mis à jour le 4 septembre 2021 - 65 minutes de lecture

[bzkshopping keyword= »Minecraft » count= »8″ template= »grid »]

J'ai été touché par une rançon qui m'a incité à envoyer un autre e-mail [email protected] J'ai envoyé et envoyé un e-mail mais je n'ai pas répondu. J'ai reçu un message indiquant que tous mes fichiers avaient été cryptés. Pour ces ordinateurs, j'ai dû réinitialiser le système d'exploitation. Un ordinateur (j'ai environ six ordinateurs portables) n'a pas semblé être affecté par la rançon, mais a été infecté par un logiciel malveillant. J'ai fait une analyse Windows Defender sur cet ordinateur et il a trouvé Rançon : Win32 / Phobos.PC ! VTT AntiRecuvaAndDB.exe sur mon lecteur partagé NAS et l'a garanti. Le logiciel malveillant est décrit ci-dessous https://www.bleepingcomputer.com/forums/t/688649/phobos-ransomware-id-idemailphobos-adame-help-support/page-59

Mes problèmes n'étaient pas terminés. Parfois, je ne pouvais pas me connecter à l'ordinateur via RDP, et la prochaine fois, j'ai reçu un avertissement svchost.exe envoie à une adresse IP en Chine. J'ai vissé le pare-feu. et a exécuté le scanner.

Résultat de l'analyse de Passable Recovery Scan Tool (FRST) (x64) Version : 16-06-2021

Piloté par papa (administrateur) sur DESKTOP-NBI7G7F (LENOVO 11ADS0B100) (17-06-2021 17:10:56)

Fonctionne à partir de C: Users papa Downloads

Profils chargés : papa & SQLTELEMETRY & MSSQLSERVER

Plate-forme : Windows 10 Pro Version 20H2 19042.1052 (X64) Langue : Anglais (États-Unis)

Navigateur par défaut : Chrome

Mode de démarrage : Normal

===================== Processus (approuvés) ==================

(Si une entrée est incluse dans la liste des correctifs, le processus se ferme. Le fichier n'est pas déplacé.)

(Citrix Systems, Inc. -> Citrix Systems, Inc.) C: Program Files (x86) Citrix ICA Client Browser CtxWebBrowser.exe <6>

(Citrix Systems, Inc. -> Citrix Systems, Inc.) C: Program Files (x86) Citrix ICA Client AuthManager AuthManSvr.exe

(Citrix Systems, Inc. -> Citrix Systems, Inc.) C: Program Files (x86) Citrix ICA Client concentr.exe

(Citrix Systems, Inc. -> Citrix Systems, Inc.) C: Program Files (x86) Citrix ICA Client Receiver Receiver.exe

(Citrix Systems, Inc. -> Citrix Systems, Inc.) C: Program Files (x86) Citrix ICA Client Receiver UpdaterService.exe

(Citrix Systems, Inc. -> Citrix Systems, Inc.) C: Program Files (x86) Citrix ICA Client redirector.exe

(Citrix Systems, Inc. -> Citrix Systems, Inc.) C: Program Files (x86) Citrix ICA Client SelfServicePlugin SelfService.exe

(Citrix Systems, Inc. -> Citrix Systems, Inc.) C: Program Files (x86) Citrix ICA Client SelfServicePlugin SelfServicePlugin.exe

(Citrix Systems, Inc. -> Citrix Systems, Inc.) C: Program Files (x86) Citrix ICA Client wfcrun32.exe

(Citrix Systems, Inc. -> Citrix Systems, Inc.) C: Program Files (x86) Citrix ICA Client wfica32.exe

(Google LLC -> Google LLC) C: Program Files (x86) Google Update 1.3.36.82 GoogleCrashHandler.exe

(Google LLC -> Google LLC) C: Program Files (x86) Google Update 1.3.36.82 GoogleCrashHandler64.exe

(Google LLC -> Google LLC) C:Program FilesGoogleChromeApplicationchrome.exe <23>

(INTEL CORP) C:Program FilesWindowsAppsAppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6cttGCP.ML.BackgroundSysTrayIGCCTray.exe

(Intel Corporation -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorydptf_cpu.inf_amd64_82b77f8c4618e2d0esif_uf.exe

(Intel Corporation -> Intel® Corporation) C: Program Files Common Files Intel WirelessCommon RegSrvc.exe

(Intel Corporation -> Intel® Corporation) C: Program Files Intel WiFi bin EvtEng.exe

(Intel Corporation -> Intel® Corporation) C: Program Files Intel WiFi bin ZeroConfigService.exe

(Groupe Sous-systèmes et blocs IP intégrés Intel® -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorydal.inf_amd64_0b214be229a13e84jhi_service.exe

(Groupe Sous-systèmes et blocs IP intégrés Intel® -> Intel Corporation) C: Windows System32 DriverStore FileRepository lms.inf_amd64_51074a304c325b5d LMS.exe

(Intel® pGFX 2020 -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorycui_dch.inf_amd64_8a301c120b987c01igfxCUIService.exe

(Intel® pGFX 2020 -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryigcc_dch.inf_amd64_523d41b353d185cfOneApp.IGCC.WinService.exe

(Intel® pGFX 2020 -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryiigd_dch.inf_amd64_b9dbc85a6586959bIntelCpHDCPSvc.exe

(Intel® pGFX 2020 -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryiigd_dch.inf_amd64_b9dbc85a6586959bIntelCpHeciSvc.exe

(Lenovo -> Lenovo Group Ltd.) C: Program Files (x86) Lenovo VantageService 3.7.19.0 Lenovo.Vantage.AddinHost.exe

(Lenovo -> Lenovo Group Ltd.) C: Program Files (x86) Lenovo VantageService 3.7.19.0 LenovoVantageService.exe

(Lenovo -> Lenovo Group Ltd.) C: Windows Lenovo ImController Service Lenovo.Modern.ImController.exe

(Malwarebytes Inc -> Malwarebytes) C: Program Files Malwarebytes Anti-Malware MBAMService.exe

(Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-Malwarembamtray.exe

(Microsoft Corporation -> Microsoft Corporation) C:Program FilesCommon Filesmicrosoft sharedClickToRunOfficeClickToRun.exe

(Microsoft Corporation -> Microsoft Corporation) C:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe

(Microsoft Corporation -> Microsoft Corporation) C:Program FilesMicrosoft SQL ServerMSSQL15.MSSQLSERVERMSSQLBinnsqlceip.exe

(Microsoft Corporation -> Microsoft Corporation) C:Program FilesMicrosoft SQL ServerMSSQL15.MSSQLSERVERMSSQLBinnsqlservr.exe

(Microsoft Corporation -> Microsoft Corporation) C:UsersdaddyAppDataLocalMicrosoftOneDrive21.109.0530.0001FileCoAuth.exe

(Microsoft Corporation -> Microsoft Corporation) C:UsersdaddyAppDataLocalMicrosoftOneDriveOneDrive.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe <3>

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32LogonUI.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32oobeUserOOBEBroker.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32rdpclip.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32smartscreen.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32wlanext.exe

(Oracle America, Inc. -> Oracle Corporation) C: Program Files (x86) Common Files Java Java Update jucheck.exe

(Oracle America, Inc. -> Oracle Corporation) C: Program Files (x86) Common Files Java Java Update jusched.exe

(PRIMAX ÉLECTRONIQUE LTÉE ->) [File not signed] C: Program Files Lenovo Lenovo Essential Wireless Keyboard KBOSD.exe

(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:WindowsSystem32DriverStoreFileRepositoryrealtekservice.inf_amd64_9971779a1c712866RtkAudUService64.exe <2>

===================== S'inscrire (approuvé) ====================

(Si une entrée est incluse dans la liste des correctifs, l'entrée de registre est restaurée par défaut ou supprimée. Le fichier n'est pas déplacé.)

HKLM … Exécutez : [RtkAudUService] => C:WINDOWSSystem32DriverStoreFileRepositoryrealtekservice.inf_amd64_9971779a1c712866RtkAudUService64.exe [1201968 2020-10-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

HKLM … Exécutez : [Lenovo Essential Wireless Keyboard OSD] => C: Program Files Lenovo Lenovo Essential Wireless Keyboard KBOSD.exe [4485424 2019-04-11] (PRIMAX ÉLECTRONIQUE LTÉE ->) [File not signed]

HKLM-x32 … Exécutez : [SunJavaUpdateSched] => C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [710776 2020-06-18] (Oracle America, Inc. -> Oracle Corporation)

HKLM-x32 … Exécutez : [ConnectionCenter] => C:Program Files (x86)CitrixICA Clientconcentr.exe [2344552 2021-06-11] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

HKLM-x32 … Exécutez : [Redirector] => C:Program Files (x86)CitrixICA Clientredirector.exe [794728 2021-06-11] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

HKLM-x32 … Exécutez : [InstallHelper] => C:Program Files (x86)CitrixCitrix WorkSpace 2106InstallHelper.exe [441448 2021-06-16] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

HKU S-1-5-21-801466221-149834458-993484874-1001 … Exécuter : [Bomgar_Cleanup_ZD4532062511607] => cmd.exe/C rd/S/Q "C:UsersdaddyAppDataLocalTempnsx851F.tmpb" & reg.exe supprime HKCUSoftwareMicrosoftWindowsCurrentVersionRun/v Bomgar_Cleanup_ZD4532062511607/ f <==== REMARQUE !

HKU S-1-5-21-801466221-149834458-993484874-1001 … Exécuter : [Bomgar_Cleanup_ZD4584768713342] => cmd.exe / C rd / S / Q " C: ProgramData bomgar-scc-0x60cb4a45 " & reg.exe supprime HKCU Software Microsoft Windows CurrentVersion Run / v Bomgar_Cleanup_ZD4584768713342 / f <==== NOTEZ CE QUI SUIT

HKLM Software Microsoft Active Setup Composants installés : [8A69D345-D564-463c-AFF1-A69D9E530F96] -> C:Program FilesGoogleChromeApplication91.0.4472.106Installerchrmstp.exe [2021-06-15] (Google LLC -> Google LLC)

Démarrage : C: Users Dad AppData Roaming Microsoft Windows Start Menu Programs Startup Citrix Workspace.lnk [2021-06-03]

ShortcutTarget : Citrix Workspace.lnk -> C: Program Files (x86) Citrix ICA Client SelfServicePlugin SelfServicePlugin.exe (Citrix Systems, Inc. -> Citrix Systems, Inc.)

====================== Tâches planifiées (approuvées) ==============

(Si une entrée est incluse dans la liste des correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé à moins qu'il ne soit répertorié séparément.)

Tâche : 09246B3A-8233-4D2E-8EF0-46AE0AC253FC – System32 Tasks Microsoft Office Office Feature Updates Logon => C: Program Files Microsoft Office root Office16 sdxhelper.exe [147272 2021-06-12] (Microsoft Corporation -> Microsoft Corporation)

Tâche : 2027384A-ECB2-433E-BB1A-CD9D54B1647D – System32 Tasks GoogleUpdateTaskMachineCore => C: Program Files (x86) Google Update GoogleUpdate.exe [156104 2020-09-30] (Google LLC -> Google LLC)

Tâche : 23455BB9-9668-43FC-B0ED-85BCDE711F1A – System32 Tasks Lenovo ImController Plugins LenovoSystemUpdatePlugin_WeeklyTask => % windir% System32 reg.exe add hklm SOFTWARE d Lenovo SystemUp / f / reg : 32

Tâche : 372300DF-412C-4A4C-9EEE-867987C6E359 – System32 Tasks Microsoft VisualStudio Updates BackgroundDownload => C: Program Files (x86) Microsoft Visual Studio Installer resources app ServiceHub Services Microsoft .VisualStudio.Setup.Service BackgroundDownload.exe [65448 2021-06-09] (Microsoft Corporation -> Microsoft)

Tâche : 44C195B9-1903-437F-8238-794C6C73D541 – System32 Tasks Lenovo Vantage Schedule DailyTelemetryTransmission => C: Program Files (x86) Lenovo VantageService 3.7.19.0 ScheduleEventAction.exe [23968 2021-05-17] (Lenovo -> Lenovo Group Ltd.)

Tâche : 467D8F28-79FC-4EB3-A45C-D1B6AF13FFA0 – System32 Tasks Microsoft Office Office Automatic Updates 2.0 => C: Program Files Common Files Microsoft Shared ClickToRun OfficeC2RClient.exe [23124856 2021-06-03] (Microsoft Corporation -> Microsoft Corporation)

Tâche : 6B3E1EF4-0BFE-4967-9940-ACEC6A8816D8 – System32 Tasks Lenovo ImController TimeBasedEvents 7a69b1b2-dca2-42ef-9985-da1532cc6c00 => C: WINDOWS Lenovo ImControll. ImController.exe [81824 2021-03-14] (Lenovo -> Lenovo Group Ltd.)

Tâche : 71DFA76B-A967-4BBF-8DD7-8AE91F41B43A – System32 Tasks Lenovo ImController TimeBasedEvents 234d62ed-fd5f-40e6-b1d5-043bfd200c3f => C: WINDOWS. ImController.exe [81824 2021-03-14] (Lenovo -> Lenovo Group Ltd.)

Tâche : 973B2E7C-0921-4D91-844D-B129BC2B40B0 – System32 Tasks GoogleUpdateTaskMachineUA => C: Program Files (x86) Google Update GoogleUpdate.exe [156104 2020-09-30] (Google LLC -> Google LLC)

Tâche : A7E829CD-CF6D-4C8E-B76E-7E63D53BD257 – System32 Tasks Lenovo Vantage Lenovo.Vantage.ServiceMaintainance =>% systemroot% system32 sc.exe lance LenovoVantageService

Tâche : B570FA6A-C02E-4624-B571-D04BFD01C5FB – System32 Tasks Microsoft Office Office ClickToRun Service Monitor => C: Program Files Common Files Microsoft Shared ClickToRun OfficeC2RClient.exe [23124856 2021-06-03] (Microsoft Corporation -> Microsoft Corporation)

Tâche : BADCA65F-EAC4-42FA-81F4-73B7444AA16E – System32 Tasks Lenovo ImController TimeBasedEvents 6b103bc8-ba88-488a-b474-7b2eb759846e => C: WINDOWS Lenovo ImC. Un service. ImController.exe [81824 2021-03-14] (Lenovo -> Lenovo Group Ltd.)

Tâche : C72B7A4B-70B2-49F2-9E81-C7A474D942D4 – System32 Tasks Lenovo BatteryGauge BatteryGaugeMaintenance => C: ProgramData Lenovo ImController Plugins LenovoBatteryGaugePackage x64 BGH [144456 2021-05-19] (Lenovo -> Lenovo Group Ltd.)

Tâche : E29BE27F-C5C9-4AE4-A380-C94B093182BB – System32 Tasks Microsoft Office Office Feature Updates => C: Program Files Microsoft Office root Office16 sdxhelper.exe [147272 2021-06-12] (Microsoft Corporation -> Microsoft Corporation)

Tâche : E8B59FCF-6C9E-4D51-995C-2BF5F9DFC0E0 – System32 Tasks Lenovo Vantage Schedule VantageTelemetryAddinTask => C: Program Files (x86) Lenovo VantageService 3.6.15.0 Schedule

Tâche : EDE9BF48-B14C-4338-BDC9-F9C96FA5E73A – System32 Tasks Lenovo ImController Lenovo iM Controller Scheduled Maintenance => "% windir% system32 sc.exe" DÉMARRER ImControllerService

Tâche : F74EB83B-ED68-467D-9EA3-24C05309FFA2 – System32 Tasks Lenovo ImController Lenovo iM Controller Monitor => C: WINDOWS system32 ImController.InfInstaller.exe [62392 2021-03-14] (Lenovo -> Lenovo Group Ltd.)

(Si une entrée est incluse dans la liste des correctifs, le fichier de tâche (.job) est déplacé. Le fichier exécuté par la tâche n'est pas déplacé.)

===================== Internet (approuvé) ====================

(Si un élément est inclus dans la liste de correctifs, il sera supprimé ou restauré à la valeur par défaut s'il s'agit d'un élément de registre.)

Tcpip Paramètres : [DhcpNameServer] 192.168.50.1

Tcpip..Interfacecf7f8ba5-4198-4503-9a29-4d55a6560ba7 : [DhcpNameServer] 192.168.50.1

Bord:

=======

Extension Edge : (sans nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C: windows SystemApps Microsoft.MicrosoftEdge_8wekyb3d8bbwe Assets HostExtensions AutoFormFill [not found]

Extension Edge : (Sans nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C: windows SystemApps Microsoft.MicrosoftEdge_8wekyb3d8bbwe Assets BookViewer [not found]

Extension Edge : (sans nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C: windows SystemApps Microsoft.MicrosoftEdge_8wekyb3d8bbwe Assets HostExtensions LearningTools [not found]

Extension Edge : (Sans nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C: windows SystemApps Microsoft.MicrosoftEdge_8wekyb3d8bbwe Assets HostExtensions PinJSAPI [not found]

Profil par défaut Edge : par défaut

Profil Edge : C: Users Dad AppData Local Microsoft Edge User Data Default [2021-06-17]

Alertes Edge : Par défaut -> hxxps : //voice.google.com

FireFox :

========

Plugin FF : @ java.com/DTPlugin, version = 11.261.2 -> C:Program FilesJavajre1.8.0_261bindtpluginnpDeployJava1.dll [2020-08-07] (Oracle America, Inc. -> Oracle Corporation)

FF-plugin : @ java.com/JavaPlugin, version = 11.261.2 -> C:Program FilesJavajre1.8.0_261binplugin2npjp2.dll [2020-08-07] (Oracle America, Inc. -> Oracle Corporation)

Plugin FF : @microsoft.com/SharePoint, version=14.0 -> C:Program FilesMicrosoft OfficerootOffice16NPSPWRAP.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)

Plugin FF-x32 : @ microsoft.com/SharePoint, version = 14.0 -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16NPSPWRAP.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)

Chrome:

=======

Profil par défaut du CHR : par défaut

Profil CHR : C: Users Dad AppData Local Google Chrome User Data Default [2021-06-17]

Alertes CHR : Par défaut -> hxxps : //drive.google.com

CHR StartupUrls : Par défaut -> "hxxp : //www.google.com/ig", "hxxp : //www.google.com/"

Extension CHR : (diapositives) – C: Users Dad AppData Local Google Chrome User Data Default Extensions aapocclcgogkmnckokdopfmhonfmgoek [2020-09-30]

Extension CHR : (Adblocker pour Chrome – NoAds) – C: Users daddy AppData Local Google Chrome User Data Standard Extensions alplpnakfeabeiebipdmaenpmbgknjce [2020-09-30]

Extension CHR : (Docs) – C: Users daddy AppData Local Google Chrome User Data Standard Extensions aohghmighlieiainnegkcijnfilokake [2020-09-30]

Extension CHR : (Google Drive) – C: Users Dad AppData Local Google Chrome User Data Default Extensions apdfllckaahabafndbhieahigkjlhalf [2020-11-19]

Extension CHR : (YouTube) – C: Users daddy AppData Local Google Chrome User Data Standard Extensions blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-09-30]

Extension CHR : (Google Play Music) – C: Users daddy AppData Local Google Chrome User Data Standard Extensions fahmaaghhglfmonjliepjlchgpgfmobi [2020-12-10]

Extension CHR : (Feuille) – C: Users Dad AppData Local Google Chrome User Data Default Extensions felcaaldnbdncclmgdcncolpebgiejap [2020-09-30]

Extension CHR : (Postman) – C: Users daddy AppData Local Google Chrome User Data Standard Extensions fhbjgbiflinjbdggehcddcbncdddomop [2020-09-30]

Extension CHR : (React Developer Tools) – C: Users daddy AppData Local Google Chrome User Data Default Extensions fmkadmapgofadopljbjfkapdkoienihi [2021-06-09]

Extension CHR : (FantasyPros : Gagnez votre Fantasy League) – C: Users daddy AppData Local Google Chrome User Data Standard Extensions gfbepnlhpkbgbkcebjnfhgjckibfdfkc [2021-06-09]

Extension CHR : (Google Docs offline) – C: Users daddy AppData Local Google Chrome User Data Standard Extensions ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-25]

Extension CHR : (AdBlock – meilleur bloqueur de publicités) – C: Users daddy AppData Local Google Chrome User Data Standard Extensions gighmmpiobklfepjocnamgkkbiglidom [2021-06-09]

Extension CHR : (Extension Cisco Webex) – C: Users papa AppData Local Google Chrome User Data Default Extensions jlhmfgmfgeifomenelglieieghnjghma [2021-06-10]

Extension CHR : (Loom for Chrome) – C: Users daddy AppData Local Google Chrome User Data Standard Extensions liecbddmkiiihnedobmlmillhodjkdmb [2021-06-17]

Extension CHR : (Vue.js devtools) – C: Users daddy AppData Local Google Chrome User Data Standard Extensions nhdogjmejiglipccpnnnanhbledajbpd [2021-02-03]

Extension CHR : (Chrome Web Store Payments) – C: Users daddy AppData Local Google Chrome User Data Standard Extensions nmmhkkegccagdldgiimedpiccmgmieda [2021-02-03]

Extension CHR : (Lecteur EPUB simple) – C:UsersdaddyAppDataLocalGoogleChromeUser DataStandardExtensionsojhbgcchcbdjdenibfmjofobklkkhofc [2020-09-30]

Extension CHR : (Gmail) – C: Users daddy AppData Local Google Chrome User Data Standard Extensions pjkljhegncpnkpknbcohdijeoejaedia [2020-11-18]

Extension CHR : (Chrome Media Router) – C: Users daddy AppData Local Google Chrome User Data Standard Extensions pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-09]

Profil CHR : C: Users Dad AppData Local Google Chrome User Data Guest Profile [2021-06-17]

Profil CHR : C: Users Dad AppData Local Google Chrome User Data Profile 1 [2021-06-03]

CHR StartupUrls : Profil 1 -> "hxxp : //www.google.com/ig", "hxxp : //www.google.com/"

URL de recherche par défaut du CHR : Profil 1 -> hxxps : //duckduckgo.com/? Q = termes de recherche

Mots-clés de recherche par défaut du CHR : Profil 1 -> duckduckgo.com

CHR DefaultNewTabURL : Profil 1 -> hxxps : //duckduckgo.com/chrome_newtab

URL de suggestion par défaut du CHR : Profil 1 -> hxxps : //duckduckgo.com/ac/? Q = searchTerms & type = liste

Extension CHR : (Diapositives) – C: Users Dad AppData Local Google Chrome User Data Profile 1 Extensions aapocclcgogkmnckokdopfmhonfmgoek [2021-03-25]

Extension CHR : (Docs) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions aohghmighlieiainnegkcijnfilokake [2021-03-25]

Extension CHR : (Google Drive) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions apdfllckaahabafndbhieahigkjlhalf [2021-03-25]

Extension CHR : (DuckDuckGo) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions bkdgflcldnnnapblkhphbgpggdiikppg [2021-05-21]

Extension CHR : (YouTube) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-03-25]

Extension CHR : (Google Chromecast Video Stream) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions cnciopoikihiagdjbjpnocolokfelagl [2021-03-25]

Extension CHR : (Google Play Music) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions fahmaaghhglfmonjliepjlchgpgfmobi [2021-03-25]

Extension CHR : (Feuille) – C: Users Dad AppData Local Google Chrome User Data Profile 1 Extensions felcaaldnbdncclmgdcncolpebgiejap [2021-03-25]

Extension CHR : (Readium) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions fepbnnnkkadjhjahcafoaglimekefifl [2021-03-25]

Extension CHR : (Postman) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions fhbjgbiflinjbdggehcddcbncdddomop [2021-03-25]

Extension CHR : (React Developer Tools) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions fmkadmapgofadopljbjfkapdkoienihi [2021-06-03]

Extension CHR : (FantasyPros : Gagnez votre Fantasy League) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions gfbepnlhpkbgbkcebjnfhgjckibfdfkc [2021-06-03]

Extension CHR : (Google Docs offline) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-21]

Extension CHR : (AdBlock – meilleur bloqueur de publicités) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions gighmmpiobklfepjocnamgkkbiglidom [2021-05-21]

Extension CHR : (Extension Cisco Webex) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions jlhmfgmfgeifomenelglieieghnjghma [2021-03-25]

Extension CHR : (Tag Assistant Legacy (par Google)) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions kejbdjndbnbjgmefkgdddjlbokphdefk [2021-03-25]

Extension CHR : (Loom for Chrome) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions liecbddmkiiihnedobmlmillhodjkdmb [2021-06-03]

Extension CHR : (Virtru Email Protection) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions nemmanchfojaehgkbgcfmdiidbopakpp [2021-06-03]

Extension CHR : (Vue.js devtools) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions nhdogjmejiglipccpnnnanhbledajbpd [2021-03-25]

Extension CHR : (Chrome Web Store Payments) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions nmmhkkegccagdldgiimedpiccmgmieda [2021-03-25]

Extension CHR : (Lecteur EPUB simple) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions ojhbgcchcbdjdenibfmjofobklkkhofc [2021-03-25]

Extension CHR : (Gmail) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions pjkljhegncpnkpknbcohdijeoejaedia [2021-03-25]

Extension CHR : (Chrome Media Router) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-05-21]

Profil CHR : C: Users Dad AppData Local Google Chrome User Data Profile 2 [2021-06-10]

CHR StartupUrls : Profil 2 -> "hxxp : //www.google.com/ig", "hxxp : //www.google.com/"

Extension CHR : (Diapositives) – C: Users Dad AppData Local Google Chrome User Data Profile 2 Extensions aapocclcgogkmnckokdopfmhonfmgoek [2021-03-25]

Extension CHR : (Docs) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions aohghmighlieiainnegkcijnfilokake [2021-03-25]

Extension CHR : (Google Drive) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions apdfllckaahabafndbhieahigkjlhalf [2021-03-25]

Extension CHR : (YouTube) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-03-25]

Extension CHR : (Google Play Music) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions fahmaaghhglfmonjliepjlchgpgfmobi [2021-03-25]

Extension CHR : (Feuille) – C: Users Dad AppData Local Google Chrome User Data Profile 2 Extensions felcaaldnbdncclmgdcncolpebgiejap [2021-03-25]

Extension CHR : (Mailbox) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions fhbjgbiflinjbdggehcddcbncdddomop [2021-03-25]

Extension CHR : (React Developer Tools) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions fmkadmapgofadopljbjfkapdkoienihi [2021-06-09]

Extension CHR : (FantasyPros : Gagnez votre Fantasy League) – C: Users Dad AppData Local Google Chrome User Data Profile 2 Extensions gfbepnlhpkbgbkcebjnfhgjckibfdfkc [2021-06-09]

Extension CHR : (Google Docs offline) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-25]

Extension CHR : (AdBlock – meilleur bloqueur de publicités) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions gighmmpiobklfepjocnamgkkbiglidom [2021-06-09]

Extension CHR : (Extension Cisco Webex) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions jlhmfgmfgeifomenelglieieghnjghma [2021-06-10]

Extension CHR : (Loom for Chrome) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions liecbddmkiiihnedobmlmillhodjkdmb [2021-06-09]

Extension CHR : (Vue.js devtools) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions nhdogjmejiglipccpnnnanhbledajbpd [2021-03-25]

Extension CHR : (Chrome Web Store Payments) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions nmmhkkegccagdldgiimedpiccmgmieda [2021-03-25]

Extension CHR : (Simple EPUB Reader) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions ojhbgcchcbdjdenibfmjofobklkkhofc [2021-03-25]

Extension CHR : (Gmail) – C: Users Dad AppData Local Google Chrome User Data Profile 2 Extensions pjkljhegncpnkpknbcohdijeoejaedia [2021-03-25]

Extension CHR : (Chrome Media Router) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-10]

Profil CHR : C: Users papa AppData Local Google Chrome User Data System Profile [2021-06-17]

====================== Services (approuvés) ====================

(Si une entrée est incluse dans la liste des correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé à moins qu'il ne soit répertorié séparément.)

R2 AzureAttestService ; C:Program FilesMicrosoftAzureAttestServiceAzureAttestService.dll [151288 2019-07-24] (Microsoft Windows -> Microsoft Corporation)

R2 ClickToRunSvc ; C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeClickToRun.exe [11279752 2021-06-03] (Microsoft Corporation -> Microsoft Corporation)

Service de mise à jour CWA R2 ; C:Program Files (x86)CitrixClient ICARécepteurUpdaterService.exe [51816 2021-06-16] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

R2 ImControllerService ; C: WINDOWS Lenovo ImController Service Lenovo.Modern.ImController.exe [81824 2021-03-14] (Lenovo -> Lenovo Group Ltd.)

Service LenovoVantage R2 ; C: Program Files (x86) Lenovo VantageService 3.7.19.0 LenovoVantageService.exe [28576 2021-05-17] (Lenovo -> Lenovo Group Ltd.)

R2 MBAMService; C: Program Files Malwarebytes Anti-Malware MBAMService.exe [7391408 2021-06-03] (Malwarebytes Inc -> Malwarebytes)

R2 MSSQLSERVER ; C:Program FilesMicrosoft SQL ServerMSSQL15.MSSQLSERVERMSSQLBinnsqlservr.exe [626280 2019-09-24] (Microsoft Corporation -> Microsoft Corporation)

Sens S3 ; C: Program Files Windows Defender Advanced Threat Protection MsSense.exe [5393304 2021-06-08] (Éditeur Microsoft Windows -> Microsoft Corporation)

S3 SQLSERVERAGENT; C:Program FilesMicrosoft SQL ServerMSSQL15.MSSQLSERVERMSSQLBinnSQLAGENT.EXE [695912 2019-09-24] (Microsoft Corporation -> Microsoft Corporation)

R2 SQLTÉLÉMÉTRIE ; C:Program FilesMicrosoft SQL ServerMSSQL15.MSSQLSERVERMSSQLBinnsqlceip.exe [290648 2019-09-24] (Microsoft Corporation -> Microsoft Corporation)

S3 VSStandardCollectorService150 ; C:Program Files (x86)Microsoft Visual StudioSharedCommonDiagnosticsHub.Collection.ServiceStandardCollector.Service.exe [147392 2019-04-30] (Microsoft Corporation -> Microsoft Corporation)

S3 WdNisSvc; C: ProgramData Microsoft Windows Defender Platform 4.18.2104.14-0 NisSrv.exe [2599328 2021-05-15] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 WinDefend; C: ProgramData Microsoft Windows Defender Platform 4.18.2104.14-0 MsMpEng.exe [128376 2021-05-15] (Microsoft Windows Publisher -> Microsoft Corporation)

====================== Drivere (godkjent) ====================

(Hvis en oppføring er inkludert i fikslisten, vil den bli fjernet fra registeret. Filen blir ikke flyttet med mindre den er oppført separat.)

R2 ctxusbm; C: WINDOWS system32 DRIVERS ctxusbmon.sys [135160 2021-04-20] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

R1 ESProtectionDriver; C: WINDOWS system32 drivers mbae64.sys [199128 2021-04-22] (Malwarebytes Inc -> Malwarebytes)

R2 MBAMChameleon; C: WINDOWS System32 Drivers MbamChameleon.sys [220752 2021-06-03] (Malwarebytes Inc -> Malwarebytes)

S0 MbamElam; C: WINDOWS System32 DRIVERS MbamElam.sys [19912 2020-12-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)

R3 MBAMFarflt; C: WINDOWS System32 DRIVERS farflt.sys [198888 2021-06-16] (Malwarebytes Inc -> Malwarebytes)

R3 MBAMBeskyttelse; C: WINDOWS system32 DRIVERS mbam.sys [77496 2021-06-16] (Malwarebytes Inc -> Malwarebytes)

R3 MBAMSwissArmy; C: WINDOWS System32 Drivers mbamswissarmy.sys [248992 2021-06-02] (Malwarebytes Inc -> Malwarebytes)

R3 MBAMWebProtection; C: WINDOWS system32 DRIVERS mwac.sys [156880 2021-06-16] (Malwarebytes Inc -> Malwarebytes)

S4 RsFx0600; C: WINDOWS System32 DRIVERS RsFx0600.sys [286976 2019-09-24] (Microsoft Corporation -> Microsoft Corporation)

R1 vbdenum; C: WINDOWS System32 drivers vbdenum.sys [119432 2020-04-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

S3 WdBoot; C: WINDOWS system32 drivers wd WdBoot.sys [49560 2021-05-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

S3 WdFilter; C: WINDOWS system32 drivers wd WdFilter.sys [421112 2021-05-15] (Microsoft Windows -> Microsoft Corporation)

S3 WdNisDrv; C: WINDOWS System32 drivers wd WdNisDrv.sys [73960 2021-05-15] (Microsoft Windows -> Microsoft Corporation)

R3 WiMan; C: WINDOWS System32 DriverStore FileRepository wiman.inf_amd64_98b999a70a116eaa WiMan WiMan.sys [163824 2020-04-13] (Intel® trådløse tilkoblingsløsninger ->)

==================== NetSvcs (godkjent) =====================

(Hvis en oppføring er inkludert i fikslisten, vil den bli fjernet fra registeret. Filen blir ikke flyttet med mindre den er oppført separat.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-06-17 17:10 – 2021-06-17 17:11 – 000029449 _____ C:UsersdaddyDownloadsFRST.txt

2021-06-17 17:10 – 2021-06-17 17:11 – 000000000 ____D C:FRST

2021-06-17 17:07 – 2021-06-17 17:07 – 002300416 _____ (Farbar) C:UsersdaddyDownloadsFRST64.exe

2021-06-17 16:44 – 2021-06-17 16:44 – 000000852 _____ C:Usersdaddy.bash_history

2021-06-17 16:35 – 2021-06-17 16:35 – 000000000 ____D C:UsersdaddyAppDataLocalLowIGDump

2021-06-17 16:22 – 2021-06-17 16:22 – 000000020 _____ C:Usersdaddy.lesshst

2021-06-17 09:19 – 2021-06-17 09:19 – 000002727 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsRemote Desktop Connection 2019.lnk

2021-06-17 09:19 – 2021-06-17 09:19 – 000002727 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsRemote Desktop Connection 2016.lnk

2021-06-17 09:19 – 2021-06-17 09:19 – 000002713 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsMicrosoft Teams for Web.lnk

2021-06-17 09:19 – 2021-06-17 09:19 – 000002711 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsMF Cobol File Explorer.lnk

2021-06-17 09:19 – 2021-06-17 09:19 – 000002705 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuPrograms2016 File Explorer.lnk

2021-06-17 09:19 – 2021-06-17 09:19 – 000002703 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsSecurity Central.lnk

2021-06-17 09:19 – 2021-06-17 09:19 – 000002703 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsOutlook Web Access.lnk

2021-06-17 09:19 – 2021-06-17 09:19 – 000002703 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsAcrobat Reader DC.lnk

2021-06-17 09:19 – 2021-06-17 09:19 – 000002699 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsHR Connect Time.lnk

2021-06-17 09:19 – 2021-06-17 09:19 – 000002691 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsRemedyforce.lnk

2021-06-17 09:19 – 2021-06-17 09:19 – 000002689 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk

2021-06-17 09:19 – 2021-06-17 09:19 – 000002681 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsOneNote.lnk

2021-06-17 09:19 – 2021-06-17 09:19 – 000002671 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsPowerPoint.lnk

2021-06-17 09:19 – 2021-06-17 09:19 – 000002667 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsPublisher.lnk

2021-06-17 09:19 – 2021-06-17 09:19 – 000002659 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsOutlook (1).lnk

2021-06-17 09:19 – 2021-06-17 09:19 – 000002651 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsExcel.lnk

2021-06-17 09:19 – 2021-06-17 09:19 – 000002647 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsWord.lnk

2021-06-17 09:19 – 2021-06-17 09:19 – 000000000 ____D C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsEmail

2021-06-17 09:15 – 2021-06-17 09:15 – 000002541 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsCitrix Workspace.lnk

2021-06-17 09:15 – 2021-06-17 09:15 – 000000000 ____D C:ProgramDataCitrix

2021-06-17 09:15 – 2021-06-17 09:15 – 000000000 ____D C:ProgramDataboost_interprocess

2021-06-17 09:13 – 2021-06-17 09:13 – 152107624 _____ (Citrix Systems, Inc.) C:UsersdaddyDownloadsCitrixWorkspaceApp (1).exe

2021-06-17 09:12 – 2021-06-17 09:21 – 000000000 ____D C:ProgramDatabomgar-scc-0x60cb4a45

2021-06-17 09:12 – 2021-06-17 09:12 – 000000000 ____D C:UsersdaddyAppDataLocalDeployment

2021-06-17 09:12 – 2021-06-17 09:12 – 000000000 ____D C:UsersdaddyAppDataLocalApps2.0

2021-06-16 20:37 – 2021-06-16 20:37 – 000198888 _____ (Malwarebytes) C:WINDOWSsystem32Driversfarflt.sys

2021-06-16 20:37 – 2021-06-16 20:37 – 000156880 _____ (Malwarebytes) C:WINDOWSsystem32Driversmwac.sys

2021-06-16 20:37 – 2021-06-16 20:37 – 000077496 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbam.sys

2021-06-15 20:26 – 2021-06-15 20:26 – 002699372 _____ C:WINDOWSMinidump61521-8109-01.dmp

2021-06-12 23:30 – 2021-06-12 23:30 – 002469564 _____ C:WINDOWSMinidump61221-7046-01.dmp

2021-06-12 21:16 – 2021-06-12 21:16 – 002730700 _____ C:WINDOWSMinidump61221-7187-02.dmp

2021-06-12 20:02 – 2021-06-12 20:02 – 002536164 _____ C:WINDOWSMinidump61221-7187-01.dmp

2021-06-12 16:57 – 2021-06-12 16:57 – 002468524 _____ C:WINDOWSMinidump61221-7156-01.dmp

2021-06-11 08:52 – 2021-06-14 10:44 – 000000000 ____D C:UsersdaddyAppDataRoamingnpm-cache

2021-06-11 05:52 – 2021-06-11 05:52 – 002756608 _____ C:UsersdaddyDownloadspixusArchive.bak

2021-06-11 03:40 – 2021-06-11 03:40 – 000000000 ____D C:Usersdaddy.librarymanager

2021-06-11 03:11 – 2021-06-11 03:11 – 000000000 ____D C:UsersdaddyDownloadsComponentArt

2021-06-11 03:10 – 2021-06-11 03:10 – 099987155 _____ C:UsersdaddyDownloadsComponentArt.zip

2021-06-11 02:56 – 2021-06-15 20:26 – 1054587914 _____ C:WINDOWSMEMORY.DMP

2021-06-11 02:56 – 2021-06-15 20:26 – 000000000 ____D C:WINDOWSMinidump

2021-06-10 10:02 – 2021-06-10 10:03 – 359271624 _____ C:UsersdaddyDownloadsCRforVS13SP25_0-10010309.EXE

2021-06-10 09:55 – 2021-06-10 09:55 – 000000000 ____D C:inetpub

2021-06-10 09:50 – 2021-06-10 09:53 – 103895040 _____ C:UsersdaddyDownloadsCR13SP25MSI64_0-10010309.MSI

2021-06-10 09:45 – 2021-06-10 09:45 – 000000000 ____D C:ProgramDataMacrovision

2021-06-10 09:45 – 2021-06-10 09:45 – 000000000 ____D C:ProgramDataFLEXnet

2021-06-10 09:44 – 2021-06-10 09:44 – 000000000 ____D C:WINDOWSsystem32appmgmt

2021-06-10 09:29 – 2021-06-10 09:29 – 000000000 ____D C:UsersdaddyAppDataLocalLowTemp

2021-06-10 09:21 – 2021-06-10 09:21 – 000000056 _____ C:Usersdaddy.gitconfig

2021-06-10 09:09 – 2021-06-10 09:11 – 2996994048 _____ C:UsersdaddyDownloadspixus_mock.bak

2021-06-10 09:09 – 2021-06-10 09:09 – 044163072 _____ C:UsersdaddyDownloadspixuscontact_mock.bak

2021-06-10 09:02 – 2021-06-11 03:14 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsComponentArt

2021-06-10 09:02 – 2021-06-11 03:14 – 000000000 ____D C:Program Files (x86)ComponentArt

2021-06-10 09:01 – 2021-06-10 09:01 – 000000000 ____D C:UsersdaddyDownloadsDisk1

2021-06-10 08:42 – 2021-06-10 10:05 – 000000000 ____D C:Program Files (x86)SAP BusinessObjects

2021-06-10 08:35 – 2021-06-10 08:57 – 095855968 _____ C:UsersdaddyDownloads0049561.exe

2021-06-10 08:19 – 2021-06-10 08:19 – 000000000 ____D C:UsersdaddyAppDataLocalNuGet

2021-06-10 08:19 – 2021-06-10 08:19 – 000000000 ____D C:Usersdaddy.nuget

2021-06-10 08:13 – 2021-06-10 08:13 – 000000000 ____D C:UsersdaddyAppDataLocalToolbox Reseter

2021-06-10 08:13 – 2021-06-10 08:13 – 000000000 ____D C:UsersdaddyAppDataLocalDevExpress

2021-06-10 08:12 – 2021-06-11 09:16 – 000000000 ____D C:UsersdaddyDocumentsSQL Server Management Studio

2021-06-10 08:11 – 2021-06-10 08:11 – 000000000 ____D C:UsersdaddyDocumentsASP.NET AJAX Control Toolkit

2021-06-10 08:09 – 2021-06-10 08:09 – 000000000 ___RD C:ProgramDataMicrosoftWindowsStart MenuProgramsDevExpress 20.2

2021-06-10 08:08 – 2021-06-10 08:18 – 000000000 ____D C:UsersdaddyAppDataRoamingDevExpress

2021-06-10 08:08 – 2021-06-10 08:08 – 000000000 ____D C:ProgramDataDevExpress

2021-06-10 08:07 – 2021-06-10 08:08 – 000000000 ____D C:UsersPublicDocumentsDevExpress Demos 20.2

2021-06-10 08:07 – 2021-06-10 08:08 – 000000000 ____D C:ProgramDataDocumentsDevExpress Demos 20.2

2021-06-10 08:07 – 2021-06-10 08:07 – 000000000 ____D C:Program Files (x86)DevExpress 20.2

2021-06-10 07:48 – 2021-06-10 07:48 – 000002422 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsDevExpress Documentation for VS 2017 and 2019.lnk

2021-06-10 07:40 – 2021-06-10 07:40 – 000000000 ____D C:Program Files (x86)DevExpress

2021-06-10 07:39 – 2021-06-10 07:39 – 000000000 ____D C:UsersdaddyDownloadsOneDrive_1_6-9-2021

2021-06-10 07:39 – 2021-06-10 07:39 – 000000000 ____D C:UsersdaddyDownloadsDevExpress

2021-06-09 15:38 – 2021-06-09 15:38 – 000000000 ____D C:UsersdaddyAppDataRoamingNuGet

2021-06-09 15:37 – 2021-06-09 15:45 – 686894260 _____ C:UsersdaddyDownloadsOneDrive_1_6-9-2021.zip

2021-06-09 14:00 – 2021-06-09 14:01 – 1289095444 _____ C:UsersdaddyDownloadsDevExpress.zip

2021-06-09 13:24 – 2021-01-19 12:48 – 000002492 _____ C:UsersdaddyDesktopOhio Capital Corporation MFA.rdp

2021-06-09 11:24 – 2021-06-11 09:19 – 000000000 ____D C:UsersdaddyDocumentsVisual Studio 2019

2021-06-09 11:24 – 2021-06-09 11:24 – 000000000 ____D C:UsersdaddyAppDataLocalServiceHub

2021-06-09 11:24 – 2021-06-09 11:24 – 000000000 ____D C:UsersdaddyAppDataLocalIdentityNexusIntegration

2021-06-09 11:13 – 2021-06-09 11:13 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsGit

2021-06-09 11:13 – 2021-06-09 11:13 – 000000000 ____D C:Program FilesGit

2021-06-09 11:11 – 2021-06-09 11:11 – 051179176 _____ (The Git Development Community ) C:UsersdaddyDownloadsGit-2.32.0-64-bit.exe

2021-06-09 11:10 – 2021-06-09 15:37 – 000000000 ____D C:Usersdaddysource

2021-06-09 11:01 – 2021-06-10 09:18 – 000000000 ____D C:UsersdaddyDocumentsVisual Studio 2017

2021-06-09 11:01 – 2021-06-09 11:01 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft SQL Server Tools 18

2021-06-09 11:01 – 2021-06-09 11:01 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsAzure Data Studio

2021-06-09 11:01 – 2021-06-09 11:01 – 000000000 ____D C:Program FilesAzure Data Studio

2021-06-09 11:00 – 2021-06-15 11:57 – 000000000 ____D C:UsersdaddyAppDataLocal.IdentityService

2021-06-09 11:00 – 2021-06-09 11:00 – 000001799 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsBlend for Visual Studio 2019.lnk

2021-06-09 11:00 – 2021-06-09 11:00 – 000000000 ____D C:Program FilesMicrosoft Analysis Services

2021-06-09 11:00 – 2021-06-09 11:00 – 000000000 ____D C:Program Files (x86)Microsoft SQL Server Management Studio 18

2021-06-09 11:00 – 2021-06-09 11:00 – 000000000 ____D C:Program Files (x86)Microsoft Help Viewer

2021-06-09 11:00 – 2021-06-09 11:00 – 000000000 ____D C:Program Files (x86)Microsoft Analysis Services

2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSSysWOW643082

2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSSysWOW642052

2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSSysWOW641055

2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSSysWOW641049

2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSSysWOW641046

2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSSysWOW641045

2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSSysWOW641042

2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSSysWOW641041

2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSSysWOW641040

2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSSysWOW641036

2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSSysWOW641031

2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSSysWOW641029

2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSSysWOW641028

2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSsystem323082

2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSsystem322052

2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSsystem321055

2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSsystem321049

2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSsystem321046

2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSsystem321045

2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSsystem321042

2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSsystem321041

2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSsystem321040

2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSsystem321036

2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSsystem321031

2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSsystem321029

2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSsystem321028

2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Azure

2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:ProgramDatadftmp

2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:Program FilesVS2012Schemas

2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:Program FilesVS2010Schemas

2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:Program FilesMicrosoft SDKs

2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:Program FilesIIS

2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:Program Files (x86)IIS

2021-06-09 10:57 – 2021-06-09 10:57 – 000000000 ____D C:UsersdaddyDocumentsMy Web Sites

2021-06-09 10:57 – 2021-06-09 10:57 – 000000000 ____D C:UsersdaddyDocumentsIISExpress

2021-06-09 10:57 – 2021-06-09 10:57 – 000000000 ____D C:Program FilesIIS Express

2021-06-09 10:57 – 2021-06-09 10:57 – 000000000 ____D C:Program Files (x86)Microsoft Web Tools

2021-06-09 10:57 – 2021-06-09 10:57 – 000000000 ____D C:Program Files (x86)IIS Express

2021-06-09 10:56 – 2021-06-09 10:56 – 000000000 ____D C:WINDOWSsystem32RsFx

2021-06-09 10:56 – 2021-06-09 10:56 – 000000000 ____D C:Program FilesMicrosoft Visual Studio 10.0

2021-06-09 10:56 – 2021-06-09 10:56 – 000000000 ____D C:Program Files (x86)NuGet

2021-06-09 10:55 – 2021-06-09 10:58 – 000000000 ____D C:Program Files (x86)Microsoft SDKs

2021-06-09 10:55 – 2021-06-09 10:56 – 000000000 ____D C:Program Files (x86)Windows Kits

2021-06-09 10:55 – 2021-06-09 10:55 – 000000000 ____D C:Usersdaddy.dotnet

2021-06-09 10:55 – 2021-06-09 10:55 – 000000000 ____D C:Program Files (x86)Reference Assemblies

2021-06-09 10:54 – 2021-06-09 11:00 – 000000000 ____D C:WINDOWSSysWOW641033

2021-06-09 10:54 – 2021-06-09 11:00 – 000000000 ____D C:WINDOWSsystem321033

2021-06-09 10:54 – 2021-06-09 11:00 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsVisual Studio 2019

2021-06-09 10:54 – 2021-06-09 10:55 – 000000000 ____D C:Program Filesdotnet

2021-06-09 10:54 – 2021-06-09 10:55 – 000000000 ____D C:Program Files (x86)dotnet

2021-06-09 10:54 – 2021-06-09 10:54 – 000001798 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsVisual Studio 2019.lnk

2021-06-09 10:54 – 2021-06-09 10:54 – 000000000 ____D C:Program Files (x86)MSBuild

2021-06-09 10:53 – 2021-06-09 10:57 – 000000000 ____D C:Program Files (x86)Microsoft SQL Server

2021-06-09 10:53 – 2021-06-09 10:56 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft SQL Server 2019

2021-06-09 10:52 – 2021-06-09 10:53 – 000000000 ____D C:SQL2019

2021-06-09 10:52 – 2021-06-09 10:53 – 000000000 ____D C:Program Files (x86)Microsoft Visual Studio

2021-06-09 10:52 – 2021-06-09 10:52 – 000001432 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsVisual Studio Installer.lnk

2021-06-09 10:52 – 2021-06-09 10:52 – 000000000 ____D C:UsersdaddyAppDataRoamingVisual Studio Setup

2021-06-09 10:51 – 2021-06-09 10:57 – 000000000 ____D C:Program FilesMicrosoft SQL Server

2021-06-09 10:50 – 2021-06-09 10:50 – 000000000 ____D C:ProgramDataMicrosoft Visual Studio

2021-06-08 17:18 – 2021-06-08 17:18 – 002755584 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mshtml.tlb

2021-06-08 17:18 – 2021-06-08 17:18 – 002755584 _____ (Microsoft Corporation) C:WINDOWSsystem32mshtml.tlb

2021-06-08 17:18 – 2021-06-08 17:18 – 002260480 _____ (The ICU Project) C:WINDOWSsystem32icu.dll

2021-06-08 17:18 – 2021-06-08 17:18 – 001864192 _____ (The ICU Project) C:WINDOWSSysWOW64icu.dll

2021-06-08 17:18 – 2021-06-08 17:18 – 001823792 _____ (Microsoft Corporation) C:WINDOWSsystem32winload.efi

2021-06-08 17:18 – 2021-06-08 17:18 – 001393496 _____ (Microsoft Corporation) C:WINDOWSsystem32winresume.efi

2021-06-08 17:18 – 2021-06-08 17:18 – 001314120 _____ (Microsoft Corporation) C:WINDOWSsystem32SecConfig.efi

2021-06-08 17:18 – 2021-06-08 17:18 – 000657464 _____ C:WINDOWSsystem32WindowManagementAPI.dll

2021-06-08 17:18 – 2021-06-08 17:18 – 000568832 _____ (Microsoft Corporation) C:WINDOWSsystem32inetcpl.cpl

2021-06-08 17:18 – 2021-06-08 17:18 – 000563712 _____ (Microsoft Corporation) C:WINDOWSsystem32winspool.drv

2021-06-08 17:18 – 2021-06-08 17:18 – 000468440 _____ C:WINDOWSSysWOW64WindowManagementAPI.dll

2021-06-08 17:18 – 2021-06-08 17:18 – 000451072 _____ (Microsoft Corporation) C:WINDOWSSysWOW64inetcpl.cpl

2021-06-08 17:18 – 2021-06-08 17:18 – 000423936 _____ (Microsoft Corporation) C:WINDOWSSysWOW64winspool.drv

2021-06-08 17:18 – 2021-06-08 17:18 – 000287232 _____ C:WINDOWSsystem32CoreMas.dll

2021-06-08 17:18 – 2021-06-08 17:18 – 000272384 _____ C:WINDOWSsystem32TpmTool.exe

2021-06-08 17:18 – 2021-06-08 17:18 – 000223744 _____ C:WINDOWSSysWOW64TpmTool.exe

2021-06-08 17:18 – 2021-06-08 17:18 – 000097280 _____ C:WINDOWSsystem32Driverscimfs.sys

2021-06-08 17:18 – 2021-06-08 17:18 – 000011353 _____ C:WINDOWSsystem32DrtmAuthTxt.wim

2021-06-03 15:27 – 2021-06-03 15:27 – 000000000 ____H C:WINDOWSsystem32DriversMsft_User_WpdFs_01_11_00.Wdf

2021-06-03 13:32 – 2021-06-03 13:32 – 000220752 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamChameleon.sys

2021-06-03 12:43 – 2021-06-03 12:43 – 000002707 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsRemote Desktop Connection.lnk

2021-06-03 12:43 – 2021-06-03 12:43 – 000002693 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsInternet Explorer.lnk

2021-06-03 12:43 – 2021-06-03 12:43 – 000002675 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsExplorer++.lnk

2021-06-03 12:43 – 2021-06-03 12:43 – 000002647 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsOutlook.lnk

2021-06-03 12:43 – 2021-06-03 12:43 – 000002641 _____ C:UsersdaddyDesktopExplorer++.lnk

2021-06-03 12:43 – 2021-06-03 12:43 – 000000000 ____D C:UsersdaddyAppDataRoamingCitrix

2021-06-03 12:39 – 2021-06-03 12:39 – 000000634 _____ C:UsersdaddyDownloadsreceiverconfig.cr

2021-06-03 12:37 – 2021-06-17 15:48 – 000000000 ____D C:UsersdaddyAppDataLocalCitrix

2021-06-03 12:37 – 2021-06-03 12:48 – 000000000 ____D C:UsersdaddyAppDataRoamingICAClient

2021-06-03 12:36 – 2021-06-17 09:15 – 000000000 ____D C:Program Files (x86)Citrix

2021-06-03 12:36 – 2021-06-03 12:36 – 149436000 _____ (Citrix Systems, Inc.) C:UsersdaddyDownloadsCitrixWorkspaceApp.exe

2021-06-03 12:26 – 2021-06-03 12:58 – 000000000 ____D C:Program Files (x86)ZohoMeeting

2021-06-03 12:26 – 2021-06-03 12:26 – 001063048 _____ (ZOHO Corporation) C:UsersdaddyDownloadsZA_Connect.exe

2021-06-03 12:26 – 2021-06-03 12:26 – 000000000 ____D C:UsersdaddyAppDataLocalZohoMeeting

2021-06-03 12:26 – 2021-06-03 12:26 – 000000000 ____D C:ProgramDataZohoMeeting

2021-06-03 12:14 – 2021-06-03 12:14 – 043462544 _____ (Citrix Systems, Inc.) C:UsersdaddyDownloadsCitrixReceiverWeb (2).exe

2021-06-03 12:11 – 2021-06-03 12:11 – 043462544 _____ (Citrix Systems, Inc.) C:UsersdaddyDownloadsCitrixReceiverWeb (1).exe

2021-06-01 09:43 – 2021-06-01 09:43 – 000000000 ___HD C:OneDriveTemp

2021-05-20 12:52 – 2021-05-21 07:02 – 000000000 ____D C:UsersdaddyDocumentsOutlook Files

2021-05-19 17:08 – 2021-05-19 17:08 – 001319288 _____ (LLVM) C:WINDOWSSysWOW64libomp140d.i386.dll

2021-05-19 17:08 – 2021-05-19 17:08 – 001319288 _____ (LLVM) C:WINDOWSSysWOW64libomp140.i386.dll

2021-05-19 17:06 – 2021-05-19 17:06 – 001664912 _____ (LLVM) C:WINDOWSsystem32libomp140d.x86_64.dll

2021-05-19 17:06 – 2021-05-19 17:06 – 001664912 _____ (LLVM) C:WINDOWSsystem32libomp140.x86_64.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-06-17 17:04 – 2019-12-07 05:14 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft

2021-06-17 16:44 – 2021-03-25 12:52 – 000000000 ____D C:Usersdaddy

2021-06-17 16:18 – 2021-03-25 12:51 – 000000000 ____D C:WINDOWSsystem32SleepStudy

2021-06-17 08:10 – 2020-08-06 19:59 – 000000000 ___RD C:UsersdaddyOneDrive

2021-06-16 20:48 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSServiceState

2021-06-16 20:41 – 2021-03-25 12:58 – 001013234 _____ C:WINDOWSsystem32PerfStringBackup.INI

2021-06-16 20:41 – 2019-12-07 05:13 – 000000000 ____D C:WINDOWSINF

2021-06-16 20:40 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSAppReadiness

2021-06-16 20:37 – 2021-03-25 12:55 – 000000006 ____H C:WINDOWSTasksSA.DAT

2021-06-16 20:37 – 2021-03-25 12:51 – 000008192 ___SH C:DumpStack.log.tmp

2021-06-16 20:37 – 2020-08-06 19:57 – 000000000 __SHD C:UsersdaddyIntelGraphicsProfiles

2021-06-16 20:37 – 2020-07-22 12:54 – 000000000 ___HD C:Intel

2021-06-16 20:37 – 2019-12-07 05:03 – 000524288 _____ C:WINDOWSsystem32configBBI

2021-06-16 20:36 – 2021-03-25 12:55 – 000003374 _____ C:WINDOWSsystem32TasksOneDrive Standalone Update Task-S-1-5-21-801466221-149834458-993484874-1001

2021-06-16 20:36 – 2021-03-25 12:52 – 000002366 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsOneDrive.lnk

2021-06-16 20:35 – 2019-12-07 05:14 – 000000000 ___HD C:Program FilesWindowsApps

2021-06-15 07:22 – 2019-12-07 05:51 – 000000000 ____D C:WINDOWSsystem32FxsTmp

2021-06-15 06:57 – 2020-09-30 11:55 – 000002254 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk

2021-06-15 06:57 – 2020-09-30 11:55 – 000002213 _____ C:UsersPublicDesktopGoogle Chrome.lnk

2021-06-15 06:57 – 2020-09-30 11:55 – 000002213 _____ C:ProgramDataDesktopGoogle Chrome.lnk

2021-06-15 06:49 – 2019-12-07 05:03 – 000000000 ____D C:WINDOWSCbsTemp

2021-06-12 17:08 – 2020-07-22 12:45 – 000000000 ____D C:Program FilesMicrosoft Office

2021-06-12 15:05 – 2020-08-12 17:35 – 000002445 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk

2021-06-12 15:05 – 2020-08-12 17:35 – 000002283 _____ C:UsersPublicDesktopMicrosoft Edge.lnk

2021-06-12 15:05 – 2020-08-12 17:35 – 000002283 _____ C:ProgramDataDesktopMicrosoft Edge.lnk

2021-06-12 00:29 – 2020-08-06 20:14 – 000000000 ____D C:UsersdaddyAppDataLocalComms

2021-06-11 08:52 – 2020-08-07 08:28 – 000000000 ____D C:Usersdaddy.config

2021-06-11 03:14 – 2020-07-22 12:56 – 000000000 ___HD C:Program Files (x86)InstallShield Installation Information

2021-06-10 13:27 – 2021-03-25 12:51 – 000444624 _____ C:WINDOWSsystem32FNTCACHE.DAT

2021-06-10 10:07 – 2020-07-22 12:56 – 000000000 ____D C:ProgramDataPackage Cache

2021-06-10 09:09 – 2021-03-25 10:52 – 000002393 _____ C:UsersdaddyDesktopTom (Person 1) – Chrome.lnk

2021-06-09 11:00 – 2019-12-07 05:14 – 000000000 ____D C:Program FilesCommon Filesmicrosoft shared

2021-06-09 10:57 – 2021-03-25 16:48 – 000000000 ____D C:WINDOWSServiceProfiles

2021-06-09 10:27 – 2019-12-07 05:14 – 000000000 ___RD C:WINDOWSImmersiveControlPanel

2021-06-09 10:07 – 2019-12-07 05:54 – 000000000 ____D C:Program FilesWindows Defender Advanced Threat Protection

2021-06-09 10:07 – 2019-12-07 05:14 – 000000000 ___RD C:WINDOWSPrintDialog

2021-06-09 10:07 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSysWOW64lv-LV

2021-06-09 10:07 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSysWOW64et-EE

2021-06-09 10:07 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSysWOW64Dism

2021-06-09 10:07 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSystemResources

2021-06-09 10:07 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32oobe

2021-06-09 10:07 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32migwiz

2021-06-09 10:07 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32lv-LV

2021-06-09 10:07 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32et-EE

2021-06-09 10:07 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32Dism

2021-06-09 10:07 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSPolicyDefinitions

2021-06-09 10:07 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSbcastdvr

2021-06-08 17:11 – 2021-03-20 23:53 – 000000000 ___HD C:$WinREAgent

2021-06-08 17:09 – 2020-08-06 23:16 – 000000000 ____D C:WINDOWSsystem32MRT

2021-06-08 17:06 – 2020-08-06 23:16 – 132447432 ____C (Microsoft Corporation) C:WINDOWSsystem32MRT.exe

2021-06-03 13:33 – 2020-07-22 13:36 – 000000000 ____D C:ProgramDataLenovo

2021-06-03 13:32 – 2020-09-17 04:51 – 000002040 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes.lnk

2021-06-03 13:32 – 2020-09-17 04:51 – 000002028 _____ C:UsersPublicDesktopMalwarebytes.lnk

2021-06-03 13:32 – 2020-09-17 04:51 – 000002028 _____ C:ProgramDataDesktopMalwarebytes.lnk

2021-06-03 12:02 – 2020-09-29 08:17 – 000005086 _____ C:WINDOWSsystem32InstallUtil.InstallLog

2021-06-02 06:08 – 2020-12-22 10:04 – 000248992 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbamswissarmy.sys

2021-06-02 06:06 – 2020-08-21 05:42 – 000000000 ____D C:Program FilesMicrosoft Update Health Tools

2021-06-01 09:42 – 2020-08-06 19:57 – 000000000 ____D C:UsersdaddyAppDataLocalConnectedDevicesPlatform

2021-05-25 07:48 – 2020-08-21 05:42 – 000725304 _____ (Microsoft Corporation) C:WINDOWSsystem32sedplugins.dll

2021-05-25 07:48 – 2020-08-21 05:42 – 000470328 _____ (Microsoft Corporation) C:WINDOWSsystem32QualityUpdateAssistant.dll

2021-05-20 12:53 – 2019-10-17 00:10 – 000000000 __RHD C:UsersPublicAccountPictures

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-06-2021

Ran by daddy (17-06-2021 17:12:04)

Running from C:UsersdaddyDownloads

Windows 10 Pro Version 20H2 19042.1052 (X64) (2021-03-25 16:55:25)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-801466221-149834458-993484874-500 – Administrator – Disabled)

daddy (S-1-5-21-801466221-149834458-993484874-1001 – Administrator – Enabled) => C:Usersdaddy

DefaultAccount (S-1-5-21-801466221-149834458-993484874-503 – Limited – Disabled)

Guest (S-1-5-21-801466221-149834458-993484874-501 – Limited – Disabled)

toman (S-1-5-21-801466221-149834458-993484874-1003 – Limited – Disabled)

WDAGUtilityAccount (S-1-5-21-801466221-149834458-993484874-504 – Limited – Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled – Up to date) D68DDC3A-831F-4fae-9E44-DA132C1ACF46

AV: Malwarebytes (Enabled – Up to date) 23007AD3-69FE-687C-2629-D584AFFAF72B

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Active Directory Authentication Library for SQL Server (HKLM…6BF11ECE-3CE8-4FBA-991A-1F55AA6BE5BF) (Version: 15.0.1300.359 – Microsoft Corporation) Hidden

Azure Data Studio (HKLM…6591F69E-6588-4980-81ED-C8FCBD7EC4B8_is1) (Version: 1.28.0 – Microsoft Corporation)

Browser for SQL Server 2019 (HKLM-x32…5E366957-8D78-4BB5-A790-96F97A9766BD) (Version: 15.0.2000.5 – Microsoft Corporation)

Citrix Workspace 2106 (HKLM-x32…CitrixOnlinePluginPackWeb) (Version: 21.6.0.47 – Citrix Systems, Inc.)

ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32…243F145-076D-423A-8F77-218DC8840261) (Version: 4.8.04119 – Microsoft Corporation) Hidden

ClickOnce Bootstrapper Package for Microsoft .NET Framework 4.8 on Visual Studio 2017 (HKLM-x32…A89F4446-3B75-433B-91B3-C88868CA8544) (Version: 4.8.03928 – Microsoft Corporation)

ComponentArt UI Framework 2012 for .NET (HKLM-x32…45840CF0-E6F3-437F-A85C-6DED94695560) (Version: 12.1.1016 – ComponentArt)

DevExpress Components 20.2 (HKLM-x32…DevExpress Components 20.2) (Version: 20.2.4 – Developer Express Inc.)

DevExpress DevExtreme 20.2 (HKLM-x32…DevExpress DevExtreme 20.2) (Version: 20.2.4 – Developer Express Inc.)

DevExpress Documentation (HKLM-x32…DevExpress Documentation) (Version:  – Developer Express Inc.)

DiagnosticsHub_CollectionService (HKLM…1F3C3AAC-9F7A-47DA-A082-0ACE770041BE) (Version: 16.1.28901 – Microsoft Corporation) Hidden

Entity Framework 6.2.0 Tools  for Visual Studio 2019 (HKLM-x32…F878746A-C5F7-420A-A672-4DFEF74ADC3A) (Version: 6.2.0.0 – Microsoft Corporation) Hidden

Explorer++ (HKUS-1-5-21-801466221-149834458-993484874-1001…[email protected]@Controller.Windows Explorer_1) (Version: 1.0 – Delivered by Citrix)

Git version 2.32.0 (HKLM…Git_is1) (Version: 2.32.0 – The Git Development Community)

Google Chrome (HKLM-x32…Google Chrome) (Version: 91.0.4472.106 – Google LLC)

icecap_collection_neutral (HKLM-x32…1036893D-9917-4E70-B96C-8D72A2B224BC) (Version: 16.10.31306 – Microsoft Corporation) Hidden

icecap_collection_x64 (HKLM…289873DF-80D0-4D7D-8068-D25D342A26FA) (Version: 16.10.31306 – Microsoft Corporation) Hidden

icecap_collectionresources (HKLM-x32…D2B4539C-173B-4B8D-A021-E22E9566BC24) (Version: 16.10.31306 – Microsoft Corporation) Hidden

icecap_collectionresourcesx64 (HKLM-x32…38CE202D-7880-4101-9739-83619300EC58) (Version: 16.10.31306 – Microsoft Corporation) Hidden

IIS 10.0 Express (HKLM…307C98E-AE82-4A4F-A950-A72FBD805338) (Version: 10.0.04403 – Microsoft Corporation)

IIS Express Application Compatibility Database for x64 (HKLM…8274920-8908-45c2-9258-8ad67ff77b09.sdb) (Version:  – ) Hidden

IIS Express Application Compatibility Database for x86 (HKLM…ad846bae-d44b-4722-abad-f7420e08bcd9.sdb) (Version:  – ) Hidden

Integration Services (HKLM-x32…8564E707-DD3A-425E-B333-A9970306BE8F) (Version: 15.0.2000.162 – Microsoft Corporation) Hidden

Intel® Processor Graphics (HKLM-x32…F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA) (Version: 26.20.100.6911 – Intel Corporation)

Intel® PROSet/Wireless Software (HKLM-x32…6eb157e2-7552-40c6-860b-a81b66a2ebd6) (Version: 21.20.0.0u – Intel Corporation)

IntelliTraceProfilerProxy (HKLM-x32…7D94CF67-6666-4111-B027-D7AB7F189F70) (Version: 15.0.18198.01 – Microsoft Corporation) Hidden

Internet Explorer (HKUS-1-5-21-801466221-149834458-993484874-1001…[email protected]@Controller.Internet Explorer-1) (Version: 1.0 – Delivered by Citrix)

Java 8 Update 261 (64-bit) (HKLM…26A24AE4-039D-4CA4-87B4-2F64180261F0) (Version: 8.0.2610.12 – Oracle Corporation)

Java SE Development Kit 8 Update 261 (64-bit) (HKLM…64A3A4F4-B792-11D6-A78A-00B0D0180261) (Version: 8.0.2610.12 – Oracle Corporation)

Lenovo Essential Wireless Keyboard (HKLM…Lenovo Essential Wireless Keyboard) (Version: 1.5.0.1 – Lenovo)

Lenovo Vantage Service (HKLM-x32…VantageSRV_is1) (Version: 3.7.19.0 – Lenovo Group Ltd.)

Malwarebytes version 4.4.0.117 (HKLM…35065F43-4BB2-439A-BFF7-0F1014F2E0CD_is1) (Version: 4.4.0.117 – Malwarebytes)

Microsoft .NET Framework 4.7.1 SDK (HKLM-x32…B9DCCDB9-FCE9-48AD-B534-A7AD270BD52B) (Version: 4.7.02558 – Microsoft Corporation)

Microsoft .NET Framework 4.7.1 Targeting Pack (ENU) (HKLM-x32…ABE94A82-C89E-4ACA-8B30-41E0C6165A23) (Version: 4.7.02558 – Microsoft Corporation)

Microsoft .NET Framework 4.7.1 Targeting Pack (HKLM-x32…5686C5E9-A3B3-451E-A2EA-4C246CDE5CC9) (Version: 4.7.02558 – Microsoft Corporation)

Microsoft .NET Framework 4.7.2 SDK (HKLM-x32…F42C96C1-746B-442A-B58C-9F0FD5F3AB8A) (Version: 4.7.03081 – Microsoft Corporation)

Microsoft .NET Framework 4.8 Targeting Pack (ENU) (HKLM-x32…A4EA9EE5-7CFF-4C5F-B159-B9B4E5D2BDE2) (Version: 4.8.03761 – Microsoft Corporation)

Microsoft .NET Framework 4.8 Targeting Pack (HKLM-x32…BAAF5851-0759-422D-A1E9-90061B597188) (Version: 4.8.03761 – Microsoft Corporation)

Microsoft .NET SDK 5.0.301 (x64) from Visual Studio (HKLM…869D316B-33AD-4466-974C-95820FF40F99) (Version: 5.3.121.27113 – Microsoft Corporation)

Microsoft 365 – en-us (HKLM…O365HomePremRetail – en-us) (Version: 16.0.14026.20270 – Microsoft Corporation)

Microsoft Azure Authoring Tools – v2.9.6 (HKLM…EDADFA19-7F96-4075-A4AB-2209910626C5) (Version: 2.9.8899.26 – Microsoft Corporation)

Microsoft Azure Compute Emulator – v2.9.6 (HKLM…Microsoft Azure Compute Emulator – v2.9.6) (Version: 2.9.8899.26 – Microsoft Corporation)

Microsoft Azure Libraries for .NET – v2.9 (HKLM…C5C91AA6-3E83-430E-8B7A-6B790083F28D) (Version: 3.0.0127.060 – Microsoft Corporation)

Microsoft Azure Storage Emulator – v5.10 (HKLM-x32…Microsoft Azure Storage Emulator – v5.10) (Version: 5.10.19227.2113 – Microsoft Corporation)

Microsoft Edge (HKLM-x32…Microsoft Edge) (Version: 91.0.864.48 – Microsoft Corporation)

Microsoft Edge WebView2 Runtime (HKLM-x32…Microsoft EdgeWebView) (Version: 91.0.864.48 – Microsoft Corporation)

Microsoft Help Viewer 2.3 (HKLM-x32…Microsoft Help Viewer 2.3) (Version: 2.3.28107 – Microsoft Corporation)

Microsoft ODBC Driver 17 for SQL Server (HKLM…853997DA-6FCB-4FB9-918E-E0FF881FAF65) (Version: 17.7.2.1 – Microsoft Corporation)

Microsoft OLE DB Driver for SQL Server (HKLM…9D6F8754-28E9-4940-B319-3FC8588CF18F) (Version: 18.5.0.0 – Microsoft Corporation)

Microsoft OneDrive (HKUS-1-5-21-801466221-149834458-993484874-1001…OneDriveSetup.exe) (Version: 21.109.0530.0001 – Microsoft Corporation)

Microsoft SQL Server 2012 Native Client  (HKLM…9D93D367-A2CC-4378-BD63-79EF3FE76C78) (Version: 11.4.7462.6 – Microsoft Corporation)

Microsoft SQL Server 2016 LocalDB  (HKLM…9097BF1A-13A0-4A4A-A1F8-473E2A669863) (Version: 13.1.4001.0 – Microsoft Corporation)

Microsoft SQL Server 2019 (64-bit) (HKLM…Microsoft SQL Server SQL2019) (Version:  – Microsoft Corporation)

Microsoft SQL Server 2019 Setup (English) (HKLM…17DCED0E-5B27-453A-B2B4-E487B869B28A) (Version: 15.0.4013.40 – Microsoft Corporation)

Microsoft SQL Server 2019 T-SQL Language Service  (HKLM…31D27B41-A051-49D8-907A-62E0F4A2188C) (Version: 15.0.2000.5 – Microsoft Corporation)

Microsoft SQL Server Management Studio – 18.9.1 (HKLM-x32…bf0d55ea-f272-49bc-8699-22fbdcc115a8) (Version: 15.0.18384.0 – Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM…8D7CE3B0-5379-46FE-9F4B-A65D9F4CC1F1) (Version: 15.0.1200.24 – Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM-x32…725CC962-98BD-42C7-87D8-51C680FB1779) (Version: 15.0.1200.24 – Microsoft Corporation)

Microsoft Update Health Tools (HKLM…E5A95BC5-81DF-4F0C-B910-B59DD012F037) (Version: 2.81.0.0 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.30501 (HKLM-x32…50d4fc8-5d48-4b8f-8972-47c82c46020f) (Version: 12.0.30501.0 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.30501 (HKLM-x32…f65db027-aff3-4070-886a-0d87064aabb1) (Version: 12.0.30501.0 – Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x64) – 14.29.30037 (HKLM-x32…4b2f3795-f407-415e-88d5-8c8ab322909d) (Version: 14.29.30037.0 – Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x86) – 14.29.30037 (HKLM-x32…dfea0fad-88b2-4a1f-8536-3f8f9391f4ef) (Version: 14.29.30037.0 – Microsoft Corporation)

Microsoft Visual Studio Installer (HKLM…6F320B93-EE3C-4826-85E0-ADF79F8D4C61) (Version: 2.10.2174.31177 – Microsoft Corporation)

Microsoft Visual Studio Tools for Applications 2017 (HKLM-x32…f895a2f1-ae3f-4212-8af1-7fa1f8c212ea) (Version: 15.0.27520 – Microsoft Corporation)

Microsoft VSS Writer for SQL Server 2019 (HKLM…2C33F4D4-E9A5-4DE1-ACFE-3A13464E6703) (Version: 15.0.2000.5 – Microsoft Corporation)

Microsoft Web Deploy 4.0 (HKLM…2EC26D34-FB67-4C58-AC20-235697551222) (Version: 10.0.3802 – Microsoft Corporation)

Office 16 Click-to-Run Extensibility Component (HKLM…90160000-008C-0000-1000-0000000FF1CE) (Version: 16.0.14026.20270 – Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM…90160000-007E-0000-1000-0000000FF1CE) (Version: 16.0.14026.20270 – Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (HKLM…90160000-008C-0409-1000-0000000FF1CE) (Version: 16.0.14026.20246 – Microsoft Corporation) Hidden

Online Plug-in (HKLM-x32…70C3E067-E1D3-4D89-8738-6FA6F82B0734) (Version: 21.6.0.31 – Citrix Systems, Inc.) Hidden

Outlook (HKUS-1-5-21-801466221-149834458-993484874-1001…[email protected]@Controller.Outlook) (Version: 1.0 – Delivered by Citrix)

Realtek High Definition Audio Driver (HKLM-x32…F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC) (Version: 6.0.8726.1 – Realtek Semiconductor Corp.)

Remote Desktop Connection (HKUS-1-5-21-801466221-149834458-993484874-1001…[email protected]@Controller.Remote Desktop Co-6) (Version: 1.0 – Delivered by Citrix)

SAP Crystal Reports runtime engine for .NET Framework (64-bit) (HKLM…A07BC249-5C09-4B15-A437-B2BCF1145BEF) (Version: 13.0.25.3158 – SAP)

SAP Crystal Reports, version for Microsoft Visual Studio (HKLM-x32…5EF54B97-2534-4B9C-BA22-B4E136C86268) (Version: 13.0.25.3158 – SAP)

Self-service Plug-in (HKLM-x32…BF16C19F-E310-41B0-ABEE-FE9B4E7E3173) (Version: 21.6.0.16 – Citrix Systems, Inc.) Hidden

SQL Server 2019 Batch Parser (HKLM…D459615B-83B0-408F-8F39-6CC07C277BA6) (Version: 15.0.2000.5 – Microsoft Corporation) Hidden

SQL Server 2019 Common Files (HKLM…FB552DD-543E-48E7-A6F4-2F8D82723C6A) (Version: 15.0.2000.5 – Microsoft Corporation) Hidden

SQL Server 2019 Common Files (HKLM…5E4344C9-8B97-4ED9-8760-57E221C240F4) (Version: 15.0.2000.5 – Microsoft Corporation) Hidden

SQL Server 2019 Connection Info (HKLM…99B940D5-1A49-4B6C-B26C-6A88B2C061CA) (Version: 15.0.2000.5 – Microsoft Corporation) Hidden

SQL Server 2019 Connection Info (HKLM…FD730873-33D1-4D1F-9AE0-E259586F8827) (Version: 15.0.2000.5 – Microsoft Corporation) Hidden

SQL Server 2019 Database Engine Services (HKLM…A60B3D8E-5311-4BF1-AF7A-D1AC15F9152E) (Version: 15.0.2000.5 – Microsoft Corporation) Hidden

SQL Server 2019 Database Engine Services (HKLM…E3E84B2C-FCF6-469F-9FE7-5E8934DB69AD) (Version: 15.0.2000.5 – Microsoft Corporation) Hidden

SQL Server 2019 Database Engine Shared (HKLM…619F0B6C-C802-422A-B4E5-294E61F68473) (Version: 15.0.2000.5 – Microsoft Corporation) Hidden

SQL Server 2019 Database Engine Shared (HKLM…DE5B7937-D5B5-4157-BC30-BB87F021CFF0) (Version: 15.0.2000.5 – Microsoft Corporation) Hidden

SQL Server 2019 DMF (HKLM…814D5077-C93F-42E2-B875-717007C186B9) (Version: 15.0.2000.5 – Microsoft Corporation) Hidden

SQL Server 2019 DMF (HKLM…FC8DC283-4A85-467F-8D0E-2FE4606DCCA1) (Version: 15.0.2000.5 – Microsoft Corporation) Hidden

SQL Server 2019 Shared Management Objects (HKLM…6213D6CB-D258-47A3-B1A0-EE1E5C080DCF) (Version: 15.0.2000.5 – Microsoft Corporation) Hidden

SQL Server 2019 Shared Management Objects (HKLM…A8581199-F913-443B-B058-8E8BF317E71C) (Version: 15.0.2000.5 – Microsoft Corporation) Hidden

SQL Server 2019 Shared Management Objects Extensions (HKLM…8DDAEBCA-4267-4E16-9FE0-D87F21D36891) (Version: 15.0.2000.5 – Microsoft Corporation) Hidden

SQL Server 2019 Shared Management Objects Extensions (HKLM…C7E6D4B7-CB10-4239-BA04-D9339B39D0BD) (Version: 15.0.2000.5 – Microsoft Corporation) Hidden

SQL Server 2019 SQL Diagnostics (HKLM…28ED6838-D8E5-454C-A813-12C5EB447CAB) (Version: 15.0.2000.5 – Microsoft Corporation) Hidden

SQL Server 2019 XEvent (HKLM…2129312E-5204-4F3A-9039-B6D34DBB00FB) (Version: 15.0.2000.5 – Microsoft Corporation) Hidden

SQL Server 2019 XEvent (HKLM…228C3DC2-695E-4FC7-87E4-6A9CE905DA9B) (Version: 15.0.2000.5 – Microsoft Corporation) Hidden

SQL Server Management Studio (HKLM…AC2FDB24-D722-49F9-8CB4-8AC187A73BA6) (Version: 15.0.18384.0 – Microsoft Corporation) Hidden

SQL Server Management Studio (HKLM…FFEDA3B1-242E-40C2-BB23-7E3B87DAC3C1) (Version: 15.0.18384.0 – Microsoft Corporation) Hidden

SQL Server Management Studio for Analysis Services (HKLM…6E38BAB6-6AFA-49DC-B779-A068B0E5CD11) (Version: 15.0.18384.0 – Microsoft Corporation) Hidden

SQL Server Management Studio for Reporting Services (HKLM…7CC4781E-9184-4BF6-B739-6179DDA10D7B) (Version: 15.0.18384.0 – Microsoft Corporation) Hidden

SSMS Post Install Tasks (HKLM…C0BE7047-8F9B-43BD-B11F-53D2BC61A0AC) (Version: 15.0.18384.0 – Microsoft Corporation) Hidden

TypeScript SDK (HKLM-x32…C34D7309-4E94-4B6A-ABE8-C1EE566E9C1F) (Version: 4.2.4.0 – Microsoft Corporation) Hidden

Update for  (KB2504637) (HKLM-x32…CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE.KB2504637) (Version: 1 – Microsoft Corporation)

vcpp_crt.redist.clickonce (HKLM-x32…C1971FA7-C832-480E-91DC-21FBB0794C32) (Version: 14.29.30037 – Microsoft Corporation) Hidden

Visual Studio Community 2019 (HKLM-x32…1ba68ded) (Version: 16.10.31402.337 – Microsoft Corporation)

VS Immersive Activate Helper (HKLM-x32…A71406B5-E487-4B01-8E59-D466841350F5) (Version: 16.0.102.0 – Microsoft Corporation) Hidden

VS JIT Debugger (HKLM…C7E8A4F2-EF09-42A8-B892-69D5ED99D965) (Version: 16.0.102.0 – Microsoft Corporation) Hidden

VS Script Debugging Common (HKLM…A4272808-82F5-410F-A5F9-1BF6F63F6B9A) (Version: 16.0.102.0 – Microsoft Corporation) Hidden

vs_BlendMsi (HKLM-x32…B5E3A3E1-1529-4D5A-9E95-34971FA07825) (Version: 16.0.28329 – Microsoft Corporation) Hidden

vs_clickoncebootstrappermsi (HKLM-x32…6F7948F9-8EED-4FA5-A1D9-7DD512A2CA26) (Version: 16.10.31206 – Microsoft Corporation) Hidden

vs_clickoncebootstrappermsires (HKLM-x32…271F1F42-B547-4498-825F-590DBB1774F7) (Version: 16.0.28329 – Microsoft Corporation) Hidden

vs_clickoncesigntoolmsi (HKLM-x32…30D97A69-3C0F-4552-9A72-60E591B210C7) (Version: 16.0.28329 – Microsoft Corporation) Hidden

vs_communitymsi (HKLM-x32…F2362422-8A5F-473B-B793-E9592B1EA9FA) (Version: 16.10.31306 – Microsoft Corporation) Hidden

vs_communitymsires (HKLM-x32…3751D1CF-9A44-43D2-B4BB-80FA6E7925A8) (Version: 16.10.31213 – Microsoft Corporation) Hidden

vs_devenvmsi (HKLM-x32…AD0C92A4-1514-4BC1-A723-A272A8343924) (Version: 16.0.28329 – Microsoft Corporation) Hidden

vs_filehandler_amd64 (HKLM-x32…8B6AE4FB-1E51-4BB4-B52C-CAC8A0340310) (Version: 16.10.31206 – Microsoft Corporation) Hidden

vs_filehandler_x86 (HKLM-x32…B0AA3BF6-3C13-4C9A-A043-4CEFBBE0A2D3) (Version: 16.10.31206 – Microsoft Corporation) Hidden

vs_FileTracker_Singleton (HKLM-x32…5CA3463-0B45-425D-9AF2-E1964AB85CBB) (Version: 16.10.31303 – Microsoft Corporation) Hidden

vs_minshellinteropmsi (HKLM-x32…883D29E5-9A41-4C45-A192-C10B8078BF0C) (Version: 16.10.31306 – Microsoft Corporation) Hidden

vs_minshellmsi (HKLM-x32…E6B8D127-6C17-4E21-BA5C-B1D0C322BBA2) (Version: 16.10.31320 – Microsoft Corporation) Hidden

vs_minshellmsires (HKLM-x32…916C6E1-6A0A-4887-9E00-D96FD44AFACE) (Version: 16.10.31303 – Microsoft Corporation) Hidden

vs_SQLClickOnceBootstrappermsi (HKLM-x32…9A9E968E-1C75-4B85-BCBF-D1E26D6F7A6B) (Version: 16.10.31205 – Microsoft Corporation) Hidden

vs_tipsmsi (HKLM-x32…E208E682-50EE-4F2F-9860-C91B906B8A03) (Version: 16.0.28329 – Microsoft Corporation) Hidden

vs_vswebprotocolselectormsi (HKLM-x32…634F7BE2-E181-4544-946F-B8BA774B9059) (Version: 16.10.31206 – Microsoft Corporation) Hidden

WinRAR 5.90 (64-bit) (HKLM…WinRAR archiver) (Version: 5.90.0 – win.rar GmbH)

Zoho Assist (HKUS-1-5-21-801466221-149834458-993484874-1001…Zoho Assist) (Version: 111.0.3.119 – Zoho Corporation)

Packages:

=========

HP Smart -> C:Program FilesWindowsAppsAD2F1837.HPPrinterControl_127.1.115.0_x64__v10z8vjag6ke6 [2021-05-20] (HP Inc.)

Intel® Graphics Command Center -> C:Program FilesWindowsAppsAppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6ctt [2021-06-14] (INTEL CORP) [Startup Task]

Intel® Graphics Control Panel -> C:Program FilesWindowsAppsAppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-08-06] (INTEL CORP)

Lenovo Vantage -> C:Program FilesWindowsAppsE046963F.LenovoCompanion_10.2105.16.0_x64__k1h2ywk1493x8 [2021-06-10] (LENOVO INC.)

Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-03-25] (Microsoft Corporation) [MS Ad]

Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-03-25] (Microsoft Corporation) [MS Ad]

Microsoft Solitaire Collection -> C:Program FilesWindowsAppsMicrosoft.MicrosoftSolitaireCollection_4.9.5310.0_x64__8wekyb3d8bbwe [2021-06-04] (Microsoft Studios) [MS Ad]

MPEG-2 Video Extension -> C:Program FilesWindowsAppsMicrosoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2020-08-06] (Microsoft Corporation)

Realtek Audio Control -> C:Program FilesWindowsAppsRealtekSemiconductorCorp.RealtekAudioControl_1.20.235.0_x64__dt26b99r8h8gj [2021-05-20] (Realtek Semiconductor Corp)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [WinRAR] -> B41DB860-64E4-11D2-9906-E49FADC173CA => C:Program FilesWinRARrarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers1-x32: [WinRAR32] -> B41DB860-8EE4-11D2-9906-E49FADC173CA => C:Program FilesWinRARrarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers3: [MBAMShlExt] -> 57CE581A-0CB6-4266-9CA0-19364C90A0B3 => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2020-09-17] (Malwarebytes Corporation -> Malwarebytes)

ContextMenuHandlers6: [MBAMShlExt] -> 57CE581A-0CB6-4266-9CA0-19364C90A0B3 => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2020-09-17] (Malwarebytes Corporation -> Malwarebytes)

ContextMenuHandlers6: [WinRAR] -> B41DB860-64E4-11D2-9906-E49FADC173CA => C:Program FilesWinRARrarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers6-x32: [WinRAR32] -> B41DB860-8EE4-11D2-9906-E49FADC173CA => C:Program FilesWinRARrarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:UsersdaddyDesktopTom (Person 1) – Chrome.lnk -> C:Program FilesGoogleChromeApplicationchrome.exe (Google LLC) -> –profile-directory="Default"

ShortcutWithArgument: C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk -> C:Program Files (x86)CitrixICA ClientSelfServicePluginSelfService.exe (Citrix Systems, Inc.) -> -launch -reg "Sof[email protected]@Controllers.Google Chrome_1" -startmenuShortcut

ShortcutWithArgument: C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsChrome AppsGoogle Play Music (1).lnk -> C:Program FilesGoogleChromeApplicationchrome_proxy.exe (Google LLC) ->  –profile-directory="Profile 1" –app-id=fahmaaghhglfmonjliepjlchgpgfmobi

ShortcutWithArgument: C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsChrome AppsGoogle Play Music (2).lnk -> C:Program FilesGoogleChromeApplicationchrome_proxy.exe (Google LLC) ->  –profile-directory="Profile 2" –app-id=fahmaaghhglfmonjliepjlchgpgfmobi

ShortcutWithArgument: C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsChrome AppsGoogle Play Music.lnk -> C:Program FilesGoogleChromeApplicationchrome_proxy.exe (Google LLC) ->  –profile-directory=Default –app-id=fahmaaghhglfmonjliepjlchgpgfmobi

ShortcutWithArgument: C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsChrome AppsPostman (1).lnk -> C:Program FilesGoogleChromeApplicationchrome_proxy.exe (Google LLC) ->  –profile-directory="Profile 1" –app-id=fhbjgbiflinjbdggehcddcbncdddomop

ShortcutWithArgument: C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsChrome AppsPostman (2).lnk -> C:Program FilesGoogleChromeApplicationchrome_proxy.exe (Google LLC) ->  –profile-directory="Profile 2" –app-id=fhbjgbiflinjbdggehcddcbncdddomop

ShortcutWithArgument: C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsChrome AppsPostman.lnk -> C:Program FilesGoogleChromeApplicationchrome_proxy.exe (Google LLC) ->  –profile-directory=Default –app-id=fhbjgbiflinjbdggehcddcbncdddomop

ShortcutWithArgument: C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsChrome AppsReadium.lnk -> C:Program FilesGoogleChromeApplicationchrome_proxy.exe (Google LLC) ->  –profile-directory="Profile 1" –app-id=fepbnnnkkadjhjahcafoaglimekefifl

ShortcutWithArgument: C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsChrome AppsSimple EPUB Reader (1).lnk -> C:Program FilesGoogleChromeApplicationchrome_proxy.exe (Google LLC) ->  –profile-directory="Profile 1" –app-id=ojhbgcchcbdjdenibfmjofobklkkhofc

ShortcutWithArgument: C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsChrome AppsSimple EPUB Reader (2).lnk -> C:Program FilesGoogleChromeApplicationchrome_proxy.exe (Google LLC) ->  –profile-directory="Profile 2" –app-id=ojhbgcchcbdjdenibfmjofobklkkhofc

ShortcutWithArgument: C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsChrome AppsSimple EPUB Reader.lnk -> C:Program FilesGoogleChromeApplicationchrome_proxy.exe (Google LLC) ->  –profile-directory=Default –app-id=ojhbgcchcbdjdenibfmjofobklkkhofc

ShortcutWithArgument: C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsChrome AppsVideostream for Google Chromecast™.lnk -> C:Program FilesGoogleChromeApplicationchrome_proxy.exe (Google LLC) ->  –profile-directory="Profile 1" –app-id=cnciopoikihiagdjbjpnocolokfelagl

==================== Loaded Modules (Whitelisted) =============

2021-06-16 02:10 – 2021-06-16 02:10 – 001419776 _____ () [File not signed] [File is in use] C:Program Files (x86)CitrixICA ClientBrowserCefSharp.Core.Runtime.dll

2020-03-28 10:30 – 2020-03-28 10:30 – 003352576 _____ () [File not signed] C:Program Files (x86)CitrixICA ClientReceivercpprest142_2_10.dll

2021-06-16 02:13 – 2021-06-16 02:13 – 000876032 _____ (Citrix Systems, Inc.) [File not signed] C:Program Files (x86)CitrixICA ClientReceiverAnalyticsInterface.dll

2021-06-11 14:33 – 2021-06-11 14:33 – 000011776 _____ (Citrix Systems, Inc.) [File not signed] C:Program Files (x86)CitrixICA ClientresourceensslsdkUI.dll

2021-06-11 14:33 – 2021-06-11 14:33 – 002423296 _____ (Citrix Systems, Inc.) [File not signed] C:Program Files (x86)CitrixICA Clientsslsdk_b.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMBAMService => ""="Service"

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKUS-1-5-21-801466221-149834458-993484874-1001SoftwareMicrosoftInternet ExplorerMain,Start Page = hxxp://www.msn.com/?pc=LCTE

HKUS-1-5-21-801466221-149834458-993484874-1001SoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = hxxp://www.msn.com/?pc=LCTE

HKUS-1-5-21-801466221-149834458-993484874-1001SoftwareMicrosoftInternet ExplorerMain,Secondary Start Pages = hxxp://mystart.lenovo.com/

SearchScopes: HKUS-1-5-21-801466221-149834458-993484874-1001 -> DefaultScope 42EC2899-2CC1-47FB-A39B-0008988F5076 URL =

SearchScopes: HKUS-1-5-21-801466221-149834458-993484874-1001 -> 42EC2899-2CC1-47FB-A39B-0008988F5076 URL =

BHO: Java™ Plug-In SSV Helper -> 761497BB-D6F0-462C-B6EB-D4DAF1D92D43 -> C:Program FilesJavajre1.8.0_261binssv.dll [2020-08-07] (Oracle America, Inc. -> Oracle Corporation)

BHO: Java™ Plug-In 2 SSV Helper -> DBC80044-A445-435b-BC74-9C25C1C588A9 -> C:Program FilesJavajre1.8.0_261binjp2ssv.dll [2020-08-07] (Oracle America, Inc. -> Oracle Corporation)

BHO-x32: Skype for Business Browser Helper -> 31D09BA0-12F5-4CCE-BE8A-2923E76605DA -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16OCHelper.dll [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)

Handler: mso-minsb-roaming.16 – 83C25742-A9F7-49FB-9138-434302C88D07 – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb-roaming.16 – 83C25742-A9F7-49FB-9138-434302C88D07 – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)

Handler: mso-minsb.16 – 42089D2D-912D-4018-9087-2B87803E93FB – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb.16 – 42089D2D-912D-4018-9087-2B87803E93FB – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf-roaming.16 – 42089D2D-912D-4018-9087-2B87803E93FB – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf-roaming.16 – 42089D2D-912D-4018-9087-2B87803E93FB – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf.16 – 5504BE45-A83B-4808-900A-3A5C36E7F77A – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf.16 – 5504BE45-A83B-4808-900A-3A5C36E7F77A – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)

Filter-x32: application/x-ica – CFB6322E-CC85-4d1b-82C7-893888A236BC – C:Program Files (x86)CitrixICA ClientIcaMimeFilter.dll [2021-06-11] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=euc-jp – CFB6322E-CC85-4d1b-82C7-893888A236BC – C:Program Files (x86)CitrixICA ClientIcaMimeFilter.dll [2021-06-11] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=ISO-8859-1 – CFB6322E-CC85-4d1b-82C7-893888A236BC – C:Program Files (x86)CitrixICA ClientIcaMimeFilter.dll [2021-06-11] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS936 – CFB6322E-CC85-4d1b-82C7-893888A236BC – C:Program Files (x86)CitrixICA ClientIcaMimeFilter.dll [2021-06-11] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS949 – CFB6322E-CC85-4d1b-82C7-893888A236BC – C:Program Files (x86)CitrixICA ClientIcaMimeFilter.dll [2021-06-11] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS950 – CFB6322E-CC85-4d1b-82C7-893888A236BC – C:Program Files (x86)CitrixICA ClientIcaMimeFilter.dll [2021-06-11] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF-8 – CFB6322E-CC85-4d1b-82C7-893888A236BC – C:Program Files (x86)CitrixICA ClientIcaMimeFilter.dll [2021-06-11] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF8 – CFB6322E-CC85-4d1b-82C7-893888A236BC – C:Program Files (x86)CitrixICA ClientIcaMimeFilter.dll [2021-06-11] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=euc-jp – CFB6322E-CC85-4d1b-82C7-893888A236BC – C:Program Files (x86)CitrixICA ClientIcaMimeFilter.dll [2021-06-11] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=ISO-8859-1 – CFB6322E-CC85-4d1b-82C7-893888A236BC – C:Program Files (x86)CitrixICA ClientIcaMimeFilter.dll [2021-06-11] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS936 – CFB6322E-CC85-4d1b-82C7-893888A236BC – C:Program Files (x86)CitrixICA ClientIcaMimeFilter.dll [2021-06-11] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS949 – CFB6322E-CC85-4d1b-82C7-893888A236BC – C:Program Files (x86)CitrixICA ClientIcaMimeFilter.dll [2021-06-11] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS950 – CFB6322E-CC85-4d1b-82C7-893888A236BC – C:Program Files (x86)CitrixICA ClientIcaMimeFilter.dll [2021-06-11] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF-8 – CFB6322E-CC85-4d1b-82C7-893888A236BC – C:Program Files (x86)CitrixICA ClientIcaMimeFilter.dll [2021-06-11] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF8 – CFB6322E-CC85-4d1b-82C7-893888A236BC – C:Program Files (x86)CitrixICA ClientIcaMimeFilter.dll [2021-06-11] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

Filter-x32: ica – CFB6322E-CC85-4d1b-82C7-893888A236BC – C:Program Files (x86)CitrixICA ClientIcaMimeFilter.dll [2021-06-11] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 00:49 – 2019-03-19 00:49 – 000000824 _____ C:WINDOWSsystem32driversetchosts

2020-11-09 05:17 – 2020-11-09 05:17 – 000000445 _____ C:WINDOWSsystem32driversetchosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLMSystemCurrentControlSetControlSession ManagerEnvironment\Path -> C:Program Files (x86)Common FilesOracleJavajavapath;%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;%SYSTEMROOT%System32WindowsPowerShellv1.0;%SYSTEMROOT%System32OpenSSH;C:Program FilesIntelWiFibin;C:Program FilesCommon FilesIntelWirelessCommon;%JAVA_HOME%bin;C:apache-maven-3.6.3bin;C:Program Filesdotnet;C:Program FilesMicrosoft SQL ServerClient SDKODBC170ToolsBinn;C:Program Files (x86)Microsoft SQL Server150ToolsBinn;C:Program FilesMicrosoft SQL Server150ToolsBinn;C:Program FilesMicrosoft SQL Server150DTSBinn;C:Program FilesMicrosoft SQL Server130ToolsBinn;C:Program Files (x86)Microsoft SQL Server150DTSBinn;C:Program FilesAzure Data Studiobin;C:Program FilesGitcmd

HKUS-1-5-21-801466221-149834458-993484874-1001Control PanelDesktop\Wallpaper -> C:UsersdaddyAppDataRoamingMicrosoftWindowsThemesTranscodedWallpaper

HKUS-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775Control PanelDesktop\Wallpaper -> C:WindowsWebWallpaperWindowsimg0.jpg

HKUS-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003Control PanelDesktop\Wallpaper -> C:WindowsWebWallpaperWindowsimg0.jpg

DNS Servers: 192.168.50.1

HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: )

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [D4EA77C3-290E-4D2A-808E-61E1896C2AC3] => (Allow) C:WINDOWSsystem32alg.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [EFF70587-71A3-49F5-9038-F0EA81F0EE94] => (Allow) C:WINDOWSsystem32alg.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [87B9543B-5E94-4EC0-9D0A-A5FF70962305] => (Allow) C:WINDOWSsystem32alg.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [232D170D-B19B-4A80-BF73-37AD0FED893A] => (Allow) C:Program FilesGoogleChromeApplicationchrome.exe (Google LLC -> Google LLC)

FirewallRules: [E9F81D6F-F567-4ED0-B19A-239767630DED] => (Allow) C:Program FilesMicrosoft OfficerootOffice16outlook.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [395C4A0E-B5ED-4A20-817F-A633EFBFEFC6] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [820006ED-8DC9-46AC-BA89-BDD450EAF58C] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [9C9A5B1A-ADE8-4D66-9C7D-3247BEC7B8EA] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [FE66B1BE-AFC8-439B-B74D-BBEE50FEF8F4] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [64D71EFD-E7F0-41BF-A032-7E96692AD4D3] => (Allow) C:Program Files (x86)MicrosoftEdgeWebViewApplication91.0.864.48msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [02F2CA23-2898-4A38-9CB9-8B5E1B7D50F8] => (Allow) C:Program FilesGoogleChromeApplicationchrome.exe (Google LLC -> Google LLC)

FirewallRules: [B117FAC7-260A-4217-9CF8-320B6A7D920B] => (Allow) LPort=9845

==================== Restore Points =========================

08-06-2021 17:09:08 Windows Modules Installer

10-06-2021 08:14:48 Microsoft .NET Framework 4.8 Developer Pack

15-06-2021 06:49:00 Windows Modules Installer

17-06-2021 09:14:30 Installed DirectX

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:

==================

Error: (06/15/2021 07:06:05 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-NBI7G7F)

Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (06/14/2021 11:04:02 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-NBI7G7F)

Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (06/11/2021 09:24:13 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-NBI7G7F)

Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (06/10/2021 10:05:55 AM) (Source: HlpCtntMgr) (EventID: 1003) (User: )

Description: Help Content Manager exited with error: InvalidCmdArgs

Error: (06/10/2021 09:54:00 AM) (Source: MsiInstaller) (EventID: 10005) (User: DESKTOP-NBI7G7F)

Description: Product: SAP Crystal Reports runtime engine for .NET Framework (64-bit) — A newer version of SAP Crystal Reports runtime engine for .NET Framework (64-bit) is detected. This installation cannot continue until the current version has been uninstalled. Setup will now exit.

Error: (06/10/2021 09:52:29 AM) (Source: HlpCtntMgr) (EventID: 1003) (User: )

Description: Help Content Manager exited with error: InvalidCmdArgs

Error: (06/10/2021 09:47:04 AM) (Source: HlpCtntMgr) (EventID: 1003) (User: )

Description: Help Content Manager exited with error: InvalidCmdArgs

Error: (06/10/2021 09:21:17 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-NBI7G7F)

Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

System errors:

=============

Error: (06/17/2021 08:47:43 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NBI7G7F)

Description: The server 94269C4E-071A-4116-90E6-52E557067E4E did not register with DCOM within the required timeout.

Error: (06/17/2021 08:45:43 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NBI7G7F)

Description: The server 94269C4E-071A-4116-90E6-52E557067E4E did not register with DCOM within the required timeout.

Error: (06/16/2021 08:38:01 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Security Intelligence Update for Microsoft Defender Antivirus – KB2267602 (Version 1.341.874.0).

Error: (06/16/2021 08:36:56 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)

Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:

E60687F7-01A1-40AA-86AC-DB1CBF673334

Error: (06/16/2021 08:36:56 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)

Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:

E60687F7-01A1-40AA-86AC-DB1CBF673334

Error: (06/16/2021 08:35:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The LenovoVantageService service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/15/2021 08:26:48 PM) (Source: BugCheck) (EventID: 1001) (User: )

Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000d1 (0x0000000000000028, 0x0000000000000002, 0x0000000000000000, 0xfffff8061d0e21e1). A dump was saved in: C:WINDOWSMEMORY.DMP. Report Id: d067b53b-b564-424d-8f89-bd50eb71aa34.

Error: (06/15/2021 08:26:41 PM) (Source: volmgr) (EventID: 161) (User: )

Description: Dump file creation failed due to error during dump creation.

Windows Defender:

================

Date: 2021-06-03 08:09:02

Description:

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2021-06-02 06:06:11

Description:

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2021-05-31 14:54:54

Description:

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2021-05-30 11:51:54

Description:

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2021-05-30 11:51:53

Description:

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2021-06-16 20:38:01

Description:

Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version:

Previous security intelligence Version: 1.339.1944.0

Update Source: Microsoft Update Server

Security intelligence Type: AntiVirus

Update Type: Full

Current Engine Version:

Previous Engine Version: 1.1.18100.6

Error code: 0x80070643

Error description: Fatal error during installation.

Date: 2021-06-16 20:38:01

Description:

Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version: 1.341.874.0

Previous security intelligence Version: 1.339.1944.0

Update Source: User

Security intelligence Type: AntiSpyware

Update Type: Delta

Current Engine Version: 1.1.18200.4

Previous Engine Version: 1.1.18100.6

Error code: 0x80070666

Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2021-06-16 20:38:01

Description:

Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version: 1.341.874.0

Previous security intelligence Version: 1.339.1944.0

Update Source: User

Security intelligence Type: AntiVirus

Update Type: Delta

Current Engine Version: 1.1.18200.4

Previous Engine Version: 1.1.18100.6

Error code: 0x80070666

Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2021-06-16 20:38:01

Description:

Microsoft Defender Antivirus has encountered an error trying to update the engine.

New Engine Version: 1.1.18200.4

Previous Engine Version: 1.1.18100.6

Error Code: 0x80070666

Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2021-06-16 20:36:56

Description:

Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version:

Previous security intelligence Version: 1.339.1944.0

Update Source: Microsoft Update Server

Security intelligence Type: AntiVirus

Update Type: Full

Current Engine Version:

Previous Engine Version: 1.1.18100.6

Error code: 0x8007045b

Error description: A system shutdown is in progress.

==================== Memory info ===========================

BIOS: LENOVO M2AKT22A 04/16/2020

Motherboard: LENOVO 314D

Processor: Intel® Core™ i5-8265U CPU @ 1.60GHz

Percentage of memory in use: 70%

Total physical RAM: 8057.65 MB

Available physical RAM: 2371.07 MB

Total Virtual: 9337.65 MB

Available Virtual: 2212.09 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:475.69 GB) (Free:361.49 GB) NTFS

\?Volumed2d24a3a-bf5c-4033-9168-1ee97a487909 (WinRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.55 GB) NTFS

\?Volumeb302d224-5dd7-417f-91bc-d40991fd64dd (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================

Disk: 0 (Size: 476.9 GB) (Disk ID: 9DE4B428)

Partition: GPT.

==================== End of Addition.txt =======================