AntiRecuvaAndDB.exe svchost.exe envoie à IP en Chine un ransomware chiffré – Bien monter son serveur
Author: Titanfall — · Updated:
Short summary: [bzkshopping keyword= »Minecraft » count= »8″ template= »grid »] J'ai été touché par une rançon qui m'a incité à envoyer un autre e-mail backup.data24@tutonota J'ai envoyé et envoyé un e-mail mais je n'ai pas répondu. J'ai reçu un message indiquant que tous mes fichiers avaient été cryptés. Pour ces ordinateurs, j'ai dû réinitialiser le système d'exploitation. Un ordinateur (j'ai environ […]
Quick overview
- Site
- Tutos GameServer
- Canonical URL
- https://tutos-gameserver.fr/2021/06/19/antirecuvaanddb-exe-svchost-exe-envoie-a-ip-en-chine-un-ransomware-chiffre-bien-monter-son-serveur/
- LLM HTML version
- https://tutos-gameserver.fr/2021/06/19/antirecuvaanddb-exe-svchost-exe-envoie-a-ip-en-chine-un-ransomware-chiffre-bien-monter-son-serveur/llm
- LLM JSON version
- https://tutos-gameserver.fr/2021/06/19/antirecuvaanddb-exe-svchost-exe-envoie-a-ip-en-chine-un-ransomware-chiffre-bien-monter-son-serveur/llm.json
- Manifest
- https://tutos-gameserver.fr/llm-endpoints-manifest.json
- Estimated reading time
- 61 minutes (3608 seconds)
- Word count
- 12026
Key points
- [bzkshopping keyword= »Minecraft » count= »8″ template= »grid »] J'ai été touché par une rançon qui m'a incité à envoyer un autre e-mail backup.data24@tutonota J'ai envoyé et envoyé un e-mail mais je n'ai pas répondu.
- J'ai reçu un message indiquant que tous mes fichiers avaient été cryptés.
- Pour ces ordinateurs, j'ai dû réinitialiser le système d'exploitation.
- Un ordinateur (j'ai environ six ordinateurs portables) n'a pas semblé être affecté par la rançon, mais a été infecté par un logiciel malveillant.
Primary visual
Structured content
[bzkshopping keyword= »Minecraft » count= »8″ template= »grid »]
J'ai été touché par une rançon qui m'a incité à envoyer un autre e-mail backup.data24@tutonota J'ai envoyé et envoyé un e-mail mais je n'ai pas répondu. J'ai reçu un message indiquant que tous mes fichiers avaient été cryptés. Pour ces ordinateurs, j'ai dû réinitialiser le système d'exploitation. Un ordinateur (j'ai environ six ordinateurs portables) n'a pas semblé être affecté par la rançon, mais a été infecté par un logiciel malveillant. J'ai fait une analyse Windows Defender sur cet ordinateur et il a trouvé Rançon : Win32 / Phobos.PC ! VTT AntiRecuvaAndDB.exe sur mon lecteur partagé NAS et l'a garanti. Le logiciel malveillant est décrit ci-dessous https://www.bleepingcomputer.com/forums/t/688649/phobos-ransomware-id-idemailphobos-adame-help-support/page-59
Mes problèmes n'étaient pas terminés. Parfois, je ne pouvais pas me connecter à l'ordinateur via RDP, et la prochaine fois, j'ai reçu un avertissement svchost.exe envoie à une adresse IP en Chine. J'ai vissé le pare-feu. et a exécuté le scanner.
Résultat de l'analyse de Passable Recovery Scan Tool (FRST) (x64) Version : 16-06-2021 Piloté par papa (administrateur) sur DESKTOP-NBI7G7F (LENOVO 11ADS0B100) (17-06-2021 17:10:56) Fonctionne à partir de C: Users papa Downloads Profils chargés : papa & SQLTELEMETRY & MSSQLSERVER Plate-forme : Windows 10 Pro Version 20H2 19042.1052 (X64) Langue : Anglais (États-Unis) Navigateur par défaut : Chrome Mode de démarrage : Normal
===================== Processus (approuvés) ==================
(Si une entrée est incluse dans la liste des correctifs, le processus se ferme. Le fichier n'est pas déplacé.)
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C: Program Files (x86) Citrix ICA Client Browser CtxWebBrowser.exe (Citrix Systems, Inc. -> Citrix Systems, Inc.) C: Program Files (x86) Citrix ICA Client AuthManager AuthManSvr.exe (Citrix Systems, Inc. -> Citrix Systems, Inc.) C: Program Files (x86) Citrix ICA Client concentr.exe (Citrix Systems, Inc. -> Citrix Systems, Inc.) C: Program Files (x86) Citrix ICA Client Receiver Receiver.exe (Citrix Systems, Inc. -> Citrix Systems, Inc.) C: Program Files (x86) Citrix ICA Client Receiver UpdaterService.exe (Citrix Systems, Inc. -> Citrix Systems, Inc.) C: Program Files (x86) Citrix ICA Client redirector.exe (Citrix Systems, Inc. -> Citrix Systems, Inc.) C: Program Files (x86) Citrix ICA Client SelfServicePlugin SelfService.exe (Citrix Systems, Inc. -> Citrix Systems, Inc.) C: Program Files (x86) Citrix ICA Client SelfServicePlugin SelfServicePlugin.exe (Citrix Systems, Inc. -> Citrix Systems, Inc.) C: Program Files (x86) Citrix ICA Client wfcrun32.exe (Citrix Systems, Inc. -> Citrix Systems, Inc.) C: Program Files (x86) Citrix ICA Client wfica32.exe (Google LLC -> Google LLC) C: Program Files (x86) Google Update 1.3.36.82 GoogleCrashHandler.exe (Google LLC -> Google LLC) C: Program Files (x86) Google Update 1.3.36.82 GoogleCrashHandler64.exe (Google LLC -> Google LLC) C:Program FilesGoogleChromeApplicationchrome.exe (INTEL CORP) C:Program FilesWindowsAppsAppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6cttGCP.ML.BackgroundSysTrayIGCCTray.exe (Intel Corporation -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorydptf_cpu.inf_amd64_82b77f8c4618e2d0esif_uf.exe (Intel Corporation -> Intel® Corporation) C: Program Files Common Files Intel WirelessCommon RegSrvc.exe (Intel Corporation -> Intel® Corporation) C: Program Files Intel WiFi bin EvtEng.exe (Intel Corporation -> Intel® Corporation) C: Program Files Intel WiFi bin ZeroConfigService.exe (Groupe Sous-systèmes et blocs IP intégrés Intel® -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorydal.inf_amd64_0b214be229a13e84jhi_service.exe (Groupe Sous-systèmes et blocs IP intégrés Intel® -> Intel Corporation) C: Windows System32 DriverStore FileRepository lms.inf_amd64_51074a304c325b5d LMS.exe (Intel® pGFX 2020 -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorycui_dch.inf_amd64_8a301c120b987c01igfxCUIService.exe (Intel® pGFX 2020 -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryigcc_dch.inf_amd64_523d41b353d185cfOneApp.IGCC.WinService.exe (Intel® pGFX 2020 -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryiigd_dch.inf_amd64_b9dbc85a6586959bIntelCpHDCPSvc.exe (Intel® pGFX 2020 -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryiigd_dch.inf_amd64_b9dbc85a6586959bIntelCpHeciSvc.exe (Lenovo -> Lenovo Group Ltd.) C: Program Files (x86) Lenovo VantageService 3.7.19.0 Lenovo.Vantage.AddinHost.exe (Lenovo -> Lenovo Group Ltd.) C: Program Files (x86) Lenovo VantageService 3.7.19.0 LenovoVantageService.exe (Lenovo -> Lenovo Group Ltd.) C: Windows Lenovo ImController Service Lenovo.Modern.ImController.exe (Malwarebytes Inc -> Malwarebytes) C: Program Files Malwarebytes Anti-Malware MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-Malwarembamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:Program FilesCommon Filesmicrosoft sharedClickToRunOfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe (Microsoft Corporation -> Microsoft Corporation) C:Program FilesMicrosoft SQL ServerMSSQL15.MSSQLSERVERMSSQLBinnsqlceip.exe (Microsoft Corporation -> Microsoft Corporation) C:Program FilesMicrosoft SQL ServerMSSQL15.MSSQLSERVERMSSQLBinnsqlservr.exe (Microsoft Corporation -> Microsoft Corporation) C:UsersdaddyAppDataLocalMicrosoftOneDrive21.109.0530.0001FileCoAuth.exe (Microsoft Corporation -> Microsoft Corporation) C:UsersdaddyAppDataLocalMicrosoftOneDriveOneDrive.exe (Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32LogonUI.exe (Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32oobeUserOOBEBroker.exe (Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32rdpclip.exe (Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32wlanext.exe (Oracle America, Inc. -> Oracle Corporation) C: Program Files (x86) Common Files Java Java Update jucheck.exe (Oracle America, Inc. -> Oracle Corporation) C: Program Files (x86) Common Files Java Java Update jusched.exe (PRIMAX ÉLECTRONIQUE LTÉE ->) [File not signed] C: Program Files Lenovo Lenovo Essential Wireless Keyboard KBOSD.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:WindowsSystem32DriverStoreFileRepositoryrealtekservice.inf_amd64_9971779a1c712866RtkAudUService64.exe
===================== S'inscrire (approuvé) ====================
(Si une entrée est incluse dans la liste des correctifs, l'entrée de registre est restaurée par défaut ou supprimée. Le fichier n'est pas déplacé.)
HKLM … Exécutez : [RtkAudUService] => C:WINDOWSSystem32DriverStoreFileRepositoryrealtekservice.inf_amd64_9971779a1c712866RtkAudUService64.exe [1201968 2020-10-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM … Exécutez : [Lenovo Essential Wireless Keyboard OSD] => C: Program Files Lenovo Lenovo Essential Wireless Keyboard KBOSD.exe [4485424 2019-04-11] (PRIMAX ÉLECTRONIQUE LTÉE ->) [File not signed] HKLM-x32 … Exécutez : [SunJavaUpdateSched] => C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [710776 2020-06-18] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32 … Exécutez : [ConnectionCenter] => C:Program Files (x86)CitrixICA Clientconcentr.exe [2344552 2021-06-11] (Citrix Systems, Inc. -> Citrix Systems, Inc.) HKLM-x32 … Exécutez : [Redirector] => C:Program Files (x86)CitrixICA Clientredirector.exe [794728 2021-06-11] (Citrix Systems, Inc. -> Citrix Systems, Inc.) HKLM-x32 … Exécutez : [InstallHelper] => C:Program Files (x86)CitrixCitrix WorkSpace 2106InstallHelper.exe [441448 2021-06-16] (Citrix Systems, Inc. -> Citrix Systems, Inc.) HKU S-1-5-21-801466221-149834458-993484874-1001 … Exécuter : [Bomgar_Cleanup_ZD4532062511607] => cmd.exe/C rd/S/Q "C:UsersdaddyAppDataLocalTempnsx851F.tmpb" & reg.exe supprime HKCUSoftwareMicrosoftWindowsCurrentVersionRun/v Bomgar_Cleanup_ZD4532062511607/ f <==== REMARQUE ! HKU S-1-5-21-801466221-149834458-993484874-1001 … Exécuter : [Bomgar_Cleanup_ZD4584768713342] => cmd.exe / C rd / S / Q " C: ProgramData bomgar-scc-0x60cb4a45 " & reg.exe supprime HKCU Software Microsoft Windows CurrentVersion Run / v Bomgar_Cleanup_ZD4584768713342 / f <==== NOTEZ CE QUI SUIT HKLM Software Microsoft Active Setup Composants installés : [8A69D345-D564-463c-AFF1-A69D9E530F96] -> C:Program FilesGoogleChromeApplication91.0.4472.106Installerchrmstp.exe [2021-06-15] (Google LLC -> Google LLC) Démarrage : C: Users Dad AppData Roaming Microsoft Windows Start Menu Programs Startup Citrix Workspace.lnk [2021-06-03] ShortcutTarget : Citrix Workspace.lnk -> C: Program Files (x86) Citrix ICA Client SelfServicePlugin SelfServicePlugin.exe (Citrix Systems, Inc. -> Citrix Systems, Inc.)
====================== Tâches planifiées (approuvées) ==============
(Si une entrée est incluse dans la liste des correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé à moins qu'il ne soit répertorié séparément.)
Tâche : 09246B3A-8233-4D2E-8EF0-46AE0AC253FC – System32 Tasks Microsoft Office Office Feature Updates Logon => C: Program Files Microsoft Office root Office16 sdxhelper.exe [147272 2021-06-12] (Microsoft Corporation -> Microsoft Corporation) Tâche : 2027384A-ECB2-433E-BB1A-CD9D54B1647D – System32 Tasks GoogleUpdateTaskMachineCore => C: Program Files (x86) Google Update GoogleUpdate.exe [156104 2020-09-30] (Google LLC -> Google LLC) Tâche : 23455BB9-9668-43FC-B0ED-85BCDE711F1A – System32 Tasks Lenovo ImController Plugins LenovoSystemUpdatePlugin_WeeklyTask => % windir% System32 reg.exe add hklm SOFTWARE d Lenovo SystemUp / f / reg : 32 Tâche : 372300DF-412C-4A4C-9EEE-867987C6E359 – System32 Tasks Microsoft VisualStudio Updates BackgroundDownload => C: Program Files (x86) Microsoft Visual Studio Installer resources app ServiceHub Services Microsoft .VisualStudio.Setup.Service BackgroundDownload.exe [65448 2021-06-09] (Microsoft Corporation -> Microsoft) Tâche : 44C195B9-1903-437F-8238-794C6C73D541 – System32 Tasks Lenovo Vantage Schedule DailyTelemetryTransmission => C: Program Files (x86) Lenovo VantageService 3.7.19.0 ScheduleEventAction.exe [23968 2021-05-17] (Lenovo -> Lenovo Group Ltd.) Tâche : 467D8F28-79FC-4EB3-A45C-D1B6AF13FFA0 – System32 Tasks Microsoft Office Office Automatic Updates 2.0 => C: Program Files Common Files Microsoft Shared ClickToRun OfficeC2RClient.exe [23124856 2021-06-03] (Microsoft Corporation -> Microsoft Corporation) Tâche : 6B3E1EF4-0BFE-4967-9940-ACEC6A8816D8 – System32 Tasks Lenovo ImController TimeBasedEvents 7a69b1b2-dca2-42ef-9985-da1532cc6c00 => C: WINDOWS Lenovo ImControll. ImController.exe [81824 2021-03-14] (Lenovo -> Lenovo Group Ltd.) Tâche : 71DFA76B-A967-4BBF-8DD7-8AE91F41B43A – System32 Tasks Lenovo ImController TimeBasedEvents 234d62ed-fd5f-40e6-b1d5-043bfd200c3f => C: WINDOWS. ImController.exe [81824 2021-03-14] (Lenovo -> Lenovo Group Ltd.) Tâche : 973B2E7C-0921-4D91-844D-B129BC2B40B0 – System32 Tasks GoogleUpdateTaskMachineUA => C: Program Files (x86) Google Update GoogleUpdate.exe [156104 2020-09-30] (Google LLC -> Google LLC) Tâche : A7E829CD-CF6D-4C8E-B76E-7E63D53BD257 – System32 Tasks Lenovo Vantage Lenovo.Vantage.ServiceMaintainance =>% systemroot% system32 sc.exe lance LenovoVantageService Tâche : B570FA6A-C02E-4624-B571-D04BFD01C5FB – System32 Tasks Microsoft Office Office ClickToRun Service Monitor => C: Program Files Common Files Microsoft Shared ClickToRun OfficeC2RClient.exe [23124856 2021-06-03] (Microsoft Corporation -> Microsoft Corporation) Tâche : BADCA65F-EAC4-42FA-81F4-73B7444AA16E – System32 Tasks Lenovo ImController TimeBasedEvents 6b103bc8-ba88-488a-b474-7b2eb759846e => C: WINDOWS Lenovo ImC. Un service. ImController.exe [81824 2021-03-14] (Lenovo -> Lenovo Group Ltd.) Tâche : C72B7A4B-70B2-49F2-9E81-C7A474D942D4 – System32 Tasks Lenovo BatteryGauge BatteryGaugeMaintenance => C: ProgramData Lenovo ImController Plugins LenovoBatteryGaugePackage x64 BGH [144456 2021-05-19] (Lenovo -> Lenovo Group Ltd.) Tâche : E29BE27F-C5C9-4AE4-A380-C94B093182BB – System32 Tasks Microsoft Office Office Feature Updates => C: Program Files Microsoft Office root Office16 sdxhelper.exe [147272 2021-06-12] (Microsoft Corporation -> Microsoft Corporation) Tâche : E8B59FCF-6C9E-4D51-995C-2BF5F9DFC0E0 – System32 Tasks Lenovo Vantage Schedule VantageTelemetryAddinTask => C: Program Files (x86) Lenovo VantageService 3.6.15.0 Schedule Tâche : EDE9BF48-B14C-4338-BDC9-F9C96FA5E73A – System32 Tasks Lenovo ImController Lenovo iM Controller Scheduled Maintenance => "% windir% system32 sc.exe" DÉMARRER ImControllerService Tâche : F74EB83B-ED68-467D-9EA3-24C05309FFA2 – System32 Tasks Lenovo ImController Lenovo iM Controller Monitor => C: WINDOWS system32 ImController.InfInstaller.exe [62392 2021-03-14] (Lenovo -> Lenovo Group Ltd.)
(Si une entrée est incluse dans la liste des correctifs, le fichier de tâche (.job) est déplacé. Le fichier exécuté par la tâche n'est pas déplacé.)
===================== Internet (approuvé) ====================
(Si un élément est inclus dans la liste de correctifs, il sera supprimé ou restauré à la valeur par défaut s'il s'agit d'un élément de registre.)
Tcpip Paramètres : [DhcpNameServer] 192.168.50.1 Tcpip..Interfacecf7f8ba5-4198-4503-9a29-4d55a6560ba7 : [DhcpNameServer] 192.168.50.1
Bord: ======= Extension Edge : (sans nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C: windows SystemApps Microsoft.MicrosoftEdge_8wekyb3d8bbwe Assets HostExtensions AutoFormFill [not found] Extension Edge : (Sans nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C: windows SystemApps Microsoft.MicrosoftEdge_8wekyb3d8bbwe Assets BookViewer [not found] Extension Edge : (sans nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C: windows SystemApps Microsoft.MicrosoftEdge_8wekyb3d8bbwe Assets HostExtensions LearningTools [not found] Extension Edge : (Sans nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C: windows SystemApps Microsoft.MicrosoftEdge_8wekyb3d8bbwe Assets HostExtensions PinJSAPI [not found] Profil par défaut Edge : par défaut Profil Edge : C: Users Dad AppData Local Microsoft Edge User Data Default [2021-06-17] Alertes Edge : Par défaut -> hxxps : //voice.google.com
FireFox : ======== Plugin FF : @ java.com/DTPlugin, version = 11.261.2 -> C:Program FilesJavajre1.8.0_261bindtpluginnpDeployJava1.dll [2020-08-07] (Oracle America, Inc. -> Oracle Corporation) FF-plugin : @ java.com/JavaPlugin, version = 11.261.2 -> C:Program FilesJavajre1.8.0_261binplugin2npjp2.dll [2020-08-07] (Oracle America, Inc. -> Oracle Corporation) Plugin FF : @microsoft.com/SharePoint, version=14.0 -> C:Program FilesMicrosoft OfficerootOffice16NPSPWRAP.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation) Plugin FF-x32 : @ microsoft.com/SharePoint, version = 14.0 -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16NPSPWRAP.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
Chrome: ======= Profil par défaut du CHR : par défaut Profil CHR : C: Users Dad AppData Local Google Chrome User Data Default [2021-06-17] Alertes CHR : Par défaut -> hxxps : //drive.google.com CHR StartupUrls : Par défaut -> "hxxp : //www.google.com/ig", "hxxp : //www.google.com/" Extension CHR : (diapositives) – C: Users Dad AppData Local Google Chrome User Data Default Extensions aapocclcgogkmnckokdopfmhonfmgoek [2020-09-30] Extension CHR : (Adblocker pour Chrome – NoAds) – C: Users daddy AppData Local Google Chrome User Data Standard Extensions alplpnakfeabeiebipdmaenpmbgknjce [2020-09-30] Extension CHR : (Docs) – C: Users daddy AppData Local Google Chrome User Data Standard Extensions aohghmighlieiainnegkcijnfilokake [2020-09-30] Extension CHR : (Google Drive) – C: Users Dad AppData Local Google Chrome User Data Default Extensions apdfllckaahabafndbhieahigkjlhalf [2020-11-19] Extension CHR : (YouTube) – C: Users daddy AppData Local Google Chrome User Data Standard Extensions blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-09-30] Extension CHR : (Google Play Music) – C: Users daddy AppData Local Google Chrome User Data Standard Extensions fahmaaghhglfmonjliepjlchgpgfmobi [2020-12-10] Extension CHR : (Feuille) – C: Users Dad AppData Local Google Chrome User Data Default Extensions felcaaldnbdncclmgdcncolpebgiejap [2020-09-30] Extension CHR : (Postman) – C: Users daddy AppData Local Google Chrome User Data Standard Extensions fhbjgbiflinjbdggehcddcbncdddomop [2020-09-30] Extension CHR : (React Developer Tools) – C: Users daddy AppData Local Google Chrome User Data Default Extensions fmkadmapgofadopljbjfkapdkoienihi [2021-06-09] Extension CHR : (FantasyPros : Gagnez votre Fantasy League) – C: Users daddy AppData Local Google Chrome User Data Standard Extensions gfbepnlhpkbgbkcebjnfhgjckibfdfkc [2021-06-09] Extension CHR : (Google Docs offline) – C: Users daddy AppData Local Google Chrome User Data Standard Extensions ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-25] Extension CHR : (AdBlock – meilleur bloqueur de publicités) – C: Users daddy AppData Local Google Chrome User Data Standard Extensions gighmmpiobklfepjocnamgkkbiglidom [2021-06-09] Extension CHR : (Extension Cisco Webex) – C: Users papa AppData Local Google Chrome User Data Default Extensions jlhmfgmfgeifomenelglieieghnjghma [2021-06-10] Extension CHR : (Loom for Chrome) – C: Users daddy AppData Local Google Chrome User Data Standard Extensions liecbddmkiiihnedobmlmillhodjkdmb [2021-06-17] Extension CHR : (Vue.js devtools) – C: Users daddy AppData Local Google Chrome User Data Standard Extensions nhdogjmejiglipccpnnnanhbledajbpd [2021-02-03] Extension CHR : (Chrome Web Store Payments) – C: Users daddy AppData Local Google Chrome User Data Standard Extensions nmmhkkegccagdldgiimedpiccmgmieda [2021-02-03] Extension CHR : (Lecteur EPUB simple) – C:UsersdaddyAppDataLocalGoogleChromeUser DataStandardExtensionsojhbgcchcbdjdenibfmjofobklkkhofc [2020-09-30] Extension CHR : (Gmail) – C: Users daddy AppData Local Google Chrome User Data Standard Extensions pjkljhegncpnkpknbcohdijeoejaedia [2020-11-18] Extension CHR : (Chrome Media Router) – C: Users daddy AppData Local Google Chrome User Data Standard Extensions pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-09] Profil CHR : C: Users Dad AppData Local Google Chrome User Data Guest Profile [2021-06-17] Profil CHR : C: Users Dad AppData Local Google Chrome User Data Profile 1 [2021-06-03] CHR StartupUrls : Profil 1 -> "hxxp : //www.google.com/ig", "hxxp : //www.google.com/" URL de recherche par défaut du CHR : Profil 1 -> hxxps : //duckduckgo.com/? Q = termes de recherche Mots-clés de recherche par défaut du CHR : Profil 1 -> duckduckgo.com CHR DefaultNewTabURL : Profil 1 -> hxxps : //duckduckgo.com/chrome_newtab URL de suggestion par défaut du CHR : Profil 1 -> hxxps : //duckduckgo.com/ac/? Q = searchTerms & type = liste Extension CHR : (Diapositives) – C: Users Dad AppData Local Google Chrome User Data Profile 1 Extensions aapocclcgogkmnckokdopfmhonfmgoek [2021-03-25] Extension CHR : (Docs) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions aohghmighlieiainnegkcijnfilokake [2021-03-25] Extension CHR : (Google Drive) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions apdfllckaahabafndbhieahigkjlhalf [2021-03-25] Extension CHR : (DuckDuckGo) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions bkdgflcldnnnapblkhphbgpggdiikppg [2021-05-21] Extension CHR : (YouTube) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-03-25] Extension CHR : (Google Chromecast Video Stream) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions cnciopoikihiagdjbjpnocolokfelagl [2021-03-25] Extension CHR : (Google Play Music) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions fahmaaghhglfmonjliepjlchgpgfmobi [2021-03-25] Extension CHR : (Feuille) – C: Users Dad AppData Local Google Chrome User Data Profile 1 Extensions felcaaldnbdncclmgdcncolpebgiejap [2021-03-25] Extension CHR : (Readium) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions fepbnnnkkadjhjahcafoaglimekefifl [2021-03-25] Extension CHR : (Postman) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions fhbjgbiflinjbdggehcddcbncdddomop [2021-03-25] Extension CHR : (React Developer Tools) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions fmkadmapgofadopljbjfkapdkoienihi [2021-06-03] Extension CHR : (FantasyPros : Gagnez votre Fantasy League) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions gfbepnlhpkbgbkcebjnfhgjckibfdfkc [2021-06-03] Extension CHR : (Google Docs offline) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-21] Extension CHR : (AdBlock – meilleur bloqueur de publicités) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions gighmmpiobklfepjocnamgkkbiglidom [2021-05-21] Extension CHR : (Extension Cisco Webex) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions jlhmfgmfgeifomenelglieieghnjghma [2021-03-25] Extension CHR : (Tag Assistant Legacy (par Google)) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions kejbdjndbnbjgmefkgdddjlbokphdefk [2021-03-25] Extension CHR : (Loom for Chrome) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions liecbddmkiiihnedobmlmillhodjkdmb [2021-06-03] Extension CHR : (Virtru Email Protection) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions nemmanchfojaehgkbgcfmdiidbopakpp [2021-06-03] Extension CHR : (Vue.js devtools) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions nhdogjmejiglipccpnnnanhbledajbpd [2021-03-25] Extension CHR : (Chrome Web Store Payments) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions nmmhkkegccagdldgiimedpiccmgmieda [2021-03-25] Extension CHR : (Lecteur EPUB simple) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions ojhbgcchcbdjdenibfmjofobklkkhofc [2021-03-25] Extension CHR : (Gmail) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions pjkljhegncpnkpknbcohdijeoejaedia [2021-03-25] Extension CHR : (Chrome Media Router) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-05-21] Profil CHR : C: Users Dad AppData Local Google Chrome User Data Profile 2 [2021-06-10] CHR StartupUrls : Profil 2 -> "hxxp : //www.google.com/ig", "hxxp : //www.google.com/" Extension CHR : (Diapositives) – C: Users Dad AppData Local Google Chrome User Data Profile 2 Extensions aapocclcgogkmnckokdopfmhonfmgoek [2021-03-25] Extension CHR : (Docs) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions aohghmighlieiainnegkcijnfilokake [2021-03-25] Extension CHR : (Google Drive) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions apdfllckaahabafndbhieahigkjlhalf [2021-03-25] Extension CHR : (YouTube) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-03-25] Extension CHR : (Google Play Music) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions fahmaaghhglfmonjliepjlchgpgfmobi [2021-03-25] Extension CHR : (Feuille) – C: Users Dad AppData Local Google Chrome User Data Profile 2 Extensions felcaaldnbdncclmgdcncolpebgiejap [2021-03-25] Extension CHR : (Mailbox) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions fhbjgbiflinjbdggehcddcbncdddomop [2021-03-25] Extension CHR : (React Developer Tools) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions fmkadmapgofadopljbjfkapdkoienihi [2021-06-09] Extension CHR : (FantasyPros : Gagnez votre Fantasy League) – C: Users Dad AppData Local Google Chrome User Data Profile 2 Extensions gfbepnlhpkbgbkcebjnfhgjckibfdfkc [2021-06-09] Extension CHR : (Google Docs offline) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-25] Extension CHR : (AdBlock – meilleur bloqueur de publicités) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions gighmmpiobklfepjocnamgkkbiglidom [2021-06-09] Extension CHR : (Extension Cisco Webex) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions jlhmfgmfgeifomenelglieieghnjghma [2021-06-10] Extension CHR : (Loom for Chrome) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions liecbddmkiiihnedobmlmillhodjkdmb [2021-06-09] Extension CHR : (Vue.js devtools) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions nhdogjmejiglipccpnnnanhbledajbpd [2021-03-25] Extension CHR : (Chrome Web Store Payments) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions nmmhkkegccagdldgiimedpiccmgmieda [2021-03-25] Extension CHR : (Simple EPUB Reader) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions ojhbgcchcbdjdenibfmjofobklkkhofc [2021-03-25] Extension CHR : (Gmail) – C: Users Dad AppData Local Google Chrome User Data Profile 2 Extensions pjkljhegncpnkpknbcohdijeoejaedia [2021-03-25] Extension CHR : (Chrome Media Router) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-10] Profil CHR : C: Users papa AppData Local Google Chrome User Data System Profile [2021-06-17]
====================== Services (approuvés) ====================
(Si une entrée est incluse dans la liste des correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé à moins qu'il ne soit répertorié séparément.)
R2 AzureAttestService ; C:Program FilesMicrosoftAzureAttestServiceAzureAttestService.dll [151288 2019-07-24] (Microsoft Windows -> Microsoft Corporation) R2 ClickToRunSvc ; C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeClickToRun.exe [11279752 2021-06-03] (Microsoft Corporation -> Microsoft Corporation) Service de mise à jour CWA R2 ; C:Program Files (x86)CitrixClient ICARécepteurUpdaterService.exe [51816 2021-06-16] (Citrix Systems, Inc. -> Citrix Systems, Inc.) R2 ImControllerService ; C: WINDOWS Lenovo ImController Service Lenovo.Modern.ImController.exe [81824 2021-03-14] (Lenovo -> Lenovo Group Ltd.) Service LenovoVantage R2 ; C: Program Files (x86) Lenovo VantageService 3.7.19.0 LenovoVantageService.exe [28576 2021-05-17] (Lenovo -> Lenovo Group Ltd.) R2 MBAMService; C: Program Files Malwarebytes Anti-Malware MBAMService.exe [7391408 2021-06-03] (Malwarebytes Inc -> Malwarebytes) R2 MSSQLSERVER ; C:Program FilesMicrosoft SQL ServerMSSQL15.MSSQLSERVERMSSQLBinnsqlservr.exe [626280 2019-09-24] (Microsoft Corporation -> Microsoft Corporation) Sens S3 ; C: Program Files Windows Defender Advanced Threat Protection MsSense.exe [5393304 2021-06-08] (Éditeur Microsoft Windows -> Microsoft Corporation) S3 SQLSERVERAGENT; C:Program FilesMicrosoft SQL ServerMSSQL15.MSSQLSERVERMSSQLBinnSQLAGENT.EXE [695912 2019-09-24] (Microsoft Corporation -> Microsoft Corporation) R2 SQLTÉLÉMÉTRIE ; C:Program FilesMicrosoft SQL ServerMSSQL15.MSSQLSERVERMSSQLBinnsqlceip.exe [290648 2019-09-24] (Microsoft Corporation -> Microsoft Corporation) S3 VSStandardCollectorService150 ; C:Program Files (x86)Microsoft Visual StudioSharedCommonDiagnosticsHub.Collection.ServiceStandardCollector.Service.exe [147392 2019-04-30] (Microsoft Corporation -> Microsoft Corporation) S3 WdNisSvc; C: ProgramData Microsoft Windows Defender Platform 4.18.2104.14-0 NisSrv.exe [2599328 2021-05-15] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C: ProgramData Microsoft Windows Defender Platform 4.18.2104.14-0 MsMpEng.exe [128376 2021-05-15] (Microsoft Windows Publisher -> Microsoft Corporation)
====================== Drivere (godkjent) ====================
(Hvis en oppføring er inkludert i fikslisten, vil den bli fjernet fra registeret. Filen blir ikke flyttet med mindre den er oppført separat.)
R2 ctxusbm; C: WINDOWS system32 DRIVERS ctxusbmon.sys [135160 2021-04-20] (Citrix Systems, Inc. -> Citrix Systems, Inc.) R1 ESProtectionDriver; C: WINDOWS system32 drivers mbae64.sys [199128 2021-04-22] (Malwarebytes Inc -> Malwarebytes) R2 MBAMChameleon; C: WINDOWS System32 Drivers MbamChameleon.sys [220752 2021-06-03] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C: WINDOWS System32 DRIVERS MbamElam.sys [19912 2020-12-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C: WINDOWS System32 DRIVERS farflt.sys [198888 2021-06-16] (Malwarebytes Inc -> Malwarebytes) R3 MBAMBeskyttelse; C: WINDOWS system32 DRIVERS mbam.sys [77496 2021-06-16] (Malwarebytes Inc -> Malwarebytes) R3 MBAMSwissArmy; C: WINDOWS System32 Drivers mbamswissarmy.sys [248992 2021-06-02] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C: WINDOWS system32 DRIVERS mwac.sys [156880 2021-06-16] (Malwarebytes Inc -> Malwarebytes) S4 RsFx0600; C: WINDOWS System32 DRIVERS RsFx0600.sys [286976 2019-09-24] (Microsoft Corporation -> Microsoft Corporation) R1 vbdenum; C: WINDOWS System32 drivers vbdenum.sys [119432 2020-04-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.) S3 WdBoot; C: WINDOWS system32 drivers wd WdBoot.sys [49560 2021-05-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C: WINDOWS system32 drivers wd WdFilter.sys [421112 2021-05-15] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C: WINDOWS System32 drivers wd WdNisDrv.sys [73960 2021-05-15] (Microsoft Windows -> Microsoft Corporation) R3 WiMan; C: WINDOWS System32 DriverStore FileRepository wiman.inf_amd64_98b999a70a116eaa WiMan WiMan.sys [163824 2020-04-13] (Intel® trådløse tilkoblingsløsninger ->)
==================== NetSvcs (godkjent) =====================
(Hvis en oppføring er inkludert i fikslisten, vil den bli fjernet fra registeret. Filen blir ikke flyttet med mindre den er oppført separat.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-06-17 17:10 – 2021-06-17 17:11 – 000029449 _____ C:UsersdaddyDownloadsFRST.txt 2021-06-17 17:10 – 2021-06-17 17:11 – 000000000 ____D C:FRST 2021-06-17 17:07 – 2021-06-17 17:07 – 002300416 _____ (Farbar) C:UsersdaddyDownloadsFRST64.exe 2021-06-17 16:44 – 2021-06-17 16:44 – 000000852 _____ C:Usersdaddy.bash_history 2021-06-17 16:35 – 2021-06-17 16:35 – 000000000 ____D C:UsersdaddyAppDataLocalLowIGDump 2021-06-17 16:22 – 2021-06-17 16:22 – 000000020 _____ C:Usersdaddy.lesshst 2021-06-17 09:19 – 2021-06-17 09:19 – 000002727 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsRemote Desktop Connection 2019.lnk 2021-06-17 09:19 – 2021-06-17 09:19 – 000002727 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsRemote Desktop Connection 2016.lnk 2021-06-17 09:19 – 2021-06-17 09:19 – 000002713 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsMicrosoft Teams for Web.lnk 2021-06-17 09:19 – 2021-06-17 09:19 – 000002711 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsMF Cobol File Explorer.lnk 2021-06-17 09:19 – 2021-06-17 09:19 – 000002705 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuPrograms2016 File Explorer.lnk 2021-06-17 09:19 – 2021-06-17 09:19 – 000002703 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsSecurity Central.lnk 2021-06-17 09:19 – 2021-06-17 09:19 – 000002703 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsOutlook Web Access.lnk 2021-06-17 09:19 – 2021-06-17 09:19 – 000002703 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsAcrobat Reader DC.lnk 2021-06-17 09:19 – 2021-06-17 09:19 – 000002699 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsHR Connect Time.lnk 2021-06-17 09:19 – 2021-06-17 09:19 – 000002691 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsRemedyforce.lnk 2021-06-17 09:19 – 2021-06-17 09:19 – 000002689 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk 2021-06-17 09:19 – 2021-06-17 09:19 – 000002681 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsOneNote.lnk 2021-06-17 09:19 – 2021-06-17 09:19 – 000002671 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsPowerPoint.lnk 2021-06-17 09:19 – 2021-06-17 09:19 – 000002667 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsPublisher.lnk 2021-06-17 09:19 – 2021-06-17 09:19 – 000002659 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsOutlook (1).lnk 2021-06-17 09:19 – 2021-06-17 09:19 – 000002651 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsExcel.lnk 2021-06-17 09:19 – 2021-06-17 09:19 – 000002647 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsWord.lnk 2021-06-17 09:19 – 2021-06-17 09:19 – 000000000 ____D C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsEmail 2021-06-17 09:15 – 2021-06-17 09:15 – 000002541 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsCitrix Workspace.lnk 2021-06-17 09:15 – 2021-06-17 09:15 – 000000000 ____D C:ProgramDataCitrix 2021-06-17 09:15 – 2021-06-17 09:15 – 000000000 ____D C:ProgramDataboost_interprocess 2021-06-17 09:13 – 2021-06-17 09:13 – 152107624 _____ (Citrix Systems, Inc.) C:UsersdaddyDownloadsCitrixWorkspaceApp (1).exe 2021-06-17 09:12 – 2021-06-17 09:21 – 000000000 ____D C:ProgramDatabomgar-scc-0x60cb4a45 2021-06-17 09:12 – 2021-06-17 09:12 – 000000000 ____D C:UsersdaddyAppDataLocalDeployment 2021-06-17 09:12 – 2021-06-17 09:12 – 000000000 ____D C:UsersdaddyAppDataLocalApps2.0 2021-06-16 20:37 – 2021-06-16 20:37 – 000198888 _____ (Malwarebytes) C:WINDOWSsystem32Driversfarflt.sys 2021-06-16 20:37 – 2021-06-16 20:37 – 000156880 _____ (Malwarebytes) C:WINDOWSsystem32Driversmwac.sys 2021-06-16 20:37 – 2021-06-16 20:37 – 000077496 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbam.sys 2021-06-15 20:26 – 2021-06-15 20:26 – 002699372 _____ C:WINDOWSMinidump61521-8109-01.dmp 2021-06-12 23:30 – 2021-06-12 23:30 – 002469564 _____ C:WINDOWSMinidump61221-7046-01.dmp 2021-06-12 21:16 – 2021-06-12 21:16 – 002730700 _____ C:WINDOWSMinidump61221-7187-02.dmp 2021-06-12 20:02 – 2021-06-12 20:02 – 002536164 _____ C:WINDOWSMinidump61221-7187-01.dmp 2021-06-12 16:57 – 2021-06-12 16:57 – 002468524 _____ C:WINDOWSMinidump61221-7156-01.dmp 2021-06-11 08:52 – 2021-06-14 10:44 – 000000000 ____D C:UsersdaddyAppDataRoamingnpm-cache 2021-06-11 05:52 – 2021-06-11 05:52 – 002756608 _____ C:UsersdaddyDownloadspixusArchive.bak 2021-06-11 03:40 – 2021-06-11 03:40 – 000000000 ____D C:Usersdaddy.librarymanager 2021-06-11 03:11 – 2021-06-11 03:11 – 000000000 ____D C:UsersdaddyDownloadsComponentArt 2021-06-11 03:10 – 2021-06-11 03:10 – 099987155 _____ C:UsersdaddyDownloadsComponentArt.zip 2021-06-11 02:56 – 2021-06-15 20:26 – 1054587914 _____ C:WINDOWSMEMORY.DMP 2021-06-11 02:56 – 2021-06-15 20:26 – 000000000 ____D C:WINDOWSMinidump 2021-06-10 10:02 – 2021-06-10 10:03 – 359271624 _____ C:UsersdaddyDownloadsCRforVS13SP25_0-10010309.EXE 2021-06-10 09:55 – 2021-06-10 09:55 – 000000000 ____D C:inetpub 2021-06-10 09:50 – 2021-06-10 09:53 – 103895040 _____ C:UsersdaddyDownloadsCR13SP25MSI64_0-10010309.MSI 2021-06-10 09:45 – 2021-06-10 09:45 – 000000000 ____D C:ProgramDataMacrovision 2021-06-10 09:45 – 2021-06-10 09:45 – 000000000 ____D C:ProgramDataFLEXnet 2021-06-10 09:44 – 2021-06-10 09:44 – 000000000 ____D C:WINDOWSsystem32appmgmt 2021-06-10 09:29 – 2021-06-10 09:29 – 000000000 ____D C:UsersdaddyAppDataLocalLowTemp 2021-06-10 09:21 – 2021-06-10 09:21 – 000000056 _____ C:Usersdaddy.gitconfig 2021-06-10 09:09 – 2021-06-10 09:11 – 2996994048 _____ C:UsersdaddyDownloadspixus_mock.bak 2021-06-10 09:09 – 2021-06-10 09:09 – 044163072 _____ C:UsersdaddyDownloadspixuscontact_mock.bak 2021-06-10 09:02 – 2021-06-11 03:14 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsComponentArt 2021-06-10 09:02 – 2021-06-11 03:14 – 000000000 ____D C:Program Files (x86)ComponentArt 2021-06-10 09:01 – 2021-06-10 09:01 – 000000000 ____D C:UsersdaddyDownloadsDisk1 2021-06-10 08:42 – 2021-06-10 10:05 – 000000000 ____D C:Program Files (x86)SAP BusinessObjects 2021-06-10 08:35 – 2021-06-10 08:57 – 095855968 _____ C:UsersdaddyDownloads0049561.exe 2021-06-10 08:19 – 2021-06-10 08:19 – 000000000 ____D C:UsersdaddyAppDataLocalNuGet 2021-06-10 08:19 – 2021-06-10 08:19 – 000000000 ____D C:Usersdaddy.nuget 2021-06-10 08:13 – 2021-06-10 08:13 – 000000000 ____D C:UsersdaddyAppDataLocalToolbox Reseter 2021-06-10 08:13 – 2021-06-10 08:13 – 000000000 ____D C:UsersdaddyAppDataLocalDevExpress 2021-06-10 08:12 – 2021-06-11 09:16 – 000000000 ____D C:UsersdaddyDocumentsSQL Server Management Studio 2021-06-10 08:11 – 2021-06-10 08:11 – 000000000 ____D C:UsersdaddyDocumentsASP.NET AJAX Control Toolkit 2021-06-10 08:09 – 2021-06-10 08:09 – 000000000 ___RD C:ProgramDataMicrosoftWindowsStart MenuProgramsDevExpress 20.2 2021-06-10 08:08 – 2021-06-10 08:18 – 000000000 ____D C:UsersdaddyAppDataRoamingDevExpress 2021-06-10 08:08 – 2021-06-10 08:08 – 000000000 ____D C:ProgramDataDevExpress 2021-06-10 08:07 – 2021-06-10 08:08 – 000000000 ____D C:UsersPublicDocumentsDevExpress Demos 20.2 2021-06-10 08:07 – 2021-06-10 08:08 – 000000000 ____D C:ProgramDataDocumentsDevExpress Demos 20.2 2021-06-10 08:07 – 2021-06-10 08:07 – 000000000 ____D C:Program Files (x86)DevExpress 20.2 2021-06-10 07:48 – 2021-06-10 07:48 – 000002422 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsDevExpress Documentation for VS 2017 and 2019.lnk 2021-06-10 07:40 – 2021-06-10 07:40 – 000000000 ____D C:Program Files (x86)DevExpress 2021-06-10 07:39 – 2021-06-10 07:39 – 000000000 ____D C:UsersdaddyDownloadsOneDrive_1_6-9-2021 2021-06-10 07:39 – 2021-06-10 07:39 – 000000000 ____D C:UsersdaddyDownloadsDevExpress 2021-06-09 15:38 – 2021-06-09 15:38 – 000000000 ____D C:UsersdaddyAppDataRoamingNuGet 2021-06-09 15:37 – 2021-06-09 15:45 – 686894260 _____ C:UsersdaddyDownloadsOneDrive_1_6-9-2021.zip 2021-06-09 14:00 – 2021-06-09 14:01 – 1289095444 _____ C:UsersdaddyDownloadsDevExpress.zip 2021-06-09 13:24 – 2021-01-19 12:48 – 000002492 _____ C:UsersdaddyDesktopOhio Capital Corporation MFA.rdp 2021-06-09 11:24 – 2021-06-11 09:19 – 000000000 ____D C:UsersdaddyDocumentsVisual Studio 2019 2021-06-09 11:24 – 2021-06-09 11:24 – 000000000 ____D C:UsersdaddyAppDataLocalServiceHub 2021-06-09 11:24 – 2021-06-09 11:24 – 000000000 ____D C:UsersdaddyAppDataLocalIdentityNexusIntegration 2021-06-09 11:13 – 2021-06-09 11:13 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsGit 2021-06-09 11:13 – 2021-06-09 11:13 – 000000000 ____D C:Program FilesGit 2021-06-09 11:11 – 2021-06-09 11:11 – 051179176 _____ (The Git Development Community ) C:UsersdaddyDownloadsGit-2.32.0-64-bit.exe 2021-06-09 11:10 – 2021-06-09 15:37 – 000000000 ____D C:Usersdaddysource 2021-06-09 11:01 – 2021-06-10 09:18 – 000000000 ____D C:UsersdaddyDocumentsVisual Studio 2017 2021-06-09 11:01 – 2021-06-09 11:01 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft SQL Server Tools 18 2021-06-09 11:01 – 2021-06-09 11:01 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsAzure Data Studio 2021-06-09 11:01 – 2021-06-09 11:01 – 000000000 ____D C:Program FilesAzure Data Studio 2021-06-09 11:00 – 2021-06-15 11:57 – 000000000 ____D C:UsersdaddyAppDataLocal.IdentityService 2021-06-09 11:00 – 2021-06-09 11:00 – 000001799 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsBlend for Visual Studio 2019.lnk 2021-06-09 11:00 – 2021-06-09 11:00 – 000000000 ____D C:Program FilesMicrosoft Analysis Services 2021-06-09 11:00 – 2021-06-09 11:00 – 000000000 ____D C:Program Files (x86)Microsoft SQL Server Management Studio 18 2021-06-09 11:00 – 2021-06-09 11:00 – 000000000 ____D C:Program Files (x86)Microsoft Help Viewer 2021-06-09 11:00 – 2021-06-09 11:00 – 000000000 ____D C:Program Files (x86)Microsoft Analysis Services 2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSSysWOW643082 2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSSysWOW642052 2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSSysWOW641055 2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSSysWOW641049 2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSSysWOW641046 2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSSysWOW641045 2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSSysWOW641042 2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSSysWOW641041 2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSSysWOW641040 2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSSysWOW641036 2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSSysWOW641031 2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSSysWOW641029 2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSSysWOW641028 2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSsystem323082 2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSsystem322052 2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSsystem321055 2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSsystem321049 2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSsystem321046 2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSsystem321045 2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSsystem321042 2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSsystem321041 2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSsystem321040 2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSsystem321036 2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSsystem321031 2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSsystem321029 2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSsystem321028 2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Azure 2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:ProgramDatadftmp 2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:Program FilesVS2012Schemas 2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:Program FilesVS2010Schemas 2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:Program FilesMicrosoft SDKs 2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:Program FilesIIS 2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:Program Files (x86)IIS 2021-06-09 10:57 – 2021-06-09 10:57 – 000000000 ____D C:UsersdaddyDocumentsMy Web Sites 2021-06-09 10:57 – 2021-06-09 10:57 – 000000000 ____D C:UsersdaddyDocumentsIISExpress 2021-06-09 10:57 – 2021-06-09 10:57 – 000000000 ____D C:Program FilesIIS Express 2021-06-09 10:57 – 2021-06-09 10:57 – 000000000 ____D C:Program Files (x86)Microsoft Web Tools 2021-06-09 10:57 – 2021-06-09 10:57 – 000000000 ____D C:Program Files (x86)IIS Express 2021-06-09 10:56 – 2021-06-09 10:56 – 000000000 ____D C:WINDOWSsystem32RsFx 2021-06-09 10:56 – 2021-06-09 10:56 – 000000000 ____D C:Program FilesMicrosoft Visual Studio 10.0 2021-06-09 10:56 – 2021-06-09 10:56 – 000000000 ____D C:Program Files (x86)NuGet 2021-06-09 10:55 – 2021-06-09 10:58 – 000000000 ____D C:Program Files (x86)Microsoft SDKs 2021-06-09 10:55 – 2021-06-09 10:56 – 000000000 ____D C:Program Files (x86)Windows Kits 2021-06-09 10:55 – 2021-06-09 10:55 – 000000000 ____D C:Usersdaddy.dotnet 2021-06-09 10:55 – 2021-06-09 10:55 – 000000000 ____D C:Program Files (x86)Reference Assemblies 2021-06-09 10:54 – 2021-06-09 11:00 – 000000000 ____D C:WINDOWSSysWOW641033 2021-06-09 10:54 – 2021-06-09 11:00 – 000000000 ____D C:WINDOWSsystem321033 2021-06-09 10:54 – 2021-06-09 11:00 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsVisual Studio 2019 2021-06-09 10:54 – 2021-06-09 10:55 – 000000000 ____D C:Program Filesdotnet 2021-06-09 10:54 – 2021-06-09 10:55 – 000000000 ____D C:Program Files (x86)dotnet 2021-06-09 10:54 – 2021-06-09 10:54 – 000001798 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsVisual Studio 2019.lnk 2021-06-09 10:54 – 2021-06-09 10:54 – 000000000 ____D C:Program Files (x86)MSBuild 2021-06-09 10:53 – 2021-06-09 10:57 – 000000000 ____D C:Program Files (x86)Microsoft SQL Server 2021-06-09 10:53 – 2021-06-09 10:56 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft SQL Server 2019 2021-06-09 10:52 – 2021-06-09 10:53 – 000000000 ____D C:SQL2019 2021-06-09 10:52 – 2021-06-09 10:53 – 000000000 ____D C:Program Files (x86)Microsoft Visual Studio 2021-06-09 10:52 – 2021-06-09 10:52 – 000001432 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsVisual Studio Installer.lnk 2021-06-09 10:52 – 2021-06-09 10:52 – 000000000 ____D C:UsersdaddyAppDataRoamingVisual Studio Setup 2021-06-09 10:51 – 2021-06-09 10:57 – 000000000 ____D C:Program FilesMicrosoft SQL Server 2021-06-09 10:50 – 2021-06-09 10:50 – 000000000 ____D C:ProgramDataMicrosoft Visual Studio 2021-06-08 17:18 – 2021-06-08 17:18 – 002755584 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mshtml.tlb 2021-06-08 17:18 – 2021-06-08 17:18 – 002755584 _____ (Microsoft Corporation) C:WINDOWSsystem32mshtml.tlb 2021-06-08 17:18 – 2021-06-08 17:18 – 002260480 _____ (The ICU Project) C:WINDOWSsystem32icu.dll 2021-06-08 17:18 – 2021-06-08 17:18 – 001864192 _____ (The ICU Project) C:WINDOWSSysWOW64icu.dll 2021-06-08 17:18 – 2021-06-08 17:18 – 001823792 _____ (Microsoft Corporation) C:WINDOWSsystem32winload.efi 2021-06-08 17:18 – 2021-06-08 17:18 – 001393496 _____ (Microsoft Corporation) C:WINDOWSsystem32winresume.efi 2021-06-08 17:18 – 2021-06-08 17:18 – 001314120 _____ (Microsoft Corporation) C:WINDOWSsystem32SecConfig.efi 2021-06-08 17:18 – 2021-06-08 17:18 – 000657464 _____ C:WINDOWSsystem32WindowManagementAPI.dll 2021-06-08 17:18 – 2021-06-08 17:18 – 000568832 _____ (Microsoft Corporation) C:WINDOWSsystem32inetcpl.cpl 2021-06-08 17:18 – 2021-06-08 17:18 – 000563712 _____ (Microsoft Corporation) C:WINDOWSsystem32winspool.drv 2021-06-08 17:18 – 2021-06-08 17:18 – 000468440 _____ C:WINDOWSSysWOW64WindowManagementAPI.dll 2021-06-08 17:18 – 2021-06-08 17:18 – 000451072 _____ (Microsoft Corporation) C:WINDOWSSysWOW64inetcpl.cpl 2021-06-08 17:18 – 2021-06-08 17:18 – 000423936 _____ (Microsoft Corporation) C:WINDOWSSysWOW64winspool.drv 2021-06-08 17:18 – 2021-06-08 17:18 – 000287232 _____ C:WINDOWSsystem32CoreMas.dll 2021-06-08 17:18 – 2021-06-08 17:18 – 000272384 _____ C:WINDOWSsystem32TpmTool.exe 2021-06-08 17:18 – 2021-06-08 17:18 – 000223744 _____ C:WINDOWSSysWOW64TpmTool.exe 2021-06-08 17:18 – 2021-06-08 17:18 – 000097280 _____ C:WINDOWSsystem32Driverscimfs.sys 2021-06-08 17:18 – 2021-06-08 17:18 – 000011353 _____ C:WINDOWSsystem32DrtmAuthTxt.wim 2021-06-03 15:27 – 2021-06-03 15:27 – 000000000 ____H C:WINDOWSsystem32DriversMsft_User_WpdFs_01_11_00.Wdf 2021-06-03 13:32 – 2021-06-03 13:32 – 000220752 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamChameleon.sys 2021-06-03 12:43 – 2021-06-03 12:43 – 000002707 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsRemote Desktop Connection.lnk 2021-06-03 12:43 – 2021-06-03 12:43 – 000002693 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsInternet Explorer.lnk 2021-06-03 12:43 – 2021-06-03 12:43 – 000002675 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsExplorer++.lnk 2021-06-03 12:43 – 2021-06-03 12:43 – 000002647 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsOutlook.lnk 2021-06-03 12:43 – 2021-06-03 12:43 – 000002641 _____ C:UsersdaddyDesktopExplorer++.lnk 2021-06-03 12:43 – 2021-06-03 12:43 – 000000000 ____D C:UsersdaddyAppDataRoamingCitrix 2021-06-03 12:39 – 2021-06-03 12:39 – 000000634 _____ C:UsersdaddyDownloadsreceiverconfig.cr 2021-06-03 12:37 – 2021-06-17 15:48 – 000000000 ____D C:UsersdaddyAppDataLocalCitrix 2021-06-03 12:37 – 2021-06-03 12:48 – 000000000 ____D C:UsersdaddyAppDataRoamingICAClient 2021-06-03 12:36 – 2021-06-17 09:15 – 000000000 ____D C:Program Files (x86)Citrix 2021-06-03 12:36 – 2021-06-03 12:36 – 149436000 _____ (Citrix Systems, Inc.) C:UsersdaddyDownloadsCitrixWorkspaceApp.exe 2021-06-03 12:26 – 2021-06-03 12:58 – 000000000 ____D C:Program Files (x86)ZohoMeeting 2021-06-03 12:26 – 2021-06-03 12:26 – 001063048 _____ (ZOHO Corporation) C:UsersdaddyDownloadsZA_Connect.exe 2021-06-03 12:26 – 2021-06-03 12:26 – 000000000 ____D C:UsersdaddyAppDataLocalZohoMeeting 2021-06-03 12:26 – 2021-06-03 12:26 – 000000000 ____D C:ProgramDataZohoMeeting 2021-06-03 12:14 – 2021-06-03 12:14 – 043462544 _____ (Citrix Systems, Inc.) C:UsersdaddyDownloadsCitrixReceiverWeb (2).exe 2021-06-03 12:11 – 2021-06-03 12:11 – 043462544 _____ (Citrix Systems, Inc.) C:UsersdaddyDownloadsCitrixReceiverWeb (1).exe 2021-06-01 09:43 – 2021-06-01 09:43 – 000000000 ___HD C:OneDriveTemp 2021-05-20 12:52 – 2021-05-21 07:02 – 000000000 ____D C:UsersdaddyDocumentsOutlook Files 2021-05-19 17:08 – 2021-05-19 17:08 – 001319288 _____ (LLVM) C:WINDOWSSysWOW64libomp140d.i386.dll 2021-05-19 17:08 – 2021-05-19 17:08 – 001319288 _____ (LLVM) C:WINDOWSSysWOW64libomp140.i386.dll 2021-05-19 17:06 – 2021-05-19 17:06 – 001664912 _____ (LLVM) C:WINDOWSsystem32libomp140d.x86_64.dll 2021-05-19 17:06 – 2021-05-19 17:06 – 001664912 _____ (LLVM) C:WINDOWSsystem32libomp140.x86_64.dll
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-06-17 17:04 – 2019-12-07 05:14 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft 2021-06-17 16:44 – 2021-03-25 12:52 – 000000000 ____D C:Usersdaddy 2021-06-17 16:18 – 2021-03-25 12:51 – 000000000 ____D C:WINDOWSsystem32SleepStudy 2021-06-17 08:10 – 2020-08-06 19:59 – 000000000 ___RD C:UsersdaddyOneDrive 2021-06-16 20:48 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSServiceState 2021-06-16 20:41 – 2021-03-25 12:58 – 001013234 _____ C:WINDOWSsystem32PerfStringBackup.INI 2021-06-16 20:41 – 2019-12-07 05:13 – 000000000 ____D C:WINDOWSINF 2021-06-16 20:40 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSAppReadiness 2021-06-16 20:37 – 2021-03-25 12:55 – 000000006 ____H C:WINDOWSTasksSA.DAT 2021-06-16 20:37 – 2021-03-25 12:51 – 000008192 ___SH C:DumpStack.log.tmp 2021-06-16 20:37 – 2020-08-06 19:57 – 000000000 __SHD C:UsersdaddyIntelGraphicsProfiles 2021-06-16 20:37 – 2020-07-22 12:54 – 000000000 ___HD C:Intel 2021-06-16 20:37 – 2019-12-07 05:03 – 000524288 _____ C:WINDOWSsystem32configBBI 2021-06-16 20:36 – 2021-03-25 12:55 – 000003374 _____ C:WINDOWSsystem32TasksOneDrive Standalone Update Task-S-1-5-21-801466221-149834458-993484874-1001 2021-06-16 20:36 – 2021-03-25 12:52 – 000002366 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsOneDrive.lnk 2021-06-16 20:35 – 2019-12-07 05:14 – 000000000 ___HD C:Program FilesWindowsApps 2021-06-15 07:22 – 2019-12-07 05:51 – 000000000 ____D C:WINDOWSsystem32FxsTmp 2021-06-15 06:57 – 2020-09-30 11:55 – 000002254 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk 2021-06-15 06:57 – 2020-09-30 11:55 – 000002213 _____ C:UsersPublicDesktopGoogle Chrome.lnk 2021-06-15 06:57 – 2020-09-30 11:55 – 000002213 _____ C:ProgramDataDesktopGoogle Chrome.lnk 2021-06-15 06:49 – 2019-12-07 05:03 – 000000000 ____D C:WINDOWSCbsTemp 2021-06-12 17:08 – 2020-07-22 12:45 – 000000000 ____D C:Program FilesMicrosoft Office 2021-06-12 15:05 – 2020-08-12 17:35 – 000002445 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk 2021-06-12 15:05 – 2020-08-12 17:35 – 000002283 _____ C:UsersPublicDesktopMicrosoft Edge.lnk 2021-06-12 15:05 – 2020-08-12 17:35 – 000002283 _____ C:ProgramDataDesktopMicrosoft Edge.lnk 2021-06-12 00:29 – 2020-08-06 20:14 – 000000000 ____D C:UsersdaddyAppDataLocalComms 2021-06-11 08:52 – 2020-08-07 08:28 – 000000000 ____D C:Usersdaddy.config 2021-06-11 03:14 – 2020-07-22 12:56 – 000000000 ___HD C:Program Files (x86)InstallShield Installation Information 2021-06-10 13:27 – 2021-03-25 12:51 – 000444624 _____ C:WINDOWSsystem32FNTCACHE.DAT 2021-06-10 10:07 – 2020-07-22 12:56 – 000000000 ____D C:ProgramDataPackage Cache 2021-06-10 09:09 – 2021-03-25 10:52 – 000002393 _____ C:UsersdaddyDesktopTom (Person 1) – Chrome.lnk 2021-06-09 11:00 – 2019-12-07 05:14 – 000000000 ____D C:Program FilesCommon Filesmicrosoft shared 2021-06-09 10:57 – 2021-03-25 16:48 – 000000000 ____D C:WINDOWSServiceProfiles 2021-06-09 10:27 – 2019-12-07 05:14 – 000000000 ___RD C:WINDOWSImmersiveControlPanel 2021-06-09 10:07 – 2019-12-07 05:54 – 000000000 ____D C:Program FilesWindows Defender Advanced Threat Protection 2021-06-09 10:07 – 2019-12-07 05:14 – 000000000 ___RD C:WINDOWSPrintDialog 2021-06-09 10:07 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSysWOW64lv-LV 2021-06-09 10:07 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSysWOW64et-EE 2021-06-09 10:07 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSysWOW64Dism 2021-06-09 10:07 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSystemResources 2021-06-09 10:07 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32oobe 2021-06-09 10:07 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32migwiz 2021-06-09 10:07 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32lv-LV 2021-06-09 10:07 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32et-EE 2021-06-09 10:07 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32Dism 2021-06-09 10:07 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSPolicyDefinitions 2021-06-09 10:07 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSbcastdvr 2021-06-08 17:11 – 2021-03-20 23:53 – 000000000 ___HD C:$WinREAgent 2021-06-08 17:09 – 2020-08-06 23:16 – 000000000 ____D C:WINDOWSsystem32MRT 2021-06-08 17:06 – 2020-08-06 23:16 – 132447432 ____C (Microsoft Corporation) C:WINDOWSsystem32MRT.exe 2021-06-03 13:33 – 2020-07-22 13:36 – 000000000 ____D C:ProgramDataLenovo 2021-06-03 13:32 – 2020-09-17 04:51 – 000002040 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes.lnk 2021-06-03 13:32 – 2020-09-17 04:51 – 000002028 _____ C:UsersPublicDesktopMalwarebytes.lnk 2021-06-03 13:32 – 2020-09-17 04:51 – 000002028 _____ C:ProgramDataDesktopMalwarebytes.lnk 2021-06-03 12:02 – 2020-09-29 08:17 – 000005086 _____ C:WINDOWSsystem32InstallUtil.InstallLog 2021-06-02 06:08 – 2020-12-22 10:04 – 000248992 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbamswissarmy.sys 2021-06-02 06:06 – 2020-08-21 05:42 – 000000000 ____D C:Program FilesMicrosoft Update Health Tools 2021-06-01 09:42 – 2020-08-06 19:57 – 000000000 ____D C:UsersdaddyAppDataLocalConnectedDevicesPlatform 2021-05-25 07:48 – 2020-08-21 05:42 – 000725304 _____ (Microsoft Corporation) C:WINDOWSsystem32sedplugins.dll 2021-05-25 07:48 – 2020-08-21 05:42 – 000470328 _____ (Microsoft Corporation) C:WINDOWSsystem32QualityUpdateAssistant.dll 2021-05-20 12:53 – 2019-10-17 00:10 – 000000000 __RHD C:UsersPublicAccountPictures
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-06-2021 Ran by daddy (17-06-2021 17:12:04) Running from C:UsersdaddyDownloads Windows 10 Pro Version 20H2 19042.1052 (X64) (2021-03-25 16:55:25) Boot Mode: Normal ==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-801466221-149834458-993484874-500 – Administrator – Disabled) daddy (S-1-5-21-801466221-149834458-993484874-1001 – Administrator – Enabled) => C:Usersdaddy DefaultAccount (S-1-5-21-801466221-149834458-993484874-503 – Limited – Disabled) Guest (S-1-5-21-801466221-149834458-993484874-501 – Limited – Disabled) toman (S-1-5-21-801466221-149834458-993484874-1003 – Limited – Disabled) WDAGUtilityAccount (S-1-5-21-801466221-149834458-993484874-504 – Limited – Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled – Up to date) D68DDC3A-831F-4fae-9E44-DA132C1ACF46 AV: Malwarebytes (Enabled – Up to date) 23007AD3-69FE-687C-2629-D584AFFAF72B
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Active Directory Authentication Library for SQL Server (HKLM…6BF11ECE-3CE8-4FBA-991A-1F55AA6BE5BF) (Version: 15.0.1300.359 – Microsoft Corporation) Hidden Azure Data Studio (HKLM…6591F69E-6588-4980-81ED-C8FCBD7EC4B8_is1) (Version: 1.28.0 – Microsoft Corporation) Browser for SQL Server 2019 (HKLM-x32…5E366957-8D78-4BB5-A790-96F97A9766BD) (Version: 15.0.2000.5 – Microsoft Corporation) Citrix Workspace 2106 (HKLM-x32…CitrixOnlinePluginPackWeb) (Version: 21.6.0.47 – Citrix Systems, Inc.) ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32…243F145-076D-423A-8F77-218DC8840261) (Version: 4.8.04119 – Microsoft Corporation) Hidden ClickOnce Bootstrapper Package for Microsoft .NET Framework 4.8 on Visual Studio 2017 (HKLM-x32…A89F4446-3B75-433B-91B3-C88868CA8544) (Version: 4.8.03928 – Microsoft Corporation) ComponentArt UI Framework 2012 for .NET (HKLM-x32…45840CF0-E6F3-437F-A85C-6DED94695560) (Version: 12.1.1016 – ComponentArt) DevExpress Components 20.2 (HKLM-x32…DevExpress Components 20.2) (Version: 20.2.4 – Developer Express Inc.) DevExpress DevExtreme 20.2 (HKLM-x32…DevExpress DevExtreme 20.2) (Version: 20.2.4 – Developer Express Inc.) DevExpress Documentation (HKLM-x32…DevExpress Documentation) (Version: – Developer Express Inc.) DiagnosticsHub_CollectionService (HKLM…1F3C3AAC-9F7A-47DA-A082-0ACE770041BE) (Version: 16.1.28901 – Microsoft Corporation) Hidden Entity Framework 6.2.0 Tools for Visual Studio 2019 (HKLM-x32…F878746A-C5F7-420A-A672-4DFEF74ADC3A) (Version: 6.2.0.0 – Microsoft Corporation) Hidden Explorer++ (HKUS-1-5-21-801466221-149834458-993484874-1001…store-5c0ec3f7@@Controller.Windows Explorer_1) (Version: 1.0 – Delivered by Citrix) Git version 2.32.0 (HKLM…Git_is1) (Version: 2.32.0 – The Git Development Community) Google Chrome (HKLM-x32…Google Chrome) (Version: 91.0.4472.106 – Google LLC) icecap_collection_neutral (HKLM-x32…1036893D-9917-4E70-B96C-8D72A2B224BC) (Version: 16.10.31306 – Microsoft Corporation) Hidden icecap_collection_x64 (HKLM…289873DF-80D0-4D7D-8068-D25D342A26FA) (Version: 16.10.31306 – Microsoft Corporation) Hidden icecap_collectionresources (HKLM-x32…D2B4539C-173B-4B8D-A021-E22E9566BC24) (Version: 16.10.31306 – Microsoft Corporation) Hidden icecap_collectionresourcesx64 (HKLM-x32…38CE202D-7880-4101-9739-83619300EC58) (Version: 16.10.31306 – Microsoft Corporation) Hidden IIS 10.0 Express (HKLM…307C98E-AE82-4A4F-A950-A72FBD805338) (Version: 10.0.04403 – Microsoft Corporation) IIS Express Application Compatibility Database for x64 (HKLM…8274920-8908-45c2-9258-8ad67ff77b09.sdb) (Version: – ) Hidden IIS Express Application Compatibility Database for x86 (HKLM…ad846bae-d44b-4722-abad-f7420e08bcd9.sdb) (Version: – ) Hidden Integration Services (HKLM-x32…8564E707-DD3A-425E-B333-A9970306BE8F) (Version: 15.0.2000.162 – Microsoft Corporation) Hidden Intel® Processor Graphics (HKLM-x32…F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA) (Version: 26.20.100.6911 – Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32…6eb157e2-7552-40c6-860b-a81b66a2ebd6) (Version: 21.20.0.0u – Intel Corporation) IntelliTraceProfilerProxy (HKLM-x32…7D94CF67-6666-4111-B027-D7AB7F189F70) (Version: 15.0.18198.01 – Microsoft Corporation) Hidden Internet Explorer (HKUS-1-5-21-801466221-149834458-993484874-1001…store-5c0ec3f7@@Controller.Internet Explorer-1) (Version: 1.0 – Delivered by Citrix) Java 8 Update 261 (64-bit) (HKLM…26A24AE4-039D-4CA4-87B4-2F64180261F0) (Version: 8.0.2610.12 – Oracle Corporation) Java SE Development Kit 8 Update 261 (64-bit) (HKLM…64A3A4F4-B792-11D6-A78A-00B0D0180261) (Version: 8.0.2610.12 – Oracle Corporation) Lenovo Essential Wireless Keyboard (HKLM…Lenovo Essential Wireless Keyboard) (Version: 1.5.0.1 – Lenovo) Lenovo Vantage Service (HKLM-x32…VantageSRV_is1) (Version: 3.7.19.0 – Lenovo Group Ltd.) Malwarebytes version 4.4.0.117 (HKLM…35065F43-4BB2-439A-BFF7-0F1014F2E0CD_is1) (Version: 4.4.0.117 – Malwarebytes) Microsoft .NET Framework 4.7.1 SDK (HKLM-x32…B9DCCDB9-FCE9-48AD-B534-A7AD270BD52B) (Version: 4.7.02558 – Microsoft Corporation) Microsoft .NET Framework 4.7.1 Targeting Pack (ENU) (HKLM-x32…ABE94A82-C89E-4ACA-8B30-41E0C6165A23) (Version: 4.7.02558 – Microsoft Corporation) Microsoft .NET Framework 4.7.1 Targeting Pack (HKLM-x32…5686C5E9-A3B3-451E-A2EA-4C246CDE5CC9) (Version: 4.7.02558 – Microsoft Corporation) Microsoft .NET Framework 4.7.2 SDK (HKLM-x32…F42C96C1-746B-442A-B58C-9F0FD5F3AB8A) (Version: 4.7.03081 – Microsoft Corporation) Microsoft .NET Framework 4.8 Targeting Pack (ENU) (HKLM-x32…A4EA9EE5-7CFF-4C5F-B159-B9B4E5D2BDE2) (Version: 4.8.03761 – Microsoft Corporation) Microsoft .NET Framework 4.8 Targeting Pack (HKLM-x32…BAAF5851-0759-422D-A1E9-90061B597188) (Version: 4.8.03761 – Microsoft Corporation) Microsoft .NET SDK 5.0.301 (x64) from Visual Studio (HKLM…869D316B-33AD-4466-974C-95820FF40F99) (Version: 5.3.121.27113 – Microsoft Corporation) Microsoft 365 – en-us (HKLM…O365HomePremRetail – en-us) (Version: 16.0.14026.20270 – Microsoft Corporation) Microsoft Azure Authoring Tools – v2.9.6 (HKLM…EDADFA19-7F96-4075-A4AB-2209910626C5) (Version: 2.9.8899.26 – Microsoft Corporation) Microsoft Azure Compute Emulator – v2.9.6 (HKLM…Microsoft Azure Compute Emulator – v2.9.6) (Version: 2.9.8899.26 – Microsoft Corporation) Microsoft Azure Libraries for .NET – v2.9 (HKLM…C5C91AA6-3E83-430E-8B7A-6B790083F28D) (Version: 3.0.0127.060 – Microsoft Corporation) Microsoft Azure Storage Emulator – v5.10 (HKLM-x32…Microsoft Azure Storage Emulator – v5.10) (Version: 5.10.19227.2113 – Microsoft Corporation) Microsoft Edge (HKLM-x32…Microsoft Edge) (Version: 91.0.864.48 – Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32…Microsoft EdgeWebView) (Version: 91.0.864.48 – Microsoft Corporation) Microsoft Help Viewer 2.3 (HKLM-x32…Microsoft Help Viewer 2.3) (Version: 2.3.28107 – Microsoft Corporation) Microsoft ODBC Driver 17 for SQL Server (HKLM…853997DA-6FCB-4FB9-918E-E0FF881FAF65) (Version: 17.7.2.1 – Microsoft Corporation) Microsoft OLE DB Driver for SQL Server (HKLM…9D6F8754-28E9-4940-B319-3FC8588CF18F) (Version: 18.5.0.0 – Microsoft Corporation) Microsoft OneDrive (HKUS-1-5-21-801466221-149834458-993484874-1001…OneDriveSetup.exe) (Version: 21.109.0530.0001 – Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM…9D93D367-A2CC-4378-BD63-79EF3FE76C78) (Version: 11.4.7462.6 – Microsoft Corporation) Microsoft SQL Server 2016 LocalDB (HKLM…9097BF1A-13A0-4A4A-A1F8-473E2A669863) (Version: 13.1.4001.0 – Microsoft Corporation) Microsoft SQL Server 2019 (64-bit) (HKLM…Microsoft SQL Server SQL2019) (Version: – Microsoft Corporation) Microsoft SQL Server 2019 Setup (English) (HKLM…17DCED0E-5B27-453A-B2B4-E487B869B28A) (Version: 15.0.4013.40 – Microsoft Corporation) Microsoft SQL Server 2019 T-SQL Language Service (HKLM…31D27B41-A051-49D8-907A-62E0F4A2188C) (Version: 15.0.2000.5 – Microsoft Corporation) Microsoft SQL Server Management Studio – 18.9.1 (HKLM-x32…bf0d55ea-f272-49bc-8699-22fbdcc115a8) (Version: 15.0.18384.0 – Microsoft Corporation) Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM…8D7CE3B0-5379-46FE-9F4B-A65D9F4CC1F1) (Version: 15.0.1200.24 – Microsoft Corporation) Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM-x32…725CC962-98BD-42C7-87D8-51C680FB1779) (Version: 15.0.1200.24 – Microsoft Corporation) Microsoft Update Health Tools (HKLM…E5A95BC5-81DF-4F0C-B910-B59DD012F037) (Version: 2.81.0.0 – Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.30501 (HKLM-x32…50d4fc8-5d48-4b8f-8972-47c82c46020f) (Version: 12.0.30501.0 – Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.30501 (HKLM-x32…f65db027-aff3-4070-886a-0d87064aabb1) (Version: 12.0.30501.0 – Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) – 14.29.30037 (HKLM-x32…4b2f3795-f407-415e-88d5-8c8ab322909d) (Version: 14.29.30037.0 – Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) – 14.29.30037 (HKLM-x32…dfea0fad-88b2-4a1f-8536-3f8f9391f4ef) (Version: 14.29.30037.0 – Microsoft Corporation) Microsoft Visual Studio Installer (HKLM…6F320B93-EE3C-4826-85E0-ADF79F8D4C61) (Version: 2.10.2174.31177 – Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2017 (HKLM-x32…f895a2f1-ae3f-4212-8af1-7fa1f8c212ea) (Version: 15.0.27520 – Microsoft Corporation) Microsoft VSS Writer for SQL Server 2019 (HKLM…2C33F4D4-E9A5-4DE1-ACFE-3A13464E6703) (Version: 15.0.2000.5 – Microsoft Corporation) Microsoft Web Deploy 4.0 (HKLM…2EC26D34-FB67-4C58-AC20-235697551222) (Version: 10.0.3802 – Microsoft Corporation) Office 16 Click-to-Run Extensibility Component (HKLM…90160000-008C-0000-1000-0000000FF1CE) (Version: 16.0.14026.20270 – Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM…90160000-007E-0000-1000-0000000FF1CE) (Version: 16.0.14026.20270 – Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM…90160000-008C-0409-1000-0000000FF1CE) (Version: 16.0.14026.20246 – Microsoft Corporation) Hidden Online Plug-in (HKLM-x32…70C3E067-E1D3-4D89-8738-6FA6F82B0734) (Version: 21.6.0.31 – Citrix Systems, Inc.) Hidden Outlook (HKUS-1-5-21-801466221-149834458-993484874-1001…store-5c0ec3f7@@Controller.Outlook) (Version: 1.0 – Delivered by Citrix) Realtek High Definition Audio Driver (HKLM-x32…F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC) (Version: 6.0.8726.1 – Realtek Semiconductor Corp.) Remote Desktop Connection (HKUS-1-5-21-801466221-149834458-993484874-1001…store-5c0ec3f7@@Controller.Remote Desktop Co-6) (Version: 1.0 – Delivered by Citrix) SAP Crystal Reports runtime engine for .NET Framework (64-bit) (HKLM…A07BC249-5C09-4B15-A437-B2BCF1145BEF) (Version: 13.0.25.3158 – SAP) SAP Crystal Reports, version for Microsoft Visual Studio (HKLM-x32…5EF54B97-2534-4B9C-BA22-B4E136C86268) (Version: 13.0.25.3158 – SAP) Self-service Plug-in (HKLM-x32…BF16C19F-E310-41B0-ABEE-FE9B4E7E3173) (Version: 21.6.0.16 – Citrix Systems, Inc.) Hidden SQL Server 2019 Batch Parser (HKLM…D459615B-83B0-408F-8F39-6CC07C277BA6) (Version: 15.0.2000.5 – Microsoft Corporation) Hidden SQL Server 2019 Common Files (HKLM…FB552DD-543E-48E7-A6F4-2F8D82723C6A) (Version: 15.0.2000.5 – Microsoft Corporation) Hidden SQL Server 2019 Common Files (HKLM…5E4344C9-8B97-4ED9-8760-57E221C240F4) (Version: 15.0.2000.5 – Microsoft Corporation) Hidden SQL Server 2019 Connection Info (HKLM…99B940D5-1A49-4B6C-B26C-6A88B2C061CA) (Version: 15.0.2000.5 – Microsoft Corporation) Hidden SQL Server 2019 Connection Info (HKLM…FD730873-33D1-4D1F-9AE0-E259586F8827) (Version: 15.0.2000.5 – Microsoft Corporation) Hidden SQL Server 2019 Database Engine Services (HKLM…A60B3D8E-5311-4BF1-AF7A-D1AC15F9152E) (Version: 15.0.2000.5 – Microsoft Corporation) Hidden SQL Server 2019 Database Engine Services (HKLM…E3E84B2C-FCF6-469F-9FE7-5E8934DB69AD) (Version: 15.0.2000.5 – Microsoft Corporation) Hidden SQL Server 2019 Database Engine Shared (HKLM…619F0B6C-C802-422A-B4E5-294E61F68473) (Version: 15.0.2000.5 – Microsoft Corporation) Hidden SQL Server 2019 Database Engine Shared (HKLM…DE5B7937-D5B5-4157-BC30-BB87F021CFF0) (Version: 15.0.2000.5 – Microsoft Corporation) Hidden SQL Server 2019 DMF (HKLM…814D5077-C93F-42E2-B875-717007C186B9) (Version: 15.0.2000.5 – Microsoft Corporation) Hidden SQL Server 2019 DMF (HKLM…FC8DC283-4A85-467F-8D0E-2FE4606DCCA1) (Version: 15.0.2000.5 – Microsoft Corporation) Hidden SQL Server 2019 Shared Management Objects (HKLM…6213D6CB-D258-47A3-B1A0-EE1E5C080DCF) (Version: 15.0.2000.5 – Microsoft Corporation) Hidden SQL Server 2019 Shared Management Objects (HKLM…A8581199-F913-443B-B058-8E8BF317E71C) (Version: 15.0.2000.5 – Microsoft Corporation) Hidden SQL Server 2019 Shared Management Objects Extensions (HKLM…8DDAEBCA-4267-4E16-9FE0-D87F21D36891) (Version: 15.0.2000.5 – Microsoft Corporation) Hidden SQL Server 2019 Shared Management Objects Extensions (HKLM…C7E6D4B7-CB10-4239-BA04-D9339B39D0BD) (Version: 15.0.2000.5 – Microsoft Corporation) Hidden SQL Server 2019 SQL Diagnostics (HKLM…28ED6838-D8E5-454C-A813-12C5EB447CAB) (Version: 15.0.2000.5 – Microsoft Corporation) Hidden SQL Server 2019 XEvent (HKLM…2129312E-5204-4F3A-9039-B6D34DBB00FB) (Version: 15.0.2000.5 – Microsoft Corporation) Hidden SQL Server 2019 XEvent (HKLM…228C3DC2-695E-4FC7-87E4-6A9CE905DA9B) (Version: 15.0.2000.5 – Microsoft Corporation) Hidden SQL Server Management Studio (HKLM…AC2FDB24-D722-49F9-8CB4-8AC187A73BA6) (Version: 15.0.18384.0 – Microsoft Corporation) Hidden SQL Server Management Studio (HKLM…FFEDA3B1-242E-40C2-BB23-7E3B87DAC3C1) (Version: 15.0.18384.0 – Microsoft Corporation) Hidden SQL Server Management Studio for Analysis Services (HKLM…6E38BAB6-6AFA-49DC-B779-A068B0E5CD11) (Version: 15.0.18384.0 – Microsoft Corporation) Hidden SQL Server Management Studio for Reporting Services (HKLM…7CC4781E-9184-4BF6-B739-6179DDA10D7B) (Version: 15.0.18384.0 – Microsoft Corporation) Hidden SSMS Post Install Tasks (HKLM…C0BE7047-8F9B-43BD-B11F-53D2BC61A0AC) (Version: 15.0.18384.0 – Microsoft Corporation) Hidden TypeScript SDK (HKLM-x32…C34D7309-4E94-4B6A-ABE8-C1EE566E9C1F) (Version: 4.2.4.0 – Microsoft Corporation) Hidden Update for (KB2504637) (HKLM-x32…CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE.KB2504637) (Version: 1 – Microsoft Corporation) vcpp_crt.redist.clickonce (HKLM-x32…C1971FA7-C832-480E-91DC-21FBB0794C32) (Version: 14.29.30037 – Microsoft Corporation) Hidden Visual Studio Community 2019 (HKLM-x32…1ba68ded) (Version: 16.10.31402.337 – Microsoft Corporation) VS Immersive Activate Helper (HKLM-x32…A71406B5-E487-4B01-8E59-D466841350F5) (Version: 16.0.102.0 – Microsoft Corporation) Hidden VS JIT Debugger (HKLM…C7E8A4F2-EF09-42A8-B892-69D5ED99D965) (Version: 16.0.102.0 – Microsoft Corporation) Hidden VS Script Debugging Common (HKLM…A4272808-82F5-410F-A5F9-1BF6F63F6B9A) (Version: 16.0.102.0 – Microsoft Corporation) Hidden vs_BlendMsi (HKLM-x32…B5E3A3E1-1529-4D5A-9E95-34971FA07825) (Version: 16.0.28329 – Microsoft Corporation) Hidden vs_clickoncebootstrappermsi (HKLM-x32…6F7948F9-8EED-4FA5-A1D9-7DD512A2CA26) (Version: 16.10.31206 – Microsoft Corporation) Hidden vs_clickoncebootstrappermsires (HKLM-x32…271F1F42-B547-4498-825F-590DBB1774F7) (Version: 16.0.28329 – Microsoft Corporation) Hidden vs_clickoncesigntoolmsi (HKLM-x32…30D97A69-3C0F-4552-9A72-60E591B210C7) (Version: 16.0.28329 – Microsoft Corporation) Hidden vs_communitymsi (HKLM-x32…F2362422-8A5F-473B-B793-E9592B1EA9FA) (Version: 16.10.31306 – Microsoft Corporation) Hidden vs_communitymsires (HKLM-x32…3751D1CF-9A44-43D2-B4BB-80FA6E7925A8) (Version: 16.10.31213 – Microsoft Corporation) Hidden vs_devenvmsi (HKLM-x32…AD0C92A4-1514-4BC1-A723-A272A8343924) (Version: 16.0.28329 – Microsoft Corporation) Hidden vs_filehandler_amd64 (HKLM-x32…8B6AE4FB-1E51-4BB4-B52C-CAC8A0340310) (Version: 16.10.31206 – Microsoft Corporation) Hidden vs_filehandler_x86 (HKLM-x32…B0AA3BF6-3C13-4C9A-A043-4CEFBBE0A2D3) (Version: 16.10.31206 – Microsoft Corporation) Hidden vs_FileTracker_Singleton (HKLM-x32…5CA3463-0B45-425D-9AF2-E1964AB85CBB) (Version: 16.10.31303 – Microsoft Corporation) Hidden vs_minshellinteropmsi (HKLM-x32…883D29E5-9A41-4C45-A192-C10B8078BF0C) (Version: 16.10.31306 – Microsoft Corporation) Hidden vs_minshellmsi (HKLM-x32…E6B8D127-6C17-4E21-BA5C-B1D0C322BBA2) (Version: 16.10.31320 – Microsoft Corporation) Hidden vs_minshellmsires (HKLM-x32…916C6E1-6A0A-4887-9E00-D96FD44AFACE) (Version: 16.10.31303 – Microsoft Corporation) Hidden vs_SQLClickOnceBootstrappermsi (HKLM-x32…9A9E968E-1C75-4B85-BCBF-D1E26D6F7A6B) (Version: 16.10.31205 – Microsoft Corporation) Hidden vs_tipsmsi (HKLM-x32…E208E682-50EE-4F2F-9860-C91B906B8A03) (Version: 16.0.28329 – Microsoft Corporation) Hidden vs_vswebprotocolselectormsi (HKLM-x32…634F7BE2-E181-4544-946F-B8BA774B9059) (Version: 16.10.31206 – Microsoft Corporation) Hidden WinRAR 5.90 (64-bit) (HKLM…WinRAR archiver) (Version: 5.90.0 – win.rar GmbH) Zoho Assist (HKUS-1-5-21-801466221-149834458-993484874-1001…Zoho Assist) (Version: 111.0.3.119 – Zoho Corporation)
Packages: ========= HP Smart -> C:Program FilesWindowsAppsAD2F1837.HPPrinterControl_127.1.115.0_x64__v10z8vjag6ke6 [2021-05-20] (HP Inc.) Intel® Graphics Command Center -> C:Program FilesWindowsAppsAppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6ctt [2021-06-14] (INTEL CORP) [Startup Task] Intel® Graphics Control Panel -> C:Program FilesWindowsAppsAppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-08-06] (INTEL CORP) Lenovo Vantage -> C:Program FilesWindowsAppsE046963F.LenovoCompanion_10.2105.16.0_x64__k1h2ywk1493x8 [2021-06-10] (LENOVO INC.) Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-03-25] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-03-25] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:Program FilesWindowsAppsMicrosoft.MicrosoftSolitaireCollection_4.9.5310.0_x64__8wekyb3d8bbwe [2021-06-04] (Microsoft Studios) [MS Ad] MPEG-2 Video Extension -> C:Program FilesWindowsAppsMicrosoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2020-08-06] (Microsoft Corporation) Realtek Audio Control -> C:Program FilesWindowsAppsRealtekSemiconductorCorp.RealtekAudioControl_1.20.235.0_x64__dt26b99r8h8gj [2021-05-20] (Realtek Semiconductor Corp)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [WinRAR] -> B41DB860-64E4-11D2-9906-E49FADC173CA => C:Program FilesWinRARrarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> B41DB860-8EE4-11D2-9906-E49FADC173CA => C:Program FilesWinRARrarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers3: [MBAMShlExt] -> 57CE581A-0CB6-4266-9CA0-19364C90A0B3 => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2020-09-17] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [MBAMShlExt] -> 57CE581A-0CB6-4266-9CA0-19364C90A0B3 => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2020-09-17] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [WinRAR] -> B41DB860-64E4-11D2-9906-E49FADC173CA => C:Program FilesWinRARrarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> B41DB860-8EE4-11D2-9906-E49FADC173CA => C:Program FilesWinRARrarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:UsersdaddyDesktopTom (Person 1) – Chrome.lnk -> C:Program FilesGoogleChromeApplicationchrome.exe (Google LLC) -> –profile-directory="Default" ShortcutWithArgument: C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk -> C:Program Files (x86)CitrixICA ClientSelfServicePluginSelfService.exe (Citrix Systems, Inc.) -> -launch -reg "SoftwareMicrosoftWindowsCurrentVersionUninstallameritascl-8fea28b0@@Controllers.Google Chrome_1" -startmenuShortcut ShortcutWithArgument: C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsChrome AppsGoogle Play Music (1).lnk -> C:Program FilesGoogleChromeApplicationchrome_proxy.exe (Google LLC) -> –profile-directory="Profile 1" –app-id=fahmaaghhglfmonjliepjlchgpgfmobi ShortcutWithArgument: C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsChrome AppsGoogle Play Music (2).lnk -> C:Program FilesGoogleChromeApplicationchrome_proxy.exe (Google LLC) -> –profile-directory="Profile 2" –app-id=fahmaaghhglfmonjliepjlchgpgfmobi ShortcutWithArgument: C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsChrome AppsGoogle Play Music.lnk -> C:Program FilesGoogleChromeApplicationchrome_proxy.exe (Google LLC) -> –profile-directory=Default –app-id=fahmaaghhglfmonjliepjlchgpgfmobi ShortcutWithArgument: C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsChrome AppsPostman (1).lnk -> C:Program FilesGoogleChromeApplicationchrome_proxy.exe (Google LLC) -> –profile-directory="Profile 1" –app-id=fhbjgbiflinjbdggehcddcbncdddomop ShortcutWithArgument: C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsChrome AppsPostman (2).lnk -> C:Program FilesGoogleChromeApplicationchrome_proxy.exe (Google LLC) -> –profile-directory="Profile 2" –app-id=fhbjgbiflinjbdggehcddcbncdddomop ShortcutWithArgument: C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsChrome AppsPostman.lnk -> C:Program FilesGoogleChromeApplicationchrome_proxy.exe (Google LLC) -> –profile-directory=Default –app-id=fhbjgbiflinjbdggehcddcbncdddomop ShortcutWithArgument: C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsChrome AppsReadium.lnk -> C:Program FilesGoogleChromeApplicationchrome_proxy.exe (Google LLC) -> –profile-directory="Profile 1" –app-id=fepbnnnkkadjhjahcafoaglimekefifl ShortcutWithArgument: C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsChrome AppsSimple EPUB Reader (1).lnk -> C:Program FilesGoogleChromeApplicationchrome_proxy.exe (Google LLC) -> –profile-directory="Profile 1" –app-id=ojhbgcchcbdjdenibfmjofobklkkhofc ShortcutWithArgument: C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsChrome AppsSimple EPUB Reader (2).lnk -> C:Program FilesGoogleChromeApplicationchrome_proxy.exe (Google LLC) -> –profile-directory="Profile 2" –app-id=ojhbgcchcbdjdenibfmjofobklkkhofc ShortcutWithArgument: C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsChrome AppsSimple EPUB Reader.lnk -> C:Program FilesGoogleChromeApplicationchrome_proxy.exe (Google LLC) -> –profile-directory=Default –app-id=ojhbgcchcbdjdenibfmjofobklkkhofc ShortcutWithArgument: C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsChrome AppsVideostream for Google Chromecast™.lnk -> C:Program FilesGoogleChromeApplicationchrome_proxy.exe (Google LLC) -> –profile-directory="Profile 1" –app-id=cnciopoikihiagdjbjpnocolokfelagl
==================== Loaded Modules (Whitelisted) =============
2021-06-16 02:10 – 2021-06-16 02:10 – 001419776 _____ () [File not signed] [File is in use] C:Program Files (x86)CitrixICA ClientBrowserCefSharp.Core.Runtime.dll 2020-03-28 10:30 – 2020-03-28 10:30 – 003352576 _____ () [File not signed] C:Program Files (x86)CitrixICA ClientReceivercpprest142_2_10.dll 2021-06-16 02:13 – 2021-06-16 02:13 – 000876032 _____ (Citrix Systems, Inc.) [File not signed] C:Program Files (x86)CitrixICA ClientReceiverAnalyticsInterface.dll 2021-06-11 14:33 – 2021-06-11 14:33 – 000011776 _____ (Citrix Systems, Inc.) [File not signed] C:Program Files (x86)CitrixICA ClientresourceensslsdkUI.dll 2021-06-11 14:33 – 2021-06-11 14:33 – 002423296 _____ (Citrix Systems, Inc.) [File not signed] C:Program Files (x86)CitrixICA Clientsslsdk_b.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMBAMService => ""="Service" HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKUS-1-5-21-801466221-149834458-993484874-1001SoftwareMicrosoftInternet ExplorerMain,Start Page = hxxp://www.msn.com/?pc=LCTE HKUS-1-5-21-801466221-149834458-993484874-1001SoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = hxxp://www.msn.com/?pc=LCTE HKUS-1-5-21-801466221-149834458-993484874-1001SoftwareMicrosoftInternet ExplorerMain,Secondary Start Pages = hxxp://mystart.lenovo.com/ SearchScopes: HKUS-1-5-21-801466221-149834458-993484874-1001 -> DefaultScope 42EC2899-2CC1-47FB-A39B-0008988F5076 URL = SearchScopes: HKUS-1-5-21-801466221-149834458-993484874-1001 -> 42EC2899-2CC1-47FB-A39B-0008988F5076 URL = BHO: Java™ Plug-In SSV Helper -> 761497BB-D6F0-462C-B6EB-D4DAF1D92D43 -> C:Program FilesJavajre1.8.0_261binssv.dll [2020-08-07] (Oracle America, Inc. -> Oracle Corporation) BHO: Java™ Plug-In 2 SSV Helper -> DBC80044-A445-435b-BC74-9C25C1C588A9 -> C:Program FilesJavajre1.8.0_261binjp2ssv.dll [2020-08-07] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Skype for Business Browser Helper -> 31D09BA0-12F5-4CCE-BE8A-2923E76605DA -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16OCHelper.dll [2021-05-28] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb-roaming.16 – 83C25742-A9F7-49FB-9138-434302C88D07 – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 – 83C25742-A9F7-49FB-9138-434302C88D07 – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 – 42089D2D-912D-4018-9087-2B87803E93FB – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 – 42089D2D-912D-4018-9087-2B87803E93FB – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 – 42089D2D-912D-4018-9087-2B87803E93FB – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 – 42089D2D-912D-4018-9087-2B87803E93FB – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 – 5504BE45-A83B-4808-900A-3A5C36E7F77A – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 – 5504BE45-A83B-4808-900A-3A5C36E7F77A – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation) Filter-x32: application/x-ica – CFB6322E-CC85-4d1b-82C7-893888A236BC – C:Program Files (x86)CitrixICA ClientIcaMimeFilter.dll [2021-06-11] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp – CFB6322E-CC85-4d1b-82C7-893888A236BC – C:Program Files (x86)CitrixICA ClientIcaMimeFilter.dll [2021-06-11] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 – CFB6322E-CC85-4d1b-82C7-893888A236BC – C:Program Files (x86)CitrixICA ClientIcaMimeFilter.dll [2021-06-11] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 – CFB6322E-CC85-4d1b-82C7-893888A236BC – C:Program Files (x86)CitrixICA ClientIcaMimeFilter.dll [2021-06-11] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 – CFB6322E-CC85-4d1b-82C7-893888A236BC – C:Program Files (x86)CitrixICA ClientIcaMimeFilter.dll [2021-06-11] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 – CFB6322E-CC85-4d1b-82C7-893888A236BC – C:Program Files (x86)CitrixICA ClientIcaMimeFilter.dll [2021-06-11] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 – CFB6322E-CC85-4d1b-82C7-893888A236BC – C:Program Files (x86)CitrixICA ClientIcaMimeFilter.dll [2021-06-11] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 – CFB6322E-CC85-4d1b-82C7-893888A236BC – C:Program Files (x86)CitrixICA ClientIcaMimeFilter.dll [2021-06-11] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp – CFB6322E-CC85-4d1b-82C7-893888A236BC – C:Program Files (x86)CitrixICA ClientIcaMimeFilter.dll [2021-06-11] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 – CFB6322E-CC85-4d1b-82C7-893888A236BC – C:Program Files (x86)CitrixICA ClientIcaMimeFilter.dll [2021-06-11] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 – CFB6322E-CC85-4d1b-82C7-893888A236BC – C:Program Files (x86)CitrixICA ClientIcaMimeFilter.dll [2021-06-11] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 – CFB6322E-CC85-4d1b-82C7-893888A236BC – C:Program Files (x86)CitrixICA ClientIcaMimeFilter.dll [2021-06-11] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 – CFB6322E-CC85-4d1b-82C7-893888A236BC – C:Program Files (x86)CitrixICA ClientIcaMimeFilter.dll [2021-06-11] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 – CFB6322E-CC85-4d1b-82C7-893888A236BC – C:Program Files (x86)CitrixICA ClientIcaMimeFilter.dll [2021-06-11] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 – CFB6322E-CC85-4d1b-82C7-893888A236BC – C:Program Files (x86)CitrixICA ClientIcaMimeFilter.dll [2021-06-11] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: ica – CFB6322E-CC85-4d1b-82C7-893888A236BC – C:Program Files (x86)CitrixICA ClientIcaMimeFilter.dll [2021-06-11] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-19 00:49 – 2019-03-19 00:49 – 000000824 _____ C:WINDOWSsystem32driversetchosts
2020-11-09 05:17 – 2020-11-09 05:17 – 000000445 _____ C:WINDOWSsystem32driversetchosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLMSystemCurrentControlSetControlSession ManagerEnvironment\Path -> C:Program Files (x86)Common FilesOracleJavajavapath;%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;%SYSTEMROOT%System32WindowsPowerShellv1.0;%SYSTEMROOT%System32OpenSSH;C:Program FilesIntelWiFibin;C:Program FilesCommon FilesIntelWirelessCommon;%JAVA_HOME%bin;C:apache-maven-3.6.3bin;C:Program Filesdotnet;C:Program FilesMicrosoft SQL ServerClient SDKODBC170ToolsBinn;C:Program Files (x86)Microsoft SQL Server150ToolsBinn;C:Program FilesMicrosoft SQL Server150ToolsBinn;C:Program FilesMicrosoft SQL Server150DTSBinn;C:Program FilesMicrosoft SQL Server130ToolsBinn;C:Program Files (x86)Microsoft SQL Server150DTSBinn;C:Program FilesAzure Data Studiobin;C:Program FilesGitcmd HKUS-1-5-21-801466221-149834458-993484874-1001Control PanelDesktop\Wallpaper -> C:UsersdaddyAppDataRoamingMicrosoftWindowsThemesTranscodedWallpaper HKUS-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775Control PanelDesktop\Wallpaper -> C:WindowsWebWallpaperWindowsimg0.jpg HKUS-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003Control PanelDesktop\Wallpaper -> C:WindowsWebWallpaperWindowsimg0.jpg DNS Servers: 192.168.50.1 HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: ) Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [D4EA77C3-290E-4D2A-808E-61E1896C2AC3] => (Allow) C:WINDOWSsystem32alg.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [EFF70587-71A3-49F5-9038-F0EA81F0EE94] => (Allow) C:WINDOWSsystem32alg.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [87B9543B-5E94-4EC0-9D0A-A5FF70962305] => (Allow) C:WINDOWSsystem32alg.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [232D170D-B19B-4A80-BF73-37AD0FED893A] => (Allow) C:Program FilesGoogleChromeApplicationchrome.exe (Google LLC -> Google LLC) FirewallRules: [E9F81D6F-F567-4ED0-B19A-239767630DED] => (Allow) C:Program FilesMicrosoft OfficerootOffice16outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [395C4A0E-B5ED-4A20-817F-A633EFBFEFC6] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [820006ED-8DC9-46AC-BA89-BDD450EAF58C] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [9C9A5B1A-ADE8-4D66-9C7D-3247BEC7B8EA] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [FE66B1BE-AFC8-439B-B74D-BBEE50FEF8F4] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [64D71EFD-E7F0-41BF-A032-7E96692AD4D3] => (Allow) C:Program Files (x86)MicrosoftEdgeWebViewApplication91.0.864.48msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [02F2CA23-2898-4A38-9CB9-8B5E1B7D50F8] => (Allow) C:Program FilesGoogleChromeApplicationchrome.exe (Google LLC -> Google LLC) FirewallRules: [B117FAC7-260A-4217-9CF8-320B6A7D920B] => (Allow) LPort=9845
==================== Restore Points =========================
08-06-2021 17:09:08 Windows Modules Installer 10-06-2021 08:14:48 Microsoft .NET Framework 4.8 Developer Pack 15-06-2021 06:49:00 Windows Modules Installer 17-06-2021 09:14:30 Installed DirectX
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors: ================== Error: (06/15/2021 07:06:05 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-NBI7G7F) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
Error: (06/14/2021 11:04:02 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-NBI7G7F) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
Error: (06/11/2021 09:24:13 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-NBI7G7F) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
Error: (06/10/2021 10:05:55 AM) (Source: HlpCtntMgr) (EventID: 1003) (User: ) Description: Help Content Manager exited with error: InvalidCmdArgs
Error: (06/10/2021 09:54:00 AM) (Source: MsiInstaller) (EventID: 10005) (User: DESKTOP-NBI7G7F) Description: Product: SAP Crystal Reports runtime engine for .NET Framework (64-bit) — A newer version of SAP Crystal Reports runtime engine for .NET Framework (64-bit) is detected. This installation cannot continue until the current version has been uninstalled. Setup will now exit.
Error: (06/10/2021 09:52:29 AM) (Source: HlpCtntMgr) (EventID: 1003) (User: ) Description: Help Content Manager exited with error: InvalidCmdArgs
Error: (06/10/2021 09:47:04 AM) (Source: HlpCtntMgr) (EventID: 1003) (User: ) Description: Help Content Manager exited with error: InvalidCmdArgs
Error: (06/10/2021 09:21:17 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-NBI7G7F) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
System errors: ============= Error: (06/17/2021 08:47:43 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NBI7G7F) Description: The server 94269C4E-071A-4116-90E6-52E557067E4E did not register with DCOM within the required timeout.
Error: (06/17/2021 08:45:43 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NBI7G7F) Description: The server 94269C4E-071A-4116-90E6-52E557067E4E did not register with DCOM within the required timeout.
Error: (06/16/2021 08:38:01 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Security Intelligence Update for Microsoft Defender Antivirus – KB2267602 (Version 1.341.874.0).
Error: (06/16/2021 08:36:56 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server: E60687F7-01A1-40AA-86AC-DB1CBF673334
Error: (06/16/2021 08:36:56 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server: E60687F7-01A1-40AA-86AC-DB1CBF673334
Error: (06/16/2021 08:35:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The LenovoVantageService service terminated unexpectedly. It has done this 1 time(s).
Error: (06/15/2021 08:26:48 PM) (Source: BugCheck) (EventID: 1001) (User: ) Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x0000000000000028, 0x0000000000000002, 0x0000000000000000, 0xfffff8061d0e21e1). A dump was saved in: C:WINDOWSMEMORY.DMP. Report Id: d067b53b-b564-424d-8f89-bd50eb71aa34.
Error: (06/15/2021 08:26:41 PM) (Source: volmgr) (EventID: 161) (User: ) Description: Dump file creation failed due to error during dump creation.
Windows Defender: ================ Date: 2021-06-03 08:09:02 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan
Date: 2021-06-02 06:06:11 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan
Date: 2021-05-31 14:54:54 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan
Date: 2021-05-30 11:51:54 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan
Date: 2021-05-30 11:51:53 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan
Date: 2021-06-16 20:38:01 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.339.1944.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18100.6 Error code: 0x80070643 Error description: Fatal error during installation.
Date: 2021-06-16 20:38:01 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: 1.341.874.0 Previous security intelligence Version: 1.339.1944.0 Update Source: User Security intelligence Type: AntiSpyware Update Type: Delta Current Engine Version: 1.1.18200.4 Previous Engine Version: 1.1.18100.6 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
Date: 2021-06-16 20:38:01 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: 1.341.874.0 Previous security intelligence Version: 1.339.1944.0 Update Source: User Security intelligence Type: AntiVirus Update Type: Delta Current Engine Version: 1.1.18200.4 Previous Engine Version: 1.1.18100.6 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
Date: 2021-06-16 20:38:01 Description: Microsoft Defender Antivirus has encountered an error trying to update the engine. New Engine Version: 1.1.18200.4 Previous Engine Version: 1.1.18100.6 Error Code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
Date: 2021-06-16 20:36:56 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.339.1944.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18100.6 Error code: 0x8007045b Error description: A system shutdown is in progress.
==================== Memory info ===========================
BIOS: LENOVO M2AKT22A 04/16/2020 Motherboard: LENOVO 314D Processor: Intel® Core™ i5-8265U CPU @ 1.60GHz Percentage of memory in use: 70% Total physical RAM: 8057.65 MB Available physical RAM: 2371.07 MB Total Virtual: 9337.65 MB Available Virtual: 2212.09 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:475.69 GB) (Free:361.49 GB) NTFS
\?Volumed2d24a3a-bf5c-4033-9168-1ee97a487909 (WinRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.55 GB) NTFS \?Volumeb302d224-5dd7-417f-91bc-d40991fd64dd (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
========================================================== Disk: 0 (Size: 476.9 GB) (Disk ID: 9DE4B428)
Partition: GPT.
==================== End of Addition.txt =======================
Click to rate this post! [Total: 0 Average: 0]
Topics and keywords
Themes: Le Blog des nouvelles Technologies, Non classé
License & attribution
License: CC BY-ND 4.0.
Attribution required: yes.
Manifest: https://tutos-gameserver.fr/llm-endpoints-manifest.json
LLM Endpoints plugin version 1.1.2.