Potential Malware from Onedrive – Virus, Trojan, Spyware, and Malware Removal Help

I use windows 10 64 bit 21h1 and Im on a laptop. Ive just scanned my friends windows 10 pc with kaspersky and found 15 viruses on it right after scanning with Windows defender which missed all of it. A couple days ago I made a one drive account for them. Ive become increasingly paranoid since then because I was signed into it for a couple minutes after I made the account before signing out. He couldve signed into it at that time and exposed it to malware. I might sound overly worried and maybe I am, but there was some pretty serious stuff on it like spyware.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-07-2021

Ran by debdeb (administrator) on AASEDD-LAPTOP (ASUSTeK COMPUTER INC. ZenBook UX534FTC_UX534FT) (07-07-2021 19:23:22)

Running from C:UsersdebdebDownloads

Loaded Profiles: debdeb

Platform: Windows 10 Home Version 21H1 19043.1083 (X64) Language: English (United States)

Default browser: Chrome

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(ASUSTek Computer Inc. -> ) C:WindowsSystem32DriverStoreFileRepositoryasusscreenxpertbase.inf_amd64_2d33d03a5678f27aAsusScreenXpertBaseAsusScreenPadService.exe

(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_33c21db80f95a337ASUSLinkRemoteAsusLinkRemote.exe

(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_33c21db80f95a337ASUSSoftwareManagerAsusSoftwareManagerAgent.exe

(ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_33c21db80f95a337ASUSLinkNearAsusLinkNear.exe

(ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_33c21db80f95a337ASUSLinkNearAsusLinkNearExt.exe

(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_33c21db80f95a337ASUSOptimizationAsusOptimization.exe

(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_33c21db80f95a337ASUSOptimizationAsusOptimizationStartupTask.exe

(ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_33c21db80f95a337ASUSOptimizationAsusOSD.exe

(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_33c21db80f95a337ASUSSoftwareManagerAsusSoftwareManager.exe

(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_33c21db80f95a337ASUSSystemAnalysisAsusSystemAnalysis.exe

(ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.) C:WindowsSystem32DriverStoreFileRepositoryasusscreenxpertbase.inf_amd64_2d33d03a5678f27aAsusScreenXpertBaseAsusFeatureService.exe

(ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.) C:WindowsSystem32DriverStoreFileRepositoryasusscreenxpertbase.inf_amd64_2d33d03a5678f27aAsusScreenXpertBaseAsusInitialService.exe

(ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.) C:WindowsSystem32DriverStoreFileRepositoryasusscreenxpertbase.inf_amd64_2d33d03a5678f27aAsusScreenXpertBaseAsusLinkToScreenXpert.exe

(ASUSTeK COMPUTER INC.) C:Program FilesWindowsAppsB9ECED6F.ScreenPadMaster_2.1.16.0_x64__qmba6cd70vzyyAsusScreenPad.exe

(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefender AgentDiscoverySrv.exe

(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefender AgentProductAgentService.exe

(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefender Antivirus Freebdagent.exe

(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefender Antivirus Freebdredline.exe

(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefender Antivirus Freeupdatesrv.exe

(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefender Antivirus Freevsserv.exe

(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefender Antivirus Freevsservppl.exe

(Discord Inc. -> Discord Inc.) C:UsersdebdebAppDataLocalDiscordapp-1.0.9002Discord.exe <6>

(Dropbox, Inc -> Dropbox, Inc.) C:Program Files (x86)DropboxUpdateDropboxUpdate.exe

(Dropbox, Inc -> Dropbox, Inc.) C:WindowsSystem32DbxSvc.exe

(Google LLC -> Google LLC) C:Program Files (x86)GoogleUpdate1.3.36.82GoogleCrashHandler.exe

(Google LLC -> Google LLC) C:Program Files (x86)GoogleUpdate1.3.36.82GoogleCrashHandler64.exe

(Google LLC -> Google LLC) C:Program FilesGoogleChromeApplicationchrome.exe <30>

(ICEpower a/s -> ICEpower A/S) C:WindowsSystem32DriverStoreFileRepositoryicesoundapo64.inf_amd64_a5d3270da26fb113ICEsoundService64.exe

(INTEL CORP) C:Program FilesWindowsAppsAppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6cttGCP.ML.BackgroundSysTrayIGCCTray.exe

(INTEL CORP) C:Program FilesWindowsAppsAppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6cttIGCC.exe

(Intel Corporation -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorydptf_cpu.inf_amd64_f75fa513cf0ccec1esif_uf.exe

(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorydal.inf_amd64_0b214be229a13e84jhi_service.exe

(Intel® pGFX 2020 -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorycui_dch.inf_amd64_f28757245a4f2ef2igfxCUIService.exe

(Intel® pGFX 2020 -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorycui_dch.inf_amd64_f28757245a4f2ef2igfxEM.exe

(Intel® pGFX 2020 -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryigcc_dch.inf_amd64_e860b467f6e0e00cOneApp.IGCC.WinService.exe

(Intel® pGFX 2020 -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryiigd_dch.inf_amd64_4a29ab6b0bf7b411IntelCpHDCPSvc.exe

(Intel® pGFX 2020 -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryiigd_dch.inf_amd64_4a29ab6b0bf7b411IntelCpHeciSvc.exe

(Intel® Rapid Storage Technology -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryiastorac.inf_amd64_5df9b820083f7f5cRstMwService.exe

(Intel® Wireless Connectivity Solutions -> Intel Corporation) C:WindowsSystem32ibtsiva.exe

(Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-MalwareMbamBgNativeMsg.exe

(Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe

(Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-Malwarembamtray.exe

(Microsoft Corporation -> Microsoft Corporation) C:Program FilesCommon Filesmicrosoft sharedClickToRunOfficeClickToRun.exe

(Microsoft Corporation -> Microsoft Corporation) C:Program FilesMicrosoft OfficerootOffice16OUTLOOK.EXE

(Microsoft Corporation -> Microsoft Corporation) C:Program FilesMicrosoft OfficerootOffice16WINWORD.EXE

(Microsoft Corporation -> Microsoft Corporation) C:WindowsMicrosoft.NETFramework64v3.0WPFPresentationFontCache.exe

(Microsoft Corporation -> Sysinternals – www.sysinternals.com) C:UsersdebdebMiscellaneousProcessExplorerprocexp64.exe

(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbweCalculator.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsImmersiveControlPanelSystemSettings.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32cmd.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe <2>

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32MoUsoCoreWorker.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32oobeUserOOBEBroker.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32smartscreen.exe

(Microsoft Windows Hardware Compatibility Publisher -> ASUSTek COMPUTER INC.) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_33c21db80f95a337ASUSSystemDiagnosisAsusSystemDiagnosis.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2105.5-0MsMpEng.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:WindowsSystem32DriverStoreFileRepositorynvam.inf_amd64_cee7dc15b63c43f2Display.NvContainerNVDisplay.Container.exe <2>

(philandro Software GmbH -> AnyDesk Software GmbH) C:Program Files (x86)AnyDeskAnyDesk.exe

(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:WindowsSystem32RtkAudUService64.exe <3>

(Smart Sound Technology -> Intel) C:WindowsSystem32cAVSIntel® Audio ServiceIntelAudioService.exe

(TEFINCOM S.A. -> TEFINCOM S.A.) C:Program FilesNordVPNNordVPN.exe <2>

(TEFINCOM S.A. -> TEFINCOM S.A.) C:Program FilesNordVPNnordvpn-service.exe

 

==================== Registry (Whitelisted) ===================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM…Run: [LogiOptions] => C:Program FilesLogitechLogiOptionsLogiOptions.exe [1667208 2020-11-24] (Logitech Inc -> Logitech, Inc.)

HKLM…Run: [Logitech Download Assistant] => C:WindowsSystem32LogiLDA.dll [3951024 2019-10-11] (Microsoft Windows Hardware Compatibility Publisher -> Logitech, Inc.)

HKLM-x32…Run: [Dropbox] => C:Program Files (x86)DropboxClientDropbox.exe [8107808 2021-07-03] (Dropbox, Inc -> Dropbox, Inc.)

HKUS-1-5-21-3978151933-3707154299-2271688738-1001…Run: [com.squirrel.Teams.Teams] => C:UsersdebdebAppDataLocalMicrosoftTeamsUpdate.exe [2454184 2021-05-17] (Microsoft 3rd Party Application Component -> Microsoft Corporation)

HKLMSoftwareMicrosoftActive SetupInstalled Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:Program FilesGoogleChromeApplication91.0.4472.124Installerchrmstp.exe [2021-06-26] (Google LLC -> Google LLC)

Startup: C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupAnyDesk.lnk [2021-06-17]

ShortcutTarget: AnyDesk.lnk -> C:Program Files (x86)AnyDeskAnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)

 

==================== Scheduled Tasks (Whitelisted) ============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {064141A8-4286-4F3F-815A-8A8E311B10B2} – System32TasksMicrosoftWindowsPLAAsusLinkNear => {FF679DA1-8FF2-4474-9C9E-52BBD409B557} C:WINDOWSsystem32pla.dll [1493504 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

Task: {0D2EA5C1-3F3B-49BC-84E9-5056792325A6} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cleanup => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2105.5-0MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {0D7CF9A5-B35D-4B24-A1CA-360596321FE3} – System32TasksAsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474 => C:WINDOWSSystem32DriverStoreFileRepositoryasussci2.inf_amd64_33c21db80f95a337ASUSSystemAnalysisAsusSystemAnalysis.exe [2560144 2021-06-28] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)

Task: {18228BF3-B437-4AEE-8150-68CD76647B1D} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Verification => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2105.5-0MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {2A3E06AB-6355-4053-B617-7332A827813A} – System32TasksASUS Optimization 36D18D69AFC3 => C:WINDOWSSystem32DriverStoreFileRepositoryasussci2.inf_amd64_33c21db80f95a337ASUSOptimizationAsusHotkeyExec.exe [233624 2021-06-28] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)

Task: {4C318622-AB87-4E1B-B315-671EFA3703D1} – System32TasksASUS Update Checker 2.0 => C:WINDOWSSystem32DriverStoreFileRepositoryasussci2.inf_amd64_33c21db80f95a337ASUSSoftwareManagerAsusUpdateChecker.exe [756808 2021-06-28] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)

Task: {4DB61EDA-63CE-458A-B0DA-FE82508A610D} – System32TasksMicrosoftOfficeOffice Automatic Updates 2.0 => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [22774152 2021-06-06] (Microsoft Corporation -> Microsoft Corporation)

Task: {599B2AA6-92C0-4C43-8DFC-A376971C31E4} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cache Maintenance => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2105.5-0MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {5AB82D65-8004-479D-AD1A-9F83A6225075} – System32TasksMicrosoftWindowsPLA74C0539-0999-4DA9-9D0D-3D016B62F4E9 => {FF679DA1-8FF2-4474-9C9E-52BBD409B557} C:WINDOWSsystem32pla.dll [1493504 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

Task: {5DE0DEA2-2415-4E6B-8A69-C14896623F92} – System32TasksGoogleUpdateTaskMachineCore => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [154440 2021-03-08] (Google LLC -> Google LLC)

Task: {5F36D95A-C301-4ADD-8410-882C44F08E97} – System32TasksMicrosoftOfficeOfficeTelemetryAgentLogOn2016 => C:Program FilesMicrosoft OfficerootOffice16msoia.exe [5064616 2021-06-18] (Microsoft Corporation -> Microsoft Corporation)

Task: {657C65D4-2A4B-4D06-8EBB-21090FF37020} – System32TasksBlueStacksHelper => C:ProgramDataBlueStacksClientHelperBlueStacksHelper.exe [754472 2021-04-05] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)

Task: {68EC4136-0C23-4893-8F4F-E398646A3140} – System32TasksMicrosoftOfficeOffice Feature Updates => C:Program FilesMicrosoft OfficerootOffice16sdxhelper.exe [145760 2021-06-18] (Microsoft Corporation -> Microsoft Corporation)

Task: {6EA11DC5-56D7-42F1-9F82-E5A040DE1881} – System32TasksRtkAudUService64_BG => C:WindowsSystem32RtkAudUService64.exe [1140456 2020-08-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

Task: {7151F325-0BDD-433E-A37B-250CAA7B3C3E} – System32TasksProcess Explorer-DESKTOP-RIMOO18-debdeb => C:USERSDEBDEBMISCELLANEOUSPROCESSEXPLORERPROCEXP64.EXE [1505160 2021-06-28] (Microsoft Corporation -> Sysinternals – www.sysinternals.com)

Task: {77C4665D-6B59-4FB4-B803-136AD6830B07} – System32TasksMicrosoftOfficeOffice ClickToRun Service Monitor => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [22774152 2021-06-06] (Microsoft Corporation -> Microsoft Corporation)

Task: {98DE9F65-0B53-4FE1-9849-6496FC7F73E3} – System32TasksDropboxUpdateTaskMachineCore => C:Program Files (x86)DropboxUpdateDropboxUpdate.exe [143144 2021-05-24] (Dropbox, Inc -> Dropbox, Inc.)

Task: {A29FEDA0-E743-4447-BE4D-B8462C239185} – System32TasksGoogleUpdateTaskMachineUA => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [154440 2021-03-08] (Google LLC -> Google LLC)

Task: {A9B63E12-9D6C-4FAA-AC98-B85AF529F314} – System32TasksBitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:Program FilesBitdefender AgentWatchDog.exe [888232 2021-01-29] (Bitdefender SRL -> Bitdefender)

Task: {B56ABFFD-314C-49E9-A70F-8888D6AE6F2A} – System32TasksDropboxUpdateTaskMachineUA => C:Program Files (x86)DropboxUpdateDropboxUpdate.exe [143144 2021-05-24] (Dropbox, Inc -> Dropbox, Inc.)

Task: {B8A73AD9-BA07-408A-9FFC-DAEC6FB162BC} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Scheduled Scan => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2105.5-0MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {CEABBA0C-EEAC-4C7A-8AE4-850590CB0E37} – System32TasksMicrosoftOfficeOfficeTelemetryAgentFallBack2016 => C:Program FilesMicrosoft OfficerootOffice16msoia.exe [5064616 2021-06-18] (Microsoft Corporation -> Microsoft Corporation)

Task: {D704B8F0-992E-4C04-94C7-91625A7B516A} – System32TasksMicrosoftOfficeOffice Feature Updates Logon => C:Program FilesMicrosoft OfficerootOffice16sdxhelper.exe [145760 2021-06-18] (Microsoft Corporation -> Microsoft Corporation)

Task: {FFD8B3DF-BA9B-452C-8C4B-D722B7BDD2E8} – System32TasksCreateExplorerShellUnelevatedTask => C:Windowsexplorer.exe /NoUACCheck

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:WINDOWSTasksDropboxUpdateTaskMachineCore.job => C:Program Files (x86)DropboxUpdateDropboxUpdate.exe

Task: C:WINDOWSTasksDropboxUpdateTaskMachineUA.job => C:Program Files (x86)DropboxUpdateDropboxUpdate.exe

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

TcpipParameters: [DhcpNameServer] 192.168.4.1

Tcpip..Interfaces{5d7c2cd5-9a75-1ac5-6245-118f1c411193}: [NameServer] 103.86.99.99,103.86.96.96

Tcpip..Interfaces{e10d8a9f-817b-4eb1-b97b-f3fbca184f81}: [DhcpNameServer] 192.168.4.1

 

Edge: 

=======

Edge DefaultProfile: Default

Edge Profile: C:UsersdebdebAppDataLocalMicrosoftEdgeUser DataDefault [2021-06-29]

Edge Extension: (Kaspersky Protection) – C:UsersdebdebAppDataLocalMicrosoftEdgeUser DataDefaultExtensionsahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-06-08]

Edge HKLM-x32…EdgeExtension: [ihcjicgdanjaechkgeegckofjjedodee]

 

FireFox:

========

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:Program FilesMicrosoft OfficerootOffice16NPSPWRAP.DLL [2021-02-14] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Mozilla Firefoxpluginsnpmeetingjoinpluginoc.dll [2021-02-14] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16NPSPWRAP.DLL [2021-02-14] (Microsoft Corporation -> Microsoft Corporation)

 

Chrome: 

=======

CHR DefaultProfile: Default

CHR Profile: C:UsersdebdebAppDataLocalGoogleChromeUser DataDefault [2021-07-07]

CHR Notifications: Default -> hxxps://keep.google.com; hxxps://mail.google.com; hxxps://www.youtube.com

CHR Session Restore: Default -> is enabled.

CHR Extension: (Slides) – C:UsersdebdebAppDataLocalGoogleChromeUser DataDefaultExtensionsaapocclcgogkmnckokdopfmhonfmgoek [2021-02-14]

CHR Extension: (Kaspersky Protection) – C:UsersdebdebAppDataLocalGoogleChromeUser DataDefaultExtensionsahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-06-29]

CHR Extension: (Workona Tab Manager) – C:UsersdebdebAppDataLocalGoogleChromeUser DataDefaultExtensionsailcmbgekjpnablpdkmaaccecekgdhlh [2021-05-13]

CHR Extension: (Docs) – C:UsersdebdebAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [2021-02-14]

CHR Extension: (Google Drive) – C:UsersdebdebAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2021-02-14]

CHR Extension: (YouTube) – C:UsersdebdebAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2021-02-14]

CHR Extension: (TrafficLight) – C:UsersdebdebAppDataLocalGoogleChromeUser DataDefaultExtensionscfnpidifppmenkapgihekkeednfoenal [2021-05-06]

CHR Extension: (uBlock Origin) – C:UsersdebdebAppDataLocalGoogleChromeUser DataDefaultExtensionscjpalhdlnbpafiamejdnhcphjbkeiagm [2021-07-06]

CHR Extension: (Sheets) – C:UsersdebdebAppDataLocalGoogleChromeUser DataDefaultExtensionsfelcaaldnbdncclmgdcncolpebgiejap [2021-02-14]

CHR Extension: (HTTPS Everywhere) – C:UsersdebdebAppDataLocalGoogleChromeUser DataDefaultExtensionsgcbommkclmclpchllfjekcdonpmejbdp [2021-04-19]

CHR Extension: (Google Docs Offline) – C:UsersdebdebAppDataLocalGoogleChromeUser DataDefaultExtensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-29]

CHR Extension: (Malwarebytes Browser Guard) – C:UsersdebdebAppDataLocalGoogleChromeUser DataDefaultExtensionsihcjicgdanjaechkgeegckofjjedodee [2021-06-26]

CHR Extension: (Chrome Web Store Payments) – C:UsersdebdebAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2021-02-14]

CHR Extension: (Gmail) – C:UsersdebdebAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2021-02-14]

CHR Extension: (Chrome Media Router) – C:UsersdebdebAppDataLocalGoogleChromeUser DataDefaultExtensionspkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-06]

CHR Profile: C:UsersdebdebAppDataLocalGoogleChromeUser DataGuest Profile [2021-03-27]

CHR Profile: C:UsersdebdebAppDataLocalGoogleChromeUser DataProfile 1 [2021-03-27]

CHR Extension: (Slides) – C:UsersdebdebAppDataLocalGoogleChromeUser DataProfile 1Extensionsaapocclcgogkmnckokdopfmhonfmgoek [2021-03-22]

CHR Extension: (Kaspersky Protection) – C:UsersdebdebAppDataLocalGoogleChromeUser DataProfile 1Extensionsahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-03-22]

CHR Extension: (Docs) – C:UsersdebdebAppDataLocalGoogleChromeUser DataProfile 1Extensionsaohghmighlieiainnegkcijnfilokake [2021-03-22]

CHR Extension: (Google Drive) – C:UsersdebdebAppDataLocalGoogleChromeUser DataProfile 1Extensionsapdfllckaahabafndbhieahigkjlhalf [2021-03-22]

CHR Extension: (YouTube) – C:UsersdebdebAppDataLocalGoogleChromeUser DataProfile 1Extensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2021-03-22]

CHR Extension: (Sheets) – C:UsersdebdebAppDataLocalGoogleChromeUser DataProfile 1Extensionsfelcaaldnbdncclmgdcncolpebgiejap [2021-03-22]

CHR Extension: (Google Docs Offline) – C:UsersdebdebAppDataLocalGoogleChromeUser DataProfile 1Extensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-22]

CHR Extension: (Malwarebytes Browser Guard) – C:UsersdebdebAppDataLocalGoogleChromeUser DataProfile 1Extensionsihcjicgdanjaechkgeegckofjjedodee [2021-03-22]

CHR Extension: (Chrome Web Store Payments) – C:UsersdebdebAppDataLocalGoogleChromeUser DataProfile 1Extensionsnmmhkkegccagdldgiimedpiccmgmieda [2021-03-22]

CHR Extension: (Gmail) – C:UsersdebdebAppDataLocalGoogleChromeUser DataProfile 1Extensionspjkljhegncpnkpknbcohdijeoejaedia [2021-03-22]

CHR Extension: (Chrome Media Router) – C:UsersdebdebAppDataLocalGoogleChromeUser DataProfile 1Extensionspkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-22]

CHR Profile: C:UsersdebdebAppDataLocalGoogleChromeUser DataSystem Profile [2021-03-27]

CHR HKLM-x32…ChromeExtension: [ihcjicgdanjaechkgeegckofjjedodee]

 

==================== Services (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AnyDesk; C:Program Files (x86)AnyDeskAnyDesk.exe [3765992 2021-06-17] (philandro Software GmbH -> AnyDesk Software GmbH)

R2 ASUSLinkNear; C:WINDOWSSystem32DriverStoreFileRepositoryasussci2.inf_amd64_33c21db80f95a337ASUSLinkNearAsusLinkNear.exe [1290896 2021-06-28] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)

R2 ASUSLinkNearExt; C:WINDOWSSystem32DriverStoreFileRepositoryasussci2.inf_amd64_33c21db80f95a337ASUSLinkNearAsusLinkNearExt.exe [142464 2021-06-28] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)

R2 ASUSLinkRemote; C:WINDOWSSystem32DriverStoreFileRepositoryasussci2.inf_amd64_33c21db80f95a337ASUSLinkRemoteAsusLinkRemote.exe [793744 2021-06-28] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)

R2 ASUSOptimization; C:WINDOWSSystem32DriverStoreFileRepositoryasussci2.inf_amd64_33c21db80f95a337ASUSOptimizationAsusOptimization.exe [336536 2021-06-28] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)

R2 AsusScreenXpert; C:WINDOWSSystem32DriverStoreFileRepositoryasusscreenxpertbase.inf_amd64_2d33d03a5678f27aAsusScreenXpertBaseAsusInitialService.exe [1295960 2021-05-10] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)

R2 ASUSSoftwareManager; C:WINDOWSSystem32DriverStoreFileRepositoryasussci2.inf_amd64_33c21db80f95a337ASUSSoftwareManagerAsusSoftwareManager.exe [944256 2021-06-28] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)

R2 ASUSSystemAnalysis; C:WINDOWSSystem32DriverStoreFileRepositoryasussci2.inf_amd64_33c21db80f95a337ASUSSystemAnalysisAsusSystemAnalysis.exe [2560144 2021-06-28] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)

R2 ASUSSystemDiagnosis; C:WINDOWSSystem32DriverStoreFileRepositoryasussci2.inf_amd64_33c21db80f95a337ASUSSystemDiagnosisAsusSystemDiagnosis.exe [885664 2021-06-28] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek COMPUTER INC.)

R2 bdredline; C:Program FilesBitdefender Antivirus Freebdredline.exe [2461792 2019-03-27] (Bitdefender SRL -> Bitdefender)

R2 ClickToRunSvc; C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeClickToRun.exe [8929688 2021-06-06] (Microsoft Corporation -> Microsoft Corporation)

S2 dbupdate; C:Program Files (x86)DropboxUpdateDropboxUpdate.exe [143144 2021-05-24] (Dropbox, Inc -> Dropbox, Inc.)

S3 dbupdatem; C:Program Files (x86)DropboxUpdateDropboxUpdate.exe [143144 2021-05-24] (Dropbox, Inc -> Dropbox, Inc.)

R2 DbxSvc; C:WINDOWSsystem32DbxSvc.exe [44328 2021-07-03] (Dropbox, Inc -> Dropbox, Inc.)

S3 KSDE5.3; C:Program Files (x86)Kaspersky LabKaspersky VPN 5.3ksde.exe [646520 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

R2 MBAMService; C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe [7462200 2021-07-03] (Malwarebytes Inc -> Malwarebytes)

R2 nordvpn-service; C:Program FilesNordVPNnordvpn-service.exe [277688 2021-06-09] (TEFINCOM S.A. -> TEFINCOM S.A.)

R2 ProductAgentService; C:Program FilesBitdefender AgentProductAgentService.exe [1358248 2021-01-29] (Bitdefender SRL -> Bitdefender)

R2 updatesrv; C:Program FilesBitdefender Antivirus Freeupdatesrv.exe [236128 2020-11-26] (Bitdefender SRL -> Bitdefender)

S3 VBoxSDS; C:Program FilesOracleVirtualBoxVBoxSDS.exe [746688 2021-04-28] (Oracle Corporation -> Oracle Corporation)

R2 vsserv; C:Program FilesBitdefender Antivirus Freevsserv.exe [559200 2021-04-02] (Bitdefender SRL -> Bitdefender)

R2 vsservppl; C:Program FilesBitdefender Antivirus Freevsservppl.exe [240352 2020-11-26] (Bitdefender SRL -> Bitdefender)

S3 WdNisSvc; C:ProgramDataMicrosoftWindows Defenderplatform4.18.2105.5-0NisSrv.exe [2644776 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 WinDefend; C:ProgramDataMicrosoftWindows Defenderplatform4.18.2105.5-0MsMpEng.exe [136656 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 NVDisplay.ContainerLocalSystem; C:WINDOWSSystem32DriverStoreFileRepositorynvam.inf_amd64_cee7dc15b63c43f2Display.NvContainerNVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%NVIDIANVDisplay.ContainerLocalSystem.log -l 3 -d C:WINDOWSSystem32DriverStoreFileRepositorynvam.inf_amd64_cee7dc15b63c43f2Display.NvContainerpluginsLocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystemLocalSystem

 

===================== Drivers (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 ANXUcmCxCD; C:WINDOWSSystem32driversANXUcmCxCD.sys [101592 2020-06-30] (Analogix Semiconductor, Inc. -> )

R1 ASUSSAIO; C:WINDOWSSystem32DriverStoreFileRepositoryasussci2.inf_amd64_33c21db80f95a337ASUSSystemAnalysisASUSSAIO.sys [39056 2021-06-28] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)

R1 atc; C:WINDOWSSystem32DRIVERSatc.sys [2718744 2021-02-26] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)

R1 ATKWMIACPIIO; C:WINDOWSSystem32DriverStoreFileRepositoryasussci2.inf_amd64_33c21db80f95a337ASUSOptimizationatkwmiacpi64.sys [44696 2021-06-28] (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.)

R2 BdDci; C:WINDOWSsystem32DRIVERSbddci.sys [802976 2020-12-04] (Bitdefender SRL -> Bitdefender)

S0 bdelam; C:WINDOWSSystem32driversbdelam.sys [22976 2020-12-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)

R2 BlueStacksDrv; C:Program FilesBlueStacksBstkDrv_bgp.sys [315976 2020-10-04] (Bluestack Systems, Inc -> Bluestack System Inc.)

S3 edrsensor; C:WINDOWSSystem32DRIVERSedrsensor.sys [309120 2020-02-03] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)

R1 ESProtectionDriver; C:WINDOWSsystem32driversmbae64.sys [199128 2021-03-30] (Malwarebytes Inc -> Malwarebytes)

R1 Gemma; C:WINDOWSSystem32DRIVERSgemma.sys [488592 2021-02-16] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)

R3 kltap; C:WINDOWSSystem32driverskltap.sys [55592 2021-02-19] (AnchorFree Inc -> The OpenVPN Project)

R0 MBAMChameleon; C:WINDOWSSystem32DriversMbamChameleon.sys [220752 2021-07-03] (Malwarebytes Inc -> Malwarebytes)

S0 MbamElam; C:WINDOWSSystem32DRIVERSMbamElam.sys [19912 2021-02-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)

R3 MBAMFarflt; C:WINDOWSSystem32DRIVERSfarflt.sys [198888 2021-07-07] (Malwarebytes Inc -> Malwarebytes)

R3 MBAMProtection; C:WINDOWSsystem32DRIVERSmbam.sys [69016 2021-07-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R3 MBAMSwissArmy; C:WINDOWSSystem32Driversmbamswissarmy.sys [248992 2021-06-26] (Malwarebytes Inc -> Malwarebytes)

R3 MBAMWebProtection; C:WINDOWSsystem32DRIVERSmwac.sys [156880 2021-07-07] (Malwarebytes Inc -> Malwarebytes)

R3 NDivert; C:WINDOWSSystem32driversNDivert.sys [105184 2021-02-22] (TEFINCOM S.A. -> )

R3 nlwt; C:WINDOWSsystem32DRIVERSnlwt.sys [39360 2021-03-27] (TEFINCOM S.A. -> WireGuard LLC)

R1 nordlwf; C:WINDOWSsystem32DRIVERSnordlwf.sys [38608 2020-12-14] (TEFINCOM S.A. -> TEFINCOM S.A.)

R3 tapnordvpn; C:WINDOWSSystem32driverstapnordvpn.sys [44896 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project)

R2 trufos; C:WINDOWSSystem32driverstrufos.sys [641728 2021-02-26] (Bitdefender SRL -> Bitdefender)

R3 VBoxNetAdp; C:WINDOWSsystem32DRIVERSVBoxNetAdp6.sys [239616 2021-04-28] (Oracle Corporation -> Oracle Corporation)

R1 VBoxNetLwf; C:WINDOWSsystem32DRIVERSVBoxNetLwf.sys [249536 2021-04-28] (Oracle Corporation -> Oracle Corporation)

R0 vlflt; C:WINDOWSSystem32DRIVERSvlflt.sys [386800 2020-10-20] (Bitdefender SRL -> Bitdefender)

S0 WdBoot; C:WINDOWSSystem32driverswdWdBoot.sys [49568 2021-06-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

R0 WdFilter; C:WINDOWSSystem32driverswdWdFilter.sys [425184 2021-06-12] (Microsoft Windows -> Microsoft Corporation)

S3 WdNisDrv; C:WINDOWSSystem32driverswdWdNisDrv.sys [76000 2021-06-12] (Microsoft Windows -> Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One month (created) (Whitelisted) =========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2021-07-07 19:23 – 2021-07-07 19:23 – 000030581 _____ C:UsersdebdebDownloadsFRST.txt

2021-07-07 19:20 – 2021-07-07 19:21 – 002301440 _____ (Farbar) C:UsersdebdebDownloadsFRST64.exe

2021-07-07 03:14 – 2021-07-07 03:14 – 000198888 _____ (Malwarebytes) C:WINDOWSsystem32Driversfarflt.sys

2021-07-07 03:14 – 2021-07-07 03:14 – 000156880 _____ (Malwarebytes) C:WINDOWSsystem32Driversmwac.sys

2021-07-07 03:14 – 2021-07-07 03:14 – 000069016 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbam.sys

2021-07-07 01:34 – 2021-07-07 01:34 – 000011351 _____ C:WINDOWSsystem32DrtmAuthTxt.wim

2021-07-06 20:10 – 2021-07-06 20:10 – 000255928 _____ (Malwarebytes) C:WINDOWSsystem32Drivers316776AA.sys

2021-07-06 20:07 – 2021-07-06 20:08 – 000066108 _____ C:TDSSKiller.3.1.0.28_06.07.2021_20.07.37_log.txt

2021-07-06 19:35 – 2021-07-06 19:35 – 105729392 _____ (AO Kaspersky Lab) C:UsersdebdebDownloadsKVRT.exe

2021-07-06 16:54 – 2021-07-06 16:54 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsDropbox

2021-07-03 19:23 – 2021-07-03 19:23 – 000220752 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamChameleon.sys

2021-07-03 06:58 – 2021-07-03 06:58 – 000047600 _____ (Dropbox, Inc.) C:WINDOWSsystem32Driversdbx-stable.sys

2021-07-03 06:58 – 2021-07-03 06:58 – 000047600 _____ (Dropbox, Inc.) C:WINDOWSsystem32Driversdbx-dev.sys

2021-07-03 06:58 – 2021-07-03 06:58 – 000047600 _____ (Dropbox, Inc.) C:WINDOWSsystem32Driversdbx-canary.sys

2021-07-03 06:58 – 2021-07-03 06:58 – 000044328 _____ (Dropbox, Inc.) C:WINDOWSsystem32DbxSvc.exe

2021-07-01 19:02 – 2021-07-01 19:02 – 000000004 _____ C:UsersdebdebDocumentsHugo Credit Card Pin.txt

2021-07-01 17:25 – 2021-07-01 17:25 – 000003384 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineCore1d76228f4f9204

2021-07-01 00:30 – 2021-07-01 00:30 – 003047565 _____ C:UsersdebdebDocumentsbdsyslog.zip

2021-07-01 00:21 – 2021-07-01 00:21 – 011693456 _____ (Bitdefender S.R.L.) C:UsersdebdebDownloadsBDSysLog_i.exe

2021-06-30 23:28 – 2021-06-30 23:28 – 000255928 _____ (Malwarebytes) C:WINDOWSsystem32Drivers7577D305.sys

2021-06-30 23:10 – 2021-06-30 23:10 – 000006974 _____ C:TDSSKiller.3.1.0.28_30.06.2021_23.10.26_log.txt

2021-06-29 22:08 – 2021-06-29 22:08 – 000087812 _____ C:ProgramDataagent.update.1625018908.bdinstall.v2.bin

2021-06-29 22:06 – 2021-06-29 22:06 – 000003802 _____ C:WINDOWSsystem32TasksBitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864

2021-06-29 22:06 – 2021-06-29 22:06 – 000001196 _____ C:UsersdebdebAppDataRoamingMicrosoftWindowsStart MenuProgramsBitdefender Antivirus Free.lnk

2021-06-29 22:06 – 2020-12-18 02:37 – 000022976 _____ (Bitdefender) C:WINDOWSsystem32Driversbdelam.sys

2021-06-29 22:05 – 2021-07-07 19:24 – 000000000 ____D C:Program FilesBitdefender Antivirus Free

2021-06-29 22:05 – 2021-02-26 18:31 – 000641728 _____ (Bitdefender) C:WINDOWSsystem32Driverstrufos.sys

2021-06-29 22:05 – 2021-02-26 13:40 – 002718744 _____ (Bitdefender S.R.L. Bucharest, ROMANIA) C:WINDOWSsystem32Driversatc.sys

2021-06-29 22:05 – 2021-02-16 15:31 – 000488592 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:WINDOWSsystem32Driversgemma.sys

2021-06-29 22:05 – 2020-12-04 15:15 – 000802976 _____ (Bitdefender) C:WINDOWSsystem32Driversbddci.sys

2021-06-29 22:05 – 2020-10-20 13:18 – 000386800 _____ (Bitdefender) C:WINDOWSsystem32Driversvlflt.sys

2021-06-29 22:05 – 2020-02-03 16:53 – 000309120 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:WINDOWSsystem32Driversedrsensor.sys

2021-06-29 22:04 – 2021-06-29 22:08 – 000000000 ____D C:Program FilesBitdefender Agent

2021-06-29 22:04 – 2021-06-29 22:04 – 000116872 _____ C:ProgramDataagent.1625018640.bdinstall.v2.bin

2021-06-26 22:19 – 2021-06-26 22:19 – 002371072 _____ C:WINDOWSsystem32rdpnano.dll

2021-06-26 22:19 – 2021-06-26 22:19 – 002260992 _____ C:WINDOWSsystem32TextInputMethodFormatter.dll

2021-06-26 22:19 – 2021-06-26 22:19 – 001823304 _____ (Microsoft Corporation) C:WINDOWSsystem32winload.efi

2021-06-26 22:19 – 2021-06-26 22:19 – 001393504 _____ (Microsoft Corporation) C:WINDOWSsystem32winresume.efi

2021-06-26 22:19 – 2021-06-26 22:19 – 001314128 _____ (Microsoft Corporation) C:WINDOWSsystem32SecConfig.efi

2021-06-26 22:19 – 2021-06-26 22:19 – 000570880 _____ (Microsoft Corporation) C:WINDOWSsystem32inetcpl.cpl

2021-06-26 22:19 – 2021-06-26 22:19 – 000452608 _____ (Microsoft Corporation) C:WINDOWSSysWOW64inetcpl.cpl

2021-06-26 22:19 – 2021-06-26 22:19 – 000097792 _____ C:WINDOWSsystem32Driverscimfs.sys

2021-06-26 22:19 – 2021-06-26 22:19 – 000084992 _____ (Microsoft Corporation) C:WINDOWSsystem32wscui.cpl

2021-06-26 22:19 – 2021-06-26 22:19 – 000067584 _____ (Microsoft Corporation) C:WINDOWSSysWOW64wscui.cpl

2021-06-26 22:19 – 2021-06-26 22:19 – 000060928 _____ C:WINDOWSsystem32runexehelper.exe

2021-06-26 22:11 – 2021-06-26 22:11 – 000000094 _____ C:UsersdebdebDocumentswin sup link.txt

2021-06-17 21:57 – 2021-06-17 21:57 – 000000000 ____D C:UsersdebdebVirtualBox VMs

2021-06-17 19:32 – 2021-06-26 22:16 – 000000000 ____D C:Usersdebdeb.VirtualBox

2021-06-17 19:32 – 2021-06-26 22:16 – 000000000 ____D C:ProgramDataVirtualBox

2021-06-17 19:32 – 2021-06-17 19:32 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsOracle VM VirtualBox

2021-06-17 19:32 – 2021-06-17 19:32 – 000000000 ____D C:Program FilesOracle

2021-06-17 19:32 – 2021-04-28 14:27 – 000187648 _____ (Oracle Corporation) C:WINDOWSsystem32DriversVBoxUSBMon.sys

2021-06-17 19:32 – 2021-04-28 14:26 – 001038080 _____ (Oracle Corporation) C:WINDOWSsystem32DriversVBoxDrv.sys

2021-06-17 19:19 – 2021-07-07 00:28 – 000000000 ____D C:Program Files (x86)AnyDesk

2021-06-17 19:19 – 2021-06-17 22:10 – 000000000 ____D C:UsersdebdebAppDataRoamingAnyDesk

2021-06-17 19:19 – 2021-06-17 19:22 – 000000000 ____D C:ProgramDataAnyDesk

2021-06-17 19:19 – 2021-06-17 19:19 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsAnyDesk

2021-06-15 22:07 – 2021-06-15 22:07 – 000001074 _____ C:UsersdebdebDocumentswhy sleep poor (chinese reason) and why bent back.txt

2021-06-15 20:46 – 2021-06-15 20:48 – 000000000 ____D C:WINDOWSsystem32configbbimigrate

2021-06-15 20:45 – 2021-06-15 20:46 – 000000000 ____D C:WINDOWSServiceProfiles

2021-06-15 20:45 – 2021-06-15 20:45 – 000008192 _____ C:WINDOWSsystem32configuserdiff

2021-06-15 20:42 – 2021-06-15 20:42 – 002755584 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mshtml.tlb

2021-06-15 20:42 – 2021-06-15 20:42 – 002755584 _____ (Microsoft Corporation) C:WINDOWSsystem32mshtml.tlb

2021-06-15 20:42 – 2021-06-15 20:42 – 002260480 _____ (The ICU Project) C:WINDOWSsystem32icu.dll

2021-06-15 20:42 – 2021-06-15 20:42 – 001864192 _____ (The ICU Project) C:WINDOWSSysWOW64icu.dll

2021-06-15 20:42 – 2021-06-15 20:42 – 001687040 _____ C:WINDOWSsystem32libcrypto.dll

2021-06-15 20:42 – 2021-06-15 20:42 – 001163776 _____ C:WINDOWSsystem32MBR2GPT.EXE

2021-06-15 20:42 – 2021-06-15 20:42 – 000700928 _____ C:WINDOWSsystem32FsNVSDeviceSource.dll

2021-06-15 20:42 – 2021-06-15 20:42 – 000657464 _____ C:WINDOWSsystem32WindowManagementAPI.dll

2021-06-15 20:42 – 2021-06-15 20:42 – 000563712 _____ (Microsoft Corporation) C:WINDOWSsystem32winspool.drv

2021-06-15 20:42 – 2021-06-15 20:42 – 000468440 _____ C:WINDOWSSysWOW64WindowManagementAPI.dll

2021-06-15 20:42 – 2021-06-15 20:42 – 000423936 _____ (Microsoft Corporation) C:WINDOWSSysWOW64winspool.drv

2021-06-15 20:42 – 2021-06-15 20:42 – 000287232 _____ C:WINDOWSsystem32CoreMas.dll

2021-06-15 20:42 – 2021-06-15 20:42 – 000272384 _____ C:WINDOWSsystem32TpmTool.exe

2021-06-15 20:42 – 2021-06-15 20:42 – 000223744 _____ C:WINDOWSSysWOW64TpmTool.exe

2021-06-15 20:42 – 2021-06-15 20:42 – 000165888 _____ C:WINDOWSsystem32DataStoreCacheDumpTool.exe

2021-06-15 20:42 – 2021-06-15 20:42 – 000013312 _____ C:WINDOWSsystem32agentactivationruntimestarter.exe

2021-06-15 20:38 – 2021-06-15 20:38 – 000000000 ____D C:WINDOWSsystem32Intel

2021-06-15 20:38 – 2021-06-15 20:38 – 000000000 ____D C:WINDOWSsystem32cAVS

2021-06-15 20:37 – 2021-06-15 20:37 – 000000000 ____D C:Program FilesReference Assemblies

2021-06-15 20:37 – 2021-06-15 20:37 – 000000000 ____D C:Program FilesMSBuild

2021-06-15 20:37 – 2021-06-15 20:37 – 000000000 ____D C:Program Files (x86)Reference Assemblies

2021-06-15 20:37 – 2021-06-15 20:37 – 000000000 ____D C:Program Files (x86)MSBuild

2021-06-15 17:04 – 2021-06-15 17:04 – 000000000 ____D C:ProgramDataMicrosoft OneDrive

2021-06-15 17:02 – 2021-06-15 17:02 – 000000020 ___SH C:Usersdebdebntuser.ini

2021-06-15 16:57 – 2021-07-07 03:18 – 000840598 _____ C:WINDOWSsystem32PerfStringBackup.INI

2021-06-15 16:54 – 2021-07-07 03:21 – 000003752 _____ C:WINDOWSsystem32TasksAsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474

2021-06-15 16:54 – 2021-07-07 03:14 – 000000006 ____H C:WINDOWSTasksSA.DAT

2021-06-15 16:54 – 2021-07-06 19:37 – 000004122 _____ C:WINDOWSsystem32TasksASUS Update Checker 2.0

2021-06-15 16:54 – 2021-07-06 11:03 – 000003764 _____ C:WINDOWSsystem32TasksASUS Optimization 36D18D69AFC3

2021-06-15 16:54 – 2021-07-01 17:25 – 000003480 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineUA

2021-06-15 16:54 – 2021-06-27 20:15 – 000003378 _____ C:WINDOWSsystem32TasksOneDrive Standalone Update Task-S-1-5-21-3978151933-3707154299-2271688738-1001

2021-06-15 16:54 – 2021-06-23 21:18 – 000003996 _____ C:WINDOWSsystem32TasksDropboxUpdateTaskMachineUA

2021-06-15 16:54 – 2021-06-23 21:18 – 000003764 _____ C:WINDOWSsystem32TasksDropboxUpdateTaskMachineCore

2021-06-15 16:54 – 2021-06-15 16:54 – 000003346 _____ C:WINDOWSsystem32TasksGoogleUpdateTaskMachineUA

2021-06-15 16:54 – 2021-06-15 16:54 – 000003184 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineCore

2021-06-15 16:54 – 2021-06-15 16:54 – 000003122 _____ C:WINDOWSsystem32TasksGoogleUpdateTaskMachineCore

2021-06-15 16:54 – 2021-06-15 16:54 – 000003026 _____ C:WINDOWSsystem32TasksBlueStacksHelper

2021-06-15 16:54 – 2021-06-15 16:54 – 000002858 _____ C:WINDOWSsystem32TasksOneDrive Standalone Update Task-S-1-5-21-3978151933-3707154299-2271688738-500

2021-06-15 16:54 – 2021-06-15 16:54 – 000002590 _____ C:WINDOWSsystem32TasksCreateExplorerShellUnelevatedTask

2021-06-15 16:54 – 2021-06-15 16:54 – 000002546 _____ C:WINDOWSsystem32TasksProcess Explorer-DESKTOP-RIMOO18-debdeb

2021-06-15 16:54 – 2021-06-15 16:54 – 000002314 _____ C:WINDOWSsystem32TasksRtkAudUService64_BG

2021-06-15 16:54 – 2021-06-15 16:54 – 000000000 ____D C:WINDOWSsystem32TasksIntel

2021-06-15 16:54 – 2021-06-15 16:54 – 000000000 ____D C:WINDOWSsystem32TasksAgent Activation Runtime

2021-06-15 16:54 – 2020-11-19 03:38 – 000003394 _____ C:WINDOWSsystem32TasksOneDrive Standalone Update Task-S-1-5-21-3538912014-3826891016-3662973680-500

2021-06-15 16:53 – 2021-06-15 16:54 – 000007623 _____ C:WINDOWSdiagwrn.xml

2021-06-15 16:53 – 2021-06-15 16:54 – 000007623 _____ C:WINDOWSdiagerr.xml

2021-06-15 16:49 – 2021-06-27 20:15 – 000002386 _____ C:UsersdebdebAppDataRoamingMicrosoftWindowsStart MenuProgramsOneDrive.lnk

2021-06-15 16:49 – 2021-06-26 22:25 – 000000000 ____D C:Usersdebdeb

2021-06-15 16:48 – 2021-07-07 19:16 – 000000000 ____D C:WINDOWSsystem32SleepStudy

2021-06-15 16:48 – 2021-06-26 22:23 – 000435384 _____ C:WINDOWSsystem32FNTCACHE.DAT

2021-06-15 15:57 – 2021-06-26 19:41 – 000000000 ___DC C:WINDOWSPanther

2021-06-15 15:48 – 2021-06-15 15:48 – 000000000 ___HD C:$Windows.~WS

2021-06-11 18:08 – 2021-04-29 03:33 – 001855208 _____ C:WINDOWSsystem32vulkaninfo-1-999-0-0-0.exe

2021-06-11 18:08 – 2021-04-29 03:33 – 001855208 _____ C:WINDOWSsystem32vulkaninfo.exe

2021-06-11 18:08 – 2021-04-29 03:33 – 001435880 _____ C:WINDOWSSysWOW64vulkaninfo-1-999-0-0-0.exe

2021-06-11 18:08 – 2021-04-29 03:33 – 001435880 _____ C:WINDOWSSysWOW64vulkaninfo.exe

2021-06-11 18:08 – 2021-04-29 03:32 – 001452336 _____ (Khronos Group) C:WINDOWSsystem32OpenCL.dll

2021-06-11 18:08 – 2021-04-29 03:32 – 001191728 _____ (Khronos Group) C:WINDOWSSysWOW64OpenCL.dll

2021-06-11 18:08 – 2021-04-29 03:32 – 001094872 _____ C:WINDOWSsystem32vulkan-1-999-0-0-0.dll

2021-06-11 18:08 – 2021-04-29 03:32 – 001094872 _____ C:WINDOWSsystem32vulkan-1.dll

2021-06-11 18:08 – 2021-04-29 03:32 – 000948952 _____ C:WINDOWSSysWOW64vulkan-1-999-0-0-0.dll

2021-06-11 18:08 – 2021-04-29 03:32 – 000948952 _____ C:WINDOWSSysWOW64vulkan-1.dll

2021-06-11 18:08 – 2021-04-29 03:29 – 001511216 _____ (NVIDIA Corporation) C:WINDOWSsystem32NvIFR64.dll

2021-06-11 18:08 – 2021-04-29 03:29 – 001163568 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64NvIFR.dll

2021-06-11 18:08 – 2021-04-29 03:29 – 000690464 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvidia-smi.exe

2021-06-11 18:08 – 2021-04-29 03:29 – 000678704 _____ C:WINDOWSsystem32nvofapi64.dll

2021-06-11 18:08 – 2021-04-29 03:29 – 000671536 _____ (NVIDIA Corporation) C:WINDOWSsystem32NvIFROpenGL.dll

2021-06-11 18:08 – 2021-04-29 03:29 – 000612144 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvml.dll

2021-06-11 18:08 – 2021-04-29 03:29 – 000556832 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64NvIFROpenGL.dll

2021-06-11 18:08 – 2021-04-29 03:29 – 000546080 _____ C:WINDOWSSysWOW64nvofapi.dll

2021-06-11 18:08 – 2021-04-29 03:28 – 002102560 _____ (NVIDIA Corporation) C:WINDOWSsystem32NvFBC64.dll

2021-06-11 18:08 – 2021-04-29 03:28 – 001587488 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64NvFBC.dll

2021-06-11 18:08 – 2021-04-29 03:27 – 008306456 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvcuvid.dll

2021-06-11 18:08 – 2021-04-29 03:27 – 007429912 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvcuvid.dll

2021-06-11 18:08 – 2021-04-29 03:27 – 004610328 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvcuda.dll

2021-06-11 18:08 – 2021-04-29 03:27 – 002729752 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvcuda.dll

2021-06-11 18:08 – 2021-04-29 03:27 – 000811808 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvEncodeAPI64.dll

2021-06-11 18:08 – 2021-04-29 03:27 – 000655648 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvEncodeAPI.dll

2021-06-11 18:08 – 2021-04-29 03:27 – 000445208 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvdebugdump.exe

2021-06-11 18:08 – 2021-04-29 03:26 – 005636376 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvcpl.dll

2021-06-11 18:08 – 2021-04-29 03:25 – 000848672 _____ (NVIDIA Corporation) C:WINDOWSsystem32MCU.exe

2021-06-11 18:08 – 2021-04-29 03:24 – 007120344 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvapi64.dll

2021-06-11 18:08 – 2021-04-29 03:24 – 006076552 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvapi.dll

2021-06-11 18:08 – 2021-04-29 02:59 – 000084514 _____ C:WINDOWSsystem32nvinfo.pb

2021-06-07 00:06 – 2021-06-11 17:52 – 000001386 _____ C:UsersdebdebDocumentslaptop issues.txt

 

==================== One month (modified) ==================

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2021-07-07 19:23 – 2021-03-28 17:24 – 000000000 ____D C:FRST

2021-07-07 19:23 – 2019-12-07 05:14 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft

2021-07-07 19:18 – 2021-02-14 14:47 – 000000000 ____D C:UsersdebdebAppDataRoamingdiscord

2021-07-07 19:18 – 2021-02-14 14:47 – 000000000 ____D C:UsersdebdebAppDataLocalDiscord

2021-07-07 19:16 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32WinBioDatabase

2021-07-07 10:14 – 2021-02-14 00:06 – 000000000 __SHD C:UsersdebdebIntelGraphicsProfiles

2021-07-07 03:18 – 2019-12-07 05:13 – 000000000 ____D C:WINDOWSINF

2021-07-07 03:14 – 2021-02-13 23:57 – 000000000 ____D C:Intel

2021-07-07 03:14 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSServiceState

2021-07-07 03:13 – 2021-02-13 23:26 – 000008192 ___SH C:DumpStack.log.tmp

2021-07-07 03:13 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSbcastdvr

2021-07-07 03:13 – 2019-12-07 05:03 – 000524288 _____ C:WINDOWSsystem32configBBI

2021-07-07 01:36 – 2019-12-07 05:03 – 000000000 ____D C:WINDOWSCbsTemp

2021-07-06 22:04 – 2019-12-07 05:03 – 000032768 _____ C:WINDOWSsystem32configELAM

2021-07-06 21:20 – 2021-02-16 00:18 – 000000000 ____D C:UsersdebdebAppDataLocalCrashDumps

2021-07-06 20:53 – 2021-02-18 00:28 – 000000000 ____D C:ProgramDataMalwarebytes’ Anti-Malware (portable)

2021-07-06 19:37 – 2021-03-27 17:38 – 000000000 ____D C:KVRT2020_Data

2021-07-06 16:57 – 2021-05-24 17:44 – 000000000 ____D C:Program Files (x86)Dropbox

2021-07-06 11:04 – 2019-12-07 05:14 – 000000000 ___HD C:Program FilesWindowsApps

2021-07-06 11:04 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSAppReadiness

2021-07-04 21:52 – 2021-02-28 00:35 – 000036192 _____ (Sysinternals – www.sysinternals.com) C:WINDOWSsystem32DriversPROCEXP152.SYS

2021-07-04 13:30 – 2021-02-14 15:04 – 000000000 ____D C:UsersdebdebMiscellaneous

2021-07-03 19:23 – 2021-02-14 01:19 – 000002033 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes.lnk

2021-07-03 06:29 – 2020-11-19 03:32 – 000002438 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk

2021-07-01 00:22 – 2021-02-15 19:19 – 000640768 _____ (Bitdefender) C:WINDOWSsystem32Driverstrufosalt.sys

2021-06-30 22:37 – 2021-02-15 23:15 – 000000000 ____D C:Program FilesCommon FilesAV

2021-06-29 22:06 – 2019-12-07 05:14 – 000000000 ___HD C:WINDOWSELAMBKUP

2021-06-29 21:59 – 2021-04-22 17:55 – 000000000 ____D C:ProgramDataKaspersky Lab

2021-06-29 21:59 – 2021-04-22 17:55 – 000000000 ____D C:Program Files (x86)Kaspersky Lab

2021-06-29 21:17 – 2021-02-13 23:41 – 000000000 ____D C:UsersdebdebAppDataLocalElevatedDiagnostics

2021-06-28 21:32 – 2021-02-13 23:44 – 000000000 ____D C:UsersdebdebAppDataLocalD3DSCache

2021-06-27 20:15 – 2021-04-01 16:05 – 000000000 ____D C:ProgramDataRiot Games

2021-06-27 20:15 – 2021-02-13 23:37 – 000000000 ___RD C:UsersdebdebOneDrive

2021-06-27 15:08 – 2021-05-22 22:50 – 000054806 _____ C:WINDOWSsystem32battery-report.html

2021-06-26 22:22 – 2019-12-07 05:14 – 000000000 ___RD C:WINDOWSImmersiveControlPanel

2021-06-26 22:22 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSysWOW64setup

2021-06-26 22:22 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSysWOW64oobe

2021-06-26 22:22 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSysWOW64Dism

2021-06-26 22:22 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSystemResources

2021-06-26 22:22 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32setup

2021-06-26 22:22 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32oobe

2021-06-26 22:22 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32Dism

2021-06-26 22:22 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSProvisioning

2021-06-26 21:18 – 2021-05-24 17:44 – 000000936 _____ C:WINDOWSTasksDropboxUpdateTaskMachineUA.job

2021-06-26 21:18 – 2021-05-24 17:44 – 000000932 _____ C:WINDOWSTasksDropboxUpdateTaskMachineCore.job

2021-06-26 21:18 – 2021-02-14 21:42 – 000000000 ____D C:Program FilesMicrosoft Office

2021-06-26 21:12 – 2021-03-27 17:04 – 000000000 ____D C:UsersdebdebAppDataLocalNordVPN

2021-06-26 21:11 – 2021-04-22 17:37 – 000000000 ____D C:ProgramDataNordVPN

2021-06-26 21:11 – 2021-03-27 17:04 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsNordSec

2021-06-26 21:11 – 2021-03-27 17:04 – 000000000 ____D C:Program FilesNordVPN

2021-06-26 20:48 – 2021-04-12 14:46 – 000248992 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbamswissarmy.sys

2021-06-26 19:43 – 2021-03-08 22:37 – 000002247 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk

2021-06-17 20:36 – 2021-02-21 00:04 – 000000000 ____D C:Program FilesMicrosoft Update Health Tools

2021-06-16 10:00 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSappcompat

2021-06-15 22:58 – 2019-12-07 05:03 – 000000000 ____D C:WINDOWSservicing

2021-06-15 20:48 – 2021-04-22 17:56 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsKaspersky VPN

2021-06-15 20:48 – 2021-04-01 16:06 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsRiot Games

2021-06-15 20:48 – 2021-03-22 09:32 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsMinecraft Launcher

2021-06-15 20:48 – 2021-03-16 21:15 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsGenshin Impact

2021-06-15 20:48 – 2021-02-14 22:47 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Office Tools

2021-06-15 20:48 – 2021-02-14 22:12 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsLoiLoScope 2

2021-06-15 20:48 – 2021-02-14 22:12 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsLoiLo Game Recorder

2021-06-15 20:48 – 2021-02-14 00:49 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsLogitech

2021-06-15 20:48 – 2019-12-07 05:18 – 000000000 ____D C:WINDOWSSetup

2021-06-15 20:48 – 2019-12-07 05:14 – 000028672 _____ C:WINDOWSsystem32configBCD-Template

2021-06-15 20:48 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32Tasks_Migrated

2021-06-15 20:48 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32spool

2021-06-15 20:48 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32NDF

2021-06-15 20:48 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32MsDtc

2021-06-15 20:48 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32DriversDriverData

2021-06-15 20:48 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSLiveKernelReports

2021-06-15 20:48 – 2019-12-07 05:14 – 000000000 ____D C:ProgramDataUSOPrivate

2021-06-15 20:48 – 2019-12-07 05:14 – 000000000 ____D C:Program FilesCommon Filesmicrosoft shared

2021-06-15 20:46 – 2021-02-13 23:40 – 000000000 ____D C:WINDOWSFirmware

2021-06-15 20:44 – 2019-12-07 05:52 – 000023552 _____ (Microsoft Corporation) C:WINDOWSsystem32OEMDefaultAssociations.dll

2021-06-15 20:44 – 2019-12-07 05:50 – 000000000 ____D C:WINDOWSsystem32OpenSSH

2021-06-15 20:44 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSysWOW64WinMetadata

2021-06-15 20:44 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSysWOW64lv-LV

2021-06-15 20:44 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSysWOW64lt-LT

2021-06-15 20:44 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSysWOW64et-EE

2021-06-15 20:44 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32WinMetadata

2021-06-15 20:44 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32SystemResetPlatform

2021-06-15 20:44 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32migwiz

2021-06-15 20:44 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32lv-LV

2021-06-15 20:44 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32lt-LT

2021-06-15 20:44 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32et-EE

2021-06-15 20:44 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSPolicyDefinitions

2021-06-15 20:44 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSDiagTrack

2021-06-15 17:19 – 2019-12-07 05:14 – 000000000 ___RD C:WINDOWSPrintDialog

2021-06-15 17:02 – 2021-02-13 23:35 – 000000000 ___RD C:Usersdebdeb3D Objects

2021-06-15 17:02 – 2020-11-19 03:33 – 000000000 __RHD C:UsersPublicAccountPictures

2021-06-15 16:54 – 2019-12-07 05:14 – 000000000 ____D C:Program FilesWindows Defender

2021-06-15 16:51 – 2019-12-07 05:14 – 000000000 __RSD C:WINDOWSMedia

2021-06-15 16:49 – 2021-03-26 14:10 – 000000000 ____D C:UsersdebdebAppDataRoamingMicrosoftWindowsStart MenuProgramsMuseScore 3

2021-06-15 16:49 – 2021-02-14 14:47 – 000000000 ____D C:UsersdebdebAppDataRoamingMicrosoftWindowsStart MenuProgramsDiscord Inc

2021-06-15 16:49 – 2021-02-13 23:44 – 000000000 ____D C:WINDOWSsystem32DriversNVIDIA Corporation

2021-06-15 16:49 – 2021-02-13 23:35 – 000000000 ____D C:UsersdebdebAppDataLocalPackages

2021-06-15 16:48 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32WinBioPlugIns

2021-06-15 15:57 – 2021-02-14 19:15 – 000000000 ____D C:ESD

2021-06-12 20:55 – 2020-11-19 03:30 – 000000000 ____D C:WINDOWSsystem32Driverswd

2021-06-08 20:15 – 2021-02-13 23:38 – 000000000 ____D C:WINDOWSsystem32MRT

2021-06-08 20:14 – 2021-02-13 23:38 – 132447432 ____C (Microsoft Corporation) C:WINDOWSsystem32MRT.exe

2021-06-08 20:14 – 2021-02-13 23:38 – 000000000 ____D C:UsersdebdebAppDataLocalPlaceholderTileLogoFolder

 

==================== SigCheck ============================

 

(There is no automatic fix for files that do not pass verification.)

 

==================== End of FRST.txt ========================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-07-2021

Ran by debdeb (07-07-2021 19:25:08)

Running from C:UsersdebdebDownloads

Windows 10 Home Version 21H1 19043.1083 (X64) (2021-06-15 20:54:11)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

 

(If an entry is included in the fixlist, it will be removed.)

 

Administrator (S-1-5-21-3978151933-3707154299-2271688738-500 – Administrator – Disabled)

debdeb (S-1-5-21-3978151933-3707154299-2271688738-1001 – Administrator – Enabled) => C:Usersdebdeb

DefaultAccount (S-1-5-21-3978151933-3707154299-2271688738-503 – Limited – Disabled)

Guest (S-1-5-21-3978151933-3707154299-2271688738-501 – Limited – Disabled)

WDAGUtilityAccount (S-1-5-21-3978151933-3707154299-2271688738-504 – Limited – Disabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Bitdefender Antivirus Free Antimalware (Enabled – Up to date) {EA21BCE8-A461-99C3-3A0D-4C964E75494E}

AV: Bitdefender Antivirus Free Antimalware (Enabled – Up to date) {BAD274F4-FA00-8560-1CDE-6C830442BEFA}

AV: Windows Defender (Disabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Kaspersky Security Cloud (Disabled – Out of date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}

FW: Kaspersky Security Cloud (Disabled) {774D7037-0984-41B0-3A87-5E88E680AD58}

 

==================== Installed Programs ======================

 

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

AnyDesk (HKLM-x32…AnyDesk) (Version: ad 6.3.2 – AnyDesk Software GmbH)

Audacity 3.0.2 (HKLM-x32…Audacity_is1) (Version: 3.0.2 – Audacity Team)

Bitdefender Agent (HKLM…Bitdefender Agent) (Version: 25.0.1.177 – Bitdefender)

Bitdefender Antivirus Free (HKLM…{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.21.234 – Bitdefender)

BlueStacks App Player (HKLM…BlueStacks) (Version: 4.280.0.1022 – BlueStack Systems, Inc.)

Discord (HKUS-1-5-21-3978151933-3707154299-2271688738-1001…Discord) (Version: 0.0.309 – Discord Inc.)

Dropbox (HKLM-x32…Dropbox) (Version: 126.4.4618 – Dropbox, Inc.)

Dropbox Update Helper (HKLM-x32…{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.485.1 – Dropbox, Inc.) Hidden

Excel (HKUS-1-5-21-3978151933-3707154299-2271688738-1001…1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 – Excel)

Genshin Impact (HKLM…Genshin Impact) (Version: 2.7.2.0 – miHoYo Co.,Ltd)

Google Chrome (HKLM-x32…Google Chrome) (Version: 91.0.4472.124 – Google LLC)

Grammarly for Microsoft® Office Suite (HKLM…{DE46CC28-5477-4CFB-9AE2-8C7C111E3EE7}) (Version: 6.8.261 – Grammarly) Hidden

Grammarly for Microsoft® Office Suite (HKUS-1-5-21-3978151933-3707154299-2271688738-1001…{ee962c45-b827-4262-a720-3a939910ce37}) (Version: 6.8.261 – Grammarly)

Kaspersky VPN (HKLM-x32…{FF2A12B8-AEB7-48C0-95C8-E2E3D67DFCB2}) (Version: 21.3.10.391 – Kaspersky) Hidden

Kaspersky VPN (HKLM-x32…InstallWIX_{FF2A12B8-AEB7-48C0-95C8-E2E3D67DFCB2}) (Version: 21.3.10.391 – Kaspersky)

League of Legends (HKUS-1-5-21-3978151933-3707154299-2271688738-1001…Riot Game league_of_legends.live) (Version:  – Riot Games, Inc)

Logitech Options (HKLM…LogiOptions) (Version: 8.36.86 – Logitech)

LoiLo Game Recorder (HKLM…{89E4163C-BD19-45A9-BCEB-980741786799}_is1) (Version: 1.1.0.1 – LoiLo inc.)

LoiLoScope 2 (HKLM-x32…{CAB75FFC-2377-4B95-A8FA-C9234B812A92}_is1) (Version: 2.5.4.2 – LoiLo inc)

Malwarebytes version 4.4.2.123 (HKLM…{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.2.123 – Malwarebytes)

Microsoft 365 Apps for enterprise – en-us (HKLM…O365ProPlusRetail – en-us) (Version: 16.0.13127.21668 – Microsoft Corporation)

Microsoft Edge (HKLM-x32…Microsoft Edge) (Version: 91.0.864.64 – Microsoft Corporation)

Microsoft OneDrive (HKUS-1-5-21-3978151933-3707154299-2271688738-1001…OneDriveSetup.exe) (Version: 21.109.0530.0001 – Microsoft Corporation)

Microsoft Teams (HKUS-1-5-21-3978151933-3707154299-2271688738-1001…Teams) (Version: 1.4.00.11161 – Microsoft Corporation)

Microsoft Update Health Tools (HKLM…{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 – Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable – 10.0.40219 (HKLM-x32…{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 – Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x64) – 14.27.29016 (HKLM-x32…{40d3fee2-b257-46c2-bdc0-cb1088d97327}) (Version: 14.27.29016.0 – Microsoft Corporation)

Minecraft Launcher (HKLM-x32…{911FBC64-4C64-4B8F-A637-B34832638C86}) (Version: 1.0.0.0 – Mojang)

MuseScore 3 (HKLM…{FF67E071-104C-4C42-9301-184442745671}) (Version: 3.6.2.548021803 – Werner Schweer and Others)

NordVPN (HKLM…{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 6.37.5.0 – TEFINCOM S.A.)

NordVPN network TAP (HKLM-x32…{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 – NordVPN)

NordVPN network TUN (HKLM…{BD0E4F38-D3F6-452D-A32E-B14D721839AC}) (Version: 1.0.1 – NordVPN)

NVIDIA Graphics Driver 462.31 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 462.31 – NVIDIA Corporation)

Office 16 Click-to-Run Extensibility Component (HKLM…{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13127.21064 – Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM…{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13127.21668 – Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (HKLM…{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13127.21064 – Microsoft Corporation) Hidden

Oracle VM VirtualBox 6.1.22 (HKLM…{573CC601-ED8D-450F-BE6F-A313DD77A4A0}) (Version: 6.1.22 – Oracle Corporation)

osu! (HKLM-x32…{483870f5-9178-4caf-9155-11a7898c16a5}) (Version: latest – ppy Pty Ltd)

Outlook (HKUS-1-5-21-3978151933-3707154299-2271688738-1001…6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 – Outlook)

PowerPoint (HKUS-1-5-21-3978151933-3707154299-2271688738-1001…319814cb56b667dff88f54e08be8f51f) (Version: 1.0 – PowerPoint)

Teams Machine-Wide Installer (HKLM-x32…{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.28779 – Microsoft Corporation)

Word (HKUS-1-5-21-3978151933-3707154299-2271688738-1001…1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 – Word)

 

Packages:

=========

Adobe Photoshop Express: Image Editor, Adjustments, Filters, Effects, Borders -> C:Program FilesWindowsAppsAdobeSystemsIncorporated.AdobePhotoshopExpress_3.4.8.0_x64__ynb6jyjzte8ga [2021-05-21] (Adobe Inc.)

AudioWizard -> C:Program FilesWindowsAppsICEpower.AudioWizard_1.5.28.0_x64__dxp88312j1fgj [2021-05-21] (ICEpower)

Bloons TD Battles -> C:Program FilesWindowsAppsNinjaKiwi.BloonsTDBattles_6.11.0.0_x86__g04ay3csa72hr [2021-05-18] (Ninja Kiwi)

Dolby Access -> C:Program FilesWindowsAppsDolbyLaboratories.DolbyAccess_3.8.1108.0_x64__rz1tebttyb220 [2021-05-28] (Dolby Laboratories)

Intel® Graphics Command Center -> C:Program FilesWindowsAppsAppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6ctt [2021-06-26] (INTEL CORP) [Startup Task]

Microsoft Solitaire Collection -> C:Program FilesWindowsAppsMicrosoft.MicrosoftSolitaireCollection_4.9.6151.0_x64__8wekyb3d8bbwe [2021-06-18] (Microsoft Studios) [MS Ad]

Microsoft To Do -> C:Program FilesWindowsAppsMicrosoft.Todos_2.47.41791.0_x64__8wekyb3d8bbwe [2021-06-29] (Microsoft Corporation) [Startup Task]

Minecraft for Windows 10 -> C:Program FilesWindowsAppsMicrosoft.MinecraftUWP_1.17.201.0_x64__8wekyb3d8bbwe [2021-06-26] (Microsoft Studios)

MyASUS -> C:Program FilesWindowsAppsB9ECED6F.ASUSPCAssistant_3.0.11.0_x64__qmba6cd70vzyy [2021-06-13] (ASUSTeK COMPUTER INC.)

NVIDIA Control Panel -> C:Program FilesWindowsAppsNVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-06-15] (NVIDIA Corp.)

Realtek Audio Control -> C:Program FilesWindowsAppsRealtekSemiconductorCorp.RealtekAudioControl_1.15.227.0_x64__dt26b99r8h8gj [2021-02-14] (Realtek Semiconductor Corp)

ScreenXpert -> C:Program FilesWindowsAppsB9ECED6F.ScreenPadMaster_2.1.16.0_x64__qmba6cd70vzyy [2021-05-17] (ASUSTeK COMPUTER INC.)

Spotify Music -> C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0 [2021-06-28] (Spotify AB) [Startup Task]

 

==================== Custom CLSID (Whitelisted): ==============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKUS-1-5-21-3978151933-3707154299-2271688738-1001_ClassesCLSID{19A6E644-14E6-4A60-B8D7-DD20610A871D}InprocServer32 -> C:UsersdebdebAppDataLocalMicrosoftTeamsMeetingAddin1.0.21063.3x64Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)

CustomCLSID: HKUS-1-5-21-3978151933-3707154299-2271688738-1001_ClassesCLSID{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}InprocServer32 -> C:UsersdebdebAppDataLocalGrammarlyGrammarly for Microsoft Office Suite6.8.261AF0699F4FDGrammarlyShim64.dll (Grammarly, Inc. -> CompanyName)

CustomCLSID: HKUS-1-5-21-3978151933-3707154299-2271688738-1001_ClassesCLSID{4BE56754-B616-4998-B825-D16983AEE1B2}InprocServer32 -> C:UsersdebdebAppDataLocalGrammarlyGrammarly for Microsoft Office Suite6.8.261AF0699F4FDGrammarly.AddIn.Connect.ActiveX.dll (Grammarly, Inc. -> Grammarly)

ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)

ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:Program Files (x86)DropboxClientDropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2021-02-14] (Malwarebytes Corporation -> Malwarebytes)

ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:Program Files (x86)DropboxClientDropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)

ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:Program Files (x86)DropboxClientDropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:WINDOWSSystem32DriverStoreFileRepositorynvam.inf_amd64_cee7dc15b63c43f2nvshext.dll [2021-04-29] (NVIDIA Corporation -> NVIDIA Corporation)

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2021-02-14] (Malwarebytes Corporation -> Malwarebytes)

 

==================== Codecs (Whitelisted) ====================

 

==================== Shortcuts & WMI ========================

 

==================== Loaded Modules (Whitelisted) =============

 

2021-05-06 10:32 – 2021-05-06 10:32 – 042557440 _____ (Intel Corporation) [File not signed] C:Program FilesWindowsAppsAppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6cttIGCC.dll

2021-02-14 22:45 – 2021-02-14 22:45 – 000000000 ____L (Microsoft Corporation) C:Program FilesMicrosoft OfficerootOffice16AppVIsvSubsystems64.dll

2021-02-14 22:45 – 2021-02-14 22:45 – 000000000 ____L (Microsoft Corporation) C:Program FilesMicrosoft OfficerootOffice16c2r64.dll

 

==================== Alternate Data Streams (Whitelisted) ========

 

==================== Safe Mode (Whitelisted) ==================

 

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

 

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMBAMService => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMBAMService => “”=”Service”

 

==================== Association (Whitelisted) =================

 

==================== Internet Explorer (Whitelisted) ==========

 

HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank

HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Start Page = about:blank

HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = 

HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Default_Page_URL = 

HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = 

HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Default_Search_URL = 

HKUS-1-5-21-3978151933-3707154299-2271688738-1001SoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:Program FilesMicrosoft OfficerootOffice16OCHelper.dll [2021-02-14] (Microsoft Corporation -> Microsoft Corporation)

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16OCHelper.dll [2021-02-14] (Microsoft Corporation -> Microsoft Corporation)

Handler: mso-minsb-roaming.16 – {83C25742-A9F7-49FB-9138-434302C88D07} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-02-14] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb-roaming.16 – {83C25742-A9F7-49FB-9138-434302C88D07} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-02-14] (Microsoft Corporation -> Microsoft Corporation)

Handler: mso-minsb.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-02-14] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-02-14] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf-roaming.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-02-14] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf-roaming.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-02-14] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf.16 – {5504BE45-A83B-4808-900A-3A5C36E7F77A} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-02-14] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf.16 – {5504BE45-A83B-4808-900A-3A5C36E7F77A} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-02-14] (Microsoft Corporation -> Microsoft Corporation)

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

IE trusted site: HKUS-1-5-21-3978151933-3707154299-2271688738-1001…sharepoint.com -> hxxps://miadtcmps-files.sharepoint.com

 

==================== Hosts content: =========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2019-12-07 05:14 – 2019-12-07 05:12 – 000000824 _____ C:WINDOWSsystem32driversetchosts

 

==================== Other Areas ===========================

 

(Currently there is no automatic fix for this section.)

 

HKUS-1-5-21-3978151933-3707154299-2271688738-1001Control PanelDesktop\Wallpaper -> C:UsersdebdebAppDataRoamingMicrosoftWindowsThemesTranscodedWallpaper

DNS Servers: 103.86.99.99 – 103.86.96.96

HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: )

Windows Firewall is enabled.

 

Network Binding:

=============

Wi-Fi: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 

Wi-Fi: NordVPN LightWeight Firewall -> NordLwf (enabled) 

Ethernet: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 

Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled) 

VirtualBox Host-Only Network: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 

VirtualBox Host-Only Network: NordVPN LightWeight Firewall -> NordLwf (enabled) 

Ethernet 2: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 

Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled) 

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(If an entry is included in the fixlist, it will be removed.)

 

HKLM…StartupApprovedStartupFolder: => “AnyDesk.lnk”

HKLM…StartupApprovedRun: => “Logitech Download Assistant”

HKLM…StartupApprovedRun: => “LogiOptions”

HKLM…StartupApprovedRun32: => “Dropbox”

HKUS-1-5-21-3978151933-3707154299-2271688738-1001…StartupApprovedRun: => “OneDrive”

HKUS-1-5-21-3978151933-3707154299-2271688738-1001…StartupApprovedRun: => “NordVPN”

HKUS-1-5-21-3978151933-3707154299-2271688738-1001…StartupApprovedRun: => “com.squirrel.Teams.Teams”

 

==================== FirewallRules (Whitelisted) ================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{89F83F77-124C-4B30-B205-F5ED25F4AF43}] => (Allow) C:Program FilesBlueStacksHD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)

FirewallRules: [UDP Query User{A0568380-B76D-4F27-A3BC-C3E66E4BDB92}C:program files (x86)minecraft launcherruntimejre-legacywindows-x64jre-legacybinjavaw.exe] => (Block) C:program files (x86)minecraft launcherruntimejre-legacywindows-x64jre-legacybinjavaw.exe

FirewallRules: [TCP Query User{2D3C970F-086C-458D-BC1E-3CFB53B4D0DD}C:program files (x86)minecraft launcherruntimejre-legacywindows-x64jre-legacybinjavaw.exe] => (Block) C:program files (x86)minecraft launcherruntimejre-legacywindows-x64jre-legacybinjavaw.exe

FirewallRules: [UDP Query User{3F61A20F-E229-4181-A8BC-128DABD0F2F2}C:usersdebdebappdatalocalmicrosoftteamscurrentteams.exe] => (Allow) C:usersdebdebappdatalocalmicrosoftteamscurrentteams.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [TCP Query User{C6F2E7CA-E460-40F5-9DA0-61769DC2915F}C:usersdebdebappdatalocalmicrosoftteamscurrentteams.exe] => (Allow) C:usersdebdebappdatalocalmicrosoftteamscurrentteams.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{3BE6AD72-68CB-475F-8853-E49D2668C7DA}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{E40B36E9-F741-455F-8EA3-D8C329AB8251}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16Lync.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{10BA288D-390A-4FFD-9410-860092AD1434}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16outlook.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{9D885E1D-A1B6-40CC-A78F-DDFAC7C27CEB}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{96422652-BE07-44D0-ABAE-FA27CFE1C933}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16Lync.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{81DE9CBD-DD5B-4B8B-917B-C9EAAFE1A237}] => (Allow) C:ProgramDataLogishrdLogiOptionsSoftwareCurrentLogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)

FirewallRules: [{7D80B040-FDD9-4915-B93D-F68899FDD615}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{6D8EFABE-3E23-4E80-98B1-89CE88AC2FF4}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{143DE0C5-27D4-4119-B227-EF0DF2D11BB0}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{10910F54-1E7D-433D-B5B9-E48884C74AD2}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{47820C08-DC28-429D-B74B-01A23C16268A}] => (Allow) C:Program FilesGoogleChromeApplicationchrome.exe (Google LLC -> Google LLC)

FirewallRules: [{978A96F2-1251-492A-8BE1-256061B5166C}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{9937207B-8804-449A-8FCF-CA5EFCCE908F}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{3F598E25-97EA-4319-9ADE-8F2283FC614A}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{EAA6113C-64D8-48CA-BE6A-E4BD123BF81A}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{8064C5AD-3255-471E-B886-C39F168CA227}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{858CA94D-14DA-46DB-8FB2-0A4FA810AECD}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{F9956101-6F68-4292-AE56-88604BF15E19}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{02C9451D-351F-44B8-864F-A4FA3FEBFF93}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{4EE78332-5242-47CF-B327-BD61E4EA430B}] => (Allow) C:Program Files (x86)DropboxClientDropbox.exe (Dropbox, Inc -> Dropbox, Inc.)

FirewallRules: [{7F7F9ACC-F6E4-4F89-8FA3-2220D241DB0D}] => (Allow) C:Program Files (x86)AnyDeskAnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)

FirewallRules: [{ED0AC5B6-9EB3-46EA-B3C5-8B28AD70B238}] => (Allow) C:Program Files (x86)AnyDeskAnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)

FirewallRules: [{C700E714-3147-4AB7-B65F-93527C2FA549}] => (Allow) C:Program Files (x86)AnyDeskAnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)

FirewallRules: [{0C52DE86-444F-4BD3-835B-5F3A54346710}] => (Allow) C:Program Files (x86)AnyDeskAnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)

FirewallRules: [{8B32A23E-FD75-4B47-9ED6-4104F9D0E62E}] => (Allow) C:Program Files (x86)AnyDeskAnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)

FirewallRules: [{BF53DD1F-B48B-4CC8-86E4-CEA490316139}] => (Allow) C:Program Files (x86)AnyDeskAnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)

FirewallRules: [{6018C360-F657-4D6E-B8FD-1FC7B170B27F}] => (Allow) C:WINDOWSSystem32DriverStoreFileRepositoryasussci2.inf_amd64_33c21db80f95a337ASUSLinkNearAsusLinkNear.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)

FirewallRules: [{70EB66EB-0CD2-4637-8948-CCD358941A72}] => (Allow) C:WINDOWSSystem32DriverStoreFileRepositoryasussci2.inf_amd64_33c21db80f95a337ASUSLinkRemoteAsusLinkRemoteAgent.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)

FirewallRules: [{528101D7-E5AA-4697-B89E-3346F109754A}] => (Allow) C:WINDOWSSystem32DriverStoreFileRepositoryasussci2.inf_amd64_33c21db80f95a337ASUSLinkRemoteAsusLinkRemoteAgent.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)

 

==================== Restore Points =========================

 

28-06-2021 20:59:09 Scheduled Checkpoint

29-06-2021 21:39:02 Windows Modules Installer

06-07-2021 11:02:15 Windows Update

 

==================== Faulty Device Manager Devices ============

 

 

==================== Event log errors: ========================

 

Application errors:

==================

Error: (07/07/2021 03:16:09 AM) (Source: SecurityCenter) (EventID: 19) (User: )

Description: The Windows Security Center Service was unable to load instances of AntiVirusProduct from datastore.

 

Error: (07/06/2021 11:30:40 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program AnyDesk.exe version 6.3.2.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

 

Process ID: cf4

 

Start Time: 01d772e0011f2ab8

 

Termination Time: 9

 

Application Path: C:Program Files (x86)AnyDeskAnyDesk.exe

 

Report Id: b591776f-35ff-45a1-adc7-caf64c248a9e

 

Faulting package full name: 

 

Faulting package-relative application ID: 

 

Hang type: Cross-thread

 

Error: (07/06/2021 10:05:59 PM) (Source: SecurityCenter) (EventID: 19) (User: )

Description: The Windows Security Center Service was unable to load instances of AntiVirusProduct from datastore.

 

Error: (07/06/2021 09:20:17 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: SearchApp.exe, version: 10.0.19041.1081, time stamp: 0x14a83b0b

Faulting module name: KERNELBASE.dll, version: 10.0.19041.1081, time stamp: 0xde3fc775

Exception code: 0xc0000409

Fault offset: 0x000000000010bd3e

Faulting process id: 0x1da8

Faulting application start time: 0x01d772bf622b0945

Faulting application path: C:WINDOWSSystemAppsMicrosoft.Windows.Search_cw5n1h2txyewySearchApp.exe

Faulting module path: C:WINDOWSSystem32KERNELBASE.dll

Report Id: cd376581-7669-41f7-9a21-f1e1a4b71fe1

Faulting package full name: Microsoft.Windows.Search_1.14.2.19041_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: CortanaUI

 

Error: (07/06/2021 09:20:13 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Explorer.EXE, version: 10.0.19041.1081, time stamp: 0x4a52ebe1

Faulting module name: KERNELBASE.dll, version: 10.0.19041.1081, time stamp: 0xde3fc775

Exception code: 0xc0000602

Fault offset: 0x000000000010bd3e

Faulting process id: 0x2730

Faulting application start time: 0x01d76e2206b0ae04

Faulting application path: C:WINDOWSExplorer.EXE

Faulting module path: C:WINDOWSSystem32KERNELBASE.dll

Report Id: 859e8429-7fb8-48ab-9fd2-3bc78028d2e7

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (07/06/2021 04:54:57 PM) (Source: DbxSvc) (EventID: 281) (User: )

Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.

 

Error: (07/06/2021 04:54:57 PM) (Source: DbxSvc) (EventID: 281) (User: )

Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.

 

Error: (07/06/2021 11:03:03 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: RtkAudUService64.exe, version: 1.0.307.1, time stamp: 0x5f3b8e20

Faulting module name: ntdll.dll, version: 10.0.19041.1081, time stamp: 0x088bf621

Exception code: 0xc0000374

Fault offset: 0x00000000000ff199

Faulting process id: 0x139c

Faulting application start time: 0x01d76e2202bfe26d

Faulting application path: C:WINDOWSsystem32RtkAudUService64.exe

Faulting module path: C:WINDOWSSYSTEM32ntdll.dll

Report Id: 0f3a78cc-c444-48e9-b7e5-c37c8c8e88c5

Faulting package full name: 

Faulting package-relative application ID:

 

 

System errors:

=============

Error: (07/07/2021 07:16:06 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has stopped unexpectedly.

 

Module Path: C:WINDOWSsystem32IntelIHVRouter08.dll

 

Error: (07/07/2021 10:34:10 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has stopped unexpectedly.

 

Module Path: C:WINDOWSsystem32IntelIHVRouter08.dll

 

Error: (07/07/2021 10:15:19 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has stopped unexpectedly.

 

Module Path: C:WINDOWSsystem32IntelIHVRouter08.dll

 

Error: (07/07/2021 10:14:51 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has stopped unexpectedly.

 

Module Path: C:WINDOWSsystem32IntelIHVRouter08.dll

 

Error: (07/07/2021 10:14:17 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has stopped unexpectedly.

 

Module Path: C:WINDOWSsystem32IntelIHVRouter08.dll

 

Error: (07/07/2021 03:13:56 AM) (Source: VBoxNetLwf) (EventID: 12) (User: )

Description: The driver detected an internal driver error on DeviceVBoxNetLwf.

 

Error: (07/07/2021 03:13:56 AM) (Source: VBoxNetLwf) (EventID: 12) (User: )

Description: The driver detected an internal driver error on DeviceVBoxNetLwf.

 

Error: (07/07/2021 03:13:35 AM) (Source: DCOM) (EventID: 10010) (User: AASEDD-LAPTOP)

Description: The server {94269C4E-071A-4116-90E6-52E557067E4E} did not register with DCOM within the required timeout.

 

 

Windows Defender:

================

Date: 2021-07-06 11:01:50

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2021-07-04 23:35:22

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2021-07-04 23:35:21

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2021-07-04 00:04:25

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2021-07-04 00:04:25

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2021-07-07 03:24:25

Description: 

Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version: 

Previous security intelligence Version: 1.343.538.0

Update Source: Microsoft Update Server

Security intelligence Type: AntiVirus

Update Type: Full

Current Engine Version: 

Previous Engine Version: 1.1.18300.4

Error code: 0x8024402c

Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

 

Date: 2021-06-29 21:31:34

Description: 

Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version: 1.343.85.0

Previous security intelligence Version: 1.341.1630.0

Update Source: User

Security intelligence Type: AntiSpyware

Update Type: Delta

Current Engine Version: 1.1.18300.4

Previous Engine Version: 1.1.18200.4

Error code: 0x80070666

Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 

 

Date: 2021-06-29 21:31:34

Description: 

Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version: 1.343.85.0

Previous security intelligence Version: 1.341.1630.0

Update Source: User

Security intelligence Type: AntiVirus

Update Type: Delta

Current Engine Version: 1.1.18300.4

Previous Engine Version: 1.1.18200.4

Error code: 0x80070666

Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 

 

Date: 2021-06-29 21:31:34

Description: 

Microsoft Defender Antivirus has encountered an error trying to update the engine.

New Engine Version: 1.1.18300.4

Previous Engine Version: 1.1.18200.4

Error Code: 0x80070666

Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 

 

Date: 2021-06-29 21:30:20

Description: 

Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version: 1.343.85.0

Previous security intelligence Version: 1.341.1630.0

Update Source: User

Security intelligence Type: AntiSpyware

Update Type: Delta

Current Engine Version: 1.1.18300.4

Previous Engine Version: 1.1.18200.4

Error code: 0x80070666

Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 

 

CodeIntegrity:

===============

Date: 2021-07-07 10:36:36

Description: 

Code Integrity determined that a process (DeviceHarddiskVolume3WindowsSystem32svchost.exe) attempted to load DeviceHarddiskVolume3Program FilesBitdefender Antivirus Freebdamsi265232272842300000antimalware_provider64.dll that did not meet the Windows signing level requirements.

 

Date: 2021-07-07 03:17:09

Description: 

Code Integrity determined that a process (DeviceHarddiskVolume3Program FilesWindows DefenderMpCmdRun.exe) attempted to load DeviceHarddiskVolume3Program FilesBitdefender Antivirus Freebdamsi265232272842300000antimalware_provider64.dll that did not meet the Microsoft signing level requirements.

 

 

==================== Memory info =========================== 

 

BIOS: American Megatrends Inc. UX534FTC.306 04/20/2020

Motherboard: ASUSTeK COMPUTER INC. UX534FTC

Processor: Intel® Core™ i7-10510U CPU @ 1.80GHz

Percentage of memory in use: 65%

Total physical RAM: 16182.23 MB

Available physical RAM: 5554.24 MB

Total Virtual: 23606.23 MB

Available Virtual: 9925.97 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:428.38 GB) (Free:246.82 GB) NTFS

 

\?Volume{c506f6b9-5d1d-42e9-ab2a-c72ae53a7483} () (Fixed) (Total:0.75 GB) (Free:0.07 GB) NTFS

\?Volume{1f72f56b-af76-42f3-bf45-e09265fb9fa1} () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

 

==================== MBR & Partition Table ====================

 

==========================================================

Disk: 0 (Size: 476.9 GB) (Disk ID: 68D724EA)

 

Partition: GPT.

 

==================== End of Addition.txt =======================


https://www.bleepingcomputer.com/forums/t/754493/potential-malware-from-onedrive/

Erlando F Rasatro

Next Post

WiFi Keeps Disconnecting on Windows 11? Here Are 10 Fixes!

Sun Feb 13 , 2022
Windows 10 users who recently upgraded to Windows 11 are facing a ton of issues. Recently, we published a handy guide on how to fix the no sound issue on Windows 11, and now we are seeing reports that many users are facing frequent WiFi disconnection on Windows 11 PCs. […]