Windows security – PHP/RemoteShell.V, NiktoSanner.A …

Hello,

 

Had to call my card provider as my online access Username is no longer valid.  This has happened a couple of times and honestly I put it down to a computer error on their side.  They pushed to do a virus scan and change my email password.  I went ahead and did both, scanning with Windows Security (no longer called Defender I guess) and Malwarebytes (free version).  Windows had already warned me on possible threats, but I also put that down to previously download of Kali Linux.

 

Windows Security recently alerted me to possible threats.  Mixture of ones, some that seem to repeater even after I (Windows Security) Quarantined them.

 

Backdoor:PHP/Remoteshell.V
Trojan:Win32/Klogger
HackTool:Win32/Fgdump
HackTool:Win64/Fgdump
HackTool:Perl/NiktoSanner.A

 

Separate possible issue, the App and Browser control in Windows Security was turned off.  I turn it on and soon afterwards find it turned off once again.  Right now it seems to be turned on.

 

I thought the nefarious files listed above could have been that Kali Linux download from a while back.  I’ve installed it on a USB stick and just never had time to play with it, at all.  It was going to used to determine how secured or unsecured my network and PC’s are.  Way over my head and way too dangerous tools for me.

 

So, I may need help confirming Kali Linux or any of the tools are not installed.  Checking hard drive partitions, I do not see it but I know it can be hidden.  I do see the ISO only if I insert the USB in which it is installed.  I cannot even find the download folder, which I may have deleted a long time ago?

 

Most importantly, we’ll need to confirm if there are any actual malware, viruses or back doors on my computer.

 

Thanks once again for your much needed help and time.

 

Rick

 

*************************************************************

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-03-2022
Ran by p25le (administrator) on DESKTOP-02JJAKR (Microsoft Corporation Surface Pro 4) (26-03-2022 18:06:26)
Running from C:Usersp25leDownloads
Loaded Profiles: p25le
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1586 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:Program Files (x86)Common FilesAladdin SharedHASPhasplms.exe ->) (Gemalto, Inc. -> SafeNet, Inc.) C:Program Files (x86)Common FilesAladdin SharedHASPhasplmv.exe
(C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-Malwarembamtray.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:Program Files (x86)MicrosoftEdgeApplicationmsedge.exe <10>
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32rundll32.exe
(Mozilla Corporation -> Mozilla Corporation) C:Program Files (x86)Mozilla Firefoxfirefox.exe <17>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:Program FilesBonjourmDNSResponder.exe
(services.exe ->) (Gemalto, Inc. -> SafeNet, Inc.) C:Program Files (x86)Common FilesAladdin SharedHASPhasplms.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepository64gh6299.inf_amd64_94401bd29769cd59IntelCpHDCPSvc.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepository64gh6299.inf_amd64_94401bd29769cd59IntelCpHeciSvc.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:Program FilesCommon Filesmicrosoft sharedClickToRunOfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2202.4-0MsMpEng.exe
(services.exe ->) (SolarWinds) [File not signed] C:Program Files (x86)SolarWindsTFTP ServerSolarWinds TFTP Server.exe
(services.exe ->) (SonicWall Inc.) [File not signed] C:Program FilesSonicWallGlobal VPN ClientSWGVCSvc.exe
(services.exe ->) (TeamViewer GmbH -> TeamViewer GmbH) C:Program Files (x86)TeamViewerTeamViewer_Service.exe
(services.exe ->) (Tim Kosse -> FileZilla Project) C:Program Files (x86)FileZilla ServerFileZilla Server.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:WindowsImmersiveControlPanelSystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM…Run: [KeePass 2 PreLoad] => C:Program FilesKeePass Password Safe 2KeePass.exe [3163248 2022-01-09] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKLM-x32…Run: [FileZilla Server Interface] => C:Program Files (x86)FileZilla ServerFileZilla Server Interface.exe [2770088 2017-02-08] (Tim Kosse -> FileZilla Project)
HKUS-1-5-21-1887484211-3759002925-666383739-1001…Run: [KakaoTalk] => C:Program Files (x86)KakaoKakaoTalkKakaoTalk.exe [8624928 2018-01-02] (Kakao corp. -> Kakao Corp.)
HKUS-1-5-21-1887484211-3759002925-666383739-1001…Run: [CCleaner Smart Cleaning] => C:Program FilesCCleanerCCleaner64.exe [35342976 2021-11-12] (Piriform Software Ltd -> Piriform Software Ltd)
HKUS-1-5-21-1887484211-3759002925-666383739-1001…Run: [com.squirrel.Teams.Teams] => C:Usersp25leAppDataLocalMicrosoftTeamsUpdate.exe [2455256 2021-11-04] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKUS-1-5-21-1887484211-3759002925-666383739-1001…Run: [Loupedeck2] => C:Program Files (x86)LoupedeckLoupedeck2Loupedeck2.exe [314368 2021-12-22] (LoupeDeck Oy) [File not signed]
HKUS-1-5-21-1887484211-3759002925-666383739-1001…RunOnce: [Delete Cached Update Binary] => C:WINDOWSsystem32cmd.exe /q /c del /q “C:Usersp25leAppDataLocalMicrosoftOneDriveUpdateOneDriveSetup.exe”
HKUS-1-5-21-1887484211-3759002925-666383739-1001…RunOnce: [Delete Cached Standalone Update Binary] => C:WINDOWSsystem32cmd.exe /q /c del /q “C:Usersp25leAppDataLocalMicrosoftOneDriveStandaloneUpdaterOneDriveSetup.exe”
HKUS-1-5-21-1887484211-3759002925-666383739-1001…RunOnce: [Uninstall 22.033.0213.0002] => C:WINDOWSsystem32cmd.exe /q /c rmdir /s /q “C:Usersp25leAppDataLocalMicrosoftOneDrive22.033.0213.0002”
HKLM…Windows x64Print Processorshpcpp103: C:WindowsSystem32spoolprtprocsx64hpcpp103.dll [323584 2010-10-13] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLMSoftwareMicrosoftActive SetupInstalled Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:Program Files (x86)GoogleChromeApplication99.0.4844.82Installerchrmstp.exe [2022-03-23] (Google LLC -> Google LLC)
Startup: C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupHelper Launcher.lnk [2021-03-05]
ShortcutTarget: Helper Launcher.lnk -> C:WindowsInstaller{8CF55B8D-D72F-4FFE-B3BD-0E52C55586AE}application.exe () [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:ProgramDataNTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0543ECC9-F043-46BC-B4D0-8C03313596A5} – System32TasksG2MUpdateTask-S-1-5-21-1887484211-3759002925-666383739-1001 => C:Usersp25leAppDataLocalGoToMeeting19932g2mupdate.exe [31176 2021-11-26] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {09EADF98-1B11-4DEA-A242-A15AFBDAF8C2} – System32TasksMozillaFirefox Background Update E7CF176E110C211B => C:Program Files (x86)Mozilla Firefoxfirefox.exe –MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 –MOZ_LOG_FILE C:ProgramDataMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38updatesE7CF176E110C211Bbackgroundupdate.moz_log –backgroundtask backgroundupdate
Task: {0F82A554-2141-4B16-A892-F385880DCA07} – System32TasksMicrosoftOfficeOffice Feature Updates Logon => C:Program Files (x86)Microsoft OfficerootOffice16sdxhelper.exe [110968 2022-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {1BD7776C-6514-45EE-B118-E36C5FD1084A} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cache Maintenance => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2202.4-0MpCmdRun.exe [979568 2022-03-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {32B64CA2-23B3-4F64-B933-D3993B8FF795} – System32TasksCCleanerSkipUAC – p25le => C:Program FilesCCleanerCCleaner.exe [29417088 2021-11-12] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {5CF16A23-986E-4CCC-B696-0DB5D09A7FE1} – System32TasksMicrosoftOfficeOffice Automatic Updates 2.0 => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [22580696 2022-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {63A50837-8E49-41CE-9802-7CC9247ABFE2} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Scheduled Scan => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2202.4-0MpCmdRun.exe [979568 2022-03-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6EA5EC39-DBE7-4478-ACC6-0FA8C925BCB9} – System32TasksMicrosoftOfficeOffice Subscription Maintenance => C:Program Files (x86)Microsoft OfficerootvfsProgramFilesCommonx86Microsoft SharedOffice16OLicenseHeartbeat.exe [1178600 2022-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {7080AD52-8D00-41F1-A066-B9BB3401EF41} – MicrosoftWindowsUNPRunCampaignManager -> No File <==== ATTENTION
Task: {775E79A5-E311-4FBF-BCC3-EBA8445461EE} – System32TasksG2MUploadTask-S-1-5-21-1887484211-3759002925-666383739-1001 => C:Usersp25leAppDataLocalGoToMeeting19932g2mupload.exe [31176 2021-11-26] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {9E5F1896-52E3-427A-9536-C89F436231BC} – System32TasksCCleaner Update => C:Program FilesCCleanerCCUpdate.exe [684976 2021-11-12] (Piriform Software Ltd -> Piriform)
Task: {AF2E966A-CFA5-419A-8B7E-7C7016B8831C} – System32TasksMozillaFirefox Default Browser Agent E7CF176E110C211B => C:Program Files (x86)Mozilla Firefoxdefault-browser-agent.exe do-task “E7CF176E110C211B”
Task: {B3BE14C2-E43F-4920-BD87-40F296D80D50} – System32TasksAdobe Acrobat Update Task => C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Task: {C75CC9BA-430E-45C1-A937-2E75FB2A24DF} – System32Tasksnpcapwatchdog => C:Program FilesNpcapCheckStatus.bat [880 2020-09-24] () [File not signed]
Task: {CBD25CA7-7DD1-4CA3-ABE0-9D98FD060A87} – System32TasksGoogleUpdateTaskMachineCore => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [153168 2018-03-15] (Google Inc -> Google Inc.)
Task: {DBE2504C-FE16-4AEA-969C-F67F337EE378} – System32TasksGoogleUpdateTaskMachineUA => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [153168 2018-03-15] (Google Inc -> Google Inc.)
Task: {E20E446C-3307-4363-B297-BAF439307EF9} – System32TasksMicrosoftOfficeOffice Feature Updates => C:Program Files (x86)Microsoft OfficerootOffice16sdxhelper.exe [110968 2022-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {E3DFAD51-D6BD-4010-9C6A-27389E3C83F6} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cleanup => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2202.4-0MpCmdRun.exe [979568 2022-03-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E8B8809C-5C46-4DAA-8921-3F2DA7990AFC} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Verification => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2202.4-0MpCmdRun.exe [979568 2022-03-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F5F5F9D5-09A7-4A03-9A0C-8D05ED1CE39C} – System32TasksMicrosoftOfficeOffice ClickToRun Service Monitor => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [22580696 2022-03-17] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:WINDOWSTasksCreateExplorerShellUnelevatedTask.job => C:WINDOWSexplorer.exe
Task: C:WINDOWSTasksG2MUpdateTask-S-1-5-21-1887484211-3759002925-666383739-1001.job => C:Usersp25leAppDataLocalGoToMeeting19932g2mupdate.exe
Task: C:WINDOWSTasksG2MUploadTask-S-1-5-21-1887484211-3759002925-666383739-1001.job => C:Usersp25leAppDataLocalGoToMeeting19932g2mupload.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

TcpipParameters: [DhcpNameServer] 192.168.1.1
Tcpip..Interfaces{ba34ffd0-6416-409c-b5dd-b97a2b0136ef}: [DhcpNameServer] 192.168.1.1

Edge:
=======
DownloadDir: C:Usersp25leDownloads
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsAutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsBookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsLearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsPinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:Usersp25leAppDataLocalMicrosoftEdgeUser DataDefault [2022-03-26]
Edge Notifications: Default -> hxxps://console.gotoassist.com

FireFox:
========
FF DefaultProfile: 92fabguh.default-1566464365346
FF ProfilePath: C:Usersp25leAppDataRoamingMozillaFirefoxProfiles92fabguh.default-1566464365346 [2022-03-26]
FF Notifications: MozillaFirefoxProfiles92fabguh.default-1566464365346 -> hxxps://console.gotoassist.com
FF Extension: (DuckDuckGo Privacy Essentials) – C:Usersp25leAppDataRoamingMozillaFirefoxProf[email protected]jetpack.xpi [2022-02-01]
FF Extension: (LastPass: Free Password Manager) – C:Usersp25leAppDataRoamingMozill[email protected]lastpass.com.xpi [2022-03-22]
FF HKLM-x32…FirefoxExtensions: [[email protected]] – C:Program Files (x86)Bonjour SDKBinFirefoxExtension
FF Extension: (Bonjour Extension for Firefox) – C:Program Files (x86)Bonjour SDKBinFirefoxExtension [2019-09-12] [Legacy] [not signed]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:Program Files (x86)Microsoft OfficerootOffice16NPSPWRAP.DLL [2022-03-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:Program Files (x86)AdobeAcrobat Reader DCReaderAIRnppdf32.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKUS-1-5-21-1887484211-3759002925-666383739-1001: @broadviewnet.com/BVNMeetingsPlugin -> C:Usersp25leAppDataRoamingBVNMeetingsbinnpbvnmsplugin.dll [2020-10-19] (Windstream Communications, LLC -> Windstream Communications.)
FF Plugin HKUS-1-5-21-1887484211-3759002925-666383739-1001: SkypeForBusinessPlugin-16.2 -> C:Usersp25leAppDataLocalMicrosoftSkypeForBusinessPlugin16.2.0.511npGatewayNpapi.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKUS-1-5-21-1887484211-3759002925-666383739-1001: SkypeForBusinessPlugin64-16.2 -> C:Usersp25leAppDataLocalMicrosoftSkypeForBusinessPlugin16.2.0.511npGatewayNpapi-x64.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:Usersp25leAppDataRoamingmozillapluginsnpatgpc.dll [2017-04-12]

Chrome:
=======
CHR Profile: C:Usersp25leAppDataLocalGoogleChromeUser DataDefault [2021-06-10]
CHR StartupUrls: Default -> “hxxps://meet.google.com/xrh-esdi-wyi”
CHR Extension: (Slides) – C:Usersp25leAppDataLocalGoogleChromeUser DataDefaultExtensionsaapocclcgogkmnckokdopfmhonfmgoek [2018-03-15]
CHR Extension: (Docs) – C:Usersp25leAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [2018-03-15]
CHR Extension: (Google Drive) – C:Usersp25leAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2018-03-15]
CHR Extension: (YouTube) – C:Usersp25leAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-15]
CHR Extension: (Sheets) – C:Usersp25leAppDataLocalGoogleChromeUser DataDefaultExtensionsfelcaaldnbdncclmgdcncolpebgiejap [2018-03-15]
CHR Extension: (Google Docs Offline) – C:Usersp25leAppDataLocalGoogleChromeUser DataDefaultExtensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-06-26]
CHR Extension: (Chrome Web Store Payments) – C:Usersp25leAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2020-01-03]
CHR Extension: (Gmail) – C:Usersp25leAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2019-08-27]
CHR Extension: (Chrome Media Router) – C:Usersp25leAppDataLocalGoogleChromeUser DataDefaultExtensionspkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-06-26]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeClickToRun.exe [11649952 2022-03-05] (Microsoft Corporation -> Microsoft Corporation)
R2 FileZilla Server; C:Program Files (x86)FileZilla ServerFileZilla Server.exe [859304 2017-02-08] (Tim Kosse -> FileZilla Project)
R2 hasplms; C:Program Files (x86)Common FilesAladdin SharedHASPhasplms.exe [5730312 2020-05-29] (Gemalto, Inc. -> SafeNet, Inc.)
R2 MBAMService; C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe [8019640 2022-03-09] (Malwarebytes Inc -> Malwarebytes)
R2 Net Driver HPZ12; C:WindowsSystem32HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:WindowsSystem32HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
S3 rpcapd; C:Program Files (x86)WinPcaprpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 Sense; C:Program FilesWindows Defender Advanced Threat ProtectionMsSense.exe [6228008 2022-03-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SolarWinds TFTP Server; C:Program Files (x86)SolarWindsTFTP ServerSolarWinds TFTP Server.exe [60928 2013-11-25] (SolarWinds) [File not signed]
R2 SWGVCSvc; C:Program FilesSonicWallGlobal VPN ClientSWGVCSvc.exe [325632 2017-04-28] (SonicWall Inc.) [File not signed]
R2 TeamViewer; C:Program Files (x86)TeamViewerTeamViewer_Service.exe [10803440 2018-09-28] (TeamViewer GmbH -> TeamViewer GmbH)
S3 VBoxSDS; C:Program FilesOracleVirtualBoxVBoxSDS.exe [692992 2019-04-16] (Oracle Corporation -> Oracle Corporation)
S3 WdNisSvc; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2202.4-0NisSrv.exe [3046608 2022-03-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2202.4-0MsMpEng.exe [132504 2022-03-17] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 mumosvc; C:Program Files (x86)Adder TechnologyMulti-Monitor Free-FlowDriversHelper Applicationsmumosvc.exe [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aksdf; C:WINDOWSsystem32driversaksdf.sys [389560 2020-05-29] (Gemalto, Inc. -> SafeNet, Inc.)
R2 aksfridge; C:WINDOWSsystem32driversaksfridge.sys [510800 2020-05-29] (Gemalto, Inc. -> SafeNet, Inc.)
S3 AX88179; C:WINDOWSSystem32driversax88179_178a.sys [88112 2016-07-14] (WDKTestCert Alex,130940336584439605 -> ASIX Electronics Corp.)
R2 CommSBEP; C:WindowsSystem32DriversCommSBEP.sys [31232 2011-08-26] (Microsoft Windows Hardware Compatibility Publisher -> Motorola)
R2 CommSBEP; C:WindowsSysWow64DriversCommSBEP.sys [24476 2002-05-17] (Motorola) [File not signed]
R3 CprDrvr; C:WINDOWSSystem32driversCprDrvr.sys [176528 2013-08-27] (Lantronix, Inc. -> )
R1 DNE; C:WINDOWSsystem32DRIVERSdnelwf64.sys [327976 2015-10-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
R1 ESProtectionDriver; C:WINDOWSsystem32driversmbae64.sys [160176 2021-08-20] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 hardlock; C:WINDOWSsystem32drivershardlock.sys [1970104 2020-05-29] (Gemalto, Inc. -> SafeNet, Inc.)
S3 libusb0; C:WINDOWSSystem32driverslibusb0.sys [52832 2019-02-27] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net)
R2 MBAMChameleon; C:WINDOWSSystem32DriversMbamChameleon.sys [221096 2022-03-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:WINDOWSSystem32DRIVERSMbamElam.sys [19912 2020-12-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:WINDOWSSystem32DRIVERSfarflt.sys [194480 2022-03-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:WINDOWSsystem32DRIVERSmbam.sys [69040 2022-03-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:WINDOWSSystem32Driversmbamswissarmy.sys [248992 2021-11-12] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:WINDOWSsystem32DRIVERSmwac.sys [156792 2022-03-26] (Malwarebytes Inc -> Malwarebytes)
S3 msux64w10; C:WINDOWSSystem32DriverStoreFileRepositorymsux64w10.inf_amd64_440fd3d3d9361452msux64w10.sys [702304 2020-02-20] (Microsoft Corporation -> Microsoft)
R1 npcap; C:WINDOWSsystem32DRIVERSnpcap.sys [74616 2020-09-25] (Insecure.Com LLC -> Insecure.Com LLC.)
R2 NPF; C:WINDOWSSystem32driversnpf.sys [36600 2013-02-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 Ser2pl; C:WINDOWSsystem32DRIVERSser2pl64.sys [210752 2017-03-15] (WDKTestCert charles-yeh,131069736795923936 -> Prolific Technology Inc.)
S3 SurfaceSoftwareServicing; C:WINDOWSSystem32driversSurfaceSoftwareServicingDriver.sys [33544 2015-09-25] (OEMTest OS Driver Leaf -> Microsoft Corporation)
R3 USBPcap; C:WINDOWSsystem32DRIVERSUSBPcap.sys [50224 2017-08-20] (Tomasz Moń -> USBPcap)
S3 VBoxNetAdp; C:WINDOWSSystem32driversVBoxNetAdp6.sys [236560 2019-04-16] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:WINDOWSsystem32DRIVERSVBoxNetLwf.sys [247952 2019-04-16] (Oracle Corporation -> Oracle Corporation)
S3 VBoxUSB; C:WINDOWSSystem32DriversVBoxUSB.sys [174736 2019-04-16] (Oracle Corporation -> Oracle Corporation)
S0 WdBoot; C:WINDOWSSystem32driverswdWdBoot.sys [49600 2022-03-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:WINDOWSSystem32driverswdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:WINDOWSSystem32driverswdWdFilter.sys [439544 2022-03-17] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:WINDOWSSystem32driverswdWdNisDrv.sys [90360 2022-03-17] (Microsoft Windows -> Microsoft Corporation)
S3 MpKsl1d276e61; ??C:ProgramDataMicrosoftWindows DefenderDefinition Updates{49406EAA-019B-43E4-B870-F5F5B723E9B1}MpKslDrv.sys [X]
U4 npcap_wifi; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-03-26 18:04 – 2022-03-26 18:04 – 002365440 _____ (Farbar) C:Usersp25leDownloadsFRST64.exe
2022-03-26 17:13 – 2022-03-26 17:19 – 000000000 ____D C:Usersp25leAppDataLocalLowIGDump
2022-03-26 17:11 – 2022-03-26 17:11 – 000194480 _____ (Malwarebytes) C:WINDOWSsystem32Driversfarflt.sys
2022-03-26 17:11 – 2022-03-26 17:11 – 000156792 _____ (Malwarebytes) C:WINDOWSsystem32Driversmwac.sys
2022-03-26 17:11 – 2022-03-26 17:11 – 000069040 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbam.sys
2022-03-26 11:56 – 2022-03-26 12:15 – 000039416 _____ C:Usersp25leDownloadsAmazon 01-Jan-2021_to_01-Jan-2022.csv
2022-03-25 11:01 – 2022-03-26 11:47 – 000000000 ____D C:Program Files (x86)Mozilla Firefox
2022-03-14 07:59 – 2022-03-14 08:03 – 000000000 ____D C:Usersp25leDownloadsBGA
2022-03-12 10:46 – 2022-03-12 10:46 – 000221096 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamChameleon.sys
2022-03-11 09:08 – 2022-03-11 09:08 – 002260992 _____ C:WINDOWSsystem32TextInputMethodFormatter.dll
2022-03-11 09:08 – 2022-03-11 09:08 – 002254336 _____ C:WINDOWSsystem32dwmscene.dll
2022-03-11 09:08 – 2022-03-11 09:08 – 000272896 _____ C:WINDOWSsystem32TpmTool.exe
2022-03-11 09:08 – 2022-03-11 09:08 – 000223744 _____ C:WINDOWSSysWOW64TpmTool.exe
2022-03-11 09:08 – 2022-03-11 09:08 – 000195584 _____ C:WINDOWSsystem32uwfcfgmgmt.dll
2022-03-11 09:08 – 2022-03-11 09:08 – 000011911 _____ C:WINDOWSsystem32DrtmAuthTxt.wim
2022-03-11 09:01 – 2022-03-11 09:01 – 000000000 ___HD C:$WinREAgent
2022-03-08 17:00 – 2021-11-22 12:23 – 000007202 _____ C:Usersp25leOneDriveDocumentsFCPS SUID.csv
2022-03-08 11:51 – 2022-03-08 11:51 – 000000000 ____D C:Usersp25leAppDataRoamingMicrosoftWindowsStart MenuProgramsZoom
2022-03-08 11:51 – 2022-03-08 11:51 – 000000000 ____D C:Usersp25leAppDataLocalZoom
2022-03-02 12:29 – 2022-03-02 12:32 – 000000000 ____D C:CPS Codeplugs
2022-03-02 12:25 – 2000-08-15 03:01 – 000061440 _____ (TechSmith Corporation) C:WINDOWSSysWOW64tsccvid.dll
2022-03-02 12:24 – 2022-03-02 12:24 – 000002340 _____ C:UsersPublicDesktopAdvanced Keys Administrator R05.lnk
2022-03-02 12:23 – 2022-03-02 12:23 – 000002361 _____ C:UsersPublicDesktopARS Data Administrator Application.lnk
2022-03-02 12:21 – 2022-03-02 12:21 – 000002156 _____ C:UsersPublicDesktopASTRO 25 Portable CPS.lnk
2022-03-02 12:21 – 2022-03-02 12:21 – 000002080 _____ C:UsersPublicDesktopASTRO 25 Tuner.lnk
2022-03-02 12:21 – 2022-03-02 12:21 – 000000169 _____ C:LogFile
2022-03-02 12:21 – 2022-03-02 12:21 – 000000000 ____D C:WINDOWSSysWOW64Macromed
2022-03-02 12:21 – 2022-03-02 12:21 – 000000000 ____D C:Program FilesCommon FilesMotorola
2022-03-02 12:21 – 2013-10-23 05:34 – 000245760 ____R () C:WINDOWSSysWOW64NextGen10.dll
2022-03-02 12:21 – 2013-10-23 05:32 – 000036864 ____R (Motorola) C:WINDOWSSysWOW64NetVRClientLib.dll
2022-03-02 12:21 – 2013-10-23 05:32 – 000021504 ____R ( ) C:WINDOWSSysWOW64Interop.NEXTGENLib.dll
2022-03-02 12:21 – 2013-10-23 05:32 – 000020480 ____R (Motorola) C:WINDOWSSysWOW64EncryptionSink.dll
2022-03-02 12:21 – 2013-10-23 05:32 – 000016384 ____R (Motorola) C:WINDOWSSysWOW64INetVR.dll
2022-03-02 12:21 – 2013-10-23 05:32 – 000005812 ____R C:WINDOWSSysWOW64NetVRClientLib.tlb
2022-03-02 12:21 – 2013-05-07 05:56 – 000102400 ____R (Motorola Solutions, Inc.) C:WINDOWSSysWOW64iBtnWrapperDLL.dll
2022-03-02 12:21 – 2013-05-04 01:21 – 000059437 ____R C:WINDOWSSysWOW64CPSFeatures.enc
2022-03-02 12:21 – 2012-02-17 05:27 – 000343216 ____R (KeyWorks Software) C:WINDOWSSysWOW64KeyHelp.ocx
2022-03-02 12:21 – 2012-02-17 05:23 – 000131196 ____R (Motorola Inc.) C:WINDOWSSysWOW64ByteData10.dll
2022-03-02 12:21 – 2012-02-17 05:23 – 000028672 ____R () C:WINDOWSSysWOW64PNWatcherApp.dll
2022-03-02 12:21 – 2007-10-30 01:04 – 000049152 ____R C:WINDOWSSysWOW64fudally_usb.dll
2022-03-02 12:21 – 2006-10-23 22:26 – 000024576 ____R C:WINDOWSSysWOW64OtapRWCDTimer.dll
2022-03-02 12:21 – 2006-09-09 03:11 – 000122880 ____R (Motorola) C:WINDOWSSysWOW64RadioCustStack10.dll
2022-03-02 12:21 – 2006-09-09 03:11 – 000049152 ____R (Motorola) C:WINDOWSSysWOW64RadioSerial10.dll
2022-03-02 12:21 – 2006-09-09 03:11 – 000049152 ____R () C:WINDOWSSysWOW64PatComm10.dll
2022-03-02 12:21 – 2006-08-19 06:17 – 000061440 ____R (Blue Sky Software Corporation) C:WINDOWSSysWOW64RHGBTN32.DLL
2022-03-02 12:21 – 2006-08-19 06:17 – 000049152 ____R (Blue Sky Software Corporation.) C:WINDOWSSysWOW64inetwh32.dll
2022-03-02 12:21 – 2006-08-19 06:16 – 000077824 ____R (Motorola, Inc.) C:WINDOWSSysWOW64iBtnEncDec.dll
2022-03-02 12:21 – 2006-08-19 06:16 – 000065536 ____R (Motorola, Inc.) C:WINDOWSSysWOW64ConnWinSock10.dll
2022-03-02 12:21 – 2006-08-19 06:16 – 000065536 ____R (Motorola Inc.) C:WINDOWSSysWOW64Macro.dll
2022-03-02 12:21 – 2006-08-19 06:15 – 000061440 ____R (Motorola) C:WINDOWSSysWOW64PortManager10.dll
2022-03-02 12:21 – 2006-08-19 06:13 – 000139264 ____R (Motorola, Inc.) C:WINDOWSSysWOW64EncatenComponent.dll
2022-03-02 12:21 – 2006-08-19 06:13 – 000011366 ____R C:WINDOWSSysWOW64VSAuthD.vxd
2022-03-02 12:21 – 2006-08-19 06:12 – 001056768 ____R (Blue Sky Software Corporation.) C:WINDOWSSysWOW64Roboex32.dll
2022-03-02 12:21 – 2006-08-19 06:12 – 000081920 ____R (Motorola Inc.) C:WINDOWSSysWOW64RemoteProtocols01.dll
2022-03-02 12:20 – 2022-03-02 12:20 – 000000000 ____D C:Program FilesBusiness Objects
2022-03-02 12:16 – 2022-03-02 12:18 – 000000000 ____D C:Usersp25leDownloadsCPS
2022-02-26 11:20 – 2022-02-26 11:20 – 002190090 _____ C:Usersp25leDownloadsNS-42L260A13_Quick Guide Parents TV.pdf
2022-02-26 11:17 – 2022-02-26 11:17 – 026299662 _____ C:Usersp25leDownloadsNS-42L260A13_Parents TV.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-03-26 18:07 – 2020-07-30 20:01 – 000023116 _____ C:Usersp25leDownloadsFRST.txt
2022-03-26 18:06 – 2020-07-30 20:01 – 000000000 ____D C:FRST
2022-03-26 18:03 – 2018-03-15 16:29 – 000000000 ____D C:Program Files (x86)Google
2022-03-26 18:00 – 2020-10-24 13:24 – 000000000 ____D C:WINDOWSsystem32SleepStudy
2022-03-26 17:58 – 2019-12-07 05:14 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft
2022-03-26 17:28 – 2020-03-15 16:05 – 000000000 ____D C:Usersp25leOneDriveDocumentsTaxes
2022-03-26 17:24 – 2019-12-07 05:03 – 000032768 _____ C:WINDOWSsystem32configELAM
2022-03-26 16:13 – 2017-07-19 15:34 – 000000000 ____D C:Program Files (x86)TeamViewer
2022-03-26 15:27 – 2017-01-05 12:21 – 000000000 ____D C:Usersp25leAppDataLocalLowMozilla
2022-03-26 12:19 – 2019-12-07 05:14 – 000000000 ___HD C:Program FilesWindowsApps
2022-03-26 12:19 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSAppReadiness
2022-03-26 11:54 – 2022-02-08 20:26 – 000000000 ____D C:ProgramDataMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-03-26 11:53 – 2021-12-15 19:53 – 000003588 _____ C:WINDOWSsystem32TasksOneDrive Reporting Task-S-1-5-21-1887484211-3759002925-666383739-1001
2022-03-26 11:53 – 2020-10-24 17:11 – 000498370 _____ C:WINDOWSsystem32perfh012.dat
2022-03-26 11:53 – 2020-10-24 17:11 – 000133042 _____ C:WINDOWSsystem32perfc012.dat
2022-03-26 11:53 – 2020-10-24 13:35 – 001461374 _____ C:WINDOWSsystem32PerfStringBackup.INI
2022-03-26 11:53 – 2020-10-24 13:32 – 000003378 _____ C:WINDOWSsystem32TasksOneDrive Standalone Update Task-S-1-5-21-1887484211-3759002925-666383739-1001
2022-03-26 11:53 – 2020-10-24 13:26 – 000002436 _____ C:Usersp25leAppDataRoamingMicrosoftWindowsStart MenuProgramsOneDrive.lnk
2022-03-26 11:53 – 2019-12-07 05:13 – 000000000 ____D C:WINDOWSINF
2022-03-26 11:49 – 2018-04-07 11:17 – 000000000 ____D C:Program FilesCCleaner
2022-03-26 11:47 – 2020-10-24 13:32 – 000000006 ____H C:WINDOWSTasksSA.DAT
2022-03-26 11:47 – 2020-10-24 13:26 – 000000000 ____D C:Usersp25le
2022-03-26 11:47 – 2020-10-24 13:24 – 000008192 ___SH C:DumpStack.log.tmp
2022-03-26 11:47 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSServiceState
2022-03-26 11:47 – 2017-01-05 12:20 – 000000000 ____D C:Program Files (x86)Mozilla Maintenance Service
2022-03-26 10:47 – 2020-06-22 13:52 – 000002448 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk
2022-03-25 13:15 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32WinBioDatabase
2022-03-25 13:12 – 2021-10-09 08:58 – 000000000 ____D C:WINDOWSsystem32TasksMozilla
2022-03-25 13:12 – 2017-01-05 12:20 – 000001238 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsFirefox.lnk
2022-03-25 10:56 – 2017-11-29 08:41 – 000000000 ____D C:Usersp25leAppDataLocalCrashDumps
2022-03-25 10:54 – 2020-11-24 15:37 – 000002146 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsAcrobat Reader DC.lnk
2022-03-23 10:00 – 2018-03-15 16:29 – 000002311 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk
2022-03-23 08:20 – 2020-10-24 13:32 – 000004210 _____ C:WINDOWSsystem32TasksCCleaner Update
2022-03-17 20:39 – 2016-08-10 22:27 – 000000000 ____D C:Program Files (x86)Microsoft Office
2022-03-17 20:07 – 2018-02-14 22:07 – 000000000 ____D C:WINDOWSsystem32Driverswd
2022-03-12 09:51 – 2020-10-24 13:24 – 000455032 _____ C:WINDOWSsystem32FNTCACHE.DAT
2022-03-12 09:51 – 2019-12-07 05:03 – 000786432 _____ C:WINDOWSsystem32configBBI
2022-03-12 09:51 – 2017-09-17 17:42 – 000041448 _____ C:WINDOWSsystem32OV8865_REAR.aiqd
2022-03-12 09:51 – 2017-01-06 21:08 – 000041448 _____ C:WINDOWSsystem32OV5693_FRONT.aiqd
2022-03-12 09:51 – 2017-01-06 21:08 – 000040190 _____ C:WINDOWSsystem32OV7251_FRONT.aiqd
2022-03-12 09:50 – 2019-12-07 05:54 – 000000000 ___SD C:WINDOWSsystem32AppV
2022-03-12 09:50 – 2019-12-07 05:54 – 000000000 ____D C:Program FilesWindows Defender Advanced Threat Protection
2022-03-12 09:50 – 2019-12-07 05:14 – 000000000 ___RD C:WINDOWSImmersiveControlPanel
2022-03-12 09:50 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSystemResources
2022-03-12 09:50 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32WinBioPlugIns
2022-03-12 09:50 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32oobe
2022-03-12 09:50 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32migwiz
2022-03-12 09:50 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSPolicyDefinitions
2022-03-12 09:50 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSbcastdvr
2022-03-12 09:50 – 2019-12-07 05:03 – 000000000 ____D C:WINDOWSservicing
2022-03-11 09:11 – 2020-10-04 20:17 – 000000000 ____D C:Program FilesMicrosoft Update Health Tools
2022-03-11 09:11 – 2019-12-07 05:03 – 000000000 ____D C:WINDOWSCbsTemp
2022-03-11 09:08 – 2020-10-24 13:27 – 002877952 _____ (Microsoft Corporation) C:WINDOWSSysWOW64PrintConfig.dll
2022-03-11 09:01 – 2017-01-06 11:26 – 000000000 ____D C:WINDOWSsystem32MRT
2022-03-11 08:59 – 2017-01-06 11:26 – 145666720 ____C (Microsoft Corporation) C:WINDOWSsystem32MRT.exe
2022-03-09 21:04 – 2020-08-14 15:32 – 000002043 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes.lnk
2022-03-09 21:02 – 2020-01-24 08:27 – 000000000 ____D C:ProgramDataMalwarebytes
2022-03-09 21:02 – 2020-01-24 08:26 – 000000000 ____D C:Program FilesMalwarebytes
2022-03-09 09:13 – 2020-10-24 19:47 – 000003386 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineCore1d6aa2b5260a567
2022-03-09 09:13 – 2020-10-24 13:32 – 000003480 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineUA
2022-03-08 11:51 – 2020-06-27 09:32 – 000000000 ____D C:Usersp25leAppDataRoamingZoom
2022-03-02 13:58 – 2018-05-31 09:16 – 000000000 ____D C:ProgramDataMotorola
2022-03-02 12:24 – 2017-05-08 10:11 – 000000000 ____D C:Program Files (x86)Motorola
2022-03-02 12:24 – 2017-02-16 08:36 – 000000000 ____D C:ProgramDataSolarWinds
2022-03-02 12:24 – 2012-10-08 02:53 – 000180224 _____ C:Usersp25leOneDriveDocumentsIP-Address-Tracker.IPDB
2022-03-02 12:23 – 2017-05-21 09:46 – 000000000 ____D C:Usersp25leAppDataLocalDownloaded Installations
2022-03-02 12:23 – 2017-05-12 16:54 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsMotorola
2022-03-02 12:21 – 2018-05-31 09:16 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuPrograms1-Wire Drivers x64
2022-03-02 12:21 – 2017-02-16 08:38 – 000000000 ___HD C:Program Files (x86)InstallShield Installation Information

==================== Files in the root of some directories ========

2021-12-22 18:22 – 2016-04-21 23:14 – 003539372 _____ (Red Hat) C:Usersp25lecygwin1.dll
2021-12-22 18:22 – 2016-06-09 11:30 – 000468748 _____ () C:Usersp25leiperf3.exe
2017-07-10 13:58 – 2020-05-12 16:02 – 000000119 _____ () C:Usersp25leAppDataLocalGenLink-DCP_AppexePath.txt
2017-07-10 14:05 – 2017-07-10 14:05 – 000000007 _____ () C:Usersp25leAppDataLocalGenLink-DCP_Challenge.txt
2017-07-10 13:58 – 2020-05-12 16:02 – 000008830 _____ () C:Usersp25leAppDataLocalGenLink-DCP_Connections.xml
2017-07-10 14:21 – 2017-07-10 14:21 – 000002881 _____ () C:Usersp25leAppDataLocalGenLink-DCP_tSetting.xml
2017-07-24 15:34 – 2022-01-13 12:35 – 000000600 _____ () C:Usersp25leAppDataLocalPUTTY.RND
2022-02-13 20:34 – 2022-02-13 20:34 – 000000856 _____ () C:Usersp25leAppDataLocalrecently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

**************************************************************************************************************************************

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-03-2022
Ran by p25le (26-03-2022 18:08:02)
Running from C:Usersp25leDownloads
Microsoft Windows 10 Pro Version 21H2 19044.1586 (X64) (2020-10-24 17:32:44)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1887484211-3759002925-666383739-500 – Administrator – Disabled)
DefaultAccount (S-1-5-21-1887484211-3759002925-666383739-503 – Limited – Disabled)
defaultuser0 (S-1-5-21-1887484211-3759002925-666383739-1000 – Limited – Disabled) => C:Usersdefaultuser0
Guest (S-1-5-21-1887484211-3759002925-666383739-501 – Limited – Disabled)
p25le (S-1-5-21-1887484211-3759002925-666383739-1001 – Administrator – Enabled) => C:Usersp25le
WDAGUtilityAccount (S-1-5-21-1887484211-3759002925-666383739-504 – Limited – Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled – Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1-Wire Drivers Version 4.03 Beta x64 (HKLM…{0041F5D9-B2C5-4007-90B2-60F65DAEF492}) (Version: 4.0.3 – Maxim Integrated Products)
64 Bit HP CIO Components Installer (HKLM…{C788B026-20BD-4E96-B698-533F1D6C5013}) (Version: 7.2.4 – Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32…{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 22.001.20085 – Adobe Systems Incorporated)
Akai F9 Instruments Beats Edition (HKLM-x32…Akai F9 Instruments Beats Edition_is1) (Version:  – )
Akai MPC Beats Demos and Templates (HKLM-x32…Akai MPC Beats Demos and Templates_is1) (Version:  – )
Akai MPC Beats Producer Kits (HKLM-x32…Akai MPC Beats Producer Kits_is1) (Version:  – )
Amazon Kindle (HKUS-1-5-21-1887484211-3759002925-666383739-1001…Amazon Kindle) (Version: 1.20.1.47037 – Amazon)
ApxFamilyCPS R26.00.00 (HKLM-x32…{EF84F894-32BA-4896-A98E-A687C5649D88}) (Version: 26.00.00 – Motorola Solutions, Inc.)
AquaFlow 4 (HKLM-x32…{2A879759-1C81-434C-9DCD-C0CFA81EB2C5}) (Version: 4.00.0000 – Toro)
ARS Data Administrator Application (HKLM-x32…{BC9D2BCD-DFEB-4F24-8EA2-1BE06DFB1C75}) (Version: 6.0.0 – Motorola Solutions, Inc.)
ASTRO 25 Portable CPS (HKLM-x32…{11CD1FA0-4EF4-11D5-A76E-0010B575AE4F}) (Version: 20.01.000 – Motorola)
ASTRO 25 Tuner (HKLM-x32…{15FDC91B-14DC-11D6-A3E7-00108302D343}) (Version: 5.04.004 – Motorola)
AX88179_AX88178A Windows 8.x Drivers (HKLM-x32…{3F6FA5FF-2ACF-4466-B975-7A2B8D5640DD}) (Version: 3.0.2.0 – ASIX Electronics Corporation) Hidden
AX88179_AX88178A Windows 8.x Drivers (HKLM-x32…InstallShield_{3F6FA5FF-2ACF-4466-B975-7A2B8D5640DD}) (Version: 3.0.2.0 – ASIX Electronics Corporation)
Bonjour (HKLM…{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 – Apple Inc.)
Bonjour SDK (HKLM…{C0F5A19A-055A-4902-9D41-864127BFAF11}) (Version: 3.0.0.10 – Apple Inc.)
CCleaner (HKLM…CCleaner) (Version: 5.87 – Piriform)
CeraView (HKLM-x32…CeraView) (Version: 1.0.0.0 – Ceragon Networks)
ChildKeyMakerSetup (HKLM-x32…{02BC627C-6B32-4037-8427-F6B63CDC0CF2}) (Version: 1.1.0 – BK Technologies)
Cisco Webex Meetings (HKUS-1-5-21-1887484211-3759002925-666383739-1001…ActiveTouchMeetingClient) (Version:  – Cisco Webex LLC)
commsbepx64 (HKLM-x32…{4DE6220A-E1A4-4AFF-A554-97DDBCFC3341}) (Version: 1.00.0000 – Motorola) Hidden
commsbepx64 (HKLM-x32…InstallShield_{4DE6220A-E1A4-4AFF-A554-97DDBCFC3341}) (Version: 1.00.0000 – Motorola)
Crestron CCS-UC-SB-1 DFU Driver v1.11.1 (HKLM-x32…Software_Crestron_Crestron_CCSUCSB1_USBDFU_Driver_DriverSetup) (Version: 1.11.1 – Crestron)
Crestron Toolbox 3.07.323.00 (HKLM-x32…{1B52BC01-2F6E-4FAE-BB09-1F28D2BF1D63}_is1) (Version: 3.07.323.00 – Crestron Electronics Inc.)
Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (HKLM…{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}) (Version: 10.5.0.0 – Business Objects)
DTC-Explorer (HKLM-x32…{609F7F6F-BAC4-440D-B0D9-62B7B4865797}) (Version: 1.0.0 – Default Company Name)
FileZilla Client 3.50.0 (HKLM-x32…FileZilla Client) (Version: 3.50.0 – Tim Kosse)
FileZilla Server (HKLM-x32…FileZilla Server) (Version: beta 0.9.60 – FileZilla Project)
GenLink (HKUS-1-5-21-1887484211-3759002925-666383739-1001…589c97581c8f56c4) (Version: 4.10.1.718 – Generac Power Systems)
GIMP 2.10.30 (HKLM…GIMP-2_is1) (Version: 2.10.30 – The GIMP Team)
Glide And Switch Configuration Application (HKLM-x32…{8756F55E-48A6-4264-874D-5E1F2DCC5280}) (Version: 1.10 – Black Box Network Services Ltd.)
Glide And Switch Multi-Monitor Driver (HKLM-x32…{8CF55B8D-D72F-4FFE-B3BD-0E52C55586AE}) (Version: 1.8 – Black Box Network Services Ltd.)
Global VPN Client (HKLM…{7D7ED176-EA00-4B2B-B421-AA19A451F650}) (Version: 4.10.2 – SonicWall)
Google Chrome (HKLM…{EE5105B0-ACE8-380B-84CC-C30152545FC4}) (Version: 99.0.4844.82 – Google, Inc.)
GoTo Opener (HKLM-x32…{C0F33C38-345C-4C02-B161-11389350C2A5}) (Version: 1.0.533 – LogMeIn, Inc.)
GoToMeeting 10.18.0.19932 (HKUS-1-5-21-1887484211-3759002925-666383739-1001…GoToMeeting) (Version: 10.18.0.19932 – LogMeIn, Inc.)
GPL Ghostscript (HKLM…GPL Ghostscript 9.23) (Version: 9.23 – Artifex Software Inc.)
Harris Advanced Access Control (HKLM-x32…{F20BA74F-6BA8-4597-8BF3-A3CC37816E33}) (Version: 3.0.1 – Harris Corporation)
Harris Radio USB Driver (x64) (HKLM…{C268B729-27E9-47FD-88C7-F64C20AE84FF}) (Version: 3.0.1 – Harris Corporation) Hidden
Harris Radio USB Driver (x64) (HKLM-x32…InstallShield_{C268B729-27E9-47FD-88C7-F64C20AE84FF}) (Version: 3.0.1 – Harris Corporation)
IIS 7.5 Express (HKLM-x32…{3A30B5F5-F12C-490F-8CD4-D200C75DF7E8}) (Version: 7.5.1190 – Microsoft Corporation)
Inkscape (HKLM-x32…Inkscape) (Version: 1.0.0- – Inkscape)
KakaoTalk (HKLM-x32…KakaoTalk) (Version: 2.6.4.1702 – Kakao Corp.)
KeePass Password Safe 2.50 (HKLM-x32…KeePassPasswordSafe2_is1) (Version: 2.50 – Dominik Reichl)
Lantronix CPR 4.3.0.3 (x64) (HKLM…{CF320F15-3905-49C0-8DE0-AC783CD131B7}) (Version: 43.00.3500 – Lantronix)
Lantronix DeviceInstaller 4.4.0.0 (x64) (HKLM…{5BC674A8-197F-42CA-B43A-B67E01CA2380}) (Version: 44.00.0500 – Lantronix)
Lightning Light All-in-one (5.5.0f)  2.1.9 (HKLM-x32…Lightning Light All-in-one (5.5.0f) ) (Version: 2.1.9 – BK Technologies)
Loupedeck 5.0.3.10496 (HKLM…{06BBE50E-C905-4791-AF7C-208779F51FCE}) (Version: 5.0.3.10496 – LoupeDeck Ltd) Hidden
Loupedeck 5.0.3.10496 (HKLM-x32…{4416febc-6481-42a6-af54-5b51880224f9}) (Version: 5.0.3.10496 – LoupeDeck Ltd)
Malwarebytes version 4.5.5.175 (HKLM…{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.5.175 – Malwarebytes)
Microsoft 365 – en-us (HKLM…O365HomePremRetail – en-us) (Version: 16.0.14931.20132 – Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32…{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 – Microsoft Corporation)
Microsoft Edge (HKLM-x32…Microsoft Edge) (Version: 99.0.1150.52 – Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32…Microsoft EdgeWebView) (Version: 99.0.1150.46 – Microsoft Corporation)
Microsoft OneDrive (HKUS-1-5-21-1887484211-3759002925-666383739-1001…OneDriveSetup.exe) (Version: 22.045.0227.0004 – Microsoft Corporation)
Microsoft Teams (HKUS-1-5-21-1887484211-3759002925-666383739-1001…Teams) (Version: 1.4.00.26376 – Microsoft Corporation)
Microsoft Update Health Tools (HKLM…{5016990D-7F61-4A20-9451-A915D6616DD9}) (Version: 3.66.0.0 – Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32…{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 – Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable – 10.0.40219 (HKLM-x32…{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 – Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) – 11.0.60610 (HKLM-x32…{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.30501 (HKLM-x32…{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.30501 (HKLM-x32…{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 – Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) – 14.28.29334 (HKLM-x32…{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 – Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) – 14.23.27820 (HKLM-x32…{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 – Microsoft Corporation)
Motorola Professional Radio CPS-R06.12.09 (HKLM-x32…ProRadio CPS R06.12.09) (Version:  – )
Mozilla Firefox (x64 en-US) (HKLM…Mozilla Firefox 98.0.2 (x64 en-US)) (Version: 98.0.2 – Mozilla)
Mozilla Maintenance Service (HKLM-x32…MozillaMaintenanceService) (Version: 98.0.2.8116 – Mozilla)
MPC Beats 2.8.3 (HKLM…com.akaipro.mpc.beats_is1) (Version: 2.8.3 – Akai Professional)
NetMaster (HKLM-x32…NetMaster) (Version: 17.1.0.467 – )
Notepad++ (64-bit x64) (HKLM…Notepad++) (Version: 8.1.5 – Notepad++ Team)
Npcap (HKLM-x32…NpcapInst) (Version: 1.00 – Nmap Project)
OBS Studio (HKLM-x32…OBS Studio) (Version: 26.1.1 – OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM-x32…{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14931.20010 – Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM…{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14931.20072 – Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM…{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14931.20094 – Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32…{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 – Microsoft Corporation) Hidden
OfficeSuite HD Meeting (HKUS-1-5-21-1887484211-3759002925-666383739-1001…BVNMeetings) (Version: 4.5 – Windstream Communications.)
OneWireDrivers_x64 (HKLM…{BDC6BC53-E025-443C-B20B-9368025A1E75}) (Version: 4.0.4 – Maxim Integrated)
Oracle VM VirtualBox 6.0.6 (HKLM…{6C89B405-9910-446E-A6A9-7B15A09513D3}) (Version: 6.0.6 – Oracle Corporation)
Radio Editing Software 5.5.3 (HKLM…3984-3023-0985-0412) (Version: 5.5.3 – BK Technologies)
Radio Editing Software 5.8.17 (HKLM…3984-3023-0985-0413) (Version: 5.8.17 – BK Technologies)
Radio Personality Manager 2 (HKLM-x32…{9802A480-9A3C-4A38-A0FC-5257EC82F9B5}) (Version: 6.6.6.50036 – Harris Corporation)
Realtek USB Ethernet Controller All-In-One Windows Driver (HKLM-x32…{04201224-2B34-4EE7-862B-B7BBF89DB3AB}) (Version: 10.5.1019.2015 – Realtek)
Recuva (HKLM…Recuva) (Version: 1.53 – Piriform)
Sentinel Runtime (HKLM-x32…{37E929BF-F5E3-4097-BF41-C1CE20CB797A}) (Version: 8.11.42480.60000 – Thales)
Skype Meetings App (HKLM-x32…{BC1D9E47-8927-4AA1-A891-7763BC2475B7}) (Version: 16.2.0.511 – Microsoft Corporation)
Skype™ 7.40 (HKLM-x32…{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 – Skype Technologies S.A.)
SolarWinds IP Address Tracker (HKLM-x32…InstallShield_{41505E91-CB79-475C-9FC4-8C6A9B613A18}) (Version: 1 – SolarWinds)
SolarWinds TFTP Server (HKLM-x32…{7EE86A3F-8107-486F-8E97-041F49578E73}) (Version: 10.9.1.33 – SolarWinds)
Tait DMR and P25 Terminals Calibration Application 2.31.1.129 (HKLM-x32…{6DD2D2D2-B749-46E9-B9E4-C600C419E5C1}) (Version: 2.31.1.129 – Tait Communications)
Tait Firmware Upgrade Tool 1.34.0.33 (HKLM-x32…{30847C8C-BA58-44D5-974E-5876E9325C2B}) (Version: 1.34.0.33 – Tait Communications)
Tait P25 Terminals Programming Application 2.21.0.145 (HKLM-x32…{CE6C5298-E349-4A80-94A5-123D8C6BF476}) (Version: 2.21.0.145 – Tait Communications)
Tait TB9100 CSS 3.96.01-en (HKLM-x32…{F1263F6F-EEE2-4C49-A835-B5A82E361CC3}) (Version: 3.96.01-en – Tait Communications)
Tait USB Programming Cable Drivers 2.9.1.2 (HKLM…{1885BEA6-C640-4F69-909E-B1E3DE060C3E}) (Version: 2.9.1.2 – Tait Communications)
TASCAM DR FILE TRANSFER version 1.00 (HKLM-x32…{810B717A-25B6-45B9-903C-DE2EEBE3D978}_is1) (Version: 1.00 – TEAC Corporation)
TeamViewer 12 (HKLM-x32…TeamViewer) (Version: 12.0.132598 – TeamViewer)
TightVNC (HKLM…{361FB9AD-9238-4E87-8CFB-4126752A79F8}) (Version: 2.8.63.0 – GlavSoft LLC.)
Tuner R02.18.00 for Motorola Solutions Professional and Entry Level Radios (HKLM-x32…{4FE6CF38-2FE5-4426-A198-B5885B378DB5}) (Version: R02.18.00 – Motorola Solutions)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM…{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 – Microsoft Corporation)
USBPcap 1.2.0.4 (HKLM…USBPcap) (Version: 1.2.0.4 – Tomasz Mon)
Windows Driver Package – Crestron Electronics Inc. (WinUSB) Crestron  (01/23/2018 3.0.0.0) (HKLM…8B38028CEF858FCC39F58756DACD894026EFE962) (Version: 01/23/2018 3.0.0.0 – Crestron Electronics Inc.)
Windows Driver Package – FTDI CDM Driver Package – Bus/D2XX Driver (06/16/2016 2.12.18) (HKLM…DA1835CFE32A9AC83DB6E43B97BFA11B3370C6EF) (Version: 06/16/2016 2.12.18 – FTDI)
Windows Driver Package – FTDI CDM Driver Package – VCP Driver (06/16/2016 2.12.18) (HKLM…6EAA08A5E2AD00C7655B428E929CCC5DC3603600) (Version: 06/16/2016 2.12.18 – FTDI)
Windows Driver Package – Motorola (usbser) Modem  (11/26/2012 6.1.7600.0) (HKLM…3E2CB458B662155AE7496A44B322DF79B0B26141) (Version: 11/26/2012 6.1.7600.0 – Motorola)
Windows Driver Package – Motorola Corporation (CommSbep) CommSbep  (08/17/2011 5.1.0.0) (HKLM…DCB010440345929E947922BB7FD7BA6A056D744C) (Version: 08/17/2011 5.1.0.0 – Motorola Corporation)
Windows Driver Package – Motorola Solutions, Inc. (fudally) MotorolaUSBFlashZap  (02/17/2012 03.05.00.00) (HKLM…99A33EE7E3B07A41DC270DDC562488CD01FEB0FF) (Version: 02/17/2012 03.05.00.00 – Motorola Solutions, Inc.)
Windows Driver Package – Motorola Solutions, Inc. Net  (09/27/2021 6.1.7072.1) (HKLM…BD578013FF4D59761BA71E2147EFD9182D900DBA) (Version: 09/27/2021 6.1.7072.1 – Motorola Solutions, Inc.)
Windows Driver Package – Tait Electronics Ltd TPK-SV-009 Programming Cable Bus Driver Package (11/16/2010 2.08.02) (HKLM…1ED53858E0513201684360DE097935C5A815483F) (Version: 11/16/2010 2.08.02 – Tait Electronics Ltd)
Windows Driver Package – Tait Electronics Ltd TPK-SV-009 Programming Cable Bus Driver Package (11/16/2010 2.08.02) (HKLM…4B13007D9C382BD1F5C53C741F0E9E70E97DA8D2) (Version: 11/16/2010 2.08.02 – Tait Electronics Ltd)
Windows PC Health Check (HKLM…{014B7442-C784-45D3-A152-F7D2C651F28A}) (Version: 3.3.2110.22002 – Microsoft Corporation)
Windows PC Health Check (HKLM…{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 – Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32…WinPcapInst) (Version: 4.1.0.2980 – Riverbed Technology, Inc.)
WinSIPP3 (HKLM-x32…{A0BEC8BA-236B-4B4A-A77B-3721497F5C3D}) (Version: 1.1.26 – Senninger Irrigation)
Wireshark 3.4.2 64-bit (HKLM-x32…Wireshark) (Version: 3.4.2 – The Wireshark developer community, hxxps://www.wireshark.org)
Zoom (HKUS-1-5-21-1887484211-3759002925-666383739-1001…ZoomUMX) (Version: 5.9.7 (3931) – Zoom Video Communications, Inc.)

Packages:
=========
Adobe Reader Touch -> C:Program FilesWindowsAppsAdobeSystemsIncorporated.AdobeReader_3.1.8.7675_x86__ynb6jyjzte8ga [2018-01-04] (Adobe Systems Incorporated)
Candy Crush Soda Saga -> C:Program FilesWindowsAppsking.com.CandyCrushSodaSaga_1.214.500.0_x64__kgqvnymyfvs32 [2022-03-25] (king.com)
Drawboard PDF -> C:Program FilesWindowsAppsDRAWBOARD.DRAWBOARDPDF_6.11.15.0_x64__gqbn7fs4pywxm [2022-03-25] (Drawboard)
Duplicates Cleaner -> C:Program FilesWindowsApps6655kaeros.DuplicatesCleaner_3.70.32.0_x64__wbzechdf9an1w [2022-01-23] (kaeros)
Facebook -> C:Program FilesWindowsAppsFACEBOOK.FACEBOOK_2021.927.1.0_neutral__8xx8rvfyw5nnt [2021-10-01] (Facebook Inc)
HP Smart -> C:Program FilesWindowsAppsAD2F1837.HPPrinterControl_135.1.385.0_x64__v10z8vjag6ke6 [2022-03-25] (HP Inc.)
IPCam Monitor -> C:Program FilesWindowsApps6951GoldenPot.IPCamMonitor_2.2.1129.0_x64__0r2skntwd5byc [2020-10-19] (Golden Pot) [MS Ad]
Learn Korean with KBUBBLES -> C:Program FilesWindowsApps13860prettycoolgames.com.LEARNKOREANWITHKBUBBLES_3.3.5.0_x64__2pynqzk7nn1x6 [2020-03-11] (prettycoolgames.com)
Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:Program FilesWindowsAppsMicrosoft.MicrosoftSolitaireCollection_4.12.3171.0_x64__8wekyb3d8bbwe [2022-03-26] (Microsoft Studios) [MS Ad]
Microsoft Whiteboard -> C:Program FilesWindowsAppsMicrosoft.Whiteboard_52.10201.5809.0_x64__8wekyb3d8bbwe [2022-02-03] (Microsoft Corporation)
Minecraft for Windows 10 -> C:Program FilesWindowsAppsMicrosoft.MinecraftUWP_1.18.1201.0_x64__8wekyb3d8bbwe [2022-02-16] (Microsoft Studios)
Music Maker Jam -> C:Program FilesWindowsAppsMAGIX.MusicMakerJam_3.1.1.0_x64__a2t3txkz9j1jw [2020-01-19] (MAGIX)
Photos Add-on -> C:Program FilesWindowsAppsMicrosoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-09-24] (Microsoft Corporation)
Photos Media Engine Add-on -> C:Program FilesWindowsAppsMicrosoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-07-12] (Microsoft Corporation)
Picsart – Photo Studio -> C:Program FilesWindowsApps2FE3CB00.PICSART-PHOTOSTUDIO_9.4.0.0_x64__crhqpqs3x1ygc [2021-10-25] (PicsArt Inc.)
Royal Revolt 2 -> C:Program FilesWindowsAppsflaregamesGmbH.RoyalRevolt2_7.5.0.0_x86__g0q0z3kw54rap [2022-01-31] (flaregames GmbH)
Surface -> C:Program FilesWindowsAppsMicrosoft.SurfaceHub_61.3036.139.0_x64__8wekyb3d8bbwe [2022-03-25] (Microsoft Corporation)
Twitter -> C:Program FilesWindowsApps9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-14] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKUS-1-5-21-1887484211-3759002925-666383739-1001_ClassesCLSID{1019ADC7-17CB-4489-AFD5-6642C7400ACE}localserver32 -> C:Usersp25leAppDataLocalWebexWebexApplicationsptOIEx64.exe (Cisco WebEx LLC -> Cisco WebEx LLC)
CustomCLSID: HKUS-1-5-21-1887484211-3759002925-666383739-1001_ClassesCLSID{19A6E644-14E6-4A60-B8D7-DD20610A871D}InprocServer32 -> C:Usersp25leAppDataLocalMicrosoftTeamsMeetingAddin1.0.21161.4x64Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKUS-1-5-21-1887484211-3759002925-666383739-1001_ClassesCLSID{3E3AD4BD-346A-460A-80E8-90699B75C00B}InprocServer32 -> C:Usersp25leAppDataLocalMicrosoftSkypeForBusinessPlugin16.2.0.511GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKUS-1-5-21-1887484211-3759002925-666383739-1001_ClassesCLSID{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}InprocServer32 -> C:Usersp25leAppDataLocalGoToMeeting16786G2MOutlookAddin64.dll => No File
CustomCLSID: HKUS-1-5-21-1887484211-3759002925-666383739-1001_ClassesCLSID{AEECE333-8900-4915-9697-7A0B4034B3D8}InprocServer32 -> C:Usersp25leAppDataLocalWebexWebexApplicationsptWbxMS64.dll (Cisco WebEx LLC -> Cisco WebEx LLC)
CustomCLSID: HKUS-1-5-21-1887484211-3759002925-666383739-1001_ClassesCLSID{BAEE998A-9C95-4966-8E52-DBCA67D8482A}InprocServer32 -> C:Usersp25leAppDataLocalWebexWebexApplicationsptoiEnt64.dll (Cisco WebEx LLC -> Cisco WebEx LLC)
CustomCLSID: HKUS-1-5-21-1887484211-3759002925-666383739-1001_ClassesCLSID{C3741FD4-FABE-4C36-88E7-40C0C09FCE8D}InprocServer32 -> C:Usersp25leAppDataLocalWebexWebexApplicationsptWbxMS64.dll (Cisco WebEx LLC -> Cisco WebEx LLC)
CustomCLSID: HKUS-1-5-21-1887484211-3759002925-666383739-1001_ClassesCLSID{E8D0CE8D-BC70-4025-978F-E86068362730}InprocServer32 -> C:Usersp25leAppDataLocalWebexWebexApplicationsptusredt64.dll (Cisco WebEx LLC -> Cisco WebEx LLC)
CustomCLSID: HKUS-1-5-21-1887484211-3759002925-666383739-1001_ClassesCLSID{EA47D2DE-76CC-4138-97FF-A62F9D28A341}InprocServer32 -> C:Usersp25leAppDataLocalWebexWebexApplicationsptolkadd64.dll (Cisco WebEx LLC -> Cisco WebEx LLC)
CustomCLSID: HKUS-1-5-21-1887484211-3759002925-666383739-1001_ClassesCLSID{F6E0DEDD-F6D5-4195-BE2D-AB628A0BBDF4}InprocServer32 -> C:Usersp25leAppDataLocalWebexWebexApplicationsptWbxMS64.dll (Cisco WebEx LLC -> Cisco WebEx LLC)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:Program FilesNotepad++NppShell_06.dll [2020-06-04] (Notepad++ -> )
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2020-01-24] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:Program FilesRecuvaRecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2020-01-24] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:Program FilesRecuvaRecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM…Drivers32: [vidc.tscc] => C:WindowsSysWOW64tsccvid.dll [61440 2000-08-15] (TechSmith Corporation) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2010-01-18 13:29 – 2010-01-18 13:29 – 000071680 _____ (Hewlett-Packard) [File not signed] c:windowssystem32hpzinw12.dll
2010-01-18 13:29 – 2010-01-18 13:29 – 000089600 _____ (Hewlett-Packard) [File not signed] c:windowssystem32hpzipm12.dll
2013-11-25 07:16 – 2013-11-25 07:16 – 000016384 _____ (SolarWinds) [File not signed] [File is in use] C:Program Files (x86)SolarWindsTFTP ServerDataStorage.dll
2013-11-25 07:15 – 2013-11-25 07:15 – 000023552 _____ (SolarWinds) [File not signed] [File is in use] C:Program Files (x86)SolarWindsTFTP ServerSolarWinds.Net.ApplicationImprovementProgramLibrary.dll
2013-11-25 07:15 – 2013-11-25 07:15 – 000026624 _____ (SolarWinds) [File not signed] [File is in use] C:Program Files (x86)SolarWindsTFTP ServerTFTPServerRemoteObject.dll
2013-11-25 07:15 – 2013-11-25 07:15 – 000076800 _____ (SolarWinds) [File not signed] [File is in use] C:Program Files (x86)SolarWindsTFTP ServerTFTPServerStringResources.dll
2013-11-25 07:15 – 2013-11-25 07:15 – 000016384 _____ (SolarWinds) [File not signed] [File is in use] C:Program Files (x86)SolarWindsTFTP ServerTranslationManager.dll
2013-11-25 07:15 – 2013-11-25 07:15 – 000016896 _____ (SolarWinds.net) [File not signed] [File is in use] C:Program Files (x86)SolarWindsTFTP ServerSolarWinds.Logging.dll
2017-04-28 11:37 – 2017-04-28 11:37 – 000099840 _____ (SonicWall Inc.) [File not signed] C:Program FilesSonicWallGlobal VPN ClientSWCommon.dll
2017-04-28 11:37 – 2017-04-28 11:37 – 000323072 _____ (SonicWall Inc.) [File not signed] C:Program FilesSonicWallGlobal VPN ClientSWIPHlp.dll
2006-03-30 14:24 – 2006-03-30 14:24 – 000270336 _____ (The Apache Software Foundation) [File not signed] [File is in use] C:Program Files (x86)SolarWindsTFTP Serverlog4net.dll
2017-02-06 09:25 – 2017-02-06 09:25 – 001412608 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:Program Files (x86)FileZilla Serverlibeay32.dll
2017-02-06 09:25 – 2017-02-06 09:25 – 000365056 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:Program Files (x86)FileZilla Serverssleay32.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMBAMService => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMBAMService => “”=”Service”

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:Program Files (x86)Microsoft OfficerootVFSProgramFilesX64Microsoft OfficeOffice16OCHelper.dll [2022-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 – {83C25742-A9F7-49FB-9138-434302C88D07} – C:Program Files (x86)Microsoft OfficerootOffice16MSOSB.DLL [2022-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program Files (x86)Microsoft OfficerootOffice16MSOSB.DLL [2022-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program Files (x86)Microsoft OfficerootOffice16MSOSB.DLL [2022-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 – {5504BE45-A83B-4808-900A-3A5C36E7F77A} – C:Program Files (x86)Microsoft OfficerootOffice16MSOSB.DLL [2022-03-05] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 07:47 – 2016-07-16 07:45 – 000000824 _____ C:WINDOWSsystem32driversetchosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLMSystemCurrentControlSetControlSession ManagerEnvironment\Path -> C:ProgramDataOracleJavajavapath;%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;%SYSTEMROOT%System32WindowsPowerShellv1.0;C:Program Files (x86)SkypePhone;C:Program Filesgsgs9.23bin;C:Program Filesgsgs9.23lib;;%SYSTEMROOT%System32OpenSSH;C:Program Files (x86)CeraView;C:Program Files (x86)NetMasterCLI_Reports
HKUS-1-5-21-1887484211-3759002925-666383739-1000Control PanelDesktop\Wallpaper -> C:WindowsWebWallpaperWindowsimg0.jpg
HKUS-1-5-21-1887484211-3759002925-666383739-1001Control PanelDesktop\Wallpaper -> C:Usersp25leAppDataRoamingMicrosoftWindowsThemesTranscodedWallpaper
DNS Servers: 192.168.1.1
HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Ethernet: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Ethernet: DNE LightWeight Filter -> dni_dne (enabled)
Ethernet 2: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Ethernet 2: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Ethernet 2: DNE LightWeight Filter -> dni_dne (enabled)
Wi-Fi: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Wi-Fi: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Wi-Fi: DNE LightWeight Filter -> dni_dne (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM…StartupApprovedStartupFolder: => “Helper Launcher.lnk”
HKLM…StartupApprovedRun32: => “FileZilla Server Interface”
HKLM…StartupApprovedRun32: => “KeePass 2 PreLoad”
HKUS-1-5-21-1887484211-3759002925-666383739-1001…StartupApprovedRun: => “OneDrive”
HKUS-1-5-21-1887484211-3759002925-666383739-1001…StartupApprovedRun: => “KakaoTalk”
HKUS-1-5-21-1887484211-3759002925-666383739-1001…StartupApprovedRun: => “CCleaner Smart Cleaning”
HKUS-1-5-21-1887484211-3759002925-666383739-1001…StartupApprovedRun: => “Delete Cached Standalone Update Binary”
HKUS-1-5-21-1887484211-3759002925-666383739-1001…StartupApprovedRun: => “Delete Cached Update Binary”
HKUS-1-5-21-1887484211-3759002925-666383739-1001…StartupApprovedRun: => “Uninstall 21.083.0425.0003”
HKUS-1-5-21-1887484211-3759002925-666383739-1001…StartupApprovedRun: => “Uninstall 21.083.0425.0003amd64”
HKUS-1-5-21-1887484211-3759002925-666383739-1001…StartupApprovedRun: => “com.squirrel.Teams.Teams”
HKUS-1-5-21-1887484211-3759002925-666383739-1001…StartupApprovedRun: => “Loupedeck2”

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{188E74DB-493E-4E89-ACD4-EF23B9FF98BE}] => (Allow) C:Usersp25leAppDataRoamingBVNMeetingsbinairhost.exe (Windstream Communications, LLC -> Windstream Communications.)
FirewallRules: [{9B421659-53A3-4312-8BA6-0101CC636FE7}] => (Allow) C:Usersp25leAppDataRoamingBVNMeetingsbinOfficeSuiteHDMeeting.exe (Windstream Communications, LLC -> Windstream Communications.)
FirewallRules: [{4B61FE34-EA1A-496C-9646-C8BA929CA792}] => (Allow) C:Usersp25leAppDataRoamingZoombinairhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{458C564C-EB6F-4C46-8AE0-711CDE333797}] => (Allow) C:Usersp25leAppDataRoamingZoombinZoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{6F3DBC5C-DD78-401F-B3CA-D5F63A1637DA}] => (Allow) C:Program Files (x86)BonjourmDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{79802E68-11A4-41FB-B820-1DCF9BA425BB}] => (Allow) C:Program Files (x86)BonjourmDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E89063F0-53B8-4B33-9C49-77B88AB7A2CE}] => (Allow) C:Program FilesBonjourmDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BFE5DC4D-B427-4958-BB24-5D1A93590A7B}] => (Allow) C:Program FilesBonjourmDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [UDP Query User{195BF83A-C2BF-49BD-A5FD-0BE734425B1E}C:usersp25leappdatalocalmicrosoftskypeforbusinessplugin16.2.0.511pluginhost.exe] => (Allow) C:usersp25leappdatalocalmicrosoftskypeforbusinessplugin16.2.0.511pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{1CE61AB1-6235-47D4-A8BE-51E38F9D2BF5}C:usersp25leappdatalocalmicrosoftskypeforbusinessplugin16.2.0.511pluginhost.exe] => (Allow) C:usersp25leappdatalocalmicrosoftskypeforbusinessplugin16.2.0.511pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{FE89D45E-AC53-4E31-B7B8-3F9A086E2324}C:program files (x86)mozilla firefoxfirefox.exe] => (Block) C:program files (x86)mozilla firefoxfirefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{ED4D5F57-53C8-423D-A12E-3A92877BC618}C:program files (x86)mozilla firefoxfirefox.exe] => (Block) C:program files (x86)mozilla firefoxfirefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{C074FAC7-DFA4-462B-8801-22A7D8E11161}C:program filessonicwallglobal vpn clientswgvc.exe] => (Allow) C:program filessonicwallglobal vpn clientswgvc.exe (SonicWall Inc.) [File not signed]
FirewallRules: [TCP Query User{D318D8CA-3EDF-4DEB-A0F0-7A99DA4B8B0E}C:program filessonicwallglobal vpn clientswgvc.exe] => (Allow) C:program filessonicwallglobal vpn clientswgvc.exe (SonicWall Inc.) [File not signed]
FirewallRules: [{15B8D618-0792-4FD7-B7B0-CA77769483FE}] => (Allow) C:Program Files (x86)Mozilla Firefoxfirefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E77CA395-8696-43F8-AA62-557E4FB20DC0}] => (Allow) C:Program Files (x86)Mozilla Firefoxfirefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{C5CCD7A4-3CE5-4465-9DF2-48FD922D4578}C:program filesdell sonicwallglobal vpn clientswgvc.exe] => (Allow) C:program filesdell sonicwallglobal vpn clientswgvc.exe => No File
FirewallRules: [TCP Query User{86600630-745E-400C-87CC-406DC76F52D1}C:program filesdell sonicwallglobal vpn clientswgvc.exe] => (Allow) C:program filesdell sonicwallglobal vpn clientswgvc.exe => No File
FirewallRules: [TCP Query User{5B37605B-C692-4D00-AEC3-4888D5C5A703}C:program files (x86)ceraviewjrebinjavaw.exe] => (Allow) C:program files (x86)ceraviewjrebinjavaw.exe
FirewallRules: [UDP Query User{EB897D30-4CAB-46DB-9678-C505296C657E}C:program files (x86)ceraviewjrebinjavaw.exe] => (Allow) C:program files (x86)ceraviewjrebinjavaw.exe
FirewallRules: [TCP Query User{19FFD8AD-C42F-44F1-B220-A0AB1360CBB8}C:program files (x86)ceraviewjrebinjavaw.exe] => (Allow) C:program files (x86)ceraviewjrebinjavaw.exe
FirewallRules: [UDP Query User{6CD4EDD3-8A76-42B4-8C8C-367933931178}C:program files (x86)ceraviewjrebinjavaw.exe] => (Allow) C:program files (x86)ceraviewjrebinjavaw.exe
FirewallRules: [{D8485491-16F5-49E7-B4B6-6BFB1F9070D7}] => (Allow) C:Program FilesCCleanerCCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{BE3B610A-4580-48BB-AB83-8AE121B4F556}] => (Allow) C:Program FilesCCleanerCCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{E7D84817-FE59-4263-B0AB-82ADE872E094}] => (Allow) C:Program Files (x86)TeamViewerTeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{8572EFB0-C46F-4196-B9A2-4C7BAACB7165}] => (Allow) C:Program Files (x86)TeamViewerTeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{C30F5970-F3ED-49BA-8EE9-1499AB2ED89B}] => (Allow) C:Program Files (x86)TeamViewerTeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{94DC0597-6B39-4072-8DB3-F94A46BA6BC4}] => (Allow) C:Program Files (x86)TeamViewerTeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [TCP Query User{E565C72E-077D-4C80-A4A0-D850EEDBB7EA}C:usersp25ledownloadssearchtool_win_v1.0.0.5searchtool v1.0.0.5searchtool.exe] => (Allow) C:usersp25ledownloadssearchtool_win_v1.0.0.5searchtool v1.0.0.5searchtool.exe () [File not signed]
FirewallRules: [UDP Query User{9042775E-CF10-47C4-99FF-253F24392034}C:usersp25ledownloadssearchtool_win_v1.0.0.5searchtool v1.0.0.5searchtool.exe] => (Allow) C:usersp25ledownloadssearchtool_win_v1.0.0.5searchtool v1.0.0.5searchtool.exe () [File not signed]
FirewallRules: [TCP Query User{F4905556-64AD-4B1D-8107-0706A287509F}C:usersp25ledownloadsipcameratool version 1.0.0.1 – 20131120ipcamera.exe] => (Allow) C:usersp25ledownloadsipcameratool version 1.0.0.1 – 20131120ipcamera.exe () [File not signed]
FirewallRules: [UDP Query User{33BA37F0-162D-456F-A4E7-48D28CEC2B0A}C:usersp25ledownloadsipcameratool version 1.0.0.1 – 20131120ipcamera.exe] => (Allow) C:usersp25ledownloadsipcameratool version 1.0.0.1 – 20131120ipcamera.exe () [File not signed]
FirewallRules: [TCP Query User{067DB770-6EB9-4D20-B2E2-B8723E0C41D4}C:usersp25ledownloads25client_serveur_multicast.exe] => (Allow) C:usersp25ledownloads25client_serveur_multicast.exe => No File
FirewallRules: [UDP Query User{945E6BEC-FF00-4F37-956B-038DAEE98F61}C:usersp25ledownloads25client_serveur_multicast.exe] => (Allow) C:usersp25ledownloads25client_serveur_multicast.exe => No File
FirewallRules: [TCP Query User{62949A56-D9E0-4FE3-A302-64FF68B79714}F:radio tech foldertoolsclient_serveur_multicast.exe] => (Allow) F:radio tech foldertoolsclient_serveur_multicast.exe => No File
FirewallRules: [UDP Query User{905FAE90-CFC0-45B1-9B2C-F58AA088ECDF}F:radio tech foldertoolsclient_serveur_multicast.exe] => (Allow) F:radio tech foldertoolsclient_serveur_multicast.exe => No File
FirewallRules: [{8947F051-C93C-458F-8326-DF5B9F151D4D}] => (Allow) C:Program Files (x86)Common FilesAladdin SharedHASPhasplms.exe (Gemalto, Inc. -> SafeNet, Inc.)
FirewallRules: [TCP Query User{E314270A-917A-4A8D-8FCC-B6C41C496417}F:radio tech foldertoolsclient_serveur_multicast.exe] => (Allow) F:radio tech foldertoolsclient_serveur_multicast.exe => No File
FirewallRules: [UDP Query User{FAB1EC06-3EA7-4128-9164-A86A7EA042F5}F:radio tech foldertoolsclient_serveur_multicast.exe] => (Allow) F:radio tech foldertoolsclient_serveur_multicast.exe => No File
FirewallRules: [TCP Query User{99CC60C6-105E-4439-AEFD-08C569CE0363}C:usersp25leappdatalocalmicrosoftteamscurrentteams.exe] => (Allow) C:usersp25leappdatalocalmicrosoftteamscurrentteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{6BDCEB5F-E590-4F11-8231-CE5E91AD0342}C:usersp25leappdatalocalmicrosoftteamscurrentteams.exe] => (Allow) C:usersp25leappdatalocalmicrosoftteamscurrentteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{FA372997-3CF4-49EA-8B01-508E04C30656}C:windowssystem32settingsynchost.exe] => (Allow) C:windowssystem32settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{A45B6277-B815-404A-90EA-73E81DC332A6}C:windowssystem32settingsynchost.exe] => (Allow) C:windowssystem32settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{58AD3160-30B1-4FC7-B16A-F17558C10FD8}] => (Block) C:windowssystem32settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{7DE0CBAF-83CA-4168-A6EB-FED969E3AEFE}] => (Block) C:windowssystem32settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{127F6C68-242F-4898-B3E9-CD6F4281B769}] => (Allow) C:Program Files (x86)Microsoft OfficerootOffice16outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B626FF98-44A7-41A4-A2C1-B21D00C1784F}] => (Allow) C:Program FilesTightVNCtvnviewer.exe (GLAVSOFT, OOO -> GlavSoft LLC.)
FirewallRules: [TCP Query User{D5C39300-BB72-475A-97D5-9827FDC7CA95}C:program files (x86)loupedeckloupedeck2loupedeck2.exe] => (Allow) C:program files (x86)loupedeckloupedeck2loupedeck2.exe (LoupeDeck Oy) [File not signed]
FirewallRules: [UDP Query User{C2BF1214-C433-4D27-AB29-B4981F7F2E1A}C:program files (x86)loupedeckloupedeck2loupedeck2.exe] => (Allow) C:program files (x86)loupedeckloupedeck2loupedeck2.exe (LoupeDeck Oy) [File not signed]
FirewallRules: [{D5BEE76D-45A1-4693-82EB-1B6CBDFB9119}] => (Block) C:program files (x86)loupedeckloupedeck2loupedeck2.exe (LoupeDeck Oy) [File not signed]
FirewallRules: [{CF38B72A-B7FA-4EF5-B912-ECEF5AA9ECF0}] => (Block) C:program files (x86)loupedeckloupedeck2loupedeck2.exe (LoupeDeck Oy) [File not signed]
FirewallRules: [{F58DA1A7-E822-476C-A86E-E6AFA3C2EC86}] => (Allow) C:Program Files (x86)MicrosoftEdgeWebViewApplication99.0.1150.46msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6DED2A25-EA91-458C-8CC0-C30A4BAD606A}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E5550EB1-B568-45CC-9AD1-5A725B06774F}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1BE78193-9213-4CC9-B65E-BAE48A4CA151}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7CF6BB3E-85F2-47B6-9BE9-A83951252870}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BACF209E-CA0A-478D-991B-585C1FE19C71}] => (Allow) C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

21-03-2022 07:09:41 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click “Action”, and then click “Enable Device”. This starts the Enable Device wizard. Follow the instructions.

Name: SonicWALL Virtual NIC
Description: SonicWALL Virtual NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SonicWALL
Service: SWVNIC
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click “Action”, and then click “Enable Device”. This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: ========================

Application errors:
==================
Error: (03/26/2022 03:15:08 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/26/2022 11:48:33 AM) (Source: CertEnroll) (EventID: 87) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment for WORKGROUPDESKTOP-02JJAKR$ via https://IFX-KeyId-40b8682b8d18450a2b06849d9b5cd96f4cddf4be.microsoftaik.azure.net/templates/Aik/scep failed:

SubmitDone
Submit(Request): Bad Request
{“Message”:”Attestation statement cannot be verified, rejecting request. TPM firmware needs update.”}
HTTP/1.1 400 Bad Request
Date: Sat, 26 Mar 2022 15:48:32 GMT
Content-Length: 101
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 379aee60-063e-4a02-a22b-9a59ec6b62a9

Method: POST(3797ms)
Stage: SubmitDone
Bad request (400). 0x80190190 (-2145844848 HTTP_E_STATUS_BAD_REQUEST)

Error: (03/25/2022 07:29:49 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/25/2022 10:56:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.19041.546, time stamp: 0x1d3a15e7
Faulting module name: ntdll.dll, version: 10.0.19041.1566, time stamp: 0x1be73aa8
Exception code: 0xc0000409
Fault offset: 0x000000000008c56f
Faulting process id: 0x27cc
Faulting application start time: 0x01d8405867a682d3
Faulting application path: C:WINDOWSsystem32backgroundTaskHost.exe
Faulting module path: C:WINDOWSSYSTEM32ntdll.dll
Report Id: 7bc566d4-f122-46ce-bc6f-126d04db03f7
Faulting package full name: Microsoft.SurfaceHub_61.2037.139.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App

Error: (03/25/2022 10:52:42 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/25/2022 10:49:52 AM) (Source: CertEnroll) (EventID: 87) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment for WORKGROUPDESKTOP-02JJAKR$ via https://IFX-KeyId-40b8682b8d18450a2b06849d9b5cd96f4cddf4be.microsoftaik.azure.net/templates/Aik/scep failed:

SubmitDone
Submit(Request): Bad Request
{“Message”:”Attestation statement cannot be verified, rejecting request. TPM firmware needs update.”}
HTTP/1.1 400 Bad Request
Date: Fri, 25 Mar 2022 14:49:49 GMT
Content-Length: 101
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: dbed04ab-6d02-4868-8d26-546a4855833b

Method: POST(3562ms)
Stage: SubmitDone
Bad request (400). 0x80190190 (-2145844848 HTTP_E_STATUS_BAD_REQUEST)

Error: (03/23/2022 09:59:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.19041.546, time stamp: 0x1d3a15e7
Faulting module name: ntdll.dll, version: 10.0.19041.1566, time stamp: 0x1be73aa8
Exception code: 0xc0000409
Fault offset: 0x000000000008c56f
Faulting process id: 0x1f00
Faulting application start time: 0x01d83ebe2f6f1690
Faulting application path: C:WINDOWSsystem32backgroundTaskHost.exe
Faulting module path: C:WINDOWSSYSTEM32ntdll.dll
Report Id: 90d36cf3-3387-429c-ab38-e552befb4380
Faulting package full name: Microsoft.SurfaceHub_61.2037.139.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App

Error: (03/23/2022 08:21:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.19041.546, time stamp: 0x1d3a15e7
Faulting module name: ntdll.dll, version: 10.0.19041.1566, time stamp: 0x1be73aa8
Exception code: 0xc0000409
Fault offset: 0x000000000008c56f
Faulting process id: 0x21cc
Faulting application start time: 0x01d83eb08d79ebeb
Faulting application path: C:WINDOWSsystem32backgroundTaskHost.exe
Faulting module path: C:WINDOWSSYSTEM32ntdll.dll
Report Id: 23f0f915-18be-48a2-b9df-a8b85a068146
Faulting package full name: Microsoft.SurfaceHub_61.2037.139.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App

System errors:
=============
Error: (03/26/2022 06:00:29 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {01532d21-35f4-4346-9e28-28211e02d4f2}, had event 74

Error: (03/26/2022 11:47:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The mumosvc service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/26/2022 11:47:41 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:22:02 AM on ‎3/‎26/‎2022 was unexpected.

Error: (03/26/2022 10:46:53 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (03/25/2022 07:14:19 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (03/25/2022 10:49:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The mumosvc service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/25/2022 10:49:22 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (03/25/2022 10:49:29 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:28:56 AM on ‎3/‎23/‎2022 was unexpected.

Windows Defender:
================
Date: 2022-03-26 17:26:11
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:PHP/Remoteshell.V&threatid=2147742191&enterprise=0
Name: Backdoor:PHP/Remoteshell.V
Severity: Severe
Category: Backdoor
Path: containerfile:_C:Usersp25leDownloadskali-linux-2020.1b-installer-amd64.iso; file:_C:Usersp25leDownloadskali-linux-2020.1b-installer-amd64.iso->poolmaincclusterdclusterd_0.5-0kali2_all.deb->data.tar.xz->(xz)->./usr/share/clusterd/src/lib/resources/cmd.jsp; file:_C:Usersp25leDownloadskali-linux-2020.1b-installer-amd64.iso->poolmaincclusterdclusterd_0.5-0kali2_all.deb->data.tar.xz->(xz)->./usr/share/clusterd/src/lib/resources/cmd.war->cmd.jsp
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.361.783.0, AS: 1.361.783.0, NIS: 1.361.783.0
Engine Version: AM: 1.1.19000.8, NIS: 1.1.19000.8

Date: 2022-03-26 17:26:11
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Klogger&threatid=2147495140&enterprise=0
Name: Trojan:Win32/Klogger
Severity: Severe
Category: Trojan
Path: containerfile:_C:Usersp25leDownloadskali-linux-2020.1b-installer-amd64.iso; file:_C:Usersp25leDownloadskali-linux-2020.1b-installer-amd64.iso->poolnon-freewwindows-binarieswindows-binaries_0.6.9_all.deb->data.tar.xz->(xz)->./usr/share/windows-resources/binaries/klogger.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.361.783.0, AS: 1.361.783.0, NIS: 1.361.783.0
Engine Version: AM: 1.1.19000.8, NIS: 1.1.19000.8

Date: 2022-03-26 17:26:11
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Fgdump&threatid=2147637310&enterprise=0
Name: HackTool:Win32/Fgdump
Severity: High
Category: Tool
Path: containerfile:_C:Usersp25leDownloadskali-linux-2020.1b-installer-amd64.iso; file:_C:Usersp25leDownloadskali-linux-2020.1b-installer-amd64.iso->poolnon-freewwindows-binarieswindows-binaries_0.6.9_all.deb->data.tar.xz->(xz)->./usr/share/windows-resources/binaries/fgdump/fgdump.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.361.783.0, AS: 1.361.783.0, NIS: 1.361.783.0
Engine Version: AM: 1.1.19000.8, NIS: 1.1.19000.8

Date: 2022-03-26 17:26:11
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win64/Fgdump&threatid=2147637311&enterprise=0
Name: HackTool:Win64/Fgdump
Severity: High
Category: Tool
Path: containerfile:_C:Usersp25leDownloadskali-linux-2020.1b-installer-amd64.iso; file:_C:Usersp25leDownloadskali-linux-2020.1b-installer-amd64.iso->poolnon-freewwindows-binarieswindows-binaries_0.6.9_all.deb->data.tar.xz->(xz)->./usr/share/windows-resources/binaries/fgdump/cachedump64.exe; file:_C:Usersp25leDownloadskali-linux-2020.1b-installer-amd64.iso->poolnon-freewwindows-binarieswindows-binaries_0.6.9_all.deb->data.tar.xz->(xz)->./usr/share/windows-resources/binaries/fgdump/servpw64.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.361.783.0, AS: 1.361.783.0, NIS: 1.361.783.0
Engine Version: AM: 1.1.19000.8, NIS: 1.1.19000.8

Date: 2022-03-26 17:26:11
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Perl/NiktoSanner.A&threatid=2147794255&enterprise=0
Name: HackTool:Perl/NiktoSanner.A
Severity: High
Category: Tool
Path: containerfile:_C:Usersp25leDownloadskali-linux-2020.1b-installer-amd64.iso; file:_C:Usersp25leDownloadskali-linux-2020.1b-installer-amd64.iso->poolnon-freenniktonikto_2.1.6+git20190310-0kali2_all.deb->data.tar.xz->(xz)->./var/lib/nikto/nikto.pl
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.361.783.0, AS: 1.361.783.0, NIS: 1.361.783.0
Engine Version: AM: 1.1.19000.8, NIS: 1.1.19000.8

CodeIntegrity:
===============
Date: 2022-03-26 17:11:41
Description:
Code Integrity determined that a process (DeviceHarddiskVolume3Program Files (x86)Mozilla Firefoxfirefox.exe) attempted to load DeviceHarddiskVolume3Program FilesMalwarebytesAnti-Malwarembae64.dll that did not meet the Microsoft signing level requirements.

Date: 2022-03-26 12:19:15
Description:
Code Integrity determined that a process (DeviceHarddiskVolume3ProgramDataMicrosoftWindows DefenderPlatform4.18.2202.4-0MsMpEng.exe) attempted to load DeviceHarddiskVolume3Program Files (x86)Microsoft OfficerootVFSProgramFilesCommonX64Microsoft SharedOFFICE16MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-03-26 11:58:37
Description:
Code Integrity determined that a process (DeviceHarddiskVolume3ProgramDataMicrosoftWindows DefenderPlatform4.18.2202.4-0MsMpEng.exe) attempted to load DeviceHarddiskVolume3WindowsSystem32DriverStoreFileRepository64gh6299.inf_amd64_94401bd29769cd59igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: Microsoft Corporation 109.3748.768 05.04.2021
Motherboard: Microsoft Corporation Surface Pro 4
Processor: Intel® Core™ i7-6650U CPU @ 2.20GHz
Percentage of memory in use: 45%
Total physical RAM: 16305.34 MB
Available physical RAM: 8823.97 MB
Total Virtual: 18737.34 MB
Available Virtual: 10580.3 MB

==================== Drives ================================

Drive c: (Local Disk) (Fixed) (Total:475.7 GB) (Free:89.45 GB) (Protected) NTFS

\?Volume{8630091e-5d27-4f68-a3d2-48010dc02cc0} (Windows RE tools) (Fixed) (Total:0.86 GB) (Free:0.4 GB) NTFS
\?Volume{8ed37d1e-058f-4489-b1c1-b1867aac349b} (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 1E730F46)

Partition: GPT.

==================== End of Addition.txt =======================

 

 

 

 

 

 

There are no stupid questions, only stupid results from unasked questions.


https://www.bleepingcomputer.com/forums/t/770254/windows-security-phpremoteshellv-niktosannera/

Erlando F Rasatro

Next Post

PS5 stock woes could last until 2024, as Intel warns of further chip shortages

Wed May 4 , 2022
PS5 stock shortages look set to continue, as Intel’s CEO Pat Gelsinger has predicted that the global chip and semiconductor crisis could continue well into 2024. Gelsinger gave the rather worrying update to CNBC (thanks, VGC) and said that the chip shortage is now affecting the manufacturing machines that are […]