Solved Malwarebyte pop-up at random times showing "Website blocked due to Trojan" Type: Outbound, c/windows/syswows64/dllhost.exe

D

dmsjckrs

Posts: 18   +0
Dear Techspot,

I need help I think my laptop is infected malware. I have av Symantec already liveupdate and several fullscan. nothing found. and then I try install malwarebytes, then scanning and pop up always show "Website blocked due to malware" Type: Outbound, c/windows/syswows64/dllhost.exe.
I dont know what to do.
then I start googling and found this forum help people who have same problem

Solved - Malwarebyte pop-up at random times showing "Website blocked due to Trojan" Type: Outbound, File: C:Program Files (x86)/G...e/Application/chrome.exe

I'm new here, please have mercy. I tried running my laptop in "safe mode and networking", ran "rkill", then ran malwarebyte scan, it shows no malware detected, ran through zemana and emergency kit scanner and it shows clear, theres another thread I found that got solved...
www.techspot.com www.techspot.com


then experts replied the thread with specific solutions only for that thread starter . I believe someone can help me here. thanks
 
Last edited:
Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-12-2021
Ran by dWX1001776 (administrator) on DWX1001776KKYMU (LENOVO 2465CTO) (18-12-2021 08:23:42)
Running from C:\Users\dwx1001776\Downloads\Programs
Loaded Profiles: dWX1001776
Platform: Microsoft Windows 10 Pro N Version 21H1 19043.1348 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\LANDesk\LDClient\SelfElectController.exe
(Array Networks, Inc. -> Array Networks) C:\Program Files\Array Networks\Install Manager\VPNInstallManager.exe
(Array Networks, Inc. -> Array Networks) C:\Program Files\Array Networks\MotionPro VPN Client\vpnd.exe
(Array Networks, Inc. -> Array Networks) C:\Program Files\Array Networks\SSL VPN Client\VPNService.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe
(china\\t00354145 -> ) C:\Program Files (x86)\Huawei\NetCareClient\TSAccountCapture.exe
(china\\t00354145 -> Microsoft) C:\Program Files (x86)\Huawei\NetCareClient\ToolManagement.exe
(china\\t00354145 -> Microsoft) C:\Program Files (x86)\Huawei\NetCareClient\ToolScheduler.exe
(china\\t00354145 -> Microsoft) C:\Program Files (x86)\Huawei\NetCareClient\TSGuard.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
(FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <11>
(Huawei Technologies Co. Ltd -> ) C:\Program Files (x86)\SPES5.0\Composites\iDesk\iDeskService.exe
(Huawei Technologies Co. Ltd -> Huawei) C:\Program Files (x86)\SPES5.0\Composites\iDesk\iDesk.exe
(Huawei Technologies Co., Ltd -> Huawei Technologies Co., Ltd.) [File not signed] C:\Windows\SysWOW64\SpesCheckerService.exe
(Huawei Technologies Co., Ltd) [File not signed] C:\Users\dwx1001776\oss\New Folder\jre\bin\javaw.exe
(Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd) C:\Program Files (x86)\SPES5.0\Composites\HACC\Hagent.exe
(Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd) C:\Program Files (x86)\SPES5.0\Composites\SPES\SecurityCenterApp.exe
(Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd) C:\Program Files (x86)\SPES5.0\Composites\SPES\SPES5.exe
(Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd) C:\Program Files (x86)\SPES5.0\SpesService.exe
(Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd.) C:\Program Files (x86)\SPES5.0\Console\SpesConsole.exe
(Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd.) C:\Windows\SysWOW64\SpesAgent.exe
(Huawei Technologies Co., Ltd. -> Huawei Technologies Co.,Ltd.) C:\Program Files (x86)\SPES5.0\Composites\SPES\SPESRender.exe <2>
(INNOVATIVE CONNECTING PTE. LIMITED -> Innovative Connecting) C:\Program Files (x86)\TurboVPN\turbo_vpn-service.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(LANDesk Software Ltd.) [File not signed] C:\Windows\SysWOW64\cba\pds.exe
(LANDesk Software, Inc. -> LANDESK Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE
(LANDesk Software, Inc. -> LANDESK Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\SoftMon.exe
(LANDesk Software, Inc. -> LANDESK Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
(LANDESK Software, Inc. and its affiliates.) [File not signed] C:\Program Files (x86)\LANDesk\LDClient\collector.exe
(LANDesk Software, Inc. and its affiliates.) [File not signed] C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(MariaDB Corporation Ab -> ) D:\xampp\mysql\bin\mysqld.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2110.13603.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1310_none_7e15ec207c87d405\TiWorker.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2>
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin\ccSvcHst.exe <2>
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin64\sepWscSvc64.exe
(Tonec Inc. -> Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMMsgHost.exe <2>
(Tonec Inc.) [File not signed] C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(安芯网盾(北京)科技有限公司 -> 安芯网盾(北京)科技有限公司) C:\Program Files\AnXinSec\MemProtectDeamon64.exe
(安芯网盾(北京)科技有限公司 -> 安芯网盾(北京)科技有限公司) C:\Program Files\AnXinSec\MemProtectSrv64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WebVPN] => C:\Program Files\Array Networks\SSL VPN Client\WebVPN.exe [1449912 2019-03-28] (Array Networks, Inc. -> Array Networks)
HKLM\...\Run: [HotKeysCmds] => "C:\WINDOWS\system32\hkcmd.exe" (No File)
HKLM-x32\...\Run: [SPES500] => C:\Program Files (x86)\SPES5.0\Composites\SPES\SPES5.exe [7316496 2021-09-10] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd)
HKLM-x32\...\Run: [TSGuard] => C:\Program Files (x86)\Huawei\NetCareClient\TSGuard.exe [89744 2021-09-18] (china\\t00354145 -> Microsoft)
HKLM-x32\...\Run: [ToolScheduler] => C:\Program Files (x86)\Huawei\NetCareClient\ToolScheduler.exe [1612432 2021-09-18] (china\\t00354145 -> Microsoft)
HKLM-x32\...\Run: [Check Point VPN] => C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe [18120952 2020-06-24] (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
HKLM\...\RunOnceEx\ko: [hxd] => shell32.dll|ShellExec_RunDLLA|regsvr32.exe -U -S "C:\WINDOWS\Temp\qkzigq.etl." <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [5483320 2020-11-26] (Tonec Inc.) [File not signed]
HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\Run: [ECSIEPLUGIN] => [X]
HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\Run: [ECS] => [X]
HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\Run: [DigibyteMiner] => C:\Users\dwx1001776\Downloads\Programs\DigiByteMiner.exe (No File)
HKU\S-1-5-21-888159395-1567868294-3106766758-1001\...\Run: [ECS] => C:\Program Files (x86)\eSpace_Desktop\eSpace.exe (No File)
HKLM\...\Windows x64\Print Processors\eConfPrint: C:\Windows\System32\spool\prtprocs\x64\cwprintproc.dll [38184 2020-09-15] (Huawei Technologies Co. Ltd -> Windows (R) Win 7 DDK provider)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\96.0.4664.110\Installer\chrmstp.exe [2021-12-16] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{4EC9D670-C01A-4C3A-B8DB-9903D57B0A64}] -> C:\Program Files\AnXinSec\LogonAuthentication64.dll [2021-06-07] (安芯网盾(北京)科技有限公司 -> 安芯网盾(北京)科技有限公司)
HKLM\Software\...\Authentication\Credential Providers: [{4f82ee06-a3c4-4517-906e-91d2e216df28}] -> C:\Program Files (x86)\SPES5.0\Composites\ADPlugin\LoginRiskProvider.dll [2021-11-11] (Huawei) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{2c8f942b-39d3-4120-bdcd-5deda939e7f2}] -> C:\Program Files (x86)\SPES5.0\Composites\ADPlugin\LoginRiskProvider.dll [2021-11-11] (Huawei) [File not signed]
AppInit_DLLs: oleLoader.dll => C:\WINDOWS\system32\oleLoader.dll [364048 2020-01-20] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WebProxy.lnk [2020-08-18]
ShortcutTarget: WebProxy.lnk -> C:\Users\dwx1001776\oss\New Folder00\start.bat (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2020-11-13]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
Startup: C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WebProxy.lnk [2020-12-18]
ShortcutTarget: WebProxy.lnk -> C:\Users\dwx1001776\oss\New Folder\start.bat () [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0FB42E61-4AD5-48C8-89B3-AA1369DAB891} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe (No File)
Task: {1192D265-49E4-4CCF-B1D5-75C6C8410200} - System32\Tasks\Symantec Endpoint Protection\Symantec Endpoint Protection Error Processor => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin\SymErr.exe [92176 2020-11-14] (Symantec Corporation -> Symantec Corporation)
Task: {3B1AA020-F2A7-44A0-8A7E-791B11FDC143} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-11-13] (Google LLC -> Google LLC)
Task: {5CD02BAC-EDF1-46DF-9D98-F95DA9BA1D9D} - System32\Tasks\RemindPatchRepair => C:\Program Files (x86)\SPES5.0\Composites\SPES\PatchRepair.exe [4292112 2020-08-10] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd)
Task: {6E8AB351-B826-4C46-8609-96A7F9791E58} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {77B37BF7-890A-4065-806D-FB717A16959A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-11-13] (Google LLC -> Google LLC)
Task: {7AADF390-2DE6-4D74-873B-94A40DBE0D23} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => C:\WINDOWS\system32\gpupdate.exe [30720 2021-04-09] (Microsoft Windows -> Microsoft Corporation)
Task: {90049C3E-EC7B-4051-8330-836B2158E502} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {A4ECFF17-2450-435C-8849-C1113B55D190} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202} => C:\WINDOWS\system32\gpupdate.exe [30720 2021-04-09] (Microsoft Windows -> Microsoft Corporation)
Task: {A5C8C3B2-C003-49F9-B53A-21F30FB782A7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {AC1383C5-E707-4E2D-BE05-BAB8284521EF} - System32\Tasks\TinyTakeUpgrade => C:\Users\dwx1001776\AppData\Local\MangoApps\TinyTake\TinyTake.exe UPGRADE (No File)
Task: {AFB92378-A135-46D0-B7C0-BD95E69E12D2} - System32\Tasks\Symantec Endpoint Protection\Symantec Endpoint Protection Autofix => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin\SymErr.exe [92176 2020-11-14] (Symantec Corporation -> Symantec Corporation)
Task: {B122D9E2-6028-403D-87AC-3DC5EC375096} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {B315EF1F-B904-44F9-B9A5-9297890039C1} - System32\Tasks\Symantec Endpoint Protection\Symantec Endpoint Protection Error Analyzer => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin\SymErr.exe [92176 2020-11-14] (Symantec Corporation -> Symantec Corporation)
Task: {B566DCFB-A34B-447D-8700-BD08CC9C00E1} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [3059280 2021-03-06] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
Task: {B9E27F9E-3C57-4B23-8672-289E5F71ABAA} - System32\Tasks\LANDESK Agent Health Bootstrap Task => C:\Program Files (x86)\LANDesk\LDClient\LANDESKAgentBootStrap.exe [51200 2015-12-17] (LANDESK Software, Inc. and its affiliates.) [File not signed]
Task: {C2245462-CFF4-4550-8032-79B20AE6D801} - System32\Tasks\ReportPatchStatus => C:\Program Files (x86)\SPES5.0\Composites\SPES\PatchRepair.exe [4292112 2020-08-10] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd)
Task: {D6CE1D71-7C98-4645-9A43-FE71B6CE004D} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 1 <==== ATTENTION (Restriction - ProxySettings)
ProxyServer: [S-1-5-21-147214757-305610072-1517763936-8001229] => proxy.huawei.com:8080
Hosts: 127.0.0.1 activate.navicat.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3430b271-5347-4b3d-a74b-83435d8dd2f7}: [DhcpNameServer] 10.250.192.235 10.47.148.235
Tcpip\..\Interfaces\{8a2f810f-915a-4f90-9ce1-d09d9abd2a1d}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{99687f23-d52f-4c9b-a963-ebdc2c65bf79}: [NameServer] 127.0.0.1,7.187.130.219,7.187.130.50,7.221.190.197
Tcpip\..\Interfaces\{fa257410-4104-4960-9d11-47e469a684e8}: [DhcpNameServer] 10.215.240.84 10.129.31.118 10.98.48.39

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\dwx1001776\AppData\Local\Microsoft\Edge\User Data\Default [2021-12-17]
Edge HKU\S-1-5-21-147214757-305610072-1517763936-8001229\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx [2020-12-10]

FireFox:
========
FF DefaultProfile: 0vvtebnc.default
FF ProfilePath: C:\Users\dwx1001776\AppData\Roaming\Mozilla\Firefox\Profiles\0vvtebnc.default [2020-12-19]
FF ProfilePath: C:\Users\dwx1001776\AppData\Roaming\Mozilla\Firefox\Profiles\h4sus0m0.default-release [2021-12-17]
FF Homepage: Mozilla\Firefox\Profiles\h4sus0m0.default-release -> about:blank
FF Extension: (Browsec VPN - Free VPN for Firefox) - C:\Users\dwx1001776\AppData\Roaming\Mozilla\Firefox\Profiles\h4sus0m0.default-release\Extensions\browsec@browsec.com.xpi [2021-12-12]
FF Extension: (IDM Integration Module) - C:\Users\dwx1001776\AppData\Roaming\Mozilla\Firefox\Profiles\h4sus0m0.default-release\Extensions\mozilla_cc3@internetdownloadmanager.com.xpi [2021-12-12]
FF Extension: (HideAll VPN - Fast & Unlimited VPN) - C:\Users\dwx1001776\AppData\Roaming\Mozilla\Firefox\Profiles\h4sus0m0.default-release\Extensions\{4ded7aed-924d-45ff-be6a-88b40c3e5d89}.xpi [2021-08-30]
FF HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\dwx1001776\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\dwx1001776\AppData\Roaming\IDM\idmmzcc5 [2020-12-22] [Legacy] [not signed]
FF HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-11] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-147214757-305610072-1517763936-8001229: @metaswitch.com/AccessionMeetingPlugin -> C:\Users\dwx1001776\AppData\Roaming\Accession Meeting\bin\npaccessionmeetingplugin.dll [No File]
FF Plugin HKU\S-1-5-21-147214757-305610072-1517763936-8001229: @zhumuintl.me/ZhumuintlMeetingsPlugin -> C:\Users\dwx1001776\AppData\Roaming\Zhumuintl Cloud Meetings\bin\npzhumuintlplugin.dll [No File]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default [2021-12-18]
CHR Notifications: Default -> hxxps://aii.sh; hxxps://iir.ai; hxxps://meet.google.com
CHR Extension: (Slides) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-13]
CHR Extension: (Docs) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-13]
CHR Extension: (Google Drive) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-13]
CHR Extension: (YouTube) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-13]
CHR Extension: (Chrome IPTV Player) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default\Extensions\defmmfhdopkfcgngoklpbbcnpfpagbfh [2021-06-13]
CHR Extension: (Dark Reader) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2021-12-08]
CHR Extension: (Sheets) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-13]
CHR Extension: (Ronin Wallet) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjhmkhhmkbjkkabndcnnogagogbneec [2021-12-03]
CHR Extension: (Google Docs Offline) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-12-01]
CHR Extension: (IDM Integration Module) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2021-10-20]
CHR Extension: (MetaMask) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2021-12-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-13]
CHR Profile: C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-08-12]
CHR Profile: C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-08-09]
CHR Extension: (Slides) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-08-09]
CHR Extension: (Docs) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2021-08-09]
CHR Extension: (Google Drive) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-08-09]
CHR Extension: (YouTube) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-08-09]
CHR Extension: (Sheets) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-08-09]
CHR Extension: (Google Docs Offline) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-08-09]
CHR Extension: (IDM Integration Module) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2021-08-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-08-09]
CHR Extension: (Gmail) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-08-09]
CHR Extension: (Chrome Media Router) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-08-09]
CHR Profile: C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\System Profile [2021-08-12]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2020-12-10]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2020-12-10]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AnXinMemProtectSrv; C:\Program Files\AnXinSec\MemProtectSrv64.exe [165912 2021-06-07] (安芯网盾(北京)科技有限公司 -> 安芯网盾(北京)科技有限公司)
S2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3743984 2021-10-05] (philandro Software GmbH -> philandro Software GmbH)
R2 CBA8; C:\Program Files (x86)\LANDesk\Shared Files\residentagent.exe [162816 2016-05-27] (LANDesk Software, Inc. and its affiliates.) [File not signed]
S2 EPWD; C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exe [504568 2020-06-18] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [14649632 2021-12-17] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 EventService; C:\WINDOWS\SysWOW64\SpesCheckerService.exe [185120 2019-01-04] (Huawei Technologies Co., Ltd -> Huawei Technologies Co., Ltd.) [File not signed]
R2 FoxitReaderUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe [2357936 2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
R2 HaccService; C:\Program Files (x86)\SPES5.0\Composites\HACC\hagent.exe [7264272 2021-04-08] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd)
R2 iDeskService; C:\Program Files (x86)\SPES5.0\Composites\iDesk\iDeskService.exe [325048 2021-06-10] (Huawei Technologies Co. Ltd -> )
R2 Intel Local Scheduler Service; C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE [239776 2015-12-17] (LANDesk Software, Inc. -> LANDESK Software, Inc. and its affiliates.)
R2 Intel PDS; C:\WINDOWS\SysWOW64\CBA\pds.exe [32825 2015-12-17] (LANDesk Software Ltd.) [File not signed]
R2 LANDesk Targeted Multicast; C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe [221736 2016-02-13] (LANDesk Software, Inc. -> LANDESK Software, Inc. and its affiliates.)
R2 LogsAndAlerts; C:\WINDOWS\SysWOW64\msxml4rc.dll [1768512 2014-09-03] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd.) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7901368 2021-12-18] (Malwarebytes Inc -> Malwarebytes)
R2 MessageManagerService; C:\WINDOWS\SysWOW64\svohost.dll [1756960 2019-01-04] (Huawei Technologies Co., Ltd -> Huawei Technologies Co., Ltd.) [File not signed]
R2 mysql; D:\xampp\mysql\bin\mysqld.exe [11563432 2018-09-07] (MariaDB Corporation Ab -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6103464 2021-12-01] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 SepLpsService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin\ccSvcHst.exe [157888 2020-11-14] (Symantec Corporation -> Symantec Corporation)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin\ccSvcHst.exe [157888 2020-11-14] (Symantec Corporation -> Symantec Corporation)
R2 sepWscSvc; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin64\sepWscSvc64.exe [1819688 2020-11-14] (Symantec Corporation -> Symantec Corporation)
R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [527136 2021-12-17] (EnigmaSoft Limited -> EnigmaSoft Limited)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin64\snac64.exe [391816 2020-11-14] (Symantec Corporation -> Symantec Corporation)
R2 Softmon; C:\Program Files (x86)\LANDesk\LDClient\softmon.exe [743440 2016-03-19] (LANDesk Software, Inc. -> LANDESK Software, Inc. and its affiliates.)
R2 SPES Framework Service; C:\Program Files (x86)\SPES5.0\SpesService.exe [3898896 2021-10-12] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd)
R2 TracSrvWrapper; C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [7556344 2020-07-26] (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
R2 TurboVPNService; C:\Program Files (x86)\TurboVPN\turbo_vpn-service.exe [765424 2021-09-29] (INNOVATIVE CONNECTING PTE. LIMITED -> Innovative Connecting)
R3 VPNInstallManager; C:\Program Files\Array Networks\Install Manager\VPNInstallManager.exe [1417144 2019-03-28] (Array Networks, Inc. -> Array Networks)
R2 VPNService; C:\Program Files\Array Networks\SSL VPN Client\VPNService.exe [2399160 2019-03-28] (Array Networks, Inc. -> Array Networks)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 EraserSvc11912; "C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\ccSvcHst.exe" /h ccCommon [X]
S3 UEBAAlterService; C:\UEBA\bin\UEBAAlterService.exe [X]
S2 UEBAControlService; "C:\UEBA\bin\UEBAControlService.exe" [X]
S2 UEBAHealthMonitorService; "C:\UEBA\bin\UEBAHealthMonitorService.exe" [X]
S3 UEBALogChannelService; C:\UEBA\bin\UEBALogChannelService.exe [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AxBehaviorMonitor; C:\Program Files\AnXinSec\BehaviorMonitor64.sys [139440 2021-06-07] (安芯网盾(北京)科技有限公司 -> 安芯网盾(北京)科技有限公司)
R2 AxDefense; C:\Program Files\AnXinSec\AxDefenseX64.sys [99504 2021-06-07] (安芯网盾(北京)科技有限公司 -> 安芯网盾(北京)科技有限公司)
S2 AxKrnlRiskDetectSrv; C:\Program Files\AnXinSec\KrnlRiskDetect64.sys [67760 2021-06-07] (安芯网盾(北京)科技有限公司 -> 安芯网盾(北京)科技有限公司)
R1 BaseBehaviorMoniterDriver; C:\WINDOWS\system32\drivers\SysMonitorDriver64.sys [76992 2021-06-07] (安芯网盾(北京)科技有限公司 -> 安芯网盾(北京)科技有限公司)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Data\Definitions\BASHDefs\20211215.011\BHDrvx64.sys [2018776 2021-10-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 ccSettings_{687C5DC7-A9D6-4C42-8CA9-FC08B03726D9}; C:\WINDOWS\System32\Drivers\SEP\0E020D04\03E8.105\x64\ccSetx64.sys [179416 2020-11-14] (Symantec Corporation -> Symantec Corporation)
R2 CDRomFlt; C:\WINDOWS\syswow64\drivers\CDRomFlt.sys [13416 2019-04-30] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd) [File not signed] [File is in use]
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [516168 2021-02-24] (Symantec Corporation -> Broadcom)
R3 EnigmaFileMonDriver; C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [76744 2021-12-18] (EnigmaSoft Limited -> EnigmaSoft Limited)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153672 2021-02-28] (Symantec Corporation -> Broadcom)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2021-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 GS; C:\WINDOWS\syswow64\drivers\GS.sys [87624 2019-04-30] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd) [File not signed] [File is in use]
R3 HWHcsFileFltr; C:\WINDOWS\system32\drivers\hwhcsfilefltr64.sys [21064 2021-04-08] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd) [File not signed]
R3 hwinspect; C:\WINDOWS\system32\drivers\hwinspect64.sys [26696 2021-04-08] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd) [File not signed]
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Data\Definitions\IPSDefs\20211217.061\IDSvia64.sys [1480144 2021-10-01] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 ipsfs; C:\WINDOWS\system32\drivers\ipsfs64.sys [42056 2021-04-08] (Huawei Technologies Co., Ltd. -> Windows (R) Win 7 DDK provider) [File not signed]
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210352 2021-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-12-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [193448 2021-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2021-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-12-18] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [149424 2021-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 NPF; C:\WINDOWS\System32\drivers\NPF.sys [36600 2017-08-16] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 NPF; C:\Windows\SysWOW64\drivers\NPF.sys [36600 2015-12-17] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 regtrace; C:\WINDOWS\system32\drivers\SysConfigMon64.sys [14408 2021-04-08] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd) [File not signed]
S3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-29] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 rtwlane_13; C:\WINDOWS\System32\drivers\rtwlane_13.sys [3717120 2019-12-07] (Microsoft Windows -> Realtek Semiconductor Corporation)
R1 SRTSP; C:\WINDOWS\System32\Drivers\SEP\0E020D04\03E8.105\x64\SRTSP64.SYS [833544 2020-11-14] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\Drivers\SEP\0E020D04\03E8.105\x64\SRTSPX64.SYS [49672 2020-11-14] (Symantec Corporation -> Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin64\SyDvCtrl64.sys [44568 2020-11-14] (Symantec Corporation -> Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\symefasi\0603030.024\symefasi64.sys [1820680 2020-11-14] (Symantec Corporation -> Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\Drivers\SEP\0E020D04\03E8.105\x64\SymELAM.sys [26000 2020-11-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [99920 2021-04-05] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\Drivers\SEP\0E020D04\03E8.105\x64\Ironx64.SYS [311264 2020-11-14] (Symantec Corporation -> Symantec Corporation)
R1 SYMNETS; C:\WINDOWS\System32\Drivers\SEP\0E020D04\03E8.105\x64\SYMNETS.SYS [567512 2020-11-14] (Symantec Corporation -> Symantec Corporation)
R1 SysPlant; C:\WINDOWS\System32\Drivers\SysPlant.sys [230760 2020-11-14] (Symantec Corporation -> Symantec Corporation)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2021-03-19] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R1 Teefer2; C:\WINDOWS\system32\DRIVERS\Teefer.sys [132992 2020-11-14] (Symantec Corporation -> Symantec Corporation)
R3 traceproc; C:\WINDOWS\system32\drivers\traceproc64.sys [16968 2021-04-08] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd) [File not signed]
R3 vna_ap; C:\WINDOWS\system32\DRIVERS\vnaap.sys [165392 2017-08-01] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 ATP; \SystemRoot\system32\DRIVERS\atpdrvr_7_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-12-18 08:09 - 2021-12-18 08:24 - 000000000 ____D C:\FRST
2021-12-18 08:07 - 2021-12-18 08:07 - 000000000 ____D C:\Users\dwx1001776\AppData\LocalLow\IGDump
2021-12-18 07:20 - 2021-12-18 07:20 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-12-18 07:20 - 2021-12-18 07:20 - 000210352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-12-18 07:20 - 2021-12-18 07:20 - 000193448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-12-18 07:20 - 2021-12-18 07:20 - 000149424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-12-18 07:20 - 2021-12-18 07:20 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-12-18 07:20 - 2021-12-18 07:20 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-12-18 07:20 - 2021-12-18 07:20 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-12-18 07:20 - 2021-12-18 07:20 - 000000000 ____D C:\Users\dwx1001776\AppData\Local\mbam
2021-12-18 07:19 - 2021-12-18 07:19 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-12-18 07:19 - 2021-12-18 07:19 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-12-18 07:18 - 2021-12-18 07:18 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-12-18 07:18 - 2021-12-18 07:18 - 000000000 ____D C:\Program Files\Malwarebytes
2021-12-18 07:02 - 2021-12-18 07:02 - 000076744 _____ (EnigmaSoft Limited) C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys
2021-12-18 06:34 - 2021-12-18 06:34 - 000002406 _____ C:\Users\dwx1001776\Documents\t.CSV
2021-12-18 01:21 - 2021-12-18 01:21 - 002938923 _____ C:\Users\dwx1001776\Downloads\3G KPI_Rehoming2G_CBN074.xlsm
2021-12-18 01:19 - 2021-12-18 01:19 - 003322368 _____ C:\Users\dwx1001776\Downloads\2G_KPI_Hourly_RehomingCBN074.xls
2021-12-17 22:12 - 2021-12-17 22:12 - 000001079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyHunter5.lnk
2021-12-17 22:12 - 2021-12-17 22:12 - 000001055 _____ C:\Users\Public\Desktop\SpyHunter5.lnk
2021-12-17 22:12 - 2021-12-17 22:12 - 000000000 ____D C:\sh5ldr
2021-12-17 22:12 - 2021-12-17 22:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2021-12-17 22:12 - 2021-12-17 22:12 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2021-12-17 22:10 - 2021-12-17 22:10 - 000000000 ____D C:\Program Files\EnigmaSoft
2021-12-17 01:01 - 2021-12-17 01:01 - 000001874 _____ C:\Users\dwx1001776\Downloads\Need alarm.txt
2021-12-17 00:27 - 2021-12-17 00:27 - 000008827 _____ C:\Users\dwx1001776\Downloads\IP 48 Rev2.txt
2021-12-17 00:27 - 2021-12-17 00:27 - 000004535 _____ C:\Users\dwx1001776\Downloads\IP 5 Rev2.txt
2021-12-17 00:27 - 2021-12-17 00:27 - 000003815 _____ C:\Users\dwx1001776\Downloads\IP 100 Rev2.txt
2021-12-17 00:06 - 2021-12-17 00:06 - 000002871 _____ C:\Users\dwx1001776\Downloads\IP 100 Rev.txt
2021-12-16 23:56 - 2021-12-16 23:56 - 000029596 _____ C:\Users\dwx1001776\Downloads\after ca.rar
2021-12-16 23:56 - 2021-12-16 23:56 - 000010721 _____ C:\Users\dwx1001776\Downloads\IP 48 Rev.txt
2021-12-16 23:56 - 2021-12-16 23:56 - 000003587 _____ C:\Users\dwx1001776\Downloads\IP 5 Rev.txt
2021-12-16 22:54 - 2021-12-16 22:54 - 000000000 ____D C:\ProgramData\huawei
2021-12-16 22:35 - 2021-12-16 22:35 - 000001730 _____ C:\Users\dwx1001776\Downloads\Jabo Execution_Optimization W50.rar
2021-12-16 21:53 - 2021-12-16 22:06 - 000006376 _____ C:\Users\dwx1001776\Downloads\req_deni.rar
2021-12-16 21:35 - 2021-12-16 21:54 - 000004405 _____ C:\Users\dwx1001776\Downloads\4G Surrounding_BOO311.csv
2021-12-16 17:13 - 2021-12-16 17:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Onebox Mate
2021-12-16 17:07 - 2021-12-17 20:39 - 000669845 _____ C:\Users\dwx1001776\Desktop\removtrojan guide.xlsx
2021-12-15 21:37 - 2021-12-15 21:37 - 000050277 _____ C:\Users\dwx1001776\Downloads\Script CSFB Part 2.rar
2021-12-15 18:35 - 2021-12-15 18:47 - 000025112 _____ C:\Users\dwx1001776\Downloads\LST INTERFREQHOGROUP_reqbagus.csv
2021-12-15 16:22 - 2021-12-15 16:22 - 001043684 _____ C:\Users\dwx1001776\Downloads\Attachment2:Cases Study .pdf
2021-12-15 11:18 - 2021-12-15 11:18 - 000002643 _____ C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\aseprite.exe - Shortcut.lnk
2021-12-15 11:17 - 2021-12-15 11:18 - 000002291 _____ C:\Users\dwx1001776\Desktop\aseprite.exe - Shortcut.lnk
2021-12-15 11:17 - 2021-12-15 11:17 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Aseprite
2021-12-15 10:38 - 2021-12-15 10:38 - 000000000 ____D C:\Users\dwx1001776\AppData\Local\Yandex
2021-12-15 10:38 - 2021-12-15 10:38 - 000000000 ____D C:\Program Files (x86)\FarLabUninstaller
2021-12-15 09:31 - 2021-12-15 09:45 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\GrafX2
2021-12-15 06:21 - 2021-12-15 06:34 - 001371613 _____ C:\Users\dwx1001776\Downloads\dspvswr cellphytopo.rar
2021-12-14 23:59 - 2021-12-15 00:12 - 000002078 _____ C:\Users\dwx1001776\Downloads\logRE-RUN_14-12-2021.rar
2021-12-14 23:56 - 2021-12-14 23:56 - 000000894 _____ C:\Users\dwx1001776\Downloads\RE-RUN_14-12-2021.rar
2021-12-14 23:48 - 2021-12-15 00:01 - 000001044 _____ C:\Users\dwx1001776\Downloads\logRe-run CR BP.rar
2021-12-14 23:46 - 2021-12-14 23:46 - 000000484 _____ C:\Users\dwx1001776\Downloads\Re-run CR BP.rar
2021-12-14 23:37 - 2021-12-14 23:37 - 000001240 _____ C:\Users\dwx1001776\Downloads\CR_RXD_14-12-2021-RR.rar
2021-12-14 23:31 - 2021-12-14 23:31 - 000000472 _____ C:\Users\dwx1001776\Desktop\reexe48.txt
2021-12-14 23:23 - 2021-12-14 23:23 - 000056084 _____ C:\Users\dwx1001776\Desktop\3gcellbh.sql
2021-12-14 21:02 - 2021-12-14 21:02 - 000497801 _____ C:\Users\dwx1001776\Downloads\SEI Sitelist Issue W49.xlsx
2021-12-14 20:32 - 2021-12-14 20:32 - 003286275 _____ C:\Users\dwx1001776\Downloads\req risky.rar
2021-12-14 20:32 - 2021-12-14 12:37 - 012042315 _____ C:\Users\dwx1001776\Downloads\weekly_Temporary_Query_Result_20211214123239423(weekly).csv
2021-12-14 20:32 - 2021-12-14 12:37 - 001842595 _____ C:\Users\dwx1001776\Downloads\weekly_Temporary_Query_Result_20211214123239423(weekly).rar
2021-12-14 20:32 - 2021-12-14 12:29 - 001445296 _____ C:\Users\dwx1001776\Downloads\daily_Temporary_Query_Result_20211214122732871.zip
2021-12-14 20:32 - 2021-12-14 12:28 - 003658779 ____N C:\Users\dwx1001776\Downloads\daily_Temporary_Query_Result_20211214122732871(49).csv
2021-12-14 20:32 - 2021-12-14 12:28 - 003540519 ____N C:\Users\dwx1001776\Downloads\daily_Temporary_Query_Result_20211214122732871(26).csv
2021-12-14 19:34 - 2021-12-14 19:34 - 000001140 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thetan Arena.lnk
2021-12-14 19:34 - 2021-12-14 19:34 - 000000000 ____D C:\Users\dwx1001776\AppData\LocalLow\Wolffun
2021-12-14 19:34 - 2021-12-14 19:34 - 000000000 ____D C:\Program Files (x86)\Thetan Arena
2021-12-14 01:19 - 2021-12-14 01:19 - 000013545 _____ C:\Users\dwx1001776\Downloads\Need Data KPI.xlsx
2021-12-14 01:06 - 2021-12-14 01:19 - 002865690 _____ C:\Users\dwx1001776\Downloads\alarmjabo_after.rar
2021-12-14 00:48 - 2021-12-14 01:01 - 000362501 _____ C:\Users\dwx1001776\Downloads\MML_Task_Result_Re-RUN IP100_20211214_010005.txt
2021-12-14 00:47 - 2021-12-14 01:00 - 000023861 _____ C:\Users\dwx1001776\Downloads\LOG_VoLTE_3G SRVCC Fast Return_Phase 04_V2.rar
2021-12-14 00:46 - 2021-12-14 00:46 - 000150156 _____ C:\Users\dwx1001776\Downloads\Re-RUN IP100.txt
2021-12-14 00:22 - 2021-12-14 00:22 - 001308119 _____ C:\Users\dwx1001776\Downloads\32_SRVCCFLEXSTEERING_P2.txt
2021-12-14 00:22 - 2021-12-14 00:22 - 001011749 _____ C:\Users\dwx1001776\Downloads\33_SRVCCFLEXSTEERING_P2.txt
2021-12-13 21:42 - 2021-12-13 21:42 - 012234224 _____ C:\Users\dwx1001776\Downloads\3G KPI_Trial 3g shutoff_20211212@2359.xlsm
2021-12-13 21:12 - 2021-12-13 21:24 - 004436907 _____ C:\Users\dwx1001776\Downloads\ranreportalarmjabo.rar
2021-12-13 21:02 - 2021-12-13 21:02 - 001405535 _____ C:\Users\dwx1001776\Downloads\Req KPI week 49.xlsx
2021-12-13 04:12 - 2021-12-13 04:12 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-147214757-305610072-1517763936-8001229
2021-12-12 14:04 - 2021-12-12 14:04 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2021-12-11 09:03 - 2021-12-11 09:03 - 001271975 _____ C:\Users\dwx1001776\Downloads\audit_ret_kota bekasi_kota depok.xlsx
2021-12-11 01:53 - 2021-12-11 01:53 - 000000375 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2021-12-10 12:52 - 2021-12-10 12:52 - 000006185 _____ C:\Users\dwx1001776\Downloads\SiteID_ret.txt
2021-12-10 10:17 - 2021-12-10 13:14 - 000032278 _____ C:\Users\dwx1001776\Downloads\Site_Bagus_HHO_10 Dec.xlsx
2021-12-09 18:04 - 2021-12-09 18:04 - 000008736 _____ C:\Users\dwx1001776\Downloads\Object Tree Export_Report Management_20211209180344.xlsx
2021-12-09 18:03 - 2021-12-09 18:03 - 000096077 _____ C:\Users\dwx1001776\Downloads\Sitelist Neeh HO PingPong 9Dec.xlsx
2021-12-09 15:34 - 2021-12-09 15:34 - 000009644 _____ C:\Users\dwx1001776\Downloads\sitelist L21 Big Gap(2).xlsx
2021-12-09 10:23 - 2021-12-09 10:23 - 000000000 ____D C:\Users\dwx1001776\AppData\Local\Plantronics
2021-12-09 10:22 - 2021-12-09 10:22 - 000002018 _____ C:\Users\Public\Desktop\WeLinkPC.lnk
2021-12-09 10:22 - 2021-12-09 10:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeLinkPC
2021-12-09 10:22 - 2021-12-09 10:22 - 000000000 ____D C:\Program Files (x86)\WeLinkPC
2021-12-09 09:59 - 2021-12-09 10:22 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-12-09 09:59 - 2021-12-09 09:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\huawei
2021-12-09 09:55 - 2021-12-17 22:20 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\eSpace_Desktop
2021-12-08 13:39 - 2021-12-08 13:21 - 003007383 ____N C:\Users\dwx1001776\Downloads\4G_KPI_reqJPX236_Query_Result_20211208132030519(Subreport 1).csv
2021-12-08 13:29 - 2021-12-08 13:29 - 000008581 _____ C:\Users\dwx1001776\Downloads\sitelist 3G trial shutoff(1).xlsx
2021-12-08 13:21 - 2021-12-08 13:34 - 000055074 _____ C:\Users\dwx1001776\Downloads\HistoricalAlarms20211208132118236.csv
2021-12-08 13:21 - 2021-12-08 13:21 - 001048626 _____ C:\Users\dwx1001776\Downloads\jpx236.rar
2021-12-08 13:21 - 2021-12-08 13:21 - 001045441 _____ C:\Users\dwx1001776\Downloads\4G_KPI_reqJPX236_Query_Result_20211208132030519.zip
2021-12-08 13:18 - 2021-12-08 13:31 - 000016977 _____ C:\Users\dwx1001776\Downloads\HistoricalAlarms20211208131825307.csv
2021-12-08 13:18 - 2021-12-08 13:30 - 000001118 _____ C:\Users\dwx1001776\Downloads\CurrentAlarms20211208131743095_1.csv
2021-12-08 11:39 - 2021-12-08 11:48 - 005278602 _____ C:\Users\dwx1001776\Downloads\List trial 3G shutoff dashboard v2.xlsx
2021-12-08 11:14 - 2021-12-08 11:15 - 000976179 _____ C:\Users\dwx1001776\Desktop\3G Upgrade Software Patch SRAN16.1 - 8 Dec 2021_.xlsm
2021-12-08 11:13 - 2021-12-08 11:13 - 000866888 _____ C:\Users\dwx1001776\Desktop\3G Upgrade Software Patch SRAN16.1 - 8 Dec 2021.xlsm
2021-12-08 11:12 - 2021-12-08 11:12 - 001415680 _____ C:\Users\dwx1001776\Desktop\2G_KPI_Hourly_Upgrade Software Patch SRAN16.1 - 8 Dec 2021.xls
2021-12-08 10:46 - 2021-12-08 10:46 - 000969625 _____ C:\Users\dwx1001776\Downloads\Dashboard Support CSFB 2G 4G_20211208e.xlsx
2021-12-08 10:36 - 2021-12-08 10:36 - 000928759 _____ C:\Users\dwx1001776\Downloads\Dashboard Support CSFB 2G 4G_20211208.xlsx
2021-12-08 09:12 - 2021-12-08 09:12 - 000193599 _____ C:\Users\dwx1001776\Desktop\3gshutoffv2.sql
2021-12-08 09:10 - 2021-12-08 09:10 - 000008879 _____ C:\Users\dwx1001776\Downloads\sitelist 3G trial shutoff.xlsx
2021-12-07 11:20 - 2021-12-07 11:33 - 000866837 _____ C:\Users\dwx1001776\Downloads\lteranreport1207.rar
2021-12-06 18:19 - 2021-12-06 18:19 - 000014282 _____ C:\Users\dwx1001776\Downloads\high interference.xlsx
2021-12-06 11:45 - 2021-12-06 11:45 - 000095503 _____ C:\Users\dwx1001776\Desktop\3gshutoff.sql
2021-12-05 10:28 - 2021-12-05 18:31 - 000000000 ____D C:\Users\dwx1001776\AppData\Local\Vivox
2021-12-05 10:21 - 2021-12-18 07:02 - 000000000 ____D C:\Program Files (x86)\TurboVPN
2021-12-05 10:21 - 2021-12-05 10:21 - 000001120 _____ C:\Users\dwx1001776\Desktop\TurboVPN.lnk
2021-12-05 10:21 - 2021-12-05 10:21 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TurboVPN
 
2021-12-05 09:33 - 2021-12-05 09:33 - 000001235 _____ C:\Users\Public\Desktop\The Sandbox Alpha.lnk
2021-12-05 09:32 - 2021-12-05 09:32 - 000000000 ____D C:\Users\dwx1001776\AppData\LocalLow\TSBGAMING
2021-12-05 09:31 - 2021-12-05 09:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sandbox
2021-12-05 09:31 - 2021-12-05 09:31 - 000000000 ____D C:\Program Files (x86)\The Sandbox
2021-12-03 11:11 - 2021-12-03 11:23 - 001008015 _____ C:\Users\dwx1001776\Downloads\E_TNG602_Ryserpong2_ALL_Operation Log_Compressed_2021-06-01-11-22-52_2021-12-03-11-23-04_Flow Control_20211203_112309.gz
2021-12-03 11:11 - 2021-12-03 11:10 - 006963390 _____ C:\Users\dwx1001776\Downloads\E_TNG602_Ryserpong2_ALL_Operation Log_Compressed_2021-06-01-11-22-52_2021-12-03-11-23-04_Flow Control_20211203_112309
2021-12-03 08:57 - 2021-12-03 08:57 - 000000000 ____D C:\Users\dwx1001776\AppData\LocalLow\Unity
2021-12-03 08:57 - 2021-12-03 08:57 - 000000000 ____D C:\Users\dwx1001776\AppData\LocalLow\Sky Mavis
2021-12-03 08:57 - 2021-12-03 08:57 - 000000000 ____D C:\Users\dwx1001776\AppData\Local\GameAnalytics
2021-12-03 08:52 - 2021-12-03 08:52 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\com.skymavis.launcher
2021-12-03 08:52 - 2021-12-03 08:52 - 000000000 ____D C:\Program Files\Axie Infinity
2021-12-03 08:50 - 2021-12-03 08:53 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Mavis Hub
2021-12-03 08:49 - 2021-12-03 09:05 - 000002322 _____ C:\Users\dwx1001776\Desktop\Mavis Hub.lnk
2021-12-03 08:49 - 2021-12-03 08:50 - 000000000 ____D C:\Users\dwx1001776\AppData\Local\@axielauncher-updater
2021-12-03 08:49 - 2021-12-03 08:49 - 000002330 _____ C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mavis Hub.lnk
2021-12-02 16:37 - 2021-12-02 16:37 - 000009026 _____ C:\Users\dwx1001776\Downloads\Sitelist need HO PingPong_02122021.xlsx
2021-12-02 09:24 - 2021-12-02 09:24 - 000009626 _____ C:\Users\dwx1001776\Downloads\sitelist L21 Big Gap(1).xlsx
2021-12-01 12:54 - 2021-12-01 13:07 - 000014050 _____ C:\Users\dwx1001776\Downloads\lstoptlog_cpt221.csv
2021-12-01 10:32 - 2021-12-01 10:44 - 000402205 _____ C:\Users\dwx1001776\Downloads\LST CELLALGOSWITCH.csv
2021-12-01 10:32 - 2021-12-01 10:44 - 000104030 _____ C:\Users\dwx1001776\Downloads\LST EUTRANINTERNFREQ.csv
2021-12-01 10:32 - 2021-12-01 10:44 - 000024086 _____ C:\Users\dwx1001776\Downloads\LST CELLHOPARACFG.csv
2021-12-01 10:32 - 2021-12-01 10:44 - 000011475 _____ C:\Users\dwx1001776\Downloads\LST INTERFREQHOGROUP.csv
2021-12-01 09:29 - 2021-12-01 09:27 - 000021186 _____ C:\Users\dwx1001776\Documents\AlarmLogs20211201092856554.csv
2021-12-01 08:30 - 2021-12-01 08:30 - 000000000 ____D C:\WINDOWS\SysWOW64\Zonelabs
2021-12-01 08:30 - 2021-12-01 08:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2021-12-01 08:30 - 2021-12-01 08:30 - 000000000 ____D C:\Program Files (x86)\CheckPoint
2021-12-01 08:09 - 2021-12-01 08:10 - 123979489 _____ C:\Users\dwx1001776\Downloads\Windows_MediaFeaturePack_x64_1803.msu
2021-12-01 08:08 - 2021-12-01 08:08 - 103322379 _____ C:\Users\dwx1001776\Downloads\Windows_MediaFeaturePack_x64_1903_V1.msu
2021-12-01 08:01 - 2021-12-18 07:02 - 000008192 ___SH C:\DumpStack.log.tmp
2021-12-01 07:54 - 2021-12-09 07:01 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-12-01 07:54 - 2021-12-09 07:01 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d7e64c66026a2b
2021-12-01 07:50 - 2021-12-01 07:50 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-12-01 07:48 - 2021-12-01 07:48 - 000000020 ___SH C:\Users\dwx1001776\ntuser.ini
2021-12-01 07:47 - 2021-12-18 07:17 - 000000000 ____D C:\WINDOWS\system32\Tasks\Symantec Endpoint Protection
2021-12-01 07:47 - 2021-12-18 07:02 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-12-01 07:47 - 2021-12-13 04:12 - 000003372 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-147214757-305610072-1517763936-8001229
2021-12-01 07:47 - 2021-12-11 02:09 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-12-01 07:47 - 2021-12-01 07:47 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-12-01 07:47 - 2021-12-01 07:47 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-12-01 07:47 - 2021-12-01 07:47 - 000002896 _____ C:\WINDOWS\system32\Tasks\TinyTakeUpgrade
2021-12-01 07:47 - 2021-12-01 07:47 - 000002856 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-888159395-1567868294-3106766758-1001
2021-12-01 07:47 - 2021-12-01 07:47 - 000002590 _____ C:\WINDOWS\system32\Tasks\LANDESK Agent Health Bootstrap Task
2021-12-01 07:47 - 2021-12-01 07:47 - 000002536 _____ C:\WINDOWS\system32\Tasks\SamsungMagician
2021-12-01 07:47 - 2021-12-01 07:47 - 000002442 _____ C:\WINDOWS\system32\Tasks\RemindPatchRepair
2021-12-01 07:47 - 2021-12-01 07:47 - 000002052 _____ C:\WINDOWS\system32\Tasks\ReportPatchStatus
2021-12-01 07:47 - 2021-12-01 07:47 - 000000000 ____D C:\WINDOWS\system32\Tasks\FonePaw
2021-12-01 07:47 - 2021-12-01 07:47 - 000000000 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts
2021-12-01 07:46 - 2021-12-01 07:47 - 000015243 _____ C:\WINDOWS\diagwrn.xml
2021-12-01 07:46 - 2021-12-01 07:47 - 000015243 _____ C:\WINDOWS\diagerr.xml
2021-12-01 07:41 - 2021-12-18 07:21 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-12-01 07:39 - 2021-12-18 06:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-12-01 07:39 - 2021-12-16 23:07 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-12-01 07:39 - 2021-12-16 23:07 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-12-01 07:39 - 2021-12-01 07:39 - 000379840 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-12-01 07:22 - 2021-12-01 22:39 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-12-01 07:18 - 2021-12-17 21:51 - 000000000 ____D C:\Users\dwx1001776
2021-12-01 07:18 - 2021-12-13 04:12 - 000002398 _____ C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-12-01 07:18 - 2021-12-01 22:39 - 000000000 ____D C:\Users\Admin
2021-12-01 07:18 - 2019-12-07 16:09 - 000001105 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-12-01 07:18 - 2019-12-07 16:09 - 000001105 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-12-01 07:17 - 2021-12-01 07:22 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-12-01 07:07 - 2021-12-01 07:07 - 002371072 _____ C:\WINDOWS\system32\rdpnano.dll
2021-12-01 07:07 - 2021-12-01 07:07 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2021-12-01 07:07 - 2021-12-01 07:07 - 000672768 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-12-01 07:07 - 2021-12-01 07:07 - 000203264 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll
2021-12-01 07:07 - 2021-12-01 07:07 - 000170496 _____ C:\WINDOWS\system32\DeviceUpdateCenterCsp.dll
2021-12-01 07:07 - 2021-12-01 07:07 - 000158208 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-12-01 07:07 - 2021-12-01 07:07 - 000040960 _____ C:\WINDOWS\system32\uwfservicingapi.dll
2021-12-01 07:07 - 2021-12-01 07:07 - 000011363 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-12-01 07:06 - 2021-12-01 07:06 - 002295296 _____ (Digimarc) C:\WINDOWS\system32\DMRCDecoder.dll
2021-12-01 07:06 - 2021-12-01 07:06 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-12-01 07:06 - 2021-12-01 07:06 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-12-01 07:06 - 2021-12-01 07:06 - 002111488 _____ (Digimarc) C:\WINDOWS\SysWOW64\DMRCDecoder.dll
2021-12-01 07:06 - 2021-12-01 07:06 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2021-12-01 07:06 - 2021-12-01 07:06 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-12-01 07:06 - 2021-12-01 07:06 - 001164288 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-12-01 07:06 - 2021-12-01 07:06 - 000706536 _____ C:\WINDOWS\system32\TextShaping.dll
2021-12-01 07:06 - 2021-12-01 07:06 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-12-01 07:06 - 2021-12-01 07:06 - 000611960 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-12-01 07:06 - 2021-12-01 07:06 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-12-01 07:06 - 2021-12-01 07:06 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-12-01 07:06 - 2021-12-01 07:06 - 000098304 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-12-01 07:06 - 2021-12-01 07:06 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-12-01 07:05 - 2021-12-01 07:05 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-12-01 07:05 - 2021-12-01 07:05 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-12-01 07:05 - 2021-12-01 07:05 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-12-01 07:05 - 2021-12-01 07:05 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-12-01 07:05 - 2021-12-01 07:05 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-12-01 06:52 - 2021-12-01 06:53 - 000000000 ____D C:\WINDOWS\system32\id-ID
2021-12-01 06:52 - 2021-12-01 06:52 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2021-12-01 06:52 - 2021-12-01 06:52 - 000000000 ____D C:\WINDOWS\id-ID
2021-12-01 06:52 - 2019-10-15 13:53 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2021-12-01 06:52 - 2019-04-18 18:49 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2021-12-01 06:47 - 2021-12-01 06:47 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2021-12-01 06:39 - 2021-12-01 06:39 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-12-01 06:25 - 2021-12-13 06:00 - 000000000 ___DC C:\WINDOWS\Panther
2021-12-01 06:22 - 2021-12-01 06:25 - 000000036 _____ C:\WINDOWS\progress.ini
2021-12-01 06:07 - 2021-12-01 07:48 - 000000000 ____D C:\Windows10Upgrade
2021-12-01 06:07 - 2021-12-01 07:47 - 000000000 ___HD C:\$GetCurrent
2021-12-01 06:07 - 2021-12-01 06:07 - 000000731 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2021-12-01 06:07 - 2021-12-01 06:07 - 000000719 _____ C:\Users\dwx1001776\Desktop\Windows 10 Update Assistant.lnk
2021-12-01 06:07 - 2021-12-01 06:07 - 000000000 ____D C:\Users\dwx1001776\Downloads\Windows10Upgrade9252
2021-12-01 06:04 - 2021-12-01 06:04 - 005814039 _____ C:\Users\dwx1001776\Downloads\Windows10Upgrade9252.rar
2021-11-29 17:05 - 2021-11-29 17:05 - 000932500 _____ C:\Users\dwx1001776\Downloads\JKP335_20211129@1559.rar
2021-11-29 11:03 - 2021-11-29 11:03 - 000785693 _____ C:\Users\dwx1001776\Downloads\req ul interference_risky.zip
2021-11-29 10:55 - 2021-11-29 10:56 - 002907802 _____ C:\Users\dwx1001776\Downloads\4G_KPI_reqfakhruddin busyhour_Query_Result_20211129105434982.zip
2021-11-29 10:54 - 2021-11-29 10:54 - 000028122 _____ C:\Users\dwx1001776\Downloads\New comers interference W46.xlsx
2021-11-29 10:45 - 2021-11-29 10:45 - 000008047 _____ C:\Users\dwx1001776\Downloads\4cell WPC L21 Big gap.xlsx
2021-11-29 09:54 - 2021-11-29 09:54 - 010120267 _____ C:\Users\dwx1001776\Downloads\interference per RB req risky_Query_Result_20211129094820774.zip
2021-11-29 09:45 - 2021-11-29 09:46 - 004504900 _____ C:\Users\dwx1001776\Downloads\4G_KPI_req_Query_Result_20211129094349351.zip
2021-11-29 09:29 - 2021-11-29 09:29 - 005308401 _____ C:\Users\dwx1001776\Downloads\4G_KPI_reqfakhruddin_Query_Result_2021112909271948.zip
2021-11-29 09:22 - 2021-11-29 09:22 - 000009638 _____ C:\Users\dwx1001776\Downloads\sitelist L21 Big Gap.xlsx
2021-11-27 23:27 - 2021-11-29 17:05 - 000796260 _____ C:\Users\dwx1001776\Downloads\3G JKP335.xlsm
2021-11-27 23:27 - 2021-11-29 17:04 - 001252864 _____ C:\Users\dwx1001776\Downloads\2G_KPI_Hourly_JKP335.xls
2021-11-27 21:51 - 2021-11-27 22:03 - 000065842 _____ C:\Users\dwx1001776\Downloads\mopar_fakhruddin_1127.rar
2021-11-27 21:34 - 2021-11-27 21:45 - 000019558 _____ C:\Users\dwx1001776\Downloads\Sitelist 3G Shutoff(1).xlsx
2021-11-27 21:33 - 2021-11-27 22:33 - 000003489 _____ C:\Users\dwx1001776\Downloads\test_alfursan.txt
2021-11-27 00:54 - 2021-11-27 01:15 - 000014267 _____ C:\Users\dwx1001776\Downloads\Sitelist 3G Shutoff.xlsx
2021-11-26 21:56 - 2021-11-26 21:56 - 000009227 _____ C:\Users\dwx1001776\Downloads\Surrounding 3G Shutoff.xlsx
2021-11-26 08:22 - 2021-11-26 08:24 - 000000128 _____ C:\Users\dwx1001776\AppData\Local\PUTTY.RND
2021-11-26 08:22 - 2021-11-26 08:22 - 000000000 ____D C:\Program Files\PuTTY
2021-11-25 23:38 - 2021-11-25 23:40 - 000000000 ____D C:\Users\dwx1001776\Downloads\stock images
2021-11-25 22:28 - 2021-11-25 22:28 - 000017855 _____ C:\Users\dwx1001776\Downloads\Req Cell Daily 4G 5-24 Nov.xlsx
2021-11-25 21:07 - 2021-11-25 21:13 - 003162095 _____ C:\Users\dwx1001776\Downloads\NCR 4G Rollout Dynamic NPREO with CellNpreoAdjThreshold setting to 20 JA.xlsx
2021-11-25 19:24 - 2021-11-25 19:24 - 000000176 _____ C:\Users\dwx1001776\Downloads\Trial Power Saving.txt
2021-11-25 08:18 - 2021-12-01 22:39 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-11-25 06:08 - 2021-11-25 06:08 - 000140557 _____ C:\Users\dwx1001776\Downloads\WhatsApp Image 2021-11-25 at 00.46.22.jpeg
2021-11-25 00:15 - 2021-11-25 00:15 - 000007720 _____ C:\Users\dwx1001776\Downloads\Req alarm-24 Nov.xlsx
2021-11-25 00:13 - 2021-11-25 00:25 - 000018769 _____ C:\Users\dwx1001776\Downloads\req_alarm.rar
2021-11-25 00:05 - 2021-11-25 00:05 - 000009742 _____ C:\Users\dwx1001776\Downloads\Req alarm(1).xlsx
2021-11-23 23:59 - 2021-11-23 23:59 - 000092742 _____ C:\Users\dwx1001776\Downloads\Rollback IP5.txt
2021-11-23 23:59 - 2021-11-23 23:59 - 000042262 _____ C:\Users\dwx1001776\Downloads\Rollback IP48.txt
2021-11-23 23:37 - 2021-11-23 23:38 - 081625338 _____ C:\Users\dwx1001776\Downloads\4G_KPI_reqrisky1123_Query_Result_2021112323300689.zip
2021-11-23 23:13 - 2021-11-23 23:32 - 000041991 _____ C:\Users\dwx1001776\Downloads\Need Data(1).xlsx
2021-11-23 21:31 - 2021-11-23 21:31 - 003561068 _____ C:\Users\dwx1001776\Downloads\4G_EJ_CR_QCI 6 VIP User anchor on FDD solution Rollback RollOut 20211112_rev.xlsx
2021-11-23 21:29 - 2021-11-23 21:34 - 001890411 _____ C:\Users\dwx1001776\Downloads\4G Script Volte Features_JABO Outer_VoLTE Coverage Enhancement_Phase 03 V3.xlsx
2021-11-23 21:27 - 2021-11-23 21:37 - 000807009 _____ C:\Users\dwx1001776\Downloads\NCR 4G Rollout Disable CA Service When Using VOLTE CALL JABO.xlsx
2021-11-23 11:19 - 2021-11-23 17:18 - 000000109 _____ C:\Users\dwx1001776\Downloads\cryptotab log.txt
2021-11-23 11:18 - 2021-11-24 05:47 - 000005224 _____ C:\Users\dwx1001776\Downloads\youtube project 2 - sky bonfire lake.txt
2021-11-23 07:38 - 2021-11-23 07:38 - 000008297 _____ C:\Users\dwx1001776\Downloads\sitelist(12).xlsx
2021-11-22 23:29 - 2021-11-22 23:29 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\DigibyteMiner
2021-11-22 22:16 - 2021-11-22 22:54 - 000014020 _____ C:\Users\dwx1001776\Downloads\need rrc+payload.xlsx
2021-11-22 20:04 - 2021-11-22 20:04 - 000013943 _____ C:\Users\dwx1001776\Downloads\Need KPI 4g data.xlsx
2021-11-22 19:31 - 2021-11-22 19:31 - 001313177 _____ C:\Users\dwx1001776\Downloads\SITE LIST TAL TAC_20211012_V2.xlsx
2021-11-22 15:40 - 2021-11-22 15:53 - 000009408 _____ C:\Users\dwx1001776\Downloads\SITE LIST_Power Saving Trial.xlsx
2021-11-21 23:44 - 2021-11-22 10:47 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\TechSmith
2021-11-21 23:41 - 2021-11-23 12:01 - 000000000 ____D C:\Users\dwx1001776\Documents\Camtasia
2021-11-21 23:41 - 2021-11-21 23:41 - 000000000 ____D C:\Users\dwx1001776\AppData\Local\TechSmith
2021-11-21 22:24 - 2021-12-01 22:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2021-11-21 22:24 - 2021-11-21 22:24 - 000001171 _____ C:\Users\Public\Desktop\Camtasia 2019.lnk
2021-11-21 22:23 - 2021-11-21 22:24 - 000000000 ____D C:\ProgramData\TechSmith
2021-11-21 22:23 - 2021-11-21 22:23 - 000000000 ____D C:\Program Files\TechSmith
2021-11-21 22:23 - 2021-11-21 22:23 - 000000000 ____D C:\Program Files\Common Files\TechSmith Shared
2021-11-21 19:33 - 2021-11-30 15:54 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\audacity
2021-11-21 19:33 - 2021-11-21 19:33 - 000000865 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2021-11-21 19:33 - 2021-11-21 19:33 - 000000853 _____ C:\Users\Public\Desktop\Audacity.lnk
2021-11-21 19:33 - 2021-11-21 19:33 - 000000000 ____D C:\Users\dwx1001776\AppData\Local\audacity
2021-11-21 19:33 - 2021-11-21 19:33 - 000000000 ____D C:\Program Files\Audacity
2021-11-21 12:13 - 2021-11-21 12:13 - 000000761 _____ C:\Users\dwx1001776\Documents\Desktop - Shortcut.lnk
2021-11-19 21:36 - 2021-11-19 21:36 - 000031314 _____ C:\Users\dwx1001776\Downloads\Nobel - S01E02.srt
2021-11-19 21:35 - 2021-11-19 21:35 - 000024012 _____ C:\Users\dwx1001776\Downloads\Nobel - S01E01.srt
2021-11-18 23:21 - 2021-11-18 23:21 - 000011889 _____ C:\Users\dwx1001776\Downloads\NC20211103001772_Supreme Optimization W44(1).rar
2021-11-18 03:14 - 2021-11-18 03:26 - 000006330 _____ C:\Users\dwx1001776\Downloads\MML_Task_Result_almaf1000_20211118_032629.txt
2021-11-18 03:14 - 2021-11-18 03:25 - 000004166 _____ C:\Users\dwx1001776\Downloads\MML_Task_Result_IP100_Fallback2_20211118_032524.txt
2021-11-18 03:13 - 2021-11-18 03:13 - 000000120 _____ C:\Users\dwx1001776\Downloads\almaf1000.txt
2021-11-18 03:12 - 2021-11-18 03:12 - 000000876 _____ C:\Users\dwx1001776\Downloads\IP100_Fallback2.txt
2021-11-18 02:55 - 2021-11-18 03:07 - 000028085 _____ C:\Users\dwx1001776\Downloads\MML_Task_Result_LSTALFM_IP100_After_20211118_030720.txt
2021-11-18 02:55 - 2021-11-18 03:07 - 000003694 _____ C:\Users\dwx1001776\Downloads\MML_Task_Result_LSTALMAF_IP48_After_20211118_030738.txt
2021-11-18 02:54 - 2021-11-18 02:54 - 000000477 _____ C:\Users\dwx1001776\Downloads\LSTALFM_IP100_After.txt
2021-11-18 02:54 - 2021-11-18 02:54 - 000000081 _____ C:\Users\dwx1001776\Downloads\LSTALMAF_IP48_After.txt
2021-11-18 02:53 - 2021-11-18 03:05 - 000015931 _____ C:\Users\dwx1001776\Downloads\MML_Task_Result_IP100_Fallback_s_20211118_030501.txt
2021-11-18 02:53 - 2021-11-18 03:05 - 000001944 _____ C:\Users\dwx1001776\Downloads\MML_Task_Result_IP48_Fallback_s_20211118_030524.txt
2021-11-18 02:51 - 2021-11-18 02:51 - 000003576 _____ C:\Users\dwx1001776\Downloads\IP100_Fallback(1).txt
2021-11-18 02:51 - 2021-11-18 02:51 - 000000381 _____ C:\Users\dwx1001776\Downloads\IP48_Fallback(1).txt
2021-11-18 02:36 - 2021-11-18 02:36 - 000003576 _____ C:\Users\dwx1001776\Downloads\IP100_Fallback.txt
2021-11-18 02:36 - 2021-11-18 02:36 - 000000381 _____ C:\Users\dwx1001776\Downloads\IP48_Fallback.txt
2021-11-18 01:58 - 2021-11-18 02:00 - 000008810 _____ C:\Users\dwx1001776\Downloads\Req alarm.xlsx
2021-11-18 01:52 - 2021-11-18 02:05 - 000008263 _____ C:\Users\dwx1001776\Downloads\MML_Task_Result_IP48_West_rerun_20211118_020435.txt
2021-11-18 01:52 - 2021-11-18 02:04 - 000022987 _____ C:\Users\dwx1001776\Downloads\MML_Task_Result_IP100_West_rerun_20211118_020406.txt
2021-11-18 01:49 - 2021-11-18 01:49 - 000005244 _____ C:\Users\dwx1001776\Downloads\IP100_West_rerun.txt
2021-11-18 01:49 - 2021-11-18 01:49 - 000001862 _____ C:\Users\dwx1001776\Downloads\IP48_West_Rerun.txt
2021-11-18 00:20 - 2021-11-18 00:32 - 000002998 _____ C:\Users\dwx1001776\Downloads\lstalmaf.rar
2021-11-18 00:16 - 2021-11-18 00:16 - 000418405 _____ C:\Users\dwx1001776\Downloads\Object Tree Export_Report Management_20211118001548.xlsx
2021-11-18 00:13 - 2021-11-18 00:13 - 000000087 _____ C:\Users\dwx1001776\Downloads\Object Tree Export_Report Management_20211118000903_20211118001300032.csv
2021-11-18 00:12 - 2021-11-18 00:24 - 000001301 _____ C:\Users\dwx1001776\Downloads\MML_Task_Result_CR_Tutela_IP5_Rollback_20211118_002427.txt
2021-11-18 00:12 - 2021-11-18 00:24 - 000000638 _____ C:\Users\dwx1001776\Downloads\MML_Task_Result_CR_Tutela_IP48_Rollback_20211118_002405.txt
2021-11-18 00:12 - 2021-11-18 00:24 - 000000622 _____ C:\Users\dwx1001776\Downloads\MML_Task_Result_CR_Tutela_IP100_Rollback_20211118_002343.txt
2021-11-18 00:10 - 2021-11-18 00:10 - 000000241 _____ C:\Users\dwx1001776\Downloads\CR_Tutela_IP5_Rollback.txt
2021-11-18 00:10 - 2021-11-18 00:10 - 000000080 _____ C:\Users\dwx1001776\Downloads\CR_Tutela_IP48_Rollback.txt
2021-11-18 00:10 - 2021-11-18 00:10 - 000000072 _____ C:\Users\dwx1001776\Downloads\CR_Tutela_IP100_Rollback.txt
2021-11-18 00:09 - 2021-11-18 00:09 - 000003860 _____ C:\Users\dwx1001776\Downloads\Object Tree Export_Report Management_20211118000903.xlsx
2021-11-18 00:03 - 2021-11-18 00:16 - 000000969 _____ C:\Users\dwx1001776\Downloads\MML_Task_Result_Rerun ip100_dr_20211118_001249.txt

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-12-18 08:27 - 2021-07-13 19:51 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\NetCareClient
2021-12-18 08:27 - 2020-11-14 09:04 - 000000000 ___HD C:\ProgramData\TEMP
2021-12-18 08:22 - 2019-12-07 16:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-12-18 08:08 - 2020-11-13 21:45 - 000000000 ____D C:\Program Files (x86)\Google
2021-12-18 08:03 - 2021-06-23 15:04 - 000000000 ____D C:\Program Files\AnXinSec
2021-12-18 08:03 - 2020-12-19 01:19 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\KSafe
2021-12-18 07:59 - 2021-11-05 13:49 - 000000000 ____D C:\Program Files (x86)\CryptoCompany
2021-12-18 07:58 - 2021-08-09 08:07 - 000002404 _____ C:\Users\dwx1001776\Desktop\Dimas Khalid - Chrome.lnk
2021-12-18 07:38 - 2020-12-19 03:05 - 000000000 ____D C:\Users\dwx1001776\AppData\Local\CrashDumps
2021-12-18 07:32 - 2021-06-23 15:04 - 000000002 _____ C:\WINDOWS\axupdt.axbcv
2021-12-18 07:21 - 2020-11-14 09:22 - 000000000 ____D C:\temp
2021-12-18 07:21 - 2019-12-07 16:12 - 000000000 ____D C:\WINDOWS\INF
2021-12-18 07:19 - 2019-12-07 16:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-12-18 07:04 - 2020-11-16 22:37 - 000001144 ____H C:\Users\dwx1001776\Documents\Default.rdp
2021-12-18 07:02 - 2019-12-07 16:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-12-18 07:02 - 2019-03-19 11:49 - 000000297 _____ C:\WINDOWS\win.ini
2021-12-18 07:01 - 2020-12-22 22:23 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\DMCache
2021-12-18 06:27 - 2020-11-13 21:06 - 000046130 __RSH C:\ProgramData\ntuser.pol
2021-12-18 06:26 - 2020-11-14 09:05 - 000000000 ____D C:\ProgramData\Symantec
2021-12-18 02:26 - 2020-12-19 02:30 - 000000000 ____D C:\Users\dwx1001776\AppData\LocalLow\Mozilla
2021-12-18 01:00 - 2019-12-07 16:49 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2021-12-17 22:07 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-12-17 21:59 - 2020-11-13 21:50 - 000006354 _____ C:\Users\dwx1001776\Downloads\exam
2021-12-17 21:49 - 2019-12-07 16:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-12-17 20:44 - 2020-12-22 22:23 - 000000000 ____D C:\Users\dwx1001776\Downloads\Compressed
2021-12-17 02:11 - 2020-11-14 00:17 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\vlc
2021-12-16 22:02 - 2019-12-07 16:03 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2021-12-16 22:01 - 2020-12-19 02:30 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-12-16 22:01 - 2020-12-19 02:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-12-16 20:46 - 2021-07-12 09:50 - 000000000 ____D C:\Users\dwx1001776\Desktop\tem
2021-12-16 20:45 - 2020-12-22 22:23 - 000000000 ____D C:\Users\dwx1001776\Downloads\Video
2021-12-16 17:13 - 2021-10-21 22:40 - 000001497 _____ C:\Users\Public\Desktop\Onebox.lnk
2021-12-16 17:11 - 2020-11-14 09:25 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\CDDD
2021-12-16 10:36 - 2021-08-26 07:37 - 000000000 ____D C:\Users\dwx1001776\Documents\kamil
2021-12-16 07:14 - 2020-11-14 09:07 - 001050018 _____ C:\ProgramData\CpmCore.log.1
2021-12-16 06:09 - 2020-11-13 21:46 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-12-16 06:09 - 2018-10-23 18:30 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-12-16 01:36 - 2020-12-19 02:30 - 000000000 ____D C:\ProgramData\Mozilla
2021-12-15 16:26 - 2020-11-14 09:05 - 000002206 _____ C:\Users\Public\Desktop\SPES.lnk
2021-12-15 16:15 - 2020-11-14 09:09 - 000000000 _____ C:\Program Files (x86)\ItShieldCheckFile.ck
2021-12-15 10:52 - 2019-12-07 16:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-12-15 10:41 - 2020-12-22 22:23 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
2021-12-15 10:35 - 2020-11-14 22:29 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Telegram Desktop
2021-12-14 02:37 - 2020-11-14 09:07 - 001049966 _____ C:\ProgramData\CpmCore.log.2
2021-12-11 22:13 - 2020-11-14 09:07 - 001048824 _____ C:\ProgramData\CpmCore.log.3
2021-12-11 02:09 - 2018-10-23 18:30 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-12-10 06:59 - 2020-11-15 20:12 - 000000000 ___RD C:\Users\dwx1001776\Downloads\Telegram Desktop
2021-12-09 17:43 - 2020-11-14 09:07 - 001048755 _____ C:\ProgramData\CpmCore.log.4
2021-12-09 10:23 - 2021-10-21 22:41 - 000000000 ____D C:\ProgramData\CheckToolService
2021-12-09 10:20 - 2021-03-16 18:56 - 000030995 _____ C:\Users\dwx1001776\Downloads\CsvReport (6)_reqheru.csv
2021-12-09 10:08 - 2020-11-14 09:18 - 000000256 _____ C:\WINDOWS\system32\config\netlogon.ftl
2021-12-09 09:59 - 2020-11-14 09:25 - 000000000 ____D C:\Program Files (x86)\Huawei
2021-12-09 09:57 - 2021-07-22 12:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2021-12-09 09:57 - 2021-07-12 22:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FonePaw
2021-12-09 09:57 - 2021-02-28 20:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strogino CS Portal
2021-12-09 09:57 - 2020-11-14 09:08 - 000000000 ____D C:\Program Files (x86)\eSpace_Desktop
2021-12-09 09:57 - 2020-07-26 18:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tencent Software
2021-12-09 09:57 - 2019-10-03 15:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2021-12-09 09:57 - 2018-11-12 14:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2021-12-09 09:57 - 2018-11-08 00:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
2021-12-09 09:57 - 2018-10-23 18:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2021-12-08 19:55 - 2020-11-14 06:17 - 000000000 ____D C:\ProgramData\Packages
2021-12-07 12:31 - 2020-11-14 09:07 - 001048947 _____ C:\ProgramData\CpmCore.log.5
2021-12-05 12:36 - 2021-01-20 20:03 - 000025638 _____ C:\Users\dwx1001776\Downloads\CsvReport (2).csv
2021-12-05 12:36 - 2020-12-14 23:17 - 000074161 _____ C:\Users\dwx1001776\Downloads\Report.txt
2021-12-05 09:31 - 2020-11-14 09:10 - 000000000 ____D C:\ProgramData\Package Cache
2021-12-05 09:20 - 2020-11-14 09:07 - 001049823 _____ C:\ProgramData\CpmCore.log.6
2021-12-03 04:08 - 2020-11-14 09:07 - 001049673 _____ C:\ProgramData\CpmCore.log.7
2021-12-02 04:42 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\appcompat
2021-12-01 22:39 - 2021-11-17 19:05 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movavi Video Editor Plus 2022
2021-12-01 22:39 - 2021-11-09 14:43 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2021-12-01 22:39 - 2021-09-23 20:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2021-12-01 22:39 - 2021-08-01 23:04 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeLink Meeting
2021-12-01 22:39 - 2021-07-07 18:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2021-12-01 22:39 - 2021-06-30 22:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
2021-12-01 22:39 - 2021-06-23 15:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intelligent Memory Protection System
2021-12-01 22:39 - 2021-06-15 17:30 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\瞩目国际版
2021-12-01 22:39 - 2021-03-25 09:27 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2021-12-01 22:39 - 2021-02-19 19:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSSL
2021-12-01 22:39 - 2021-01-31 13:31 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KMPlayer 64X
2021-12-01 22:39 - 2020-12-29 10:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2021-12-01 22:39 - 2020-12-29 08:17 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.7
2021-12-01 22:39 - 2020-12-22 22:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP
2021-12-01 22:39 - 2020-12-22 22:23 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2021-12-01 22:39 - 2020-12-17 19:33 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accession Meeting
2021-12-01 22:39 - 2020-12-08 18:24 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stremio
2021-12-01 22:39 - 2020-11-18 01:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ldevents
2021-12-01 22:39 - 2020-11-15 13:50 - 000000000 ____D C:\Program Files\UNP
2021-12-01 22:39 - 2020-11-15 08:39 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LINE
2021-12-01 22:39 - 2020-11-14 22:29 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2021-12-01 22:39 - 2020-11-14 09:24 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CloudMeeting
2021-12-01 22:39 - 2020-11-14 09:10 - 000000000 ____D C:\WINDOWS\SysWOW64\cba
2021-12-01 22:39 - 2020-11-14 09:06 - 000000000 ____D C:\WINDOWS\SysWOW64\nmap
2021-12-01 22:39 - 2020-11-14 09:05 - 000000000 ____D C:\ProgramData\regid.1992-12.com.symantec
2021-12-01 22:39 - 2020-11-14 09:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
2021-12-01 22:39 - 2020-11-14 09:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SPES 5.0
2021-12-01 22:39 - 2020-11-14 05:35 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-12-01 22:39 - 2020-11-13 18:44 - 000000000 ____D C:\WINDOWS\SHELLNEW
2021-12-01 22:39 - 2020-09-11 15:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Go Programming Language
2021-12-01 22:39 - 2020-05-14 00:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyDesk
2021-12-01 22:39 - 2020-02-01 08:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2021-12-01 22:39 - 2020-01-25 14:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6
2021-12-01 22:39 - 2019-12-07 16:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-12-01 22:39 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2021-12-01 22:39 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-12-01 22:39 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\system32\spool
2021-12-01 22:39 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-12-01 22:39 - 2019-12-07 16:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-12-01 22:39 - 2019-12-07 16:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-12-01 22:39 - 2019-12-01 07:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2021-12-01 22:39 - 2019-09-24 18:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kutools for Excel
2021-12-01 22:39 - 2019-07-15 18:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kids Designer
2021-12-01 22:39 - 2019-03-19 11:52 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-12-01 22:39 - 2019-03-19 11:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2021-12-01 22:39 - 2019-03-19 11:52 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-12-01 22:39 - 2019-03-19 11:52 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-12-01 22:39 - 2019-03-19 11:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2021-12-01 22:39 - 2018-12-14 08:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremiumSoft
2021-12-01 22:39 - 2018-11-21 09:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2021-12-01 22:39 - 2018-11-12 22:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit)
2021-12-01 22:39 - 2018-11-12 16:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RSA SecurID Token
2021-12-01 22:39 - 2018-10-23 18:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2021-12-01 22:39 - 2018-10-23 18:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-12-01 22:38 - 2020-05-17 17:36 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-12-01 22:38 - 2019-12-01 07:48 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-12-01 22:38 - 2019-08-20 11:37 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)
2021-12-01 22:38 - 2018-11-30 07:49 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2021-12-01 22:38 - 2018-11-08 00:15 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.7
2021-12-01 14:08 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-12-01 08:31 - 2020-11-16 17:55 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\CheckPoint
2021-12-01 08:30 - 2021-03-25 09:23 - 000000000 ____D C:\ProgramData\CheckPoint
2021-12-01 08:05 - 2021-03-25 09:24 - 000012288 _____ C:\WINDOWS\system32\Drivers\vsndis.reg
2021-12-01 08:03 - 2020-11-14 09:19 - 000000000 ____D C:\Users\dwx1001776\AppData\Local\Packages
2021-12-01 08:03 - 2019-12-07 16:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-12-01 07:58 - 2020-11-14 09:12 - 000000000 ____D C:\WINDOWS\wlansvc
2021-12-01 07:49 - 2019-12-07 16:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-12-01 07:48 - 2020-11-14 09:19 - 000000000 ___RD C:\Users\dwx1001776\3D Objects
2021-12-01 07:48 - 2020-11-14 05:58 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-12-01 07:48 - 2019-12-07 16:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-12-01 07:47 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-12-01 07:39 - 2020-11-14 00:17 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2021-12-01 07:36 - 2019-12-07 16:16 - 000000000 ____D C:\WINDOWS\Setup
2021-12-01 07:33 - 2019-12-07 16:14 - 000000000 __RHD C:\Users\Public\Libraries
2021-12-01 07:19 - 2021-06-26 21:21 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mirillis
2021-12-01 07:19 - 2020-03-10 01:48 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xiaomi
2021-12-01 07:18 - 2020-11-14 05:58 - 000000000 ____D C:\Users\Admin\AppData\Local\Packages
2021-12-01 07:12 - 2019-12-07 16:51 - 000000000 ___SD C:\WINDOWS\system32\AppV
2021-12-01 07:12 - 2019-12-07 16:51 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-12-01 07:12 - 2019-12-07 16:48 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-12-01 07:12 - 2019-12-07 16:03 - 000000000 ____D C:\WINDOWS\servicing
2021-12-01 07:11 - 2019-12-07 16:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-12-01 06:53 - 2019-12-07 16:50 - 000000000 ____D C:\WINDOWS\OCR
2021-12-01 06:52 - 2019-12-07 16:51 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-12-01 06:52 - 2019-12-07 16:51 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-12-01 06:52 - 2019-12-07 16:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-12-01 06:49 - 2019-12-07 16:09 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\telnet.exe
2021-12-01 03:49 - 2020-11-14 09:07 - 001049923 _____ C:\ProgramData\CpmCore.log.8
2021-11-29 05:48 - 2020-11-14 09:07 - 001048635 _____ C:\ProgramData\CpmCore.log.9
2021-11-27 07:16 - 2020-11-14 09:07 - 001048644 _____ C:\ProgramData\CpmCore.log.10
2021-11-25 08:36 - 2020-11-14 09:07 - 001050326 _____ C:\ProgramData\CpmCore.log.11
2021-11-25 08:21 - 2020-11-17 08:42 - 000000000 ____D C:\Users\dwx1001776\Documents\Zoom
2021-11-25 08:18 - 2020-11-16 19:05 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Zoom
2021-11-23 10:45 - 2020-11-14 09:07 - 001048761 _____ C:\ProgramData\CpmCore.log.12
2021-11-21 12:59 - 2020-11-14 09:07 - 001048786 _____ C:\ProgramData\CpmCore.log.13
2021-11-21 12:13 - 2020-11-14 09:26 - 000000000 ___RD C:\Users\dwx1001776\OneDrive
2021-11-19 14:19 - 2020-11-14 09:07 - 001049260 _____ C:\ProgramData\CpmCore.log.14
2021-11-18 22:44 - 2020-11-14 09:06 - 000000000 ____D C:\ProgramData\SPES
2021-11-18 19:16 - 2020-11-14 09:04 - 000000000 ____D C:\Program Files (x86)\SPES5.0

==================== Files in the root of some directories ========

2020-11-14 09:09 - 2021-12-15 16:15 - 000000000 _____ () C:\Program Files (x86)\ItShieldCheckFile.ck
2021-07-13 21:39 - 2021-08-04 05:56 - 000016384 _____ () C:\Users\dwx1001776\AppData\Roaming\NetCareClientTaskCache.Data.dll
2020-11-14 09:20 - 2020-11-14 09:20 - 000000000 _____ () C:\Users\dwx1001776\AppData\Roaming\UserAgentData.log
2020-11-14 09:20 - 2020-11-14 09:20 - 000000000 _____ () C:\Users\dwx1001776\AppData\Roaming\UserData.log
2021-08-31 21:01 - 2021-09-04 00:24 - 000000081 _____ () C:\Users\dwx1001776\AppData\Local\.bidstack.fault
2021-11-26 08:22 - 2021-11-26 08:24 - 000000128 _____ () C:\Users\dwx1001776\AppData\Local\PUTTY.RND

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)



testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <==== ATTENTION
==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-12-2021
Ran by dWX1001776 (18-12-2021 08:27:58)
Running from C:\Users\dwx1001776\Downloads\Programs
Microsoft Windows 10 Pro N Version 21H1 19043.1348 (X64) (2021-12-01 00:47:43)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Admin (S-1-5-21-888159395-1567868294-3106766758-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-888159395-1567868294-3106766758-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-888159395-1567868294-3106766758-503 - Limited - Disabled)
Guest (S-1-5-21-888159395-1567868294-3106766758-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-888159395-1567868294-3106766758-504 - Limited - Disabled)
zer0 (S-1-5-21-888159395-1567868294-3106766758-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Symantec Endpoint Protection (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: Symantec Endpoint Protection (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Action! (HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\Mirillis Action!) (Version: 4.19.0 - Mirillis)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.465 - Adobe)
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 6.2.6 - philandro Software GmbH)
Array SSL VPN (HKLM\...\SSL VPN Client) (Version: 9.4.0.0 - Array Networks)
Audacity 3.0.4 (HKLM\...\Audacity_is1) (Version: 3.0.4 - Audacity Team)
Camtasia 2019 (HKLM\...\{FF10C4F0-9186-405F-809D-D2E8D5E39448}) (Version: 19.0.10.17662 - TechSmith Corporation)
Check Point VPN (HKLM-x32\...\{CC3997BB-707F-4747-AB2B-1A3567B34710}) (Version: 98.61.1909 - Check Point Software Technologies Ltd.)
ClouddriveBatchTool 1.0.1.0 (HKLM-x32\...\ClouddriveBatchTool) (Version: 1.0.1.0 - Huawei company, Inc.)
Core Temp 1.17.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.17.1 - ALCPU)
CPUID HWMonitor 1.44 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.44 - CPUID, Inc.)
Dota 2 version 580 (HKLM\...\{11A02AEB-002F-43B2-AFD7-0D1DB406696B}_is1) (Version: 580 - Strogino CS Portal)
EmailTools V2.7.5.1 (HKLM-x32\...\EmailTools V2.7.5.1) (Version: V2.7.5.1 - Huawei, Inc.)
eSpacePlug (HKLM-x32\...\{C08331F6-AA01-436E-9D1D-C3D2E00434C2}) (Version: 1.0.0.1 - Huawei)
FarLabUninstaller v1.53.11113 (HKLM-x32\...\FarLabUninstaller.exe_is1) (Version: 1.53.0.13343 - )
FileZilla Client 3.56.2 (HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\FileZilla Client) (Version: 3.56.2 - Tim Kosse)
FonePaw Screen Recorder 3.8.0 (HKLM-x32\...\{B3975585-8333-4F6A-AFBD-490F7D7243D3}_is1) (Version: 3.8.0 - FonePaw)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 10.1.1.37576 - Foxit Software Inc.)
Go Programming Language amd64 go1.17.1 (HKLM\...\{B8541976-57DC-4AC5-90D6-7A277F83D376}) (Version: 1.17.1 - hxxps://golang.org)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.110 - Google LLC)
iDesk 3.0.2.7 (HKLM-x32\...\iDesk) (Version: 3.0.2.7 - Huawei company, Inc.)
Intelligent Memory Protection System (HKLM-x32\...\Intelligent Memory Protection System) (Version: 3.0.1208.100 - AnxinSec)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: 6.38.14 - Tonec Inc.)
iptvnator 0.8.0 (HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\3d079bcf-2c03-55d5-9add-ff830e0bf10c) (Version: 0.8.0 - 4gray)
KMPlayer 64X (remove only) (HKLM\...\KMPlayer 64X) (Version: 2021.01.25.10 - PandoraTV)
LANDESK Advance Agent (HKLM-x32\...\{7E8833A1-AF24-4CAE-82DF-CFE14C14B94D}) (Version: 1.0.0 - LANDesk Software) Hidden
LINE (HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\LINE) (Version: 7.5.0.2664 - LINE Corporation)
Malwarebytes version 4.5.0.152 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.0.152 - Malwarebytes)
Mavis Hub 1.3.0 (HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\{cc9e8b63-ffef-5371-bb50-2dfd3e6be1f2}) (Version: 1.3.0 - )
Meeting (HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\accessionmeeting) (Version: 4.2 - Metaswitch Networks Ltd)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.57 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\OneDriveSetup.exe) (Version: 21.230.1107.0004 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-888159395-1567868294-3106766758-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0005 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1b103cea-f037-4504-81de-956057b442c3}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{5e4b593b-ca3c-429c-bc49-b51cbf46e72a}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.30.30704 (HKLM-x32\...\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}) (Version: 14.30.30704.0 - Microsoft Corporation)
Movavi Video Editor Plus 2022 (HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\Movavi Video Editor Plus 2022) (Version: 22.0.0 - Movavi)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 95.0 (x64 en-US)) (Version: 95.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 84.0 - Mozilla)
MySQL Connector/ODBC 5.3 (HKLM\...\{8F1753C5-4394-4310-A3CC-C9AC85D02220}) (Version: 5.3.14 - Oracle Corporation)
NetCareClient (HKLM-x32\...\{27080CCA-B2A1-4598-B10D-D2C04297B0AA}) (Version: 1.0.5 - Huawei)
Onebox Mate_V1.6.7.0009 (HKLM-x32\...\Onebox Mate) (Version: 1.6.7.0009 - Huawei company, Inc.)
OpenSSL 1.1.1j Light (64-bit) (HKLM\...\OpenSSL Light (64-bit)_is1) (Version: - OpenSSL Win64 Installer Team)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PremiumSoft Navicat Premium 15.0 (HKLM\...\PremiumSoft Navicat Premium 15_is1) (Version: 15.0.17 - PremiumSoft CyberTech Ltd.)
PuTTY release 0.76 (64-bit) (HKLM\...\{1E0D5689-40F1-4E46-ABBB-EAAC68B5CD89}) (Version: 0.76.0.0 - Simon Tatham)
Python 3.7.0 (64-bit) (HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\{f684de81-73c2-4924-ad43-e7ae400d47b5}) (Version: 3.7.150.0 - Python Software Foundation)
Python 3.7.0 Add to Path (64-bit) (HKLM\...\{A03DCA8A-AAD0-4A25-8CE0-D50D73797233}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Core Interpreter (64-bit) (HKLM\...\{F046BD5A-33F4-4ABA-BD2D-0227F6291EC9}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Development Libraries (64-bit) (HKLM\...\{61246987-8D99-44A9-8FF5-E2E3F503B72D}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Documentation (64-bit) (HKLM\...\{E7C56E72-C80E-453B-9345-FAEAE5DB51A4}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Executables (64-bit) (HKLM\...\{84B7971A-F59F-4247-AD34-BEC02CF85FBD}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 pip Bootstrap (64-bit) (HKLM\...\{8A6F7991-1955-4C46-8C0C-8D7C6F7042FA}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Standard Library (64-bit) (HKLM\...\{18D93BBC-06F6-449D-96FB-CD473CFC6A6D}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Tcl/Tk Support (64-bit) (HKLM\...\{A2FC01E0-059E-4D21-AFD2-B63A7E1EF3CD}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Test Suite (64-bit) (HKLM\...\{E4266358-1C9B-4AF0-ABF7-72BE136904CF}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Utility Scripts (64-bit) (HKLM\...\{9E24E01B-CBD8-4558-A56D-6188F1A3C822}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{D6BDDB48-938A-4384-A7BE-2B4E4931B111}) (Version: 3.7.6386.0 - Python Software Foundation)
RSA SecurID Token for Windows Desktops (HKLM-x32\...\{4800D75D-4697-4D6B-9B3B-0BF36245B95C}) (Version: 4.0.0 - RSA Security Inc.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 6.3.0.330 - Samsung Electronics)
SPES (HKLM-x32\...\SPES) (Version: 10.2.7.5 - Huawei Technologies Co., Ltd.)
SpyHunter 5 (HKLM-x32\...\SpyHunter5) (Version: 5.11.8.246 - EnigmaSoft Limited)
Stremio (HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\Stremio) (Version: 4.4.120 - Smart Code Ltd)
Sublime Text 3 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)
Symantec Endpoint Protection (HKLM\...\{2F52BA04-4BF8-4A4C-B282-94E3C8FB9ECA}) (Version: 14.2.3332.1000 - Symantec Corporation)
Telegram Desktop version 3.3 (HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 3.3 - Telegram FZ-LLC)
The Sandbox (HKLM\...\sandboxgame) (Version: 0.6.17.971 - TSB Gaming Limited)
Thetan Arena version 205 (HKLM-x32\...\{B1C5070E-92A8-4738-BE0A-4FBE53B86B9B}_is1) (Version: 205 - Wolffun Game)
TinyTake Filter 1.0.0 (HKLM\...\TinyTake Filter_is1) (Version: 1.0.0 - )
TurboVPN 2.14.0.0 stable (HKLM-x32\...\TurboVPN) (Version: 2.14.0.0 stable - inconnecting.com)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.14 - VideoLAN)
WebMeeting (HKLM-x32\...\WebMeeting) (Version: v6.6.1.909 - Huawei Technologies Co., Ltd.)
WeLink Meeting 2.0.5.10 (HKLM-x32\...\WeLink Meeting) (Version: 2.0.5.10 - Huawei Technologies CO., LTD)
WeLinkPC (HKLM-x32\...\{6D01DAF3-75A0-410C-9D30-A1BFFEB572B3}) (Version: 3.1.9.14 - Huawei Technologies Co., Ltd. (internal))
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23367 - Microsoft Corporation)
Windows Driver Package - Broadcom Corporation (bcbtums) Bluetooth (03/25/2015 12.0.1.410) (HKLM\...\7DEAC3F86989515FADA26E9B88925B5B8276899D) (Version: 03/25/2015 12.0.1.410 - Broadcom Corporation)
Windows Driver Package - Intel (Netwtw04) net (06/02/2020 19.51.30.1) (HKLM\...\7193C7EDA48E4F204546D0704332A710A3994748) (Version: 06/02/2020 19.51.30.1 - Intel)
Windows Driver Package - Intel (Netwtw06) net (06/24/2020 20.70.18.2) (HKLM\...\CAD0EA88001D420C2FAC7CC94F3913D2D754AA3C) (Version: 06/24/2020 20.70.18.2 - Intel)
Windows Driver Package - Intel (Netwtw10) net (07/01/2020 21.110.1.1) (HKLM\...\5F41D7EF7D87DF02B3E2E4472AA0F1CD7C76C337) (Version: 07/01/2020 21.110.1.1 - Intel)
WinRAR 6.00 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.2 - win.rar GmbH)
XAMPP (HKLM-x32\...\xampp) (Version: 7.0.32-0 - Bitnami)
Zhumuintl Cloud Meetings (HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\ZhumuintlCloudMeetings) (Version: 5.0 - SUIRUI Co., Ltd.)
Zoom (HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\ZoomUMX) (Version: 5.8.4 (1736) - Zoom Video Communications, Inc.)

Packages:
=========
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.11.12030.0_x64__8wekyb3d8bbwe [2021-12-14] (Microsoft Studios) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-147214757-305610072-1517763936-8001229_Classes\CLSID\{930e604a-cc01-4d06-8d7a-5a07914f3afb}\localserver32 -> C:\Program Files\TechSmith\Camtasia 2019\CamtasiaStudio.exe (TechSmith Corporation -> TechSmith Corporation)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2019-05-02] (Tonec Inc. -> Tonec Inc.)
ShellIconOverlayIdentifiers: [ ..0Shell Icon Overlay Identifier] -> {C6B033C1-16EA-4F40-A2F3-674086B0257D} => C:\WINDOWS\system32\shell16.dll [2020-01-20] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin64\vpshell2.dll [2020-11-14] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-11-13] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-11-13] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin64\vpshell2.dll [2020-11-14] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-12-18] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin64\vpshell2.dll [2020-11-14] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-12-18] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-11-13] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-11-13] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FICV] => C:\WINDOWS\system32\ficvdec_x64.dll [652288 2013-05-29] () [File not signed]
HKLM\...\Drivers32: [VIDC.FICV] => C:\Windows\SysWOW64\ficvdec_x86.dll [641024 2013-05-29] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WebProxy.lnk -> C:\Users\dwx1001776\oss\New Folder\start.bat ()
ShortcutWithArgument: C:\Users\dwx1001776\Desktop\Dimas Khalid - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"

==================== Loaded Modules (Whitelisted) =============

2019-06-24 17:52 - 2019-06-24 17:52 - 002048000 _____ () [File not signed] C:\Program Files (x86)\CheckPoint\Endpoint Connect\xerces-c_3_2.dll
2021-06-16 17:09 - 2021-06-16 17:09 - 000124928 _____ () [File not signed] C:\Program Files (x86)\Huawei\NetCareClient\kmc.dll
2021-06-16 17:09 - 2021-06-16 17:09 - 000050688 _____ () [File not signed] C:\Program Files (x86)\Huawei\NetCareClient\kmcDll.dll
2021-06-16 17:09 - 2021-06-16 17:09 - 000049152 _____ () [File not signed] C:\Program Files (x86)\Huawei\NetCareClient\sdp.dll
2021-06-16 17:09 - 2021-06-16 17:09 - 000008704 _____ () [File not signed] C:\Program Files (x86)\Huawei\NetCareClient\securec.dll
2020-11-14 09:10 - 2015-12-17 04:53 - 000165888 _____ () [File not signed] C:\Program Files (x86)\LANDesk\LDClient\httprequest.dll
2020-11-14 09:10 - 2015-12-17 05:03 - 000107008 _____ () [File not signed] C:\Program Files (x86)\LANDesk\LDClient\RollingLog.dll
2020-11-14 09:10 - 2016-02-13 02:40 - 000476672 _____ () [File not signed] C:\Program Files (x86)\LANDesk\LDClient\SelfElect.dll
2020-11-14 09:10 - 2015-12-17 04:21 - 000106567 _____ () [File not signed] C:\Program Files (x86)\LANDesk\LDClient\ThinstallManageApi.dll
2020-11-14 09:10 - 2016-02-13 02:40 - 001145856 _____ () [File not signed] C:\Program Files (x86)\LANDesk\LDClient\tmcdll.dll
2021-09-10 09:03 - 2021-09-10 09:03 - 000913408 _____ () [File not signed] C:\Program Files (x86)\SPES5.0\Composites\SPES\Plugins\AccountPwdChecker.dll
2021-10-10 10:41 - 2021-10-05 11:40 - 004198912 _____ (Huawei Technologies Co., Ltd) [File not signed] C:\Users\dwx1001776\oss\New Folder\jre\bin\client\jvm.dll
2021-10-10 10:41 - 2021-10-05 11:40 - 000131584 _____ (Huawei Technologies Co., Ltd) [File not signed] C:\Users\dwx1001776\oss\New Folder\jre\bin\java.dll
2021-10-10 10:41 - 2021-10-05 11:40 - 000029696 _____ (Huawei Technologies Co., Ltd) [File not signed] C:\Users\dwx1001776\oss\New Folder\jre\bin\management.dll
2021-10-10 10:41 - 2021-10-05 11:40 - 000079360 _____ (Huawei Technologies Co., Ltd) [File not signed] C:\Users\dwx1001776\oss\New Folder\jre\bin\net.dll
2021-10-10 10:41 - 2021-10-05 11:40 - 000046592 _____ (Huawei Technologies Co., Ltd) [File not signed] C:\Users\dwx1001776\oss\New Folder\jre\bin\nio.dll
2021-10-10 10:41 - 2021-10-05 11:40 - 000132096 _____ (Huawei Technologies Co., Ltd) [File not signed] C:\Users\dwx1001776\oss\New Folder\jre\bin\sunec.dll
2021-10-10 10:41 - 2021-10-05 11:40 - 000027648 _____ (Huawei Technologies Co., Ltd) [File not signed] C:\Users\dwx1001776\oss\New Folder\jre\bin\sunmscapi.dll
2021-10-10 10:41 - 2021-10-05 11:40 - 000035840 _____ (Huawei Technologies Co., Ltd) [File not signed] C:\Users\dwx1001776\oss\New Folder\jre\bin\verify.dll
2021-10-10 10:41 - 2021-10-05 11:40 - 000068096 _____ (Huawei Technologies Co., Ltd) [File not signed] C:\Users\dwx1001776\oss\New Folder\jre\bin\zip.dll
2021-09-10 09:03 - 2021-09-10 09:03 - 000995816 _____ (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\SPES5.0\Composites\SPES\Plugins\DisableForward.dll
2021-09-10 09:03 - 2021-09-10 09:03 - 000849384 _____ (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\SPES5.0\Composites\SPES\Plugins\SQLServerChecker.dll
2021-09-10 09:03 - 2021-09-10 09:03 - 000855016 _____ (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\SPES5.0\Composites\SPES\Plugins\SystemRebootRequiredChecker.dll
2020-11-14 09:10 - 2015-12-17 05:46 - 000062464 _____ (LANDESK Software, Inc. and its affiliates.) [File not signed] C:\Program Files (x86)\LANDesk\LDClient\ENUsftmn.dll
2020-11-14 09:10 - 2015-12-17 05:46 - 000056320 _____ (LANDESK Software, Inc. and its affiliates.) [File not signed] C:\Program Files (x86)\LANDesk\LDClient\ENUTMCC.dll
2020-11-14 09:10 - 2016-03-30 05:14 - 000167424 _____ (LANDESK Software, Inc. and its affiliates.) [File not signed] C:\Program Files (x86)\LANDesk\LDClient\ENUVulscan.dll
2020-11-14 09:10 - 2016-06-28 23:24 - 000982528 _____ (LANDESK Software, Inc. and its affiliates.) [File not signed] C:\Program Files (x86)\LANDesk\LDClient\lddwnld.DLL
2020-11-14 09:10 - 2016-04-14 01:46 - 001874944 _____ (LANDESK Software, Inc. and its affiliates.) [File not signed] C:\Program Files (x86)\LANDesk\LDClient\LDSystemEventCapture.dll
2020-11-14 09:10 - 2016-02-13 02:48 - 000207872 _____ (LANDESK Software, Inc. and its affiliates.) [File not signed] C:\Program Files (x86)\LANDesk\LDClient\ltapi.dll
2020-11-14 09:10 - 2016-04-26 23:19 - 005991424 _____ (LANDESK Software, Inc. and its affiliates.) [File not signed] C:\Program Files (x86)\LANDesk\LDClient\Vulscan.dll
2020-11-14 09:10 - 2016-02-13 02:47 - 000137728 _____ (LANDESK Software, Inc. and its affiliates.) [File not signed] C:\Program Files (x86)\LANDesk\Shared Files\cbaroot\extensions\lclxsvc.dll
2016-05-27 14:29 - 2016-05-27 14:29 - 000101376 _____ (LANDesk Software, Inc. and its affiliates.) [File not signed] C:\Program Files (x86)\LANDesk\Shared Files\cbaroot\extensions\proxyext.dll
2016-05-27 14:16 - 2016-05-27 14:16 - 000110592 _____ (LANDESK Software, Ltd.) [File not signed] C:\Program Files (x86)\LANDesk\Shared Files\pds2lis.dll
2021-06-16 17:09 - 2021-06-16 17:09 - 000959220 _____ (SQLite Development Team) [File not signed] C:\Program Files (x86)\Huawei\NetCareClient\sqlite3.DLL
2020-11-14 09:10 - 2015-12-17 04:53 - 000387072 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\Program Files (x86)\LANDesk\LDClient\curllib.dll
2020-11-14 09:10 - 2015-12-17 04:21 - 001155072 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\LANDesk\LDClient\LIBEAY32.dll
2020-11-14 09:10 - 2015-12-17 04:21 - 000276992 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\LANDesk\LDClient\SSLEAY32.dll
2016-05-06 03:36 - 2016-05-06 03:36 - 001157632 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\LANDesk\Shared Files\LIBEAY32.dll
2021-04-08 18:58 - 2021-04-08 18:58 - 001216512 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\SPES5.0\Composites\HACC\LIBEAYsharedlib32.dll
2021-04-08 18:58 - 2021-04-08 18:58 - 000278528 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\SPES5.0\Composites\HACC\SSLEAYsharedlib32.dll
2021-06-16 17:09 - 2021-06-16 17:09 - 002134016 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Huawei\NetCareClient\libcrypto-1_1.dll
2021-09-10 09:04 - 2021-09-10 09:04 - 002105856 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\SPES5.0\Composites\SPES\libcrypto-1_1.dll
2021-09-10 09:04 - 2021-09-10 09:04 - 000504320 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\SPES5.0\Composites\SPES\libssl-1_1.dll
2021-10-12 15:03 - 2021-10-12 15:03 - 002112000 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\SPES5.0\Console\libcrypto-1_1.dll
2021-10-12 15:03 - 2021-10-12 15:03 - 000505344 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\SPES5.0\Console\libssl-1_1.dll
2021-10-12 15:03 - 2021-10-12 15:03 - 002112000 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\SPES5.0\libcrypto-1_1.dll
2021-10-12 15:03 - 2021-10-12 15:03 - 000505344 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\SPES5.0\libssl-1_1.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VPNInstallManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VPNInstallManager => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2020-07-31] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2020-07-31] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: UEBAIEBrowser Class -> {AEE30A01-D75D-46F2-893E-A05A21CC2535} -> C:\UEBA\bin\UEBAIEWatcher.dll [2021-06-16] (I-Search Software Company) [File not signed]
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-06-14] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\*.hisilicon.com -> *.hisilicon.com
IE trusted site: HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\*.huawei.com -> *.huawei.com
IE trusted site: HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\*.huaweidevice.com -> *.huaweidevice.com
IE trusted site: HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\*.huaweimarine.com -> *.huaweimarine.com
IE trusted site: HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\*.huaweimossel.com -> *.huaweimossel.com
IE trusted site: HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\*.hwtrip.com -> *.hwtrip.com
IE trusted site: HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\*.smartcom.com -> *.smartcom.com
IE trusted site: HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\*.vmall.com -> *.vmall.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 11:49 - 2021-01-09 07:26 - 000000862 ____R C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 activate.navicat.com

2021-12-11 01:53 - 2021-12-11 01:53 - 000000375 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\RSA SecurID Token Common;%SystemRoot%;%SystemRoot%\system32;%SystemRoot%\System32\Wbem;%SystemRoot%\System32\WindowsPowerShell\v1.0;C:\Windows;C:\Windows\system32;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\xampp\mysql\bin;C:\Program Files\Go\bin;C:\Program Files\PuTTY\
HKU\S-1-5-21-147214757-305610072-1517763936-8001229\Control Panel\Desktop\\Wallpaper -> C:\Users\dwx1001776\Downloads\markus-spiske-YyeeT42dZ48-unsplash.jpg
HKU\S-1-5-21-888159395-1567868294-3106766758-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 127.0.0.1 - 7.187.130.219
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "AnyDesk.lnk"
HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A70C90ED-BE6D-4C20-9C43-E74FE1C2A94C}] => (Allow) LPort=8320
FirewallRules: [{ACA548AC-18A9-4557-B42E-830BA71CB8CD}] => (Allow) C:\Program Files\AnXinSec\AxTransferTool.exe (安芯网盾(北京)科技有限公司 -> 安芯网盾(北京)科技有限公司)
FirewallRules: [{72ABE58A-DB82-4396-85C5-894A139E0A74}] => (Allow) C:\Program Files\AnXinSec\MemProtectSrv64.exe (安芯网盾(北京)科技有限公司 -> 安芯网盾(北京)科技有限公司)
FirewallRules: [{D497CAFD-B95E-4B33-BA99-BEF262C6EFBC}] => (Allow) C:\Program Files\AnXinSec\AxTransferTool.exe (安芯网盾(北京)科技有限公司 -> 安芯网盾(北京)科技有限公司)
FirewallRules: [{A4364EFA-7643-4F33-94AF-E22C7F74587C}] => (Allow) C:\Program Files\AnXinSec\MemProtectSrv64.exe (安芯网盾(北京)科技有限公司 -> 安芯网盾(北京)科技有限公司)
FirewallRules: [UDP Query User{B98A9AD6-1524-4CFC-8DCD-27B45C92C83A}C:\users\dwx1001776\downloads\telegram desktop\dota2\dota 2\dota.exe] => (Block) C:\users\dwx1001776\downloads\telegram desktop\dota2\dota 2\dota.exe (Valve -> )
FirewallRules: [TCP Query User{BE300176-DCFB-486F-A522-BFC7CA8A50E0}C:\users\dwx1001776\downloads\telegram desktop\dota2\dota 2\dota.exe] => (Block) C:\users\dwx1001776\downloads\telegram desktop\dota2\dota 2\dota.exe (Valve -> )
FirewallRules: [UDP Query User{A6DFDAE6-0EF6-465C-95EC-429C0B2EA8EC}C:\users\dwx1001776\downloads\telegram desktop\dota2\dota 2\dota.exe] => (Block) C:\users\dwx1001776\downloads\telegram desktop\dota2\dota 2\dota.exe (Valve -> )
FirewallRules: [TCP Query User{35F76FA4-A034-4BED-808E-CB3202151B0A}C:\users\dwx1001776\downloads\telegram desktop\dota2\dota 2\dota.exe] => (Block) C:\users\dwx1001776\downloads\telegram desktop\dota2\dota 2\dota.exe (Valve -> )
FirewallRules: [UDP Query User{DACA8C66-06BF-40B7-99DA-9AFDD22C3C80}C:\users\dwx1001776\appdata\roaming\welink meeting\welinkmeeting.exe] => (Block) C:\users\dwx1001776\appdata\roaming\welink meeting\welinkmeeting.exe (Huawei Technologies Co. Ltd -> Huawei)
FirewallRules: [TCP Query User{5364295A-5011-461C-966B-49EDE76B067F}C:\users\dwx1001776\appdata\roaming\welink meeting\welinkmeeting.exe] => (Block) C:\users\dwx1001776\appdata\roaming\welink meeting\welinkmeeting.exe (Huawei Technologies Co. Ltd -> Huawei)
FirewallRules: [{5BEE66FE-404D-4048-97FF-DFA1C3D9BED3}] => (Allow) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
FirewallRules: [{02C78D29-4AEF-4C64-8B8A-69500C7A21A8}] => (Allow) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
FirewallRules: [UDP Query User{7CA34A41-7AE4-486B-86E1-3D5A64F343FE}C:\program files\strogino cs portal\dota 2\dota.exe] => (Allow) C:\program files\strogino cs portal\dota 2\dota.exe => No File
FirewallRules: [TCP Query User{0EAD6B0D-1141-44EA-B3AC-F35B74209F7B}C:\program files\strogino cs portal\dota 2\dota.exe] => (Allow) C:\program files\strogino cs portal\dota 2\dota.exe => No File
FirewallRules: [UDP Query User{D8D24329-37CD-4C89-ABC3-EB68A6A88023}C:\users\dwx1001776\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\dwx1001776\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{DE2028E5-4427-4659-A4B7-732469FB086D}C:\users\dwx1001776\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\dwx1001776\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{2FDAED74-2C32-4F20-922D-B040CA0650F2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{647E2621-6C77-4767-A548-FACE93A291FB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{B89FC73F-7980-4092-BA17-E971F52A5D30}C:\users\dwx1001776\oss\new folder\jre\bin\javaw.exe] => (Allow) C:\users\dwx1001776\oss\new folder\jre\bin\javaw.exe
FirewallRules: [TCP Query User{0C14474C-1C9B-495D-ADFE-069D63E7F4D4}C:\users\dwx1001776\oss\new folder\jre\bin\javaw.exe] => (Allow) C:\users\dwx1001776\oss\new folder\jre\bin\javaw.exe
FirewallRules: [UDP Query User{478C3326-5699-4FD8-A381-651765FFE57B}C:\users\dwx1001776\oss\new folder\jre\bin\java.exe] => (Allow) C:\users\dwx1001776\oss\new folder\jre\bin\java.exe
FirewallRules: [TCP Query User{2B10A3DB-7DE0-4C31-94AD-13371C8A1C1B}C:\users\dwx1001776\oss\new folder\jre\bin\java.exe] => (Allow) C:\users\dwx1001776\oss\new folder\jre\bin\java.exe
FirewallRules: [UDP Query User{5388C209-FA88-43E7-85E0-13ACC20EA6A9}C:\users\dwx1001776\oss\jre\bin\javaw.exe] => (Allow) C:\users\dwx1001776\oss\jre\bin\javaw.exe
FirewallRules: [TCP Query User{9C58B340-2992-4091-B7F9-6B401EE41312}C:\users\dwx1001776\oss\jre\bin\javaw.exe] => (Allow) C:\users\dwx1001776\oss\jre\bin\javaw.exe
FirewallRules: [{CCF17997-6942-45E7-844B-70A80F43CCE7}] => (Allow) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
FirewallRules: [{29BBC9DC-44C1-4E79-9242-5744EEF18988}] => (Allow) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
FirewallRules: [{24BD269C-9DAF-4C4B-9C75-81B22132FA62}] => (Allow) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
FirewallRules: [{CB9963B7-56A3-4CD3-87C6-E61F2E455209}] => (Allow) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
FirewallRules: [{B250B200-0742-44C1-8162-FFF78F995EDD}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe (LANDesk Software, Inc. -> LANDESK Software, Inc. and its affiliates.)
FirewallRules: [{8F7D3CCD-A4E9-45BB-B633-B806EE9C967E}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe (LANDesk Software, Inc. -> LANDESK Software, Inc. and its affiliates.)
FirewallRules: [{B6E15E9B-F202-4727-AB8A-6305251E6E4B}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe (LANDesk Software, Inc. -> LANDESK Software, Inc. and its affiliates.)
FirewallRules: [{820A0B9F-2294-4AEE-B669-2CB34E95897B}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe (LANDesk Software, Inc. -> LANDESK Software, Inc. and its affiliates.)
FirewallRules: [{D184649F-54D1-4BCD-826F-944CACAA239F}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe (LANDesk Software, Inc. -> LANDESK Software, Inc. and its affiliates.)
FirewallRules: [{90463D7F-DB91-4FC3-83D9-8ADB6C511CC7}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe (LANDesk Software, Inc. -> LANDESK Software, Inc. and its affiliates.)
FirewallRules: [{1B6C82D4-E3D8-45B5-8F29-C7D85249597A}] => (Allow) C:\Windows\SysWOW64\cba\pds.exe (LANDesk Software Ltd.) [File not signed]
FirewallRules: [{4B033ED1-B7A1-4C86-A79F-C9A1E1B6A96B}] => (Allow) C:\Windows\SysWOW64\cba\pds.exe (LANDesk Software Ltd.) [File not signed]
FirewallRules: [{3326DBDA-E15D-4DB4-9350-27D8C67FC24D}] => (Allow) C:\Windows\SysWOW64\cba\pds.exe (LANDesk Software Ltd.) [File not signed]
FirewallRules: [{BFBCD874-33FB-424B-9BD5-97933172A159}] => (Allow) C:\Windows\SysWOW64\cba\pds.exe (LANDesk Software Ltd.) [File not signed]
FirewallRules: [{98434966-DEE5-47AD-9F50-E58B91FDDCE7}] => (Allow) C:\Windows\SysWOW64\cba\pds.exe (LANDesk Software Ltd.) [File not signed]
FirewallRules: [{878FA04C-8C32-44E9-B2F4-17C028BB710B}] => (Allow) C:\Windows\SysWOW64\cba\pds.exe (LANDesk Software Ltd.) [File not signed]
FirewallRules: [{BD556502-2C2D-4B82-A85E-D2AF7857CAFB}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin64\snac64.exe (Symantec Corporation -> Symantec Corporation)
FirewallRules: [{DEAA4C28-7B0C-4770-B2BE-AF1727F200F4}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin64\snac64.exe (Symantec Corporation -> Symantec Corporation)
FirewallRules: [{13198317-4744-4D30-97E1-8F94D971CFBF}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin\ccSvcHst.exe (Symantec Corporation -> Symantec Corporation)
FirewallRules: [{5D51F459-D6BC-4265-8C1D-2C43C19E6100}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin\ccSvcHst.exe (Symantec Corporation -> Symantec Corporation)
FirewallRules: [UDP Query User{05D64B01-5F6B-4F43-BE6A-B34B337D5A42}C:\program files (x86)\spes5.0\composites\idesk\idesk.exe] => (Allow) C:\program files (x86)\spes5.0\composites\idesk\idesk.exe (Huawei Technologies Co. Ltd -> Huawei)
FirewallRules: [TCP Query User{B3C3C9B5-4BF8-4626-8903-940D32B005C9}C:\program files (x86)\spes5.0\composites\idesk\idesk.exe] => (Allow) C:\program files (x86)\spes5.0\composites\idesk\idesk.exe (Huawei Technologies Co. Ltd -> Huawei)
FirewallRules: [{091A6178-D639-46F0-872A-50E22A613000}] => (Allow) LPort=60129
FirewallRules: [UDP Query User{105C43FD-DA99-4C19-9FEB-F3919720B381}C:\users\admin\oss\new folder00\jre\bin\java.exe] => (Allow) C:\users\admin\oss\new folder00\jre\bin\java.exe
FirewallRules: [TCP Query User{C9BA46D5-DE06-4A20-BBDD-8026DE807ACB}C:\users\admin\oss\new folder00\jre\bin\java.exe] => (Allow) C:\users\admin\oss\new folder00\jre\bin\java.exe
FirewallRules: [{4CF9F148-0F70-47A4-8B76-DCBD9D404AA9}] => (Allow) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
FirewallRules: [{A22032F4-303F-4148-8304-116EE1C3D527}] => (Allow) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
FirewallRules: [{1DE65ED6-44F9-4587-8148-B535B3EB4D77}] => (Allow) C:\Program Files (x86)\TurboVPN\Driver32\vpncore.exe (INNOVATIVE CONNECTING PTE. LIMITED -> The OpenVPN Project)
FirewallRules: [{1F9010F0-146F-4682-846F-50F05853D74C}] => (Allow) C:\Program Files (x86)\TurboVPN\Driver32\vpncore.exe (INNOVATIVE CONNECTING PTE. LIMITED -> The OpenVPN Project)
FirewallRules: [{1E5EF16A-AA79-4F81-B020-A1B212597BA1}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{3BA6FAF2-D809-4789-9517-A2AD4DEFE27B}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe (LANDesk Software, Inc. and its affiliates.) [File not signed]
FirewallRules: [{ACA1F18B-6B8A-4138-9D94-F0A283F2C8D3}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe (LANDesk Software, Inc. and its affiliates.) [File not signed]
FirewallRules: [{DD094206-3AE4-4645-9C14-23C611DA431A}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe (LANDesk Software, Inc. and its affiliates.) [File not signed]
FirewallRules: [{D2776841-C50B-4426-8EEB-5A271D556ACB}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe (LANDesk Software, Inc. and its affiliates.) [File not signed]
FirewallRules: [{BD587CC2-933B-414E-B557-E906CCB20742}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe (LANDesk Software, Inc. and its affiliates.) [File not signed]
FirewallRules: [{C7168361-0C91-4827-A1DE-E7F7BEABA029}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe (LANDesk Software, Inc. and its affiliates.) [File not signed]
FirewallRules: [{E7094D81-8111-4F79-8094-10F0B5815D89}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{DF42154D-5BEB-4198-97B5-C8E46CF7CA69}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{1F62C57A-5113-482E-9D94-70C17BE75373}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{A7D6FC68-7304-40D3-8232-556CDB0AFA7F}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{C586C9EB-E35E-419C-A92C-82C09AF5627D}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{94978D74-86BD-456E-8C3E-C9D53E5A8473}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============

Name: Array Networks VPN Adapter
Description: Array Networks SSL VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Array Networks
Service: ATP
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: ========================

Application errors:
==================
Error: (12/18/2021 08:31:01 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a80b5abf-76ad-428b-b05d-a47d2dffeebf;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/18/2021 07:37:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IDMMsgHost.exe, version: 6.38.2.6, time stamp: 0x5f25aa0e
Faulting module name: IDMNetMon.DLL_unloaded, version: 6.38.14.238, time stamp: 0x5fbe9e75
Exception code: 0xc0000005
Fault offset: 0x00012099
Faulting process id: 0x32ac
Faulting application start time: 0x01d7f3a771e22d69
Faulting application path: C:\Program Files (x86)\Internet Download Manager\IDMMsgHost.exe
Faulting module path: IDMNetMon.DLL
Report Id: 41c8a1da-fd6d-40be-8c31-da7eda82e2ed
Faulting package full name:
Faulting package-relative application ID:

Error: (12/18/2021 07:37:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IDMMsgHost.exe, version: 6.38.2.6, time stamp: 0x5f25aa0e
Faulting module name: IDMNetMon.DLL_unloaded, version: 6.38.14.238, time stamp: 0x5fbe9e75
Exception code: 0xc0000005
Fault offset: 0x00013043
Faulting process id: 0x30a8
Faulting application start time: 0x01d7f3a7586f4530
Faulting application path: C:\Program Files (x86)\Internet Download Manager\IDMMsgHost.exe
Faulting module path: IDMNetMon.DLL
Report Id: 6efed1d1-bffd-4aa1-8ec3-b4eb623a2903
Faulting package full name:
Faulting package-relative application ID:
 
Error: (12/18/2021 07:26:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IDMMsgHost.exe, version: 6.38.2.6, time stamp: 0x5f25aa0e
Faulting module name: IDMNetMon.DLL_unloaded, version: 6.38.14.238, time stamp: 0x5fbe9e75
Exception code: 0xc0000005
Fault offset: 0x00012099
Faulting process id: 0x224c
Faulting application start time: 0x01d7f3a5ce507a95
Faulting application path: C:\Program Files (x86)\Internet Download Manager\IDMMsgHost.exe
Faulting module path: IDMNetMon.DLL
Report Id: 398248fd-36a5-4997-96e9-e6ddb34d5f2e
Faulting package full name:
Faulting package-relative application ID:

Error: (12/18/2021 07:16:20 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a80b5abf-76ad-428b-b05d-a47d2dffeebf;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/18/2021 07:03:16 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a80b5abf-76ad-428b-b05d-a47d2dffeebf;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (12/18/2021 07:02:44 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found! Trojan.Gen.MBT in File: C:\Windows\System32\V2PU0F5JIY.tmp by: Auto-Protect scan. Action: Delete succeeded . Action Description: Reboot Processing

Error: (12/18/2021 06:32:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sublime_text.exe, version: 1.0.0.1, time stamp: 0x5d928ecf
Faulting module name: ntdll.dll, version: 10.0.19041.1288, time stamp: 0xa280d1d6
Exception code: 0xc0000005
Fault offset: 0x000000000002a9c0
Faulting process id: 0x1290
Faulting application start time: 0x01d7f39e555db286
Faulting application path: C:\Program Files\Sublime Text 3\sublime_text.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 9a77d149-4346-4049-aadf-731b42940999
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (12/18/2021 08:30:58 AM) (Source: NETLOGON) (EventID: 5721) (User: )
Description: The session setup to the Windows Domain Controller \\kwepadrodc00008.china.huawei.com for the domain CHINA
failed because the Domain Controller did not have an account DWX1001776KKYMU$
needed to set up the session by this computer DWX1001776KKYMU.



ADDITIONAL DATA

If this computer is a member of or a Domain Controller in the specified domain, the
aforementioned account is a computer account for this computer in the specified domain.
Otherwise, the account is an interdomain trust account with the specified domain.

Error: (12/18/2021 08:30:38 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (12/18/2021 07:25:23 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1130) (User: CHINA)
Description: 1 failed.
GPO Name : remdomainadminpolicy
GPO File System Path : \\china.huawei.com\SysVol\china.huawei.com\Policies\{B4CC22B5-4FCE-4D17-99E2-7797E7D8B80D}\User
Script Name: RemoveDomainAdmins.exe

Error: (12/18/2021 07:22:48 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (12/18/2021 07:22:48 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: CHINA)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (12/18/2021 07:22:47 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (12/18/2021 07:21:18 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (12/18/2021 07:17:54 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain CHINA due to the following:
We can't sign you in with this credential because your domain isn't available. Make sure your device is connected to your organization's network and try again. If you previously signed in on this device with another credential, you can sign in with that credential.


This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.


CodeIntegrity:
===============
Date: 2021-12-18 07:15:32
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin\WSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

BIOS: LENOVO G3ET67WW(2.06) 11/05/2012
Motherboard: LENOVO 2465CTO
Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 81%
Total physical RAM: 3670.02 MB
Available physical RAM: 660.93 MB
Total Virtual: 10838.02 MB
Available Virtual: 3501.74 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:162.89 GB) (Free:59 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:289.53 GB) (Free:42.47 GB) NTFS
Drive h: (New Volume) (Fixed) (Total:13 GB) (Free:0.37 GB) NTFS

\\?\Volume{5990f1b4-e5d5-11e9-827a-806e6f6e6963}\ () (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: B5BEF4DB)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=162.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=289.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=13 GB) - (Type=0F Extended)

==================== End of Addition.txt =======================
 
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/18/21
Scan Time: 7:21 AM
Log File: 6ea8c6f0-5f98-11ec-b9bd-3c970e66326f.json

-Software Information-
Version: 4.5.0.152
Components Version: 1.0.1538
Update Package Version: 1.0.48728
License: Trial

-System Information-
OS: Windows 10 (Build 19043.1348)
CPU: x64
File System: NTFS
User: dwx1001776KKyMU\dWX1001776

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 441341
Threats Detected: 28
Threats Quarantined: 28
Time Elapsed: 37 min, 27 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 16
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServicea\PARAMETERS, Quarantined, 4984, 954916, 1.0.48728, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServiceb\PARAMETERS, Quarantined, 4984, 954916, 1.0.48728, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServiced\PARAMETERS, Quarantined, 4984, 954916, 1.0.48728, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServicee\PARAMETERS, Quarantined, 4984, 954916, 1.0.48728, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServicef\PARAMETERS, Quarantined, 4984, 954916, 1.0.48728, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServiceg\PARAMETERS, Quarantined, 4984, 954916, 1.0.48728, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServiceh\PARAMETERS, Quarantined, 4984, 954916, 1.0.48728, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServicei\PARAMETERS, Quarantined, 4984, 954916, 1.0.48728, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServicea, Quarantined, 4984, 954951, 1.0.48728, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServiceb, Quarantined, 4984, 954952, 1.0.48728, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServiced, Quarantined, 4984, 954954, 1.0.48728, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServicee, Quarantined, 4984, 954955, 1.0.48728, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServicef, Quarantined, 4984, 954956, 1.0.48728, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServiceg, Quarantined, 4984, 954957, 1.0.48728, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServiceh, Quarantined, 4984, 954958, 1.0.48728, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServicei, Quarantined, 4984, 954960, 1.0.48728, , ame, , ,

Registry Value: 8
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServicea\PARAMETERS|SERVICEDLL, Quarantined, 4984, 954916, 1.0.48728, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServiceb\PARAMETERS|SERVICEDLL, Quarantined, 4984, 954916, 1.0.48728, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServiced\PARAMETERS|SERVICEDLL, Quarantined, 4984, 954916, 1.0.48728, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServicee\PARAMETERS|SERVICEDLL, Quarantined, 4984, 954916, 1.0.48728, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServicef\PARAMETERS|SERVICEDLL, Quarantined, 4984, 954916, 1.0.48728, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServiceg\PARAMETERS|SERVICEDLL, Quarantined, 4984, 954916, 1.0.48728, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServiceh\PARAMETERS|SERVICEDLL, Quarantined, 4984, 954916, 1.0.48728, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServicei\PARAMETERS|SERVICEDLL, Quarantined, 4984, 954916, 1.0.48728, , ame, , ,

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
PUP.Optional.MaxUtilities, C:\USERS\DWX1001776\APPDATA\ROAMING\KSAFE\USERRUN, Quarantined, 1337, 792917, 1.0.48728, , ame, , ,
HackTool.KMSpico, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\KMSPICO, Quarantined, 6905, 921555, 1.0.48728, , ame, , ,

File: 2
Malware.AI.3882606530, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\Dota 2.lnk, Quarantined, 1000002, 0, , , , , 93C57532E0F167D196A6D7B5B3CC1FCC, D8FEF53F54073FEBB0E70A7B5BADBFDC462EA4F444CB592ACE977D51F10F2A5B
Malware.AI.3882606530, C:\USERS\DWX1001776\DOWNLOADS\TELEGRAM DESKTOP\DOTA2\DOTA 2\DOTA_2.EXE, Quarantined, 1000002, 0, 1.0.48728, A81EFD5BB1799E96E76BDFC2, dds, 01558030, 67AB9135DD7500CDD1ABA7348ACE2B0B, D97037D1114538C084D7B3DB360B63462A1CE286FE7E8B87364F9572A40CB1A6

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 
Program : RogueKiller Anti-Malware
Version : 15.1.5.0
x64 : Yes
Program Date : Dec 15 2021
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19043) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : dWX1001776
User is Admin : Yes
Date : 2021/12/18 13:33:46
Type : Scan
Aborted : No
Scan Mode : Standard
Duration : 3848
Found items : 5
Total scanned : 167921
Signatures Version : 20210423_062556
Truesight Driver : Yes
Updates Count : 6
Arguments : -minimize

************************* Warnings *************************
(30:85968) C:\ProgramData\TEMP\hacc, LONG_FOLDER_SCAN
[+] path : C:\ProgramData\TEMP\hacc
[+] message : LONG_FOLDER_SCAN
[+] int1 : 30
[+] int2 : 85968

(30:135) C:\ProgramData\TEMP, LONG_FOLDER_SCAN
[+] path : C:\ProgramData\TEMP
[+] message : LONG_FOLDER_SCAN
[+] int1 : 30
[+] int2 : 135


************************* Updates *************************
7-Zip 19.00 (x64) (64-bit), version 19.00
[+] Available Version : 21.06
[+] Size : 4.96 MB
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\7-Zip\

CPUID HWMonitor 1.44 (64-bit), version 1.44
[+] Available Version : 1.45
[+] Size : 3.21 MB
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\CPUID\HWMonitor\

Mozilla Firefox (x64 en-US) (64-bit), version 95.0
[+] Available Version : 95.0.1
[+] Size : 205 MB
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\Mozilla Firefox

VLC media player (64-bit), version 3.0.14
[+] Available Version : 3.0.16
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\VideoLAN\VLC

WinRAR 6.00 beta 2 (64-bit) (64-bit), version 6.00.2
[+] Available Version : 6.02
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\WinRAR\

XAMPP (32-bit), version 7.0.32-0
[+] Available Version : 8.1.0
[+] Size : 546 MB
[+] Wow6432 : Yes
[+] Portable : No
[+] update_location : "D:\xampp"


************************* Processes *************************

************************* Modules *************************

************************* Services *************************

************************* Scheduled Tasks *************************

************************* Registry *************************
>>>>>> XX - Software
└── [PUP.CryptoTab (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-147214757-305610072-1517763936-8001229\Software\CryptoCompany -- N/A -> Found
>>>>>> R5 - Proxy
└── [PUM.Proxy (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-147214757-305610072-1517763936-8001229\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer -- proxy.huawei.com:8080 -> Found
>>>>>> XX - System Policies
└── [PUM.Policies (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- 0 -> Found

************************* WMI *************************

************************* Hosts File *************************
is_too_big : No
hosts_file_path : C:\Windows\System32\drivers\etc\hosts


************************* Filesystem *************************
[PUP.CryptoTab (Potentially Malicious)] (folder) CryptoCompany -- C:\Users\dwx1001776\AppData\Local\CryptoCompany -> Found
[PUP.CryptoTab (Potentially Malicious)] (folder) CryptoCompany -- C:\Program Files (x86)\CryptoCompany -> Found

************************* Web Browsers *************************

************************* Antirootkit *************************
 
# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2021-12-02.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-18-2021
# Duration: 00:00:02
# OS: Windows 10 Pro N
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3993 octets] - [08/04/2020 02:02:59]
AdwCleaner[C00].txt - [3666 octets] - [08/04/2020 02:03:32]
AdwCleaner[S01].txt - [1559 octets] - [08/04/2020 02:57:10]
AdwCleaner[C01].txt - [1726 octets] - [08/04/2020 02:57:23]
AdwCleaner[S02].txt - [1650 octets] - [08/04/2020 07:10:01]
AdwCleaner[C02].txt - [1840 octets] - [08/04/2020 07:10:19]
AdwCleaner[S03].txt - [1772 octets] - [12/04/2020 18:49:15]
AdwCleaner[C03].txt - [1962 octets] - [12/04/2020 18:55:18]
AdwCleaner[S04].txt - [1894 octets] - [14/04/2020 21:37:39]
AdwCleaner[S05].txt - [1955 octets] - [08/05/2020 18:38:06]
AdwCleaner[S06].txt - [2016 octets] - [08/05/2020 21:44:30]
AdwCleaner[C06].txt - [2206 octets] - [08/05/2020 21:44:46]
AdwCleaner[S07].txt - [2138 octets] - [12/05/2020 23:08:25]
AdwCleaner[C07].txt - [2328 octets] - [12/05/2020 23:08:34]
AdwCleaner[S08].txt - [2260 octets] - [12/05/2020 23:10:28]
AdwCleaner[C08].txt - [2450 octets] - [12/05/2020 23:10:40]
AdwCleaner[S09].txt - [2594 octets] - [18/12/2021 09:17:12]
AdwCleaner[C09].txt - [2726 octets] - [18/12/2021 09:17:37]
AdwCleaner[S10].txt - [2505 octets] - [18/12/2021 20:44:36]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C10].txt ##########
 
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Ok re run result below :FRST.txt and addition.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-12-2021
Ran by dWX1001776 (administrator) on DWX1001776KKYMU (LENOVO 2465CTO) (19-12-2021 01:55:31)
Running from C:\Users\dwx1001776\Downloads\Programs
Loaded Profiles: dWX1001776
Platform: Microsoft Windows 10 Pro N Version 21H1 19043.1348 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\LANDesk\LDClient\LDInventoryProvider.exe
() [File not signed] C:\Program Files (x86)\LANDesk\LDClient\LDRegWatch.exe
() [File not signed] C:\Program Files (x86)\LANDesk\LDClient\SelfElectController.exe
(ADLICE (ASCOET JULIEN) -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(ADLICE (ASCOET JULIEN) -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(Array Networks, Inc. -> Array Networks) C:\Program Files\Array Networks\Install Manager\VPNInstallManager.exe
(Array Networks, Inc. -> Array Networks) C:\Program Files\Array Networks\MotionPro VPN Client\vpnd.exe
(Array Networks, Inc. -> Array Networks) C:\Program Files\Array Networks\SSL VPN Client\VPNService.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe
(china\\t00354145 -> ) C:\Program Files (x86)\Huawei\NetCareClient\TSAccountCapture.exe
(china\\t00354145 -> Microsoft) C:\Program Files (x86)\Huawei\NetCareClient\ToolManagement.exe
(china\\t00354145 -> Microsoft) C:\Program Files (x86)\Huawei\NetCareClient\ToolScheduler.exe
(china\\t00354145 -> Microsoft) C:\Program Files (x86)\Huawei\NetCareClient\TSGuard.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
(FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <15>
(Huawei Technologies Co. Ltd -> ) C:\Program Files (x86)\SPES5.0\Composites\iDesk\iDeskService.exe
(Huawei Technologies Co. Ltd -> Huawei) C:\Program Files (x86)\SPES5.0\Composites\iDesk\iDesk.exe
(Huawei Technologies Co., Ltd -> Huawei Technologies Co., Ltd.) [File not signed] C:\Windows\SysWOW64\SpesCheckerService.exe
(Huawei Technologies Co., Ltd) [File not signed] C:\Users\dwx1001776\oss\New Folder\jre\bin\javaw.exe
(Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd) C:\Program Files (x86)\SPES5.0\Composites\HACC\Hagent.exe
(Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd) C:\Program Files (x86)\SPES5.0\Composites\SPES\SecurityCenterApp.exe
(Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd) C:\Program Files (x86)\SPES5.0\Composites\SPES\SPES5.exe
(Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd) C:\Program Files (x86)\SPES5.0\SpesService.exe
(Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd.) C:\Program Files (x86)\SPES5.0\Console\SpesConsole.exe
(Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd.) C:\Windows\SysWOW64\SpesAgent.exe
(Huawei Technologies Co., Ltd. -> Huawei Technologies Co.,Ltd.) C:\Program Files (x86)\SPES5.0\Composites\SPES\SPESRender.exe <2>
(INNOVATIVE CONNECTING PTE. LIMITED -> Innovative Connecting) C:\Program Files (x86)\TurboVPN\turbo_vpn-service.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(LANDesk Software Ltd.) [File not signed] C:\Windows\SysWOW64\cba\pds.exe
(LANDesk Software, Inc. -> LANDESK Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE
(LANDesk Software, Inc. -> LANDESK Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\SoftMon.exe
(LANDesk Software, Inc. -> LANDESK Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
(LANDESK Software, Inc. and its affiliates.) [File not signed] C:\Program Files (x86)\LANDesk\LDClient\collector.exe
(LANDesk Software, Inc. and its affiliates.) [File not signed] C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(MariaDB Corporation Ab -> ) D:\xampp\mysql\bin\mysqld.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\dwx1001776\AppData\Local\Microsoft\OneDrive\21.230.1107.0004\FileCoAuth.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\gpupdate.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1310_none_7e15ec207c87d405\TiWorker.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2>
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin\ccSvcHst.exe <2>
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin64\sepWscSvc64.exe
(Tonec Inc. -> Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMMsgHost.exe
(Tonec Inc.) [File not signed] C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(安芯网盾(北京)科技有限公司 -> 安芯网盾(北京)科技有限公司) C:\Program Files\AnXinSec\MemProtectDeamon64.exe
(安芯网盾(北京)科技有限公司 -> 安芯网盾(北京)科技有限公司) C:\Program Files\AnXinSec\MemProtectSrv64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WebVPN] => C:\Program Files\Array Networks\SSL VPN Client\WebVPN.exe [1449912 2019-03-28] (Array Networks, Inc. -> Array Networks)
HKLM\...\Run: [HotKeysCmds] => "C:\WINDOWS\system32\hkcmd.exe" (No File)
HKLM-x32\...\Run: [SPES500] => C:\Program Files (x86)\SPES5.0\Composites\SPES\SPES5.exe [7316496 2021-09-10] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd)
HKLM-x32\...\Run: [TSGuard] => C:\Program Files (x86)\Huawei\NetCareClient\TSGuard.exe [89744 2021-09-18] (china\\t00354145 -> Microsoft)
HKLM-x32\...\Run: [ToolScheduler] => C:\Program Files (x86)\Huawei\NetCareClient\ToolScheduler.exe [1612432 2021-09-18] (china\\t00354145 -> Microsoft)
HKLM-x32\...\Run: [Check Point VPN] => C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe [18120952 2020-06-24] (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
HKLM\...\RunOnceEx\gswfl: [sk] => shell32.dll|ShellExec_RunDLLA|regsvr32.exe -U -S "C:\WINDOWS\Temp\qkzigq.etl." <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [5483320 2020-11-26] (Tonec Inc.) [File not signed]
HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\Run: [ECSIEPLUGIN] => [X]
HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\Run: [ECS] => [X]
HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\Run: [DigibyteMiner] => C:\Users\dwx1001776\Downloads\Programs\DigiByteMiner.exe (No File)
HKU\S-1-5-21-888159395-1567868294-3106766758-1001\...\Run: [ECS] => C:\Program Files (x86)\eSpace_Desktop\eSpace.exe (No File)
HKLM\...\Windows x64\Print Processors\eConfPrint: C:\Windows\System32\spool\prtprocs\x64\cwprintproc.dll [38184 2020-09-15] (Huawei Technologies Co. Ltd -> Windows (R) Win 7 DDK provider)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\96.0.4664.110\Installer\chrmstp.exe [2021-12-16] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{4EC9D670-C01A-4C3A-B8DB-9903D57B0A64}] -> C:\Program Files\AnXinSec\LogonAuthentication64.dll [2021-06-07] (安芯网盾(北京)科技有限公司 -> 安芯网盾(北京)科技有限公司)
HKLM\Software\...\Authentication\Credential Providers: [{4f82ee06-a3c4-4517-906e-91d2e216df28}] -> C:\Program Files (x86)\SPES5.0\Composites\ADPlugin\LoginRiskProvider.dll [2021-11-11] (Huawei) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{2c8f942b-39d3-4120-bdcd-5deda939e7f2}] -> C:\Program Files (x86)\SPES5.0\Composites\ADPlugin\LoginRiskProvider.dll [2021-11-11] (Huawei) [File not signed]
AppInit_DLLs: oleLoader.dll => C:\WINDOWS\system32\oleLoader.dll [364048 2020-01-20] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WebProxy.lnk [2020-08-18]
ShortcutTarget: WebProxy.lnk -> C:\Users\dwx1001776\oss\New Folder00\start.bat (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2020-11-13]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
Startup: C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WebProxy.lnk [2020-12-18]
ShortcutTarget: WebProxy.lnk -> C:\Users\dwx1001776\oss\New Folder\start.bat () [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0FB42E61-4AD5-48C8-89B3-AA1369DAB891} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe (No File)
Task: {1192D265-49E4-4CCF-B1D5-75C6C8410200} - System32\Tasks\Symantec Endpoint Protection\Symantec Endpoint Protection Error Processor => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin\SymErr.exe [92176 2020-11-14] (Symantec Corporation -> Symantec Corporation)
Task: {3B1AA020-F2A7-44A0-8A7E-791B11FDC143} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-11-13] (Google LLC -> Google LLC)
Task: {5CD02BAC-EDF1-46DF-9D98-F95DA9BA1D9D} - System32\Tasks\RemindPatchRepair => C:\Program Files (x86)\SPES5.0\Composites\SPES\PatchRepair.exe [4292112 2020-08-10] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd)
Task: {6E8AB351-B826-4C46-8609-96A7F9791E58} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {77B37BF7-890A-4065-806D-FB717A16959A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-11-13] (Google LLC -> Google LLC)
Task: {7AADF390-2DE6-4D74-873B-94A40DBE0D23} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => C:\WINDOWS\system32\gpupdate.exe [30720 2021-04-09] (Microsoft Windows -> Microsoft Corporation)
Task: {A4ECFF17-2450-435C-8849-C1113B55D190} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202} => C:\WINDOWS\system32\gpupdate.exe [30720 2021-04-09] (Microsoft Windows -> Microsoft Corporation)
Task: {A5C8C3B2-C003-49F9-B53A-21F30FB782A7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {AC1383C5-E707-4E2D-BE05-BAB8284521EF} - System32\Tasks\TinyTakeUpgrade => C:\Users\dwx1001776\AppData\Local\MangoApps\TinyTake\TinyTake.exe UPGRADE (No File)
Task: {B122D9E2-6028-403D-87AC-3DC5EC375096} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {B315EF1F-B904-44F9-B9A5-9297890039C1} - System32\Tasks\Symantec Endpoint Protection\Symantec Endpoint Protection Error Analyzer => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin\SymErr.exe [92176 2020-11-14] (Symantec Corporation -> Symantec Corporation)
Task: {B566DCFB-A34B-447D-8700-BD08CC9C00E1} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [3059280 2021-03-06] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
Task: {B9E27F9E-3C57-4B23-8672-289E5F71ABAA} - System32\Tasks\LANDESK Agent Health Bootstrap Task => C:\Program Files (x86)\LANDesk\LDClient\LANDESKAgentBootStrap.exe [51200 2015-12-17] (LANDESK Software, Inc. and its affiliates.) [File not signed]
Task: {BCEB005F-FBB3-4941-BC6B-38D19B3FFDFB} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {C2245462-CFF4-4550-8032-79B20AE6D801} - System32\Tasks\ReportPatchStatus => C:\Program Files (x86)\SPES5.0\Composites\SPES\PatchRepair.exe [4292112 2020-08-10] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd)
Task: {D6CE1D71-7C98-4645-9A43-FE71B6CE004D} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {E5C21528-715F-480F-ABB6-9A324A6FE65E} - System32\Tasks\Symantec Endpoint Protection\Symantec Endpoint Protection Autofix => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin\SymErr.exe [92176 2020-11-14] (Symantec Corporation -> Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 1 <==== ATTENTION (Restriction - ProxySettings)
ProxyServer: [S-1-5-21-147214757-305610072-1517763936-8001229] => proxy.huawei.com:8080
Hosts: 127.0.0.1 activate.navicat.com
Tcpip\..\Interfaces\{3430b271-5347-4b3d-a74b-83435d8dd2f7}: [DhcpNameServer] 10.250.192.235 10.47.148.235
Tcpip\..\Interfaces\{8a2f810f-915a-4f90-9ce1-d09d9abd2a1d}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{99687f23-d52f-4c9b-a963-ebdc2c65bf79}: [NameServer] 127.0.0.1,7.187.130.219,7.187.130.50,7.221.190.197
Tcpip\..\Interfaces\{fa257410-4104-4960-9d11-47e469a684e8}: [DhcpNameServer] 10.215.240.84 10.129.31.118 10.98.48.39

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\dwx1001776\AppData\Local\Microsoft\Edge\User Data\Default [2021-12-17]
Edge HKU\S-1-5-21-147214757-305610072-1517763936-8001229\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx [2020-12-10]

FireFox:
========
FF DefaultProfile: 0vvtebnc.default
FF ProfilePath: C:\Users\dwx1001776\AppData\Roaming\Mozilla\Firefox\Profiles\0vvtebnc.default [2020-12-19]
FF ProfilePath: C:\Users\dwx1001776\AppData\Roaming\Mozilla\Firefox\Profiles\h4sus0m0.default-release [2021-12-17]
FF Homepage: Mozilla\Firefox\Profiles\h4sus0m0.default-release -> about:blank
FF Extension: (Browsec VPN - Free VPN for Firefox) - C:\Users\dwx1001776\AppData\Roaming\Mozilla\Firefox\Profiles\h4sus0m0.default-release\Extensions\browsec@browsec.com.xpi [2021-12-12]
FF Extension: (IDM Integration Module) - C:\Users\dwx1001776\AppData\Roaming\Mozilla\Firefox\Profiles\h4sus0m0.default-release\Extensions\mozilla_cc3@internetdownloadmanager.com.xpi [2021-12-12]
FF Extension: (HideAll VPN - Fast & Unlimited VPN) - C:\Users\dwx1001776\AppData\Roaming\Mozilla\Firefox\Profiles\h4sus0m0.default-release\Extensions\{4ded7aed-924d-45ff-be6a-88b40c3e5d89}.xpi [2021-08-30]
FF HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\dwx1001776\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\dwx1001776\AppData\Roaming\IDM\idmmzcc5 [2020-12-22] [Legacy] [not signed]
FF HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-11] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-147214757-305610072-1517763936-8001229: @metaswitch.com/AccessionMeetingPlugin -> C:\Users\dwx1001776\AppData\Roaming\Accession Meeting\bin\npaccessionmeetingplugin.dll [No File]
FF Plugin HKU\S-1-5-21-147214757-305610072-1517763936-8001229: @zhumuintl.me/ZhumuintlMeetingsPlugin -> C:\Users\dwx1001776\AppData\Roaming\Zhumuintl Cloud Meetings\bin\npzhumuintlplugin.dll [No File]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default [2021-12-19]
CHR Notifications: Default -> hxxps://aii.sh; hxxps://iir.ai; hxxps://meet.google.com
CHR Extension: (Slides) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-13]
CHR Extension: (Docs) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-13]
CHR Extension: (Google Drive) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-13]
CHR Extension: (YouTube) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-13]
CHR Extension: (Chrome IPTV Player) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default\Extensions\defmmfhdopkfcgngoklpbbcnpfpagbfh [2021-06-13]
CHR Extension: (Dark Reader) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2021-12-08]
CHR Extension: (Sheets) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-13]
CHR Extension: (Ronin Wallet) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjhmkhhmkbjkkabndcnnogagogbneec [2021-12-03]
CHR Extension: (Google Docs Offline) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-12-01]
CHR Extension: (IDM Integration Module) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2021-10-20]
CHR Extension: (MetaMask) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2021-12-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-13]
CHR Profile: C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-08-12]
CHR Profile: C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-08-09]
CHR Extension: (Slides) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-08-09]
CHR Extension: (Docs) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2021-08-09]
CHR Extension: (Google Drive) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-08-09]
CHR Extension: (YouTube) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-08-09]
CHR Extension: (Sheets) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-08-09]
CHR Extension: (Google Docs Offline) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-08-09]
CHR Extension: (IDM Integration Module) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2021-08-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-08-09]
CHR Extension: (Gmail) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-08-09]
CHR Extension: (Chrome Media Router) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-08-09]
CHR Profile: C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\System Profile [2021-08-12]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2020-12-10]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2020-12-10]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AnXinMemProtectSrv; C:\Program Files\AnXinSec\MemProtectSrv64.exe [165912 2021-06-07] (安芯网盾(北京)科技有限公司 -> 安芯网盾(北京)科技有限公司)
S2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3743984 2021-10-05] (philandro Software GmbH -> philandro Software GmbH)
R2 CBA8; C:\Program Files (x86)\LANDesk\Shared Files\residentagent.exe [162816 2016-05-27] (LANDesk Software, Inc. and its affiliates.) [File not signed]
S2 EPWD; C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exe [504568 2020-06-18] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [14649632 2021-12-17] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 EventService; C:\WINDOWS\SysWOW64\SpesCheckerService.exe [185120 2019-01-04] (Huawei Technologies Co., Ltd -> Huawei Technologies Co., Ltd.) [File not signed]
R2 FoxitReaderUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe [2357936 2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
R2 HaccService; C:\Program Files (x86)\SPES5.0\Composites\HACC\hagent.exe [7264272 2021-04-08] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd)
R2 iDeskService; C:\Program Files (x86)\SPES5.0\Composites\iDesk\iDeskService.exe [325048 2021-06-10] (Huawei Technologies Co. Ltd -> )
R2 Intel Local Scheduler Service; C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE [239776 2015-12-17] (LANDesk Software, Inc. -> LANDESK Software, Inc. and its affiliates.)
R2 Intel PDS; C:\WINDOWS\SysWOW64\CBA\pds.exe [32825 2015-12-17] (LANDesk Software Ltd.) [File not signed]
R2 LANDesk Targeted Multicast; C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe [221736 2016-02-13] (LANDesk Software, Inc. -> LANDESK Software, Inc. and its affiliates.)
R2 LogsAndAlerts; C:\WINDOWS\SysWOW64\msxml4rc.dll [1768512 2014-09-03] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd.) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7901368 2021-12-18] (Malwarebytes Inc -> Malwarebytes)
R2 MessageManagerService; C:\WINDOWS\SysWOW64\svohost.dll [1756960 2019-01-04] (Huawei Technologies Co., Ltd -> Huawei Technologies Co., Ltd.) [File not signed]
R2 mysql; D:\xampp\mysql\bin\mysqld.exe [11563432 2018-09-07] (MariaDB Corporation Ab -> )
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [14204760 2021-12-15] (ADLICE (ASCOET JULIEN) -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6103464 2021-12-01] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 SepLpsService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin\ccSvcHst.exe [157888 2020-11-14] (Symantec Corporation -> Symantec Corporation)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin\ccSvcHst.exe [157888 2020-11-14] (Symantec Corporation -> Symantec Corporation)
R2 sepWscSvc; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin64\sepWscSvc64.exe [1819688 2020-11-14] (Symantec Corporation -> Symantec Corporation)
R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [527136 2021-12-17] (EnigmaSoft Limited -> EnigmaSoft Limited)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin64\snac64.exe [391816 2020-11-14] (Symantec Corporation -> Symantec Corporation)
R2 Softmon; C:\Program Files (x86)\LANDesk\LDClient\softmon.exe [743440 2016-03-19] (LANDesk Software, Inc. -> LANDESK Software, Inc. and its affiliates.)
R2 SPES Framework Service; C:\Program Files (x86)\SPES5.0\SpesService.exe [3898896 2021-10-12] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd)
R2 TracSrvWrapper; C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [7556344 2020-07-26] (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
R2 TurboVPNService; C:\Program Files (x86)\TurboVPN\turbo_vpn-service.exe [765424 2021-09-29] (INNOVATIVE CONNECTING PTE. LIMITED -> Innovative Connecting)
R3 VPNInstallManager; C:\Program Files\Array Networks\Install Manager\VPNInstallManager.exe [1417144 2019-03-28] (Array Networks, Inc. -> Array Networks)
R2 VPNService; C:\Program Files\Array Networks\SSL VPN Client\VPNService.exe [2399160 2019-03-28] (Array Networks, Inc. -> Array Networks)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 EraserSvc11912; "C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\ccSvcHst.exe" /h ccCommon [X]
S3 UEBAAlterService; C:\UEBA\bin\UEBAAlterService.exe [X]
S2 UEBAControlService; "C:\UEBA\bin\UEBAControlService.exe" [X]
S2 UEBAHealthMonitorService; "C:\UEBA\bin\UEBAHealthMonitorService.exe" [X]
S3 UEBALogChannelService; C:\UEBA\bin\UEBALogChannelService.exe [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AxBehaviorMonitor; C:\Program Files\AnXinSec\BehaviorMonitor64.sys [139440 2021-06-07] (安芯网盾(北京)科技有限公司 -> 安芯网盾(北京)科技有限公司)
R2 AxDefense; C:\Program Files\AnXinSec\AxDefenseX64.sys [99504 2021-06-07] (安芯网盾(北京)科技有限公司 -> 安芯网盾(北京)科技有限公司)
S2 AxKrnlRiskDetectSrv; C:\Program Files\AnXinSec\KrnlRiskDetect64.sys [67760 2021-06-07] (安芯网盾(北京)科技有限公司 -> 安芯网盾(北京)科技有限公司)
R1 BaseBehaviorMoniterDriver; C:\WINDOWS\system32\drivers\SysMonitorDriver64.sys [76992 2021-06-07] (安芯网盾(北京)科技有限公司 -> 安芯网盾(北京)科技有限公司)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Data\Definitions\BASHDefs\20211215.011\BHDrvx64.sys [2018776 2021-10-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 ccSettings_{687C5DC7-A9D6-4C42-8CA9-FC08B03726D9}; C:\WINDOWS\System32\Drivers\SEP\0E020D04\03E8.105\x64\ccSetx64.sys [179416 2020-11-14] (Symantec Corporation -> Symantec Corporation)
R2 CDRomFlt; C:\WINDOWS\syswow64\drivers\CDRomFlt.sys [13416 2019-04-30] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd) [File not signed] [File is in use]
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [516168 2021-02-24] (Symantec Corporation -> Broadcom)
R3 EnigmaFileMonDriver; C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [76744 2021-12-19] (EnigmaSoft Limited -> EnigmaSoft Limited)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153672 2021-02-28] (Symantec Corporation -> Broadcom)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2021-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 GS; C:\WINDOWS\syswow64\drivers\GS.sys [87624 2019-04-30] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd) [File not signed] [File is in use]
R3 HWHcsFileFltr; C:\WINDOWS\system32\drivers\hwhcsfilefltr64.sys [21064 2021-04-08] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd) [File not signed]
R3 hwinspect; C:\WINDOWS\system32\drivers\hwinspect64.sys [26696 2021-04-08] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd) [File not signed]
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Data\Definitions\IPSDefs\20211217.061\IDSvia64.sys [1480144 2021-10-01] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 ipsfs; C:\WINDOWS\system32\drivers\ipsfs64.sys [42056 2021-04-08] (Huawei Technologies Co., Ltd. -> Windows (R) Win 7 DDK provider) [File not signed]
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210352 2021-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-12-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [193448 2021-12-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2021-12-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-12-18] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [149424 2021-12-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 NPF; C:\WINDOWS\System32\drivers\NPF.sys [36600 2017-08-16] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 NPF; C:\Windows\SysWOW64\drivers\NPF.sys [36600 2015-12-17] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 regtrace; C:\WINDOWS\system32\drivers\SysConfigMon64.sys [14408 2021-04-08] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd) [File not signed]
S3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-29] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 rtwlane_13; C:\WINDOWS\System32\drivers\rtwlane_13.sys [3717120 2019-12-07] (Microsoft Windows -> Realtek Semiconductor Corporation)
R1 SRTSP; C:\WINDOWS\System32\Drivers\SEP\0E020D04\03E8.105\x64\SRTSP64.SYS [833544 2020-11-14] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\Drivers\SEP\0E020D04\03E8.105\x64\SRTSPX64.SYS [49672 2020-11-14] (Symantec Corporation -> Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin64\SyDvCtrl64.sys [44568 2020-11-14] (Symantec Corporation -> Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\symefasi\0603030.024\symefasi64.sys [1820680 2020-11-14] (Symantec Corporation -> Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\Drivers\SEP\0E020D04\03E8.105\x64\SymELAM.sys [26000 2020-11-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [99920 2021-04-05] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\Drivers\SEP\0E020D04\03E8.105\x64\Ironx64.SYS [311264 2020-11-14] (Symantec Corporation -> Symantec Corporation)
R1 SYMNETS; C:\WINDOWS\System32\Drivers\SEP\0E020D04\03E8.105\x64\SYMNETS.SYS [567512 2020-11-14] (Symantec Corporation -> Symantec Corporation)
R1 SysPlant; C:\WINDOWS\System32\Drivers\SysPlant.sys [230760 2020-11-14] (Symantec Corporation -> Symantec Corporation)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2021-03-19] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R1 Teefer2; C:\WINDOWS\system32\DRIVERS\Teefer.sys [132992 2020-11-14] (Symantec Corporation -> Symantec Corporation)
R3 traceproc; C:\WINDOWS\system32\drivers\traceproc64.sys [16968 2021-04-08] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd) [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2021-12-19] (Adlice -> )
R3 vna_ap; C:\WINDOWS\system32\DRIVERS\vnaap.sys [165392 2017-08-01] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 ATP; \SystemRoot\system32\DRIVERS\atpdrvr_7_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-12-19 01:48 - 2021-12-19 01:56 - 000000000 ____D C:\Users\dwx1001776\AppData\LocalLow\IGDump
2021-12-19 01:48 - 2021-12-19 01:48 - 000193448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-12-19 01:48 - 2021-12-19 01:48 - 000149424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-12-19 01:48 - 2021-12-19 01:48 - 000076744 _____ (EnigmaSoft Limited) C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys
2021-12-19 01:48 - 2021-12-19 01:48 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-12-18 20:47 - 2021-12-18 20:47 - 000005004 _____ C:\Users\dwx1001776\Desktop\scanlogmalwarebytes.txt
2021-12-18 20:39 - 2021-12-18 20:39 - 000008942 _____ C:\Users\dwx1001776\Desktop\scanlogRK.txt
2021-12-18 19:28 - 2021-12-19 01:49 - 000038032 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2021-12-18 19:28 - 2021-12-18 20:33 - 000000000 ____D C:\ProgramData\RogueKiller
2021-12-18 19:28 - 2021-12-18 19:28 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2021-12-18 19:28 - 2021-12-18 19:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2021-12-18 19:27 - 2021-12-18 19:28 - 000000000 ____D C:\Program Files\RogueKiller
2021-12-18 08:09 - 2021-12-19 01:56 - 000000000 ____D C:\FRST
2021-12-18 07:20 - 2021-12-18 07:20 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-12-18 07:20 - 2021-12-18 07:20 - 000210352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-12-18 07:20 - 2021-12-18 07:20 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-12-18 07:20 - 2021-12-18 07:20 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-12-18 07:20 - 2021-12-18 07:20 - 000000000 ____D C:\Users\dwx1001776\AppData\Local\mbam
2021-12-18 07:19 - 2021-12-18 07:19 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-12-18 07:19 - 2021-12-18 07:19 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-12-18 07:18 - 2021-12-18 07:18 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-12-18 07:18 - 2021-12-18 07:18 - 000000000 ____D C:\Program Files\Malwarebytes
2021-12-18 06:34 - 2021-12-18 06:34 - 000002406 _____ C:\Users\dwx1001776\Documents\t.CSV
2021-12-18 01:21 - 2021-12-18 01:21 - 002938923 _____ C:\Users\dwx1001776\Downloads\3G KPI_Rehoming2G_CBN074.xlsm
2021-12-18 01:19 - 2021-12-18 01:19 - 003322368 _____ C:\Users\dwx1001776\Downloads\2G_KPI_Hourly_RehomingCBN074.xls
2021-12-17 22:12 - 2021-12-17 22:12 - 000001079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyHunter5.lnk
2021-12-17 22:12 - 2021-12-17 22:12 - 000001055 _____ C:\Users\Public\Desktop\SpyHunter5.lnk
2021-12-17 22:12 - 2021-12-17 22:12 - 000000000 ____D C:\sh5ldr
2021-12-17 22:12 - 2021-12-17 22:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2021-12-17 22:12 - 2021-12-17 22:12 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2021-12-17 22:10 - 2021-12-17 22:10 - 000000000 ____D C:\Program Files\EnigmaSoft
2021-12-17 01:01 - 2021-12-17 01:01 - 000001874 _____ C:\Users\dwx1001776\Downloads\Need alarm.txt
2021-12-17 00:27 - 2021-12-17 00:27 - 000008827 _____ C:\Users\dwx1001776\Downloads\IP 48 Rev2.txt
2021-12-17 00:27 - 2021-12-17 00:27 - 000004535 _____ C:\Users\dwx1001776\Downloads\IP 5 Rev2.txt
2021-12-17 00:27 - 2021-12-17 00:27 - 000003815 _____ C:\Users\dwx1001776\Downloads\IP 100 Rev2.txt
2021-12-17 00:06 - 2021-12-17 00:06 - 000002871 _____ C:\Users\dwx1001776\Downloads\IP 100 Rev.txt
2021-12-16 23:56 - 2021-12-16 23:56 - 000029596 _____ C:\Users\dwx1001776\Downloads\after ca.rar
2021-12-16 23:56 - 2021-12-16 23:56 - 000010721 _____ C:\Users\dwx1001776\Downloads\IP 48 Rev.txt
2021-12-16 23:56 - 2021-12-16 23:56 - 000003587 _____ C:\Users\dwx1001776\Downloads\IP 5 Rev.txt
2021-12-16 22:54 - 2021-12-16 22:54 - 000000000 ____D C:\ProgramData\huawei
2021-12-16 22:35 - 2021-12-16 22:35 - 000001730 _____ C:\Users\dwx1001776\Downloads\Jabo Execution_Optimization W50.rar
2021-12-16 21:53 - 2021-12-16 22:06 - 000006376 _____ C:\Users\dwx1001776\Downloads\req_deni.rar
2021-12-16 21:35 - 2021-12-16 21:54 - 000004405 _____ C:\Users\dwx1001776\Downloads\4G Surrounding_BOO311.csv
2021-12-16 17:13 - 2021-12-16 17:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Onebox Mate
2021-12-16 17:07 - 2021-12-17 20:39 - 000669845 _____ C:\Users\dwx1001776\Desktop\removtrojan guide.xlsx
2021-12-15 21:37 - 2021-12-15 21:37 - 000050277 _____ C:\Users\dwx1001776\Downloads\Script CSFB Part 2.rar
2021-12-15 18:35 - 2021-12-15 18:47 - 000025112 _____ C:\Users\dwx1001776\Downloads\LST INTERFREQHOGROUP_reqbagus.csv
2021-12-15 16:22 - 2021-12-15 16:22 - 001043684 _____ C:\Users\dwx1001776\Downloads\Attachment2:Cases Study .pdf
2021-12-15 11:18 - 2021-12-15 11:18 - 000002643 _____ C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\aseprite.exe - Shortcut.lnk
2021-12-15 11:17 - 2021-12-15 11:18 - 000002291 _____ C:\Users\dwx1001776\Desktop\aseprite.exe - Shortcut.lnk
2021-12-15 11:17 - 2021-12-15 11:17 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Aseprite
2021-12-15 10:38 - 2021-12-15 10:38 - 000000000 ____D C:\Users\dwx1001776\AppData\Local\Yandex
2021-12-15 09:31 - 2021-12-15 09:45 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\GrafX2
2021-12-15 06:21 - 2021-12-15 06:34 - 001371613 _____ C:\Users\dwx1001776\Downloads\dspvswr cellphytopo.rar
2021-12-14 23:59 - 2021-12-15 00:12 - 000002078 _____ C:\Users\dwx1001776\Downloads\logRE-RUN_14-12-2021.rar
2021-12-14 23:56 - 2021-12-14 23:56 - 000000894 _____ C:\Users\dwx1001776\Downloads\RE-RUN_14-12-2021.rar
2021-12-14 23:48 - 2021-12-15 00:01 - 000001044 _____ C:\Users\dwx1001776\Downloads\logRe-run CR BP.rar
2021-12-14 23:46 - 2021-12-14 23:46 - 000000484 _____ C:\Users\dwx1001776\Downloads\Re-run CR BP.rar
2021-12-14 23:37 - 2021-12-14 23:37 - 000001240 _____ C:\Users\dwx1001776\Downloads\CR_RXD_14-12-2021-RR.rar
2021-12-14 23:31 - 2021-12-14 23:31 - 000000472 _____ C:\Users\dwx1001776\Desktop\reexe48.txt
2021-12-14 23:23 - 2021-12-14 23:23 - 000056084 _____ C:\Users\dwx1001776\Desktop\3gcellbh.sql
2021-12-14 21:02 - 2021-12-14 21:02 - 000497801 _____ C:\Users\dwx1001776\Downloads\SEI Sitelist Issue W49.xlsx
2021-12-14 20:32 - 2021-12-14 20:32 - 003286275 _____ C:\Users\dwx1001776\Downloads\req risky.rar
2021-12-14 20:32 - 2021-12-14 12:37 - 012042315 _____ C:\Users\dwx1001776\Downloads\weekly_Temporary_Query_Result_20211214123239423(weekly).csv
2021-12-14 20:32 - 2021-12-14 12:37 - 001842595 _____ C:\Users\dwx1001776\Downloads\weekly_Temporary_Query_Result_20211214123239423(weekly).rar
2021-12-14 20:32 - 2021-12-14 12:29 - 001445296 _____ C:\Users\dwx1001776\Downloads\daily_Temporary_Query_Result_20211214122732871.zip
2021-12-14 20:32 - 2021-12-14 12:28 - 003658779 ____N C:\Users\dwx1001776\Downloads\daily_Temporary_Query_Result_20211214122732871(49).csv
2021-12-14 20:32 - 2021-12-14 12:28 - 003540519 ____N C:\Users\dwx1001776\Downloads\daily_Temporary_Query_Result_20211214122732871(26).csv
2021-12-14 19:34 - 2021-12-14 19:34 - 000001140 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thetan Arena.lnk
2021-12-14 19:34 - 2021-12-14 19:34 - 000000000 ____D C:\Users\dwx1001776\AppData\LocalLow\Wolffun
2021-12-14 19:34 - 2021-12-14 19:34 - 000000000 ____D C:\Program Files (x86)\Thetan Arena
2021-12-14 01:19 - 2021-12-14 01:19 - 000013545 _____ C:\Users\dwx1001776\Downloads\Need Data KPI.xlsx
2021-12-14 01:06 - 2021-12-14 01:19 - 002865690 _____ C:\Users\dwx1001776\Downloads\alarmjabo_after.rar
2021-12-14 00:48 - 2021-12-14 01:01 - 000362501 _____ C:\Users\dwx1001776\Downloads\MML_Task_Result_Re-RUN IP100_20211214_010005.txt
2021-12-14 00:47 - 2021-12-14 01:00 - 000023861 _____ C:\Users\dwx1001776\Downloads\LOG_VoLTE_3G SRVCC Fast Return_Phase 04_V2.rar
2021-12-14 00:46 - 2021-12-14 00:46 - 000150156 _____ C:\Users\dwx1001776\Downloads\Re-RUN IP100.txt
2021-12-14 00:22 - 2021-12-14 00:22 - 001308119 _____ C:\Users\dwx1001776\Downloads\32_SRVCCFLEXSTEERING_P2.txt
2021-12-14 00:22 - 2021-12-14 00:22 - 001011749 _____ C:\Users\dwx1001776\Downloads\33_SRVCCFLEXSTEERING_P2.txt
2021-12-13 21:42 - 2021-12-13 21:42 - 012234224 _____ C:\Users\dwx1001776\Downloads\3G KPI_Trial 3g shutoff_20211212@2359.xlsm
2021-12-13 21:12 - 2021-12-13 21:24 - 004436907 _____ C:\Users\dwx1001776\Downloads\ranreportalarmjabo.rar
2021-12-13 21:02 - 2021-12-13 21:02 - 001405535 _____ C:\Users\dwx1001776\Downloads\Req KPI week 49.xlsx
2021-12-13 04:12 - 2021-12-13 04:12 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-147214757-305610072-1517763936-8001229
2021-12-12 14:04 - 2021-12-12 14:04 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2021-12-11 09:03 - 2021-12-11 09:03 - 001271975 _____ C:\Users\dwx1001776\Downloads\audit_ret_kota bekasi_kota depok.xlsx
2021-12-11 01:53 - 2021-12-11 01:53 - 000000375 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2021-12-10 12:52 - 2021-12-10 12:52 - 000006185 _____ C:\Users\dwx1001776\Downloads\SiteID_ret.txt
 
2021-12-10 10:17 - 2021-12-10 13:14 - 000032278 _____ C:\Users\dwx1001776\Downloads\Site_Bagus_HHO_10 Dec.xlsx
2021-12-09 18:04 - 2021-12-09 18:04 - 000008736 _____ C:\Users\dwx1001776\Downloads\Object Tree Export_Report Management_20211209180344.xlsx
2021-12-09 18:03 - 2021-12-09 18:03 - 000096077 _____ C:\Users\dwx1001776\Downloads\Sitelist Neeh HO PingPong 9Dec.xlsx
2021-12-09 15:34 - 2021-12-09 15:34 - 000009644 _____ C:\Users\dwx1001776\Downloads\sitelist L21 Big Gap(2).xlsx
2021-12-09 10:23 - 2021-12-09 10:23 - 000000000 ____D C:\Users\dwx1001776\AppData\Local\Plantronics
2021-12-09 10:22 - 2021-12-09 10:22 - 000002018 _____ C:\Users\Public\Desktop\WeLinkPC.lnk
2021-12-09 10:22 - 2021-12-09 10:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeLinkPC
2021-12-09 10:22 - 2021-12-09 10:22 - 000000000 ____D C:\Program Files (x86)\WeLinkPC
2021-12-09 09:59 - 2021-12-09 10:22 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-12-09 09:59 - 2021-12-09 09:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\huawei
2021-12-09 09:55 - 2021-12-18 10:32 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\eSpace_Desktop
2021-12-08 13:39 - 2021-12-08 13:21 - 003007383 ____N C:\Users\dwx1001776\Downloads\4G_KPI_reqJPX236_Query_Result_20211208132030519(Subreport 1).csv
2021-12-08 13:29 - 2021-12-08 13:29 - 000008581 _____ C:\Users\dwx1001776\Downloads\sitelist 3G trial shutoff(1).xlsx
2021-12-08 13:21 - 2021-12-08 13:34 - 000055074 _____ C:\Users\dwx1001776\Downloads\HistoricalAlarms20211208132118236.csv
2021-12-08 13:21 - 2021-12-08 13:21 - 001048626 _____ C:\Users\dwx1001776\Downloads\jpx236.rar
2021-12-08 13:21 - 2021-12-08 13:21 - 001045441 _____ C:\Users\dwx1001776\Downloads\4G_KPI_reqJPX236_Query_Result_20211208132030519.zip
2021-12-08 13:18 - 2021-12-08 13:31 - 000016977 _____ C:\Users\dwx1001776\Downloads\HistoricalAlarms20211208131825307.csv
2021-12-08 13:18 - 2021-12-08 13:30 - 000001118 _____ C:\Users\dwx1001776\Downloads\CurrentAlarms20211208131743095_1.csv
2021-12-08 11:39 - 2021-12-08 11:48 - 005278602 _____ C:\Users\dwx1001776\Downloads\List trial 3G shutoff dashboard v2.xlsx
2021-12-08 11:14 - 2021-12-08 11:15 - 000976179 _____ C:\Users\dwx1001776\Desktop\3G Upgrade Software Patch SRAN16.1 - 8 Dec 2021_.xlsm
2021-12-08 11:13 - 2021-12-08 11:13 - 000866888 _____ C:\Users\dwx1001776\Desktop\3G Upgrade Software Patch SRAN16.1 - 8 Dec 2021.xlsm
2021-12-08 11:12 - 2021-12-08 11:12 - 001415680 _____ C:\Users\dwx1001776\Desktop\2G_KPI_Hourly_Upgrade Software Patch SRAN16.1 - 8 Dec 2021.xls
2021-12-08 10:46 - 2021-12-08 10:46 - 000969625 _____ C:\Users\dwx1001776\Downloads\Dashboard Support CSFB 2G 4G_20211208e.xlsx
2021-12-08 10:36 - 2021-12-08 10:36 - 000928759 _____ C:\Users\dwx1001776\Downloads\Dashboard Support CSFB 2G 4G_20211208.xlsx
2021-12-08 09:12 - 2021-12-08 09:12 - 000193599 _____ C:\Users\dwx1001776\Desktop\3gshutoffv2.sql
2021-12-08 09:10 - 2021-12-08 09:10 - 000008879 _____ C:\Users\dwx1001776\Downloads\sitelist 3G trial shutoff.xlsx
2021-12-07 11:20 - 2021-12-07 11:33 - 000866837 _____ C:\Users\dwx1001776\Downloads\lteranreport1207.rar
2021-12-06 18:19 - 2021-12-06 18:19 - 000014282 _____ C:\Users\dwx1001776\Downloads\high interference.xlsx
2021-12-06 11:45 - 2021-12-06 11:45 - 000095503 _____ C:\Users\dwx1001776\Desktop\3gshutoff.sql
2021-12-05 10:28 - 2021-12-05 18:31 - 000000000 ____D C:\Users\dwx1001776\AppData\Local\Vivox
2021-12-05 10:21 - 2021-12-19 01:48 - 000000000 ____D C:\Program Files (x86)\TurboVPN
2021-12-05 10:21 - 2021-12-05 10:21 - 000001120 _____ C:\Users\dwx1001776\Desktop\TurboVPN.lnk
2021-12-05 10:21 - 2021-12-05 10:21 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TurboVPN
2021-12-05 09:33 - 2021-12-05 09:33 - 000001235 _____ C:\Users\Public\Desktop\The Sandbox Alpha.lnk
2021-12-05 09:32 - 2021-12-05 09:32 - 000000000 ____D C:\Users\dwx1001776\AppData\LocalLow\TSBGAMING
2021-12-05 09:31 - 2021-12-05 09:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sandbox
2021-12-05 09:31 - 2021-12-05 09:31 - 000000000 ____D C:\Program Files (x86)\The Sandbox
2021-12-03 11:11 - 2021-12-03 11:23 - 001008015 _____ C:\Users\dwx1001776\Downloads\E_TNG602_Ryserpong2_ALL_Operation Log_Compressed_2021-06-01-11-22-52_2021-12-03-11-23-04_Flow Control_20211203_112309.gz
2021-12-03 11:11 - 2021-12-03 11:10 - 006963390 _____ C:\Users\dwx1001776\Downloads\E_TNG602_Ryserpong2_ALL_Operation Log_Compressed_2021-06-01-11-22-52_2021-12-03-11-23-04_Flow Control_20211203_112309
2021-12-03 08:57 - 2021-12-03 08:57 - 000000000 ____D C:\Users\dwx1001776\AppData\LocalLow\Unity
2021-12-03 08:57 - 2021-12-03 08:57 - 000000000 ____D C:\Users\dwx1001776\AppData\LocalLow\Sky Mavis
2021-12-03 08:57 - 2021-12-03 08:57 - 000000000 ____D C:\Users\dwx1001776\AppData\Local\GameAnalytics
2021-12-03 08:52 - 2021-12-03 08:52 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\com.skymavis.launcher
2021-12-03 08:52 - 2021-12-03 08:52 - 000000000 ____D C:\Program Files\Axie Infinity
2021-12-03 08:50 - 2021-12-03 08:53 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Mavis Hub
2021-12-03 08:49 - 2021-12-03 09:05 - 000002322 _____ C:\Users\dwx1001776\Desktop\Mavis Hub.lnk
2021-12-03 08:49 - 2021-12-03 08:50 - 000000000 ____D C:\Users\dwx1001776\AppData\Local\@axielauncher-updater
2021-12-03 08:49 - 2021-12-03 08:49 - 000002330 _____ C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mavis Hub.lnk
2021-12-02 16:37 - 2021-12-02 16:37 - 000009026 _____ C:\Users\dwx1001776\Downloads\Sitelist need HO PingPong_02122021.xlsx
2021-12-02 09:24 - 2021-12-02 09:24 - 000009626 _____ C:\Users\dwx1001776\Downloads\sitelist L21 Big Gap(1).xlsx
2021-12-01 12:54 - 2021-12-01 13:07 - 000014050 _____ C:\Users\dwx1001776\Downloads\lstoptlog_cpt221.csv
2021-12-01 10:32 - 2021-12-01 10:44 - 000402205 _____ C:\Users\dwx1001776\Downloads\LST CELLALGOSWITCH.csv
2021-12-01 10:32 - 2021-12-01 10:44 - 000104030 _____ C:\Users\dwx1001776\Downloads\LST EUTRANINTERNFREQ.csv
2021-12-01 10:32 - 2021-12-01 10:44 - 000024086 _____ C:\Users\dwx1001776\Downloads\LST CELLHOPARACFG.csv
2021-12-01 10:32 - 2021-12-01 10:44 - 000011475 _____ C:\Users\dwx1001776\Downloads\LST INTERFREQHOGROUP.csv
2021-12-01 09:29 - 2021-12-01 09:27 - 000021186 _____ C:\Users\dwx1001776\Documents\AlarmLogs20211201092856554.csv
2021-12-01 08:30 - 2021-12-01 08:30 - 000000000 ____D C:\WINDOWS\SysWOW64\Zonelabs
2021-12-01 08:30 - 2021-12-01 08:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2021-12-01 08:30 - 2021-12-01 08:30 - 000000000 ____D C:\Program Files (x86)\CheckPoint
2021-12-01 08:09 - 2021-12-01 08:10 - 123979489 _____ C:\Users\dwx1001776\Downloads\Windows_MediaFeaturePack_x64_1803.msu
2021-12-01 08:08 - 2021-12-01 08:08 - 103322379 _____ C:\Users\dwx1001776\Downloads\Windows_MediaFeaturePack_x64_1903_V1.msu
2021-12-01 08:01 - 2021-12-19 01:48 - 000008192 ___SH C:\DumpStack.log.tmp
2021-12-01 07:54 - 2021-12-09 07:01 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-12-01 07:54 - 2021-12-09 07:01 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d7e64c66026a2b
2021-12-01 07:50 - 2021-12-01 07:50 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-12-01 07:48 - 2021-12-01 07:48 - 000000020 ___SH C:\Users\dwx1001776\ntuser.ini
2021-12-01 07:47 - 2021-12-19 01:54 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-12-01 07:47 - 2021-12-19 01:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\Symantec Endpoint Protection
2021-12-01 07:47 - 2021-12-19 01:48 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-12-01 07:47 - 2021-12-13 04:12 - 000003372 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-147214757-305610072-1517763936-8001229
2021-12-01 07:47 - 2021-12-01 07:47 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-12-01 07:47 - 2021-12-01 07:47 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-12-01 07:47 - 2021-12-01 07:47 - 000002896 _____ C:\WINDOWS\system32\Tasks\TinyTakeUpgrade
2021-12-01 07:47 - 2021-12-01 07:47 - 000002856 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-888159395-1567868294-3106766758-1001
2021-12-01 07:47 - 2021-12-01 07:47 - 000002590 _____ C:\WINDOWS\system32\Tasks\LANDESK Agent Health Bootstrap Task
2021-12-01 07:47 - 2021-12-01 07:47 - 000002536 _____ C:\WINDOWS\system32\Tasks\SamsungMagician
2021-12-01 07:47 - 2021-12-01 07:47 - 000002442 _____ C:\WINDOWS\system32\Tasks\RemindPatchRepair
2021-12-01 07:47 - 2021-12-01 07:47 - 000002052 _____ C:\WINDOWS\system32\Tasks\ReportPatchStatus
2021-12-01 07:47 - 2021-12-01 07:47 - 000000000 ____D C:\WINDOWS\system32\Tasks\FonePaw
2021-12-01 07:47 - 2021-12-01 07:47 - 000000000 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts
2021-12-01 07:46 - 2021-12-01 07:47 - 000015243 _____ C:\WINDOWS\diagwrn.xml
2021-12-01 07:46 - 2021-12-01 07:47 - 000015243 _____ C:\WINDOWS\diagerr.xml
2021-12-01 07:41 - 2021-12-19 01:57 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-12-01 07:39 - 2021-12-19 01:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-12-01 07:39 - 2021-12-16 23:07 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-12-01 07:39 - 2021-12-16 23:07 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-12-01 07:39 - 2021-12-01 07:39 - 000379840 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-12-01 07:22 - 2021-12-01 22:39 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-12-01 07:18 - 2021-12-17 21:51 - 000000000 ____D C:\Users\dwx1001776
2021-12-01 07:18 - 2021-12-13 04:12 - 000002398 _____ C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-12-01 07:18 - 2021-12-01 22:39 - 000000000 ____D C:\Users\Admin
2021-12-01 07:18 - 2019-12-07 16:09 - 000001105 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-12-01 07:18 - 2019-12-07 16:09 - 000001105 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-12-01 07:17 - 2021-12-01 07:22 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-12-01 07:07 - 2021-12-01 07:07 - 002371072 _____ C:\WINDOWS\system32\rdpnano.dll
2021-12-01 07:07 - 2021-12-01 07:07 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2021-12-01 07:07 - 2021-12-01 07:07 - 000672768 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-12-01 07:07 - 2021-12-01 07:07 - 000203264 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll
2021-12-01 07:07 - 2021-12-01 07:07 - 000170496 _____ C:\WINDOWS\system32\DeviceUpdateCenterCsp.dll
2021-12-01 07:07 - 2021-12-01 07:07 - 000158208 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-12-01 07:07 - 2021-12-01 07:07 - 000040960 _____ C:\WINDOWS\system32\uwfservicingapi.dll
2021-12-01 07:07 - 2021-12-01 07:07 - 000011363 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-12-01 07:06 - 2021-12-01 07:06 - 002295296 _____ (Digimarc) C:\WINDOWS\system32\DMRCDecoder.dll
2021-12-01 07:06 - 2021-12-01 07:06 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-12-01 07:06 - 2021-12-01 07:06 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-12-01 07:06 - 2021-12-01 07:06 - 002111488 _____ (Digimarc) C:\WINDOWS\SysWOW64\DMRCDecoder.dll
2021-12-01 07:06 - 2021-12-01 07:06 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2021-12-01 07:06 - 2021-12-01 07:06 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-12-01 07:06 - 2021-12-01 07:06 - 001164288 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-12-01 07:06 - 2021-12-01 07:06 - 000706536 _____ C:\WINDOWS\system32\TextShaping.dll
2021-12-01 07:06 - 2021-12-01 07:06 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-12-01 07:06 - 2021-12-01 07:06 - 000611960 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-12-01 07:06 - 2021-12-01 07:06 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-12-01 07:06 - 2021-12-01 07:06 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-12-01 07:06 - 2021-12-01 07:06 - 000098304 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-12-01 07:06 - 2021-12-01 07:06 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-12-01 07:05 - 2021-12-01 07:05 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-12-01 07:05 - 2021-12-01 07:05 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-12-01 07:05 - 2021-12-01 07:05 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-12-01 07:05 - 2021-12-01 07:05 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-12-01 07:05 - 2021-12-01 07:05 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-12-01 06:52 - 2021-12-01 06:53 - 000000000 ____D C:\WINDOWS\system32\id-ID
2021-12-01 06:52 - 2021-12-01 06:52 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2021-12-01 06:52 - 2021-12-01 06:52 - 000000000 ____D C:\WINDOWS\id-ID
2021-12-01 06:52 - 2019-10-15 13:53 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2021-12-01 06:52 - 2019-04-18 18:49 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2021-12-01 06:47 - 2021-12-01 06:47 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2021-12-01 06:39 - 2021-12-01 06:39 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-12-01 06:25 - 2021-12-13 06:00 - 000000000 ___DC C:\WINDOWS\Panther
2021-12-01 06:22 - 2021-12-01 06:25 - 000000036 _____ C:\WINDOWS\progress.ini
2021-12-01 06:07 - 2021-12-01 07:48 - 000000000 ____D C:\Windows10Upgrade
2021-12-01 06:07 - 2021-12-01 07:47 - 000000000 ___HD C:\$GetCurrent
2021-12-01 06:07 - 2021-12-01 06:07 - 000000731 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2021-12-01 06:07 - 2021-12-01 06:07 - 000000719 _____ C:\Users\dwx1001776\Desktop\Windows 10 Update Assistant.lnk
2021-12-01 06:07 - 2021-12-01 06:07 - 000000000 ____D C:\Users\dwx1001776\Downloads\Windows10Upgrade9252
2021-12-01 06:04 - 2021-12-01 06:04 - 005814039 _____ C:\Users\dwx1001776\Downloads\Windows10Upgrade9252.rar
2021-11-29 17:05 - 2021-11-29 17:05 - 000932500 _____ C:\Users\dwx1001776\Downloads\JKP335_20211129@1559.rar
2021-11-29 11:03 - 2021-11-29 11:03 - 000785693 _____ C:\Users\dwx1001776\Downloads\req ul interference_risky.zip
2021-11-29 10:55 - 2021-11-29 10:56 - 002907802 _____ C:\Users\dwx1001776\Downloads\4G_KPI_reqfakhruddin busyhour_Query_Result_20211129105434982.zip
2021-11-29 10:54 - 2021-11-29 10:54 - 000028122 _____ C:\Users\dwx1001776\Downloads\New comers interference W46.xlsx
2021-11-29 10:45 - 2021-11-29 10:45 - 000008047 _____ C:\Users\dwx1001776\Downloads\4cell WPC L21 Big gap.xlsx
2021-11-29 09:54 - 2021-11-29 09:54 - 010120267 _____ C:\Users\dwx1001776\Downloads\interference per RB req risky_Query_Result_20211129094820774.zip
2021-11-29 09:45 - 2021-11-29 09:46 - 004504900 _____ C:\Users\dwx1001776\Downloads\4G_KPI_req_Query_Result_20211129094349351.zip
2021-11-29 09:29 - 2021-11-29 09:29 - 005308401 _____ C:\Users\dwx1001776\Downloads\4G_KPI_reqfakhruddin_Query_Result_2021112909271948.zip
2021-11-29 09:22 - 2021-11-29 09:22 - 000009638 _____ C:\Users\dwx1001776\Downloads\sitelist L21 Big Gap.xlsx
2021-11-27 23:27 - 2021-11-29 17:05 - 000796260 _____ C:\Users\dwx1001776\Downloads\3G JKP335.xlsm
2021-11-27 23:27 - 2021-11-29 17:04 - 001252864 _____ C:\Users\dwx1001776\Downloads\2G_KPI_Hourly_JKP335.xls
2021-11-27 21:51 - 2021-11-27 22:03 - 000065842 _____ C:\Users\dwx1001776\Downloads\mopar_fakhruddin_1127.rar
2021-11-27 21:34 - 2021-11-27 21:45 - 000019558 _____ C:\Users\dwx1001776\Downloads\Sitelist 3G Shutoff(1).xlsx
2021-11-27 21:33 - 2021-11-27 22:33 - 000003489 _____ C:\Users\dwx1001776\Downloads\test_alfursan.txt
2021-11-27 00:54 - 2021-11-27 01:15 - 000014267 _____ C:\Users\dwx1001776\Downloads\Sitelist 3G Shutoff.xlsx
2021-11-26 21:56 - 2021-11-26 21:56 - 000009227 _____ C:\Users\dwx1001776\Downloads\Surrounding 3G Shutoff.xlsx
2021-11-26 08:22 - 2021-11-26 08:24 - 000000128 _____ C:\Users\dwx1001776\AppData\Local\PUTTY.RND
2021-11-26 08:22 - 2021-11-26 08:22 - 000000000 ____D C:\Program Files\PuTTY
2021-11-25 23:38 - 2021-11-25 23:40 - 000000000 ____D C:\Users\dwx1001776\Downloads\stock images
2021-11-25 22:28 - 2021-11-25 22:28 - 000017855 _____ C:\Users\dwx1001776\Downloads\Req Cell Daily 4G 5-24 Nov.xlsx
2021-11-25 21:07 - 2021-11-25 21:13 - 003162095 _____ C:\Users\dwx1001776\Downloads\NCR 4G Rollout Dynamic NPREO with CellNpreoAdjThreshold setting to 20 JA.xlsx
2021-11-25 19:24 - 2021-11-25 19:24 - 000000176 _____ C:\Users\dwx1001776\Downloads\Trial Power Saving.txt
2021-11-25 08:18 - 2021-12-01 22:39 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-11-25 06:08 - 2021-11-25 06:08 - 000140557 _____ C:\Users\dwx1001776\Downloads\WhatsApp Image 2021-11-25 at 00.46.22.jpeg
2021-11-25 00:15 - 2021-11-25 00:15 - 000007720 _____ C:\Users\dwx1001776\Downloads\Req alarm-24 Nov.xlsx
2021-11-25 00:13 - 2021-11-25 00:25 - 000018769 _____ C:\Users\dwx1001776\Downloads\req_alarm.rar
2021-11-25 00:05 - 2021-11-25 00:05 - 000009742 _____ C:\Users\dwx1001776\Downloads\Req alarm(1).xlsx
2021-11-23 23:59 - 2021-11-23 23:59 - 000092742 _____ C:\Users\dwx1001776\Downloads\Rollback IP5.txt
2021-11-23 23:59 - 2021-11-23 23:59 - 000042262 _____ C:\Users\dwx1001776\Downloads\Rollback IP48.txt
2021-11-23 23:37 - 2021-11-23 23:38 - 081625338 _____ C:\Users\dwx1001776\Downloads\4G_KPI_reqrisky1123_Query_Result_2021112323300689.zip
2021-11-23 23:13 - 2021-11-23 23:32 - 000041991 _____ C:\Users\dwx1001776\Downloads\Need Data(1).xlsx
2021-11-23 21:31 - 2021-11-23 21:31 - 003561068 _____ C:\Users\dwx1001776\Downloads\4G_EJ_CR_QCI 6 VIP User anchor on FDD solution Rollback RollOut 20211112_rev.xlsx
2021-11-23 21:29 - 2021-11-23 21:34 - 001890411 _____ C:\Users\dwx1001776\Downloads\4G Script Volte Features_JABO Outer_VoLTE Coverage Enhancement_Phase 03 V3.xlsx
2021-11-23 21:27 - 2021-11-23 21:37 - 000807009 _____ C:\Users\dwx1001776\Downloads\NCR 4G Rollout Disable CA Service When Using VOLTE CALL JABO.xlsx
2021-11-23 11:19 - 2021-11-23 17:18 - 000000109 _____ C:\Users\dwx1001776\Downloads\cryptotab log.txt
2021-11-23 11:18 - 2021-11-24 05:47 - 000005224 _____ C:\Users\dwx1001776\Downloads\youtube project 2 - sky bonfire lake.txt
2021-11-23 07:38 - 2021-11-23 07:38 - 000008297 _____ C:\Users\dwx1001776\Downloads\sitelist(12).xlsx
2021-11-22 23:29 - 2021-11-22 23:29 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\DigibyteMiner
2021-11-22 22:16 - 2021-11-22 22:54 - 000014020 _____ C:\Users\dwx1001776\Downloads\need rrc+payload.xlsx
2021-11-22 20:04 - 2021-11-22 20:04 - 000013943 _____ C:\Users\dwx1001776\Downloads\Need KPI 4g data.xlsx
2021-11-22 19:31 - 2021-11-22 19:31 - 001313177 _____ C:\Users\dwx1001776\Downloads\SITE LIST TAL TAC_20211012_V2.xlsx
2021-11-22 15:40 - 2021-11-22 15:53 - 000009408 _____ C:\Users\dwx1001776\Downloads\SITE LIST_Power Saving Trial.xlsx
2021-11-21 23:44 - 2021-11-22 10:47 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\TechSmith
2021-11-21 23:41 - 2021-11-23 12:01 - 000000000 ____D C:\Users\dwx1001776\Documents\Camtasia
2021-11-21 23:41 - 2021-11-21 23:41 - 000000000 ____D C:\Users\dwx1001776\AppData\Local\TechSmith
2021-11-21 22:24 - 2021-12-01 22:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2021-11-21 22:24 - 2021-11-21 22:24 - 000001171 _____ C:\Users\Public\Desktop\Camtasia 2019.lnk
2021-11-21 22:23 - 2021-11-21 22:24 - 000000000 ____D C:\ProgramData\TechSmith
2021-11-21 22:23 - 2021-11-21 22:23 - 000000000 ____D C:\Program Files\TechSmith
2021-11-21 22:23 - 2021-11-21 22:23 - 000000000 ____D C:\Program Files\Common Files\TechSmith Shared
2021-11-21 19:33 - 2021-11-30 15:54 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\audacity
2021-11-21 19:33 - 2021-11-21 19:33 - 000000865 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2021-11-21 19:33 - 2021-11-21 19:33 - 000000853 _____ C:\Users\Public\Desktop\Audacity.lnk
2021-11-21 19:33 - 2021-11-21 19:33 - 000000000 ____D C:\Users\dwx1001776\AppData\Local\audacity
2021-11-21 19:33 - 2021-11-21 19:33 - 000000000 ____D C:\Program Files\Audacity
2021-11-21 12:13 - 2021-11-21 12:13 - 000000761 _____ C:\Users\dwx1001776\Documents\Desktop - Shortcut.lnk
2021-11-19 21:36 - 2021-11-19 21:36 - 000031314 _____ C:\Users\dwx1001776\Downloads\Nobel - S01E02.srt
2021-11-19 21:35 - 2021-11-19 21:35 - 000024012 _____ C:\Users\dwx1001776\Downloads\Nobel - S01E01.srt

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-12-19 01:57 - 2020-12-19 03:05 - 000000000 ____D C:\Users\dwx1001776\AppData\Local\CrashDumps
2021-12-19 01:57 - 2020-11-13 21:45 - 000000000 ____D C:\Program Files (x86)\Google
2021-12-19 01:57 - 2019-12-07 16:12 - 000000000 ____D C:\WINDOWS\INF
2021-12-19 01:54 - 2020-12-19 02:30 - 000000000 ____D C:\Users\dwx1001776\AppData\LocalLow\Mozilla
2021-12-19 01:54 - 2020-12-19 02:30 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-12-19 01:53 - 2021-08-09 08:07 - 000002404 _____ C:\Users\dwx1001776\Desktop\Person 1 - Chrome.lnk
2021-12-19 01:52 - 2021-07-13 19:51 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\NetCareClient
2021-12-19 01:52 - 2021-06-23 15:04 - 000000000 ____D C:\Program Files\AnXinSec
2021-12-19 01:52 - 2020-12-19 02:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-12-19 01:52 - 2019-03-19 11:49 - 000000297 _____ C:\WINDOWS\win.ini
2021-12-19 01:52 - 2018-10-23 18:30 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-12-19 01:50 - 2020-11-16 22:37 - 000001144 ____H C:\Users\dwx1001776\Documents\Default.rdp
2021-12-19 01:49 - 2019-12-07 16:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-12-19 01:48 - 2021-06-23 15:04 - 000000002 _____ C:\WINDOWS\axupdt.axbcv
2021-12-19 01:48 - 2020-11-14 09:04 - 000000000 ___HD C:\ProgramData\TEMP
2021-12-19 01:47 - 2019-12-07 16:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-12-18 19:18 - 2020-11-14 22:29 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Telegram Desktop
2021-12-18 18:54 - 2020-11-14 09:22 - 000000000 ____D C:\temp
2021-12-18 18:11 - 2020-11-13 21:06 - 000046130 __RSH C:\ProgramData\ntuser.pol
2021-12-18 10:03 - 2020-11-14 09:07 - 001049387 _____ C:\ProgramData\CpmCore.log.1
2021-12-18 07:19 - 2019-12-07 16:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-12-18 07:01 - 2020-12-22 22:23 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\DMCache
2021-12-18 06:26 - 2020-11-14 09:05 - 000000000 ____D C:\ProgramData\Symantec
2021-12-18 01:00 - 2019-12-07 16:49 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2021-12-17 22:07 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-12-17 21:59 - 2020-11-13 21:50 - 000006354 _____ C:\Users\dwx1001776\Downloads\exam
2021-12-17 21:49 - 2019-12-07 16:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-12-17 02:11 - 2020-11-14 00:17 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\vlc
2021-12-16 22:02 - 2019-12-07 16:03 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2021-12-16 20:46 - 2021-07-12 09:50 - 000000000 ____D C:\Users\dwx1001776\Desktop\tem
2021-12-16 20:45 - 2020-12-22 22:23 - 000000000 ____D C:\Users\dwx1001776\Downloads\Video
2021-12-16 17:13 - 2021-10-21 22:40 - 000001497 _____ C:\Users\Public\Desktop\Onebox.lnk
2021-12-16 17:11 - 2020-11-14 09:25 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\CDDD
2021-12-16 10:36 - 2021-08-26 07:37 - 000000000 ____D C:\Users\dwx1001776\Documents\kamil
2021-12-16 07:14 - 2020-11-14 09:07 - 001050018 _____ C:\ProgramData\CpmCore.log.2
2021-12-16 06:09 - 2020-11-13 21:46 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-12-16 06:09 - 2018-10-23 18:30 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-12-16 01:36 - 2020-12-19 02:30 - 000000000 ____D C:\ProgramData\Mozilla
2021-12-15 16:26 - 2020-11-14 09:05 - 000002206 _____ C:\Users\Public\Desktop\SPES.lnk
2021-12-15 16:15 - 2020-11-14 09:09 - 000000000 _____ C:\Program Files (x86)\ItShieldCheckFile.ck
2021-12-15 10:52 - 2019-12-07 16:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-12-15 10:41 - 2020-12-22 22:23 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
2021-12-14 02:37 - 2020-11-14 09:07 - 001049966 _____ C:\ProgramData\CpmCore.log.3
2021-12-11 22:13 - 2020-11-14 09:07 - 001048824 _____ C:\ProgramData\CpmCore.log.4
2021-12-09 17:43 - 2020-11-14 09:07 - 001048755 _____ C:\ProgramData\CpmCore.log.5
2021-12-09 10:23 - 2021-10-21 22:41 - 000000000 ____D C:\ProgramData\CheckToolService
2021-12-09 10:20 - 2021-03-16 18:56 - 000030995 _____ C:\Users\dwx1001776\Downloads\CsvReport (6)_reqheru.csv
2021-12-09 10:08 - 2020-11-14 09:18 - 000000256 _____ C:\WINDOWS\system32\config\netlogon.ftl
2021-12-09 09:59 - 2020-11-14 09:25 - 000000000 ____D C:\Program Files (x86)\Huawei
2021-12-09 09:57 - 2021-07-22 12:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2021-12-09 09:57 - 2021-07-12 22:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FonePaw
2021-12-09 09:57 - 2021-02-28 20:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strogino CS Portal
2021-12-09 09:57 - 2020-11-14 09:08 - 000000000 ____D C:\Program Files (x86)\eSpace_Desktop
2021-12-09 09:57 - 2020-07-26 18:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tencent Software
2021-12-09 09:57 - 2019-10-03 15:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2021-12-09 09:57 - 2018-11-12 14:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2021-12-09 09:57 - 2018-11-08 00:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
2021-12-09 09:57 - 2018-10-23 18:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2021-12-08 19:55 - 2020-11-14 06:17 - 000000000 ____D C:\ProgramData\Packages
2021-12-07 12:31 - 2020-11-14 09:07 - 001048947 _____ C:\ProgramData\CpmCore.log.6
2021-12-05 12:36 - 2021-01-20 20:03 - 000025638 _____ C:\Users\dwx1001776\Downloads\CsvReport (2).csv
2021-12-05 12:36 - 2020-12-14 23:17 - 000074161 _____ C:\Users\dwx1001776\Downloads\Report.txt
2021-12-05 09:31 - 2020-11-14 09:10 - 000000000 ____D C:\ProgramData\Package Cache
2021-12-05 09:20 - 2020-11-14 09:07 - 001049823 _____ C:\ProgramData\CpmCore.log.7
2021-12-03 04:08 - 2020-11-14 09:07 - 001049673 _____ C:\ProgramData\CpmCore.log.8
2021-12-02 04:42 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\appcompat
2021-12-01 22:39 - 2021-11-17 19:05 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movavi Video Editor Plus 2022
2021-12-01 22:39 - 2021-11-09 14:43 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2021-12-01 22:39 - 2021-09-23 20:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2021-12-01 22:39 - 2021-08-01 23:04 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeLink Meeting
2021-12-01 22:39 - 2021-07-07 18:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2021-12-01 22:39 - 2021-06-30 22:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
2021-12-01 22:39 - 2021-06-23 15:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intelligent Memory Protection System
2021-12-01 22:39 - 2021-06-15 17:30 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\瞩目国际版
2021-12-01 22:39 - 2021-03-25 09:27 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2021-12-01 22:39 - 2021-02-19 19:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSSL
2021-12-01 22:39 - 2021-01-31 13:31 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KMPlayer 64X
2021-12-01 22:39 - 2020-12-29 10:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2021-12-01 22:39 - 2020-12-29 08:17 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.7
2021-12-01 22:39 - 2020-12-22 22:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP
2021-12-01 22:39 - 2020-12-22 22:23 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2021-12-01 22:39 - 2020-12-17 19:33 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accession Meeting
2021-12-01 22:39 - 2020-12-08 18:24 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stremio
2021-12-01 22:39 - 2020-11-18 01:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ldevents
2021-12-01 22:39 - 2020-11-15 13:50 - 000000000 ____D C:\Program Files\UNP
2021-12-01 22:39 - 2020-11-15 08:39 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LINE
2021-12-01 22:39 - 2020-11-14 22:29 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2021-12-01 22:39 - 2020-11-14 09:24 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CloudMeeting
2021-12-01 22:39 - 2020-11-14 09:10 - 000000000 ____D C:\WINDOWS\SysWOW64\cba
2021-12-01 22:39 - 2020-11-14 09:06 - 000000000 ____D C:\WINDOWS\SysWOW64\nmap
2021-12-01 22:39 - 2020-11-14 09:05 - 000000000 ____D C:\ProgramData\regid.1992-12.com.symantec
2021-12-01 22:39 - 2020-11-14 09:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
2021-12-01 22:39 - 2020-11-14 09:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SPES 5.0
2021-12-01 22:39 - 2020-11-14 05:35 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-12-01 22:39 - 2020-11-13 18:44 - 000000000 ____D C:\WINDOWS\SHELLNEW
2021-12-01 22:39 - 2020-09-11 15:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Go Programming Language
2021-12-01 22:39 - 2020-05-14 00:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyDesk
2021-12-01 22:39 - 2020-02-01 08:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2021-12-01 22:39 - 2020-01-25 14:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6
2021-12-01 22:39 - 2019-12-07 16:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-12-01 22:39 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2021-12-01 22:39 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-12-01 22:39 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\system32\spool
2021-12-01 22:39 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-12-01 22:39 - 2019-12-07 16:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-12-01 22:39 - 2019-12-07 16:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-12-01 22:39 - 2019-12-01 07:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2021-12-01 22:39 - 2019-09-24 18:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kutools for Excel
2021-12-01 22:39 - 2019-07-15 18:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kids Designer
2021-12-01 22:39 - 2019-03-19 11:52 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-12-01 22:39 - 2019-03-19 11:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2021-12-01 22:39 - 2019-03-19 11:52 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-12-01 22:39 - 2019-03-19 11:52 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-12-01 22:39 - 2019-03-19 11:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2021-12-01 22:39 - 2018-12-14 08:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremiumSoft
2021-12-01 22:39 - 2018-11-21 09:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2021-12-01 22:39 - 2018-11-12 22:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit)
2021-12-01 22:39 - 2018-11-12 16:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RSA SecurID Token
2021-12-01 22:39 - 2018-10-23 18:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2021-12-01 22:39 - 2018-10-23 18:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-12-01 22:38 - 2020-05-17 17:36 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-12-01 22:38 - 2019-12-01 07:48 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-12-01 22:38 - 2019-08-20 11:37 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)
2021-12-01 22:38 - 2018-11-30 07:49 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2021-12-01 22:38 - 2018-11-08 00:15 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.7
2021-12-01 14:08 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-12-01 08:31 - 2020-11-16 17:55 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\CheckPoint
2021-12-01 08:30 - 2021-03-25 09:23 - 000000000 ____D C:\ProgramData\CheckPoint
2021-12-01 08:05 - 2021-03-25 09:24 - 000012288 _____ C:\WINDOWS\system32\Drivers\vsndis.reg
2021-12-01 08:03 - 2020-11-14 09:19 - 000000000 ____D C:\Users\dwx1001776\AppData\Local\Packages
2021-12-01 08:03 - 2019-12-07 16:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-12-01 07:58 - 2020-11-14 09:12 - 000000000 ____D C:\WINDOWS\wlansvc
2021-12-01 07:49 - 2019-12-07 16:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-12-01 07:48 - 2020-11-14 09:19 - 000000000 ___RD C:\Users\dwx1001776\3D Objects
2021-12-01 07:48 - 2020-11-14 05:58 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-12-01 07:48 - 2019-12-07 16:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-12-01 07:47 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-12-01 07:39 - 2020-11-14 00:17 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2021-12-01 07:36 - 2019-12-07 16:16 - 000000000 ____D C:\WINDOWS\Setup
2021-12-01 07:33 - 2019-12-07 16:14 - 000000000 __RHD C:\Users\Public\Libraries
2021-12-01 07:19 - 2021-06-26 21:21 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mirillis
2021-12-01 07:19 - 2020-03-10 01:48 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xiaomi
2021-12-01 07:18 - 2020-11-14 05:58 - 000000000 ____D C:\Users\Admin\AppData\Local\Packages
2021-12-01 07:12 - 2019-12-07 16:51 - 000000000 ___SD C:\WINDOWS\system32\AppV
2021-12-01 07:12 - 2019-12-07 16:51 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-12-01 07:12 - 2019-12-07 16:48 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-12-01 07:12 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-12-01 07:12 - 2019-12-07 16:03 - 000000000 ____D C:\WINDOWS\servicing
2021-12-01 07:11 - 2019-12-07 16:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-12-01 06:53 - 2019-12-07 16:50 - 000000000 ____D C:\WINDOWS\OCR
2021-12-01 06:52 - 2019-12-07 16:51 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-12-01 06:52 - 2019-12-07 16:51 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-12-01 06:52 - 2019-12-07 16:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-12-01 06:49 - 2019-12-07 16:09 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\telnet.exe
2021-12-01 03:49 - 2020-11-14 09:07 - 001049923 _____ C:\ProgramData\CpmCore.log.9
2021-11-29 05:48 - 2020-11-14 09:07 - 001048635 _____ C:\ProgramData\CpmCore.log.10
2021-11-27 07:16 - 2020-11-14 09:07 - 001048644 _____ C:\ProgramData\CpmCore.log.11
2021-11-25 08:36 - 2020-11-14 09:07 - 001050326 _____ C:\ProgramData\CpmCore.log.12
2021-11-25 08:21 - 2020-11-17 08:42 - 000000000 ____D C:\Users\dwx1001776\Documents\Zoom
2021-11-25 08:18 - 2020-11-16 19:05 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Zoom
2021-11-23 10:45 - 2020-11-14 09:07 - 001048761 _____ C:\ProgramData\CpmCore.log.13
2021-11-21 12:59 - 2020-11-14 09:07 - 001048786 _____ C:\ProgramData\CpmCore.log.14
2021-11-21 12:13 - 2020-11-14 09:26 - 000000000 ___RD C:\Users\dwx1001776\OneDrive
2021-11-19 14:19 - 2020-11-14 09:07 - 001049260 _____ C:\ProgramData\CpmCore.log.15

==================== Files in the root of some directories ========

2020-11-14 09:09 - 2021-12-15 16:15 - 000000000 _____ () C:\Program Files (x86)\ItShieldCheckFile.ck
2021-07-13 21:39 - 2021-08-04 05:56 - 000016384 _____ () C:\Users\dwx1001776\AppData\Roaming\NetCareClientTaskCache.Data.dll
2020-11-14 09:20 - 2020-11-14 09:20 - 000000000 _____ () C:\Users\dwx1001776\AppData\Roaming\UserAgentData.log
2020-11-14 09:20 - 2020-11-14 09:20 - 000000000 _____ () C:\Users\dwx1001776\AppData\Roaming\UserData.log
2021-08-31 21:01 - 2021-09-04 00:24 - 000000081 _____ () C:\Users\dwx1001776\AppData\Local\.bidstack.fault
2021-11-26 08:22 - 2021-11-26 08:24 - 000000128 _____ () C:\Users\dwx1001776\AppData\Local\PUTTY.RND

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)



testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <==== ATTENTION
==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-12-2021
Ran by dWX1001776 (19-12-2021 01:59:31)
Running from C:\Users\dwx1001776\Downloads\Programs
Microsoft Windows 10 Pro N Version 21H1 19043.1348 (X64) (2021-12-01 00:47:43)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Admin (S-1-5-21-888159395-1567868294-3106766758-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-888159395-1567868294-3106766758-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-888159395-1567868294-3106766758-503 - Limited - Disabled)
Guest (S-1-5-21-888159395-1567868294-3106766758-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-888159395-1567868294-3106766758-504 - Limited - Disabled)
zer0 (S-1-5-21-888159395-1567868294-3106766758-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Symantec Endpoint Protection (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: Symantec Endpoint Protection (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Action! (HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\Mirillis Action!) (Version: 4.19.0 - Mirillis)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.465 - Adobe)
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 6.2.6 - philandro Software GmbH)
Array SSL VPN (HKLM\...\SSL VPN Client) (Version: 9.4.0.0 - Array Networks)
Audacity 3.0.4 (HKLM\...\Audacity_is1) (Version: 3.0.4 - Audacity Team)
Camtasia 2019 (HKLM\...\{FF10C4F0-9186-405F-809D-D2E8D5E39448}) (Version: 19.0.10.17662 - TechSmith Corporation)
Check Point VPN (HKLM-x32\...\{CC3997BB-707F-4747-AB2B-1A3567B34710}) (Version: 98.61.1909 - Check Point Software Technologies Ltd.)
ClouddriveBatchTool 1.0.1.0 (HKLM-x32\...\ClouddriveBatchTool) (Version: 1.0.1.0 - Huawei company, Inc.)
Core Temp 1.17.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.17.1 - ALCPU)
CPUID HWMonitor 1.44 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.44 - CPUID, Inc.)
Dota 2 version 580 (HKLM\...\{11A02AEB-002F-43B2-AFD7-0D1DB406696B}_is1) (Version: 580 - Strogino CS Portal)
EmailTools V2.7.5.1 (HKLM-x32\...\EmailTools V2.7.5.1) (Version: V2.7.5.1 - Huawei, Inc.)
eSpacePlug (HKLM-x32\...\{C08331F6-AA01-436E-9D1D-C3D2E00434C2}) (Version: 1.0.0.1 - Huawei)
FileZilla Client 3.56.2 (HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\FileZilla Client) (Version: 3.56.2 - Tim Kosse)
FonePaw Screen Recorder 3.8.0 (HKLM-x32\...\{B3975585-8333-4F6A-AFBD-490F7D7243D3}_is1) (Version: 3.8.0 - FonePaw)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 10.1.1.37576 - Foxit Software Inc.)
Go Programming Language amd64 go1.17.1 (HKLM\...\{B8541976-57DC-4AC5-90D6-7A277F83D376}) (Version: 1.17.1 - hxxps://golang.org)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.110 - Google LLC)
iDesk 3.0.2.7 (HKLM-x32\...\iDesk) (Version: 3.0.2.7 - Huawei company, Inc.)
Intelligent Memory Protection System (HKLM-x32\...\Intelligent Memory Protection System) (Version: 3.0.1208.100 - AnxinSec)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: 6.38.14 - Tonec Inc.)
iptvnator 0.8.0 (HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\3d079bcf-2c03-55d5-9add-ff830e0bf10c) (Version: 0.8.0 - 4gray)
KMPlayer 64X (remove only) (HKLM\...\KMPlayer 64X) (Version: 2021.01.25.10 - PandoraTV)
LANDESK Advance Agent (HKLM-x32\...\{7E8833A1-AF24-4CAE-82DF-CFE14C14B94D}) (Version: 1.0.0 - LANDesk Software) Hidden
LINE (HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\LINE) (Version: 7.5.0.2664 - LINE Corporation)
Malwarebytes version 4.5.0.152 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.0.152 - Malwarebytes)
Mavis Hub 1.3.0 (HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\{cc9e8b63-ffef-5371-bb50-2dfd3e6be1f2}) (Version: 1.3.0 - )
Meeting (HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\accessionmeeting) (Version: 4.2 - Metaswitch Networks Ltd)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.57 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\OneDriveSetup.exe) (Version: 21.230.1107.0004 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-888159395-1567868294-3106766758-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0005 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1b103cea-f037-4504-81de-956057b442c3}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{5e4b593b-ca3c-429c-bc49-b51cbf46e72a}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.30.30704 (HKLM-x32\...\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}) (Version: 14.30.30704.0 - Microsoft Corporation)
Movavi Video Editor Plus 2022 (HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\Movavi Video Editor Plus 2022) (Version: 22.0.0 - Movavi)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 95.0.1 (x64 en-US)) (Version: 95.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 84.0 - Mozilla)
MySQL Connector/ODBC 5.3 (HKLM\...\{8F1753C5-4394-4310-A3CC-C9AC85D02220}) (Version: 5.3.14 - Oracle Corporation)
NetCareClient (HKLM-x32\...\{27080CCA-B2A1-4598-B10D-D2C04297B0AA}) (Version: 1.0.5 - Huawei)
Onebox Mate_V1.6.7.0009 (HKLM-x32\...\Onebox Mate) (Version: 1.6.7.0009 - Huawei company, Inc.)
OpenSSL 1.1.1j Light (64-bit) (HKLM\...\OpenSSL Light (64-bit)_is1) (Version: - OpenSSL Win64 Installer Team)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PremiumSoft Navicat Premium 15.0 (HKLM\...\PremiumSoft Navicat Premium 15_is1) (Version: 15.0.17 - PremiumSoft CyberTech Ltd.)
PuTTY release 0.76 (64-bit) (HKLM\...\{1E0D5689-40F1-4E46-ABBB-EAAC68B5CD89}) (Version: 0.76.0.0 - Simon Tatham)
Python 3.7.0 (64-bit) (HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\{f684de81-73c2-4924-ad43-e7ae400d47b5}) (Version: 3.7.150.0 - Python Software Foundation)
Python 3.7.0 Add to Path (64-bit) (HKLM\...\{A03DCA8A-AAD0-4A25-8CE0-D50D73797233}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Core Interpreter (64-bit) (HKLM\...\{F046BD5A-33F4-4ABA-BD2D-0227F6291EC9}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Development Libraries (64-bit) (HKLM\...\{61246987-8D99-44A9-8FF5-E2E3F503B72D}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Documentation (64-bit) (HKLM\...\{E7C56E72-C80E-453B-9345-FAEAE5DB51A4}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Executables (64-bit) (HKLM\...\{84B7971A-F59F-4247-AD34-BEC02CF85FBD}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 pip Bootstrap (64-bit) (HKLM\...\{8A6F7991-1955-4C46-8C0C-8D7C6F7042FA}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Standard Library (64-bit) (HKLM\...\{18D93BBC-06F6-449D-96FB-CD473CFC6A6D}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Tcl/Tk Support (64-bit) (HKLM\...\{A2FC01E0-059E-4D21-AFD2-B63A7E1EF3CD}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Test Suite (64-bit) (HKLM\...\{E4266358-1C9B-4AF0-ABF7-72BE136904CF}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Utility Scripts (64-bit) (HKLM\...\{9E24E01B-CBD8-4558-A56D-6188F1A3C822}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{D6BDDB48-938A-4384-A7BE-2B4E4931B111}) (Version: 3.7.6386.0 - Python Software Foundation)
RogueKiller version 15.1.5.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.1.5.0 - Adlice Software)
RSA SecurID Token for Windows Desktops (HKLM-x32\...\{4800D75D-4697-4D6B-9B3B-0BF36245B95C}) (Version: 4.0.0 - RSA Security Inc.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 6.3.0.330 - Samsung Electronics)
SPES (HKLM-x32\...\SPES) (Version: 10.2.7.5 - Huawei Technologies Co., Ltd.)
SpyHunter 5 (HKLM-x32\...\SpyHunter5) (Version: 5.11.8.246 - EnigmaSoft Limited)
Stremio (HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\Stremio) (Version: 4.4.120 - Smart Code Ltd)
Sublime Text 3 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)
Symantec Endpoint Protection (HKLM\...\{2F52BA04-4BF8-4A4C-B282-94E3C8FB9ECA}) (Version: 14.2.3332.1000 - Symantec Corporation)
Telegram Desktop version 3.3 (HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 3.3 - Telegram FZ-LLC)
The Sandbox (HKLM\...\sandboxgame) (Version: 0.6.17.971 - TSB Gaming Limited)
Thetan Arena version 205 (HKLM-x32\...\{B1C5070E-92A8-4738-BE0A-4FBE53B86B9B}_is1) (Version: 205 - Wolffun Game)
TinyTake Filter 1.0.0 (HKLM\...\TinyTake Filter_is1) (Version: 1.0.0 - )
TurboVPN 2.14.0.0 stable (HKLM-x32\...\TurboVPN) (Version: 2.14.0.0 stable - inconnecting.com)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.14 - VideoLAN)
WebMeeting (HKLM-x32\...\WebMeeting) (Version: v6.6.1.909 - Huawei Technologies Co., Ltd.)
WeLink Meeting 2.0.5.10 (HKLM-x32\...\WeLink Meeting) (Version: 2.0.5.10 - Huawei Technologies CO., LTD)
WeLinkPC (HKLM-x32\...\{6D01DAF3-75A0-410C-9D30-A1BFFEB572B3}) (Version: 3.1.9.14 - Huawei Technologies Co., Ltd. (internal))
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23367 - Microsoft Corporation)
Windows Driver Package - Broadcom Corporation (bcbtums) Bluetooth (03/25/2015 12.0.1.410) (HKLM\...\7DEAC3F86989515FADA26E9B88925B5B8276899D) (Version: 03/25/2015 12.0.1.410 - Broadcom Corporation)
Windows Driver Package - Intel (Netwtw04) net (06/02/2020 19.51.30.1) (HKLM\...\7193C7EDA48E4F204546D0704332A710A3994748) (Version: 06/02/2020 19.51.30.1 - Intel)
Windows Driver Package - Intel (Netwtw06) net (06/24/2020 20.70.18.2) (HKLM\...\CAD0EA88001D420C2FAC7CC94F3913D2D754AA3C) (Version: 06/24/2020 20.70.18.2 - Intel)
Windows Driver Package - Intel (Netwtw10) net (07/01/2020 21.110.1.1) (HKLM\...\5F41D7EF7D87DF02B3E2E4472AA0F1CD7C76C337) (Version: 07/01/2020 21.110.1.1 - Intel)
WinRAR 6.00 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.2 - win.rar GmbH)
XAMPP (HKLM-x32\...\xampp) (Version: 7.0.32-0 - Bitnami)
Zhumuintl Cloud Meetings (HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\ZhumuintlCloudMeetings) (Version: 5.0 - SUIRUI Co., Ltd.)
Zoom (HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\ZoomUMX) (Version: 5.8.4 (1736) - Zoom Video Communications, Inc.)

Packages:
=========
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.11.12030.0_x64__8wekyb3d8bbwe [2021-12-14] (Microsoft Studios) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-147214757-305610072-1517763936-8001229_Classes\CLSID\{930e604a-cc01-4d06-8d7a-5a07914f3afb}\localserver32 -> C:\Program Files\TechSmith\Camtasia 2019\CamtasiaStudio.exe (TechSmith Corporation -> TechSmith Corporation)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2019-05-02] (Tonec Inc. -> Tonec Inc.)
ShellIconOverlayIdentifiers: [ ..0Shell Icon Overlay Identifier] -> {C6B033C1-16EA-4F40-A2F3-674086B0257D} => C:\WINDOWS\system32\shell16.dll [2020-01-20] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin64\vpshell2.dll [2020-11-14] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-11-13] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-11-13] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin64\vpshell2.dll [2020-11-14] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-12-18] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin64\vpshell2.dll [2020-11-14] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-12-18] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-11-13] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-11-13] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FICV] => C:\WINDOWS\system32\ficvdec_x64.dll [652288 2013-05-29] () [File not signed]
HKLM\...\Drivers32: [VIDC.FICV] => C:\Windows\SysWOW64\ficvdec_x86.dll [641024 2013-05-29] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WebProxy.lnk -> C:\Users\dwx1001776\oss\New Folder\start.bat ()
ShortcutWithArgument: C:\Users\dwx1001776\Desktop\Person 1 - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"

==================== Loaded Modules (Whitelisted) =============

2019-06-24 17:52 - 2019-06-24 17:52 - 002048000 _____ () [File not signed] C:\Program Files (x86)\CheckPoint\Endpoint Connect\xerces-c_3_2.dll
2021-06-16 17:09 - 2021-06-16 17:09 - 000124928 _____ () [File not signed] C:\Program Files (x86)\Huawei\NetCareClient\kmc.dll
2021-06-16 17:09 - 2021-06-16 17:09 - 000050688 _____ () [File not signed] C:\Program Files (x86)\Huawei\NetCareClient\kmcDll.dll
2021-06-16 17:09 - 2021-06-16 17:09 - 000049152 _____ () [File not signed] C:\Program Files (x86)\Huawei\NetCareClient\sdp.dll
2021-06-16 17:09 - 2021-06-16 17:09 - 000008704 _____ () [File not signed] C:\Program Files (x86)\Huawei\NetCareClient\securec.dll
2020-11-14 09:10 - 2015-12-17 04:53 - 000165888 _____ () [File not signed] C:\Program Files (x86)\LANDesk\LDClient\httprequest.dll
2020-11-14 09:10 - 2015-12-17 05:03 - 000107008 _____ () [File not signed] C:\Program Files (x86)\LANDesk\LDClient\RollingLog.dll
2020-11-14 09:10 - 2016-02-13 02:40 - 000476672 _____ () [File not signed] C:\Program Files (x86)\LANDesk\LDClient\SelfElect.dll
2020-11-14 09:10 - 2015-12-17 04:21 - 000106567 _____ () [File not signed] C:\Program Files (x86)\LANDesk\LDClient\ThinstallManageApi.dll
2020-11-14 09:10 - 2016-02-13 02:40 - 001145856 _____ () [File not signed] C:\Program Files (x86)\LANDesk\LDClient\tmcdll.dll
2021-09-10 09:03 - 2021-09-10 09:03 - 000913408 _____ () [File not signed] C:\Program Files (x86)\SPES5.0\Composites\SPES\Plugins\AccountPwdChecker.dll
2021-10-10 10:41 - 2021-10-05 11:40 - 004198912 _____ (Huawei Technologies Co., Ltd) [File not signed] C:\Users\dwx1001776\oss\New Folder\jre\bin\client\jvm.dll
2021-10-10 10:41 - 2021-10-05 11:40 - 000131584 _____ (Huawei Technologies Co., Ltd) [File not signed] C:\Users\dwx1001776\oss\New Folder\jre\bin\java.dll
2021-10-10 10:41 - 2021-10-05 11:40 - 000029696 _____ (Huawei Technologies Co., Ltd) [File not signed] C:\Users\dwx1001776\oss\New Folder\jre\bin\management.dll
2021-10-10 10:41 - 2021-10-05 11:40 - 000079360 _____ (Huawei Technologies Co., Ltd) [File not signed] C:\Users\dwx1001776\oss\New Folder\jre\bin\net.dll
2021-10-10 10:41 - 2021-10-05 11:40 - 000046592 _____ (Huawei Technologies Co., Ltd) [File not signed] C:\Users\dwx1001776\oss\New Folder\jre\bin\nio.dll
2021-10-10 10:41 - 2021-10-05 11:40 - 000132096 _____ (Huawei Technologies Co., Ltd) [File not signed] C:\Users\dwx1001776\oss\New Folder\jre\bin\sunec.dll
2021-10-10 10:41 - 2021-10-05 11:40 - 000027648 _____ (Huawei Technologies Co., Ltd) [File not signed] C:\Users\dwx1001776\oss\New Folder\jre\bin\sunmscapi.dll
2021-10-10 10:41 - 2021-10-05 11:40 - 000035840 _____ (Huawei Technologies Co., Ltd) [File not signed] C:\Users\dwx1001776\oss\New Folder\jre\bin\verify.dll
2021-10-10 10:41 - 2021-10-05 11:40 - 000068096 _____ (Huawei Technologies Co., Ltd) [File not signed] C:\Users\dwx1001776\oss\New Folder\jre\bin\zip.dll
2021-09-10 09:03 - 2021-09-10 09:03 - 000995816 _____ (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\SPES5.0\Composites\SPES\Plugins\DisableForward.dll
2021-09-10 09:03 - 2021-09-10 09:03 - 000849384 _____ (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\SPES5.0\Composites\SPES\Plugins\SQLServerChecker.dll
2021-09-10 09:03 - 2021-09-10 09:03 - 000855016 _____ (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\SPES5.0\Composites\SPES\Plugins\SystemRebootRequiredChecker.dll
2020-11-14 09:10 - 2015-12-17 05:46 - 000062464 _____ (LANDESK Software, Inc. and its affiliates.) [File not signed] C:\Program Files (x86)\LANDesk\LDClient\ENUsftmn.dll
2020-11-14 09:10 - 2015-12-17 05:46 - 000056320 _____ (LANDESK Software, Inc. and its affiliates.) [File not signed] C:\Program Files (x86)\LANDesk\LDClient\ENUTMCC.dll
2020-11-14 09:10 - 2016-03-30 05:14 - 000167424 _____ (LANDESK Software, Inc. and its affiliates.) [File not signed] C:\Program Files (x86)\LANDesk\LDClient\ENUVulscan.dll
2020-11-14 09:10 - 2016-06-28 23:24 - 000982528 _____ (LANDESK Software, Inc. and its affiliates.) [File not signed] C:\Program Files (x86)\LANDesk\LDClient\lddwnld.DLL
2020-11-14 09:10 - 2016-04-14 01:46 - 001874944 _____ (LANDESK Software, Inc. and its affiliates.) [File not signed] C:\Program Files (x86)\LANDesk\LDClient\LDSystemEventCapture.dll
2020-11-14 09:10 - 2016-02-13 02:48 - 000207872 _____ (LANDESK Software, Inc. and its affiliates.) [File not signed] C:\Program Files (x86)\LANDesk\LDClient\ltapi.dll
2020-11-14 09:10 - 2016-04-26 23:19 - 005991424 _____ (LANDESK Software, Inc. and its affiliates.) [File not signed] C:\Program Files (x86)\LANDesk\LDClient\Vulscan.dll
2020-11-14 09:10 - 2016-02-13 02:47 - 000137728 _____ (LANDESK Software, Inc. and its affiliates.) [File not signed] C:\Program Files (x86)\LANDesk\Shared Files\cbaroot\extensions\lclxsvc.dll
2016-05-27 14:29 - 2016-05-27 14:29 - 000101376 _____ (LANDesk Software, Inc. and its affiliates.) [File not signed] C:\Program Files (x86)\LANDesk\Shared Files\cbaroot\extensions\proxyext.dll
2016-05-27 14:16 - 2016-05-27 14:16 - 000110592 _____ (LANDESK Software, Ltd.) [File not signed] C:\Program Files (x86)\LANDesk\Shared Files\pds2lis.dll
2021-06-16 17:09 - 2021-06-16 17:09 - 000959220 _____ (SQLite Development Team) [File not signed] C:\Program Files (x86)\Huawei\NetCareClient\sqlite3.DLL
2020-11-14 09:10 - 2015-12-17 04:53 - 000387072 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\Program Files (x86)\LANDesk\LDClient\curllib.dll
2020-11-14 09:10 - 2015-12-17 04:21 - 001155072 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\LANDesk\LDClient\LIBEAY32.dll
2020-11-14 09:10 - 2015-12-17 04:21 - 000276992 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\LANDesk\LDClient\SSLEAY32.dll
2016-05-06 03:36 - 2016-05-06 03:36 - 001157632 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\LANDesk\Shared Files\LIBEAY32.dll
2021-04-08 18:58 - 2021-04-08 18:58 - 001216512 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\SPES5.0\Composites\HACC\LIBEAYsharedlib32.dll
2021-04-08 18:58 - 2021-04-08 18:58 - 000278528 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\SPES5.0\Composites\HACC\SSLEAYsharedlib32.dll
2021-06-16 17:09 - 2021-06-16 17:09 - 002134016 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Huawei\NetCareClient\libcrypto-1_1.dll
2021-09-10 09:04 - 2021-09-10 09:04 - 002105856 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\SPES5.0\Composites\SPES\libcrypto-1_1.dll
2021-09-10 09:04 - 2021-09-10 09:04 - 000504320 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\SPES5.0\Composites\SPES\libssl-1_1.dll
2021-10-12 15:03 - 2021-10-12 15:03 - 002112000 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\SPES5.0\Console\libcrypto-1_1.dll
2021-10-12 15:03 - 2021-10-12 15:03 - 000505344 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\SPES5.0\Console\libssl-1_1.dll
2021-10-12 15:03 - 2021-10-12 15:03 - 002112000 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\SPES5.0\libcrypto-1_1.dll
2021-10-12 15:03 - 2021-10-12 15:03 - 000505344 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\SPES5.0\libssl-1_1.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VPNInstallManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VPNInstallManager => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2020-07-31] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2020-07-31] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: UEBAIEBrowser Class -> {AEE30A01-D75D-46F2-893E-A05A21CC2535} -> C:\UEBA\bin\UEBAIEWatcher.dll [2021-06-16] (I-Search Software Company) [File not signed]
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-06-14] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\*.hisilicon.com -> *.hisilicon.com
IE trusted site: HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\*.huawei.com -> *.huawei.com
IE trusted site: HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\*.huaweidevice.com -> *.huaweidevice.com
IE trusted site: HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\*.huaweimarine.com -> *.huaweimarine.com
IE trusted site: HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\*.huaweimossel.com -> *.huaweimossel.com
IE trusted site: HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\*.hwtrip.com -> *.hwtrip.com
IE trusted site: HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\*.smartcom.com -> *.smartcom.com
IE trusted site: HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\*.vmall.com -> *.vmall.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 11:49 - 2021-01-09 07:26 - 000000862 ____R C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 activate.navicat.com

2021-12-11 01:53 - 2021-12-11 01:53 - 000000375 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\RSA SecurID Token Common;%SystemRoot%;%SystemRoot%\system32;%SystemRoot%\System32\Wbem;%SystemRoot%\System32\WindowsPowerShell\v1.0;C:\Windows;C:\Windows\system32;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\xampp\mysql\bin;C:\Program Files\Go\bin;C:\Program Files\PuTTY\
HKU\S-1-5-21-147214757-305610072-1517763936-8001229\Control Panel\Desktop\\Wallpaper -> C:\Users\dwx1001776\Downloads\markus-spiske-YyeeT42dZ48-unsplash.jpg
HKU\S-1-5-21-888159395-1567868294-3106766758-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "AnyDesk.lnk"
HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A70C90ED-BE6D-4C20-9C43-E74FE1C2A94C}] => (Allow) LPort=8320
FirewallRules: [{ACA548AC-18A9-4557-B42E-830BA71CB8CD}] => (Allow) C:\Program Files\AnXinSec\AxTransferTool.exe (安芯网盾(北京)科技有限公司 -> 安芯网盾(北京)科技有限公司)
FirewallRules: [{72ABE58A-DB82-4396-85C5-894A139E0A74}] => (Allow) C:\Program Files\AnXinSec\MemProtectSrv64.exe (安芯网盾(北京)科技有限公司 -> 安芯网盾(北京)科技有限公司)
FirewallRules: [{D497CAFD-B95E-4B33-BA99-BEF262C6EFBC}] => (Allow) C:\Program Files\AnXinSec\AxTransferTool.exe (安芯网盾(北京)科技有限公司 -> 安芯网盾(北京)科技有限公司)
FirewallRules: [{A4364EFA-7643-4F33-94AF-E22C7F74587C}] => (Allow) C:\Program Files\AnXinSec\MemProtectSrv64.exe (安芯网盾(北京)科技有限公司 -> 安芯网盾(北京)科技有限公司)
FirewallRules: [UDP Query User{B98A9AD6-1524-4CFC-8DCD-27B45C92C83A}C:\users\dwx1001776\downloads\telegram desktop\dota2\dota 2\dota.exe] => (Block) C:\users\dwx1001776\downloads\telegram desktop\dota2\dota 2\dota.exe => No File
FirewallRules: [TCP Query User{BE300176-DCFB-486F-A522-BFC7CA8A50E0}C:\users\dwx1001776\downloads\telegram desktop\dota2\dota 2\dota.exe] => (Block) C:\users\dwx1001776\downloads\telegram desktop\dota2\dota 2\dota.exe => No File
FirewallRules: [UDP Query User{A6DFDAE6-0EF6-465C-95EC-429C0B2EA8EC}C:\users\dwx1001776\downloads\telegram desktop\dota2\dota 2\dota.exe] => (Block) C:\users\dwx1001776\downloads\telegram desktop\dota2\dota 2\dota.exe => No File
FirewallRules: [TCP Query User{35F76FA4-A034-4BED-808E-CB3202151B0A}C:\users\dwx1001776\downloads\telegram desktop\dota2\dota 2\dota.exe] => (Block) C:\users\dwx1001776\downloads\telegram desktop\dota2\dota 2\dota.exe => No File
FirewallRules: [UDP Query User{DACA8C66-06BF-40B7-99DA-9AFDD22C3C80}C:\users\dwx1001776\appdata\roaming\welink meeting\welinkmeeting.exe] => (Block) C:\users\dwx1001776\appdata\roaming\welink meeting\welinkmeeting.exe (Huawei Technologies Co. Ltd -> Huawei)
FirewallRules: [TCP Query User{5364295A-5011-461C-966B-49EDE76B067F}C:\users\dwx1001776\appdata\roaming\welink meeting\welinkmeeting.exe] => (Block) C:\users\dwx1001776\appdata\roaming\welink meeting\welinkmeeting.exe (Huawei Technologies Co. Ltd -> Huawei)
FirewallRules: [{5BEE66FE-404D-4048-97FF-DFA1C3D9BED3}] => (Allow) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
FirewallRules: [{02C78D29-4AEF-4C64-8B8A-69500C7A21A8}] => (Allow) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
FirewallRules: [UDP Query User{7CA34A41-7AE4-486B-86E1-3D5A64F343FE}C:\program files\strogino cs portal\dota 2\dota.exe] => (Allow) C:\program files\strogino cs portal\dota 2\dota.exe => No File
FirewallRules: [TCP Query User{0EAD6B0D-1141-44EA-B3AC-F35B74209F7B}C:\program files\strogino cs portal\dota 2\dota.exe] => (Allow) C:\program files\strogino cs portal\dota 2\dota.exe => No File
FirewallRules: [UDP Query User{D8D24329-37CD-4C89-ABC3-EB68A6A88023}C:\users\dwx1001776\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\dwx1001776\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{DE2028E5-4427-4659-A4B7-732469FB086D}C:\users\dwx1001776\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\dwx1001776\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{2FDAED74-2C32-4F20-922D-B040CA0650F2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{647E2621-6C77-4767-A548-FACE93A291FB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{B89FC73F-7980-4092-BA17-E971F52A5D30}C:\users\dwx1001776\oss\new folder\jre\bin\javaw.exe] => (Allow) C:\users\dwx1001776\oss\new folder\jre\bin\javaw.exe
FirewallRules: [TCP Query User{0C14474C-1C9B-495D-ADFE-069D63E7F4D4}C:\users\dwx1001776\oss\new folder\jre\bin\javaw.exe] => (Allow) C:\users\dwx1001776\oss\new folder\jre\bin\javaw.exe
FirewallRules: [UDP Query User{478C3326-5699-4FD8-A381-651765FFE57B}C:\users\dwx1001776\oss\new folder\jre\bin\java.exe] => (Allow) C:\users\dwx1001776\oss\new folder\jre\bin\java.exe
FirewallRules: [TCP Query User{2B10A3DB-7DE0-4C31-94AD-13371C8A1C1B}C:\users\dwx1001776\oss\new folder\jre\bin\java.exe] => (Allow) C:\users\dwx1001776\oss\new folder\jre\bin\java.exe
FirewallRules: [UDP Query User{5388C209-FA88-43E7-85E0-13ACC20EA6A9}C:\users\dwx1001776\oss\jre\bin\javaw.exe] => (Allow) C:\users\dwx1001776\oss\jre\bin\javaw.exe
FirewallRules: [TCP Query User{9C58B340-2992-4091-B7F9-6B401EE41312}C:\users\dwx1001776\oss\jre\bin\javaw.exe] => (Allow) C:\users\dwx1001776\oss\jre\bin\javaw.exe
FirewallRules: [{CCF17997-6942-45E7-844B-70A80F43CCE7}] => (Allow) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
FirewallRules: [{29BBC9DC-44C1-4E79-9242-5744EEF18988}] => (Allow) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
FirewallRules: [{24BD269C-9DAF-4C4B-9C75-81B22132FA62}] => (Allow) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
FirewallRules: [{CB9963B7-56A3-4CD3-87C6-E61F2E455209}] => (Allow) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
FirewallRules: [{B250B200-0742-44C1-8162-FFF78F995EDD}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe (LANDesk Software, Inc. -> LANDESK Software, Inc. and its affiliates.)
FirewallRules: [{8F7D3CCD-A4E9-45BB-B633-B806EE9C967E}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe (LANDesk Software, Inc. -> LANDESK Software, Inc. and its affiliates.)
FirewallRules: [{B6E15E9B-F202-4727-AB8A-6305251E6E4B}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe (LANDesk Software, Inc. -> LANDESK Software, Inc. and its affiliates.)
FirewallRules: [{820A0B9F-2294-4AEE-B669-2CB34E95897B}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe (LANDesk Software, Inc. -> LANDESK Software, Inc. and its affiliates.)
FirewallRules: [{D184649F-54D1-4BCD-826F-944CACAA239F}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe (LANDesk Software, Inc. -> LANDESK Software, Inc. and its affiliates.)
FirewallRules: [{90463D7F-DB91-4FC3-83D9-8ADB6C511CC7}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe (LANDesk Software, Inc. -> LANDESK Software, Inc. and its affiliates.)
FirewallRules: [{1B6C82D4-E3D8-45B5-8F29-C7D85249597A}] => (Allow) C:\Windows\SysWOW64\cba\pds.exe (LANDesk Software Ltd.) [File not signed]
FirewallRules: [{4B033ED1-B7A1-4C86-A79F-C9A1E1B6A96B}] => (Allow) C:\Windows\SysWOW64\cba\pds.exe (LANDesk Software Ltd.) [File not signed]
FirewallRules: [{3326DBDA-E15D-4DB4-9350-27D8C67FC24D}] => (Allow) C:\Windows\SysWOW64\cba\pds.exe (LANDesk Software Ltd.) [File not signed]
FirewallRules: [{BFBCD874-33FB-424B-9BD5-97933172A159}] => (Allow) C:\Windows\SysWOW64\cba\pds.exe (LANDesk Software Ltd.) [File not signed]
FirewallRules: [{98434966-DEE5-47AD-9F50-E58B91FDDCE7}] => (Allow) C:\Windows\SysWOW64\cba\pds.exe (LANDesk Software Ltd.) [File not signed]
FirewallRules: [{878FA04C-8C32-44E9-B2F4-17C028BB710B}] => (Allow) C:\Windows\SysWOW64\cba\pds.exe (LANDesk Software Ltd.) [File not signed]
FirewallRules: [{BD556502-2C2D-4B82-A85E-D2AF7857CAFB}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin64\snac64.exe (Symantec Corporation -> Symantec Corporation)
FirewallRules: [{DEAA4C28-7B0C-4770-B2BE-AF1727F200F4}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin64\snac64.exe (Symantec Corporation -> Symantec Corporation)
FirewallRules: [{13198317-4744-4D30-97E1-8F94D971CFBF}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin\ccSvcHst.exe (Symantec Corporation -> Symantec Corporation)
FirewallRules: [{5D51F459-D6BC-4265-8C1D-2C43C19E6100}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin\ccSvcHst.exe (Symantec Corporation -> Symantec Corporation)
FirewallRules: [UDP Query User{05D64B01-5F6B-4F43-BE6A-B34B337D5A42}C:\program files (x86)\spes5.0\composites\idesk\idesk.exe] => (Allow) C:\program files (x86)\spes5.0\composites\idesk\idesk.exe (Huawei Technologies Co. Ltd -> Huawei)
FirewallRules: [TCP Query User{B3C3C9B5-4BF8-4626-8903-940D32B005C9}C:\program files (x86)\spes5.0\composites\idesk\idesk.exe] => (Allow) C:\program files (x86)\spes5.0\composites\idesk\idesk.exe (Huawei Technologies Co. Ltd -> Huawei)
FirewallRules: [{091A6178-D639-46F0-872A-50E22A613000}] => (Allow) LPort=60129
FirewallRules: [UDP Query User{105C43FD-DA99-4C19-9FEB-F3919720B381}C:\users\admin\oss\new folder00\jre\bin\java.exe] => (Allow) C:\users\admin\oss\new folder00\jre\bin\java.exe
FirewallRules: [TCP Query User{C9BA46D5-DE06-4A20-BBDD-8026DE807ACB}C:\users\admin\oss\new folder00\jre\bin\java.exe] => (Allow) C:\users\admin\oss\new folder00\jre\bin\java.exe
FirewallRules: [{4CF9F148-0F70-47A4-8B76-DCBD9D404AA9}] => (Allow) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
FirewallRules: [{A22032F4-303F-4148-8304-116EE1C3D527}] => (Allow) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
FirewallRules: [{1DE65ED6-44F9-4587-8148-B535B3EB4D77}] => (Allow) C:\Program Files (x86)\TurboVPN\Driver32\vpncore.exe (INNOVATIVE CONNECTING PTE. LIMITED -> The OpenVPN Project)
FirewallRules: [{1F9010F0-146F-4682-846F-50F05853D74C}] => (Allow) C:\Program Files (x86)\TurboVPN\Driver32\vpncore.exe (INNOVATIVE CONNECTING PTE. LIMITED -> The OpenVPN Project)
FirewallRules: [{1E5EF16A-AA79-4F81-B020-A1B212597BA1}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{3BA6FAF2-D809-4789-9517-A2AD4DEFE27B}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe (LANDesk Software, Inc. and its affiliates.) [File not signed]
FirewallRules: [{ACA1F18B-6B8A-4138-9D94-F0A283F2C8D3}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe (LANDesk Software, Inc. and its affiliates.) [File not signed]
FirewallRules: [{DD094206-3AE4-4645-9C14-23C611DA431A}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe (LANDesk Software, Inc. and its affiliates.) [File not signed]
FirewallRules: [{D2776841-C50B-4426-8EEB-5A271D556ACB}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe (LANDesk Software, Inc. and its affiliates.) [File not signed]
FirewallRules: [{BD587CC2-933B-414E-B557-E906CCB20742}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe (LANDesk Software, Inc. and its affiliates.) [File not signed]
FirewallRules: [{C7168361-0C91-4827-A1DE-E7F7BEABA029}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe (LANDesk Software, Inc. and its affiliates.) [File not signed]
FirewallRules: [{36F99373-9EAC-4364-B568-6F689DD63A33}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{AC1498AC-1161-4A8F-B875-A705385516B8}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{DB2A0C0F-DCBD-42BC-95AD-F0932F0BA649}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{291E2EC7-BE17-4422-9182-A7C512BD2E7A}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{3CCC5A3E-24B6-4ACD-B7E1-EF63104A03FC}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{9611DDBF-06C4-470E-A216-C7701E018EAA}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)

==================== Restore Points =========================
 
==================== Faulty Device Manager Devices ============

Name: Array Networks VPN Adapter
Description: Array Networks SSL VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Array Networks
Service: ATP
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: ========================

Application errors:
==================
Error: (12/19/2021 01:53:07 AM) (Source: Symantec AntiVirus) (EventID: 80) (User: )
Description: Symantec Endpoint Protection has failed to load the latest virus definitions.

Error: (12/19/2021 01:52:30 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a80b5abf-76ad-428b-b05d-a47d2dffeebf;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/19/2021 01:52:25 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a80b5abf-76ad-428b-b05d-a47d2dffeebf;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/19/2021 01:51:47 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a80b5abf-76ad-428b-b05d-a47d2dffeebf;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/19/2021 01:50:47 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a80b5abf-76ad-428b-b05d-a47d2dffeebf;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (12/18/2021 08:15:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin_host.exe, version: 0.0.0.0, time stamp: 0x5d928e2e
Faulting module name: ntdll.dll, version: 10.0.19041.1288, time stamp: 0xa280d1d6
Exception code: 0xc0000005
Fault offset: 0x000000000002a9c0
Faulting process id: 0xe24
Faulting application start time: 0x01d7f4114921bddb
Faulting application path: C:\Program Files\Sublime Text 3\plugin_host.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 5308fb1f-5b4d-4153-9f63-ffe826532364
Faulting package full name:
Faulting package-relative application ID:

Error: (12/18/2021 08:15:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin_host.exe, version: 0.0.0.0, time stamp: 0x5d928e2e
Faulting module name: ntdll.dll, version: 10.0.19041.1288, time stamp: 0xa280d1d6
Exception code: 0xc0000005
Fault offset: 0x000000000002a9c0
Faulting process id: 0xe24
Faulting application start time: 0x01d7f4114921bddb
Faulting application path: C:\Program Files\Sublime Text 3\plugin_host.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 82609817-2c31-4629-867e-622097fd4869
Faulting package full name:
Faulting package-relative application ID:

Error: (12/18/2021 08:15:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sublime_text.exe, version: 1.0.0.1, time stamp: 0x5d928ecf
Faulting module name: ntdll.dll, version: 10.0.19041.1288, time stamp: 0xa280d1d6
Exception code: 0xc0000005
Fault offset: 0x000000000002a9c0
Faulting process id: 0x38ec
Faulting application start time: 0x01d7f4114138e66f
Faulting application path: C:\Program Files\Sublime Text 3\sublime_text.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: e1348df7-63f9-4825-9cbe-5deb94592554
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (12/19/2021 01:58:08 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: CHINA)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (12/19/2021 01:58:08 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1130) (User: CHINA)
Description: 1 failed.
GPO Name : remdomainadminpolicy
GPO File System Path : \\china.huawei.com\SysVol\china.huawei.com\Policies\{B4CC22B5-4FCE-4D17-99E2-7797E7D8B80D}\User
Script Name: RemoveDomainAdmins.exe

Error: (12/19/2021 01:58:08 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (12/19/2021 01:58:08 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: CHINA)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (12/19/2021 01:58:08 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (12/19/2021 01:57:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (12/19/2021 01:53:57 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain CHINA due to the following:
We can't sign you in with this credential because your domain isn't available. Make sure your device is connected to your organization's network and try again. If you previously signed in on this device with another credential, you can sign in with that credential.


This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (12/19/2021 01:52:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AnyDesk Service service terminated unexpectedly. It has done this 3 time(s).


CodeIntegrity:
===============
Date: 2021-12-19 01:50:55
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin\WSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

BIOS: LENOVO G3ET67WW(2.06) 11/05/2012
Motherboard: LENOVO 2465CTO
Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 90%
Total physical RAM: 3670.02 MB
Available physical RAM: 342.64 MB
Total Virtual: 10838.02 MB
Available Virtual: 4426.71 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:162.89 GB) (Free:74.98 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:289.53 GB) (Free:42.47 GB) NTFS
Drive h: (New Volume) (Fixed) (Total:13 GB) (Free:0.37 GB) NTFS

\\?\Volume{5990f1b4-e5d5-11e9-827a-806e6f6e6963}\ () (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: B5BEF4DB)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=162.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=289.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=13 GB) - (Type=0F Extended)

==================== End of Addition.txt =======================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    4.1 KB · Views: 84
Hi Broni sorry for late response, the fixlog as shown below

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-12-2021
Ran by dWX1001776 (21-12-2021 18:52:37) Run:1
Running from C:\Users\dwx1001776\Downloads\Programs
Loaded Profiles: dWX1001776 & Admin
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\...\RunOnceEx\gswfl: [sk] => shell32.dll|ShellExec_RunDLLA|regsvr32.exe -U -S "C:\WINDOWS\Temp\qkzigq.etl." <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
C:\WINDOWS\Temp\qkzigq.etl.
HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\Run: [DigibyteMiner] => C:\Users\dwx1001776\Downloads\Programs\DigiByteMiner.exe (No File)
HKU\S-1-5-21-888159395-1567868294-3106766758-1001\...\Run: [ECS] => C:\Program Files (x86)\eSpace_Desktop\eSpace.exe (No File)
ShortcutTarget: WebProxy.lnk -> C:\Users\dwx1001776\oss\New Folder00\start.bat (No File)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {0FB42E61-4AD5-48C8-89B3-AA1369DAB891} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe (No File)
Task: {AC1383C5-E707-4E2D-BE05-BAB8284521EF} - System32\Tasks\TinyTakeUpgrade => C:\Users\dwx1001776\AppData\Local\MangoApps\TinyTake\TinyTake.exe UPGRADE (No File)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 1 <==== ATTENTION (Restriction - ProxySettings)
FF Plugin HKU\S-1-5-21-147214757-305610072-1517763936-8001229: @metaswitch.com/AccessionMeetingPlugin -> C:\Users\dwx1001776\AppData\Roaming\Accession Meeting\bin\npaccessionmeetingplugin.dll [No File]
FF Plugin HKU\S-1-5-21-147214757-305610072-1517763936-8001229: @zhumuintl.me/ZhumuintlMeetingsPlugin -> C:\Users\dwx1001776\AppData\Roaming\Zhumuintl Cloud Meetings\bin\npzhumuintlplugin.dll [No File]
S2 EraserSvc11912; "C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\ccSvcHst.exe" /h ccCommon [X]
S3 UEBAAlterService; C:\UEBA\bin\UEBAAlterService.exe [X]
S2 UEBAControlService; "C:\UEBA\bin\UEBAControlService.exe" [X]
S2 UEBAHealthMonitorService; "C:\UEBA\bin\UEBAHealthMonitorService.exe" [X]
S3 UEBALogChannelService; C:\UEBA\bin\UEBALogChannelService.exe [X]
2020-11-14 09:09 - 2021-12-15 16:15 - 000000000 _____ () C:\Program Files (x86)\ItShieldCheckFile.ck
2021-07-13 21:39 - 2021-08-04 05:56 - 000016384 _____ () C:\Users\dwx1001776\AppData\Roaming\NetCareClientTaskCache.Data.dll
2020-11-14 09:20 - 2020-11-14 09:20 - 000000000 _____ () C:\Users\dwx1001776\AppData\Roaming\UserAgentData.log
2020-11-14 09:20 - 2020-11-14 09:20 - 000000000 _____ () C:\Users\dwx1001776\AppData\Roaming\UserData.log
2021-08-31 21:01 - 2021-09-04 00:24 - 000000081 _____ () C:\Users\dwx1001776\AppData\Local\.bidstack.fault
2021-11-26 08:22 - 2021-11-26 08:24 - 000000128 _____ () C:\Users\dwx1001776\AppData\Local\PUTTY.RND
testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <==== ATTENTION
FirewallRules: [UDP Query User{B98A9AD6-1524-4CFC-8DCD-27B45C92C83A}C:\users\dwx1001776\downloads\telegram desktop\dota2\dota 2\dota.exe] => (Block) C:\users\dwx1001776\downloads\telegram desktop\dota2\dota 2\dota.exe => No File
FirewallRules: [TCP Query User{BE300176-DCFB-486F-A522-BFC7CA8A50E0}C:\users\dwx1001776\downloads\telegram desktop\dota2\dota 2\dota.exe] => (Block) C:\users\dwx1001776\downloads\telegram desktop\dota2\dota 2\dota.exe => No File
FirewallRules: [UDP Query User{A6DFDAE6-0EF6-465C-95EC-429C0B2EA8EC}C:\users\dwx1001776\downloads\telegram desktop\dota2\dota 2\dota.exe] => (Block) C:\users\dwx1001776\downloads\telegram desktop\dota2\dota 2\dota.exe => No File
FirewallRules: [TCP Query User{35F76FA4-A034-4BED-808E-CB3202151B0A}C:\users\dwx1001776\downloads\telegram desktop\dota2\dota 2\dota.exe] => (Block) C:\users\dwx1001776\downloads\telegram desktop\dota2\dota 2\dota.exe => No File
FirewallRules: [UDP Query User{7CA34A41-7AE4-486B-86E1-3D5A64F343FE}C:\program files\strogino cs portal\dota 2\dota.exe] => (Allow) C:\program files\strogino cs portal\dota 2\dota.exe => No File
FirewallRules: [TCP Query User{0EAD6B0D-1141-44EA-B3AC-F35B74209F7B}C:\program files\strogino cs portal\dota 2\dota.exe] => (Allow) C:\program files\strogino cs portal\dota 2\dota.exe => No File

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\runonceex\gswfl => not found
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
Could not move "C:\WINDOWS\Temp\qkzigq.etl." => Scheduled to move on reboot.
"HKU\S-1-5-21-147214757-305610072-1517763936-8001229\Software\Microsoft\Windows\CurrentVersion\Run\\DigibyteMiner" => removed successfully
"HKU\S-1-5-21-888159395-1567868294-3106766758-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ECS" => removed successfully
"C:\Users\dwx1001776\oss\New Folder00\start.bat" => not found
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Edge => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0FB42E61-4AD5-48C8-89B3-AA1369DAB891}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FB42E61-4AD5-48C8-89B3-AA1369DAB891}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC1383C5-E707-4E2D-BE05-BAB8284521EF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC1383C5-E707-4E2D-BE05-BAB8284521EF}" => removed successfully
C:\WINDOWS\System32\Tasks\TinyTakeUpgrade => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TinyTakeUpgrade" => removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser" => removed successfully
HKU\S-1-5-21-147214757-305610072-1517763936-8001229\Software\MozillaPlugins\@metaswitch.com/AccessionMeetingPlugin => removed successfully
"C:\Users\dwx1001776\AppData\Roaming\Accession Meeting\bin\npaccessionmeetingplugin.dll" => not found
HKU\S-1-5-21-147214757-305610072-1517763936-8001229\Software\MozillaPlugins\@zhumuintl.me/ZhumuintlMeetingsPlugin => removed successfully
"C:\Users\dwx1001776\AppData\Roaming\Zhumuintl Cloud Meetings\bin\npzhumuintlplugin.dll" => not found
HKLM\System\CurrentControlSet\Services\EraserSvc11912 => removed successfully
EraserSvc11912 => service removed successfully
HKLM\System\CurrentControlSet\Services\UEBAAlterService => removed successfully
UEBAAlterService => service removed successfully
HKLM\System\CurrentControlSet\Services\UEBAControlService => removed successfully
UEBAControlService => service removed successfully
HKLM\System\CurrentControlSet\Services\UEBAHealthMonitorService => removed successfully
UEBAHealthMonitorService => service removed successfully
HKLM\System\CurrentControlSet\Services\UEBALogChannelService => removed successfully
UEBALogChannelService => service removed successfully
Could not move "C:\Program Files (x86)\ItShieldCheckFile.ck" => Scheduled to move on reboot.
Could not move "C:\Users\dwx1001776\AppData\Roaming\NetCareClientTaskCache.Data.dll" => Scheduled to move on reboot.
Could not move "C:\Users\dwx1001776\AppData\Roaming\UserAgentData.log" => Scheduled to move on reboot.
Could not move "C:\Users\dwx1001776\AppData\Roaming\UserData.log" => Scheduled to move on reboot.
C:\Users\dwx1001776\AppData\Local\.bidstack.fault => moved successfully
C:\Users\dwx1001776\AppData\Local\PUTTY.RND => moved successfully

========================= bcdedit ========================


The operation completed successfully.

========= End of bcdedit =========

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B98A9AD6-1524-4CFC-8DCD-27B45C92C83A}C:\users\dwx1001776\downloads\telegram desktop\dota2\dota 2\dota.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BE300176-DCFB-486F-A522-BFC7CA8A50E0}C:\users\dwx1001776\downloads\telegram desktop\dota2\dota 2\dota.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A6DFDAE6-0EF6-465C-95EC-429C0B2EA8EC}C:\users\dwx1001776\downloads\telegram desktop\dota2\dota 2\dota.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{35F76FA4-A034-4BED-808E-CB3202151B0A}C:\users\dwx1001776\downloads\telegram desktop\dota2\dota 2\dota.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7CA34A41-7AE4-486B-86E1-3D5A64F343FE}C:\program files\strogino cs portal\dota 2\dota.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0EAD6B0D-1141-44EA-B3AC-F35B74209F7B}C:\program files\strogino cs portal\dota 2\dota.exe" => removed successfully

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 21-12-2021 18:55:16)

C:\WINDOWS\Temp\qkzigq.etl. => Is moved successfully
C:\Program Files (x86)\ItShieldCheckFile.ck => Is moved successfully
C:\Users\dwx1001776\AppData\Roaming\NetCareClientTaskCache.Data.dll => Is moved successfully
C:\Users\dwx1001776\AppData\Roaming\UserAgentData.log => Is moved successfully
C:\Users\dwx1001776\AppData\Roaming\UserData.log => Is moved successfully

==== End of Fixlog 18:55:16 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Yes Mr Broni. Sorry for not replying your last post. Monday I will do it. Since away from my laptop. I really really apreciate your help. It means a lot to me.
 
Checkup.txt

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Symantec Endpoint Protection
Windows Defender
Malwarebytes
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpyHunter 5
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

----------------------------------------------------------------------------------------

FSS.txt

Farbar Service Scanner Version: 03-11-2021
Ran by dWX1001776 (administrator) on 27-12-2021 at 07:13:51
Running from "C:\Users\dwx1001776\Downloads\Programs"
Microsoft Windows 10 Pro N (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Windows Security:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\SecurityHealthService.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****



------------------------------------------------------------------------------------------------

Shopos log

Code: 
Sophos Scan & Clean
www.sophos.com

   Computer name . . . . : DWX1001776KKYMU
   Windows . . . . . . . : 10.0.0.19043.X64/4
   User name . . . . . . : CHINA\dWX1001776
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2021-12-27 07:03:17
   Scan mode . . . . . . : Normal (cancelled by user)
   Scan duration . . . . : 1m 53s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 7

   Objects scanned . . . : 666,070
   Files scanned . . . . : 666,070
   Remnants scanned  . . : 0 files / 0 keys

Miniport ____________________________________________________________________

   Primary
      DriverObject . . . : FFFF890B17655E10
      DriverName . . . . : \Driver\iaStorA
      DriverPath . . . . : \SystemRoot\System32\drivers\iaStorA.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFF8016F9E1258 \??\C:\WINDOWS\syswow64\drivers\CDRomFlt.sys+4696
   Solution
      DriverObject . . . : FFFF890B17655E10
      DriverName . . . . : \Driver\iaStorA
      DriverPath . . . . : \SystemRoot\System32\drivers\iaStorA.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFF8016AB0A820 \SystemRoot\System32\drivers\storport.sys+43040

Cookies _____________________________________________________________________

   C:\Users\dwx1001776\AppData\Local\Microsoft\Edge\User Data\Default\Cookies:doubleclick.net
   C:\Users\dwx1001776\AppData\Local\Microsoft\Edge\User Data\Default\Cookies:mathtag.com
   C:\Users\dwx1001776\AppData\Local\Microsoft\Edge\User Data\Default\Cookies:ml314.com
   C:\Users\dwx1001776\AppData\Local\Microsoft\Edge\User Data\Default\Cookies:mookie1.com
   C:\Users\dwx1001776\AppData\Local\Microsoft\Edge\User Data\Default\Cookies:rfihub.com
   C:\Users\dwx1001776\AppData\Local\Microsoft\Edge\User Data\Default\Cookies:scorecardresearch.com
   C:\Users\dwx1001776\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\X29DIW6B\2542116.fls.doubleclick[1].xml
 
Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
[COLOR=#ff0000][B]This is a very crucial step so make sure you don't skip it.[/B][/COLOR]
Download [IMG]http://www.imgdumper.nl/uploads6/51a5ce45267c1/51a5ce45263de-delfix.pngDelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix).

7. (optional) If you want to keep all your programs up to date, download and install FileHippo App Manager.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

10. Please, let me know, how your computer is doing.
 
I wanna say thankyou to Mr Broni here who helped me from the beginning. I really appreciate it. can I share this to my blog?
 
You must log in or register to reply here.

Similar threads

freshwaterbottle
Solved Malwarebyte pop-up at random times showing "Website blocked due to Trojan" Type: Outbound, File: C:Program Files (x86)/G...e/Application/chrome.exe
2
Replies
38
Views
12K
Broni
Broni
N
Windows 11 review round-up: Better than Windows 10, but still a work in progress
2
Replies
30
Views
6K
loki1944
L
Dadair
Not sure what is normal computer behavior for dllhost.exe
Replies
2
Views
2K
Dadair
Dadair

Latest posts

Back