Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-12-2021
Ran by dWX1001776 (administrator) on DWX1001776KKYMU (LENOVO 2465CTO) (18-12-2021 08:23:42)
Running from C:\Users\dwx1001776\Downloads\Programs
Loaded Profiles: dWX1001776
Platform: Microsoft Windows 10 Pro N Version 21H1 19043.1348 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files (x86)\LANDesk\LDClient\SelfElectController.exe
(Array Networks, Inc. -> Array Networks) C:\Program Files\Array Networks\Install Manager\VPNInstallManager.exe
(Array Networks, Inc. -> Array Networks) C:\Program Files\Array Networks\MotionPro VPN Client\vpnd.exe
(Array Networks, Inc. -> Array Networks) C:\Program Files\Array Networks\SSL VPN Client\VPNService.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe
(china\\t00354145 -> ) C:\Program Files (x86)\Huawei\NetCareClient\TSAccountCapture.exe
(china\\t00354145 -> Microsoft) C:\Program Files (x86)\Huawei\NetCareClient\ToolManagement.exe
(china\\t00354145 -> Microsoft) C:\Program Files (x86)\Huawei\NetCareClient\ToolScheduler.exe
(china\\t00354145 -> Microsoft) C:\Program Files (x86)\Huawei\NetCareClient\TSGuard.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
(FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <11>
(Huawei Technologies Co. Ltd -> ) C:\Program Files (x86)\SPES5.0\Composites\iDesk\iDeskService.exe
(Huawei Technologies Co. Ltd -> Huawei) C:\Program Files (x86)\SPES5.0\Composites\iDesk\iDesk.exe
(Huawei Technologies Co., Ltd -> Huawei Technologies Co., Ltd.) [File not signed] C:\Windows\SysWOW64\SpesCheckerService.exe
(Huawei Technologies Co., Ltd) [File not signed] C:\Users\dwx1001776\oss\New Folder\jre\bin\javaw.exe
(Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd) C:\Program Files (x86)\SPES5.0\Composites\HACC\Hagent.exe
(Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd) C:\Program Files (x86)\SPES5.0\Composites\SPES\SecurityCenterApp.exe
(Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd) C:\Program Files (x86)\SPES5.0\Composites\SPES\SPES5.exe
(Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd) C:\Program Files (x86)\SPES5.0\SpesService.exe
(Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd.) C:\Program Files (x86)\SPES5.0\Console\SpesConsole.exe
(Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd.) C:\Windows\SysWOW64\SpesAgent.exe
(Huawei Technologies Co., Ltd. -> Huawei Technologies Co.,Ltd.) C:\Program Files (x86)\SPES5.0\Composites\SPES\SPESRender.exe <2>
(INNOVATIVE CONNECTING PTE. LIMITED -> Innovative Connecting) C:\Program Files (x86)\TurboVPN\turbo_vpn-service.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(LANDesk Software Ltd.) [File not signed] C:\Windows\SysWOW64\cba\pds.exe
(LANDesk Software, Inc. -> LANDESK Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE
(LANDesk Software, Inc. -> LANDESK Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\SoftMon.exe
(LANDesk Software, Inc. -> LANDESK Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
(LANDESK Software, Inc. and its affiliates.) [File not signed] C:\Program Files (x86)\LANDesk\LDClient\collector.exe
(LANDesk Software, Inc. and its affiliates.) [File not signed] C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(MariaDB Corporation Ab -> ) D:\xampp\mysql\bin\mysqld.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2110.13603.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1310_none_7e15ec207c87d405\TiWorker.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2>
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin\ccSvcHst.exe <2>
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin64\sepWscSvc64.exe
(Tonec Inc. -> Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMMsgHost.exe <2>
(Tonec Inc.) [File not signed] C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(安芯网盾(北京)科技有限公司 -> 安芯网盾(北京)科技有限公司) C:\Program Files\AnXinSec\MemProtectDeamon64.exe
(安芯网盾(北京)科技有限公司 -> 安芯网盾(北京)科技有限公司) C:\Program Files\AnXinSec\MemProtectSrv64.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [WebVPN] => C:\Program Files\Array Networks\SSL VPN Client\WebVPN.exe [1449912 2019-03-28] (Array Networks, Inc. -> Array Networks)
HKLM\...\Run: [HotKeysCmds] => "C:\WINDOWS\system32\hkcmd.exe" (No File)
HKLM-x32\...\Run: [SPES500] => C:\Program Files (x86)\SPES5.0\Composites\SPES\SPES5.exe [7316496 2021-09-10] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd)
HKLM-x32\...\Run: [TSGuard] => C:\Program Files (x86)\Huawei\NetCareClient\TSGuard.exe [89744 2021-09-18] (china\\t00354145 -> Microsoft)
HKLM-x32\...\Run: [ToolScheduler] => C:\Program Files (x86)\Huawei\NetCareClient\ToolScheduler.exe [1612432 2021-09-18] (china\\t00354145 -> Microsoft)
HKLM-x32\...\Run: [Check Point VPN] => C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe [18120952 2020-06-24] (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
HKLM\...\RunOnceEx\ko: [hxd] => shell32.dll|ShellExec_RunDLLA|regsvr32.exe -U -S "C:\WINDOWS\Temp\qkzigq.etl." <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [5483320 2020-11-26] (Tonec Inc.) [File not signed]
HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\Run: [ECSIEPLUGIN] => [X]
HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\Run: [ECS] => [X]
HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\Run: [DigibyteMiner] => C:\Users\dwx1001776\Downloads\Programs\DigiByteMiner.exe (No File)
HKU\S-1-5-21-888159395-1567868294-3106766758-1001\...\Run: [ECS] => C:\Program Files (x86)\eSpace_Desktop\eSpace.exe (No File)
HKLM\...\Windows x64\Print Processors\eConfPrint: C:\Windows\System32\spool\prtprocs\x64\cwprintproc.dll [38184 2020-09-15] (Huawei Technologies Co. Ltd -> Windows (R) Win 7 DDK provider)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\96.0.4664.110\Installer\chrmstp.exe [2021-12-16] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{4EC9D670-C01A-4C3A-B8DB-9903D57B0A64}] -> C:\Program Files\AnXinSec\LogonAuthentication64.dll [2021-06-07] (安芯网盾(北京)科技有限公司 -> 安芯网盾(北京)科技有限公司)
HKLM\Software\...\Authentication\Credential Providers: [{4f82ee06-a3c4-4517-906e-91d2e216df28}] -> C:\Program Files (x86)\SPES5.0\Composites\ADPlugin\LoginRiskProvider.dll [2021-11-11] (Huawei) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{2c8f942b-39d3-4120-bdcd-5deda939e7f2}] -> C:\Program Files (x86)\SPES5.0\Composites\ADPlugin\LoginRiskProvider.dll [2021-11-11] (Huawei) [File not signed]
AppInit_DLLs: oleLoader.dll => C:\WINDOWS\system32\oleLoader.dll [364048 2020-01-20] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WebProxy.lnk [2020-08-18]
ShortcutTarget: WebProxy.lnk -> C:\Users\dwx1001776\oss\New Folder00\start.bat (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2020-11-13]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
Startup: C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WebProxy.lnk [2020-12-18]
ShortcutTarget: WebProxy.lnk -> C:\Users\dwx1001776\oss\New Folder\start.bat () [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0FB42E61-4AD5-48C8-89B3-AA1369DAB891} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe (No File)
Task: {1192D265-49E4-4CCF-B1D5-75C6C8410200} - System32\Tasks\Symantec Endpoint Protection\Symantec Endpoint Protection Error Processor => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin\SymErr.exe [92176 2020-11-14] (Symantec Corporation -> Symantec Corporation)
Task: {3B1AA020-F2A7-44A0-8A7E-791B11FDC143} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-11-13] (Google LLC -> Google LLC)
Task: {5CD02BAC-EDF1-46DF-9D98-F95DA9BA1D9D} - System32\Tasks\RemindPatchRepair => C:\Program Files (x86)\SPES5.0\Composites\SPES\PatchRepair.exe [4292112 2020-08-10] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd)
Task: {6E8AB351-B826-4C46-8609-96A7F9791E58} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {77B37BF7-890A-4065-806D-FB717A16959A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-11-13] (Google LLC -> Google LLC)
Task: {7AADF390-2DE6-4D74-873B-94A40DBE0D23} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => C:\WINDOWS\system32\gpupdate.exe [30720 2021-04-09] (Microsoft Windows -> Microsoft Corporation)
Task: {90049C3E-EC7B-4051-8330-836B2158E502} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {A4ECFF17-2450-435C-8849-C1113B55D190} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202} => C:\WINDOWS\system32\gpupdate.exe [30720 2021-04-09] (Microsoft Windows -> Microsoft Corporation)
Task: {A5C8C3B2-C003-49F9-B53A-21F30FB782A7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {AC1383C5-E707-4E2D-BE05-BAB8284521EF} - System32\Tasks\TinyTakeUpgrade => C:\Users\dwx1001776\AppData\Local\MangoApps\TinyTake\TinyTake.exe UPGRADE (No File)
Task: {AFB92378-A135-46D0-B7C0-BD95E69E12D2} - System32\Tasks\Symantec Endpoint Protection\Symantec Endpoint Protection Autofix => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin\SymErr.exe [92176 2020-11-14] (Symantec Corporation -> Symantec Corporation)
Task: {B122D9E2-6028-403D-87AC-3DC5EC375096} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {B315EF1F-B904-44F9-B9A5-9297890039C1} - System32\Tasks\Symantec Endpoint Protection\Symantec Endpoint Protection Error Analyzer => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin\SymErr.exe [92176 2020-11-14] (Symantec Corporation -> Symantec Corporation)
Task: {B566DCFB-A34B-447D-8700-BD08CC9C00E1} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [3059280 2021-03-06] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
Task: {B9E27F9E-3C57-4B23-8672-289E5F71ABAA} - System32\Tasks\LANDESK Agent Health Bootstrap Task => C:\Program Files (x86)\LANDesk\LDClient\LANDESKAgentBootStrap.exe [51200 2015-12-17] (LANDESK Software, Inc. and its affiliates.) [File not signed]
Task: {C2245462-CFF4-4550-8032-79B20AE6D801} - System32\Tasks\ReportPatchStatus => C:\Program Files (x86)\SPES5.0\Composites\SPES\PatchRepair.exe [4292112 2020-08-10] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd)
Task: {D6CE1D71-7C98-4645-9A43-FE71B6CE004D} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 1 <==== ATTENTION (Restriction - ProxySettings)
ProxyServer: [S-1-5-21-147214757-305610072-1517763936-8001229] => proxy.huawei.com:8080
Hosts: 127.0.0.1 activate.navicat.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3430b271-5347-4b3d-a74b-83435d8dd2f7}: [DhcpNameServer] 10.250.192.235 10.47.148.235
Tcpip\..\Interfaces\{8a2f810f-915a-4f90-9ce1-d09d9abd2a1d}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{99687f23-d52f-4c9b-a963-ebdc2c65bf79}: [NameServer] 127.0.0.1,7.187.130.219,7.187.130.50,7.221.190.197
Tcpip\..\Interfaces\{fa257410-4104-4960-9d11-47e469a684e8}: [DhcpNameServer] 10.215.240.84 10.129.31.118 10.98.48.39
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\dwx1001776\AppData\Local\Microsoft\Edge\User Data\Default [2021-12-17]
Edge HKU\S-1-5-21-147214757-305610072-1517763936-8001229\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx [2020-12-10]
FireFox:
========
FF DefaultProfile: 0vvtebnc.default
FF ProfilePath: C:\Users\dwx1001776\AppData\Roaming\Mozilla\Firefox\Profiles\0vvtebnc.default [2020-12-19]
FF ProfilePath: C:\Users\dwx1001776\AppData\Roaming\Mozilla\Firefox\Profiles\h4sus0m0.default-release [2021-12-17]
FF Homepage: Mozilla\Firefox\Profiles\h4sus0m0.default-release -> about:blank
FF Extension: (Browsec VPN - Free VPN for Firefox) - C:\Users\dwx1001776\AppData\Roaming\Mozilla\Firefox\Profiles\h4sus0m0.default-release\Extensions\
browsec@browsec.com.xpi [2021-12-12]
FF Extension: (IDM Integration Module) - C:\Users\dwx1001776\AppData\Roaming\Mozilla\Firefox\Profiles\h4sus0m0.default-release\Extensions\
mozilla_cc3@internetdownloadmanager.com.xpi [2021-12-12]
FF Extension: (HideAll VPN - Fast & Unlimited VPN) - C:\Users\dwx1001776\AppData\Roaming\Mozilla\Firefox\Profiles\h4sus0m0.default-release\Extensions\{4ded7aed-924d-45ff-be6a-88b40c3e5d89}.xpi [2021-08-30]
FF HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\SeaMonkey\Extensions: [
mozilla_cc@internetdownloadmanager.com] - C:\Users\dwx1001776\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\dwx1001776\AppData\Roaming\IDM\idmmzcc5 [2020-12-22] [Legacy] [not signed]
FF HKU\S-1-5-21-147214757-305610072-1517763936-8001229\...\SeaMonkey\Extensions: [
mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-11] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-147214757-305610072-1517763936-8001229: @metaswitch.com/AccessionMeetingPlugin -> C:\Users\dwx1001776\AppData\Roaming\Accession Meeting\bin\npaccessionmeetingplugin.dll [No File]
FF Plugin HKU\S-1-5-21-147214757-305610072-1517763936-8001229: @zhumuintl.me/ZhumuintlMeetingsPlugin -> C:\Users\dwx1001776\AppData\Roaming\Zhumuintl Cloud Meetings\bin\npzhumuintlplugin.dll [No File]
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default [2021-12-18]
CHR Notifications: Default -> hxxps://aii.sh; hxxps://iir.ai; hxxps://meet.google.com
CHR Extension: (Slides) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-13]
CHR Extension: (Docs) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-13]
CHR Extension: (Google Drive) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-13]
CHR Extension: (YouTube) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-13]
CHR Extension: (Chrome IPTV Player) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default\Extensions\defmmfhdopkfcgngoklpbbcnpfpagbfh [2021-06-13]
CHR Extension: (Dark Reader) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2021-12-08]
CHR Extension: (Sheets) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-13]
CHR Extension: (Ronin Wallet) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjhmkhhmkbjkkabndcnnogagogbneec [2021-12-03]
CHR Extension: (Google Docs Offline) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-12-01]
CHR Extension: (IDM Integration Module) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2021-10-20]
CHR Extension: (MetaMask) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2021-12-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-13]
CHR Profile: C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-08-12]
CHR Profile: C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-08-09]
CHR Extension: (Slides) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-08-09]
CHR Extension: (Docs) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2021-08-09]
CHR Extension: (Google Drive) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-08-09]
CHR Extension: (YouTube) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-08-09]
CHR Extension: (Sheets) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-08-09]
CHR Extension: (Google Docs Offline) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-08-09]
CHR Extension: (IDM Integration Module) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2021-08-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-08-09]
CHR Extension: (Gmail) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-08-09]
CHR Extension: (Chrome Media Router) - C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-08-09]
CHR Profile: C:\Users\dwx1001776\AppData\Local\Google\Chrome\User Data\System Profile [2021-08-12]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2020-12-10]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2020-12-10]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AnXinMemProtectSrv; C:\Program Files\AnXinSec\MemProtectSrv64.exe [165912 2021-06-07] (安芯网盾(北京)科技有限公司 -> 安芯网盾(北京)科技有限公司)
S2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3743984 2021-10-05] (philandro Software GmbH -> philandro Software GmbH)
R2 CBA8; C:\Program Files (x86)\LANDesk\Shared Files\residentagent.exe [162816 2016-05-27] (LANDesk Software, Inc. and its affiliates.) [File not signed]
S2 EPWD; C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exe [504568 2020-06-18] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [14649632 2021-12-17] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 EventService; C:\WINDOWS\SysWOW64\SpesCheckerService.exe [185120 2019-01-04] (Huawei Technologies Co., Ltd -> Huawei Technologies Co., Ltd.) [File not signed]
R2 FoxitReaderUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe [2357936 2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
R2 HaccService; C:\Program Files (x86)\SPES5.0\Composites\HACC\hagent.exe [7264272 2021-04-08] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd)
R2 iDeskService; C:\Program Files (x86)\SPES5.0\Composites\iDesk\iDeskService.exe [325048 2021-06-10] (Huawei Technologies Co. Ltd -> )
R2 Intel Local Scheduler Service; C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE [239776 2015-12-17] (LANDesk Software, Inc. -> LANDESK Software, Inc. and its affiliates.)
R2 Intel PDS; C:\WINDOWS\SysWOW64\CBA\pds.exe [32825 2015-12-17] (LANDesk Software Ltd.) [File not signed]
R2 LANDesk Targeted Multicast; C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe [221736 2016-02-13] (LANDesk Software, Inc. -> LANDESK Software, Inc. and its affiliates.)
R2 LogsAndAlerts; C:\WINDOWS\SysWOW64\msxml4rc.dll [1768512 2014-09-03] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd.) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7901368 2021-12-18] (Malwarebytes Inc -> Malwarebytes)
R2 MessageManagerService; C:\WINDOWS\SysWOW64\svohost.dll [1756960 2019-01-04] (Huawei Technologies Co., Ltd -> Huawei Technologies Co., Ltd.) [File not signed]
R2 mysql; D:\xampp\mysql\bin\mysqld.exe [11563432 2018-09-07] (MariaDB Corporation Ab -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6103464 2021-12-01] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 SepLpsService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin\ccSvcHst.exe [157888 2020-11-14] (Symantec Corporation -> Symantec Corporation)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin\ccSvcHst.exe [157888 2020-11-14] (Symantec Corporation -> Symantec Corporation)
R2 sepWscSvc; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin64\sepWscSvc64.exe [1819688 2020-11-14] (Symantec Corporation -> Symantec Corporation)
R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [527136 2021-12-17] (EnigmaSoft Limited -> EnigmaSoft Limited)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin64\snac64.exe [391816 2020-11-14] (Symantec Corporation -> Symantec Corporation)
R2 Softmon; C:\Program Files (x86)\LANDesk\LDClient\softmon.exe [743440 2016-03-19] (LANDesk Software, Inc. -> LANDESK Software, Inc. and its affiliates.)
R2 SPES Framework Service; C:\Program Files (x86)\SPES5.0\SpesService.exe [3898896 2021-10-12] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd)
R2 TracSrvWrapper; C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [7556344 2020-07-26] (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
R2 TurboVPNService; C:\Program Files (x86)\TurboVPN\turbo_vpn-service.exe [765424 2021-09-29] (INNOVATIVE CONNECTING PTE. LIMITED -> Innovative Connecting)
R3 VPNInstallManager; C:\Program Files\Array Networks\Install Manager\VPNInstallManager.exe [1417144 2019-03-28] (Array Networks, Inc. -> Array Networks)
R2 VPNService; C:\Program Files\Array Networks\SSL VPN Client\VPNService.exe [2399160 2019-03-28] (Array Networks, Inc. -> Array Networks)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 EraserSvc11912; "C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\ccSvcHst.exe" /h ccCommon [X]
S3 UEBAAlterService; C:\UEBA\bin\UEBAAlterService.exe [X]
S2 UEBAControlService; "C:\UEBA\bin\UEBAControlService.exe" [X]
S2 UEBAHealthMonitorService; "C:\UEBA\bin\UEBAHealthMonitorService.exe" [X]
S3 UEBALogChannelService; C:\UEBA\bin\UEBALogChannelService.exe [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AxBehaviorMonitor; C:\Program Files\AnXinSec\BehaviorMonitor64.sys [139440 2021-06-07] (安芯网盾(北京)科技有限公司 -> 安芯网盾(北京)科技有限公司)
R2 AxDefense; C:\Program Files\AnXinSec\AxDefenseX64.sys [99504 2021-06-07] (安芯网盾(北京)科技有限公司 -> 安芯网盾(北京)科技有限公司)
S2 AxKrnlRiskDetectSrv; C:\Program Files\AnXinSec\KrnlRiskDetect64.sys [67760 2021-06-07] (安芯网盾(北京)科技有限公司 -> 安芯网盾(北京)科技有限公司)
R1 BaseBehaviorMoniterDriver; C:\WINDOWS\system32\drivers\SysMonitorDriver64.sys [76992 2021-06-07] (安芯网盾(北京)科技有限公司 -> 安芯网盾(北京)科技有限公司)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Data\Definitions\BASHDefs\20211215.011\BHDrvx64.sys [2018776 2021-10-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 ccSettings_{687C5DC7-A9D6-4C42-8CA9-FC08B03726D9}; C:\WINDOWS\System32\Drivers\SEP\0E020D04\03E8.105\x64\ccSetx64.sys [179416 2020-11-14] (Symantec Corporation -> Symantec Corporation)
R2 CDRomFlt; C:\WINDOWS\syswow64\drivers\CDRomFlt.sys [13416 2019-04-30] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd) [File not signed] [File is in use]
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [516168 2021-02-24] (Symantec Corporation -> Broadcom)
R3 EnigmaFileMonDriver; C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [76744 2021-12-18] (EnigmaSoft Limited -> EnigmaSoft Limited)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153672 2021-02-28] (Symantec Corporation -> Broadcom)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2021-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 GS; C:\WINDOWS\syswow64\drivers\GS.sys [87624 2019-04-30] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd) [File not signed] [File is in use]
R3 HWHcsFileFltr; C:\WINDOWS\system32\drivers\hwhcsfilefltr64.sys [21064 2021-04-08] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd) [File not signed]
R3 hwinspect; C:\WINDOWS\system32\drivers\hwinspect64.sys [26696 2021-04-08] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd) [File not signed]
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Data\Definitions\IPSDefs\20211217.061\IDSvia64.sys [1480144 2021-10-01] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 ipsfs; C:\WINDOWS\system32\drivers\ipsfs64.sys [42056 2021-04-08] (Huawei Technologies Co., Ltd. -> Windows (R) Win 7 DDK provider) [File not signed]
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210352 2021-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-12-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [193448 2021-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2021-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-12-18] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [149424 2021-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 NPF; C:\WINDOWS\System32\drivers\NPF.sys [36600 2017-08-16] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 NPF; C:\Windows\SysWOW64\drivers\NPF.sys [36600 2015-12-17] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 regtrace; C:\WINDOWS\system32\drivers\SysConfigMon64.sys [14408 2021-04-08] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd) [File not signed]
S3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-29] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 rtwlane_13; C:\WINDOWS\System32\drivers\rtwlane_13.sys [3717120 2019-12-07] (Microsoft Windows -> Realtek Semiconductor Corporation)
R1 SRTSP; C:\WINDOWS\System32\Drivers\SEP\0E020D04\03E8.105\x64\SRTSP64.SYS [833544 2020-11-14] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\Drivers\SEP\0E020D04\03E8.105\x64\SRTSPX64.SYS [49672 2020-11-14] (Symantec Corporation -> Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin64\SyDvCtrl64.sys [44568 2020-11-14] (Symantec Corporation -> Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\symefasi\0603030.024\symefasi64.sys [1820680 2020-11-14] (Symantec Corporation -> Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\Drivers\SEP\0E020D04\03E8.105\x64\SymELAM.sys [26000 2020-11-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [99920 2021-04-05] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\Drivers\SEP\0E020D04\03E8.105\x64\Ironx64.SYS [311264 2020-11-14] (Symantec Corporation -> Symantec Corporation)
R1 SYMNETS; C:\WINDOWS\System32\Drivers\SEP\0E020D04\03E8.105\x64\SYMNETS.SYS [567512 2020-11-14] (Symantec Corporation -> Symantec Corporation)
R1 SysPlant; C:\WINDOWS\System32\Drivers\SysPlant.sys [230760 2020-11-14] (Symantec Corporation -> Symantec Corporation)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2021-03-19] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R1 Teefer2; C:\WINDOWS\system32\DRIVERS\Teefer.sys [132992 2020-11-14] (Symantec Corporation -> Symantec Corporation)
R3 traceproc; C:\WINDOWS\system32\drivers\traceproc64.sys [16968 2021-04-08] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd) [File not signed]
R3 vna_ap; C:\WINDOWS\system32\DRIVERS\vnaap.sys [165392 2017-08-01] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 ATP; \SystemRoot\system32\DRIVERS\atpdrvr_7_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-12-18 08:09 - 2021-12-18 08:24 - 000000000 ____D C:\FRST
2021-12-18 08:07 - 2021-12-18 08:07 - 000000000 ____D C:\Users\dwx1001776\AppData\LocalLow\IGDump
2021-12-18 07:20 - 2021-12-18 07:20 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-12-18 07:20 - 2021-12-18 07:20 - 000210352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-12-18 07:20 - 2021-12-18 07:20 - 000193448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-12-18 07:20 - 2021-12-18 07:20 - 000149424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-12-18 07:20 - 2021-12-18 07:20 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-12-18 07:20 - 2021-12-18 07:20 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-12-18 07:20 - 2021-12-18 07:20 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-12-18 07:20 - 2021-12-18 07:20 - 000000000 ____D C:\Users\dwx1001776\AppData\Local\mbam
2021-12-18 07:19 - 2021-12-18 07:19 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-12-18 07:19 - 2021-12-18 07:19 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-12-18 07:18 - 2021-12-18 07:18 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-12-18 07:18 - 2021-12-18 07:18 - 000000000 ____D C:\Program Files\Malwarebytes
2021-12-18 07:02 - 2021-12-18 07:02 - 000076744 _____ (EnigmaSoft Limited) C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys
2021-12-18 06:34 - 2021-12-18 06:34 - 000002406 _____ C:\Users\dwx1001776\Documents\t.CSV
2021-12-18 01:21 - 2021-12-18 01:21 - 002938923 _____ C:\Users\dwx1001776\Downloads\3G KPI_Rehoming2G_CBN074.xlsm
2021-12-18 01:19 - 2021-12-18 01:19 - 003322368 _____ C:\Users\dwx1001776\Downloads\2G_KPI_Hourly_RehomingCBN074.xls
2021-12-17 22:12 - 2021-12-17 22:12 - 000001079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyHunter5.lnk
2021-12-17 22:12 - 2021-12-17 22:12 - 000001055 _____ C:\Users\Public\Desktop\SpyHunter5.lnk
2021-12-17 22:12 - 2021-12-17 22:12 - 000000000 ____D C:\sh5ldr
2021-12-17 22:12 - 2021-12-17 22:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2021-12-17 22:12 - 2021-12-17 22:12 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2021-12-17 22:10 - 2021-12-17 22:10 - 000000000 ____D C:\Program Files\EnigmaSoft
2021-12-17 01:01 - 2021-12-17 01:01 - 000001874 _____ C:\Users\dwx1001776\Downloads\Need alarm.txt
2021-12-17 00:27 - 2021-12-17 00:27 - 000008827 _____ C:\Users\dwx1001776\Downloads\IP 48 Rev2.txt
2021-12-17 00:27 - 2021-12-17 00:27 - 000004535 _____ C:\Users\dwx1001776\Downloads\IP 5 Rev2.txt
2021-12-17 00:27 - 2021-12-17 00:27 - 000003815 _____ C:\Users\dwx1001776\Downloads\IP 100 Rev2.txt
2021-12-17 00:06 - 2021-12-17 00:06 - 000002871 _____ C:\Users\dwx1001776\Downloads\IP 100 Rev.txt
2021-12-16 23:56 - 2021-12-16 23:56 - 000029596 _____ C:\Users\dwx1001776\Downloads\after ca.rar
2021-12-16 23:56 - 2021-12-16 23:56 - 000010721 _____ C:\Users\dwx1001776\Downloads\IP 48 Rev.txt
2021-12-16 23:56 - 2021-12-16 23:56 - 000003587 _____ C:\Users\dwx1001776\Downloads\IP 5 Rev.txt
2021-12-16 22:54 - 2021-12-16 22:54 - 000000000 ____D C:\ProgramData\huawei
2021-12-16 22:35 - 2021-12-16 22:35 - 000001730 _____ C:\Users\dwx1001776\Downloads\Jabo Execution_Optimization W50.rar
2021-12-16 21:53 - 2021-12-16 22:06 - 000006376 _____ C:\Users\dwx1001776\Downloads\req_deni.rar
2021-12-16 21:35 - 2021-12-16 21:54 - 000004405 _____ C:\Users\dwx1001776\Downloads\4G Surrounding_BOO311.csv
2021-12-16 17:13 - 2021-12-16 17:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Onebox Mate
2021-12-16 17:07 - 2021-12-17 20:39 - 000669845 _____ C:\Users\dwx1001776\Desktop\removtrojan guide.xlsx
2021-12-15 21:37 - 2021-12-15 21:37 - 000050277 _____ C:\Users\dwx1001776\Downloads\Script CSFB Part 2.rar
2021-12-15 18:35 - 2021-12-15 18:47 - 000025112 _____ C:\Users\dwx1001776\Downloads\LST INTERFREQHOGROUP_reqbagus.csv
2021-12-15 16:22 - 2021-12-15 16:22 - 001043684 _____ C:\Users\dwx1001776\Downloads\Attachment2:Cases Study .pdf
2021-12-15 11:18 - 2021-12-15 11:18 - 000002643 _____ C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\aseprite.exe - Shortcut.lnk
2021-12-15 11:17 - 2021-12-15 11:18 - 000002291 _____ C:\Users\dwx1001776\Desktop\aseprite.exe - Shortcut.lnk
2021-12-15 11:17 - 2021-12-15 11:17 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Aseprite
2021-12-15 10:38 - 2021-12-15 10:38 - 000000000 ____D C:\Users\dwx1001776\AppData\Local\Yandex
2021-12-15 10:38 - 2021-12-15 10:38 - 000000000 ____D C:\Program Files (x86)\FarLabUninstaller
2021-12-15 09:31 - 2021-12-15 09:45 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\GrafX2
2021-12-15 06:21 - 2021-12-15 06:34 - 001371613 _____ C:\Users\dwx1001776\Downloads\dspvswr cellphytopo.rar
2021-12-14 23:59 - 2021-12-15 00:12 - 000002078 _____ C:\Users\dwx1001776\Downloads\logRE-RUN_14-12-2021.rar
2021-12-14 23:56 - 2021-12-14 23:56 - 000000894 _____ C:\Users\dwx1001776\Downloads\RE-RUN_14-12-2021.rar
2021-12-14 23:48 - 2021-12-15 00:01 - 000001044 _____ C:\Users\dwx1001776\Downloads\logRe-run CR BP.rar
2021-12-14 23:46 - 2021-12-14 23:46 - 000000484 _____ C:\Users\dwx1001776\Downloads\Re-run CR BP.rar
2021-12-14 23:37 - 2021-12-14 23:37 - 000001240 _____ C:\Users\dwx1001776\Downloads\CR_RXD_14-12-2021-RR.rar
2021-12-14 23:31 - 2021-12-14 23:31 - 000000472 _____ C:\Users\dwx1001776\Desktop\reexe48.txt
2021-12-14 23:23 - 2021-12-14 23:23 - 000056084 _____ C:\Users\dwx1001776\Desktop\3gcellbh.sql
2021-12-14 21:02 - 2021-12-14 21:02 - 000497801 _____ C:\Users\dwx1001776\Downloads\SEI Sitelist Issue W49.xlsx
2021-12-14 20:32 - 2021-12-14 20:32 - 003286275 _____ C:\Users\dwx1001776\Downloads\req risky.rar
2021-12-14 20:32 - 2021-12-14 12:37 - 012042315 _____ C:\Users\dwx1001776\Downloads\weekly_Temporary_Query_Result_20211214123239423(weekly).csv
2021-12-14 20:32 - 2021-12-14 12:37 - 001842595 _____ C:\Users\dwx1001776\Downloads\weekly_Temporary_Query_Result_20211214123239423(weekly).rar
2021-12-14 20:32 - 2021-12-14 12:29 - 001445296 _____ C:\Users\dwx1001776\Downloads\daily_Temporary_Query_Result_20211214122732871.zip
2021-12-14 20:32 - 2021-12-14 12:28 - 003658779 ____N C:\Users\dwx1001776\Downloads\daily_Temporary_Query_Result_20211214122732871(49).csv
2021-12-14 20:32 - 2021-12-14 12:28 - 003540519 ____N C:\Users\dwx1001776\Downloads\daily_Temporary_Query_Result_20211214122732871(26).csv
2021-12-14 19:34 - 2021-12-14 19:34 - 000001140 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thetan Arena.lnk
2021-12-14 19:34 - 2021-12-14 19:34 - 000000000 ____D C:\Users\dwx1001776\AppData\LocalLow\Wolffun
2021-12-14 19:34 - 2021-12-14 19:34 - 000000000 ____D C:\Program Files (x86)\Thetan Arena
2021-12-14 01:19 - 2021-12-14 01:19 - 000013545 _____ C:\Users\dwx1001776\Downloads\Need Data KPI.xlsx
2021-12-14 01:06 - 2021-12-14 01:19 - 002865690 _____ C:\Users\dwx1001776\Downloads\alarmjabo_after.rar
2021-12-14 00:48 - 2021-12-14 01:01 - 000362501 _____ C:\Users\dwx1001776\Downloads\MML_Task_Result_Re-RUN IP100_20211214_010005.txt
2021-12-14 00:47 - 2021-12-14 01:00 - 000023861 _____ C:\Users\dwx1001776\Downloads\LOG_VoLTE_3G SRVCC Fast Return_Phase 04_V2.rar
2021-12-14 00:46 - 2021-12-14 00:46 - 000150156 _____ C:\Users\dwx1001776\Downloads\Re-RUN IP100.txt
2021-12-14 00:22 - 2021-12-14 00:22 - 001308119 _____ C:\Users\dwx1001776\Downloads\32_SRVCCFLEXSTEERING_P2.txt
2021-12-14 00:22 - 2021-12-14 00:22 - 001011749 _____ C:\Users\dwx1001776\Downloads\33_SRVCCFLEXSTEERING_P2.txt
2021-12-13 21:42 - 2021-12-13 21:42 - 012234224 _____ C:\Users\dwx1001776\Downloads\3G KPI_Trial 3g
shutoff_20211212@2359.xlsm
2021-12-13 21:12 - 2021-12-13 21:24 - 004436907 _____ C:\Users\dwx1001776\Downloads\ranreportalarmjabo.rar
2021-12-13 21:02 - 2021-12-13 21:02 - 001405535 _____ C:\Users\dwx1001776\Downloads\Req KPI week 49.xlsx
2021-12-13 04:12 - 2021-12-13 04:12 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-147214757-305610072-1517763936-8001229
2021-12-12 14:04 - 2021-12-12 14:04 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2021-12-11 09:03 - 2021-12-11 09:03 - 001271975 _____ C:\Users\dwx1001776\Downloads\audit_ret_kota bekasi_kota depok.xlsx
2021-12-11 01:53 - 2021-12-11 01:53 - 000000375 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2021-12-10 12:52 - 2021-12-10 12:52 - 000006185 _____ C:\Users\dwx1001776\Downloads\SiteID_ret.txt
2021-12-10 10:17 - 2021-12-10 13:14 - 000032278 _____ C:\Users\dwx1001776\Downloads\Site_Bagus_HHO_10 Dec.xlsx
2021-12-09 18:04 - 2021-12-09 18:04 - 000008736 _____ C:\Users\dwx1001776\Downloads\Object Tree Export_Report Management_20211209180344.xlsx
2021-12-09 18:03 - 2021-12-09 18:03 - 000096077 _____ C:\Users\dwx1001776\Downloads\Sitelist Neeh HO PingPong 9Dec.xlsx
2021-12-09 15:34 - 2021-12-09 15:34 - 000009644 _____ C:\Users\dwx1001776\Downloads\sitelist L21 Big Gap(2).xlsx
2021-12-09 10:23 - 2021-12-09 10:23 - 000000000 ____D C:\Users\dwx1001776\AppData\Local\Plantronics
2021-12-09 10:22 - 2021-12-09 10:22 - 000002018 _____ C:\Users\Public\Desktop\WeLinkPC.lnk
2021-12-09 10:22 - 2021-12-09 10:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeLinkPC
2021-12-09 10:22 - 2021-12-09 10:22 - 000000000 ____D C:\Program Files (x86)\WeLinkPC
2021-12-09 09:59 - 2021-12-09 10:22 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-12-09 09:59 - 2021-12-09 09:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\huawei
2021-12-09 09:55 - 2021-12-17 22:20 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\eSpace_Desktop
2021-12-08 13:39 - 2021-12-08 13:21 - 003007383 ____N C:\Users\dwx1001776\Downloads\4G_KPI_reqJPX236_Query_Result_20211208132030519(Subreport 1).csv
2021-12-08 13:29 - 2021-12-08 13:29 - 000008581 _____ C:\Users\dwx1001776\Downloads\sitelist 3G trial shutoff(1).xlsx
2021-12-08 13:21 - 2021-12-08 13:34 - 000055074 _____ C:\Users\dwx1001776\Downloads\HistoricalAlarms20211208132118236.csv
2021-12-08 13:21 - 2021-12-08 13:21 - 001048626 _____ C:\Users\dwx1001776\Downloads\jpx236.rar
2021-12-08 13:21 - 2021-12-08 13:21 - 001045441 _____ C:\Users\dwx1001776\Downloads\4G_KPI_reqJPX236_Query_Result_20211208132030519.zip
2021-12-08 13:18 - 2021-12-08 13:31 - 000016977 _____ C:\Users\dwx1001776\Downloads\HistoricalAlarms20211208131825307.csv
2021-12-08 13:18 - 2021-12-08 13:30 - 000001118 _____ C:\Users\dwx1001776\Downloads\CurrentAlarms20211208131743095_1.csv
2021-12-08 11:39 - 2021-12-08 11:48 - 005278602 _____ C:\Users\dwx1001776\Downloads\List trial 3G shutoff dashboard v2.xlsx
2021-12-08 11:14 - 2021-12-08 11:15 - 000976179 _____ C:\Users\dwx1001776\Desktop\3G Upgrade Software Patch SRAN16.1 - 8 Dec 2021_.xlsm
2021-12-08 11:13 - 2021-12-08 11:13 - 000866888 _____ C:\Users\dwx1001776\Desktop\3G Upgrade Software Patch SRAN16.1 - 8 Dec 2021.xlsm
2021-12-08 11:12 - 2021-12-08 11:12 - 001415680 _____ C:\Users\dwx1001776\Desktop\2G_KPI_Hourly_Upgrade Software Patch SRAN16.1 - 8 Dec 2021.xls
2021-12-08 10:46 - 2021-12-08 10:46 - 000969625 _____ C:\Users\dwx1001776\Downloads\Dashboard Support CSFB 2G 4G_20211208e.xlsx
2021-12-08 10:36 - 2021-12-08 10:36 - 000928759 _____ C:\Users\dwx1001776\Downloads\Dashboard Support CSFB 2G 4G_20211208.xlsx
2021-12-08 09:12 - 2021-12-08 09:12 - 000193599 _____ C:\Users\dwx1001776\Desktop\3gshutoffv2.sql
2021-12-08 09:10 - 2021-12-08 09:10 - 000008879 _____ C:\Users\dwx1001776\Downloads\sitelist 3G trial shutoff.xlsx
2021-12-07 11:20 - 2021-12-07 11:33 - 000866837 _____ C:\Users\dwx1001776\Downloads\lteranreport1207.rar
2021-12-06 18:19 - 2021-12-06 18:19 - 000014282 _____ C:\Users\dwx1001776\Downloads\high interference.xlsx
2021-12-06 11:45 - 2021-12-06 11:45 - 000095503 _____ C:\Users\dwx1001776\Desktop\3gshutoff.sql
2021-12-05 10:28 - 2021-12-05 18:31 - 000000000 ____D C:\Users\dwx1001776\AppData\Local\Vivox
2021-12-05 10:21 - 2021-12-18 07:02 - 000000000 ____D C:\Program Files (x86)\TurboVPN
2021-12-05 10:21 - 2021-12-05 10:21 - 000001120 _____ C:\Users\dwx1001776\Desktop\TurboVPN.lnk
2021-12-05 10:21 - 2021-12-05 10:21 - 000000000 ____D C:\Users\dwx1001776\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TurboVPN