Solved RansomWare: STOP (Djvu)

Ransomware

Thread Starter
Joined
Nov 18, 2021
Messages
13
Hi a bit of a special question, I got infected by this ransomware for the first time, but now I found out that even though I can't access my files on my computer. I can still send them to myself by email and I can see them on email just fine. So I'm wondering whether I didn't get hit that bad by the RansomWare, I'm suspecting the firewall stopped some of it, because as soon as I downloaded the malware, the firewall activated immediately and struck down malicious files as it identified them as malware. Also my file names did not change, they don't have .djvu or anything by extension, they just have the same name. So was my firewall able to save me from the malware completely taking over my computer? Is there such a thing as partially encrypted files I guess? Because I assume since I can send them to myself on Email, that they weren't successfully encrypted to the fullest degree. But nonetheless this is not ScareWare, I used Emsisoft's Decryptor for (Djvu) and it says this is an online key that is indeed impossible to decrypt, so I am supposedly severely encrypted according to the Emsisoft's Decryptor, yet I think I caught a lucky break here since files don't seem to be fully encrypted to where I can't see them ever again, not that I really know how ransomwares usually work but I assume this is not how a ransomware normally does things, right?

If they are indeed just partially encrypted, is there a simpler way to decrypt them altogether without having to send them to myself by email? Keep in mind that Emsisoft's Decryptor can't decrypt those for me as it registers it as an impossible to decrypt online key.
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,631
Hiya Ransomware and welcome to TSG,

What you describe does sound very odd for sure, I`ve never came accross a PC infected with any form of Ransomware infection that does not add some kind of extension. I believe Stop DJVU has over 300 different extension variant names at present, those extension names do change on a regular basis.

Can you zip up and attach a couple of encrypted files, also the ransomware text message. Please also run the following and attach the produced logs:

Download "Microsoft's Safety Scanner" and save direct to the desktop

Ensure to get the correct version for your system....

https://docs.microsoft.com/en-us/wi...otection/intelligence/safety-scanner-download


Right click on the Tool, select Run as Administrator the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\msert.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English


  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"


  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The tool will also make a log named (Addition.txt) Please also attach that log to your reply.

Also do the following if necessary:

Disable smart screen ONLY if it interferes with software we may have to use:

https://support.microsoft.com/en-us...otect-me-1c9a874a-6826-be5e-45b1-67fa445a74c8

Please remember to enable when we are finished....

Next,

Disable any Anti-virus software you have installed ONLY if it stops software we may use from working:

https://www.bleepingcomputer.com/fo...nti-virus-firewall-and-anti-malware-programs/

Please remember to enable AV software when we are finished running scans....

Thank you,

Kevin
 

Ransomware

Thread Starter
Joined
Nov 18, 2021
Messages
13
---------------------------------------------------------------------------------------
Microsoft Safety Scanner v1.353, (build 1.353.1196.0)
Started On Thu Nov 18 10:27:33 2021

Engine: 1.1.18800.3
Signatures: 1.353.1196.0
MpGear: 1.1.16330.1
Run Mode: Interactive Graphical Mode

Quick Scan Results:
-------------------
Threat Detected: VirTool:Win32/DefenderTamperingRestore and Removed!
Action: Remove, Result: 0x00000000
regkeyvalue://hklm\software\microsoft\windows defender\\DisableAntiSpyware
SigSeq: 0x0000055555C57273
Threat Detected: Trojan:Win32/Tiggre!rfn and Removed!
Action: Remove, Result: 0x00000000
service://AppServiceb
file://C:\WINDOWS\system32\XY4Q6N0LI4.tmp
SigSeq: 0x00001667CFA5FB8B

Results Summary:
----------------
Found VirTool:Win32/DefenderTamperingRestore and Removed!
Found Trojan:Win32/Tiggre!rfn and Removed!
Successfully Submitted MAPS Report






1.๐Ÿ™‚๐Ÿ™ƒ๐Ÿ™‚๐Ÿ™ƒ ๐Ÿ™‚๐Ÿ™ƒ๐Ÿ™‚๐Ÿ™ƒ๐Ÿ™‚๐Ÿ™ƒ๐Ÿ™‚๐Ÿ™ƒ๐Ÿ™‚๐Ÿ™ƒ๐Ÿ™‚๐Ÿ™ƒ๐Ÿ™‚๐Ÿ™ƒ๐Ÿ™‚๐Ÿ™ƒ๐Ÿ™‚๐Ÿ™ƒ๐Ÿ™‚๐Ÿ™ƒ๐Ÿ™‚๐Ÿ™ƒ๐Ÿ™‚๐Ÿ™ƒ๐Ÿ™‚๐Ÿ™ƒ๐Ÿ™‚๐Ÿ™ƒ








Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-11-2021
Ran by Aziz (administrator) on PAVILION (Hewlett-Packard 23-p149) (18-11-2021 15:20:55)
Running from C:\Users\Aziz\Desktop
Loaded Profiles: Aziz
Platform: Microsoft Windows 10 Home Version 1607 14393.447 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
() [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe <2>
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems, Incorporated -> ) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe <2>
(Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc. -> BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(BlueStack Systems, Inc. -> BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc. -> BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(CyberLink Corp. -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Emsisoft Ltd -> Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Emsisoft Ltd -> Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Emsisoft Ltd -> Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(Emsisoft Ltd -> Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\CommService.exe
(Emsisoft Ltd -> Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\eppwsc.exe
(FSPro Labs -> FSPro Labs) C:\Program Files\My Lockbox\mylbx.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> ) C:\Program Files\Google\Drive File Stream\52.0.6.0\crashpad_handler.exe <4>
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\52.0.6.0\GoogleDriveFS.exe <7>
(iSkySoft) [File not signed] [File is in use] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.883\SSScheduler.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Opera Software AS -> Opera Software) C:\Users\Aziz\AppData\Local\Programs\Opera\80.0.4170.72\opera_crashreporter.exe
(Opera Software AS -> Opera Software) C:\Users\Aziz\AppData\Local\Programs\Opera\launcher.exe
(Opera Software AS -> Opera Software) C:\Users\Aziz\AppData\Local\Programs\Opera\opera.exe <52>
(Opera Software AS -> Opera Software) C:\Users\Aziz\AppData\Local\Temp\.opera\7060417EA68B\installer.exe
(Pluto, Inc.) [File not signed] C:\Users\Aziz\AppData\Roaming\Pluto TV\PlutoTV.exe <4>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Restoro Ltd -> Restoro) C:\Program Files\Restoro\bin\RestoroApp.exe
(Restoro Ltd -> Restoro) C:\Program Files\Restoro\bin\RestoroProtection.exe
(Restoro Ltd -> Restoro) C:\Program Files\Restoro\bin\RestoroService.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Softex Inc.) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Softex Incorporated -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Softex Incorporated -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Spotify AB -> Spotify Ltd) C:\Users\Aziz\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Symantec Corporation -> PC Tools) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe
(Trend Micro, Inc. -> ) C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe <3>
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\module\10011\8.2.1148\8.2.1148\TmsaInstance64.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\HouseCall\housecall.bin
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\DiamondRing\DrSDKCaller.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe <4>
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(www.shadowexplorer.com) [File not signed] C:\Program Files (x86)\ShadowExplorer\ShadowExplorer.exe
(Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Users\Aziz\AppData\Roaming\Zoom\bin_00\Zoom.exe <2>
Failed to access process -> opera.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8513792 2015-08-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411328 2015-08-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Softex Incorporated -> Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Softex Incorporated -> Hewlett-Packard)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [mylbx] => C:\Program Files\My Lockbox\mylbx.exe [2638056 2016-05-26] (FSPro Labs -> FSPro Labs)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [Restoro] => C:\Program Files\Restoro\bin\RestoroApp.exe [477728 2021-10-07] (Restoro Ltd -> Restoro) <==== ATTENTION
HKLM\...\Run: [Emsisoft Anti-Malware] => C:\Program Files\Emsisoft Anti-Malware\a2guard.exe [9398784 2021-11-16] (Emsisoft Ltd -> Emsisoft Ltd)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [206960 2021-11-10] (Trend Micro, Inc. -> Trend Micro Inc.)
HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1224872 2021-11-10] (Trend Micro, Inc. -> Trend Micro Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-06] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe [106784 2018-08-28] (Symantec Corporation -> Symantec Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [957976 2016-04-26] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2080768 2014-09-11] (iSkySoft) [File not signed] [File is in use]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) [File not signed]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5267168 2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM\...\RunOnce: [DCERegBootClean64] => C:\WINDOWS\RegBootClean64.exe [485320 2021-11-18] (Trend Micro, Inc. -> Trend Micro Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\52.0.6.0\GoogleDriveFS.exe [54107992 2021-10-18] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\52.0.6.0\GoogleDriveFS.exe [54107992 2021-10-18] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-266641936-1749358909-4162173372-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4267928 2021-10-13] (Valve -> Valve Corporation)
HKU\S-1-5-21-266641936-1749358909-4162173372-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53123712 2016-05-17] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-266641936-1749358909-4162173372-1001\...\Run: [Spotify Web Helper] => C:\Users\Aziz\AppData\Roaming\Spotify\SpotifyWebHelper.exe [780688 2018-02-27] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-266641936-1749358909-4162173372-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [109961064 2021-05-10] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-266641936-1749358909-4162173372-1001\...\Run: [Spotify] => C:\Users\Aziz\AppData\Roaming\Spotify\Spotify.exe [21325200 2018-02-27] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-266641936-1749358909-4162173372-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\52.0.6.0\GoogleDriveFS.exe [54107992 2021-10-18] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-266641936-1749358909-4162173372-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [957976 2016-04-26] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
HKU\S-1-5-21-266641936-1749358909-4162173372-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5397216 2021-10-05] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-266641936-1749358909-4162173372-1001\...\Run: [Opera Browser Assistant] => C:\Users\Aziz\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [4105424 2021-10-14] (Opera Software AS -> Opera Software)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\52.0.6.0\GoogleDriveFS.exe [54107992 2021-10-18] (Google LLC -> Google, Inc.)
HKLM\...\Windows x64\Print Processors\Dell V715w Print Processor: C:\Windows\System32\spool\prtprocs\x64\dleedrpp.dll [189440 2016-01-18] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Windows x64\Print Processors\DELS3PC: C:\Windows\System32\spool\prtprocs\x64\DELS3pc.dll [33792 2015-11-29] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Server 2003 DDK provider)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [65160 2021-05-28] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\DELS3 Langmon: C:\WINDOWS\system32\DELS3L6.DLL [20992 2015-11-29] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\HP Universal Port Monitor: C:\WINDOWS\system32\hpbprtmon.dll [423936 2014-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard)
HKLM\...\Print\Monitors\V715w Port: C:\WINDOWS\system32\dleelmpm.DLL [899072 2016-01-18] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\96.0.4664.45\Installer\chrmstp.exe [2021-11-15] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{AC76BA86-0000-0000-7760-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat DC\Esl\Aiod.dll [2021-09-09] (Adobe Inc. -> Adobe Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{538C240D-3DEE-4032-AB4C-08A3A6EB0861}] -> c:\Program Files (x86)\CyberLink\YouCam\CLCredProv\x64\CLCredProv.dll [2014-05-13] (CyberLink Corp. -> CyberLink)
HKLM\Software\...\Authentication\Credential Providers: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2014-03-28] (Softex Inc..) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2014-03-28] (Softex Inc..) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-12-09]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.883\SSScheduler.exe (McAfee, Inc. -> McAfee, Inc.)
Startup: C:\Users\Aziz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PlutoTV.lnk [2017-04-16]
ShortcutTarget: PlutoTV.lnk -> C:\Users\Aziz\AppData\Roaming\Pluto TV\PlutoTV.exe (Pluto, Inc.) [File not signed]
BootExecute: C:\WINDOWS\DCEBoot64.exeautocheck autochk *
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05C3CDA4-9B9C-4457-BDF2-3B062B713AAA} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-11] (Adobe Inc. -> Adobe)
Task: {07724946-3BA9-490E-8D89-30015E9E346D} - \WPD\SqmUpload_S-1-5-21-266641936-1749358909-4162173372-1001 -> No File <==== ATTENTION
Task: {112E5046-17EF-47A2-A1BD-0BFEE5B440DB} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {132BEAA9-CBB9-4FC7-B7BF-E12E2E1732CC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)
Task: {15E6BABB-0756-453C-BCB2-4C7AA806DA12} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {16DEA092-FB0C-40D0-AE20-0536BECC21D9} - System32\Tasks\Microsoft\Windows\EDP\EDP App Launch Task => {35EF4182-F900-4632-B072-8639E4478A61}
Task: {19E752E6-2C40-4FEA-B99A-D8DFF1741ED7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\BingPopup\BingPopup.exe [555640 2021-03-25] (HP Inc. -> HP Inc.)
Task: {1B65DD58-D16B-45E8-BEB4-94D7E4D64DF7} - System32\Tasks\Microsoft\Windows\EDP\EDP Auth Task => {35EF4182-F900-4632-B072-8639E4478A61}
Task: {30D306B4-18D1-49E9-941B-F9FBAF1B55D5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23124856 2021-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {39FD9104-E176-49AF-9EB1-3B6C13FF3A51} - System32\Tasks\services32 => C:\Users\Aziz\services32.exe (No File)
Task: {43444F3A-C50F-4DED-BD74-5D66A01BD907} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-11] (Adobe Inc. -> Adobe)
Task: {4CBA8819-CE79-43F3-82C6-C33B65569673} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4E631F80-B262-4793-B4C0-66A4987338C3} - \csrss -> No File <==== ATTENTION
Task: {5A5F2BF7-6738-48A4-A399-C5DCB03668F3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Critical Update Pending => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)
Task: {5FA6E98E-D7F6-4526-88A7-13B8EDAF6E82} - System32\Tasks\Opera scheduled Autoupdate 1634158695 => C:\Users\Aziz\AppData\Local\Programs\Opera\launcher.exe [46227664 2021-10-27] (Opera Software AS -> Opera Software)
Task: {68F5EC1C-1B54-4632-B757-EE2595BA7FC2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {718FAFA1-2A94-402E-89C8-2B378CCF5810} - System32\Tasks\Microsoft\Windows\ErrorDetails\Microsoft.WinE8C => rundll32.exe C:\ProgramData\LessTemplate\SystmmWtqlity\logof_Mndia327.dll,cerd_PolicDDIN
Task: {796E763C-223B-401E-9DC3-485F3D1EDAAF} - System32\Tasks\NCH Software\VideoPadCacheDeleteAll => C:\Program Files (x86)\NCH Software\VideoPad\videopad.exe [11061736 2021-10-25] (NCH Software, Inc. -> NCH Software)
Task: {7A6F5AF4-BF3A-4BF8-A774-B397364B3F53} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-11-29] (Google Inc -> Google Inc.)
Task: {7E8B3726-D313-42A2-AF02-C397DC97A16F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-11-29] (Google Inc -> Google Inc.)
Task: {8620D3BA-120E-4120-9CF6-0E525F2AF124} - System32\Tasks\NUSchedule => C:\Program Files (x86)\Symantec\Norton Utilities 16\nu.exe [4012496 2019-08-22] (Symantec Corporation -> Symantec)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {89D73B33-DBC3-46F3-A56B-B35220818BF3} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {8B023424-1001-4431-AEF0-4AC1C6FA4306} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {9331F819-8E20-4235-A2E2-E91F89988CF1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9F5DF85A-F9A5-4D9A-8D3F-7F5B7C416220} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23124856 2021-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {A0DC10B6-961A-4DD6-978B-346819784BF9} - System32\Tasks\YCMServiceAgent => c:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2014-05-13] (CyberLink Corp. -> CyberLink Corp.)
Task: {A1BFDAB8-17C2-4EF7-AA03-BD020ED2244F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [118088 2021-06-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {A2015D4F-B3CC-44CE-AE1B-88F284E055AE} - System32\Tasks\AirSupport Update => C:\Program Files\Trend Micro\AirSupport\Update.exe [4103848 2021-11-10] (Trend Micro, Inc. -> Trend Micro Inc.)
Task: {A6422016-5817-4BC9-BB78-8F342F685C53} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {AF6FDE88-1A93-46E7-A0C5-05A79E329BCE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136304 2021-03-30] (HP Inc. -> HP Inc.)
Task: {B6A54609-B739-48C1-AAF4-328768182BB0} - System32\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate => {9CDA66BE-3271-4723-8D35-DD834C58AD92} C:\Windows\System32\ErrorDetailsUpdate.dll [72704 2016-11-02] (Microsoft Windows -> Microsoft Corporation)
Task: {C102E050-723C-4F19-9A94-79EC2C5E1C55} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [682936 2021-11-05] (Mozilla Corporation -> Mozilla Foundation)
Task: {C5C5AC50-CBD5-4E4E-A9A9-316A9139C25D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [118088 2021-06-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {C62A5B26-B3EF-4C41-A81C-28150CBD50A5} - System32\Tasks\Opera scheduled assistant Autoupdate 1634158750 => C:\Users\Aziz\AppData\Local\Programs\Opera\launcher.exe [46227664 2021-10-27] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Aziz\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {C8542DCB-FA74-454D-B125-4417FA7BDC50} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984 2020-09-16] (HP Inc. -> HP Inc.)
Task: {CB508B77-D1CD-45D4-9031-DC819BAEF019} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {CB602053-EF39-48F5-BB52-5AEC301EDA3C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [326320 2021-07-15] (HP Inc. -> HP Inc.)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D6C573E6-F851-4805-A659-594740C7BB08} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [178776 2015-09-24] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {D84E0AC1-DBCE-4632-A34A-C81BDCB3C966} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1123200 2021-06-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {DD7F8A91-9B03-4CA2-8198-C15BDB25B7A6} - System32\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate => {FE285C8C-5360-41C1-A700-045501C740DE} C:\Windows\System32\ErrorDetailsUpdate.dll [72704 2016-11-02] (Microsoft Windows -> Microsoft Corporation)
Task: {E0E01A7D-4B37-47F2-8721-ED3D2E6AFFB5} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1907712 2021-02-25] () [File not signed]
Task: {E12F246B-0AF1-4F71-9A84-8EEFDF79F176} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {F6165E21-EB26-4D25-A705-56CA99323EB1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F77B7759-5546-4616-B55F-14E4B44B6B11} - System32\Tasks\NUAutoUpdate => C:\Program Files (x86)\Symantec\Norton Utilities 16\SULauncher.exe [988504 2018-08-28] (Symantec Corporation -> PC Tools)
Task: {F9E28ECE-2CD1-4B69-A1D3-C12858E515FF} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-azizbaazaoui@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {FA72207D-4769-4A45-84F4-FDE649921AD0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984 2020-09-16] (HP Inc. -> HP Inc.)
Task: {FB19998D-DCF1-479C-9E1C-9DC1B5525FB8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {FE3EE263-570E-4429-BCAC-572563C61CA7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984 2011-06-01] (Apple Inc. -> Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\NUAutoUpdate.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\SULauncher.exe
Task: C:\WINDOWS\Tasks\NUSchedule.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\nu.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-31] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6a3ca148-e2e9-491e-99a2-923865d9343c}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge Notifications: HKU\S-1-5-21-266641936-1749358909-4162173372-1001 -> hxxps://web.skype.com

FireFox:
========
FF DefaultProfile: bm3vmc8d.default
FF DefaultProfile: zssm23vy.default
FF ProfilePath: C:\Users\Aziz\AppData\Roaming\Mozilla\Firefox\Profiles\bm3vmc8d.default [2021-11-18]
FF NetworkProxy: Mozilla\Firefox\Profiles\bm3vmc8d.default -> no_proxies_on", "hxxps://localhost, localhost, 127.0.0.1"
FF Notifications: Mozilla\Firefox\Profiles\bm3vmc8d.default -> hxxps://www.reddit.com
FF Extension: (British English Dictionary (Updated)) - C:\Users\Aziz\AppData\Roaming\Mozilla\Firefox\Profiles\bm3vmc8d.default\Extensions\en-gb@flyingtophat.co.uk [2015-12-13] [Legacy] [not signed]
FF ProfilePath: C:\Users\Aziz\AppData\Roaming\flintpoker-23aca7707f8cb588f1b353a2714bd5da\Profiles\zssm23vy.default [2016-02-29]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2019-06-10]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-11] (Adobe Inc. -> )
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-11-25] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-11] (Adobe Inc. -> )
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] (Foxit Corporation -> )
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] (Foxit Corporation -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-06-11] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-11-25] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\S-1-5-21-266641936-1749358909-4162173372-1001: @nsroblox.roblox.com/launcher -> C:\Users\Aziz\AppData\Local\Roblox\Versions\version-6675f84c75f246df\\NPRobloxProxy.dll [2012-12-31] (ROBLOX Corporation -> ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-266641936-1749358909-4162173372-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Aziz\AppData\Local\Roblox\Versions\version-6675f84c75f246df\\NPRobloxProxy64.dll [2012-12-31] ( ROBLOX Corporation) [File not signed]
FF Plugin HKU\S-1-5-21-266641936-1749358909-4162173372-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Aziz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-01-22] (Unity Technologies SF -> Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Profile 2
CHR Profile: C:\Users\Aziz\AppData\Local\Google\Chrome\User Data\Default [2021-11-18]
CHR Notifications: Default -> hxxps://alhayahalyoum.os.tc; hxxps://alraimediacom.foxpush.net; hxxps://mail.google.com; hxxps://web.skype.com; hxxps://worldscholarshipforum.com; hxxps://www.facebook.com; hxxps://www.ledevoir.com; hxxps://www.netflix.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://www.ctcodeinfo.com/search?q={searchTerms}
CHR DefaultSearchKeyword: Default -> Custom
CHR Extension: (Slides) - C:\Users\Aziz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-17]
CHR Extension: (Docs) - C:\Users\Aziz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-17]
CHR Extension: (Google Drive) - C:\Users\Aziz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-27]
CHR Extension: (YouTube) - C:\Users\Aziz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-29]
CHR Extension: (Google Search) - C:\Users\Aziz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-29]
CHR Extension: (Adobe Acrobat) - C:\Users\Aziz\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-10-26]
CHR Extension: (Sheets) - C:\Users\Aziz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-17]
CHR Extension: (Google Docs Offline) - C:\Users\Aziz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-26]
CHR Extension: (Custom) - C:\Users\Aziz\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemlmgggokggmncimchkllhcjcaimcle [2021-11-15]
CHR Extension: (Skype) - C:\Users\Aziz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Aziz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\Aziz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-27]
CHR Profile: C:\Users\Aziz\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-11-16]
CHR Profile: C:\Users\Aziz\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-10-26]
CHR Extension: (Slides) - C:\Users\Aziz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-10-26]
CHR Extension: (Docs) - C:\Users\Aziz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2021-10-26]
CHR Extension: (Google Drive) - C:\Users\Aziz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-10-26]
CHR Extension: (YouTube) - C:\Users\Aziz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-10-26]
CHR Extension: (Adobe Acrobat) - C:\Users\Aziz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-10-26]
CHR Extension: (Sheets) - C:\Users\Aziz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-10-26]
CHR Extension: (Google Docs Offline) - C:\Users\Aziz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-26]
CHR Extension: (Skype) - C:\Users\Aziz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2021-10-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Aziz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-10-26]
CHR Extension: (Gmail) - C:\Users\Aziz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-10-26]
CHR Profile: C:\Users\Aziz\AppData\Local\Google\Chrome\User Data\Profile 2 [2021-11-17]
CHR Extension: (Slides) - C:\Users\Aziz\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-10-26]
CHR Extension: (Docs) - C:\Users\Aziz\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2021-10-26]
CHR Extension: (Google Drive) - C:\Users\Aziz\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-10-26]
CHR Extension: (YouTube) - C:\Users\Aziz\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-10-26]
CHR Extension: (Adobe Acrobat) - C:\Users\Aziz\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-10-26]
CHR Extension: (Sheets) - C:\Users\Aziz\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-10-26]
CHR Extension: (Google Docs Offline) - C:\Users\Aziz\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-26]
CHR Extension: (Skype) - C:\Users\Aziz\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2021-10-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Aziz\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-10-26]
CHR Extension: (Gmail) - C:\Users\Aziz\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-10-26]
CHR Profile: C:\Users\Aziz\AppData\Local\Google\Chrome\User Data\System Profile [2021-11-16]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]

Opera:
=======
OPR Profile: C:\Users\Aziz\AppData\Roaming\Opera Software\Opera Stable [2021-11-18]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\Aziz\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-11-03]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\Aziz\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-10-13]
OPR Extension: (Mate Translate โ€“ translator, dictionary) - C:\Users\Aziz\AppData\Roaming\Opera Software\Opera Stable\Extensions\ollghamalkmmhboihmhoaaobmamehjgn [2021-11-16]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [10765928 2021-11-16] (Emsisoft Ltd -> Emsisoft Ltd)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-11] (Adobe Inc. -> Adobe)
R2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE [117168 2015-08-07] (Andrea Electronics -> Andrea Electronics Corporation)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3833088 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3603200 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
S2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2015-08-06] (Advanced Micro Devices) [File not signed]
R2 Amsp; C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [386920 2021-11-09] (Trend Micro, Inc. -> Trend Micro Inc.)
S2 AMSPTLM; C:\Program Files\Trend Micro\AMSP\AMSPTelemetryService.exe [450232 2021-11-09] (Trend Micro, Inc. -> Trend Micro Inc.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437784 2016-04-26] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417304 2016-04-26] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [437784 2016-04-26] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [921112 2016-04-26] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [88064 2014-03-05] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11279752 2021-06-03] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44328 2021-11-10] (Dropbox, Inc -> Dropbox, Inc.)
S3 DiskDoctorService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1168720 2018-08-28] (Symantec Corporation -> Symantec Corporation)
R2 EmsiCommService; C:\Program Files\Emsisoft Anti-Malware\CommService.exe [14249208 2021-11-16] (Emsisoft Ltd -> Emsisoft Ltd)
R2 EppWsc; C:\Program Files\Emsisoft Anti-Malware\EppWsc.exe [1545368 2021-11-16] (Emsisoft Ltd -> Emsisoft Ltd)
S3 fsphfext; C:\WINDOWS\SysWOW64\HFExtSvc.exe [166176 2016-06-03] (FSPro Labs -> FSPro Labs)
R2 mfevtp; C:\windows\system32\mfevtps.exe [275368 2015-11-18] (McAfee, Inc. -> McAfee, Inc.)
R2 NU16StartManagerSvc; C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [799992 2018-08-28] (Symantec Corporation -> PC Tools)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1133224 2021-11-10] (Trend Micro, Inc. -> Trend Micro Inc.)
R2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [2795688 2021-05-28] (Trend Micro, Inc. -> Trend Micro Inc.)
R2 RestoroActiveProtection; C:\Program Files\Restoro\bin\RestoroProtection.exe [9310216 2021-02-07] (Restoro Ltd -> Restoro) <==== ATTENTION
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> )
S3 SpeedDiskService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1182640 2018-08-28] (Symantec Corporation -> Symantec Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation -> Microsoft Corporation)
S2 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" [X]
S2 mcbootdelaystartsvc; "C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S4 WinDefender; [X] <==== ATTENTION

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcmfn; C:\WINDOWS\System32\drivers\bcmfn.sys [9728 2016-07-16] (Microsoft Windows -> Windows (R) Win 7 DDK provider)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154168 2016-04-26] (Bluestack Systems, Inc. -> BlueStack Systems)
R2 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2016-04-06] (Bluestack Systems, Inc. -> Bluestack System Inc.)
R1 epp; C:\Program Files\Emsisoft Anti-Malware\epp.sys [155112 2021-11-16] (Microsoft Windows Hardware Compatibility Publisher -> Emsisoft Ltd)
R0 eppdisk; C:\WINDOWS\System32\drivers\eppdisk.sys [37776 2021-11-16] (Emsisoft Ltd -> Emsisoft Ltd)
S0 EppElam; C:\WINDOWS\System32\drivers\EppElam.sys [16808 2021-11-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Emsisoft Ltd)
R1 eppwfp; C:\Program Files\Emsisoft Anti-Malware\eppwfp.sys [126968 2021-11-16] (Microsoft Windows Hardware Compatibility Publisher -> Emsisoft Ltd)
R0 FSProFilter2; C:\WINDOWS\System32\Drivers\FSPFltd2.sys [57648 2011-06-03] (Alfa System Programming -> FSPro Labs)
R1 googledrivefs3525; C:\WINDOWS\System32\DRIVERS\googledrivefs3525.sys [389640 2021-08-09] (Google LLC -> Google, Inc.)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation -> Malwarebytes Corporation)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [351144 2015-11-25] (McAfee, Inc. -> McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [846080 2015-11-25] (McAfee, Inc. -> McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [245096 2015-11-25] (McAfee, Inc. -> McAfee, Inc.)
S3 MpKsl9089f746; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3AD25710-EE76-4F5E-9966-09AEB97F2F31}\MpKslDrv.sys [48376 2021-11-16] (Microsoft Windows -> Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] (Microsoft Windows -> )
R2 PfFilter; C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys [39104 2015-03-10] (IObit Information Technology -> IObit Information Technology)
S3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security S.L. -> Panda Security, S.L.)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R0 TMEBC; C:\WINDOWS\System32\DRIVERS\TMEBC64.sys [67168 2021-11-09] (Microsoft Windows Hardware Compatibility Publisher -> Trend Micro Inc.)
R2 tmeevw; C:\WINDOWS\system32\DRIVERS\tmeevw.sys [152512 2021-11-09] (Trend Micro, Inc. -> Trend Micro Inc.)
S0 tmel; C:\WINDOWS\System32\DRIVERS\tmel.sys [39872 2021-11-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Trend Micro Inc.)
R1 tmeyes; C:\WINDOWS\system32\DRIVERS\tmeyes.sys [676944 2021-11-09] (Microsoft Windows Hardware Compatibility Publisher -> Trend Micro Inc.)
R2 tmnciesc; C:\WINDOWS\system32\DRIVERS\tmnciesc.sys [553552 2021-11-09] (Microsoft Windows Hardware Compatibility Publisher -> Trend Micro Inc.)
R1 tmumh; C:\WINDOWS\system32\DRIVERS\TMUMH.sys [161280 2021-11-09] (Trend Micro, Inc. -> Trend Micro Inc.)
R2 tmusa; C:\WINDOWS\system32\DRIVERS\tmusa.sys [137128 2021-11-09] (Trend Micro, Inc. -> Trend Micro, Inc.)
R3 voxaldriver; C:\WINDOWS\system32\DRIVERS\voxaldriverx64.sys [55976 2021-11-03] (NCH Software, Inc. -> )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Windows -> Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 MpKsl91493b43; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BC11411F-F088-4DF1-ACF9-B83F1963EC4D}\MpKslDrv.sys [X]
S3 MpKsld52a881b; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BC11411F-F088-4DF1-ACF9-B83F1963EC4D}\MpKslDrv.sys [X]
U2 TMAgent; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-18 15:20 - 2021-11-18 15:36 - 000048159 _____ C:\Users\Aziz\Desktop\FRST.txt
2021-11-18 15:16 - 2021-11-18 15:32 - 000000000 ____D C:\FRST
2021-11-18 15:13 - 2021-11-18 15:13 - 002311680 _____ (Farbar) C:\Users\Aziz\Desktop\FRST64.exe
2021-11-18 15:12 - 2021-11-18 15:12 - 002311680 _____ (Farbar) C:\Users\Aziz\Downloads\459a95d7-0bfd-4346-a1d7-e0473b48fc24.tmp
2021-11-18 15:05 - 2021-11-18 15:05 - 000035496 _____ (Trend Micro Inc.) C:\WINDOWS\DCEBoot64.exe
2021-11-18 15:05 - 2021-11-18 15:05 - 000002388 _____ C:\WINDOWS\DCEBOOT.CFG
2021-11-18 13:17 - 2021-11-18 13:19 - 343497467 _____ C:\Users\Aziz\Desktop\Compressed RansomWare Files - STOP (Djvu).zip
2021-11-18 10:24 - 2021-11-18 15:05 - 000012318 _____ C:\WINDOWS\RegBootClean64.CFG
2021-11-18 10:02 - 2021-11-18 10:02 - 000002247 _____ C:\Users\Aziz\Desktop\Trend Micro Maximum Security.lnk
2021-11-18 10:02 - 2021-11-18 10:02 - 000002156 _____ C:\Users\Aziz\Desktop\Trend Micro Pay Guard.lnk
2021-11-18 10:02 - 2021-11-18 10:02 - 000000000 ____D C:\Users\Aziz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Maximum Security
2021-11-18 10:01 - 2021-11-18 10:01 - 000008496 _____ C:\WINDOWS\system32\AmspLogList.ini
2021-11-18 10:01 - 2021-11-18 10:01 - 000002222 _____ C:\WINDOWS\system32\AmspConfig.ini
2021-11-18 10:01 - 2021-11-18 10:01 - 000001954 _____ C:\WINDOWS\system32\AmspLogFilter.ini
2021-11-18 10:01 - 2021-11-18 10:01 - 000000127 _____ C:\WINDOWS\system32\trxhandler_log.ini
2021-11-18 10:01 - 2021-11-18 10:01 - 000000080 _____ C:\WINDOWS\system32\log.ini
2021-11-18 10:00 - 2021-11-18 10:00 - 000000000 ___HD C:\TMRescueDisk
2021-11-18 09:56 - 2021-11-18 09:56 - 000000000 ____D C:\WINDOWS\SysWOW64\tmumh
2021-11-18 09:56 - 2021-11-18 09:56 - 000000000 ____D C:\WINDOWS\SysWOW64\TmAMSI
2021-11-18 09:56 - 2021-11-18 09:56 - 000000000 ____D C:\WINDOWS\system32\tmumh
2021-11-18 09:56 - 2021-11-18 09:56 - 000000000 ____D C:\WINDOWS\system32\TmAMSI
2021-11-18 09:56 - 2021-11-09 23:08 - 000676944 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmeyes.sys
2021-11-18 09:56 - 2021-11-09 23:08 - 000553552 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmnciesc.sys
2021-11-18 09:56 - 2021-11-09 23:08 - 000161280 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\TMUMH.sys
2021-11-18 09:56 - 2021-11-09 23:08 - 000152512 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmeevw.sys
2021-11-18 09:56 - 2021-11-09 23:08 - 000137128 _____ (Trend Micro, Inc.) C:\WINDOWS\system32\Drivers\tmusa.sys
2021-11-18 09:56 - 2021-11-09 23:08 - 000067168 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\TMEBC64.sys
2021-11-18 09:56 - 2021-11-09 23:08 - 000039872 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmel.sys
2021-11-18 09:47 - 2021-11-18 09:47 - 000000059 _____ C:\WINDOWS\system32\SupportTool.exe.bat
2021-11-18 09:45 - 2021-11-18 09:45 - 000000000 ____D C:\Users\Aziz\AppData\Roaming\Trend Micro
2021-11-18 09:45 - 2021-11-18 09:45 - 000000000 ____D C:\Users\Aziz\AppData\Local\User Data
2021-11-18 09:43 - 2021-11-18 09:44 - 000001024 _____ C:\.rnd
2021-11-18 09:42 - 2021-11-18 09:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Password Manager
2021-11-18 09:41 - 2021-11-18 15:36 - 000000000 ____D C:\Users\Aziz\AppData\Local\DP_Tower_3.7
2021-11-18 09:40 - 2021-11-18 09:46 - 000000000 ____D C:\ProgramData\TMDP_Log
2021-11-18 09:40 - 2021-11-18 09:40 - 000000000 ____D C:\ProgramData\TMDP_Setup
2021-11-18 09:39 - 2021-11-18 09:39 - 000003382 _____ C:\WINDOWS\system32\Tasks\AirSupport Update
2021-11-18 09:39 - 2021-11-18 09:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Troubleshooting Tool
2021-11-18 09:27 - 2021-11-18 09:32 - 454909240 _____ (Trend Micro Inc.) C:\Users\Aziz\Downloads\TrendMicro_17.7Q4_HE_Full.exe
2021-11-18 09:17 - 2021-11-18 09:26 - 454909240 _____ (Trend Micro Inc.) C:\Users\Aziz\Downloads\TrendMicro_17.7Q4_HE_Full.exe.opdownload
2021-11-18 02:00 - 2021-11-18 02:28 - 000000000 ____D C:\Users\Aziz\AppData\Local\Trend Micro
2021-11-18 01:54 - 2021-11-18 09:32 - 000000000 ____D C:\ProgramData\Trend Micro Installer
2021-11-18 01:48 - 2021-11-18 15:05 - 000485320 _____ (Trend Micro Inc.) C:\WINDOWS\RegBootClean64.exe
2021-11-18 01:39 - 2021-11-18 01:39 - 000932020 _____ C:\Users\Aziz\AppData\Local\census.cache
2021-11-18 01:18 - 2021-11-18 01:18 - 000512337 _____ C:\Users\Aziz\AppData\Local\ars.cache
2021-11-17 00:34 - 2021-11-17 00:34 - 000004398 _____ C:\Users\Aziz\Desktop\scan_211116-234004.txt
2021-11-16 23:35 - 2021-11-16 20:01 - 000016808 _____ (Emsisoft Ltd) C:\WINDOWS\system32\Drivers\EppElam.sys
2021-11-16 23:34 - 2021-11-16 23:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2021-11-16 23:34 - 2021-11-16 20:01 - 000037776 _____ (Emsisoft Ltd) C:\WINDOWS\system32\Drivers\eppdisk.sys
2021-11-16 23:33 - 2021-11-18 15:38 - 000000000 ____D C:\Program Files\Emsisoft Anti-Malware
2021-11-16 23:31 - 2021-11-17 00:33 - 000000000 ____D C:\ProgramData\Emsisoft
2021-11-16 23:31 - 2021-11-16 23:31 - 002285856 ____N (Emsisoft Ltd) C:\Users\Aziz\Downloads\EmsisoftAntiMalwareWebSetup_89bb8357-421e-4a0d-a49c-1ea9b73906b2.exe
2021-11-16 22:17 - 2021-11-16 22:17 - 012444088 _____ C:\Users\Aziz\Downloads\testdisk-7.0.win.zip
2021-11-16 21:58 - 2021-11-16 21:58 - 000001752 _____ C:\Users\Public\Desktop\Restoro.lnk
2021-11-16 21:58 - 2021-11-16 21:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Restoro
2021-11-16 21:58 - 2021-11-16 21:58 - 000000000 ____D C:\Program Files\Restoro
2021-11-16 21:57 - 2021-11-16 22:59 - 000000168 _____ C:\WINDOWS\restoro.ini
2021-11-16 21:57 - 2021-11-16 22:49 - 000000000 ____D C:\ProgramData\Restoro
2021-11-16 21:57 - 2021-11-16 21:57 - 000932664 _____ (Restoro) C:\Users\Aziz\Downloads\Restoro.exe
2021-11-16 21:50 - 2021-11-16 21:50 - 000909432 _____ (Emsisoft Ltd.) C:\Users\Aziz\Downloads\decrypt_STOPPuma.exe
2021-11-16 21:43 - 2021-11-16 21:44 - 001182144 _____ (Emsisoft Ltd.) C:\Users\Aziz\Downloads\decrypt_STOPDjvu.exe
2021-11-16 16:55 - 2021-11-16 16:55 - 000000000 ____D C:\Users\Aziz\AppData\Roaming\www.shadowexplorer.com
2021-11-16 16:54 - 2021-11-18 13:02 - 000000000 ____D C:\Program Files (x86)\ShadowExplorer
2021-11-16 16:54 - 2021-11-16 16:54 - 000001973 _____ C:\Users\Aziz\Desktop\ShadowExplorer.lnk
2021-11-16 16:54 - 2021-11-16 16:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
2021-11-16 16:53 - 2021-11-16 16:54 - 000969845 _____ (ShadowExplorer.com ) C:\Users\Aziz\Downloads\ShadowExplorer-0.9-setup.exe
2021-11-16 14:13 - 2021-11-17 23:44 - 000000010 _____ C:\Users\Aziz\AppData\Local\sponge.last.runtime.cache
2021-11-16 13:59 - 2021-11-18 10:25 - 000000000 ____D C:\ProgramData\Trend Micro
2021-11-16 13:57 - 2021-11-16 13:57 - 000000000 ____D C:\WINDOWS\Trend Micro
2021-11-16 13:39 - 2015-01-29 18:21 - 000050320 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2021-11-16 13:17 - 2021-11-18 15:14 - 000000036 _____ C:\Users\Aziz\AppData\Local\housecall.guid.cache
2021-11-16 13:17 - 2021-11-18 09:42 - 000000000 ____D C:\Program Files\Trend Micro
2021-11-16 13:15 - 2021-11-16 13:17 - 003711952 ____N (Trend Micro Inc.) C:\Users\Aziz\Downloads\HousecallLauncher64.exe
2021-11-15 20:04 - 2021-11-15 20:04 - 000006060 _____ C:\WINDOWS\SysWOW64\BroomData.bit
2021-11-15 20:04 - 2013-04-08 15:30 - 000022752 _____ C:\WINDOWS\system32\PCloudBroom64.exe
2021-11-15 19:20 - 2021-11-15 19:23 - 075038802 _____ C:\Users\Aziz\Downloads\Decrypt Software.avi
2021-11-15 18:19 - 2015-09-14 13:03 - 000039672 _____ C:\WINDOWS\system32\Drivers\DasPtct.SYS
2021-11-15 18:18 - 2021-11-15 18:18 - 000001382 _____ C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2021-11-15 18:18 - 2021-11-15 18:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2021-11-15 18:18 - 2021-11-15 18:18 - 000000000 ____D C:\Program Files (x86)\Panda Security
2021-11-15 18:17 - 2021-11-15 18:18 - 038191600 _____ (Panda Security ) C:\Users\Aziz\Downloads\PandaCloudCleaner.exe
2021-11-15 17:37 - 2021-11-15 17:37 - 000003256 _____ C:\WINDOWS\system32\Tasks\services32
2021-11-15 17:37 - 2021-11-15 17:37 - 000000000 ____D C:\Users\Aziz\AppData\Local\Calculator
2021-11-15 17:34 - 2021-11-15 17:34 - 000000128 _____ C:\Users\Aziz\AppData\Local\PUTTY.RND
2021-11-15 17:32 - 2021-11-15 17:32 - 000001117 _____ C:\Users\Default.migrated\_readme.txt
2021-11-15 17:32 - 2021-11-15 17:32 - 000001117 _____ C:\Users\Aziz\Desktop\_readme.txt
2021-11-15 17:32 - 2021-11-15 17:32 - 000001117 _____ C:\Users\ADMINI~1\_readme.txt
2021-11-15 17:32 - 2021-11-15 17:32 - 000000490 _____ C:\Users\Aziz\Desktop\CorpVPN - Shortcut.lnk
2021-11-15 17:31 - 2021-11-15 17:31 - 000001420 _____ C:\Users\Aziz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-11-15 17:31 - 2021-11-15 17:31 - 000001390 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-11-15 17:31 - 2021-11-15 17:31 - 000001390 _____ C:\Users\Aziz\Desktop\Google Chrome.lnk
2021-11-15 17:23 - 2021-11-15 17:23 - 000000000 ____D C:\Users\Aziz\AppData\Roaming\System
2021-11-15 17:21 - 2021-11-15 17:21 - 000000000 ____D C:\ProgramData\AW43JDLP5JV7V3FAN0YXTF783
2021-11-15 17:20 - 2021-11-15 17:20 - 001229012 _____ C:\Users\Aziz\AppData\Roaming\7628691.exe
2021-11-15 17:20 - 2021-11-15 17:20 - 000000559 _____ C:\Users\Aziz\AppData\Local\bowsakkdestx.txt
2021-11-15 17:20 - 2021-11-15 17:20 - 000000000 ____D C:\SystemID
2021-11-15 17:19 - 2021-11-15 17:19 - 000059392 _____ (ajwfdaidwa) C:\Users\Aziz\AppData\Roaming\5051298.exe
2021-11-15 17:18 - 2021-11-18 09:40 - 000000000 ___HD C:\WINDOWS\rss
2021-11-15 17:15 - 2021-11-15 17:15 - 000000000 ____D C:\Users\Public\Documents\elater
2021-11-15 17:15 - 2021-11-15 17:15 - 000000000 ____D C:\Users\Aziz\AppData\Local\Yandex
2021-11-15 17:15 - 2021-11-15 17:15 - 000000000 ____D C:\ProgramData\GLD2NXWJZOJ4P9E5WXPBE1M7T
2021-11-15 17:13 - 2021-11-18 12:22 - 000000000 ____D C:\Users\Aziz\Documents\VlcpVideoV1.0.1
2021-11-15 17:13 - 2021-11-17 00:37 - 000000000 ____D C:\Users\Aziz\AppData\Roaming\Calculator
2021-11-15 17:13 - 2021-11-15 17:34 - 000000000 ____D C:\Program Files (x86)\FarLabUninstaller
2021-11-15 17:13 - 2021-11-15 17:22 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2021-11-15 17:13 - 2021-11-15 17:22 - 000144848 _____ (Mozilla Foundation) C:\ProgramData\softokn3.dll
2021-11-15 17:13 - 2021-11-15 17:21 - 000334288 _____ (Mozilla Foundation) C:\ProgramData\freebl3.dll
2021-11-15 17:13 - 2021-11-15 17:21 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2021-11-15 17:13 - 2021-11-15 17:20 - 000169100 _____ C:\END
2021-11-15 17:13 - 2021-11-15 17:13 - 000916735 _____ (SQLite Development Team) C:\Users\Aziz\AppData\LocalLow\sqlite3.dll
2021-11-15 17:13 - 2021-11-15 17:13 - 000068608 _____ (Derefner) C:\Users\Aziz\AppData\Roaming\841091.exe
2021-11-15 17:13 - 2021-11-15 17:13 - 000000000 ____D C:\Users\Aziz\AppData\LocalLow\Wallets
2021-11-15 17:13 - 2021-11-15 17:13 - 000000000 ____D C:\ProgramData\T3I90FP1HPT3NEA04DE7U1MF7
2021-11-15 17:13 - 2021-11-15 17:13 - 000000000 ____D C:\ProgramData\SFBCMZU3YAIK9YZ06OMP4K702
2021-11-15 17:12 - 2021-11-16 22:27 - 000000000 ____D C:\Program Files (x86)\PowerControl
2021-11-15 17:12 - 2021-11-15 17:12 - 000000000 ____D C:\Program Files (x86)\Company
2021-11-15 17:11 - 2021-11-15 17:12 - 000154057 _____ C:\Users\Aziz\Downloads\Click_here (1).zip
2021-11-15 17:08 - 2021-11-15 17:08 - 000154057 _____ C:\Users\Aziz\Downloads\Click_here.zip
2021-11-13 17:43 - 2021-11-18 00:52 - 000000000 __SHD C:\found.000
2021-11-13 17:18 - 2021-11-13 17:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-11-10 20:09 - 2021-11-10 20:09 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2021-11-10 20:09 - 2021-11-10 20:09 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2021-11-10 20:09 - 2021-11-10 20:09 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2021-11-10 20:09 - 2021-11-10 20:09 - 000044328 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2021-11-09 14:40 - 2021-11-09 14:40 - 000000000 ____D C:\Users\Aziz\AppData\Roaming\Application Support
2021-11-09 14:37 - 2021-11-09 14:37 - 000000000 ____D C:\Users\Aziz\Documents\Audacity
2021-11-09 14:33 - 2021-11-09 14:42 - 000000000 ____D C:\Users\Aziz\AppData\Roaming\audacity
2021-11-09 14:33 - 2021-11-09 14:33 - 000000872 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2021-11-09 14:33 - 2021-11-09 14:33 - 000000860 _____ C:\Users\Public\Desktop\Audacity.lnk
2021-11-09 14:33 - 2021-11-09 14:33 - 000000000 ____D C:\Users\Aziz\AppData\Local\audacity
2021-11-09 14:32 - 2021-11-09 14:33 - 000000000 ____D C:\Program Files\Audacity
2021-11-09 14:29 - 2021-11-09 14:32 - 035138520 _____ (Audacity Team ) C:\Users\Aziz\Downloads\audacity-win-3.1.0-64bit.exe
2021-11-09 14:19 - 2021-11-09 14:19 - 000000000 ____D C:\Users\Aziz\NCH Software Suite
2021-11-09 14:06 - 2021-11-09 14:06 - 000001356 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
2021-11-09 14:06 - 2021-11-09 14:06 - 000001344 _____ C:\Users\Public\Desktop\VideoPad Video Editor.lnk
2021-11-09 14:05 - 2021-11-09 14:17 - 005282792 _____ (NCH Software) C:\Users\Aziz\Downloads\vppsetup.exe
2021-11-09 14:03 - 2021-11-09 14:03 - 000000000 ____D C:\Users\Aziz\Desktop\NCH Media Software
2021-11-09 13:43 - 2021-11-09 14:18 - 002515944 _____ (NCH Software) C:\Users\Aziz\Downloads\wpsetup.exe
2021-11-09 13:29 - 2021-11-09 13:30 - 200074873 _____ C:\Users\Aziz\Downloads\ERA_Bundle_v6.0.20-VoiceChanger_v1.2.10-WIN (1).zip
2021-11-09 13:00 - 2021-11-09 13:00 - 000000000 ____D C:\Users\Aziz\Documents\Accusonus
2021-11-09 13:00 - 2021-11-09 13:00 - 000000000 ____D C:\Program Files\Steinberg
2021-11-09 13:00 - 2021-11-09 13:00 - 000000000 ____D C:\Program Files\Common Files\VST3
2021-11-09 12:59 - 2021-11-09 14:36 - 000000000 ____D C:\Users\Aziz\AppData\Local\accusonus
2021-11-09 12:59 - 2021-11-09 13:01 - 000000000 ____D C:\ProgramData\Accusonus
2021-11-09 12:59 - 2021-11-09 12:59 - 000000000 ____D C:\Program Files\Common Files\Avid
2021-11-09 12:54 - 2021-11-09 12:54 - 000000000 ____D C:\Users\Aziz\Downloads\accusonous
2021-11-09 12:52 - 2021-11-09 12:53 - 200074873 _____ C:\Users\Aziz\Downloads\ERA_Bundle_v6.0.20-VoiceChanger_v1.2.10-WIN.zip
2021-11-05 20:15 - 2021-11-06 17:52 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2021-11-05 20:09 - 2021-11-05 20:09 - 000003362 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-266641936-1749358909-4162173372-1001
2021-11-05 20:09 - 2021-11-05 20:09 - 000002367 _____ C:\Users\Aziz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-11-04 13:50 - 2021-11-09 14:19 - 000001336 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk
2021-11-04 13:50 - 2021-11-09 14:19 - 000001324 _____ C:\Users\Public\Desktop\WavePad Sound Editor.lnk
2021-11-04 06:52 - 2021-11-04 06:53 - 000457004 _____ C:\WINDOWS\Minidump\110421-42812-01.dmp
2021-11-03 22:16 - 2021-11-03 22:16 - 000001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch Sound File Converter.lnk
2021-11-03 22:16 - 2021-11-03 22:16 - 000001206 _____ C:\Users\Public\Desktop\Switch Sound File Converter.lnk
2021-11-03 22:15 - 2021-11-03 22:16 - 001457152 _____ (NCH Software) C:\Users\Aziz\Downloads\SwitchAudioFileConverter.exe
2021-11-03 20:12 - 2021-11-16 14:14 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
2021-11-03 20:10 - 2021-11-03 20:10 - 000002084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Suite.lnk
2021-11-03 20:08 - 2021-11-09 14:06 - 000000000 ____D C:\ProgramData\NCH Software
2021-11-03 20:08 - 2021-11-03 20:08 - 000001188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voxal Voice Changer.lnk
2021-11-03 20:08 - 2021-11-03 20:08 - 000001176 _____ C:\Users\Public\Desktop\Voxal Voice Changer.lnk
2021-11-03 20:07 - 2021-11-09 14:06 - 000000000 ____D C:\Users\Aziz\AppData\Roaming\NCH Software
2021-11-03 20:07 - 2021-11-09 14:06 - 000000000 ____D C:\Program Files (x86)\NCH Software
2021-11-03 20:07 - 2021-11-03 20:08 - 000001320 _____ C:\Users\Public\Desktop\NCH Suite.lnk
2021-11-03 20:07 - 2021-11-03 20:07 - 000055976 _____ C:\WINDOWS\system32\Drivers\voxaldriverx64.sys
2021-11-03 20:04 - 2021-11-03 20:07 - 001471456 _____ (NCH Software) C:\Users\Aziz\Downloads\VoxalVoiceChanger.exe
2021-10-28 11:56 - 2021-10-28 11:56 - 000004156 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1634158695
2021-10-28 11:55 - 2021-10-28 11:55 - 000001409 _____ C:\Users\Aziz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2021-10-26 20:53 - 2021-11-09 13:05 - 000002439 _____ C:\Users\Aziz\Desktop\Person 1 - Chrome.lnk
2021-10-25 05:37 - 2021-10-25 05:37 - 001875936 _____ (Tenorshare Co., Ltd.) C:\Users\Aziz\Downloads\4ukeyforandroid.exe
2021-10-20 18:11 - 2021-11-16 15:40 - 000000000 ____D C:\Users\Aziz\Downloads\images
2021-10-20 17:33 - 2021-11-17 15:12 - 000012744 _____ C:\Users\Aziz\Documents\starburn.txt
2021-10-20 17:32 - 2021-10-20 17:32 - 000001225 _____ C:\Users\Public\Desktop\Wondershare Filmora.lnk
2021-10-20 17:31 - 2021-11-15 19:10 - 000000000 ____D C:\Users\Aziz\Documents\Wondershare Filmora
2021-10-20 17:31 - 2021-10-20 17:31 - 000000000 ____D C:\ProgramData\Wondershare Video Editor
2021-10-20 17:24 - 2021-10-20 17:43 - 000000000 ____D C:\Users\Aziz\Downloads\Filmora
2021-10-20 16:25 - 2021-10-20 16:26 - 170835894 _____ C:\Users\Aziz\Downloads\Wondershare.Filmora_7.8.9.1.rar
2021-10-20 15:28 - 2021-10-20 15:28 - 060646624 _____ C:\Users\Aziz\Downloads\PowerDirector-Full-v6.1.2_build_69282-Mod.apk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-18 14:53 - 2021-09-28 07:57 - 000000000 ____D C:\Users\Aziz\AppData\Roaming\slobs-client
2021-11-18 14:41 - 2016-09-15 18:01 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-11-18 14:12 - 2015-11-29 14:48 - 000000000 ____D C:\Program Files (x86)\Google
2021-11-18 13:30 - 2016-06-25 13:16 - 000000000 ____D C:\Program Files (x86)\VideoLAN
2021-11-18 09:57 - 2016-07-16 01:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-11-18 09:56 - 2016-07-16 06:47 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-11-18 09:40 - 2013-08-22 08:25 - 000000325 _____ C:\WINDOWS\win.ini
2021-11-18 09:30 - 2016-11-20 17:17 - 000000000 ____D C:\Users\Aziz\AppData\LocalLow\Mozilla
2021-11-18 08:59 - 2015-12-31 23:14 - 000000000 ____D C:\ProgramData\BlueStacksSetup
2021-11-18 08:59 - 2015-09-20 14:56 - 000000000 ____D C:\Users\Aziz\Documents\Youcam
2021-11-18 08:58 - 2016-06-11 15:58 - 000000000 ____D C:\Users\Aziz\AppData\Roaming\Pluto TV
2021-11-18 08:58 - 2016-06-04 13:15 - 000000000 ____D C:\Users\Aziz\AppData\Roaming\Spotify
2021-11-18 08:57 - 2016-09-15 18:06 - 000000000 ____D C:\Users\Aziz
2021-11-18 08:57 - 2015-09-22 20:58 - 000000000 ____D C:\Program Files (x86)\Steam
2021-11-18 08:57 - 2015-09-21 18:15 - 000000000 ____D C:\Users\Aziz\AppData\Roaming\Skype
2021-11-18 08:56 - 2014-12-22 23:39 - 000000000 ____D C:\ProgramData\Temp
2021-11-18 08:54 - 2016-09-15 18:32 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-11-18 02:38 - 2014-12-22 23:59 - 000000000 ____D C:\ProgramData\McAfee
2021-11-18 02:38 - 2014-12-22 23:59 - 000000000 ____D C:\Program Files\Common Files\mcafee
2021-11-18 02:38 - 2014-12-22 23:59 - 000000000 ____D C:\Program Files (x86)\McAfee
2021-11-18 02:37 - 2016-09-15 18:03 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2021-11-18 02:37 - 2016-07-16 01:04 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2021-11-18 02:25 - 2016-07-16 06:45 - 000000000 ____D C:\WINDOWS\INF
2021-11-18 02:24 - 2016-09-15 18:32 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2021-11-18 02:17 - 2015-11-17 15:46 - 000000000 ____D C:\Users\ADMINI~1
2021-11-18 02:17 - 2015-07-10 04:47 - 000000000 ____D C:\Users\Default.migrated
2021-11-18 01:49 - 2016-09-15 15:27 - 000000000 ____D C:\Windows10Upgrade
2021-11-18 00:28 - 2015-10-21 18:56 - 000000000 ____D C:\Users\Aziz\AppData\Roaming\Norton Utilities 16
2021-11-17 13:23 - 2019-11-21 17:36 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-11-17 13:19 - 2021-02-28 14:50 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-11-17 13:19 - 2021-02-28 14:50 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-11-16 16:21 - 2021-09-07 19:08 - 000034996 _____ C:\Users\Aziz\Desktop\2021.txt
2021-11-16 16:07 - 2016-09-15 18:06 - 000006724 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-11-16 08:27 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2021-11-15 20:07 - 2017-04-17 12:35 - 000000922 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2021-11-15 20:07 - 2017-04-17 12:35 - 000000918 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2021-11-15 20:02 - 2016-03-05 23:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2021-11-15 19:44 - 2021-10-04 10:16 - 000000000 ____D C:\Users\Aziz\Documents\Bandicam
2021-11-15 17:32 - 2016-09-15 21:47 - 000000000 ____D C:\inetpub
2021-11-15 17:32 - 2016-09-15 15:29 - 000000000 ___HD C:\$GetCurrent
2021-11-15 17:32 - 2016-04-10 11:27 - 000000000 ___HD C:\OneDriveTemp
2021-11-15 17:32 - 2016-03-05 23:32 - 000000000 ____D C:\KVRT_Data
2021-11-15 17:32 - 2015-09-21 18:48 - 000000000 ____D C:\.jagex_cache_32
2021-11-15 17:32 - 2014-08-10 02:43 - 000000000 _RSHD C:\hp
2021-11-15 17:32 - 2014-06-27 20:53 - 000000000 _RSHD C:\SYSTEM.SAV
2021-11-15 17:32 - 2014-06-27 20:53 - 000000000 ____D C:\SWSETUP
2021-11-15 17:15 - 2016-07-16 06:47 - 000000000 ____D C:\Program Files\Common Files\System
2021-11-15 16:46 - 2015-11-29 14:49 - 000002310 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-11-13 18:18 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-11-13 17:20 - 2017-04-17 12:35 - 000000000 ____D C:\Program Files (x86)\Dropbox
2021-11-13 17:18 - 2019-08-22 15:39 - 000000000 ____D C:\ProgramData\Mozilla
2021-11-12 13:32 - 2017-04-17 12:35 - 000003880 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2021-11-12 13:32 - 2017-04-17 12:35 - 000003648 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2021-11-09 13:37 - 2016-04-22 10:22 - 024210616 _____ (Audacity Team ) C:\Users\Aziz\Downloads\audacity-win-2.1.0.exe
2021-11-06 17:52 - 2015-11-09 20:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-11-06 07:53 - 2021-10-13 11:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-11-06 07:53 - 2015-11-09 20:36 - 000001241 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-11-04 06:52 - 2021-10-08 15:33 - 829007488 _____ C:\WINDOWS\MEMORY.DMP
2021-11-04 06:52 - 2016-10-30 23:33 - 000000000 ____D C:\WINDOWS\Minidump
2021-11-03 20:31 - 2016-06-25 13:17 - 000000000 ____D C:\Users\Aziz\AppData\Roaming\vlc
2021-11-03 20:15 - 2021-10-04 13:13 - 000000000 ____D C:\ProgramData\Wondershare Filmora
2021-10-25 10:50 - 2021-09-01 17:26 - 000002076 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2021-10-25 10:50 - 2021-09-01 17:26 - 000001914 _____ C:\Users\Default\Desktop\Google Slides.lnk
2021-10-25 10:50 - 2021-09-01 17:26 - 000001914 _____ C:\Users\Default\Desktop\Google Sheets.lnk
2021-10-25 10:50 - 2021-09-01 17:26 - 000001902 _____ C:\Users\Default\Desktop\Google Docs.lnk
2021-10-21 07:39 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-10-21 07:10 - 2016-09-15 18:01 - 000366016 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-10-20 18:19 - 2021-03-25 19:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2021-10-20 17:32 - 2021-09-25 17:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2021-10-20 17:31 - 2021-09-25 17:17 - 000000000 ____D C:\Program Files (x86)\Wondershare

==================== Files in the root of some directories ========

2021-11-15 17:13 - 2021-11-15 17:21 - 000334288 _____ (Mozilla Foundation) C:\ProgramData\freebl3.dll
2021-11-15 17:13 - 2021-11-15 17:21 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2021-11-15 17:13 - 2021-11-15 17:21 - 000440120 _____ (Microsoft Corporation) C:\ProgramData\msvcp140.dll
2021-11-15 17:13 - 2021-11-15 17:22 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2021-11-15 17:13 - 2021-11-15 17:22 - 000144848 _____ (Mozilla Foundation) C:\ProgramData\softokn3.dll
2021-11-15 17:13 - 2021-11-15 17:22 - 000083784 _____ (Microsoft Corporation) C:\ProgramData\vcruntime140.dll
2021-11-15 17:19 - 2021-11-15 17:19 - 000059392 _____ (ajwfdaidwa) C:\Users\Aziz\AppData\Roaming\5051298.exe
2021-11-15 17:20 - 2021-11-15 17:20 - 001229012 _____ () C:\Users\Aziz\AppData\Roaming\7628691.exe
2021-11-15 17:13 - 2021-11-15 17:13 - 000068608 _____ (Derefner) C:\Users\Aziz\AppData\Roaming\841091.exe
2021-11-18 01:18 - 2021-11-18 01:18 - 000512337 _____ () C:\Users\Aziz\AppData\Local\ars.cache
2021-11-15 17:20 - 2021-11-15 17:20 - 000000559 _____ () C:\Users\Aziz\AppData\Local\bowsakkdestx.txt
2021-11-18 01:39 - 2021-11-18 01:39 - 000932020 _____ () C:\Users\Aziz\AppData\Local\census.cache
2021-11-16 13:17 - 2021-11-18 15:14 - 000000036 _____ () C:\Users\Aziz\AppData\Local\housecall.guid.cache
2018-10-23 06:12 - 2018-10-23 06:12 - 000000000 _____ () C:\Users\Aziz\AppData\Local\oobelibMkey.log
2021-11-15 17:34 - 2021-11-15 17:34 - 000000128 _____ () C:\Users\Aziz\AppData\Local\PUTTY.RND
2021-11-16 14:13 - 2021-11-17 23:44 - 000000010 _____ () C:\Users\Aziz\AppData\Local\sponge.last.runtime.cache
2016-04-18 16:36 - 2016-04-18 16:36 - 000000000 _____ () C:\Users\Aziz\AppData\Local\{DD6B13CC-53CE-441D-9104-897941CBB7DC}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2021-11-08 20:16
==================== End of FRST.txt ========================
 

Ransomware

Thread Starter
Joined
Nov 18, 2021
Messages
13
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2021
Ran by Aziz (18-11-2021 15:41:55)
Running from C:\Users\Aziz\Desktop
Microsoft Windows 10 Home Version 1607 14393.447 (X64) (2016-09-15 23:47:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-266641936-1749358909-4162173372-500 - Administrator - Disabled)
Aziz (S-1-5-21-266641936-1749358909-4162173372-1001 - Administrator - Enabled) => C:\Users\Aziz
DefaultAccount (S-1-5-21-266641936-1749358909-4162173372-503 - Limited - Disabled)
Guest (S-1-5-21-266641936-1749358909-4162173372-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware Home (Enabled - Up to date) {5FD8BF8F-F242-6153-61B5-8FF333E8736B}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Trend Micro Maximum Security (Enabled - Up to date) {15FC6637-7CC8-91CB-3CED-EE04794124FD}
AS: Trend Micro Maximum Security (Enabled - Up to date) {AE9D87D3-5AF2-9E45-065D-D57602C66E40}
AS: Emsisoft Anti-Malware Home (Enabled - Up to date) {E4B95E6B-D478-6EDD-5B05-B481486F39D6}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (HKLM-x32\...\WTA-fb3c46cc-d315-4421-9e46-617ffe54057f) (Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ACP Application (HKLM\...\{2A6FC8A1-901D-0CD1-93D6-9A2CA3C61749}) (Version: 2.15.30.0019 - Advanced Micro Devices, Inc.) Hidden
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.1.1 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.4.1.181 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0.1 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{EFE2962B-A01B-F869-A540-E2D20F80B1B0}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 3.1.0 (HKLM\...\Audacity_is1) (Version: 3.1.0 - Audacity Team)
Azkend 2: The World Beneath (HKLM-x32\...\WTA-2c37b751-0f9a-4312-90ec-47e3724641df) (Version: 2.2.0.98 - WildTangent) Hidden
Backup and Sync from Google (HKLM\...\{685BAD50-A3AA-4B91-A15B-77F9DC7346D4}) (Version: 3.57.4043.4118 - Google, Inc.)
Bandicam (HKLM-x32\...\Bandicam) (Version: 5.3.1.1880 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandicam.com)
Bejeweled 3 (HKLM-x32\...\WTA-f0fe0fcf-44d7-4b50-82ca-730a038dae3e) (Version: 3.0.2.59 - WildTangent) Hidden
Bitcoin Armory (HKLM-x32\...\Bitcoin Armory) (Version: 0.93.3.0 - Armory Technologies Inc.)
Bitcoin Core (64-bit) (HKU\S-1-5-21-266641936-1749358909-4162173372-1001\...\Bitcoin Core (64-bit)) (Version: 0.11.1 - Bitcoin Core project)
BlueStacks App Player (HKLM-x32\...\{AA655366-D323-404D-AA9B-AD562CAE1DD0}) (Version: 2.2.21.6212 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot (HKLM-x32\...\WTA-7268fc6a-2804-460c-93b7-40b5fab7f24c) (Version: 2.2.0.98 - WildTangent) Hidden
Building the Great Wall of China Collector's Edition (HKLM-x32\...\WTA-ec706de7-899c-4800-ade8-c71fcd8a27be) (Version: 3.0.2.48 - WildTangent) Hidden
Calculator (HKLM-x32\...\Calculator) (Version: 1.1.0J - Calculator)
Curse at Twilight (HKLM-x32\...\WTA-ba77f339-616f-4e3b-82f0-76e5bc70049a) (Version: 3.0.2.51 - WildTangent) Hidden
CyberLink AudioDirector 6 (HKLM-x32\...\{4CB7DDA7-1134-4BA5-841C-3D64C5A0DAA7}) (Version: 6.0.5902.0 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.7.4023 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.2.5426 - CyberLink Corp.) Hidden
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.2.5426 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.7.4016 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2.3324 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2.3324 - CyberLink Corp.)
CyberLink PowerDirector 14 (HKLM-x32\...\{6BADCD73-E925-46F7-A295-FF2448632728}) (Version: 14.0.2820.0 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.4.4113 - CyberLink Corp.)
Delicious - Emily's Wonder Wedding Premium Edition (HKLM-x32\...\WTA-9baf91ca-ccc5-47ad-8cb5-03916f634109) (Version: 3.0.2.48 - WildTangent) Hidden
Dell System Detect (HKU\S-1-5-21-266641936-1749358909-4162173372-1001\...\73f463568823ebbe) (Version: 6.6.0.2 - Dell)
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 135.4.4221 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.541.1 - Dropbox, Inc.) Hidden
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
Electronic Piano 2.5 (HKLM-x32\...\Electronic Piano 2.5_is1) (Version: - Maurรญcio Antunes Oliveira)
Emsisoft Anti-Malware (HKLM\...\{CA975286-D816-410C-B6C9-F7213CA84695}) (Version: 21.11.0.11257 - Emsisoft Ltd.)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
ERA-Bundle 6.0.20 - Voice Changer 1.2.10 64-bit (HKLM\...\{3E8F7EE0-8393-406D-914B-A5D3CB9793D7}_is1) (Version: 6.0.20 - Accusonus, Inc.)
Evernote v. 5.3 (HKLM-x32\...\{E461B1AC-BC3C-11E3-B5B8-00163E98E7D6}) (Version: 5.3.0.3360 - Evernote Corp.)
FarLabUninstaller v13.323.2 (HKLM-x32\...\FarLabUninstaller.exe_is1) (Version: 1.53.0.343 - )
Farm Frenzy (HKLM-x32\...\WTA-04c8faef-b85f-46c4-b59c-9bc5197ef6e2) (Version: 3.0.2.59 - WildTangent) Hidden
Fishdom 3: Collector's Edition (HKLM-x32\...\WTA-2f075688-b034-435a-a1bc-8464aecd3219) (Version: 3.0.2.38 - WildTangent) Hidden
Flint Poker (HKU\S-1-5-21-266641936-1749358909-4162173372-1001\...\flintpoker-23aca7707f8cb588f1b353a2714bd5da) (Version: - TreSensa)
Foxit PhantomPDF (HKLM-x32\...\{00CD7D62-056A-4F0F-9143-44522D44E6DD}) (Version: 6.0.32.507 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.45 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 52.0.6.0 - Google LLC)
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-981966b0-f0ae-479e-9829-a7b385ca203c) (Version: 3.0.2.59 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hide Folder Ext 1.5 (HKLM-x32\...\Hide Folder Ext_is1) (Version: 1.5 - FSPro Labs)
HP Documentation (HKLM-x32\...\{198B2800-6C16-4F2A-BC52-EA0F7FD67095}) (Version: 1.3.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.18.34.21 - Hewlett-Packard Company)
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.01.11 - Softex Inc.) Hidden
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{A528513B-DABD-438F-92E4-7B49B8BDE5FF}) (Version: 19.0.117 - Intel Corporation)
iSkysoft Video Editor(Build 4.7.2) (HKLM-x32\...\iSkysoft Video Editor_is1) (Version: - iSkysoft Software)
Jewel Match 3 (HKLM-x32\...\WTA-22443c6c-ce72-460a-96d8-bc747fd33e78) (Version: 3.0.2.59 - WildTangent) Hidden
Joining Hands 2 (HKLM-x32\...\WTA-9ddd2e05-ae64-4a2a-9920-c0bd2272fa19) (Version: 3.0.2.51 - WildTangent) Hidden
K-Lite Codec Pack 16.0.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 16.0.5 - KLCP)
Letters from Nowhere 2 (HKLM-x32\...\WTA-ea53cc0d-a06f-4675-9b43-9831a1cf1a68) (Version: 2.2.0.97 - WildTangent) Hidden
Lost in Reefs 2 (HKLM-x32\...\WTA-7d23a7cf-b59f-4b9c-bc7c-5569b15f9bd3) (Version: 3.0.2.51 - WildTangent) Hidden
LUXOR Evolved (HKLM-x32\...\WTA-ad00d554-4b60-4700-8af5-0604c4048042) (Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14026.20270 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 88.0.705.81 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-266641936-1749358909-4162173372-1001\...\OneDriveSetup.exe) (Version: 21.205.1003.0005 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 94.0.1 (x64 en-US)) (Version: 94.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 94.0.1.7977 - Mozilla)
My Lockbox 3.9.3 (HKLM\...\My Lockbox_is1) (Version: 3.9.3 - )
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
Norton Utilities 16 (HKLM-x32\...\Norton Utilities 16_is1) (Version: 16.0 - Symantec Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14026.20270 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14026.20246 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14026.20270 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14026.20246 - Microsoft Corporation) Hidden
Opera Stable 80.0.4170.72 (HKU\S-1-5-21-266641936-1749358909-4162173372-1001\...\Opera 80.0.4170.72) (Version: 80.0.4170.72 - Opera Software)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.10 - Panda Security)
Peggle Nights (HKLM-x32\...\WTA-ba0111fc-1f94-4dec-bda5-d0dc5ec33ef1) (Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (HKLM-x32\...\WTA-e600652f-e025-48c4-93df-9d8f90f14d77) (Version: 3.0.2.59 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-242b95c7-efd2-4b7c-968e-ca64f9cd2777) (Version: 3.0.2.51 - WildTangent) Hidden
Pluto TV version 0.2.0 (HKLM-x32\...\Pluto TV_is1) (Version: 0.2.0 - Pluto TV)
Pluto TV version 0.4.2 (HKU\S-1-5-21-266641936-1749358909-4162173372-1001\...\Pluto TV_is1) (Version: 0.4.2 - Pluto TV)
Polar Bowler 1st Frame (HKLM-x32\...\WTA-6d275e27-79ec-4ef8-b9bc-431c69b334f7) (Version: 3.0.2.59 - WildTangent) Hidden
Protected Folder (HKLM-x32\...\Protected Folder_is1) (Version: - IObit)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.10 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29080 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.31.423.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.7316 - CyberLink Corp.) Hidden
Restoro (HKLM\...\Restoro) (Version: 2.1.0.0 - Restoro) <==== ATTENTION
Roads of Rome 3 (HKLM-x32\...\WTA-cc17a244-a139-4344-86f0-724c6aa641a3) (Version: 2.2.0.98 - WildTangent) Hidden
ROBLOX Player for Aziz (HKU\S-1-5-21-266641936-1749358909-4162173372-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
RuneScape Launcher 1.2.7 (HKLM-x32\...\{FA52A2D0-298E-4D40-8BB7-39928627EA6A}) (Version: 1.2.7 - Jagex Ltd)
ShadowExplorer 0.9 (HKLM-x32\...\ShadowExplorer_is1) (Version: 0.9.462.0 - ShadowExplorer.com)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype version 8.72 (HKLM-x32\...\Skype_is1) (Version: 8.72 - Skype Technologies S.A.)
Skypeโ„ข 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Solitaire Mystery Four Seasons (HKLM-x32\...\WTA-64793771-65c1-46ae-b6e0-a582b2252297) (Version: 3.0.2.51 - WildTangent) Hidden
Sparkle 2 (HKLM-x32\...\WTA-9987003b-b17a-45e2-bc4a-899088005012) (Version: 3.0.2.51 - WildTangent) Hidden
Spotify (HKU\S-1-5-21-266641936-1749358909-4162173372-1001\...\Spotify) (Version: 1.0.74.380.g1fcff12a - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Streamlabs OBS 1.4.0 (HKLM\...\029c4619-0385-5543-9426-46f9987161d9) (Version: 1.4.0 - General Workings, Inc.)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 9.47 - NCH Software)
Trend Micro Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 17.7 - Trend Micro Inc.)
Trend Micro Password Manager (HKLM\...\3A0FB4E3-2C0D-4572-A24D-67F1CAABDDP35_is1) (Version: 5.0.0.1223 - Trend Micro Inc.)
Trend Micro Troubleshooting Tool (HKLM\...\{4B83469E-CE4F-45D0-BC34-CCB7BF194477}) (Version: 6.0 - Trend Micro Inc.)
Trinklit Supreme (HKLM-x32\...\WTA-9e736539-2733-4f77-9283-2dd51bfe263f) (Version: 2.2.0.98 - WildTangent) Hidden
UmmyVideoDownloader (HKLM-x32\...\{73924FFF-7A47-424D-BA45-659BB5CC194A}_is1) (Version: 1.6.0.4 - ) <==== ATTENTION
Unity Web Player (HKU\S-1-5-21-266641936-1749358909-4162173372-1001\...\UnityWebPlayer) (Version: 5.3.2f1 - Unity Technologies ApS)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - gamigo, Inc.) Hidden
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 10.96 - NCH Software)
Viking Saga (HKLM-x32\...\WTA-b212d701-41f0-4e73-9de0-98aa092599f2) (Version: 3.0.2.48 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Voxal Voice Changer (HKLM-x32\...\Voxal) (Version: 6.22 - NCH Software)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 13.22 - NCH Software)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.9 - WildTangent) Hidden
WildTangent ShortcutProvider (HKLM-x32\...\{80831F60-19D7-43B3-A60C-5CAF8C478DF6}) (Version: 5.0.0.288 - WildTangent) Hidden
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17354 - Microsoft Corporation)
Wondershare Filmora X(Build 10.5.2.4) (HKLM\...\Wondershare Filmora X_is1) (Version: - Wondershare Software)
Wondershare Filmora(Build 7.8.9) (HKLM-x32\...\Wondershare Filmora_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Wondershare Repairit(Build 3.0.0.41) (HKLM-x32\...\{92A6E5FF-9CF6-47bf-BB78-ABEE552A7DA2}_is1) (Version: 3.0.0.41 - Wondershare Software Co.,Ltd.)
Youda Jewel Shop (HKLM-x32\...\WTA-a799ecae-5703-4e0d-a08f-52f850f501be) (Version: 3.0.2.51 - WildTangent) Hidden
Zoom (HKU\S-1-5-21-266641936-1749358909-4162173372-1001\...\ZoomUMX) (Version: 5.8.0 (1324) - Zoom Video Communications, Inc.)

Packages:
=========
- Games App - -> C:\Program Files\WindowsApps\WildTangentGames.-GamesApp-_1.0.3.28_x86__qt5r5pa5dyg8m [2015-09-20] (WildTangent Games)
3D Chess Game -> C:\Program Files\WindowsApps\ATrillionGamesLtd.3DChessMaster_2.2.4.0_x86__2cw2yhd8jafk0 [2015-11-07] (A Trillion Games Ltd) [MS Ad]
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2021-09-28] (Adobe Systems Incorporated)
Adobe Photoshop Express -> C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobePhotoshopExpress_1.3.1.19_x64__ynb6jyjzte8ga [2016-09-28] (Adobe Systems Incorporated)
Agar.io Online -> C:\Program Files\WindowsApps\6605CasualGameStudio.Agar.io_1.0.0.0_neutral__h89y9fyke7wxp [2015-09-21] (Casual Game Studio) [MS Ad]
Aperรงu Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c [2016-11-18] (Skype)
Assistant mobile Microsoft -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1609.2561.0_x64__8wekyb3d8bbwe [2016-09-30] (Microsoft Corporation)
Bien dรฉmarrer avec Windows 8 -> C:\Program Files\WindowsApps\AD2F1837.GettingStartedwithWindows8_1.6.0.0_neutral__v10z8vjag6ke6 [2015-09-20] (Hewlett-Packard Company)
Box for Windows 8 -> C:\Program Files\WindowsApps\134D4F5B.Box_2.1.4.4_neutral__2qk4zy5s3qmee [2015-11-13] (Box, Inc.)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.880.5.0_x86__kgqvnymyfvs32 [2016-11-15] (king.com)
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_71.671.11731.0_x86__8xx8rvfyw5nnt [2016-11-19] (Facebook Inc)
Fresh Paint -> C:\Program Files\WindowsApps\Microsoft.FreshPaint_3.1.10156.0_x86__8wekyb3d8bbwe [2016-09-23] (Microsoft Corporation)
HP Connected Music -> C:\Program Files\WindowsApps\AD2F1837.HPConnectedMusic_1.5.0.253_x86__v10z8vjag6ke6 [2015-10-30] (Hewlett-Packard Company)
HP Registration -> C:\Program Files\WindowsApps\AD2F1837.HPRegistration_1.2.1.166_neutral__v10z8vjag6ke6 [2015-09-20] (Hewlett-Packard Company)
McAfeeยฎ Central for HP -> C:\Program Files\WindowsApps\2703103D.McAfeeCentral_4.5.153.1_x64__4ehj4w4frejdr [2015-09-20] (.-McAfee Inc-.)
Media Player -> C:\Program Files\WindowsApps\9FD20106.MediaPlayerQueen_1.2.4.0_x64__nwhm06f2kfry2 [2016-11-22] (Digital Cloud Technologies Global)
Messenger -> C:\Program Files\WindowsApps\Facebook.317180B0BB486_91.663.61525.0_x86__8xx8rvfyw5nnt [2016-11-16] (Facebook Inc)
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1609.2.0_x64__8wekyb3d8bbwe [2016-11-07] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1609.2.0_x86__8wekyb3d8bbwe [2016-11-07] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1611.2.0_x64__8wekyb3d8bbwe [2016-11-22] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1611.2.0_x86__8wekyb3d8bbwe [2016-11-22] (Microsoft Corporation) [MS Ad]
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_3.3.10255.0_x64__8wekyb3d8bbwe [2016-11-10] (Microsoft Studios) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.12.11142.0_x64__8wekyb3d8bbwe [2016-11-24] (Microsoft Studios) [MS Ad]
MineSweeper (Free) -> C:\Program Files\WindowsApps\50834ZAppsStudio.MineSweeperFree_1.1.1.0_x64__fr8j70y4p4pst [2016-11-19] (Z Apps Studio) [MS Ad]
MSN Cuisine et vins -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-09-20] (Microsoft Corporation) [MS Ad]
MSN Mรฉtรฉo -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.17.74.0_x86__8wekyb3d8bbwe [2016-11-22] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.17.74.0_x86__8wekyb3d8bbwe [2016-11-22] (Microsoft Corporation) [MS Ad]
MSN News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.17.74.0_x86__8wekyb3d8bbwe [2016-11-22] (Microsoft Corporation) [MS Ad]
MSN Santรฉ et forme -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-09-20] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.17.74.0_x86__8wekyb3d8bbwe [2016-11-22] (Microsoft Corporation) [MS Ad]
MSN Voyage -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-09-20] (Microsoft Corporation) [MS Ad]
mysms - SMS depuis pc, Messenger -> C:\Program Files\WindowsApps\UptoElevenDigitalSolution.mysms-Textanywhere_3.0.3.0_x64__c9d6r4qvva5x8 [2015-09-20] (Up to Eleven Digital Solutions GmbH)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.14.51.0_x64__mcm4njqhnhss8 [2016-11-22] (Netflix, Inc.)
PowerPoint Mobile -> C:\Program Files\WindowsApps\Microsoft.Office.PowerPoint_17.7466.42611.0_x64__8wekyb3d8bbwe [2016-10-20] (Microsoft Corporation)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2021-09-28] (Adobe Systems Incorporated)
Slow Motion Video -> C:\Program Files\WindowsApps\6291Lachlan.SlowMotionVideo_1.1.11.0_x64__kqhy9awb13v5j [2016-01-15] (Lachlan) [MS Ad]
Snapfish -> C:\Program Files\WindowsApps\AD2F1837.HPConnectedPhotopoweredbySnapfish_6.0.588.0_x86__v10z8vjag6ke6 [2016-08-05] (Snapfish)
Spider Solitaire HD -> C:\Program Files\WindowsApps\32988BernardoZamora.SpiderSolitaireHD_1.16.0.23_neutral__1fgex2kbsn6g8 [2015-11-07] (Bernardo Zamora)
The Weather Channel for HP -> C:\Program Files\WindowsApps\Weather.TheWeatherChannelforHP_2015.1108.1.0_x64__t3yemqpq4kp7p [2015-11-09] (The Weather Channel.)
Traducteur -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_4.4.0.0_x64__8wekyb3d8bbwe [2016-06-14] (Microsoft Corporation)
TripAdvisor Hotels Flights Restaurants -> C:\Program Files\WindowsApps\TripAdvisorLLC.TripAdvisorHotelsFlightsRestaurants_1.5.10.0_x64__qj0v5chwq8f2g [2016-11-18] (TripAdvisor LLC)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_5.3.5.0_x86__wgeqdkkx372wm [2016-09-24] (Twitter Inc.)
Word Mobile -> C:\Program Files\WindowsApps\Microsoft.Office.Word_17.7466.47701.0_x64__8wekyb3d8bbwe [2016-10-20] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-266641936-1749358909-4162173372-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-266641936-1749358909-4162173372-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Aziz\AppData\Local\Roblox\Versions\version-6675f84c75f246df\RobloxProxy64.dll (ROBLOX Corporation) [File not signed]
CustomCLSID: HKU\S-1-5-21-266641936-1749358909-4162173372-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] =>
CustomCLSID: HKU\S-1-5-21-266641936-1749358909-4162173372-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [ FSOverlayIcon] -> {C0829D19-E5A0-44F5-B56E-D15030C53BB9} => C:\Program Files\Trend Micro\Titanium\plugin\TmOverlayIcon.dll [2021-11-10] (Trend Micro, Inc. -> Trend Micro Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-10-19] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-10-19] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-10-19] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-09-09] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-04-16] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2014-05-13] (Foxit Corporation -> Foxit Corporation)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-10-19] (Google LLC -> Google)
ContextMenuHandlers1: [PfMenu] -> {2F844462-7CB8-489C-828C-32A6422506AF} => C:\Program Files (x86)\IObit\Protected Folder\PfShellExtension.dll [2015-03-10] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [{48F45200-91E6-11CE-8A4F-0080C81A28D4}] -> {48F45200-91E6-11CE-8A4F-0080C81A28D4} => C:\Program Files\Trend Micro\UniClient\UiFrmwrk\tmdshell.dll [2021-11-10] (Trend Micro, Inc. -> Trend Micro Inc.)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-04-16] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU.DLL [2021-11-16] (Emsisoft Ltd -> Emsisoft Ltd)
ContextMenuHandlers2: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU64.DLL [2021-11-16] (Emsisoft Ltd -> Emsisoft Ltd)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU.DLL [2021-11-16] (Emsisoft Ltd -> Emsisoft Ltd)
ContextMenuHandlers3: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU64.DLL [2021-11-16] (Emsisoft Ltd -> Emsisoft Ltd)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-10-19] (Google LLC -> Google)
ContextMenuHandlers4: [PfMenu] -> {2F844462-7CB8-489C-828C-32A6422506AF} => C:\Program Files (x86)\IObit\Protected Folder\PfShellExtension.dll [2015-03-10] (IObit Information Technology -> IObit)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-08-06] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-09-09] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU.DLL [2021-11-16] (Emsisoft Ltd -> Emsisoft Ltd)
ContextMenuHandlers6: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU64.DLL [2021-11-16] (Emsisoft Ltd -> Emsisoft Ltd)
ContextMenuHandlers6: [PfMenu] -> {2F844462-7CB8-489C-828C-32A6422506AF} => C:\Program Files (x86)\IObit\Protected Folder\PfShellExtension.dll [2015-03-10] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [{48F45200-91E6-11CE-8A4F-0080C81A28D4}] -> {48F45200-91E6-11CE-8A4F-0080C81A28D4} => C:\Program Files\Trend Micro\UniClient\UiFrmwrk\tmdshell.dll [2021-11-10] (Trend Micro, Inc. -> Trend Micro Inc.)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.mjpg] => C:\WINDOWS\system32\bdmjpeg64.dll [75248 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\WINDOWS\system32\bdmpegv64.dll [75272 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\WINDOWS\system32\bdmpega64.acm [75784 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> )

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Aziz\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --load-extension="C:\Users\Aziz\AppData\Roaming\System\hiefftik.qjv"
ShortcutWithArgument: C:\Users\Aziz\Desktop\Person 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Aziz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --load-extension="C:\Users\Aziz\AppData\Roaming\System\hiefftik.qjv"
ShortcutWithArgument: C:\Users\Aziz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --load-extension="C:\Users\Aziz\AppData\Roaming\System\hiefftik.qjv"
ShortcutWithArgument: C:\Users\Aziz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --load-extension="C:\Users\Aziz\AppData\Roaming\System\hiefftik.qjv"
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --load-extension="C:\Users\Aziz\AppData\Roaming\System\hiefftik.qjv"

==================== Loaded Modules (Whitelisted) =============

0000-00-00 00:00 - 0000-00-00 00:00 - 000000000 _____ () [Access Denied] C:\ProgramData\LessTemplate\SystmmWtqlity\logof_Mndia327.dll
2016-04-26 14:40 - 2021-09-20 13:57 - 003306496 _____ () [File not signed] C:\Program Files (x86)\BlueStacks\libGLESv2.dll
2016-01-07 23:27 - 2014-05-19 17:19 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
2016-01-07 23:27 - 2014-09-11 18:58 - 001498112 _____ () [File not signed] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2021-10-25 10:50 - 1979-12-31 23:00 - 000422912 _____ () [File not signed] C:\Program Files\Google\Drive File Stream\52.0.6.0\swiftshader\libegl.dll
2021-10-25 10:50 - 1979-12-31 23:00 - 002767360 _____ () [File not signed] C:\Program Files\Google\Drive File Stream\52.0.6.0\swiftshader\libglesv2.dll
2014-03-28 16:31 - 2014-03-28 16:31 - 002110464 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 16:27 - 2014-03-28 16:27 - 000021504 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 16:27 - 2014-03-28 16:27 - 000055296 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 16:27 - 2014-03-28 16:27 - 000035328 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2021-11-18 09:41 - 2020-10-19 17:26 - 001078272 _____ () [File not signed] C:\Program Files\Trend Micro\TMIDS\tower\ffmpeg.dll
2021-11-18 09:41 - 2020-10-19 17:26 - 000079872 _____ () [File not signed] C:\Program Files\Trend Micro\TMIDS\tower\libegl.dll
2021-11-18 09:41 - 2020-10-19 17:26 - 001922560 _____ () [File not signed] C:\Program Files\Trend Micro\TMIDS\tower\libglesv2.dll
2021-11-18 09:41 - 2020-10-19 17:26 - 004834816 _____ () [File not signed] C:\Program Files\Trend Micro\TMIDS\tower\node.dll
2017-04-16 13:33 - 2017-02-15 10:37 - 001943040 _____ () [File not signed] C:\Users\Aziz\AppData\Roaming\Pluto TV\ffmpeg.dll
2017-04-16 13:33 - 2017-02-15 10:37 - 000080896 _____ () [File not signed] C:\Users\Aziz\AppData\Roaming\Pluto TV\libegl.dll
2017-04-16 13:33 - 2017-02-15 10:37 - 002263040 _____ () [File not signed] C:\Users\Aziz\AppData\Roaming\Pluto TV\libglesv2.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000032256 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\A4.Foundation\2419eb6cca04d317fa88a64f9677f3ee\A4.Foundation.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000022528 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AEM.Actions5dc83b46#\ed8d801d3d511a1063522ee63e6c26b7\AEM.Actions.CCAA.Shared.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000013312 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.0a1309f7#\109bf9ded879ebe561fbea645141ef0e\AEM.Plugin.EEU.Shared.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000017920 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.2b6a6775#\0bd3d8e2cb5bc52dbdaddf9dc413f857\AEM.Plugin.Hotkeys.Shared.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000012800 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.4adf1574#\fde5bd23dd4111db2b0761fff00d20aa\AEM.Plugin.Audio.Shared.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000281088 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.5d945b6b#\acae3d44f2218836770956e6f353520b\AEM.Plugin.Source.Kit.Server.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000015360 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.674d2b8a#\0f1689bb5e315a78f17f564ef1735664\AEM.Plugin.WinMessages.Shared.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000013312 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.88aba5d2#\6d4bd14228d6bd4213e6f4b2ab0c0ba7\AEM.Plugin.REG.Shared.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000012800 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.GD.Shared\c6f360245c6a0b52bafde1e21860412a\AEM.Plugin.GD.Shared.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000013824 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AEM.Server.Shared\b350d0e4ecde026d3cf5085045dff8b0\AEM.Server.Shared.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000270848 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AEM.Server\91c035577ae1a4586394d924af381ba8\AEM.Server.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000057856 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\APM.Foundation\24207186cc7a9cea75b4f26f3d01bfe7\APM.Foundation.ni.dll
2016-09-25 15:39 - 2016-09-25 15:39 - 000122880 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\ATICCCom\e9ad1810d1974232d89b97248afa8d27\ATICCCom.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000202240 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CCC.Implementation\8858b8b058dcadf692b9591133ce9c57\CCC.Implementation.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000126464 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.3399d0ec#\3c9c4cd4b08d87d66813ee29dd7302c2\CLI.Aspect.CustomFormats.Graphics.Shared.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000026624 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.37d3d968#\026900abbf8ceb92e1bee73ec7af083b\CLI.Aspect.AMDHome.Graphics.Shared.ni.dll
2016-09-25 15:39 - 2016-09-25 15:39 - 000045568 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.382a3def#\c04be61bc83b0b65165009fb5d3bb34e\CLI.Aspect.AMDOverDrive.Platform.Shared.ni.dll
2016-09-25 15:38 - 2016-09-25 15:38 - 000105984 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.3a6f1658#\55f494374c42f469f6aa7c523be9f00a\CLI.Aspect.TransCode.Graphics.Shared.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000205824 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.4542c692#\5d2016f422ea0e4a9aebbe8bb54c6c48\CLI.Aspect.DeviceCRT.Graphics.Shared.ni.dll
2016-09-25 15:38 - 2016-09-25 15:38 - 000132608 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.46819220#\5e8af5ac5f3ed4eee8ec22ad8d9ecc11\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.ni.dll
2016-09-25 15:38 - 2016-09-25 15:38 - 000074752 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.4bbb0755#\6b059f0c4d3f9b6d5a93acf2676e1b07\CLI.Aspect.TransCode.Graphics.Dashboard.ni.dll
2016-09-25 15:38 - 2016-09-25 15:38 - 000037888 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.52c6dbaa#\4481bea08f5c4fdeeee0a2fdd03d098e\CLI.Aspect.FPS.Graphics.Shared.ni.dll
2016-09-25 15:38 - 2016-09-25 15:38 - 000074240 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.59a12d95#\cfab3802fbc27e42e79eacf3e1118042\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.ni.dll
2016-09-25 15:39 - 2016-09-25 15:39 - 000265216 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.73911eb5#\2b8b1a53c4799a2b4cf1d8c5e7dbcd9c\CLI.Aspect.WirelessDisplay.Graphics.Shared.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000361984 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.7ec2db45#\29cf6db004e5bb0c11f49d074903b037\CLI.Aspect.DeviceDFP.Graphics.Shared.ni.dll
2016-09-25 15:38 - 2016-09-25 15:38 - 000064000 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.8350f5c6#\c74859252e3f853b107e5014988fcc82\CLI.Aspect.UpdateNotification.Graphics.Runtime.ni.dll
2016-09-25 15:38 - 2016-09-25 15:38 - 000679424 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.846fa813#\d10c8ecc6bc2d840fb1efe9caf921625\CLI.Aspect.MMVideo.Graphics.Dashboard.ni.dll
2016-09-25 15:38 - 2016-09-25 15:38 - 000743424 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.8d333b6b#\266d89d5847a8fd9f6c91d8ef41780de\CLI.Aspect.Radeon3D.Graphics.Shared.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000447488 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.8e996306#\9d652191c95362a712e5d39a8a3610e6\CLI.Aspect.CrossDisplay.Graphics.Dashboard.ni.dll
2016-09-25 15:38 - 2016-09-25 15:38 - 000089088 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.9cd1e9e7#\a9536f4328460e30f33dc8982b04c3b6\CLI.Aspect.FPS.Graphics.Dashboard.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000157184 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.a0ae52bc#\e6e800018e4ced7e952a9244485869c8\CLI.Aspect.DeviceLCD.Graphics.Shared.ni.dll
2016-09-25 15:38 - 2016-09-25 15:38 - 000057344 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.a6cd7fff#\4e93a80d787d4521e79644383160211b\CLI.Aspect.FPS.Graphics.Runtime.ni.dll
2016-09-25 15:38 - 2016-09-25 15:38 - 000082944 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.a765109e#\dde90ce90dbb636cfb65ea97dee3885d\CLI.Aspect.UpdateNotification.Graphics.Dashboard.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000464896 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.acb9d930#\15754ea29b5cbeff6e7db87ad40b5815\CLI.Aspect.DeviceProperty.Graphics.Shared.ni.dll
2016-09-25 15:38 - 2016-09-25 15:38 - 000086016 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.ae5e117c#\8016cfe06d9d0667f9c6c2ac8e547851\CLI.Aspect.DisplaysColour2.Graphics.Shared.ni.dll
2016-09-25 15:38 - 2016-09-25 15:38 - 000067584 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.b0a7c1fb#\7ef934ddc1313dd1a4ff2a8278ccb252\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.ni.dll
2016-09-25 15:38 - 2016-09-25 15:38 - 000342528 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.c7aaa0f8#\13aebdceeffedbe52b7c0ad7a403cbc0\CLI.Aspect.OverDrive5.Graphics.Shared.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000017920 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.c854b457#\a37c7a514ae8576707104a4e4badc553\CLI.Aspect.HotkeysHandling.Graphics.Shared.ni.dll
2016-09-25 15:38 - 2016-09-25 15:38 - 000274432 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e8635fc7#\272ed61bbb4857d62d6c7af15a718b2d\CLI.Aspect.InfoCentre.Graphics.Dashboard.ni.dll
2016-09-25 15:38 - 2016-09-25 15:38 - 003320320 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e9fd7406#\8462680ab095e43d0435bdb5ccc7ee78\CLI.Aspect.Radeon3D.Graphics.Dashboard.ni.dll
2016-09-25 15:38 - 2016-09-25 15:38 - 000242688 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.eda8935e#\3275f03598e65ecb9f1b9d4cba996ba6\CLI.Aspect.MMVideo.Graphics.Shared.ni.dll
2016-09-25 15:38 - 2016-09-25 15:38 - 000047104 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.ef3eaa4d#\8689d4f03fa0163dbe9447f31a106c8c\CLI.Aspect.TransCode.Graphics.Runtime.ni.dll
2016-09-25 15:38 - 2016-09-25 15:38 - 000050688 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.f480a2f3#\db61232bbb4d5ffd758513465ad6053c\CLI.Aspect.UpdateNotification.Graphics.Shared.ni.dll
2016-09-25 15:38 - 2016-09-25 15:38 - 000053248 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.A4.Runtime\76a60c30216abf63ce30bc6450330302\CLI.Caste.A4.Runtime.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000046080 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.A4.Shared\095f89503c4f59f4b344ef5decd9c9f3\CLI.Caste.A4.Shared.ni.dll
2016-09-25 15:38 - 2016-09-25 15:38 - 000027648 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Af820fedc#\19c261b985ccd38ae9705ce2c5130487\CLI.Caste.A4.Dashboard.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000046080 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.F24de14fe#\b97234f95e24e750941c684b7e4b40fe\CLI.Caste.Fuel.Shared.ni.dll
2016-09-25 15:38 - 2016-09-25 15:38 - 000312320 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.F36b07a2b#\b126c0d3a09bea7ef2717a6fbe210dce\CLI.Caste.Fuel.Runtime.ni.dll
2016-09-25 15:38 - 2016-09-25 15:38 - 000027648 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Ff3085433#\271e2be9de2e35751acb64ece2ca6b1e\CLI.Caste.Fuel.Dashboard.ni.dll
2016-09-25 15:38 - 2016-09-25 15:38 - 000038400 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.G60338cc0#\a019600d1c70c8ca9e6a9d71094647c2\CLI.Caste.Graphics.Runtime.Shared.Private.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 001548288 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Gd9d9b43b#\eb54f421538606f43db50abdb4121327\CLI.Caste.Graphics.Dashboard.Shared.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000580096 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Gee7d2dbc#\3509eddefa82e6288c2e817fb364b7e9\CLI.Caste.Graphics.Dashboard.ni.dll
2016-09-25 15:39 - 2016-09-25 15:39 - 000046080 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.H18c99613#\611e42202f01eb040639150bed0db378\CLI.Caste.HydraVision.Runtime.ni.dll
2016-09-25 15:38 - 2016-09-25 15:38 - 000030720 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.H92ba4e46#\7f5e92367bffc6cbb9ecebaea3667824\CLI.Caste.HydraVision.Shared.ni.dll
2016-09-25 15:38 - 2016-09-25 15:38 - 000025600 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Hbb906c0b#\7981444346a0aa08544174f4bd32b9dc\CLI.Caste.HydraVision.Dashboard.ni.dll
2016-09-25 15:39 - 2016-09-25 15:39 - 000030720 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pac40511b#\e10d863d02bafed4bd17b7b3f10c2cf7\CLI.Caste.Platform.Shared.ni.dll
2016-09-25 15:39 - 2016-09-25 15:39 - 000045056 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pdb36d56e#\311f5d4c87cb710e9ea271c664cc47a1\CLI.Caste.Platform.Runtime.ni.dll
2016-09-25 15:39 - 2016-09-25 15:39 - 000024576 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pfeefa2b6#\a94db935d373226e224f7084a5f44d26\CLI.Caste.Platform.Dashboard.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000013312 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Compone1b4a8c97#\7ef950a695e8228f1516a0dd6823c76e\CLI.Component.Runtime.Shared.ni.dll
2016-09-25 15:39 - 2016-09-25 15:39 - 000170496 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Compone29e547cc#\857a54bc8803e6fb84faf6f33b6daa0d\CLI.Component.Dashboard.ProfileManager2.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000152576 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Compone59f353b4#\b5194a480e61f96740ec775f70b473f5\CLI.Component.Runtime.Shared.Private.ni.dll
2016-09-25 15:39 - 2016-09-25 15:39 - 000017920 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Componeb4d0485c#\aaa194516ceae1f70127a5817cb6b7a3\CLI.Component.Runtime.Extension.EEU.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 001606656 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Componec89c3bec#\ec344e723c10a7eb3eed4898d4200f31\CLI.Component.Dashboard.Shared.Private.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000019968 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Componef1fd67b2#\7653a9d691b31f1488d8e1c2e3454f22\CLI.Component.Client.Shared.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000086528 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Componef4cf054f#\fce019518a141f04ae78e6ad6f002d4d\CLI.Component.Dashboard.Shared.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000090112 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Foundat3d5d3945#\e98f25509684bcbf179b5d9cdd216cda\CLI.Foundation.Private.ni.dll
2016-09-25 15:39 - 2016-09-25 15:39 - 000061952 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Foundat60cdf5df#\3f6be73aff86f1cbbabb4e7d953fb687\CLI.Foundation.XManifest.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000091648 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Foundat619559bd#\a514c0b9ef2f2899b9f6999d7234112a\CLI.Foundation.CoreAudioAPI.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 001067008 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Foundatd3771151#\feb06484cd4c340415cebe5dd7db2927\CLI.Foundation.Client.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000301056 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Foundation\d4f578ed64900c20aebfe52a16c88640\CLI.Foundation.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000026112 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Foundation\57709c4ba5015032c51c06f52684c3ed\DEM.Foundation.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000117248 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0601\912443b78bb5d0aee8f2e9dfb681641a\DEM.Graphics.I0601.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000015872 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics\3b18c78668a2e949ddd9e7470e14b996\DEM.Graphics.ni.dll
2016-09-25 15:38 - 2016-09-25 15:38 - 000037888 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Fuel.Foundation\a0cca722ac355368b3b4cf46a7fc9abe\Fuel.Foundation.ni.dll
2016-09-25 15:39 - 2016-09-25 15:39 - 000292864 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\LOG.Foundat03490438#\ba042b4a41f3de2a11614038a61c2e77\LOG.Foundation.Implementation.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000147968 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\LOG.Foundat5023f8e7#\43935759980a0b5f76f59878d2a8c8ff\LOG.Foundation.Private.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000086528 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\LOG.Foundatcaafa75b#\f167b1a74351985669325bdccc135ceb\LOG.Foundation.Implementation.Private.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000133120 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\LOG.Foundation\0dd8cbe3b1abbb043b772dc7ede5d984\LOG.Foundation.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000012800 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\MOM.Foundation\ba2836e83799d04d2fefa7fb968c3d75\MOM.Foundation.ni.dll
2016-09-25 15:39 - 2016-09-25 15:39 - 000390656 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\MOM.Implementation\b52be7452e953452dfea883d889714c5\MOM.Implementation.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000055296 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\NEWAEM.Foundation\0775041a26462b06720bae73004da3ba\NEWAEM.Foundation.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000898560 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\ADL.Foundation\80751e63f6f6720ea5523985097c4e77\ADL.Foundation.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000258560 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\APM.Server\62cbd9383983ee89877fea3626db737b\APM.Server.ni.dll
2016-09-25 15:38 - 2016-09-25 15:38 - 000298496 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.9b707b25#\9f092552141f5f2a7f57151fe9c692d1\CLI.Aspect.DeviceProperty.Graphics.Runtime.ni.dll
2016-09-25 15:38 - 2016-09-25 15:38 - 001641472 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.aa59351a#\5d9ebe26fb13e89bfe505fd0fcdb6e12\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 006315008 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e6d9f3a8#\c2d0b8b4c77838065de6451dc87db026\CLI.Aspect.DeviceDFP.Graphics.Dashboard.ni.dll
2016-09-25 15:39 - 2016-09-25 15:39 - 007967744 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Combine0616f305#\cf04f4740299147cc20fef16a45f7287\CLI.Combined.Graphics.Aspects1.Dashboard.ni.dll
2016-09-25 15:39 - 2016-09-25 15:39 - 001143808 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Combine7332395e#\e3c140fe6f6f2a4f16d92a48f25bc89b\CLI.Combined.Graphics.Aspects2.Runtime.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000135680 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Compone168638d1#\6f2eaee165a31722bc77d82540aef5b4\CLI.Component.Client.Shared.Private.ni.dll
2016-09-25 15:39 - 2016-09-25 15:39 - 000231424 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Compone6692ca50#\719b501da31504650c6cee85fedc1340\CLI.Component.Runtime.ni.dll
2016-09-25 15:39 - 2016-09-25 15:39 - 000921088 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Compone6bf88b08#\6d531f0fb121bf08832d31f0f36c4845\CLI.Component.Dashboard.ni.dll
2016-09-25 15:38 - 2016-09-25 15:38 - 000014336 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0706\384b2902c0ecc08ec3c131e700899be4\DEM.Graphics.I0706.ni.dll
2016-09-25 15:38 - 2016-09-25 15:38 - 000083968 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0709\0a9b2189a5dc505d9f6936c5fe4e460a\DEM.Graphics.I0709.ni.dll
2016-09-25 15:38 - 2016-09-25 15:38 - 000013312 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0712\6282ae1ccc0733506a97a1ce7699ecaa\DEM.Graphics.I0712.ni.dll
2016-09-25 15:38 - 2016-09-25 15:38 - 000018944 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0804\fafa90f25f492c2b1848923a7dbece5a\DEM.Graphics.I0804.ni.dll
2016-09-25 15:39 - 2016-09-25 15:39 - 000011264 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0805\dd3f4d87f0fa9172db952157a18b6151\DEM.Graphics.I0805.ni.dll
2016-09-25 15:39 - 2016-09-25 15:39 - 000011776 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0812\64f5a365b0fdaab7c1da18d79e6ff81e\DEM.Graphics.I0812.ni.dll
2016-09-25 15:38 - 2016-09-25 15:38 - 000014336 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0906\db9385b0d6db2be0045aac50e8e30987\DEM.Graphics.I0906.ni.dll
2016-09-25 15:38 - 2016-09-25 15:38 - 000014848 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0912\3cb46ccec7534ed913300480d22408aa\DEM.Graphics.I0912.ni.dll
2016-09-25 15:38 - 2016-09-25 15:38 - 000036352 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I1010\3d7c4f4c31a9f062700b92140550a7dd\DEM.Graphics.I1010.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 001136640 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Localizatio01dbc1c0#\2809bc9d33e901f1b30fba154170dedd\Localization.Foundation.Private.ni.dll
2016-09-25 15:39 - 2016-09-25 15:39 - 000244736 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\ResourceMan446ca0e5#\55cbc84daa1c89ed8d56c7e50b0b5bb9\ResourceManagement.Foundation.Implementation.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000023552 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\ResourceManf163905a#\c1783da6607ca766775641b83ca45f26\ResourceManagement.Foundation.Private.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 000091648 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.ec8786e5#\d8600f2d6d496e5fed1684e91bfa2f5a\CLI.Aspect.AMDHome.Graphics.Dashboard.ni.dll
2016-09-25 15:37 - 2016-09-25 15:37 - 002861568 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.G60a7b4d1#\9d29ecfb4d7ec7d9b1f82a769cbd6b7e\CLI.Caste.Graphics.Shared.ni.dll
2016-09-25 15:38 - 2016-09-25 15:38 - 003277824 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.G962aa464#\c2a750e4ed62c63f34527a874e86e2dd\CLI.Caste.Graphics.Runtime.ni.dll
2021-09-24 13:22 - 2021-09-24 13:22 - 000168448 _____ (CodeTitans) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\JSON\fae06276b1d003ed547421a32c4c5f1a\JSON.ni.dll
2014-03-28 16:47 - 2014-03-28 16:47 - 000646656 _____ (Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\OpBHO64.dll
2014-03-28 16:29 - 2014-03-28 16:29 - 000692224 _____ (Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\storeng.dll
2014-03-28 16:32 - 2014-03-28 16:32 - 001107968 _____ (Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\userdata.dll
2010-11-19 00:08 - 2010-11-19 00:08 - 000086016 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2016-09-15 18:16 - 2016-09-15 18:16 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2016-09-15 18:16 - 2016-09-15 18:16 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
2021-11-18 13:02 - 2010-08-02 21:05 - 000105984 _____ (Microsoft) [File not signed] [File is in use] C:\Program Files (x86)\ShadowExplorer\Microsoft.WindowsAPICodePack.dll
2017-04-16 13:33 - 2017-02-15 10:37 - 013151744 _____ (Node.js) [File not signed] C:\Users\Aziz\AppData\Roaming\Pluto TV\node.dll
2014-03-28 16:48 - 2014-03-28 16:48 - 000712080 _____ (Softex Incorporated -> ) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2014-03-28 16:48 - 2014-03-28 16:48 - 000367504 _____ (Softex Incorporated -> ) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 16:48 - 2014-03-28 16:48 - 000759184 _____ (Softex Incorporated -> Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\hdddrv.dll
2014-03-28 16:48 - 2014-03-28 16:48 - 001204112 _____ (Softex Incorporated -> Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\Wbf.dll
2021-11-18 09:41 - 2020-10-19 17:27 - 068185600 _____ (The NWJS Community) [File not signed] C:\Program Files\Trend Micro\TMIDS\tower\nw.dll
2021-11-18 09:41 - 2020-10-19 17:26 - 000421888 _____ (The NWJS Community) [File not signed] C:\Program Files\Trend Micro\TMIDS\tower\nw_elf.dll
2016-01-07 23:27 - 2014-09-11 18:59 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSProducstInfo.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:792D4CF1 [177]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON14/19
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/19
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON14/19
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/19
HKU\S-1-5-21-266641936-1749358909-4162173372-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON14/19
HKU\S-1-5-21-266641936-1749358909-4162173372-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/19
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=HPDTDFJS
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=HPDTDFJS
SearchScopes: HKLM -> {CF7211E7-5664-4937-8AFA-BE987DFF1A19} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 -> {CF7211E7-5664-4937-8AFA-BE987DFF1A19} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-266641936-1749358909-4162173372-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=HPDTDFJS
SearchScopes: HKU\S-1-5-21-266641936-1749358909-4162173372-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=HPDTDFJS
SearchScopes: HKU\S-1-5-21-266641936-1749358909-4162173372-1001 -> {CF7211E7-5664-4937-8AFA-BE987DFF1A19} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-06-11] (Microsoft Corporation -> Microsoft Corporation)
BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2021-11-10] (Trend Micro, Inc. -> Trend Micro Inc.)
BHO: Password Manager BHO -> {782829FB-43A5-4AE0-A14E-590A252E7946} -> C:\Program Files\Trend Micro\TMIDS\bhoDirectPass64.dll [2021-05-28] (Trend Micro, Inc. -> Trend Micro Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-09-30] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-10-27] (HP Inc. -> HP Inc.)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-09-30] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2021-11-10] (Trend Micro, Inc. -> Trend Micro Inc.)
BHO-x32: Password Manager BHO -> {782829FB-43A5-4AE0-A14E-590A252E7946} -> C:\Program Files\Trend Micro\TMIDS\bhoDirectPass32.dll [2021-05-28] (Trend Micro, Inc. -> Trend Micro Inc.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-04-04] (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) [File not signed]
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-09-30] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-10-27] (HP Inc. -> HP Inc.)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-09-30] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-09-30] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Password Manager ToolBar - {97EE74D2-C351-4ECE-B75A-8CD36FAE3661} - C:\Program Files\Trend Micro\TMIDS\bhoDirectPass64.dll [2021-05-28] (Trend Micro, Inc. -> Trend Micro Inc.)
Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2021-11-10] (Trend Micro, Inc. -> Trend Micro Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-09-30] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Password Manager ToolBar - {97EE74D2-C351-4ECE-B75A-8CD36FAE3661} - C:\Program Files\Trend Micro\TMIDS\bhoDirectPass32.dll [2021-05-28] (Trend Micro, Inc. -> Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2021-11-10] (Trend Micro, Inc. -> Trend Micro Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-06-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-06-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-06-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-06-11] (Microsoft Corporation -> Microsoft Corporation)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2021-11-10] (Trend Micro, Inc. -> Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2021-11-10] (Trend Micro, Inc. -> Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2021-11-10] (Trend Micro, Inc. -> Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2021-11-10] (Trend Micro, Inc. -> Trend Micro Inc.)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\trendmicro.com -> hxxps://pwm.trendmicro.com
IE trusted site: HKU\S-1-5-21-266641936-1749358909-4162173372-1001\...\trendmicro.com -> hxxps://pwm.trendmicro.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-02-19 19:16 - 2021-11-15 17:24 - 000000000 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64_win\compiler;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Hewlett-Packard\SimplePass\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\QuickTime\QTSystem\
HKU\S-1-5-21-266641936-1749358909-4162173372-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Aziz\Pictures\cool-wallpaper-3.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DAD1B001-3359-4942-B38B-B37EC2341787}] => (Allow) C:\Users\Aziz\Desktop\Tor Browser\Browser\firefox.exe (Mozilla Corporation) [File not signed]
FirewallRules: [{6DA7DC44-98B9-49BA-BA67-61DF963E9B30}] => (Allow) C:\Users\Aziz\Desktop\Tor Browser\Browser\firefox.exe (Mozilla Corporation) [File not signed]
FirewallRules: [{D410B519-F8F3-43CE-9F46-36B8F184140E}] => (Allow) C:\Users\Aziz\Desktop\Tor Browser\Browser\firefox.exe (Mozilla Corporation) [File not signed]
FirewallRules: [{47D96678-25FF-411B-B63E-AF6E642F33AA}] => (Allow) C:\Users\Aziz\Desktop\Tor Browser\Browser\firefox.exe (Mozilla Corporation) [File not signed]
FirewallRules: [UDP Query User{A8CF6B0D-F3AE-463C-901F-F89562C3F2CC}C:\users\aziz\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\aziz\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{D9047F2A-7FD4-4EB9-9338-592B5347B526}C:\users\aziz\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\aziz\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{54BD2E41-E903-4121-B323-794AC04DC97F}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EFB6D598-C1BB-4C5B-98C8-D2CE03394BE4}] => (Allow) C:\Program Files\CyberLink\PowerDirector14\PDR10.EXE => No File
FirewallRules: [{F0233E58-DAFA-4BFB-A3CA-1E244B53A8C7}] => (Allow) C:\WINDOWS\system32\dleecoms.exe (Lexmark International, Inc. -> )
FirewallRules: [{562A45ED-028D-4C4A-B8CE-5BD2A87EEDD3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A18ED246-EF3B-4E8D-9B17-73F933B6C28B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{17105192-09EF-4A31-924A-1C86BABB4775}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F24CEDF5-4A24-4189-BFC8-0CDCCFDF2786}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{62D925F4-437F-4053-A9A1-59D08EA41D5C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War Gold\W40k.exe (Sega Corporation) [File not signed]
FirewallRules: [{63F20A63-6C3C-4B27-B402-813336A60591}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War Gold\W40k.exe (Sega Corporation) [File not signed]
FirewallRules: [{660869E5-30DE-431C-9690-40D089D50C5C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe => No File
FirewallRules: [{80B21FC1-15C6-4534-9F9F-A7C32D371637}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe => No File
FirewallRules: [{C68474FF-BC99-4DB2-958D-047C8CE8DC66}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{186F7D62-021E-46AB-81DF-73350BADACE4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{2CFC9580-646B-4DC4-AA2C-9F6895ACD00D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{59926BED-7672-47E5-A5FC-B436D3F092D1}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE => No File
FirewallRules: [{85B18ACB-6C62-44DD-A9FB-2AA2A1C85A1B}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{9E87D893-84F1-401E-BA6A-D6FA7DDEB0EB}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe => No File
FirewallRules: [{AFCEB7A7-4DFF-4A92-B3B5-D2D6F0D0C1F6}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink Corp. -> CyberLink)
FirewallRules: [{69464FA3-29C5-465C-82C6-8862D759B6C2}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe => No File
FirewallRules: [{C033894B-5DE0-4436-8FB6-E16CB1A24D82}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{B797A465-3A57-43DB-B269-8D6E719CF547}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{3C69EA94-228F-4FB8-8B6B-1997365B7897}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8D3F2542-7995-4AE6-97FC-A654620F3B64}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DC2FEC88-F53D-4CBE-9EF6-0AEB3B885BB7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{75B3CDC8-EDB9-43C8-9C5E-1ACAC842B1EF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{09619EAF-4C45-49F2-BB69-73AB0A840338}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{2ADCE3EB-C105-4979-A06B-2CA4F8D991D1}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE => No File
FirewallRules: [TCP Query User{942E16D5-0218-4D58-85BE-0CCBE7FCE170}C:\users\aziz\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\aziz\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{7D4F0A49-083A-461F-8DB0-348C1FB0980D}C:\users\aziz\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\aziz\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{94DE95A1-4C9C-4709-A466-E01C1EF9B68C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe => No File
FirewallRules: [{D22B5427-7F8F-4AD5-968C-263409188B22}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe => No File
FirewallRules: [{C3C9207E-2F71-46D2-AE53-6F5718BF25FD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{E57EF7CB-BD28-4654-9413-929D30F1CC30}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{3D19AEAA-94C5-4D1B-B2D4-4C9C0CA79166}C:\program files (x86)\armory\armoryqt.exe] => (Block) C:\program files (x86)\armory\armoryqt.exe () [File not signed]
FirewallRules: [UDP Query User{5DCFAD08-0FC4-47D4-B12C-5A33BB4667BD}C:\program files (x86)\armory\armoryqt.exe] => (Block) C:\program files (x86)\armory\armoryqt.exe () [File not signed]
FirewallRules: [TCP Query User{1C6959FB-20D9-4E3C-997B-83B76BADB4E1}C:\program files\bitcoin\daemon\bitcoind.exe] => (Allow) C:\program files\bitcoin\daemon\bitcoind.exe () [File not signed]
FirewallRules: [UDP Query User{211E9650-FC6F-45D8-987F-4BAFAE445D24}C:\program files\bitcoin\daemon\bitcoind.exe] => (Allow) C:\program files\bitcoin\daemon\bitcoind.exe () [File not signed]
FirewallRules: [{4C53D452-CB99-4C79-8A2F-D955D2D58384}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{F887BDBE-1BFA-409A-95C9-16B072C6EE38}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{1627F10C-B1E5-4C0C-8E06-5834B40F7FDE}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\88.0.705.81\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B8FE3852-5EF5-41E6-B1E7-0664BBC79D1D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{43E12317-73CE-4577-8653-9551032063F3}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4F91D4AA-32C9-4122-8267-5A90093A156B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{65959FAB-201C-4478-9E10-32CB8EA1AFA2}C:\users\aziz\appdata\roaming\zoom\bin\zoom.exe] => (Block) C:\users\aziz\appdata\roaming\zoom\bin\zoom.exe => No File
FirewallRules: [UDP Query User{D7CB9B5E-4ED2-470A-B344-84CB41A2762C}C:\users\aziz\appdata\roaming\zoom\bin\zoom.exe] => (Block) C:\users\aziz\appdata\roaming\zoom\bin\zoom.exe => No File
FirewallRules: [TCP Query User{273F8335-3B69-4279-A027-F8C16F31E85F}C:\program files (x86)\wildtangent games\app\gameconsole-wt.exe] => (Allow) C:\program files (x86)\wildtangent games\app\gameconsole-wt.exe (WildTangent Inc -> gamigo, Inc.)
FirewallRules: [UDP Query User{3BB0E6B9-8E52-41E1-8697-8E064476CB4C}C:\program files (x86)\wildtangent games\app\gameconsole-wt.exe] => (Allow) C:\program files (x86)\wildtangent games\app\gameconsole-wt.exe (WildTangent Inc -> gamigo, Inc.)
FirewallRules: [{4DCA0ACB-B03B-4B60-9A36-0A63FACC5E1C}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe () [File not signed]
FirewallRules: [{8C7A6A1D-E41C-46FC-9118-2CB3ADD1F7D3}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe () [File not signed]
FirewallRules: [{72DCFC1E-0097-4F02-BF07-7556E5238C02}] => (Allow) C:\Users\Aziz\AppData\Roaming\Zoom\bin_00\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{15BDADA7-4C6B-4775-A69D-BDDA6338BB81}] => (Allow) C:\Users\Aziz\AppData\Roaming\Zoom\bin_00\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{EB8907E3-9E37-4BB6-AEE9-B6DFFCB06F38}] => (Allow) C:\Users\Aziz\AppData\Roaming\Zoom\bin_00\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{2F63FC21-B95E-4D0C-92F5-101D62360835}C:\users\aziz\appdata\local\programs\opera\opera.exe] => (Block) C:\users\aziz\appdata\local\programs\opera\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{F94A4AE1-C94D-4ADB-A202-AA7D15281295}C:\users\aziz\appdata\local\programs\opera\opera.exe] => (Block) C:\users\aziz\appdata\local\programs\opera\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query User{595D2877-A865-49EE-A05B-8ECD5E6B0B27}C:\users\aziz\appdata\local\programs\opera\opera.exe] => (Block) C:\users\aziz\appdata\local\programs\opera\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{14BF97E3-FB3F-4512-8664-FFD2B18C587B}C:\users\aziz\appdata\local\programs\opera\opera.exe] => (Block) C:\users\aziz\appdata\local\programs\opera\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{4AD74C00-2885-4422-89DC-E78E0AF436F7}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{E71CE0FD-E829-4367-85E9-A939E5417F21}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{C6F8664F-370A-4902-9016-3235998A24F7}C:\program files (x86)\company\newproduct\jg1_1faf.exe] => (Block) C:\program files (x86)\company\newproduct\jg1_1faf.exe => No File
FirewallRules: [UDP Query User{1046ED3C-346B-4809-A622-0F7193418DFC}C:\program files (x86)\company\newproduct\jg1_1faf.exe] => (Block) C:\program files (x86)\company\newproduct\jg1_1faf.exe => No File
FirewallRules: [{85D4A7E9-B4D5-49BD-8B15-407DDA5B52E5}] => (Allow) C:\Program Files\Trend Micro\HouseCall\tmase\nmap\nmap.exe (Insecure.Org) [File not signed]
FirewallRules: [{B9168B0F-C1C9-4E02-8DB3-0414C3F63B84}] => (Allow) C:\Program Files\Trend Micro\HouseCall\tmase\nmap\nmap.exe (Insecure.Org) [File not signed]

==================== Restore Points =========================

15-11-2021 17:57:45 {8ad6f01c-ec5a-4e21-81a9-0c30875c7dac}

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (11/18/2021 03:54:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PAVILION)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/18/2021 03:54:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PAVILION)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/18/2021 03:54:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PAVILION)
Description: Activation of app Microsoft.People_8wekyb3d8bbwe!x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/18/2021 03:52:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PAVILION)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/18/2021 03:45:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PAVILION)
Description: Activation of app ReaderNotificationClient_e1rzdqpraam7r!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/18/2021 03:39:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PAVILION)
Description: Activation of app 9FD20106.MediaPlayerQueen_nwhm06f2kfry2!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/18/2021 03:30:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PAVILION)
Description: Activation of app ReaderNotificationClient_e1rzdqpraam7r!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/18/2021 03:24:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PAVILION)
Description: Activation of app Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (11/18/2021 01:10:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Emsisoft Protection Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (11/18/2021 10:24:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Defender Helper Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/18/2021 10:20:17 AM) (Source: DCOM) (EventID: 10010) (User: PAVILION)
Description: The server microsoft.windows.immersivecontrolpanel did not register with DCOM within the required timeout.

Error: (11/18/2021 10:01:27 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Platinum Host Service service.

Error: (11/18/2021 09:03:43 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/18/2021 08:56:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (11/18/2021 08:55:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/18/2021 08:55:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 

Ransomware

Thread Starter
Joined
Nov 18, 2021
Messages
13
Windows Defender:
================
Date: 2021-11-16 16:06:41.185
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?lin...onut.CIK!MTB&threatid=2147798636&enterprise=0
Name: Trojan:Win64/Donut.CIK!MTB
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Aziz\AppData\Roaming\Microsoft\Telemetry\sihost32.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: C:\Windows\System32\conhost.exe
Signature Version: AV: 1.353.1059.0, AS: 1.353.1059.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.18700.4, NIS: 2.1.14600.4

Date: 2021-11-16 16:05:37.739
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?lin...ookie.WY!MTB&threatid=2147795123&enterprise=0
Name: Trojan:Win64/Fabookie.WY!MTB
Severity: Severe
Category: Trojan
Path: file:_C:\Program Files (x86)\Company\NewProduct\cm3.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.353.1059.0, AS: 1.353.1059.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.18700.4, NIS: 2.1.14600.4

Date: 2021-11-16 16:05:37.733
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?lin...wnloader!MTB&threatid=2147786787&enterprise=0
Name: Trojan:MSIL/SmallDownloader!MTB
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Aziz\Pictures\Adobe Films\_q6n3NCeeq0GKOGAAZZTdnzY.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.353.1059.0, AS: 1.353.1059.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.18700.4, NIS: 2.1.14600.4

Date: 2021-11-16 16:05:37.555
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?lin...ccoon.AD!MTB&threatid=2147798255&enterprise=0
Name: Trojan:Win32/Raccoon.AD!MTB
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Aziz\Pictures\Adobe Films\WqlDlJNYqAqmuOArNpdgXghX.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.353.1059.0, AS: 1.353.1059.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.18700.4, NIS: 2.1.14600.4

Date: 2021-11-16 16:05:37.553
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?lin...crypt.GD!MTB&threatid=2147798369&enterprise=0
Name: Trojan:Win32/Raccrypt.GD!MTB
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Aziz\Pictures\Adobe Films\MePRZqeEQA22O7eF5DjRMVC4.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.353.1059.0, AS: 1.353.1059.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.18700.4, NIS: 2.1.14600.4
Event[0]:

Date: 2021-11-16 13:29:33.395
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.331.760.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17800.5
Error code: 0x80070424
Error description: The specified service does not exist as an installed service.

Date: 2021-10-21 08:20:41.748
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 119.0.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2021-10-21 08:20:41.738
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.331.760.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17800.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2021-10-21 08:20:41.737
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.331.760.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17800.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2021-10-21 08:20:41.689
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.331.760.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17800.5
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

==================== Memory info ===========================

BIOS: AMI 80.00 07/29/2014
Motherboard: Hewlett-Packard 2B26
Processor: AMD A8-7600 Radeon R7, 10 Compute Cores 4C+6G
Percentage of memory in use: 85%
Total physical RAM: 5066.94 MB
Available physical RAM: 745.8 MB
Total Virtual: 11430.24 MB
Available Virtual: 3786.18 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:913.13 GB) (Free:683.81 GB) NTFS
Drive d: (Recovery Image) (Fixed) (Total:16.46 GB) (Free:2.04 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (10 may 2019) (CDROM) (Total:0.04 GB) (Free:0 GB) UDF
Drive z: (Windows) (RAMDisk) (Total:913.13 GB) (Free:691.35 GB) NTFS

\\?\Volume{1c52d060-0799-4fcb-b5a0-08db5d5390d6}\ (Windows RE tools) (Fixed) (Total:1 GB) (Free:0.63 GB) NTFS
\\?\Volume{fd8fcc6d-3036-4dc9-aec5-7c40084cc5c7}\ () (Fixed) (Total:0.44 GB) (Free:0.12 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 624259B8)

Partition: GPT.

==================== End of Addition.txt =======================


3.๐Ÿ™‚๐Ÿ™ƒ๐Ÿ™‚๐Ÿ™ƒ๐Ÿ™‚๐Ÿ™ƒ๐Ÿ™‚๐Ÿ™ƒ๐Ÿ™‚๐Ÿ™ƒ๐Ÿ™‚๐Ÿ™ƒ๐Ÿ™‚๐Ÿ™ƒ๐Ÿ™‚๐Ÿ™ƒ๐Ÿ™‚๐Ÿ™ƒ๐Ÿ™‚๐Ÿ™ƒ๐Ÿ™‚๐Ÿ™ƒ๐Ÿ™‚๐Ÿ™ƒ๐Ÿ™‚๐Ÿ™ƒ๐Ÿ™‚๐Ÿ™ƒ๐Ÿ™‚๐Ÿ™ƒ๐Ÿ™‚๐Ÿ™ƒ



Okay that's all, thank you for taking the time. Some things I want to mention though, I forgot to compress files for the microsoft safety scanner, and also forgot to scan it from desktop, I don't believe it makes much of a difference but I rescanned it properly again to make sure, and the second scan didn't detect anything since the first scan already took care of everything, so I did not include the second scan. Also my internet explorer is also locked. I cannot use the internet explorer browser. But other browsers work just fine.

Also, I have extra Anti-Malwares working, and they found things that Defender couldn't find. I used Emsisoft Anti-Malware since yesterday and it racked a whopping 163 Malware detections that were quarantined. I also used Trend-Micro Maximum Security today, and after a full scan it caught a sum of 16 viruses and 3 spywares which Emsisoft couldn't detect. Emsisoft mostly detected Trojan.GenericKD Malwares. Those were the latest anti-malware softwares I used, but there were also others which were the first I used, among which was: Panda Cloud Cleaner, Restoro, and House Call (Also by Trend-Micro). I also am waiting to do the final offline windows defender scan to definitively get rid of the RansomWare, I still haven't done that just to not be hasty. That's all.

I have provided below the logs for Emsisoft Anti-Malware and Trend-Micro Maximum as well in case you are interested in seeing them:






Emsisoft Anti-Malware Home v. 2021.11.0.11257
(C) 2003-2021 Emsisoft - www.emsisoft.com

ID Object
0 C:\WINDOWS\rss\csrss.exe detected: Trojan.GenericKD.47402637 (B)
1 C:\WINDOWS\rss\csrss.exe detected: Trojan.GenericKD.47402637 (B)
2 C:\WINDOWS\rss\csrss.exe detected: Trojan.GenericKD.47402637 (B)
3 C:\Users\Aziz\services32.exe detected: Gen:Variant.Bulz.931113 (B)
4 C:\WINDOWS\rss\csrss.exe detected: Trojan.GenericKD.47402637 (B)
5 C:\WINDOWS\rss\csrss.exe detected: Trojan.GenericKD.47402637 (B)
6 C:\WINDOWS\rss\csrss.exe detected: Trojan.GenericKD.47402637 (B)
7 C:\WINDOWS\rss\csrss.exe detected: Trojan.GenericKD.47402637 (B)
8 C:\WINDOWS\rss\csrss.exe detected: Trojan.GenericKD.47402637 (B)
9 C:\WINDOWS\rss\csrss.exe detected: Trojan.GenericKD.47402637 (B)
10 C:\WINDOWS\rss\csrss.exe detected: Trojan.GenericKD.47402637 (B)
11 C:\WINDOWS\rss\csrss.exe detected: Trojan.GenericKD.47402637 (B)
12 C:\WINDOWS\rss\csrss.exe detected: Trojan.GenericKD.47402637 (B)
13 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
14 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
15 C:\Users\Aziz\AppData\Local\Temp\csrss\wx.exe detected: Trojan.GenericKD.37845141 (B)
16 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
17 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
18 C:\Users\Aziz\AppData\Local\Temp\csrss\wx.exe detected: Trojan.GenericKD.37845141 (B)
19 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
20 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
21 C:\Users\Aziz\AppData\Local\Temp\csrss\wx.exe detected: Trojan.GenericKD.37845141 (B)
22 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
23 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
24 C:\Users\Aziz\AppData\Local\Temp\csrss\wx.exe detected: Trojan.GenericKD.37845141 (B)
25 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
26 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
27 C:\Users\Aziz\AppData\Local\Temp\csrss\uploadprofile.exe detected: Trojan.GenericKD.47418062 (B)
28 C:\Users\Aziz\AppData\Local\Temp\csrss\wx.exe detected: Trojan.GenericKD.37845141 (B)
29 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
30 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
31 C:\Users\Aziz\AppData\Local\Temp\csrss\wx.exe detected: Trojan.GenericKD.37845141 (B)
32 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
33 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
34 C:\Users\Aziz\AppData\Local\Temp\csrss\wx.exe detected: Trojan.GenericKD.37845141 (B)
35 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
36 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
37 C:\Users\Aziz\AppData\Local\Temp\csrss\wx.exe detected: Trojan.GenericKD.37845141 (B)
38 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
39 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
40 C:\Users\Aziz\AppData\Local\Temp\csrss\wx.exe detected: Trojan.GenericKD.37845141 (B)
41 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
42 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
43 C:\Users\Aziz\AppData\Local\Temp\csrss\wx.exe detected: Trojan.GenericKD.37845141 (B)
44 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
45 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
46 C:\Users\Aziz\AppData\Local\Temp\csrss\wx.exe detected: Trojan.GenericKD.37845141 (B)
47 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
48 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
49 C:\Users\Aziz\AppData\Local\Temp\csrss\wx.exe detected: Trojan.GenericKD.37845141 (B)
50 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
51 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
52 C:\Users\Aziz\AppData\Local\Temp\csrss\wx.exe detected: Trojan.GenericKD.37845141 (B)
53 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
54 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
55 C:\Users\Aziz\AppData\Local\Temp\csrss\wx.exe detected: Trojan.GenericKD.37845141 (B)
56 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
57 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
58 C:\Users\Aziz\AppData\Local\Temp\csrss\wx.exe detected: Trojan.GenericKD.37845141 (B)
59 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
60 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
61 C:\Users\Aziz\AppData\Local\Temp\csrss\wx.exe detected: Trojan.GenericKD.37845141 (B)
62 C:\Users\Aziz\AppData\Local\Temp\csrss\uploadprofile.exe detected: Trojan.GenericKD.47418062 (B)
63 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
64 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
65 C:\Users\Aziz\AppData\Local\Temp\csrss\wx.exe detected: Trojan.GenericKD.37845141 (B)
66 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
67 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
68 C:\Users\Aziz\AppData\Local\Temp\csrss\wx.exe detected: Trojan.GenericKD.37845141 (B)
69 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
70 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
71 C:\Users\Aziz\AppData\Local\Temp\csrss\wx.exe detected: Trojan.GenericKD.37845141 (B)
72 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
73 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
74 C:\Users\Aziz\AppData\Local\Temp\csrss\wx.exe detected: Trojan.GenericKD.37845141 (B)
75 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
76 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
77 C:\Users\Aziz\AppData\Local\Temp\csrss\wx.exe detected: Trojan.GenericKD.37845141 (B)
78 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
79 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
80 C:\Users\Aziz\AppData\Local\Temp\csrss\wx.exe detected: Trojan.GenericKD.37845141 (B)
81 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
82 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
83 C:\Users\Aziz\AppData\Local\Temp\csrss\wx.exe detected: Trojan.GenericKD.37845141 (B)
84 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
85 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
86 C:\Users\Aziz\AppData\Local\Temp\csrss\wx.exe detected: Trojan.GenericKD.37845141 (B)
87 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
88 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
89 C:\Users\Aziz\AppData\Local\Temp\csrss\wx.exe detected: Trojan.GenericKD.37845141 (B)
90 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
91 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
92 C:\Users\Aziz\AppData\Local\Temp\csrss\wx.exe detected: Trojan.GenericKD.37845141 (B)
93 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
94 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
95 C:\Users\Aziz\AppData\Local\Temp\csrss\wx.exe detected: Trojan.GenericKD.37845141 (B)
96 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
97 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
98 C:\Users\Aziz\AppData\Local\Temp\csrss\wx.exe detected: Trojan.GenericKD.37845141 (B)
99 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
100 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
101 C:\Users\Aziz\AppData\Local\Temp\csrss\wx.exe detected: Trojan.GenericKD.37845141 (B)
102 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
103 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
104 C:\Users\Aziz\AppData\Local\Temp\csrss\wx.exe detected: Trojan.GenericKD.37845141 (B)
105 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
106 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
107 C:\Users\Aziz\AppData\Local\Temp\csrss\wx.exe detected: Trojan.GenericKD.37845141 (B)
108 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
109 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
110 C:\Users\Aziz\AppData\Local\Temp\csrss\wx.exe detected: Trojan.GenericKD.37845141 (B)
111 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
112 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
113 C:\Users\Aziz\AppData\Local\Temp\csrss\wx.exe detected: Trojan.GenericKD.37845141 (B)
114 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
115 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
116 C:\Users\Aziz\AppData\Local\Temp\csrss\wx.exe detected: Trojan.GenericKD.37845141 (B)
117 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
118 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
119 C:\Users\Aziz\AppData\Local\Temp\csrss\wx.exe detected: Trojan.GenericKD.37845141 (B)
120 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
121 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
122 C:\Users\Aziz\AppData\Local\Temp\csrss\wx.exe detected: Trojan.GenericKD.37845141 (B)
123 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
124 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
125 C:\Users\Aziz\AppData\Local\Temp\csrss\wx.exe detected: Trojan.GenericKD.37845141 (B)
126 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
127 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
128 C:\Users\Aziz\AppData\Local\Temp\csrss\wx.exe detected: Trojan.GenericKD.37845141 (B)
129 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
130 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
131 C:\Users\Aziz\AppData\Local\Temp\csrss\wx.exe detected: Trojan.GenericKD.37845141 (B)
132 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
133 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
134 C:\Users\Aziz\AppData\Local\Temp\csrss\uploadprofile.exe detected: Trojan.GenericKD.47418062 (B)
135 C:\Users\Aziz\AppData\Local\Temp\csrss\wx.exe detected: Trojan.GenericKD.37845141 (B)
136 C:\Users\Aziz\AppData\Roaming\Microsoft\Telemetry\sihost32.exe detected: Trojan.Agent (A)
137 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
138 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
139 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
140 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
141 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
142 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)
143 C:\Users\Aziz\AppData\Roaming\Calculator\Calculator.exe detected: Behavior.CodeInjector
144 C:\Users\Aziz\AppData\Local\Temp\csrss\ethm-254.exe detected: Trojan.GenericKD.37908034 (B)
145 C:\Users\Aziz\AppData\Local\Temp\csrss\smbscanlocal.exe detected: Trojan.GenericKD.37961043 (B)




Trend Micro Maximum Security:

---------Spyware-------
Date/Time,Threat,Source,Affected Files,Response,Detected By,From,To,Subject,Protocol
11/18/2021, 11:58:10 AM,PUA.Win32.OpenCandy.PBG,C:\Users\Aziz\Downloads\uTorrent.exe,Removed,Manual Scan,,,,
11/18/2021, 2:26:42 PM,PUA.Win32.NPUninstaller.A,C:\Program Files (x86)\Company\NewProduct\Uninstall.exe,Removed,Manual Scan,,,,
11/18/2021, 2:26:42 PM,PUA.Win32.NPUninstaller.A,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,Removed,Manual Scan,,,,
--------- Virus ---------
11/18/2021, 10:23:44 AM,TROJ_GEN.R049C0WJI21,Virus,C:\Windows\windefender.exe,Removed,Manual Scan,,,,
11/18/2021, 10:23:44 AM,TROJ_GEN.R049C0WJI21,Virus,C:\Windows\windefender.exe,Removed,Manual Scan,,,,
11/18/2021, 10:31:51 AM,TROJ.Win32.TRX.XXPE50FSX016E0002,Threat,C:\Users\Aziz\Downloads\bca1ccd3-8e5b-467b-afcc-1d464be0399d.tmp,Removed,Real Time Scan,,,,
11/18/2021, 10:31:51 AM,TROJ.Win32.TRX.XXPE50FSX016E0002,Threat,C:\Users\Aziz\AppData\Local\Opera Software\Opera Stable\Cache\f_001b94,Removed,Real Time Scan,,,,
11/18/2021, 10:34:08 AM,TROJ.Win32.TRX.XXPE50FSX016E0002,Threat,C:\Users\Aziz\Downloads\FRST64.exe,Removed,Real Time Scan,,,,
11/18/2021, 11:10:36 AM,Trojan.Win64.FARFLI.AZX,Threat,C:\Windows\System32\XY4Q6N0LI4.tmp,Removed,Manual Scan,,,,
11/18/2021, 11:37:28 AM,TROJ_GEN.R002C0PKF21,Virus,C:\Users\Aziz\Pictures\Adobe Films\8juKtsBv9Bx9EmdNvKyPTYq0.exe,Removed,Manual Scan,,,,
11/18/2021, 11:43:18 AM,TROJ_GEN.R002C0PKE21,Virus,C:\Users\Aziz\Pictures\Adobe Films\AdWEuRwx5VSqo5hl2j9ZITZ5.exe,Removed,Manual Scan,,,,
11/18/2021, 11:43:33 AM,TROJ_GEN.R002C0DKE21,Virus,C:\Users\Aziz\Pictures\Adobe Films\KprZGTb4brG0p3OcyrtWV6K4.exe,Removed,Manual Scan,,,,
11/18/2021, 11:45:39 AM,TrojanSpy.Win32.CHEBKA.USMANKD21,Threat,C:\Users\Aziz\Pictures\Adobe Films\BHKp_IBR0gFf11ruw6U1Db9T.exe,Removed,Manual Scan,,,,
11/18/2021, 11:53:53 AM,TROJ_GEN.R002C0PKA21,Virus,C:\Users\Aziz\Documents\VlcpVideoV1.0.1\jg1_1faf.exe,Removed,Manual Scan,,,,
11/18/2021, 1:17:55 PM,TROJ_FRS.0NA104KH21,Virus,C:\Program Files (x86)\VideoLAN\Luxylomiri.exe,Removed,Manual Scan,,,,
11/18/2021, 2:59:57 PM,TROJ.Win32.TRX.XXPE50FSX016E0002,Threat,C:\Users\Aziz\Downloads\459a95d7-0bfd-4346-a1d7-e0473b48fc24.tmp,Removed,Real Time Scan,,,,
11/18/2021, 2:59:58 PM,TROJ.Win32.TRX.XXPE50FSX016E0002,Threat,C:\Users\Aziz\AppData\Local\Opera Software\Opera Stable\Cache\f_001cae,Removed,Real Time Scan,,,,
11/18/2021, 3:05:00 PM,TROJ.Win32.TRX.XXPE50FSX016E0002,Threat,C:\Users\Aziz\Desktop\FRST64.exe,Restart Required,Real Time Scan,,,,
11/18/2021, 3:45:43 PM,Trojan.MSIL.NANOCORE.USMANKG21,Threat,C:\Program Files\Common Files\System\bunkhouse\svchost.exe,Removed,Manual Scan,,,,

------------Threat------------

11/18/2021, 10:31:51 AM,TROJ.Win32.TRX.XXPE50FSX016E0002,Threat,C:\Users\Aziz\Downloads\bca1ccd3-8e5b-467b-afcc-1d464be0399d.tmp,Removed,Real Time Scan
11/18/2021, 10:31:51 AM,TROJ.Win32.TRX.XXPE50FSX016E0002,Threat,C:\Users\Aziz\AppData\Local\Opera Software\Opera Stable\Cache\f_001b94,Removed,Real Time Scan
11/18/2021, 10:31:51 AM,TROJ.Win32.TRX.XXPE50FSX016E0002,Threat,C:\Users\Aziz\AppData\Local\Opera Software\Opera Stable\Cache\f_001b94,Removed,Real Time Scan
11/18/2021, 11:45:39 AM,TrojanSpy.Win32.CHEBKA.USMANKD21,Threat,C:\Users\Aziz\Pictures\Adobe Films\BHKp_IBR0gFf11ruw6U1Db9T.exe,Removed,Manual Scan
11/18/2021, 2:59:57 PM,TROJ.Win32.TRX.XXPE50FSX016E0002,Threat,C:\Users\Aziz\Downloads\459a95d7-0bfd-4346-a1d7-e0473b48fc24.tmp,Removed,Real Time Scan
11/18/2021, 2:59:58 PM,TROJ.Win32.TRX.XXPE50FSX016E0002,Threat,C:\Users\Aziz\AppData\Local\Opera Software\Opera Stable\Cache\f_001cae,Removed,Real Time Scan
11/18/2021, 3:05:00 PM,TROJ.Win32.TRX.XXPE50FSX016E0002,Threat,C:\Users\Aziz\Desktop\FRST64.exe,Restart Required,Real Time Scan
11/18/2021, 3:45:43 PM,Trojan.MSIL.NANOCORE.USMANKG21,Threat,C:\Program Files\Common Files\System\bunkhouse\svchost.exe,Removed,Manual Scan
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,631
Fass Post Preview
Hiya Ransomware,

Thanks for those logs, quite a lot going on withyour system. Continue:

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.

NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

user posted image


The system will be rebooted after the fix has run.

Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....


The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.

Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Saved logs are found here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs

Let me see the logs from FRST fix and Sophos..

Next,

Can you also attach a couple of encrypted files, plus the ransom note...

Thank you,

Kevin.
 

Attachments

Ransomware

Thread Starter
Joined
Nov 18, 2021
Messages
13
Thank you very much! this is very good, the locked files are now all accessible, my computer is no longer under encryption of Ransomware.

A few things to mention, the Farbar recovery tool fix actually took hours, while the Sophos virus removal tool was so quick for me, it barely took 10 minutes. Sophos did not need me to click scan, I didn't even see a button, it just launched, made me click next and maybe accept the terms, then automatically started scanning. Also it created its own log save when you click the ''save log'' option available, so I did not need to copy them. Also I'm sorry I didn't attach the logs before, I didn't really notice that option. But this really did great work, I'm impressed I didn't expect this to lift the encryption, although I'm probably not as heavily encrypted as the malware intended, so I'm very lucky and grateful for that, still kind of curious as to why though.. I'm still following your instructions, thank you very much for your help, and if we're not done yet and need to do more things to make sure the computer is secured I'm still following.

I attached below all the files, but I wish the site would tell me what the max file sharing size limit is, I had 3 files, 2 pngs and one powerpoint, I deleted a png and that wasn't enough so I had to delete the powerpoint as well, now there's just one png left, for some reason they are permanently deleted but maybe I can recover them with a software, let me know if you want me to do that.
 

Attachments

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,631
Hiya Ransomware,

I would really like to see a couple of encrypted files, the zipped file only included a screenshot of Youtube.. If the size of the file stops you from attaching to your reply you can use "WeTransfer" to upload files up to 2GB in size for free. https://wetransfer.com/ copy the link to your reply so I can download them ..

I`ve never came across a situation like yours, when Emsisoft's Decryptor states decryption is impossible, then that is usually correct 100%. In your situation there appears to be a none logical outcome.

If you still have problems uploading the encrypted files please let me know... I would definitely like to know why your situation is different to the usual outcome of StopDJVU infections...

I`m going to contact a colleague at Mawarebytes to have a look at your thread, it is very interesting for sure...

Regards,

Kevin..
 

Ransomware

Thread Starter
Joined
Nov 18, 2021
Messages
13
All right, I dug up some of the files using ShadowExplorer, if you need any more specific files or types of files let me know, I can also screenrecord my computer directly in case that's something that could help, I'm very curious to know how come the ransomware was not able to fully lock my files when they were encrypted by an online key, and I'm surprised this never actually happened before. This is some extra divine luck on my side I'm very grateful.

Something I forgot to mention, when I first got the ransomware, it installed a something called CorpVPN on my computer, accessible from the desktop, the Anti-Malwares did not uninstall it, so it probably is a neutral program, but the ransomware installed it for some reason.
Once the Anti-Malwares did their job, my computer changed and seems extra protected, as when I click some programs like FRST64, it prompts the warning window of whether you want the program to make changes to your device, YES or NO. Or for ShadowExplorer, it doesn't run unless I run it as administrator. I didn't do that before either. So seems much more secure, the FARBAR Fix and the Sophos antivirus really seem to have done very solid work.


Here's the links to the files, I have made 2 copies, the first is the corrupted files from ShadowExplorer. And the second is those same original working files in case you need to compare.
Almost all ransomwared files are corrupted. Except 1 very specific png photo, I hope they are the right encrypted files. Let me know whether you found anything interesting.

Corrupted Ransomware Files: https://we.tl/t-STG3s5abq1

Non-damaged files: https://we.tl/t-aYGcEzOkw2
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,631
Hello Ransomware,

I`ve asked one of the experts from Malwarebytes to have a look at your thread, will probably have to wait until Monday for an answer.

As it stands how is your PC responding, any issues or concerns. Do I understand correctly that all of the encrypted files are back to normal..? Quote from your reply #7

Thank you very much! this is very good, the locked files are now all accessible, my computer is no longer under encryption of Ransomware.
Thank you,

Kevin
 

Ransomware

Thread Starter
Joined
Nov 18, 2021
Messages
13
Yes! All of them are now working, even internet explorer (called Edge on windows 10) too, it's almost as if they were restored from a restore point, except the thing is I didn't have any backups. And I checked with the decryptor again for the files that are now working, it still says they are encrypted with an online key and impossible to decrypt, so I now am technically accessing those files as they are still encrypted. They shouldn't be able to open for me, but they are, my computer just does not even care. :LOL:

But no I think since I could always send them on email that something is definitely off with the encryption.
Thank you very much for being very helpful, and thanks for getting extra people to look into it, I'm glad you found this case interesting, I'm very curious too.

I attached the Emsisoft Decryptor log that I ran on some files that are now accessible to me. In case you want to see it, for some reason it gave me many results, when I only scanned 1 folder that had 2 pictures. But yeah it says they're all still encrypted (Edit: actually it didn't scan the photos for some reason, it doesn't want to, it just scans the log directory idk why, so maybe it can't scan them because they're no longer encrypted after all?), you have the same files too so you can check them yourself if you need.

And I'm still here following up anytime there's a reply.

Thanks alot for the professional help!
 

Attachments

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,631
Do you have "Controlled Folder Access" enabled or disabled..?

Select Start > Settings > Update & Security > Windows Security > Virus & threat protection. Under Virus & threat protection settings, select Manage settings. Under Controlled folder access, select Manage Controlled folder access. Does it show enabled or disabled..?
 

Ransomware

Thread Starter
Joined
Nov 18, 2021
Messages
13
Sorry for the late reply I got off the computer for a bit. I can't find '' Virus & threat protection,'' I looked online and someone said that it may be because the malware has removed it and that it may be the cause that prevented it from showing. He suggested to do an offline scan because the malware probably is hidden.
Do you want me to run that? I was always planning on scanning offline and since all files are now accessible it seems I'm in the clear to remove the full remnants of the malware.

[ Edit: I found a possible solution at microsoft support, to do the following:

''Open the Registry by searching for "regedit" and then select "Run as Administrator". In the Editor
navigate as follows: Hkey_Local_Machine\Software\Microsoft\Policy Manager\Default and
then Expand Defender. You will see a list of policies. Find and select AllowUserUIAccess.
This displays the Registry Key that sets UILockdown to a Dword of 1, and that is what hides
Virus & Threat Protection.''

So I can go ahead and do that if it's the right step. Link: https://answers.microsoft.com/en-us...-problem/66cc6e72-093b-436b-a0aa-b4de5ce33ce0 ]



I attached what my settings tab looks like.
My windows is running on version 1607
bandicam 2021-11-20 21-45-32-167.jpg
 
Last edited:

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,631
Yes your version of Windows is: Microsoft Windows 10 Home Version 1607. That version is no longer supported by Microsoft, you should really check your system for updates at your earliest convenience..
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,631
Hiya Ransomware,

Can you run the following please and attach the produced logs:

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

Download Malwarebytes Support Tool from here: https://downloads.malwarebytes.com/file/mbst
In your Downloads folder, or where the tool was saved; open the mb-support-x.x.x.xxx.exe file
In the User Account Control pop-up window, click Yes to continue the installation
Run the MBST Support Tool
In the left navigation pane of the Malwarebytes Support Tool, click Advanced
In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
A zip file named mbst-grab-results.zip will be saved to your desktop, please attach that file to your next reply

Next,

Run FRST one more time:

Type the following in the edit box after "Search:".

csrss.exe

Click Search Registry button and attach the log it makes (SearchReg.txt) to your reply.

Next,

Run FRST one more time:

Type the following in the edit box after "Search:".

csrss.exe

Click Search Files button and attach the log (Search.txt) it makes to your reply...

Thank you,

Kevin
 

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top