How to gei rid of rpcnet computrace on my pc desktop

carl a · Mar 28, 2021

Good morning my forum friends long time since I posted a problem and I have a problem with getting computrace rpcnet off my computer. This computer is a hp decktop windows 10 20h2 and I discovered that rpcnet.exe was running in the task manager and upon further investigation I found out that this software track your computer lojack style and hidden malware could be attached to this program. I do not known how it got on my computer and I do not know how to remove it since I've tried every anti virus ,malware removal tool out there. I found the locations where its located at and deleted the entry but to no avail , every place from task manager, c\windows\system32 to c\windows\wow64 to services remote procedure call net to the registry but to no avail Help will be greatly received and appreciated with all my heart. thanks for your time and attention.

icotonev · Mar 28, 2021

Hi ,carl a ..!

Please follow these posting instructions - Malware Removal Posting Instructions

Thank you.

carl a · Mar 29, 2021

Here is the requested logs for your review I hope that I performed what you ask for prefectly.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-03-2021
Ran by acarl (administrator) on DESKTOP-SD8J0JK (Hewlett-Packard HP Compaq Pro 6300 SFF) (29-03-2021 09:30:11)
Running from C:\Users\acarl\OneDrive\Desktop
Loaded Profiles: acarl
Platform: Windows 10 Pro Version 20H2 19042.870 (X64) Language: English (United States)
Default browser: Brave
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Absolute Software Corp. -> Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\NisSrv.exe
(Tonec Inc. -> Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-2189376719-764004472-2637532677-1004\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [5484392 2021-03-02] (Tonec Inc. -> Tonec Inc.)
HKLM\...\Windows x64\Print Processors\Canon MX330 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPD9P.DLL [28160 2009-04-25] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\novaPDF 9 Port Monitor: C:\WINDOWS\system32\novamn9.dll [18944 2019-07-01] (Softland) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\89.0.4389.90\Installer\chrmstp.exe [2021-03-14] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\89.1.22.70\Installer\chrmstp.exe [2021-03-26] (Brave Software, Inc. -> Brave Software, Inc.)
BootExecute: autocheck autochk * …œ
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
HKU\S-1-5-21-2189376719-764004472-2637532677-1004\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2076C134-6797-45DD-A8DE-44FC24D5FE75} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23080824 2021-03-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {3ECED92D-D7FB-4B65-872E-F8AEB4A8E64A} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114024 2021-03-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {471A089F-50D6-47AB-84FB-8EBC9ACBEB8C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23080824 2021-03-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {48E23525-9F62-4508-8B4D-02EB31634AC3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4A907790-3F0E-4292-A576-FB16BC7A30BC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4004296 2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {4DE4C21C-E3F7-4B77-93B3-7FBA0FDDC1F6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-10-07] (Google LLC -> Google LLC)
Task: {5DC9BFB5-1DBA-4B8C-A3B4-1AA26930A243} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9617662E-EDFF-4ECB-9740-C48B2634D6BC} - System32\Tasks\CCleaner Update => C:\Users\acarl\Downloads\Downloads\Ccleaner\CCUpdate.exe [684976 2021-02-16] (Piriform Software Ltd -> Piriform)
Task: {9654DF17-D630-4D4B-9AE1-858CD005F576} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114024 2021-03-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {9B919A57-40E5-4A67-9EAD-FCE359AF3883} - System32\Tasks\CCleanerSkipUAC => C:\Users\acarl\Downloads\Downloads\Ccleaner\CCleaner.exe [27165752 2021-02-16] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {AA6C87BA-FDAB-4D63-BBCD-41C70FFB3E8A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B3DD4135-A6B3-40AA-8FEA-E08AE7EE6D35} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [163528 2020-12-16] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {CF452869-BD84-4AEE-9130-5CCABAE09499} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D74D79F8-B116-40ED-8C74-B92556EB2319} - System32\Tasks\Soft Organizer Applications Updates Check => E:\Program Files\Soft Organizer\SoftOrganizer.exe
Task: {D95E3B95-EF58-4C24-A17E-1C5F8146D466} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-10-07] (Google LLC -> Google LLC)
Task: {F084C819-583B-4D41-91DD-FBA928DB2CBF} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [918960 2020-12-04] (Glarysoft LTD -> Glarysoft Ltd)
Task: {F5149014-138C-4D4C-85C5-8631A0394EE6} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [163528 2020-12-16] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {FA0B8EFD-8C17-4839-8037-EE15DAC8E315} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {FA20A7A2-AF17-40D0-96EB-04D8D7637839} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4004296 2021-03-06] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{2aa3e952-b8a3-4869-86be-dfb6a1942fe0}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Edge:
=======
Edge Profile: C:\Users\acarl\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-29]
Edge Notifications: Default -> hxxps:\/\/www.youtube.com
Edge HomePage: Default -> edge://newtab/
Edge StartupUrls: Default -> "hxxp://google.com/"
Edge Extension: (IDM Integration Module) - C:\Users\acarl\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\llbjbkhnmlidjebalopleeepgdfgcpec [2021-03-28]
Edge Extension: (AdBlock — best ad blocker) - C:\Users\acarl\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2021-03-28]
Edge HKU\S-1-5-21-2189376719-764004472-2637532677-1004\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx [2021-03-05]

FireFox:
========
FF HKU\S-1-5-21-2189376719-764004472-2637532677-1004\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\acarl\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\acarl\AppData\Roaming\IDM\idmmzcc5 [2020-10-17] [Legacy] [not signed]
FF HKU\S-1-5-21-2189376719-764004472-2637532677-1004\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-19] [Legacy]
FF Plugin-x32: @java.com/DTPlugin,version=11.281.2 -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\dtplugin\npDeployJava1.dll [2021-01-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.281.2 -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\plugin2\npjp2.dll [2021-01-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-03-06] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\acarl\AppData\Local\Google\Chrome\User Data\Default [2021-03-29]
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Extension: (Slides) - C:\Users\acarl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-10-07]
CHR Extension: (Docs) - C:\Users\acarl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-10-07]
CHR Extension: (Google Drive) - C:\Users\acarl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-20]
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\acarl\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2021-03-27]
CHR Extension: (YouTube) - C:\Users\acarl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-10-07]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\acarl\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-28]
CHR Extension: (Sheets) - C:\Users\acarl\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-10-07]
CHR Extension: (Google Docs Offline) - C:\Users\acarl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-13]
CHR Extension: (Click&Clean) - C:\Users\acarl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2021-03-27]
CHR Extension: (Office) - C:\Users\acarl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndjpnladcallmjemlbaebfadecfhkepb [2021-03-27]
CHR Extension: (IDM Integration Module) - C:\Users\acarl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2021-03-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\acarl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-28]
CHR Extension: (Password Alert) - C:\Users\acarl\AppData\Local\Google\Chrome\User Data\Default\Extensions\noondiphcddnnabmjcihcjfbhfklnnep [2021-03-27]
CHR Extension: (Gmail) - C:\Users\acarl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\acarl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-03]
CHR Extension: (Privacy Badger) - C:\Users\acarl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2021-03-27]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2021-03-05]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2021-03-05]

Brave:
=======
BRA Profile: C:\Users\acarl\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-03-29]
BRA StartupUrls: Default -> "hxxp://google.com/"
BRA Extension: (Google Translate) - C:\Users\acarl\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-01-28]
BRA Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\acarl\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2021-03-15]
BRA Extension: (Adblock Plus - free ad blocker) - C:\Users\acarl\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-28]
BRA Extension: (Click&Clean) - C:\Users\acarl\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2021-03-24]
BRA Extension: (Save to Google Drive) - C:\Users\acarl\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2021-03-15]
BRA Extension: (Chrome Remote Desktop) - C:\Users\acarl\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2020-12-16]
BRA Extension: (Office) - C:\Users\acarl\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ndjpnladcallmjemlbaebfadecfhkepb [2021-02-11]
BRA Extension: (IDM Integration Module) - C:\Users\acarl\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2021-03-09]
BRA Extension: (Password Alert) - C:\Users\acarl\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\noondiphcddnnabmjcihcjfbhfklnnep [2020-12-16]
BRA Extension: (Privacy Badger) - C:\Users\acarl\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2021-02-05]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\acarl\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2021-01-28]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\acarl\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2021-03-29]
BRA Extension: (Brave NTP sponsored images) - C:\Users\acarl\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2021-03-29]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\acarl\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2020-12-16]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\acarl\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2021-03-24]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
S4 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE [106952 2015-12-18] (Andrea Electronics -> Andrea Electronics Corporation)
S4 Backupper Service; C:\Program Files (x86)\AOMEI\AOMEI Backupper 6.4.0\ABService.exe [995760 2021-01-27] (AOMEI International Network Limited -> AOMEI International Network Limited)
S4 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [163528 2020-12-16] (Brave Software, Inc. -> BraveSoftware Inc.)
S4 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [163528 2020-12-16] (Brave Software, Inc. -> BraveSoftware Inc.)
S4 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\89.0.4389.25\remoting_host.exe [72808 2021-01-27] (Google LLC -> Google LLC)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8990072 2021-03-11] (Microsoft Corporation -> Microsoft Corporation)
S4 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [8921936 2021-01-18] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
S4 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2020-12-22] (Malwarebytes Inc -> Malwarebytes)
S4 Remote Desktop Service; C:\Program Files\Remote Desktop\CloudRaService.exe [80200 2020-07-28] (Trichilia Consultants Limited -> CloudBerry Lab)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5352528 2021-03-28] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12727576 2021-02-17] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.4-0\NisSrv.exe [2483616 2021-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.4-0\MsMpEng.exe [128376 2021-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\WINDOWS\System32\ambakdrv.sys [51120 2016-12-21] (CHENGDU AOMEI Tech Co., Ltd. -> )
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [171952 2016-12-21] (CHENGDU AOMEI Tech Co., Ltd. -> )
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [31760 2021-01-30] (AOMEI International Network Limited -> )
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [28936 2020-11-13] (Glarysoft LTD -> Glarysoft Ltd)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220616 2021-03-27] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-03-27] (Malwarebytes Inc -> Malwarebytes)
R2 npf; C:\Windows\system32\drivers\npf.sys [36600 2020-05-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] (Empty Loop -> )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-03-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [420072 2021-03-15] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-15] (Microsoft Windows -> Microsoft Corporation)
S1 amsdk; \??\C:\Windows\system32\drivers\amsdk.sys [X]
U4 Partizan; system32\drivers\Partizan.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-29 09:29 - 2021-03-29 09:30 - 000000000 ____D C:\FRST
2021-03-29 09:28 - 2021-03-29 09:28 - 000000000 ____D C:\ProgramData\IDM
2021-03-29 09:21 - 2021-03-29 09:21 - 000000000 ____D C:\Users\acarl\AppData\Roaming\TeamViewer
2021-03-29 08:33 - 2021-03-29 08:33 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-03-29 07:32 - 2021-03-29 08:35 - 000017408 _____ C:\WINDOWS\system32\rpcnetp.exe
2021-03-29 07:32 - 2021-03-29 07:32 - 000000000 ____D C:\WINDOWS\Panther
2021-03-29 07:29 - 2021-03-29 07:29 - 000000000 ____D C:\Users\acarl\AppData\Local\PeerDistRepub
2021-03-29 01:00 - 2021-03-29 08:35 - 000078032 _____ (Absolute Software Corp.) C:\WINDOWS\SysWOW64\rpcnet.dll
2021-03-29 01:00 - 2021-03-29 08:27 - 000078032 ____N (Absolute Software Corp.) C:\WINDOWS\SysWOW64\rpcnet.exe
2021-03-29 00:59 - 2021-03-29 08:35 - 000017408 _____ C:\WINDOWS\SysWOW64\rpcnetp.exe
2021-03-29 00:59 - 2021-03-29 08:35 - 000017408 _____ C:\WINDOWS\SysWOW64\rpcnetp.dll
2021-03-28 23:11 - 2021-03-29 08:35 - 000029336 _____ C:\WINDOWS\system32\wpbbin.exe
2021-03-28 22:04 - 2021-03-28 22:04 - 000000000 ____D C:\Users\acarl\AppData\Local\VirtualStore
2021-03-28 21:17 - 2021-03-28 23:23 - 000000000 ___HD C:\ProgramData\Rpcnet
2021-03-28 21:03 - 2021-03-28 11:28 - 000039865 _____ C:\WINDOWS\system32\Drivers\etc\hosts.old
2021-03-28 19:22 - 2021-03-28 19:25 - 000013824 _____ (Kephyr) C:\WINDOWS\system32\ffnd.exe
2021-03-28 15:13 - 2021-03-28 15:13 - 000446656 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-03-28 11:26 - 2021-03-28 21:02 - 000000250 _____ C:\WINDOWS\SysWOW64\PARTIZAN.TXT
2021-03-28 11:04 - 2021-03-28 11:04 - 000000000 ____D C:\Users\acarl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2021-03-28 11:04 - 2021-03-28 11:04 - 000000000 ____D C:\Program Files\Unlocker
2021-03-28 10:54 - 2021-03-28 10:54 - 000000000 ____D C:\Users\acarl\AppData\Roaming\SUPERAntiSpyware.com
2021-03-28 10:54 - 2021-03-28 10:54 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2021-03-28 08:34 - 2021-03-28 21:54 - 000000000 ____D C:\Users\acarl\AppData\Local\FreeFixer
2021-03-28 02:21 - 2021-03-29 08:39 - 000840602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-03-28 02:21 - 2021-03-28 02:21 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-03-28 02:19 - 2021-03-29 08:35 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-03-28 02:19 - 2021-03-28 02:19 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2021-03-28 02:19 - 2021-03-28 02:19 - 000007623 _____ C:\WINDOWS\diagerr.xml
2021-03-28 02:19 - 2021-03-28 02:19 - 000003542 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-03-28 02:19 - 2021-03-28 02:19 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-03-28 02:19 - 2021-03-28 02:19 - 000003366 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineUA
2021-03-28 02:19 - 2021-03-28 02:19 - 000003346 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-03-28 02:19 - 2021-03-28 02:19 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-03-28 02:19 - 2021-03-28 02:19 - 000003160 _____ C:\WINDOWS\system32\Tasks\Soft Organizer Applications Updates Check
2021-03-28 02:19 - 2021-03-28 02:19 - 000003142 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineCore
2021-03-28 02:19 - 2021-03-28 02:19 - 000003122 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-03-28 02:19 - 2021-03-28 02:19 - 000003084 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-03-28 02:19 - 2021-03-28 02:19 - 000002916 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2189376719-764004472-2637532677-1004
2021-03-28 02:19 - 2021-03-28 02:19 - 000002332 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2021-03-28 02:19 - 2021-03-28 02:19 - 000002284 _____ C:\WINDOWS\system32\Tasks\GU5SkipUAC
2021-03-28 02:19 - 2021-03-28 02:19 - 000000020 ___SH C:\Users\acarl\ntuser.ini
2021-03-28 02:19 - 2021-03-28 02:19 - 000000000 ____D C:\WINDOWS\system32\Tasks\OfficeSoftwareProtectionPlatform
2021-03-28 02:19 - 2019-12-11 10:10 - 000003392 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1444037858-1041872407-1605326030-500
2021-03-28 02:19 - 2019-11-15 14:10 - 000003392 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3293937972-4137324416-1651119111-500
2021-03-28 02:16 - 2016-05-04 00:30 - 000081416 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2021-03-28 02:15 - 2021-03-29 08:35 - 000008192 ___SH C:\DumpStack.log.tmp
2021-03-28 02:15 - 2021-03-29 08:35 - 000001134 _____ C:\WINDOWS\system32\config\VSMIDK
2021-03-28 02:15 - 2021-03-29 08:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-03-28 02:08 - 2021-03-28 02:15 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-03-28 02:07 - 2021-03-29 08:23 - 000000000 ____D C:\Users\acarl
2021-03-28 02:07 - 2019-12-07 05:10 - 000001105 _____ C:\Users\acarl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-28 02:06 - 2021-03-28 02:07 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-03-28 02:01 - 2021-03-28 02:01 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2021-03-28 02:01 - 2021-03-28 02:01 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-03-28 02:01 - 2021-03-28 02:01 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-03-28 02:01 - 2021-03-28 02:01 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-03-28 02:01 - 2021-03-28 02:01 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2021-03-28 02:01 - 2021-03-28 02:01 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2021-03-28 02:01 - 2021-03-28 02:01 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2021-03-28 02:01 - 2021-03-28 02:01 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-03-28 02:01 - 2021-03-28 02:01 - 000671744 _____ C:\WINDOWS\system32\hgattest.dll
2021-03-28 02:01 - 2021-03-28 02:01 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-03-28 02:01 - 2021-03-28 02:01 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-03-28 02:01 - 2021-03-28 02:01 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-03-28 02:01 - 2021-03-28 02:01 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-03-28 02:01 - 2021-03-28 02:01 - 000480256 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-03-28 02:01 - 2021-03-28 02:01 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-03-28 02:01 - 2021-03-28 02:01 - 000374096 _____ C:\WINDOWS\system32\vp9fs.dll
2021-03-28 02:01 - 2021-03-28 02:01 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-03-28 02:01 - 2021-03-28 02:01 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2021-03-28 02:01 - 2021-03-28 02:01 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-03-28 02:01 - 2021-03-28 02:01 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2021-03-28 02:01 - 2021-03-28 02:01 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-03-28 02:01 - 2021-03-28 02:01 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-03-28 02:01 - 2021-03-28 02:01 - 000164144 _____ C:\WINDOWS\system32\cmdiag.exe
2021-03-28 02:01 - 2021-03-28 02:01 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-03-28 02:01 - 2021-03-28 02:01 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-03-28 02:01 - 2021-03-28 02:01 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-03-28 02:01 - 2021-03-28 02:01 - 000111616 _____ C:\WINDOWS\system32\RDVGHelper.exe
2021-03-28 02:01 - 2021-03-28 02:01 - 000103936 _____ C:\WINDOWS\system32\cmimageworker.exe
2021-03-28 02:01 - 2021-03-28 02:01 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-03-28 02:01 - 2021-03-28 02:01 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2021-03-28 02:01 - 2021-03-28 02:01 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-03-28 02:01 - 2021-03-28 02:01 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-03-28 02:01 - 2021-03-28 02:01 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-03-28 02:01 - 2021-03-28 02:01 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-03-28 02:01 - 2021-03-28 02:01 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-03-28 02:01 - 2021-03-28 02:01 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-03-28 02:01 - 2021-03-28 02:01 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2021-03-28 02:01 - 2021-03-28 02:01 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-03-28 02:01 - 2021-03-28 02:01 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll
2021-03-28 02:01 - 2021-03-28 02:01 - 000014848 _____ C:\WINDOWS\system32\hnsproxy.dll
2021-03-28 02:00 - 2021-03-28 02:00 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2021-03-28 02:00 - 2021-03-28 02:00 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-03-28 02:00 - 2021-03-28 02:00 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-03-28 02:00 - 2021-03-28 02:00 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-03-28 02:00 - 2021-03-28 02:00 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-03-28 02:00 - 2021-03-28 02:00 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-03-28 02:00 - 2021-03-28 02:00 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2021-03-28 02:00 - 2021-03-28 02:00 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-03-28 02:00 - 2021-03-28 02:00 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-03-28 02:00 - 2021-03-28 02:00 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2021-03-28 02:00 - 2021-03-28 02:00 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2021-03-28 02:00 - 2021-03-28 02:00 - 000972800 _____ C:\WINDOWS\system32\autochk.exe
2021-03-28 02:00 - 2021-03-28 02:00 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll
2021-03-28 02:00 - 2021-03-28 02:00 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-03-28 02:00 - 2021-03-28 02:00 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-03-28 02:00 - 2021-03-28 02:00 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-03-28 02:00 - 2021-03-28 02:00 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-03-28 02:00 - 2021-03-28 02:00 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-03-28 02:00 - 2021-03-28 02:00 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-03-28 02:00 - 2021-03-28 02:00 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-03-28 02:00 - 2021-03-28 02:00 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-03-28 02:00 - 2021-03-28 02:00 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2021-03-28 02:00 - 2021-03-28 02:00 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-03-28 02:00 - 2021-03-28 02:00 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2021-03-28 02:00 - 2021-03-28 02:00 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-03-28 02:00 - 2021-03-28 02:00 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-03-28 02:00 - 2021-03-28 02:00 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-03-28 02:00 - 2021-03-28 02:00 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2021-03-28 02:00 - 2021-03-28 02:00 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-03-28 02:00 - 2021-03-28 02:00 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-03-28 02:00 - 2021-03-28 02:00 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-03-28 02:00 - 2021-03-28 02:00 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\activeds.tlb
2021-03-28 02:00 - 2021-03-28 02:00 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\activeds.tlb
2021-03-28 02:00 - 2021-03-28 02:00 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2021-03-28 02:00 - 2021-03-28 02:00 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-03-28 02:00 - 2021-03-28 02:00 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-03-28 02:00 - 2021-03-28 02:00 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2021-03-28 02:00 - 2021-03-28 02:00 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2021-03-28 02:00 - 2021-03-28 02:00 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll
2021-03-28 02:00 - 2021-03-28 02:00 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2021-03-28 02:00 - 2021-03-28 02:00 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2021-03-28 02:00 - 2021-03-28 02:00 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll
2021-03-28 02:00 - 2021-03-28 02:00 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.drv
2021-03-28 02:00 - 2021-03-28 02:00 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2021-03-28 02:00 - 2021-03-28 02:00 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2021-03-28 01:59 - 2021-03-28 01:59 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2021-03-28 01:59 - 2021-03-28 01:59 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-03-28 01:59 - 2021-03-28 01:59 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-03-28 01:59 - 2021-03-28 01:59 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-03-28 01:59 - 2021-03-28 01:59 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-03-28 01:59 - 2021-03-28 01:59 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-03-28 01:59 - 2021-03-28 01:59 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll
2021-03-28 01:59 - 2021-03-28 01:59 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-03-28 01:59 - 2021-03-28 01:59 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2021-03-28 01:59 - 2021-03-28 01:59 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-03-28 01:59 - 2021-03-28 01:59 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-03-28 01:59 - 2021-03-28 01:59 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll
2021-03-28 01:59 - 2021-03-28 01:59 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.drv
2021-03-28 01:59 - 2021-03-28 01:59 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-03-28 01:53 - 2021-03-29 08:35 - 000000000 ____D C:\Program Files\Hyper-V
2021-03-28 01:53 - 2021-03-28 02:05 - 000000000 ___SD C:\WINDOWS\system32\containers
2021-03-28 01:53 - 2021-03-28 01:53 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2021-03-28 01:53 - 2021-03-28 01:53 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-03-28 01:53 - 2021-03-28 01:53 - 000000000 ____D C:\Program Files\MSBuild
2021-03-28 01:53 - 2021-03-28 01:53 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-03-28 01:53 - 2021-03-28 01:53 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-03-28 01:47 - 2021-03-28 01:47 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-03-28 01:14 - 2021-03-29 08:26 - 000000000 ___HD C:\$WinREAgent
2021-03-27 23:38 - 2021-03-29 07:31 - 000078848 _____ C:\WINDOWS\ZAM.krnl.trace
2021-03-27 23:38 - 2021-03-29 07:31 - 000000000 ____D C:\Users\acarl\AppData\Local\AMSDK
2021-03-27 20:00 - 2021-03-27 20:00 - 000220616 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-03-19 17:29 - 2021-03-29 08:02 - 000000000 ____D C:\Users\acarl\AppData\Local\D3DSCache
2021-03-17 01:25 - 2021-03-28 11:26 - 000000000 ____D C:\Users\acarl\AppData\Roaming\DMCache
2021-03-09 10:44 - 2021-03-28 15:01 - 000030460 _____ C:\Users\acarl\Downloads\PrivaZer.ini
2021-03-08 13:09 - 2021-03-28 02:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\soft Xpansion
2021-03-08 13:08 - 2021-03-08 13:08 - 000000000 ____D C:\ProgramData\soft Xpansion
2021-03-08 13:08 - 2021-03-08 13:08 - 000000000 ____D C:\Program Files (x86)\soft Xpansion
2021-03-05 13:36 - 2018-12-19 19:05 - 000229296 _____ (Tonec Inc.) C:\WINDOWS\system32\Drivers\idmwfp.sys
2021-03-03 18:17 - 2021-03-28 11:21 - 000000000 ____D C:\Users\acarl\OneDrive\Documents\RegRun2
2021-03-03 18:13 - 2021-03-03 18:13 - 000000000 ____D C:\ProgramData\SharewareOnSale Notifier

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-29 09:29 - 2020-10-17 19:52 - 000000000 ____D C:\Users\acarl\AppData\Roaming\IDM
2021-03-29 09:29 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2021-03-29 09:03 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-03-29 08:58 - 2020-10-07 10:27 - 000000000 ____D C:\Users\acarl\AppData\Local\Packages
2021-03-29 08:58 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-03-29 08:54 - 2020-10-15 08:24 - 000000000 ____D C:\Program Files (x86)\System Ninja
2021-03-29 08:35 - 2020-12-14 20:32 - 000000540 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2021-03-29 08:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-03-29 08:35 - 2019-12-07 05:03 - 000131072 _____ C:\WINDOWS\system32\config\BBI
2021-03-29 08:34 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\servicing
2021-03-29 08:34 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-03-29 08:23 - 2020-10-07 11:26 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-03-29 07:38 - 2020-10-07 11:52 - 000000000 ____D C:\Users\acarl\AppData\Roaming\vlc
2021-03-29 07:36 - 2020-11-13 09:52 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5
2021-03-29 07:35 - 2020-10-15 21:26 - 000000000 ____D C:\Users\acarl\AppData\Roaming\Everything
2021-03-29 07:32 - 2020-10-15 21:26 - 000000000 ____D C:\Users\acarl\AppData\Local\Everything
2021-03-28 22:04 - 2020-12-16 19:07 - 000000000 ____D C:\Program Files (x86)\BraveSoftware
2021-03-28 22:04 - 2020-10-07 19:47 - 000000000 ____D C:\Program Files (x86)\Google
2021-03-28 21:54 - 2021-02-17 19:25 - 000000000 ____D C:\Users\acarl\AppData\Roaming\Adobe
2021-03-28 21:54 - 2021-02-17 19:25 - 000000000 ____D C:\Users\acarl\AppData\LocalLow\Adobe
2021-03-28 21:54 - 2021-02-17 18:34 - 000000000 ____D C:\Users\acarl\AppData\Local\Adobe
2021-03-28 21:54 - 2021-02-17 11:09 - 000000000 ____D C:\ProgramData\Packages
2021-03-28 21:54 - 2020-12-16 19:07 - 000000000 ____D C:\Users\acarl\AppData\Local\BraveSoftware
2021-03-28 21:54 - 2020-10-26 20:13 - 000000000 ____D C:\ProgramData\RogueKiller
2021-03-28 21:54 - 2020-10-07 19:47 - 000000000 ____D C:\Users\acarl\AppData\Local\Google
2021-03-28 21:42 - 2020-10-10 14:13 - 000036200 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2021-03-28 21:13 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-03-28 12:43 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-03-28 11:01 - 2020-10-10 16:11 - 000000000 ____D C:\Program Files\UVK - Ultra Virus Killer
2021-03-28 10:56 - 2020-10-10 16:11 - 000000000 ____D C:\ProgramData\UVK
2021-03-28 08:39 - 2020-10-07 19:07 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-03-28 08:16 - 2020-10-11 11:42 - 000000000 ____D C:\Users\acarl\.dbus-keyrings
2021-03-28 07:38 - 2020-10-07 10:27 - 000000000 __SHD C:\Users\acarl\IntelGraphicsProfiles
2021-03-28 07:19 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-03-28 07:19 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\appcompat
2021-03-28 05:07 - 2020-10-11 14:48 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2021-03-28 02:20 - 2020-12-16 19:08 - 000002371 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2021-03-28 02:20 - 2020-12-16 19:08 - 000002330 _____ C:\ProgramData\Desktop\Brave.lnk
2021-03-28 02:20 - 2020-10-07 19:47 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-03-28 02:20 - 2020-10-07 19:47 - 000002213 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-03-28 02:20 - 2020-10-07 10:33 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-03-28 02:20 - 2020-10-07 10:33 - 000002283 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-03-28 02:20 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-03-28 02:19 - 2020-10-11 21:42 - 000000854 __RSH C:\ProgramData\ntuser.pol
2021-03-28 02:19 - 2020-10-07 10:27 - 000000000 ___RD C:\Users\acarl\3D Objects
2021-03-28 02:19 - 2020-10-07 10:21 - 000000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2021-03-28 02:19 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-03-28 02:19 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-03-28 02:19 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-03-28 02:19 - 2019-12-07 05:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-03-28 02:18 - 2019-12-07 05:14 - 000000000 __RSD C:\WINDOWS\Media
2021-03-28 02:16 - 2020-02-07 17:52 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2021-03-28 02:16 - 2019-12-07 05:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-03-28 02:15 - 2021-02-25 17:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClipGrab
2021-03-28 02:15 - 2021-02-07 11:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Text Edit Plus
2021-03-28 02:15 - 2021-02-05 19:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-03-28 02:15 - 2021-01-31 20:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2021-03-28 02:15 - 2021-01-30 22:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper
2021-03-28 02:15 - 2021-01-18 00:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lazesoft Recovery Suite
2021-03-28 02:15 - 2021-01-16 20:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2021-03-28 02:15 - 2021-01-15 09:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoProc
2021-03-28 02:15 - 2021-01-11 01:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hasleo WinToHDD
2021-03-28 02:15 - 2021-01-07 17:27 - 000000000 ___RD C:\Users\acarl\OneDrive
2021-03-28 02:15 - 2020-11-23 11:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX330 series Manual
2021-03-28 02:15 - 2020-11-13 09:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2021-03-28 02:15 - 2020-11-03 09:33 - 000000000 ____D C:\ProgramData\regid.2009-04.com.smartpcutilities
2021-03-28 02:15 - 2020-10-28 18:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote Desktop
2021-03-28 02:15 - 2020-10-28 13:50 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2021-03-28 02:15 - 2020-10-20 15:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disk Savvy
2021-03-28 02:15 - 2020-10-17 19:52 - 000000000 ____D C:\Users\acarl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2021-03-28 02:15 - 2020-10-17 19:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2021-03-28 02:15 - 2020-10-15 08:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Ninja
2021-03-28 02:15 - 2020-10-10 16:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UVK - Ultra Virus Killer
2021-03-28 02:15 - 2020-10-09 09:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Compressor
2021-03-28 02:15 - 2020-10-08 12:00 - 000000000 ____D C:\Users\acarl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-03-28 02:15 - 2020-10-08 12:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-03-28 02:15 - 2020-10-08 11:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
2021-03-28 02:15 - 2020-10-08 11:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2021-03-28 02:15 - 2020-10-07 19:48 - 000000000 ____D C:\Users\acarl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2021-03-28 02:15 - 2020-10-07 19:24 - 000000000 ____D C:\Program Files\UNP
2021-03-28 02:15 - 2019-12-07 05:18 - 000000000 ____D C:\WINDOWS\Setup
2021-03-28 02:15 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2021-03-28 02:15 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-03-28 02:15 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\spool
2021-03-28 02:15 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-03-28 02:15 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-03-28 02:15 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-03-28 02:15 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-03-28 02:15 - 2019-11-15 13:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2021-03-28 02:15 - 2019-11-15 13:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2021-03-28 02:15 - 2019-03-19 00:52 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-03-28 02:15 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-03-28 02:08 - 2021-01-19 03:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2021-03-28 02:08 - 2020-11-03 09:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart PC Utilities
2021-03-28 02:08 - 2020-02-07 17:52 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2021-03-28 02:08 - 2020-02-07 17:52 - 000000000 ____D C:\Program Files\Realtek
2021-03-28 02:08 - 2020-02-07 17:52 - 000000000 ____D C:\Program Files\Intel
2021-03-28 02:08 - 2020-02-07 17:50 - 000000000 ____D C:\Program Files\Synaptics
2021-03-28 02:05 - 2019-12-07 05:54 - 000000000 ___SD C:\WINDOWS\system32\AppV
2021-03-28 02:05 - 2019-12-07 05:54 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-03-28 02:05 - 2019-12-07 05:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-03-28 02:05 - 2019-12-07 05:54 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-03-28 02:05 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-03-28 02:05 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-03-28 02:05 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-03-28 02:05 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-03-28 02:05 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-03-28 02:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-03-28 02:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-03-28 02:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-03-28 02:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-03-28 02:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2021-03-28 02:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-03-28 02:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-03-28 02:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-03-28 02:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-03-28 02:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-03-28 02:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-03-28 02:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-03-28 02:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-03-28 02:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-03-28 02:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2021-03-28 02:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-03-28 02:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-03-28 02:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-03-28 02:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-03-28 02:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-03-28 02:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-03-28 02:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-03-28 02:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-03-28 02:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-03-28 02:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-03-28 02:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-03-28 02:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-03-28 02:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-03-28 02:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\IME
2021-03-28 02:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-03-28 02:05 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-03-28 02:05 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-03-28 02:04 - 2019-12-07 05:54 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-03-28 02:04 - 2019-12-07 05:54 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2021-03-28 01:53 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\schemas
2021-03-28 00:10 - 2020-10-17 19:52 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
2021-03-27 21:48 - 2021-02-25 09:27 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-03-26 19:53 - 2020-10-17 19:52 - 000000000 ____D C:\Users\acarl\Downloads\Compressed
2021-03-24 21:27 - 2021-02-05 19:25 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-03-19 17:32 - 2020-10-25 00:14 - 000007604 _____ C:\Users\acarl\AppData\Local\Resmon.ResmonCfg
2021-03-16 23:42 - 2021-02-17 19:24 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-03-15 17:27 - 2019-11-15 12:47 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-03-09 22:10 - 2020-10-17 19:52 - 000000000 ____D C:\Users\acarl\Downloads\Video
2021-03-09 21:26 - 2021-02-23 10:54 - 000000000 ____D C:\ProgramData\Package Cache
2021-03-09 21:26 - 2020-10-26 21:09 - 000000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2021-03-09 21:20 - 2020-10-07 11:24 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-03-09 21:18 - 2020-10-07 11:24 - 131005360 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-03-08 06:29 - 2020-11-25 23:11 - 000000916 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Angry IP Scanner.lnk
2021-03-08 06:29 - 2020-11-25 23:11 - 000000000 ____D C:\Program Files\Angry IP Scanner
2021-03-08 06:28 - 2020-10-08 12:13 - 000000000 ____D C:\Users\acarl\AppData\Local\Patch_My_PC,_LLC
2021-03-04 12:37 - 2020-10-08 11:57 - 000000000 ____D C:\Program Files (x86)\TeamViewer

==================== Files in the root of some directories ========

2021-02-02 14:39 - 2021-02-02 10:18 - 000000716 ____H () C:\Users\acarl\AppData\Roaming\{EF25E052-A4DC-247E-C1A5-AEDE2202C325}
2020-10-25 00:14 - 2021-03-19 17:32 - 000007604 _____ () C:\Users\acarl\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-03-2021
Ran by acarl (29-03-2021 09:32:34)
Running from C:\Users\acarl\OneDrive\Desktop
Windows 10 Pro Version 20H2 19042.870 (X64) (2021-03-28 06:19:33)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

acarl (S-1-5-21-2189376719-764004472-2637532677-1004 - Administrator - Enabled) => C:\Users\acarl
Administrator (S-1-5-21-2189376719-764004472-2637532677-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2189376719-764004472-2637532677-503 - Limited - Disabled)
Guest (S-1-5-21-2189376719-764004472-2637532677-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2189376719-764004472-2637532677-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.001.20145 - Adobe Systems Incorporated)
Angry IP Scanner (HKLM-x32\...\Angry IP Scanner) (Version: 3.7.6 - Angry IP Scanner)
AOMEI Backupper (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version: - AOMEI International Network Limited.)
AppNHost 1.0.5.1 (HKLM-x32\...\{A8CB86C7-CD4C-4C4F-AF6A-33D1CAC63562}) (Version: 1.0.5.1 - Mixesoft Project)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 89.1.22.70 - Brave Software Inc)
Chrome Remote Desktop Host (HKLM-x32\...\{2E2C5B04-0539-43B0-BC16-EF1B7DFF03A5}) (Version: 89.0.4389.25 - Google LLC)
ClipGrab version 3.9.6 (HKLM-x32\...\{73924FFF-7A47-424D-BA45-659BB5CC194A}_is1) (Version: 3.9.6 - The ClipGrab Project)
Disk Savvy 13.1.16 (HKLM-x32\...\Disk Savvy) (Version: 13.1.16 - Flexense Computing Systems Ltd.)
Free Video Compressor (HKLM-x32\...\{01554C33-4131-4BC7-9E6D-AF85E02BDF4F}_is1) (Version: - freevideocompressor.com)
Glary Utilities 5.156 (HKLM-x32\...\Glary Utilities 5) (Version: 5.156.0.182 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.90 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 - Google LLC) Hidden
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: 6.38.18 - Tonec Inc.)
Java 8 Update 281 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180281F0}) (Version: 8.0.2810.9 - Oracle Corporation)
Lazesoft Recovery Suite version 4.3 Home Edition (HKLM-x32\...\LS-32CB12D5-CC47-4BC8-BC97-0613CDCB0406_is1) (Version: 4.3 - Lazesoft)
Macrium Reflect Free Edition (HKLM\...\{7CE93D58-2562-445B-8E96-DB2B4B13327D}) (Version: 7.3.5550 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 7.3 - Paramount Software (UK) Ltd.)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.63 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.13801.20360 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2189376719-764004472-2637532677-1004\...\OneDriveSetup.exe) (Version: 21.002.0104.0005 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27033 (HKLM-x32\...\{624ba875-fdfc-4efa-9c66-b170dfebc3ec}) (Version: 14.16.27033.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13801.20274 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20274 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20360 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13801.20274 - Microsoft Corporation) Hidden
PC Services Optimizer (HKLM\...\{1E536781-CAA3-45F1-A6CC-8E71AB74871D}) (Version: 4.0.1047 - Smart PC Utilities)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7695 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Remote Desktop 2.4 (HKLM\...\{42DB2568-ABAC-497A-8F47-05F9E3A7BA18}) (Version: 2.4 - MSP360)
Revo Uninstaller 2.2.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.2.2 - VS Revo Group, Ltd.)
Revo Uninstaller Pro 3.2.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.2.1 - VS Revo Group, Ltd.)
SharewareOnSale Notifier (HKU\S-1-5-21-2189376719-764004472-2637532677-1004\...\SharewareOnSale Notifier) (Version: 20 - SharewareOnSale)
soft Xpansion Perfect PDF 9 Editor (HKLM-x32\...\{287693CB-6770-4CAD-9436-55C02CFBF4C9}) (Version: 9.0.1.3 - soft Xpansion)
System Ninja version 3.2.8 (HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 3.2.8 - SingularLabs)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.15.5 - TeamViewer)
Text Edit Plus (HKLM-x32\...\Text Edit Plus_is1) (Version: 8.2.0.0 - VOVSOFT)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
UVK - Ultra Virus Killer (HKLM\...\UVK - Ultra virus killer) (Version: 10.17.3.0 - Carifred)
VideoProc (HKLM-x32\...\VideoProc) (Version: 4.1 - Digiarty, Inc.)
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version: - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.12 - VideoLAN)
WinDirStat 1.1.2 (HKU\S-1-5-21-2189376719-764004472-2637532677-1004\...\WinDirStat) (Version: - )
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
WinToHDD version 4.8 (HKLM\...\WinToHDD_is1) (Version: 4.8 - Hasleo Software.)

Packages:
=========
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-02-17] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2189376719-764004472-2637532677-1004_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2189376719-764004472-2637532677-1004_Classes\CLSID\{EF706AB3-1E0E-4C5B-A40F-023F0FA36E12}\localserver32 -> C:\Windows\System32\RunDll32.exe "E:\Program Files\Soft Organizer\Notifications.dll",Activate -ToastActivated => No File
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2021-03-02] (Tonec Inc. -> Tonec FZE)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2020-11-06] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2019-09-20] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers1: [SX_PDF9_EDITOR] -> {236D7124-8C0B-45B3-AA81-143AF254799D} => C:\Program Files (x86)\soft Xpansion\Perfect PDF 9 Editor\weagent64.dll [2021-03-08] (soft Xpansion GmbH & Co.KG -> soft Xpansion)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2020-11-06] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2019-09-20] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-11-18] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2020-08-03] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-04] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2020-11-06] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-11-18] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2020-08-03] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group -> VS Revo Group)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\acarl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Cog - System Info Viewer.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=difcjdggkffcfgcfconafogflmmaadco

==================== Loaded Modules (Whitelisted) =============

2021-01-31 20:32 - 2019-02-21 12:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2020-12-12] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2020-12-12] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\ssv.dll [2021-01-22] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\jp2ssv.dll [2021-01-22] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 00:49 - 2021-03-28 21:03 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

2020-12-14 20:32 - 2021-03-29 08:35 - 000000540 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
172.30.80.1 DESKTOP-SD8J0JK.mshome.net # 2026 3 6 28 12 35 52 105
8 20 47 7 813
192.168.85.209 DESKTOP-SD8J0JK.mshome.net # 2026 3 6 7 17 10 21 977
726

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\AOMEI\AOMEI Backupper 6.4.0
HKU\S-1-5-21-2189376719-764004472-2637532677-1004\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: Backupper Service => 3
MSCONFIG\Services: brave => 2
MSCONFIG\Services: bravem => 3
MSCONFIG\Services: chromoting => 3
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 3
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HitmanProScheduler => 2
MSCONFIG\Services: igfxCUIService1.0.0.0 => 2
MSCONFIG\Services: MacriumService => 2
MSCONFIG\Services: Remote Desktop Service => 3
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: TeamViewer => 3
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "RtHDVBg"
HKLM\...\StartupApproved\Run: => "Unattend0000000001{CE58C3D5-9684-4456-BEEC-DD2CD1B5D3A2}"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "Reflect UI"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Unattend0000000001{CE58C3D5-9684-4456-BEEC-DD2CD1B5D3A2}"
HKU\S-1-5-21-2189376719-764004472-2637532677-1004\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-2189376719-764004472-2637532677-1004\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2189376719-764004472-2637532677-1004\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-2189376719-764004472-2637532677-1004\...\StartupApproved\Run: => "SharewareOnSale Notifier"
HKU\S-1-5-21-2189376719-764004472-2637532677-1004\...\StartupApproved\Run: => "GUDelayStartup"
HKU\S-1-5-21-2189376719-764004472-2637532677-1004\...\StartupApproved\Run: => "appnhost"
HKU\S-1-5-21-2189376719-764004472-2637532677-1004\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-2189376719-764004472-2637532677-1004\...\StartupApproved\Run: => "SUPERAntiSpyware"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{467FF357-17C3-4962-AEF9-C75F034C882F}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{ABF2D351-7CEA-4992-AE64-6F6FEF572940}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{46051231-E1EC-447A-A101-A266AE4B7BA8}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\89.0.4389.25\remoting_host.exe (Google LLC -> Google LLC)
FirewallRules: [{3C2B9803-290C-473F-A562-560A5C3818DE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{BC6FB6F3-9081-4BE5-9F86-F0FD006CACD3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{86F1441F-7122-4ADD-BF83-C447A30AB09C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{473B7BA8-7FB3-4D9B-BA09-399916331DF0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{6911D6B4-FA7A-4262-9D3C-DD8A79DC0B61}] => (Allow) LPort=8501
FirewallRules: [{3A17BDD2-2DBA-452F-A997-3A14B11173CA}] => (Allow) LPort=8501
FirewallRules: [UDP Query User{022A1DAE-B4A3-43EA-A55F-0E0CBCD514B6}C:\users\acarl\onedrive\desktop\opera\74.0.3911.107\opera.exe] => (Allow) C:\users\acarl\onedrive\desktop\opera\74.0.3911.107\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query User{59CD3401-7761-432C-B4AA-97C9FCDBFBBB}C:\users\acarl\onedrive\desktop\opera\74.0.3911.107\opera.exe] => (Allow) C:\users\acarl\onedrive\desktop\opera\74.0.3911.107\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{7C30AB2E-0190-4175-8B55-B5E5E3D55689}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1D352DF4-8372-470C-A73E-99F4A895E16C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3E541B68-47AF-4FC9-8F5F-F84CAEF666C6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4B854519-36F4-4234-B699-3CAAA28A3F55}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B8FF712C-D7B4-47C0-BF21-345547A9996E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{849C7540-9C66-41D8-93B6-71DF387A5662}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper 6.4.0\ABService.exe (AOMEI International Network Limited -> AOMEI International Network Limited)
FirewallRules: [{CA25E067-771C-4456-A331-59368CDAEF65}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper 6.4.0\ABService.exe (AOMEI International Network Limited -> AOMEI International Network Limited)
FirewallRules: [UDP Query User{5221A1D0-8082-4870-B0C1-E669A8C02A2D}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{95D82295-0F00-4DC0-87FF-470885033CFC}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{C8AFE81B-2FAC-4B19-A9B0-9662CD0D4CC6}] => (Allow) C:\Program Files\Remote Desktop\Remote Desktop.exe (Trichilia Consultants Limited -> CloudBerry Lab)
FirewallRules: [{0842EB69-D0E4-4639-82E5-09260B1353A3}] => (Allow) C:\Program Files\UVK - Ultra Virus Killer\UVK_en64.exe (Da Silva Alfrédo -> Carifred.com)
FirewallRules: [{FE1A15F1-EAB0-4926-85C1-7467096FC6D0}] => (Allow) C:\Program Files\UVK - Ultra Virus Killer\UVK_en64.exe (Da Silva Alfrédo -> Carifred.com)
FirewallRules: [{9F0FBCB1-1F2E-45F1-AAE4-8B670C3C4A21}] => (Allow) C:\Program Files\UVK - Ultra Virus Killer\UVK_en64.exe (Da Silva Alfrédo -> Carifred.com)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:475.86 GB) (Free:417.07 GB) (88%)

==================== Faulty Device Manager Devices ============

Name: SASKUTIL
Description: SASKUTIL
Class Guid: {8ecc055d-047f-11d1-a537-0000f8753ed1}
Manufacturer:
Service: SASKUTIL
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: SASDIFSV
Description: SASDIFSV
Class Guid: {8ecc055d-047f-11d1-a537-0000f8753ed1}
Manufacturer:
Service: SASDIFSV
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: ========================

Application errors:
==================
Error: (03/29/2021 08:58:06 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 13) (User: DESKTOP-SD8J0JK)
Description: C:\Users\acarl\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempStateMicrosoft.Windows.ShellExperienceHost_cw5n1h2txyewy-2147024894

Error: (03/29/2021 08:26:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 10.0.19041.546, time stamp: 0x3ec3a21d
Faulting module name: rpcnetp.dll, version: 0.0.0.0, time stamp: 0x4fc64fc6
Exception code: 0xc0000005
Fault offset: 0x000037fc
Faulting process id: 0x14d8
Faulting application start time: 0x01d7249693fa7807
Faulting application path: C:\WINDOWS\SysWOW64\svchost.exe
Faulting module path: C:\WINDOWS\System32\rpcnetp.dll
Report Id: 229ecd7d-1c41-43d8-9954-817516bb144b
Faulting package full name:
Faulting package-relative application ID:

Error: (03/29/2021 08:26:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 10.0.19041.546, time stamp: 0x3ec3a21d
Faulting module name: wceprv.dll, version: 1.3.0.22, time stamp: 0x53558c6e
Exception code: 0xc00001a5
Fault offset: 0x000031ac
Faulting process id: 0x14d8
Faulting application start time: 0x01d7249693fa7807
Faulting application path: C:\WINDOWS\SysWOW64\svchost.exe
Faulting module path: C:\WINDOWS\System32\wceprv.dll
Report Id: e0791551-586f-4c94-bf09-cd7429f85bb9
Faulting package full name:
Faulting package-relative application ID:

System errors:
=============
Error: (03/29/2021 08:35:41 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (03/29/2021 08:24:17 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (03/29/2021 08:00:49 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (03/29/2021 08:00:48 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:41:40 AM on ‎3/‎29/‎2021 was unexpected.

Windows Defender:
================
Date: 2021-03-28 11:04:41
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Adware:Win32/Babylon threat description - Microsoft Security Intelligence
Name: Adware:Win32/Babylon
Severity: Not Yet Classified
Category: Unknown
Path: containerfile:_C:\Users\acarl\Downloads\Programs\Unlocker1.9.2.exe; file:_C:\Users\acarl\Downloads\Programs\Unlocker1.9.2.exe->(nsis-3-DeltaTB.exe)
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.333.1465.0, AS: 1.333.1465.0, NIS: 1.333.1465.0
Engine Version: AM: 1.1.17900.7, NIS: 1.1.17900.7

Date: 2021-03-28 11:07:51
Description:
Microsoft Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software.
For more information please see the following:
Adware:Win32/Babylon threat description - Microsoft Security Intelligence
Name: Adware:Win32/Babylon
Severity: Not Yet Classified
Category: Unknown
Path: containerfile:_C:\Users\acarl\Downloads\Programs\Unlocker1.9.2.exe; file:_C:\Users\acarl\Downloads\Programs\Unlocker1.9.2.exe->(nsis-3-DeltaTB.exe)
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Action: Clean
Action Status: No additional actions required
Error Code: 0x8007065e
Error description: Data of this type is not supported.
Security intelligence Version: AV: 1.333.1465.0, AS: 1.333.1465.0, NIS: 1.333.1465.0
Engine Version: AM: 1.1.17900.7, NIS: 1.1.17900.7

Date: 2021-03-28 08:39:49
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2021-03-28 08:18:47
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.333.1461.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17900.7
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode

Date: 2021-03-28 08:08:45
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

==================== Memory info ===========================

BIOS: Hewlett-Packard K01 v02.90 07/16/2013
Motherboard: Hewlett-Packard 339A
Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 44%
Total physical RAM: 8065.57 MB
Available physical RAM: 4473.21 MB
Total Virtual: 16257.57 MB
Available Virtual: 12596.62 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:475.86 GB) (Free:417.07 GB) NTFS

\\?\Volume{550a4e5b-0000-0000-0000-100000000000}\ (System) (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS
\\?\Volume{629458e4-0000-0000-0000-010000000000}\ (PortableBaseLayer) (Fixed) (Total:8 GB) (Free:7.51 GB) NTFS
\\?\Volume{550a4e5b-0000-0000-0050-310d77000000}\ (Recovery image) (Fixed) (Total:0.73 GB) (Free:0.31 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 476.9 GB) (Disk ID: 550A4E5B)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=475.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=750 MB) - (Type=27)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 8 GB) (Disk ID: 629458E4)
Partition 1: (Not Active) - (Size=8 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

carl a · Mar 31, 2021

This thread can be label solved thanks for receiving my inquiry on this problem however is has been handled. I called Absolute Software corp about the computrace that was on my computer and why it was so very hard to remove it.? This software was embedded in my bios as a tracking device (lojack )unbeknownst to me. This tracking device is very, very, very difficult to remove. I ran about 7 antivirus software and malware detection scans to no avail it runs under their detection only Hitman Pro recognized its existence but could not remove it because upon deleting the file it recreate itself every time.You can delete it in the registry it recreate itself , go to services and turn it off will not stop it,go to these locations c\windows system32\ folder (rpcnet.exe) delete it no good, go to c\windows \sysWOW64 delete rpcnet and rpcnept both exe. and dll in each and the you still cannot stop it from running on your computer., only Absolute Software Corp release their product from taking over my computer. I called the Canada and America division at 1-877-337-0337 and the rep called a tech and set my computer free. I brought this computer resale from amazon about 6 months ago and this tracker lojack computrace was already embedded on it without my knowledge. So if you see rpcnet or rpcnept in your task manager running you could be track and hack.Thanks forum for taking your time to assist me.

icotonev · Apr 1, 2021

Hi ,carl a ..!

Thanks for letting us know ..!

Yes it is..! Absolute® Software specializes in software and services for the management and security of computers and smartphones. ... The Computrace® Agent by Absolute Software is a small software client that is embedded into the firmware of a computer at the factory.

Uninstalling the Agent

So it happened with you ..!

The following will remove the tools we used as well as reset system restore points:

KpRm

Download KpRm by kernel-panik and save it to your desktop.

Right-click kprm_(version).exe and select Run as Administrator.
When the tool opens, ensure all boxes are checked, and select Run.
Once complete, click OK.
A log will open in Notepad titled kprm-(date).txt.
Please copy and paste its contents in your next reply.

Thank you..!

carl a · Apr 1, 2021

Thanks for your swift reply I like the new removal software tool you just introducd me to ( KpRm) I rememberd using defix from the forum to removal the techs software left over but this new one is just as cool, here is the log report.
# Run at 4/1/2021 10:33:12 AM
# KpRm (Kernel-panik) version 2.9
# Website KpRm | Suppression des outils de désinfection
# Run by acarl from C:\Users\acarl\Downloads\Programs
# Computer Name: DESKTOP-SD8J0JK
# OS: Windows 10 X64 (19042)
# Number of passes: 1

- Checked options -

~ Registry Backup
~ Delete Tools
~ Restore System Settings
~ UAC Restore
~ Delete Restore Points
~ Create Restore Point
~ Delete Quarantines after 7 days

- Create Registry Backup -

~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up
~ [OK] Hive C:\Users\acarl\NTUSER.dat backed up

[OK] Registry Backup: C:\KPRM\backup\2021-04-01-10-33-12

- Delete Tools -

## AdwCleaner
[OK] C:\Users\acarl\Downloads\Downloads\Malware Removal\AdwCleaner.exe deleted

## Autoruns
[OK] C:\Users\acarl\Downloads\Downloads\Autoruns deleted
[OK] C:\Users\acarl\Downloads\Compressed\Autoruns.exe deleted
[OK] C:\Users\acarl\Downloads\Compressed\Autoruns64.exe deleted
[OK] C:\Users\acarl\Downloads\Compressed\autorunsc.exe deleted
[OK] C:\Users\acarl\Downloads\Compressed\autorunsc64.exe deleted

## ESET Online Scanner
[OK] C:\Users\acarl\OneDrive\Desktop\ESET Online Scanner.lnk deleted
[OK] C:\Users\acarl\Downloads\Programs\esetonlinescanner.exe deleted

## Kaspersky Virus Removal Tool
[OK] C:\Users\acarl\Downloads\Downloads\Malware Removal\KVRT.exe deleted

## NetAdapter Repair All In One
[OK] C:\Users\acarl\Downloads\Downloads\NetRepairAIO\netadapter-log-2020-10-25-2-45-15.txt deleted
[OK] C:\Users\acarl\Downloads\Downloads\NetRepairAIO\NetAdapterRepair1.2.exe deleted

## RogueKiller
[OK] C:\Users\acarl\Downloads\Downloads\Malware Removal\RogueKiller_portable64.exe deleted

## TDSSKiller
[OK] C:\Users\acarl\Downloads\Downloads\Malware Removal\TDSSKILLER deleted

- Other Lines -

## Quarantines that will be deleted in 7 days (2021/04/08)
~ C:\Users\acarl\AppData\Local\ESET\ESETOnlineScanner (ESET Online Scanner)
~ C:\ProgramData\RogueKiller\quarantine\6285B975A97F97B4.reg (RogueKiller)
~ C:\ProgramData\RogueKiller\quarantine\6285B975A97F97B4.meta (RogueKiller)

- Restore System Settings -

[OK] Reset WinSock
[OK] FLUSHDNS
[OK] Hide Hidden file.
[OK] Show Extensions for known file types
[OK] Hide protected operating system files

- Restore UAC -

[OK] Set EnableLUA with default (1) value
[OK] Set ConsentPromptBehaviorAdmin with default (5) value
[OK] Set ConsentPromptBehaviorUser with default (3) value
[OK] Set EnableInstallerDetection with default (0) value
[OK] Set EnableSecureUIAPaths with default (1) value
[OK] Set EnableUIADesktopToggle with default (0) value
[OK] Set EnableVirtualization with default (1) value
[OK] Set FilterAdministratorToken with default (0) value
[OK] Set PromptOnSecureDesktop with default (1) value
[OK] Set ValidateAdminCodeSignatures with default (0) value

- Clear Restore Points -

No system recovery points were found

- Create Restore Point -

[OK] System Restore Point created

- Display System Restore Point -

~ RP named KpRm created at 04/01/2021 14:33:22

-- KPRM finished in 21.45s --

icotonev · Apr 1, 2021

carl a said:
Thanks for your swift reply I like the new removal software tool you just introducd me to ( KpRm) I rememberd using defix from the forum to removal the techs software left over but this new one is just as cool, here is the log report.

I am glad..! Here you learned something from me ..!

I hope that everything is fine with you now..?

Thank you..!

icotonev · Apr 1, 2021

By the way, I don't see the Farbar Recovery Scan Tool removed in the log. You may have forgotten to tag here:

carl a · Apr 1, 2021

When I got the notice from absolute corp that they release their device and I saw that it was gone from my computer from experience with the sysnative techs using delfix as a removal tool I use that to removal all the analysis downloads tools from the forum before your return reply and I apologize for that and that is why you don't see the farbar recovery tool and log.please forgive me.

icotonev · Apr 1, 2021

Understood..! Thank you one more time..!

How to gei rid of rpcnet computrace on my pc desktop

carl a

Contributor

icotonev

Security Analyst

carl a

Contributor

carl a

Contributor

icotonev

Security Analyst

carl a

Contributor

icotonev

Security Analyst

icotonev

Security Analyst

carl a

Contributor

icotonev

Security Analyst