Unable to remove proxy server 127.0.0.1:86. – Virus, Trojan, Spyware, and Malware Removal Help – BleepingComputer

meta image ProxyEgg Unable to remove proxy server 127.0.0.1:86. - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer

Hi there, I hope I can get some help on this issue as I have tried everything I can . I am stuck with this proxy server http://127.0.0.1:86/ which I cannot remove. I have tried in regedit to delete the registry but it only works temporary and the virus comes back after a restart. I am using Windows 10 as my operating system. Hope I could get guidance to resolve this issue permanently if could. Thank you so much!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2021 01
Ran by Kevin (administrator) on DESKTOP-SPHVV7A (Gigabyte Technology Co., Ltd. B250M-D2V) (31-05-2021 21:05:29)
Running from C:\Users\Kevin\Desktop\FRST
Loaded Profiles: Kevin
Platform: Windows 10 Pro Version 21H1 19043.1023 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(@ByELDI -> @ByELDI) [File not signed] C:\Program Files\KMSpico\Service_KMS.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Epic Games Inc. -> Epic Games, Inc.) D:\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <3>
(Epic Games Inc. -> Epic Games, Inc.) D:\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Flexera Software LLC -> InstallShield Software Corporation) [File not signed] C:\Program Files (x86)\Common Files\installshield\engine\8\intel 32\iKernel.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <16>
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_1420fe36a55d3a80\RstMwService.exe
(Kilonova LLC -> Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe
(MetaQuotes Ltd. -> MetaQuotes Ltd.) C:\Program Files\Dollars Markets MT5\terminal64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Kevin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowsstore_12104.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\pacjsworker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\NisSrv.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7d91b2ed40558a26\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Skutta, Kristjan -> ) D:\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe
(Valve -> Valve Corporation) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <8>
(Valve -> Valve Corporation) D:\Steam\steam.exe
(北京微吼时代科技有限公司 -> ) D:\VhallLive2.0\VhallService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\…\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [856288 2019-10-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\…\Run: [VhallService] => D:\VhallLive2.0\VhallService.exe [453496 2021-04-19] (北京微吼时代科技有限公司 -> )
HKLM-x32\…\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226728 2019-07-21] (Kilonova LLC -> )
HKU\S-1-5-21-2342360385-1493117034-333485134-1001\…\Run: [Steam] => D:\Steam\steam.exe [4087528 2021-05-19] (Valve -> Valve Corporation)
HKU\S-1-5-21-2342360385-1493117034-333485134-1001\…\Run: [WallpaperEngine] => D:\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe [2769000 2021-05-29] (Skutta, Kristjan -> )
HKU\S-1-5-21-2342360385-1493117034-333485134-1001\…\Run: [EpicGamesLauncher] => D:\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [33223648 2021-05-29] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-2342360385-1493117034-333485134-1001\…\Run: [ctfmon] => C:\Windows\system32\ctfmon.exe [11264 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\91.0.4472.77\Installer\chrmstp.exe [2021-05-29] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2602DAE5-2CAE-4129-912D-58AB6A537996} – System32\Tasks\Optimize Thumbnail Cache => C:\Program Files (x86)\Common Files\installshield\engine\8\intel 32\isupdate.exe [61104 2020-09-26] (Flexera Software LLC -> InstallShield®) [File not signed]Task: {2C4FBA53-C4C3-48AD-A2FF-66C1309B50F0} – System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {70929EDF-A7F7-44CA-910A-8BD467468C90} – System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [696304 2021-05-05] (Mozilla Corporation -> Mozilla Foundation)
Task: {7FF9732B-3F3A-415D-9B9C-6B69BAAABEB4} – System32\Tasks\InstallShield® Setup Engine Kernel => C:\Program Files (x86)\Common Files\installshield\engine\8\intel 32\iKernel.exe [72880 2020-10-16] (Flexera Software LLC -> InstallShield Software Corporation) [File not signed]Task: {AF5F1A4B-3E23-4CC7-904F-FC8CE2E0EAB0} – System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DA5EF3F6-B960-4E9B-8D3F-3A6A0CBDB0C0} – System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FC84B51E-26D7-44BD-B99F-63BCB25DFC25} – System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-29] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction – ProxySettings)
AutoConfigURL: [HKLM] => hxxp://127.0.0.1:86/
AutoConfigURL: [HKLM-x32] => hxxp://127.0.0.1:86/
AutoConfigURL: [{D14608EA-991E-4AE6-AC0F-5127099564DB}] => hxxp://127.0.0.1:86/
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{314e9dd7-04f0-4808-8411-e2f80bb27bbd}: [NameServer] 1.1.1.1,8.8.8.8
Tcpip\..\Interfaces\{314e9dd7-04f0-4808-8411-e2f80bb27bbd}: [DhcpNameServer] 192.168.0.1
ManualProxies: 0hxxp://127.0.0.1:86/
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

Edge:
=======
Edge Profile: C:\Users\Kevin\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-31]

FireFox:
========
FF DefaultProfile: mfyu2qgp.default
FF ProfilePath: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\mfyu2qgp.default [2021-05-31]FF ProfilePath: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\k1xvw45p.default-release [2021-05-31]FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-04-27] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default [2021-05-31]CHR StartupUrls: Default -> “hxxp://google.com/”
CHR Extension: (Slides) – C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-05-29]CHR Extension: (uBlock Origin) – C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2021-05-29]CHR Extension: (Adobe Acrobat) – C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-05-29]CHR Extension: (Sheets) – C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-05-29]CHR Extension: (Google Docs Offline) – C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-29]CHR Extension: (Chrome Web Store Payments) – C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-05-29]CHR Extension: (Chrome Media Router) – C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-05-29]CHR Profile: C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-05-31]CHR Profile: C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-05-31]CHR Notifications: Profile 1 -> hxxps://app.slack.com; hxxps://mail.google.com
CHR Extension: (Slides) – C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-05-29]CHR Extension: (Docs) – C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2021-05-29]CHR Extension: (Google Drive) – C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-05-29]CHR Extension: (YouTube) – C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-05-29]CHR Extension: (uBlock Origin) – C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2021-05-31]CHR Extension: (Sheets) – C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-05-29]CHR Extension: (WebinarJam Screen Sharing) – C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fokdfhbpgcghjfghmjlggjfhkaogooel [2021-05-29]CHR Extension: (Google Docs Offline) – C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-29]CHR Extension: (Chrome Web Store Payments) – C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-05-29]CHR Extension: (Gmail) – C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-05-29]CHR Extension: (Chrome Media Router) – C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-05-29]CHR Profile: C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\System Profile [2021-05-31]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-26] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2776664 2015-08-16] (Microsoft Corporation -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5393304 2021-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-12] (@ByELDI -> @ByELDI) [File not signed]S2 SogouSvc; C:\Program Files (x86)\SogouInput\SogouExe\SogouSvc.exe [471520 2021-05-20] (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
R2 Vhall Service; D:\VhallLive2.0\VhallService.exe [453496 2021-04-19] (北京微吼时代科技有限公司 -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2104.14-0\NisSrv.exe [2599328 2021-05-29] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2104.14-0\MsMpEng.exe [128376 2021-05-29] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7d91b2ed40558a26\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7d91b2ed40558a26\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 MpKsl7d3e0677; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B760F97F-D847-49A7-83F3-75337748B82A}\MpKslDrv.sys [107744 2021-05-31] (Microsoft Windows -> Microsoft Corporation)
S3 VClone; C:\Windows\System32\drivers\VClone.sys [44544 2020-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49560 2021-05-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [421112 2021-05-29] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [73960 2021-05-29] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-31 20:59 – 2021-05-31 21:05 – 000000000 ____D C:\Users\Kevin\Desktop\FRST
2021-05-31 14:01 – 2021-05-31 14:01 – 000002027 _____ C:\Users\Public\Desktop\MetaEditor 5.lnk
2021-05-31 14:01 – 2021-05-31 14:01 – 000002027 _____ C:\ProgramData\Desktop\MetaEditor 5.lnk
2021-05-31 14:01 – 2021-05-31 14:01 – 000002009 _____ C:\Users\Public\Desktop\Dollars Markets MT5.lnk
2021-05-31 14:01 – 2021-05-31 14:01 – 000002009 _____ C:\ProgramData\Desktop\Dollars Markets MT5.lnk
2021-05-31 14:01 – 2021-05-31 14:01 – 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dollars Markets MT5
2021-05-31 14:01 – 2021-05-31 14:01 – 000000000 ____D C:\Program Files\Dollars Markets MT5
2021-05-31 14:00 – 2021-05-31 14:00 – 001288408 _____ (MetaQuotes Ltd.) C:\Users\Kevin\Downloads\dollarsmarkets5setup.exe
2021-05-31 13:47 – 2021-05-31 13:47 – 000000000 ____D C:\Users\Kevin\Downloads\310521 TA EN
2021-05-31 13:47 – 2021-05-31 13:47 – 000000000 ____D C:\Users\Kevin\Downloads\310521 TA CN
2021-05-31 13:44 – 2021-05-31 13:44 – 002055143 _____ C:\Users\Kevin\Downloads\310521 TA CN.zip
2021-05-31 13:44 – 2021-05-31 13:44 – 001902148 _____ C:\Users\Kevin\Downloads\310521 TA EN.zip
2021-05-31 13:27 – 2021-05-31 13:27 – 000000000 ____D C:\Users\Kevin\Documents\Custom Office Templates
2021-05-31 11:37 – 2021-05-31 11:39 – 000000000 ____D C:\Windows\system32\MRT
2021-05-31 11:23 – 2021-05-31 11:25 – 000000000 ____D C:\Users\Kevin\AppData\LocalLow\Mozilla
2021-05-31 11:23 – 2021-05-31 11:25 – 000000000 ____D C:\ProgramData\Mozilla
2021-05-31 11:23 – 2021-05-31 11:23 – 000333096 _____ (Mozilla) C:\Users\Kevin\Downloads\Firefox Installer.exe
2021-05-31 11:23 – 2021-05-31 11:23 – 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-05-31 11:23 – 2021-05-31 11:23 – 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk
2021-05-31 11:23 – 2021-05-31 11:23 – 000000993 _____ C:\ProgramData\Desktop\Firefox.lnk
2021-05-31 11:23 – 2021-05-31 11:23 – 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2021-05-31 11:23 – 2021-05-31 11:23 – 000000000 ____D C:\Users\Kevin\AppData\Roaming\Mozilla
2021-05-31 11:23 – 2021-05-31 11:23 – 000000000 ____D C:\Users\Kevin\AppData\Local\Mozilla
2021-05-31 11:23 – 2021-05-31 11:23 – 000000000 ____D C:\Program Files\Mozilla Firefox
2021-05-31 11:23 – 2021-05-31 11:23 – 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-05-31 10:10 – 2021-05-31 10:10 – 000000000 ____D C:\Users\Kevin\Documents\Zoom
2021-05-31 10:09 – 2021-05-31 10:09 – 000001931 _____ C:\Users\Kevin\Desktop\Zoom.lnk
2021-05-31 10:08 – 2021-05-31 10:08 – 016089872 _____ (Zoom Video Communications, Inc.) C:\Users\Kevin\Downloads\ZoomInstaller.exe
2021-05-31 10:08 – 2021-05-31 10:08 – 000000000 ____D C:\Users\Kevin\AppData\Roaming\Zoom
2021-05-31 10:08 – 2021-05-31 10:08 – 000000000 ____D C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-05-31 09:56 – 2021-05-31 09:56 – 001541290 _____ C:\Users\Kevin\Downloads\310521 开发部早间简报(CN).pdf
2021-05-31 09:56 – 2021-05-31 09:56 – 001418682 _____ C:\Users\Kevin\Downloads\310521 Morning Briefing Conversion (MY).pdf
2021-05-31 09:50 – 2021-05-31 09:52 – 000020354 _____ C:\Users\Kevin\Downloads\Fixlog.txt
2021-05-31 09:45 – 2021-05-31 09:46 – 000036491 _____ C:\Users\Kevin\Downloads\Addition.txt
2021-05-31 09:43 – 2021-05-31 09:46 – 000047501 _____ C:\Users\Kevin\Downloads\FRST.txt
2021-05-31 09:41 – 2021-05-31 09:41 – 000008367 _____ C:\Users\Kevin\Documents\fixlist.txt
2021-05-31 09:39 – 2021-05-31 21:05 – 000000000 ____D C:\FRST
2021-05-31 09:39 – 2021-05-31 09:39 – 002299904 _____ (Farbar) C:\Users\Kevin\Downloads\FRST64.exe
2021-05-31 09:31 – 2021-05-31 09:31 – 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2021-05-31 09:31 – 2021-05-31 09:31 – 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2021-05-31 09:31 – 2021-05-31 09:31 – 002260480 _____ (The ICU Project) C:\Windows\system32\icu.dll
2021-05-31 09:31 – 2021-05-31 09:31 – 001864192 _____ (The ICU Project) C:\Windows\SysWOW64\icu.dll
2021-05-31 09:31 – 2021-05-31 09:31 – 001823792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-05-31 09:31 – 2021-05-31 09:31 – 001393496 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-05-31 09:31 – 2021-05-31 09:31 – 001314120 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2021-05-31 09:31 – 2021-05-31 09:31 – 000568832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2021-05-31 09:31 – 2021-05-31 09:31 – 000468440 _____ C:\Windows\SysWOW64\WindowManagementAPI.dll
2021-05-31 09:31 – 2021-05-31 09:31 – 000451072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2021-05-31 09:31 – 2021-05-31 09:31 – 000423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2021-05-31 09:31 – 2021-05-31 09:31 – 000223744 _____ C:\Windows\SysWOW64\TpmTool.exe
2021-05-31 09:31 – 2021-05-31 09:31 – 000097280 _____ C:\Windows\system32\Drivers\cimfs.sys
2021-05-31 09:31 – 2021-05-31 09:31 – 000011327 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-05-31 09:30 – 2021-05-31 09:30 – 000657464 _____ C:\Windows\system32\WindowManagementAPI.dll
2021-05-31 09:30 – 2021-05-31 09:30 – 000563712 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2021-05-31 09:30 – 2021-05-31 09:30 – 000287232 _____ C:\Windows\system32\CoreMas.dll
2021-05-31 09:30 – 2021-05-31 09:30 – 000272384 _____ C:\Windows\system32\TpmTool.exe
2021-05-31 09:24 – 2021-05-31 09:24 – 000000000 ___HD C:\$WinREAgent
2021-05-31 02:08 – 2021-05-31 02:08 – 000000614 _____ C:\Users\Kevin\Downloads\download
2021-05-31 01:15 – 2021-05-31 19:53 – 000004166 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{5DCCBDA8-7C3C-4C96-9097-A7A7C576B4D3}
2021-05-31 01:08 – 2021-05-31 01:08 – 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-05-31 01:08 – 2021-05-31 01:08 – 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-05-31 01:06 – 2021-05-31 01:07 – 000000000 ____D C:\Users\Kevin\AppData\LocalLow\uTorrent
2021-05-31 00:55 – 2021-05-31 00:57 – 000000896 _____ C:\Users\Kevin\Desktop\µTorrent.lnk
2021-05-31 00:55 – 2021-05-31 00:55 – 000000876 _____ C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2021-05-31 00:46 – 2021-05-31 00:46 – 000000000 ____D C:\Users\Kevin\AppData\Local\PeerDistRepub
2021-05-31 00:46 – 2021-05-31 00:46 – 000000000 ____D C:\Users\Kevin\AppData\Local\ElevatedDiagnostics
2021-05-30 14:36 – 2021-05-30 14:36 – 000003442 _____ C:\Windows\system32\Tasks\InstallShield® Setup Engine Kernel
2021-05-29 22:58 – 2021-05-31 11:06 – 000000000 ____D C:\Users\Kevin\AppData\Roaming\AnyDesk
2021-05-29 22:58 – 2021-05-29 22:58 – 003763944 _____ (AnyDesk Software GmbH) C:\Users\Kevin\Desktop\AnyDesk.exe
2021-05-29 21:16 – 2021-05-29 21:16 – 000000000 ____D C:\Users\Kevin\AppData\Roaming\SogouPenSgim
2021-05-29 21:15 – 2021-05-29 21:15 – 000000000 ____D C:\Users\Public\SogouInput
2021-05-29 21:14 – 2021-05-31 20:31 – 000000000 ____D C:\Users\Kevin\AppData\LocalLow\SogouPY
2021-05-29 21:14 – 2021-05-29 21:22 – 000000000 ____D C:\ProgramData\SogouInput
2021-05-29 21:14 – 2021-05-29 21:14 – 000000000 ____D C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\搜狗输入法
2021-05-29 21:14 – 2021-05-29 21:14 – 000000000 ____D C:\Users\Kevin\AppData\LocalLow\SogouPY.users
2021-05-29 21:14 – 2021-05-29 21:14 – 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狗输入法
2021-05-29 21:14 – 2021-05-29 21:14 – 000000000 ____D C:\Program Files (x86)\SogouInput
2021-05-29 17:50 – 2021-05-29 17:50 – 000000000 _____ C:\Recovery.txt
2021-05-29 17:12 – 2021-05-29 17:12 – 000000000 _SHDL C:\Documents and Settings
2021-05-29 17:12 – 2021-05-29 17:12 – 000000000 ____D C:\Windows\CSC
2021-05-29 17:10 – 2021-05-29 17:10 – 000000000 ____H C:\ProgramData\DP45977C.lfl
2021-05-29 17:10 – 2021-05-29 17:10 – 000000000 ____D C:\Windows\SysWOW64\RTCOM
2021-05-29 17:10 – 2021-05-29 17:10 – 000000000 ____D C:\Windows\system32\lxss
2021-05-29 17:10 – 2021-05-29 17:10 – 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2021-05-29 17:10 – 2021-05-29 17:10 – 000000000 ____D C:\Program Files\Realtek
2021-05-29 17:10 – 2021-05-29 17:10 – 000000000 ____D C:\Program Files\Common Files\logishrd
2021-05-29 17:10 – 2021-05-29 13:14 – 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-05-29 17:09 – 2021-05-31 20:30 – 000000000 ____D C:\Windows\system32\SleepStudy
2021-05-29 17:09 – 2021-05-31 13:43 – 000008192 ___SH C:\DumpStack.log.tmp
2021-05-29 17:09 – 2021-05-31 13:43 – 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-05-29 17:09 – 2021-05-31 09:53 – 000435256 _____ C:\Windows\system32\FNTCACHE.DAT
2021-05-29 17:09 – 2021-05-30 10:44 – 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-05-29 17:09 – 2021-05-29 17:09 – 000000000 ____D C:\Windows\ServiceProfiles
2021-05-29 17:09 – 2021-05-29 11:24 – 000000000 ____D C:\Windows\system32\Drivers\wd
2021-05-29 16:22 – 2021-05-29 16:24 – 000000000 ____D C:\ProgramData\Epic
2021-05-29 16:22 – 2021-05-29 16:22 – 000000789 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2021-05-29 16:22 – 2021-05-29 16:22 – 000000789 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2021-05-29 16:22 – 2021-05-29 16:22 – 000000789 _____ C:\ProgramData\Desktop\Epic Games Launcher.lnk
2021-05-29 16:22 – 2021-05-29 16:22 – 000000000 ____D C:\Users\Kevin\AppData\Local\UnrealEngineLauncher
2021-05-29 16:22 – 2021-05-29 16:22 – 000000000 ____D C:\Users\Kevin\AppData\Local\EpicGamesLauncher
2021-05-29 16:00 – 2021-05-29 02:12 – 000000000 ____D C:\Windows\Panther
2021-05-29 15:59 – 2021-05-29 15:59 – 000000000 ____D C:\ProgramData\ssh
2021-05-29 15:59 – 2021-05-29 02:12 – 000000000 ____D C:\Windows.old
2021-05-29 15:56 – 2021-05-29 15:56 – 003860832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtmpltfm.dll
2021-05-29 15:56 – 2021-05-29 15:56 – 001687040 _____ C:\Windows\system32\libcrypto.dll
2021-05-29 15:56 – 2021-05-29 15:56 – 000980320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtmpal.dll
2021-05-29 15:56 – 2021-05-29 15:56 – 000915296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtmcodecs.dll
2021-05-29 15:56 – 2021-05-29 15:56 – 000732000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ortcengine.dll
2021-05-29 15:56 – 2021-05-29 15:56 – 000729600 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2021-05-29 15:56 – 2021-05-29 15:56 – 000700928 _____ C:\Windows\system32\FsNVSDeviceSource.dll
2021-05-29 15:56 – 2021-05-29 15:56 – 000595968 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl
2021-05-29 15:56 – 2021-05-29 15:56 – 000581120 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr
2021-05-29 15:56 – 2021-05-29 15:56 – 000575488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2021-05-29 15:56 – 2021-05-29 15:56 – 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr
2021-05-29 15:56 – 2021-05-29 15:56 – 000480256 _____ C:\Windows\system32\AssignedAccessCsp.dll
2021-05-29 15:56 – 2021-05-29 15:56 – 000469504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appwiz.cpl
2021-05-29 15:56 – 2021-05-29 15:56 – 000446976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmsys.cpl
2021-05-29 15:56 – 2021-05-29 15:56 – 000304128 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2021-05-29 15:56 – 2021-05-29 15:56 – 000266240 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2021-05-29 15:56 – 2021-05-29 15:56 – 000234496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2021-05-29 15:56 – 2021-05-29 15:56 – 000221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bthprops.cpl
2021-05-29 15:56 – 2021-05-29 15:56 – 000204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2021-05-29 15:56 – 2021-05-29 15:56 – 000178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2021-05-29 15:56 – 2021-05-29 15:56 – 000170496 _____ (Microsoft Corporation) C:\Windows\system32\VBICodec.ax
2021-05-29 15:56 – 2021-05-29 15:56 – 000157184 _____ C:\Windows\system32\uwfcsp.dll
2021-05-29 15:56 – 2021-05-29 15:56 – 000153600 _____ C:\Windows\system32\uwfcfgmgmt.dll
2021-05-29 15:56 – 2021-05-29 15:56 – 000138056 _____ C:\Windows\system32\HvsiManagementApi.dll
2021-05-29 15:56 – 2021-05-29 15:56 – 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VBICodec.ax
2021-05-29 15:56 – 2021-05-29 15:56 – 000112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\activeds.tlb
2021-05-29 15:56 – 2021-05-29 15:56 – 000101704 _____ C:\Windows\SysWOW64\HvsiManagementApi.dll
2021-05-29 15:56 – 2021-05-29 15:56 – 000100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncpa.cpl
2021-05-29 15:56 – 2021-05-29 15:56 – 000095744 _____ C:\Windows\system32\VirtualMonitorManager.dll
2021-05-29 15:56 – 2021-05-29 15:56 – 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2021-05-29 15:56 – 2021-05-29 15:56 – 000084992 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl
2021-05-29 15:56 – 2021-05-29 15:56 – 000072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2021-05-29 15:56 – 2021-05-29 15:56 – 000067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl
2021-05-29 15:56 – 2021-05-29 15:56 – 000067072 _____ C:\Windows\system32\BWContextHandler.dll
2021-05-29 15:56 – 2021-05-29 15:56 – 000055376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtmmvrortc.dll
2021-05-29 15:56 – 2021-05-29 15:56 – 000053760 _____ C:\Windows\SysWOW64\BWContextHandler.dll
2021-05-29 15:56 – 2021-05-29 15:56 – 000047472 _____ C:\Windows\SysWOW64\umpdc.dll
2021-05-29 15:56 – 2021-05-29 15:56 – 000045880 _____ C:\Windows\system32\HvSocket.dll
2021-05-29 15:56 – 2021-05-29 15:56 – 000039936 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2021-05-29 15:55 – 2021-05-29 15:55 – 004898144 _____ (Microsoft Corporation) C:\Windows\system32\rtmpltfm.dll
2021-05-29 15:55 – 2021-05-29 15:55 – 004227116 _____ C:\Windows\system32\DefaultHrtfs.bin
2021-05-29 15:55 – 2021-05-29 15:55 – 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2021-05-29 15:55 – 2021-05-29 15:55 – 002254336 _____ C:\Windows\system32\dwmscene.dll
2021-05-29 15:55 – 2021-05-29 15:55 – 001354080 _____ (Microsoft Corporation) C:\Windows\system32\rtmpal.dll
2021-05-29 15:55 – 2021-05-29 15:55 – 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2021-05-29 15:55 – 2021-05-29 15:55 – 001163776 _____ C:\Windows\system32\MBR2GPT.EXE
2021-05-29 15:55 – 2021-05-29 15:55 – 001091936 _____ (Microsoft Corporation) C:\Windows\system32\rtmcodecs.dll
2021-05-29 15:55 – 2021-05-29 15:55 – 001032544 _____ (Microsoft Corporation) C:\Windows\system32\ortcengine.dll
2021-05-29 15:55 – 2021-05-29 15:55 – 000707016 _____ C:\Windows\system32\TextShaping.dll
2021-05-29 15:55 – 2021-05-29 15:55 – 000611952 _____ C:\Windows\SysWOW64\TextShaping.dll
2021-05-29 15:55 – 2021-05-29 15:55 – 000544768 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl
2021-05-29 15:55 – 2021-05-29 15:55 – 000455168 _____ C:\Windows\system32\ssdm.dll
2021-05-29 15:55 – 2021-05-29 15:55 – 000363520 _____ C:\Windows\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-05-29 15:55 – 2021-05-29 15:55 – 000330752 _____ C:\Windows\SysWOW64\ssdm.dll
2021-05-29 15:55 – 2021-05-29 15:55 – 000306688 _____ C:\Windows\system32\HeatCore.dll
2021-05-29 15:55 – 2021-05-29 15:55 – 000266752 _____ (Microsoft Corporation) C:\Windows\system32\bthprops.cpl
2021-05-29 15:55 – 2021-05-29 15:55 – 000266240 _____ C:\Windows\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-05-29 15:55 – 2021-05-29 15:55 – 000243200 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2021-05-29 15:55 – 2021-05-29 15:55 – 000240640 _____ C:\Windows\SysWOW64\CoreMas.dll
2021-05-29 15:55 – 2021-05-29 15:55 – 000238592 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl
2021-05-29 15:55 – 2021-05-29 15:55 – 000235520 _____ C:\Windows\SysWOW64\HeatCore.dll
2021-05-29 15:55 – 2021-05-29 15:55 – 000231248 _____ C:\Windows\system32\containerdevicemanagement.dll
2021-05-29 15:55 – 2021-05-29 15:55 – 000197632 _____ C:\Windows\system32\IHDS.dll
2021-05-29 15:55 – 2021-05-29 15:55 – 000190976 _____ C:\Windows\system32\BthpanContextHandler.dll
2021-05-29 15:55 – 2021-05-29 15:55 – 000182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2021-05-29 15:55 – 2021-05-29 15:55 – 000165888 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2021-05-29 15:55 – 2021-05-29 15:55 – 000152064 _____ C:\Windows\system32\EoAExperiences.exe
2021-05-29 15:55 – 2021-05-29 15:55 – 000112128 _____ (Microsoft Corporation) C:\Windows\system32\activeds.tlb
2021-05-29 15:55 – 2021-05-29 15:55 – 000102912 _____ (Microsoft Corporation) C:\Windows\system32\ncpa.cpl
2021-05-29 15:55 – 2021-05-29 15:55 – 000089088 _____ C:\Windows\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2021-05-29 15:55 – 2021-05-29 15:55 – 000074240 _____ C:\Windows\system32\rdsxvmaudio.dll
2021-05-29 15:55 – 2021-05-29 15:55 – 000073216 _____ C:\Windows\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-05-29 15:55 – 2021-05-29 15:55 – 000064552 _____ C:\Windows\system32\umpdc.dll
2021-05-29 15:55 – 2021-05-29 15:55 – 000060928 _____ C:\Windows\system32\runexehelper.exe
2021-05-29 15:55 – 2021-05-29 15:55 – 000056672 _____ (Microsoft Corporation) C:\Windows\system32\rtmmvrortc.dll
2021-05-29 15:55 – 2021-05-29 15:55 – 000048640 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2021-05-29 15:55 – 2021-05-29 15:55 – 000030208 _____ (Microsoft Corporation) C:\Windows\system32\msacm32.drv
2021-05-29 15:55 – 2021-05-29 15:55 – 000029696 _____ (The ICU Project) C:\Windows\system32\icuuc.dll
2021-05-29 15:55 – 2021-05-29 15:55 – 000025088 _____ (The ICU Project) C:\Windows\system32\icuin.dll
2021-05-29 15:55 – 2021-05-29 15:55 – 000023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msacm32.drv
2021-05-29 15:55 – 2021-05-29 15:55 – 000013312 _____ C:\Windows\system32\agentactivationruntimestarter.exe
2021-05-29 15:55 – 2021-05-29 15:55 – 000010752 _____ C:\Windows\SysWOW64\agentactivationruntimestarter.exe
2021-05-29 15:55 – 2021-05-29 15:55 – 000001370 _____ C:\Windows\system32\ThirdPartyNoticesBySHS.txt
2021-05-29 15:51 – 2021-05-29 15:51 – 000000000 ____D C:\Program Files\Reference Assemblies
2021-05-29 15:51 – 2021-05-29 15:51 – 000000000 ____D C:\Program Files\MSBuild
2021-05-29 15:51 – 2021-05-29 15:51 – 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-05-29 15:51 – 2021-05-29 15:51 – 000000000 ____D C:\Program Files (x86)\MSBuild
2021-05-29 15:50 – 2021-05-29 15:50 – 000008192 _____ C:\Windows\system32\config\userdiff
2021-05-29 15:28 – 2021-05-29 16:24 – 000000000 ____D C:\Users\Kevin\AppData\Local\NVIDIA Corporation
2021-05-29 15:27 – 2021-05-29 16:22 – 000000000 ____D C:\Users\Kevin\AppData\Local\UnrealEngine
2021-05-29 15:27 – 2021-05-29 15:27 – 000000000 ____D C:\Users\Kevin\ansel
2021-05-29 15:24 – 2021-05-29 15:24 – 000000000 ____D C:\Users\Kevin\AppData\Local\NVIDIA
2021-05-29 15:23 – 2021-05-31 10:57 – 001882119 _____ C:\Users\Kevin\Desktop\截图用水印模板.psd
2021-05-29 15:23 – 2021-05-29 15:26 – 004037832 _____ C:\Users\Kevin\Desktop\Analyst Watermark.psd
2021-05-29 15:23 – 2021-05-29 15:24 – 000000000 ____D C:\Users\Kevin\AppData\Roaming\Cached files
2021-05-29 15:23 – 2021-05-29 15:23 – 000000000 ____D C:\Users\Kevin\AppData\Roaming\NVIDIA
2021-05-29 15:22 – 2021-05-29 15:22 – 000001064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2021.lnk
2021-05-29 15:22 – 2021-05-29 15:22 – 000001052 _____ C:\Users\Kevin\Desktop\Adobe Photoshop 2021.lnk
2021-05-29 15:21 – 2021-05-29 16:24 – 000000000 ____D C:\ProgramData\Package Cache
2021-05-29 15:21 – 2021-05-29 15:22 – 000000000 ____D C:\Program Files\Common Files\Adobe
2021-05-29 15:21 – 2021-05-29 15:21 – 000000000 ____D C:\Program Files\Adobe
2021-05-29 14:48 – 2021-05-29 14:48 – 000000000 ____D C:\Users\Kevin\AppData\LocalLow\Adobe
2021-05-29 14:47 – 2021-05-30 11:01 – 000000000 ____D C:\ProgramData\Adobe
2021-05-29 14:47 – 2021-05-29 15:20 – 000000000 ____D C:\Program Files (x86)\Adobe
2021-05-29 14:47 – 2021-05-29 14:47 – 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-05-29 14:47 – 2021-05-29 14:47 – 000002124 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2021-05-29 14:47 – 2021-05-29 14:47 – 000002124 _____ C:\ProgramData\Desktop\Acrobat Reader DC.lnk
2021-05-29 14:46 – 2021-05-30 10:47 – 000000000 ____D C:\Users\Kevin\AppData\Local\Adobe
2021-05-29 14:45 – 2021-05-29 14:45 – 000000000 ____D C:\Users\Kevin\Desktop\Weekly MO
2021-05-29 14:45 – 2021-05-29 14:45 – 000000000 ____D C:\Users\Kevin\Desktop\Weekly Analysis
2021-05-29 14:45 – 2021-05-29 14:45 – 000000000 ____D C:\Users\Kevin\Desktop\Webinar Slides
2021-05-29 14:45 – 2021-05-29 14:45 – 000000000 ____D C:\Users\Kevin\Desktop\Upload Status
2021-05-29 14:45 – 2021-05-29 14:45 – 000000000 ____D C:\Users\Kevin\Desktop\FMM
2021-05-29 14:45 – 2021-05-29 14:45 – 000000000 ____D C:\Users\Kevin\Desktop\Daily Analysis
2021-05-29 14:38 – 2021-05-30 14:36 – 000003802 _____ C:\Windows\system32\Tasks\Optimize Thumbnail Cache
2021-05-29 14:38 – 2021-05-29 14:38 – 000004608 _____ C:\Windows\SECOH-QAD.exe
2021-05-29 14:38 – 2021-05-29 14:38 – 000003584 _____ C:\Windows\SECOH-QAD.dll
2021-05-29 14:38 – 2021-05-29 14:38 – 000000000 ____D C:\Program Files\KMSpico
2021-05-29 14:38 – 2010-12-06 10:16 – 000090112 _____ (Vestris Inc.) C:\Windows\system32\Vestris.ResourceLib.dll
2021-05-29 14:19 – 2021-05-29 14:19 – 000002534 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2021-05-29 14:19 – 2021-05-29 14:19 – 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2021-05-29 14:19 – 2021-05-29 14:19 – 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2021-05-29 14:19 – 2021-05-29 14:19 – 000002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2021-05-29 14:19 – 2021-05-29 14:19 – 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2021-05-29 14:19 – 2021-05-29 14:19 – 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2021-05-29 14:19 – 2021-05-29 14:19 – 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2021-05-29 14:19 – 2021-05-29 14:19 – 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2021-05-29 14:19 – 2021-05-29 14:19 – 000002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2021-05-29 14:19 – 2021-05-29 14:19 – 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2021-05-29 14:17 – 2021-05-29 14:19 – 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-05-29 14:17 – 2021-05-29 14:17 – 000000000 ____D C:\Program Files\Microsoft Office 15
2021-05-29 12:20 – 2021-05-29 12:20 – 000000000 ____D C:\Users\Kevin\AppData\Local\TekkenGame
2021-05-29 11:45 – 2021-05-29 11:45 – 000000000 ____D C:\Users\Kevin\AppData\Local\OneDrive
2021-05-29 11:26 – 2021-05-31 14:01 – 000000000 ____D C:\Users\Kevin\AppData\Roaming\MetaQuotes
2021-05-29 11:26 – 2021-05-29 11:26 – 000002134 _____ C:\Users\Public\Desktop\GCM Asia MT4 Client Terminal.lnk
2021-05-29 11:26 – 2021-05-29 11:26 – 000002134 _____ C:\ProgramData\Desktop\GCM Asia MT4 Client Terminal.lnk
2021-05-29 11:26 – 2021-05-29 11:26 – 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GCM Asia MT4 Client Terminal
2021-05-29 11:26 – 2021-05-29 11:26 – 000000000 ____D C:\ProgramData\MetaQuotes
2021-05-29 11:26 – 2021-05-29 11:26 – 000000000 ____D C:\Program Files (x86)\GCM Asia MT4 Client Terminal
2021-05-29 11:20 – 2021-05-29 11:25 – 000000000 ____D C:\Users\Kevin\Documents\VhallHelper
2021-05-29 11:20 – 2021-05-29 11:20 – 000000660 _____ C:\Users\Public\Desktop\VHALL LIVE.lnk
2021-05-29 11:20 – 2021-05-29 11:20 – 000000660 _____ C:\ProgramData\Desktop\VHALL LIVE.lnk
2021-05-29 11:20 – 2021-05-29 11:20 – 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vhall Live Streaming
2021-05-29 11:16 – 2021-05-29 11:16 – 000000202 _____ C:\Users\Kevin\Desktop\TEKKEN 7.url
2021-05-29 11:14 – 2021-05-29 11:14 – 000000000 ___HD C:\OneDriveTemp
2021-05-29 02:40 – 2021-05-29 02:40 – 000001115 _____ C:\Users\Kevin\Desktop\MT4 Manager.lnk
2021-05-29 02:39 – 2021-05-29 02:39 – 000000000 ____D C:\Users\Kevin\AppData\Roaming\WinRAR
2021-05-29 02:39 – 2021-05-29 02:39 – 000000000 ____D C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-05-29 02:39 – 2021-05-29 02:39 – 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-05-29 02:39 – 2021-05-29 02:39 – 000000000 ____D C:\Program Files\WinRAR
2021-05-29 02:37 – 2021-05-29 02:37 – 000000199 _____ C:\Users\Kevin\Desktop\Dota 2.url
2021-05-29 02:33 – 2021-05-31 01:07 – 000000000 ____D C:\Users\Kevin\AppData\Local\BitTorrentHelper
2021-05-29 02:32 – 2021-05-31 01:07 – 000000000 ____D C:\Users\Kevin\AppData\Roaming\uTorrent
2021-05-29 02:32 – 2021-05-31 00:56 – 000000000 ____D C:\Users\Kevin\AppData\Local\UT008
2021-05-29 02:27 – 2021-05-29 02:27 – 000000424 _____ C:\Users\Kevin\AppData\Local\UserProducts.xml
2021-05-29 02:27 – 2021-05-29 02:27 – 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2021-05-29 02:27 – 2021-05-29 02:27 – 000000000 ____D C:\Program Files (x86)\Skillbrains
2021-05-29 02:24 – 2021-05-29 02:24 – 000000202 _____ C:\Users\Kevin\Desktop\Wallpaper Engine.url
2021-05-29 02:23 – 2021-05-29 02:23 – 000000000 ____D C:\Users\Kevin\AppData\Local\Steam
2021-05-29 02:23 – 2021-05-29 02:23 – 000000000 ____D C:\Users\Kevin\AppData\Local\CEF
2021-05-29 02:22 – 2021-05-29 02:22 – 000000549 _____ C:\Users\Public\Desktop\Steam.lnk
2021-05-29 02:22 – 2021-05-29 02:22 – 000000549 _____ C:\ProgramData\Desktop\Steam.lnk
2021-05-29 02:22 – 2021-05-29 02:22 – 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2021-05-29 02:20 – 2021-05-31 20:35 – 000000000 ____D C:\ProgramData\NVIDIA
2021-05-29 02:20 – 2021-05-29 02:20 – 000000420 _____ C:\Users\Kevin\Desktop\This PC.lnk
2021-05-29 02:19 – 2021-05-31 01:21 – 000000000 ____D C:\Users\Kevin\AppData\Local\PlaceholderTileLogoFolder
2021-05-29 02:19 – 2021-05-29 11:19 – 000000000 ____D C:\Users\Kevin\AppData\Local\Comms
2021-05-29 02:18 – 2021-05-31 13:49 – 000840598 _____ C:\Windows\system32\PerfStringBackup.INI
2021-05-29 02:17 – 2021-05-29 02:17 – 000002319 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-05-29 02:17 – 2021-05-29 02:17 – 000002278 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-05-29 02:17 – 2021-05-29 02:17 – 000002278 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-05-29 02:17 – 2021-05-29 02:17 – 000000000 ____D C:\Program Files\Google
2021-05-29 02:16 – 2021-05-31 20:35 – 000000000 ___RD C:\Users\Kevin\OneDrive
2021-05-29 02:16 – 2021-05-29 02:23 – 000000000 ____D C:\Users\Kevin\AppData\Local\Google
2021-05-29 02:16 – 2021-05-29 02:16 – 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-05-29 02:16 – 2021-05-29 02:16 – 000000000 ____D C:\Program Files (x86)\Google
2021-05-29 02:14 – 2021-05-31 15:08 – 000000000 ____D C:\Users\Kevin\AppData\Local\Packages
2021-05-29 02:14 – 2021-05-31 01:04 – 000000000 ____D C:\Users\Kevin\AppData\Local\D3DSCache
2021-05-29 02:14 – 2021-05-30 10:36 – 000002363 _____ C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-05-29 02:14 – 2021-05-29 15:27 – 000000000 ____D C:\Users\Kevin
2021-05-29 02:14 – 2021-05-29 15:25 – 000000000 ____D C:\Users\Kevin\AppData\Roaming\Adobe
2021-05-29 02:14 – 2021-05-29 11:14 – 000000000 ____D C:\Users\Kevin\AppData\Local\ConnectedDevicesPlatform
2021-05-29 02:14 – 2021-05-29 02:32 – 000000000 ____D C:\ProgramData\Packages
2021-05-29 02:14 – 2021-05-29 02:19 – 000000000 __RHD C:\Users\Public\AccountPictures
2021-05-29 02:14 – 2021-05-29 02:14 – 000000020 ___SH C:\Users\Kevin\ntuser.ini
2021-05-29 02:14 – 2021-05-29 02:14 – 000000000 ___RD C:\Users\Kevin\3D Objects
2021-05-29 02:14 – 2021-05-29 02:14 – 000000000 ____D C:\Users\Kevin\AppData\Local\VirtualStore
2021-05-29 02:14 – 2021-05-29 02:14 – 000000000 ____D C:\Users\Kevin\AppData\Local\Publishers
2021-05-28 23:37 – 2021-05-29 17:50 – 000000000 ___HD C:\$SysReset
2021-05-20 12:05 – 2021-05-20 12:05 – 008930784 _____ (Sogou.com Inc.) C:\Windows\system32\SogouPY.ime
2021-05-20 12:05 – 2021-05-20 12:05 – 006277600 _____ (Sogou.com Inc.) C:\Windows\SysWOW64\SogouPY.ime
2021-05-20 12:05 – 2021-05-20 12:05 – 001972704 _____ (Sogou.com Inc.) C:\Windows\system32\SogouTSF.ime
2021-05-20 12:05 – 2021-05-20 12:05 – 001459168 _____ (Sogou.com Inc.) C:\Windows\SysWOW64\SogouTSF.ime

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-31 20:58 – 2019-12-07 17:14 – 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-31 13:49 – 2019-12-07 17:13 – 000000000 ____D C:\Windows\INF
2021-05-31 13:42 – 2019-12-07 17:03 – 000524288 _____ C:\Windows\system32\config\BBI
2021-05-31 11:39 – 2019-12-07 17:03 – 000000000 ____D C:\Windows\CbsTemp
2021-05-31 10:58 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\system32\NDF
2021-05-31 09:55 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\AppReadiness
2021-05-31 09:54 – 2019-12-07 17:14 – 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-05-31 09:53 – 2019-12-07 17:54 – 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-05-31 09:53 – 2019-12-07 17:14 – 000000000 ___RD C:\Windows\PrintDialog
2021-05-31 09:53 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\SysWOW64\lv-LV
2021-05-31 09:53 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\SysWOW64\et-EE
2021-05-31 09:53 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\SysWOW64\Dism
2021-05-31 09:53 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\SystemResources
2021-05-31 09:53 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\system32\oobe
2021-05-31 09:53 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\system32\lv-LV
2021-05-31 09:53 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\system32\et-EE
2021-05-31 09:53 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\system32\Dism
2021-05-31 09:53 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\PolicyDefinitions
2021-05-31 09:53 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\bcastdvr
2021-05-31 09:33 – 2019-12-07 17:03 – 000000000 ____D C:\Windows\servicing
2021-05-31 01:10 – 2019-12-07 17:14 – 000000000 ___HD C:\Program Files\WindowsApps
2021-05-29 21:14 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\SysWOW64\IME
2021-05-29 17:50 – 2019-12-07 17:14 – 000028672 _____ C:\Windows\system32\config\BCD-Template
2021-05-29 17:09 – 2019-12-07 17:14 – 000000000 ____D C:\ProgramData\USOPrivate
2021-05-29 17:09 – 2019-12-07 17:03 – 000032768 _____ C:\Windows\system32\config\ELAM
2021-05-29 15:59 – 2019-12-07 17:54 – 000000000 ___SD C:\Windows\system32\AppV
2021-05-29 15:59 – 2019-12-07 17:54 – 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-05-29 15:59 – 2019-12-07 17:54 – 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-05-29 15:59 – 2019-12-07 17:51 – 000000000 ____D C:\Windows\system32\OpenSSH
2021-05-29 15:59 – 2019-12-07 17:14 – 000000000 ___SD C:\Windows\SysWOW64\F12
2021-05-29 15:59 – 2019-12-07 17:14 – 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2021-05-29 15:59 – 2019-12-07 17:14 – 000000000 ___SD C:\Windows\system32\UNP
2021-05-29 15:59 – 2019-12-07 17:14 – 000000000 ___SD C:\Windows\system32\F12
2021-05-29 15:59 – 2019-12-07 17:14 – 000000000 ___SD C:\Windows\system32\DiagSvcs
2021-05-29 15:59 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2021-05-29 15:59 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\SysWOW64\setup
2021-05-29 15:59 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation
2021-05-29 15:59 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\SysWOW64\oobe
2021-05-29 15:59 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\SysWOW64\migwiz
2021-05-29 15:59 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\SysWOW64\lt-LT
2021-05-29 15:59 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\SysWOW64\Keywords
2021-05-29 15:59 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\SysWOW64\Com
2021-05-29 15:59 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2021-05-29 15:59 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\system32\WinMetadata
2021-05-29 15:59 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-05-29 15:59 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\system32\SystemResetPlatform
2021-05-29 15:59 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\system32\Sysprep
2021-05-29 15:59 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\system32\ShellExperiences
2021-05-29 15:59 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\system32\setup
2021-05-29 15:59 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\system32\PerceptionSimulation
2021-05-29 15:59 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\system32\migwiz
2021-05-29 15:59 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\system32\lt-LT
2021-05-29 15:59 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\system32\Keywords
2021-05-29 15:59 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\system32\es-MX
2021-05-29 15:59 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\system32\Com
2021-05-29 15:59 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\system32\appraiser
2021-05-29 15:59 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\system32\AdvancedInstallers
2021-05-29 15:59 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\ShellExperiences
2021-05-29 15:59 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\ShellComponents
2021-05-29 15:59 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\Provisioning
2021-05-29 15:59 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\IME
2021-05-29 15:59 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\DiagTrack
2021-05-29 15:59 – 2019-12-07 17:14 – 000000000 ____D C:\Program Files\Common Files\System
2021-05-29 15:59 – 2019-12-07 17:14 – 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-05-29 15:58 – 2019-12-07 17:54 – 000023552 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll
2021-05-29 15:58 – 2019-12-07 17:54 – 000020908 _____ C:\Windows\system32\OEMDefaultAssociations.xml
2021-05-29 15:51 – 2019-12-07 17:52 – 000000000 ____D C:\Windows\OCR
2021-05-29 14:17 – 2019-12-07 17:14 – 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-05-29 11:24 – 2019-12-07 17:14 – 000000000 ____D C:\Program Files\Windows Defender
2021-05-29 11:22 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\appcompat
2021-05-29 02:31 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\ServiceState
2021-05-29 02:20 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\system32\WinBioDatabase
2021-05-29 02:13 – 2019-12-07 17:51 – 000000000 ____D C:\Windows\system32\FxsTmp
2021-05-29 02:13 – 2019-12-07 17:14 – 000000000 ____D C:\Windows\system32\spool

==================== Files in the root of some directories ========

2021-05-29 02:27 – 2021-05-29 02:27 – 000000003 _____ () C:\Users\Kevin\AppData\Local\updater.log
2021-05-29 02:27 – 2021-05-29 02:27 – 000000424 _____ () C:\Users\Kevin\AppData\Local\UserProducts.xml

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2021 01
Ran by Kevin (31-05-2021 21:07:47)
Running from C:\Users\Kevin\Desktop\FRST
Windows 10 Pro Version 21H1 19043.1023 (X64) (2021-05-28 18:12:30)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2342360385-1493117034-333485134-500 – Administrator – Disabled)
DefaultAccount (S-1-5-21-2342360385-1493117034-333485134-503 – Limited – Disabled)
Guest (S-1-5-21-2342360385-1493117034-333485134-501 – Limited – Disabled)
Kevin (S-1-5-21-2342360385-1493117034-333485134-1001 – Administrator – Enabled) => C:\Users\Kevin
WDAGUtilityAccount (S-1-5-21-2342360385-1493117034-333485134-504 – Limited – Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2342360385-1493117034-333485134-1001\…\uTorrent) (Version: 3.5.5.46020 – BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\…\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.001.20155 – Adobe Systems Incorporated)
Adobe Photoshop 2021 (HKLM-x32\…\PHSP_22_4_1) (Version: 22.4.1.211 – Adobe Inc.)
Adobe Photoshop 2021 Patch (HKLM-x32\…\{86AB4DA9-6987-419F-A237-66EB38496854}) (Version: 1.0.0 – OSTeam)
Dollars Markets MT5 (HKLM\…\Dollars Markets MT5) (Version: 5.00 – MetaQuotes Ltd.)
Epic Games Launcher (HKLM-x32\…\{A7BBC0A6-3DB0-41CC-BCED-DDFC5D4F3060}) (Version: 1.2.17.0 – Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\…\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 – Epic Games, Inc.) Hidden
GCM Asia MT4 Client Terminal (HKLM-x32\…\GCM Asia MT4 Client Terminal) (Version: 4.00 – MetaQuotes Ltd.)
Google Chrome (HKLM-x32\…\Google Chrome) (Version: 91.0.4472.77 – Google LLC)
KMSpico (HKLM\…\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: – )
Launcher Prerequisites (x64) (HKLM-x32\…\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 – Epic Games, Inc.) Hidden
Lightshot-5.5.0.7 (HKLM-x32\…\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.7 – Skillbrains)
Microsoft Edge (HKLM-x32\…\Microsoft Edge) (Version: 91.0.864.37 – Microsoft Corporation)
Microsoft Office Professional Plus 2016 – en-us (HKLM\…\ProPlusRetail – en-us) (Version: 16.0.4266.1003 – Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2342360385-1493117034-333485134-1001\…\OneDriveSetup.exe) (Version: 21.083.0425.0003 – Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable – 10.0.40219 (HKLM\…\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 – Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable – 10.0.40219 (HKLM-x32\…\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 – Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) – 11.0.61030 (HKLM-x32\…\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 – Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) – 11.0.61030 (HKLM-x32\…\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.40664 (HKLM-x32\…\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.40664 (HKLM-x32\…\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 – Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) – 14.23.27820 (HKLM-x32\…\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 – Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) – 14.23.27820 (HKLM-x32\…\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 – Microsoft Corporation)
Mozilla Firefox 88.0.1 (x64 en-US) (HKLM\…\Mozilla Firefox 88.0.1 (x64 en-US)) (Version: 88.0.1 – Mozilla)
Mozilla Maintenance Service (HKLM\…\MozillaMaintenanceService) (Version: 88.0.1 – Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\…\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.4266.1003 – Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\…\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.4266.1003 – Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\…\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.4266.1003 – Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\…\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9132.1 – Realtek Semiconductor Corp.)
Steam (HKLM-x32\…\Steam) (Version: 2.10.91.91 – Valve Corporation)
VhallLive 4.0.1.12 (HKLM\…\VhallLive_is1) (Version: – vhall.com)
WinRAR 6.01 (64-bit) (HKLM\…\WinRAR archiver) (Version: 6.01.0 – win.rar GmbH)
Zoom (HKU\S-1-5-21-2342360385-1493117034-333485134-1001\…\ZoomUMX) (Version: 5.6.6 (961) – Zoom Video Communications, Inc.)
搜狗输入法 10.4正式版 (HKLM-x32\…\Sogou Input) (Version: 10.4.0.4620 – Sogou.com)

Packages:
=========
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.5170.0_x64__8wekyb3d8bbwe [2021-05-29] (Microsoft Studios) [MS Ad]NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-05-29] (NVIDIA Corp.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.175.0_x64__dt26b99r8h8gj [2021-05-29] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0 [2021-05-29] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7d91b2ed40558a26\nvshext.dll [2021-04-13] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\…\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\…\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-05-29 14:38 – 2021-05-29 14:38 – 000003584 _____ () [File not signed] C:\Windows\SECOH-QAD.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-2342360385-1493117034-333485134-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
SearchScopes: HKU\S-1-5-21-2342360385-1493117034-333485134-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-2342360385-1493117034-333485134-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 – {83C25742-A9F7-49FB-9138-434302C88D07} – C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 – {5504BE45-A83B-4808-900A-3A5C36E7F77A} – C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 17:14 – 2019-12-07 17:12 – 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2342360385-1493117034-333485134-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 1.1.1.1 – 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{46FFE8D1-DA55-4421-97B7-0395D6609B17}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F97A2CA1-B46B-4B13-BA29-FA289EE89390}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{837B38C2-CC9F-41BC-8E1A-D1036E853201}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BE551BCE-FE0C-4D1F-9F1E-091C4A92272B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EBFB5E99-42ED-41F4-8F0D-20962074BDB8}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F2C91E64-DA54-4A85-8E6E-B919ECAE19FA}] => (Allow) D:\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{9FF49E98-E9CE-42D0-A419-0079FB456850}] => (Allow) D:\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{0234F7AA-65A9-4D3C-8C9C-FC147FB4D3DB}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{94BD56A0-8E6D-42C2-A750-CE38E6AEC624}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{97A8DD04-B471-40F1-9AFB-81DED6730290}] => (Allow) D:\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> )
FirewallRules: [{5AB6AB36-1C31-4DCC-AD38-5CA3B7AF501F}] => (Allow) D:\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> )
FirewallRules: [{1FF30394-166C-45FD-971F-2AB803400233}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5C308CA3-BAB4-445E-A768-EED8C7038DCD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A60D5E0F-0DDA-4C08-A5A9-097CEA54930F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{117E0F64-7DFD-4192-8C6C-A7FC38FAB35F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FFFE9841-6DEC-4C8F-BECC-720C3A538CD8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3D186C13-002A-4FE9-ADDA-A7D3BA59EEA4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{69211BE7-BD50-4163-8872-CC167D7B7B84}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B15153BD-BA80-4DCD-90ED-8A4DBE68A29B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7F1C1998-AF52-42EA-916A-8E53FBD9883F}] => (Allow) C:\Users\Kevin\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{CC3EAA15-9A0F-489F-9B32-AFA61637D673}] => (Allow) C:\Users\Kevin\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{8F2F643C-2FDC-4636-AD69-47B4843856D2}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [{A0BF356E-66BC-4FC7-94F3-4B71B0E6D248}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [{390C82C7-E457-431C-937D-CD1A93E4B9FC}] => (Allow) D:\Steam\steamapps\common\TEKKEN 7\TEKKEN 7.exe () [File not signed]FirewallRules: [{E6DFE8B0-1342-4759-B37F-DD58A73F170E}] => (Allow) D:\Steam\steamapps\common\TEKKEN 7\TEKKEN 7.exe () [File not signed]FirewallRules: [{1857CC1F-6D23-4D9C-8436-2ADDC390797E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C551E24F-9D09-48BF-8A6E-3467C04D618B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{37837335-018A-4D81-B855-2B2346BEE6EF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F4759F78-A912-40E4-8800-0237787987C5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5E658FD6-EDAF-4C8C-8E8A-40365022A80E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{AAC6CE59-BE09-4695-9695-5D4C5077F622}D:\steam\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe (BANDAI NAMCO Entertainment Inc.) [File not signed]FirewallRules: [UDP Query User{E0FD3F54-A588-4F0E-9490-32D3299AC930}D:\steam\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe (BANDAI NAMCO Entertainment Inc.) [File not signed]FirewallRules: [{A13927F3-68C5-4A0D-A3DE-CA478022E21D}] => (Block) D:\steam\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe (BANDAI NAMCO Entertainment Inc.) [File not signed]FirewallRules: [{6C14EE3C-D119-43F8-BA5A-75920F39029F}] => (Block) D:\steam\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe (BANDAI NAMCO Entertainment Inc.) [File not signed]FirewallRules: [{A0D6D72F-98CB-4BFF-B4B4-A974A46EBC38}] => (Allow) C:\Program Files (x86)\SogouInput\10.4.0.4620\SGTool.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{79D852E3-42B0-4115-B9AC-3A3CC8F30D0C}] => (Allow) C:\Program Files (x86)\SogouInput\10.4.0.4620\SGTool.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{7DD4D835-B698-41E4-988B-8DFE930A397A}] => (Allow) C:\Program Files (x86)\SogouInput\10.4.0.4620\SGTool.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{6B222364-5C66-42AF-8C81-E2AF7521D596}] => (Allow) C:\Program Files (x86)\SogouInput\10.4.0.4620\SGTool.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{C1A2E65A-3CB0-47B2-A527-13CE6FA8476E}] => (Allow) C:\Program Files (x86)\SogouInput\10.4.0.4620\SGTool.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{29DC2309-E72F-4AEE-97A3-AB90DE913615}] => (Allow) C:\Program Files (x86)\SogouInput\10.4.0.4620\SGTool.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{B66367D1-BE51-4372-8D8B-DB4BA9EA4713}] => (Allow) C:\Program Files (x86)\SogouInput\10.4.0.4620\PinyinUp.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{780AF1B4-E2F0-487D-9730-71B85230F54A}] => (Allow) C:\Program Files (x86)\SogouInput\10.4.0.4620\PinyinUp.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{38DF3639-EC87-4FDB-AD18-9A482FBC276F}] => (Allow) C:\Program Files (x86)\SogouInput\10.4.0.4620\PinyinUp.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{FB676A30-D70C-4C97-8BF4-6C9AE40DCCAC}] => (Allow) C:\Program Files (x86)\SogouInput\10.4.0.4620\PinyinUp.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{7DBC340D-E482-499A-B0FC-EA8E42141282}] => (Allow) C:\Program Files (x86)\SogouInput\10.4.0.4620\PinyinUp.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{14C7D421-871B-4442-9B06-DECAE671E929}] => (Allow) C:\Program Files (x86)\SogouInput\10.4.0.4620\PinyinUp.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{860CF815-768A-4A4D-B3C4-828EF8F6157F}] => (Allow) C:\Program Files (x86)\SogouInput\10.4.0.4620\SGDownload.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{060ED4C5-E456-40D1-BC0E-18668650478E}] => (Allow) C:\Program Files (x86)\SogouInput\10.4.0.4620\SGDownload.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{68127DC3-074F-4308-AD21-E570B4B5135E}] => (Allow) C:\Program Files (x86)\SogouInput\10.4.0.4620\SGDownload.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{F0DB504C-4614-494E-99D3-01451AD66902}] => (Allow) C:\Program Files (x86)\SogouInput\10.4.0.4620\SGDownload.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{E10C07EF-04F1-4A53-8404-570B90C1F729}] => (Allow) C:\Program Files (x86)\SogouInput\10.4.0.4620\SGDownload.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{6BA78643-DA0C-4293-B8E8-DBE728C35AFD}] => (Allow) C:\Program Files (x86)\SogouInput\10.4.0.4620\SGDownload.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{10E39CF9-3B7E-4D1D-9969-97277BEEE55E}] => (Allow) C:\Program Files (x86)\SogouInput\10.4.0.4620\SogouCloud.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{5838EC4F-C846-4508-8E66-CC4EF84C0B1C}] => (Allow) C:\Program Files (x86)\SogouInput\10.4.0.4620\SogouCloud.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{CF4290D6-E122-4A5B-B70B-30E755E02ABB}] => (Allow) C:\Program Files (x86)\SogouInput\10.4.0.4620\SogouCloud.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{3592C7B2-24E4-42CA-B959-DC2E627498F1}] => (Allow) C:\Program Files (x86)\SogouInput\10.4.0.4620\SogouCloud.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{685F3D70-D3C8-4D80-8E32-DA541CF44E87}] => (Allow) C:\Program Files (x86)\SogouInput\10.4.0.4620\SogouCloud.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{836A2B50-04AD-40EE-98AB-0DC111FC0577}] => (Allow) C:\Program Files (x86)\SogouInput\10.4.0.4620\SogouCloud.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{D1C8D221-5EEC-459C-93E1-D5785A526C2B}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{9F9CACDE-25BD-41ED-B294-59E37882755D}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{6C8F4339-A0DB-48CE-8680-811D4F1460E2}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{438AAC9D-41F9-4F4A-88A6-2441009EAEB5}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{0EC033A2-9D5E-49AA-A919-944F0047A7BC}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{53AAEB28-1B15-4C60-BD7D-639E60DF326D}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{AB3AADCD-847D-4448-93E4-E3F7B39925F9}] => (Allow) C:\Program Files (x86)\SogouInput\10.4.0.4620\userNetSchedule.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{5894F6BF-549B-4D04-BBBF-E74D12C2836D}] => (Allow) C:\Program Files (x86)\SogouInput\10.4.0.4620\userNetSchedule.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{6F736515-763A-4892-9236-948E99D3518F}] => (Allow) C:\Program Files (x86)\SogouInput\10.4.0.4620\userNetSchedule.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{DD3915A0-91AD-4D6E-BBCE-11318FDE90CE}] => (Allow) C:\Program Files (x86)\SogouInput\10.4.0.4620\userNetSchedule.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{7535F288-EA5B-4F65-88FB-B85D51DEDBB0}] => (Allow) C:\Program Files (x86)\SogouInput\10.4.0.4620\userNetSchedule.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{1016F7EA-6F4F-4B26-A52E-8202853B49F3}] => (Allow) C:\Program Files (x86)\SogouInput\10.4.0.4620\userNetSchedule.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{C044A2C4-491A-478A-86DA-7DD5C4454A53}] => (Allow) C:\Program Files (x86)\SogouInput\10.4.0.4620\SGMedalLoader.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{EC3AE661-E1A8-497F-A3FC-7C224EA00340}] => (Allow) C:\Program Files (x86)\SogouInput\10.4.0.4620\SGMedalLoader.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{15C637DD-F117-41C0-B4B0-8296E84C83A2}] => (Allow) C:\Program Files (x86)\SogouInput\10.4.0.4620\SGMedalLoader.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{52E4D92A-F1BC-4EB6-8E9F-9FF278509A89}] => (Allow) C:\Program Files (x86)\SogouInput\10.4.0.4620\SGMedalLoader.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{A5A922DA-5FD4-47D0-8BC3-42CE0BCCF375}] => (Allow) C:\Program Files (x86)\SogouInput\10.4.0.4620\SGMedalLoader.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{B4CC448B-484D-4DB9-8E9B-A43142CB7B51}] => (Allow) C:\Program Files (x86)\SogouInput\10.4.0.4620\SGMedalLoader.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{47FAE390-58B0-496D-ACEA-9C266A60564E}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{77151BEF-D561-4F27-B2DE-EABF32446E29}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{428F31D0-922B-4B4E-BDCA-4D6C41BF56F5}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{61ADA808-C15C-44CF-A021-77E76F260343}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{A7DD7024-0891-4766-BBF2-648C472341E2}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{08FC05E0-F7CE-46D8-BC4D-B2BCDB67A644}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{22177DF9-7EBA-4488-A328-4D1F02684584}] => (Allow) C:\Users\Kevin\Downloads\AnyDesk.exe => No File
FirewallRules: [{07509460-15A9-402C-985E-F8ECA883E755}] => (Allow) C:\Users\Kevin\Downloads\AnyDesk.exe => No File
FirewallRules: [{469ABBC9-7C0C-4C34-AE92-8F7B0ABD13D3}] => (Allow) C:\Users\Kevin\Downloads\AnyDesk.exe => No File
FirewallRules: [{81EB32AC-F15F-4DE0-9DAF-764E9785D358}] => (Allow) C:\Users\Kevin\Downloads\AnyDesk.exe => No File
FirewallRules: [{F73C4605-ABC7-4684-A129-3A373A845E62}] => (Allow) C:\Users\Kevin\Downloads\AnyDesk.exe => No File
FirewallRules: [{C8154DF1-B815-4B0C-97A6-34B01BB675A5}] => (Allow) C:\Users\Kevin\Downloads\AnyDesk.exe => No File
FirewallRules: [{906AAD7D-8328-4A31-BE4C-B36424F35317}] => (Allow) C:\Users\Kevin\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{613BD941-5108-4702-8D43-0CFEA7DFB064}] => (Allow) C:\Users\Kevin\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{896592E6-4298-4130-B324-8B49CBA9BFD6}] => (Allow) C:\Users\Kevin\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{C024FA16-C826-4CC8-81FC-B6830417AE5A}C:\users\kevin\desktop\anydesk.exe] => (Allow) C:\users\kevin\desktop\anydesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [UDP Query User{9C6D58DE-CEF0-4BF8-BB3F-2BC097BFE66E}C:\users\kevin\desktop\anydesk.exe] => (Allow) C:\users\kevin\desktop\anydesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{A166CAAD-CFC3-4BC6-BC7F-82528C9CA6A4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{947D711C-CC35-427B-A963-4AE46D18E652}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9A33DC50-FF5C-431E-B130-8A303ADEDEA7}] => (Allow) C:\Program Files\Dollars Markets MT5\metatester64.exe (MetaQuotes Ltd. -> MetaQuotes Ltd.)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:111.16 GB) (Free:66.74 GB) (60%)

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (05/31/2021 09:08:51 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-06-01T11:21:51Z. Error Code: 0x80070002.

Error: (05/31/2021 09:08:21 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-06-01T11:22:21Z. Error Code: 0x80070002.

Error: (05/31/2021 09:07:51 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-06-01T11:21:51Z. Error Code: 0x80070002.

Error: (05/31/2021 09:07:21 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-06-01T11:22:21Z. Error Code: 0x80070002.

Error: (05/31/2021 09:06:51 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-06-01T11:21:51Z. Error Code: 0x80070002.

Error: (05/31/2021 09:06:21 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-06-01T11:22:21Z. Error Code: 0x80070002.

Error: (05/31/2021 09:05:51 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-06-01T11:21:51Z. Error Code: 0x80070002.

Error: (05/31/2021 09:05:21 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-06-01T11:22:21Z. Error Code: 0x80070002.

System errors:
=============
Error: (05/31/2021 09:50:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/31/2021 09:50:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Vhall Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/31/2021 09:50:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (05/31/2021 09:50:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Realtek Audio Universal Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (05/31/2021 09:50:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).

Error: (05/31/2021 09:50:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Storage Middleware Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/31/2021 09:50:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/31/2021 09:50:46 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Windows Defender:
================
Date: 2021-05-31 20:50:36
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:MSIL/AgentTesla.AUE!MTB&threatid=2147780834&enterprise=0
Name: Trojan:MSIL/AgentTesla.AUE!MTB
Severity: Severe
Category: Trojan
Path: containerfile:_C:\Program Files (x86)\Adobe\Adobe Photoshop 2021 Patch\AdobeOnlineActivator.exe; containerfile:_C:\Windows\Installer\e0d273.msi; file:_C:\Program Files (x86)\Adobe\Adobe Photoshop 2021 Patch\AdobeOnlineActivator.exe->[MSILRES:costura.newtonsoft.json.dll]; file:_C:\Windows\Installer\e0d273.msi->Binary.AdobeOnlineActivator.exe->[MSILRES:costura.newtonsoft.json.dll]Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.339.1724.0, AS: 1.339.1724.0, NIS: 1.339.1724.0
Engine Version: AM: 1.1.18100.6, NIS: 1.1.18100.6

Date: 2021-05-30 14:41:26
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/uTorrent&threatid=236126&enterprise=0
Name: PUA:Win32/uTorrent
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Users\Kevin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk; file:_C:\Users\Kevin\AppData\Roaming\uTorrent\uTorrent.exe; file:_C:\Users\Kevin\Desktop\µTorrent.lnk; regkey:[email protected]\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\uTorrent; uninstall:[email protected]\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\uTorrent
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.339.1667.0, AS: 1.339.1667.0, NIS: 1.339.1667.0
Engine Version: AM: 1.1.18100.6, NIS: 1.1.18100.6

Date: 2021-05-29 15:23:51
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.B!ml&threatid=2147735505&enterprise=0
Name: Trojan:Win32/Wacatac.B!ml
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Kevin\AppData\Roaming\Cached files\Setup.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Users\Kevin\AppData\Local\Temp\RegAsm.exe
Security intelligence Version: AV: 1.339.1609.0, AS: 1.339.1609.0, NIS: 1.339.1609.0
Engine Version: AM: 1.1.18100.6, NIS: 1.1.18100.6

Date: 2021-05-29 14:35:59
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Vigorf.A&threatid=2147714384&enterprise=0
Name: Trojan:Win32/Vigorf.A
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Kevin\Downloads\getkmspico.com-KMSpico_setup.zip; webfile:_C:\Users\Kevin\Downloads\getkmspico.com-KMSpico_setup.zip|https://file.fan/3fdd2a62a046a120?download_token=0071b3d42461ce04d90342ee570bb2c3dba307b411326bb80dbd14324588c662|pid:11640,ProcessStart:132667437581253642
Detection Origin: Internet
Detection Type: FastPath
Detection Source: Downloads and attachments
Process Name: Unknown
Security intelligence Version: AV: 1.339.1609.0, AS: 1.339.1609.0, NIS: 1.339.1609.0
Engine Version: AM: 1.1.18100.6, NIS: 1.1.18100.6

Date: 2021-05-29 14:29:41
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0
Name: HackTool:Win32/AutoKMS
Severity: High
Category: Tool
Path: file:_C:\Users\Kevin\Downloads\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET]\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET]\Microsoft Office 2016\KMSAuto Net 2015 v1.3.8 Portable\KMSAuto Net.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.339.1609.0, AS: 1.339.1609.0, NIS: 1.339.1609.0
Engine Version: AM: 1.1.18100.6, NIS: 1.1.18100.6

==================== Memory info ===========================

BIOS: American Megatrends Inc. F1 11/24/2016
Motherboard: Gigabyte Technology Co., Ltd. B250M-D2V-CF
Processor: Intel® Core™ i5-7400 CPU @ 3.00GHz
Percentage of memory in use: 43%
Total physical RAM: 16342.6 MB
Available physical RAM: 9305.96 MB
Total Virtual: 19286.6 MB
Available Virtual: 9709.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.16 GB) (Free:66.73 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:808.05 GB) NTFS

\\?\Volume{f839bbe8-0000-0000-0000-100000000000}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
\\?\Volume{f839bbe8-0000-0000-0000-50d01b000000}\ () (Fixed) (Total:0.53 GB) (Free:0.09 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 8BC13B6A)
Partition 1: (Not Active) – (Size=931.5 GB) – (Type=07 NTFS)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: F839BBE8)
Partition 1: (Active) – (Size=100 MB) – (Type=07 NTFS)
Partition 2: (Not Active) – (Size=111.2 GB) – (Type=07 NTFS)
Partition 3: (Not Active) – (Size=546 MB) – (Type=27)

==================== End of Addition.txt =======================

Attached Files

Edited by Oh My!, 31 May 2021 – 08:39 AM.

Source of this news: https://www.bleepingcomputer.com/forums/t/752428/unable-to-remove-proxy-server-12700186/

Related posts:

Form N-PX LEUTHOLD FUNDS INC For: Jun 30 - StreetInsider.com
Get inside Wall Street with StreetInsider Premium. Claim your 1-week free trial here. UNITED STATES SECURITIES AND EXCHANGE COMMISSION WASHINGTON, D.C. 20549 FORM N-PX ANNUAL REPORT OF PROXY VOTIN...
Chinese APT group IronHusky exploits zero-day Windows Server privilege escalation - Reseller News
Credit: Dreamstime One of the vulnerabilities patched by Microsoft has been exploited by a Chinese cyber-espionage group since at the least August. The attack campaigns targeted IT companie...
Newest Payment Data Stealing Adware and spyware Hides in Nginx Function on Linux Servers simple The ...
E-commerce platforms on the U. S., Germany, and furthermore France have come under some sort of from a new form of malware where it targets Nginx servers so that they can masquerade its presenc...
How to Set Up a Proxy Server on a Windows 11 - BollyInside
This tutorial is about the How to Set Up a Proxy Server on a Windows 11. We will try our best so that you understand this guide. I hope you like this blog How to Set Up a Proxy Server on a Windows 11...
News Scan for Aug 23, 2021 - CIDRAP
Breakthrough COVID-19 may be less infectiousBeing fully vaccinated against COVID-19 significantly decreased the probability of virus culture positivity in breakthrough cases versus cases in unvaccina...
CDNs: Down but not out - Capacity Media
3h | Natalie Bannerman Following the well-publicised CDN outages of 2021, Capacity’s Natalie Bannerman explores how we can future-proof this infrastructure to avoid such events happening again I...
Want To Access Blocked Sites At Work? | Opinion - CL Charlotte
If you're like most of us, you enjoy surfing the web at work. Sure, company time and all, but really, who works constantly for eight hours in a row? If you've been doing this for any amount of time,...
Next Article How AI & proxies drive web scraping - computing.co.uk
As public online data acquisition becomes increasingly important to decision-making, AI, web scraping and proxies will continue to find their way into business activities. While the inclusion of AI i...
Cyberattacks increased 17% in Q1 of 2020, with 77% being targeted attacks - Security Magazine
<!-- Cyberattacks increased 17% in Q1 of 2020, with 77% being targeted attacks | 2021-07-16 | Security Magazine This website requires certain cookies to ...
8 Best VPN Services of 2021 - Money
VPNs are designed to encrypt and obfuscate a user’s activity over the internet. They are useful for avoiding targeted marketing, bypassing regional content blocking, and establishing a secure connect...
Microsoft Exchange Server had ‘ProxyToken’ susceptability that leaked incoming postings - The Daily ...
Adam Bannister 31 August 2021 every 14: 07 UTC Updated: 01 The month of september 2021 at 15: 01 UTC Patched authentication detour around comes in wake of frequent exploitation of ‘ProxyShell...
The Cacophony Of Many Different Server Markets - IT Jungle
September 13, 2021 Timothy Prickett Morgan Considering how skittery the global economy is, how wonky the world’s supply chains are, and how capricious spending by the big public clouds and the...
Which one is better for gaming? Residential Proxies or Datacentre Proxies? - fullsync.co.uk
How frustrating is it that we can’t play a game because we don’t live in a specific zip code, state, or country? Why should that matter when all we want to do is enjoy the game? Or, what if you unkno...
What is Incognito? How to access it in different browsers - H2S Media
Incognito mode is a tool to protect your online privacy. In a browser, it is a private window that makes sure that your personal information such as browsing history, search records cookies, or au...
Kingsdale Advisors Launches Corporate Game trailer Campaign to Help Business Responsable Succeed in ...
TORONTO--( BUSINESS WIRE )-- Kingsdale Advisors , North America’s leading strategic aktionär advisory firm, today built the first in a four-part management and business trailer campaign focus...
PrivadoVPN review: a privacy-focussed service that’s free to use... - The US Sun
ARE you looking for a VPN with good security features and a free subscription plan? Keep reading then, because PrivadoVPN has both.We have tested PrivadoVPN for over two weeks and in this review, you...
What Are Cookies? And How To Clear Them? - Fossbytes
If you have been on the Internet long enough, you might have heard about cookies once in a while. But what exactly is a cookie? Do they our data? How can we delete them? Here we will try to answer ea...
How to Install VS Code-Server on AlmaLinux | Rocky Linux 8 - H2S Media
Install Code-Server on Almalinux 8 or Rocky Linux 8 server to run VS Code using Web browser with the help of command terminal and script. Microsoft Visual Studio Code is a free editor for various...

IP Rotating Proxy Onsale

SPECIAL LIMITED TIME OFFER

00
Months
00
Days
00
Hours
00
Minutes
00
Seconds
First month free with coupon code FREE30