Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2022 Ran by zumaha (administrator) on DESKTOP-LSU3JTI (Gigabyte Technology Co., Ltd. GA-MA770T-UD3) (22-01-2022 18:14:24) Running from C:\Users\zumaha\Downloads Loaded Profiles: zumaha Platform: Microsoft Windows 10 Home Version 20H2 19042.1466 (X64) Language: Bulgarian (Bulgaria) -> English (United States) Default browser: Brave Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Acronis International GmbH -> ) C:\Users\zumaha\AppData\Local\Temp\1AF86D80-073A-436E-9AA0-E6BC3A5F0DAA\ga_service.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\redline\bdredline.exe (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdntwrk.exe (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe <3> (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdtrackersnmh.exe (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdwtxag.exe (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\obkagent.exe (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe (Bitdefender SRL -> Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe (Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe <15> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1371_none_7e1bd7147c8285b0\TiWorker.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2> ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe [580696 2022-01-22] (Bitdefender SRL -> Bitdefender) HKLM\...\Run: [BdVpnApp] => C:\Program Files\Bitdefender\Bitdefender VPN\BdVpnApp.exe [318056 2021-12-16] (Bitdefender SRL -> Bitdefender) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [706800 2021-09-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [uupdate] => C:\ProgramData\wDcLibs\uhelper.exe [512280 2019-11-28] (Shenzhen Yi Xing Investment Co., Ltd. -> ) HKLM\...\Policies\Explorer: [NoThumbnailCache] 1 HKLM\...\Policies\Explorer: [DisableThumbnailCache] 1 HKLM\...\Policies\Explorer: [NoInstrumentation] 1 HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-2093924780-1149955631-761437044-1001\...\Run: [GameCenter] => C:\Users\zumaha\AppData\Local\GameCenter\GameCenter.exe [11740368 2022-01-18] (My.Com B.V. -> ) HKU\S-1-5-21-2093924780-1149955631-761437044-1001\...\Run: [Discord] => C:\Users\zumaha\AppData\Local\Discord\Update.exe [1512608 2021-09-21] (Discord Inc. -> GitHub) HKU\S-1-5-21-2093924780-1149955631-761437044-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4268456 2022-01-16] (Valve Corp. -> Valve Corporation) HKU\S-1-5-21-2093924780-1149955631-761437044-1001\...\Policies\Explorer: [NoRecentDocsHood] 1 HKU\S-1-5-21-2093924780-1149955631-761437044-1001\...\Policies\Explorer: [NoRecentDocsHistory] 1 HKU\S-1-5-21-2093924780-1149955631-761437044-1001\...\Policies\Explorer: [NoRecentDocsMenu] 1 HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\97.1.34.81\Installer\chrmstp.exe [2022-01-21] (Brave Software, Inc. -> Brave Software, Inc.) GroupPolicy: Restriction - Chrome <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {18DF763C-B681-484A-AC4A-96F387CB7449} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (No File) Task: {1AFA1D91-E830-4EFB-AFB7-A6F99B48003C} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162968 2022-01-21] (Brave Software, Inc. -> BraveSoftware Inc.) Task: {6B09E6AB-BEC7-4079-B11F-049BB0865A01} - System32\Tasks\Microsoft\Windows\WindowsUpdate\RUXIM\RUXIMDisplay => C:\Program Files\ruxim\ruximics.exe [477512 2021-05-10] (Microsoft Windows -> Microsoft Corporation) Task: {8921EAEE-8743-4C47-8F17-EA6CE98F781F} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\26.0.1.207\WatchDog.exe [1050216 2022-01-13] (Bitdefender SRL -> Bitdefender) Task: {D8778541-3F72-44E5-A8AB-94E8C2AA3A4E} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162968 2022-01-21] (Brave Software, Inc. -> BraveSoftware Inc.) Task: {E6AEB0CC-1511-4288-8A9F-A466E524E08B} - System32\Tasks\Microsoft\Windows\WindowsUpdate\RUXIM\RUXIMSync => C:\Program Files\ruxim\ruximics.exe [477512 2021-05-10] (Microsoft Windows -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.) Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{e9b1928e-fd9e-4ffb-a421-021416036387}: [DhcpNameServer] 192.168.1.1 HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION Edge: ======= Edge Profile: C:\Users\zumaha\AppData\Local\Microsoft\Edge\User Data\Default [2022-01-21] Edge HKLM-x32\...\Edge\Extension: [pdhdldaneekjpoaldekpgomomeabpnek] FireFox: ======== FF DefaultProfile: jko349qn.default FF ProfilePath: C:\Users\zumaha\AppData\Roaming\librewolf\Profiles\jko349qn.default [2022-01-12] FF ProfilePath: C:\Users\zumaha\AppData\Roaming\librewolf\Profiles\fskabzce.default-default [2022-01-21] FF Notifications: librewolf\Profiles\fskabzce.default-default -> hxxps://my.emsisoft.com FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\zumaha\AppData\Roaming\librewolf\Profiles\fskabzce.default-default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2022-01-12] FF Extension: (uBlock Origin) - C:\Users\zumaha\AppData\Roaming\librewolf\Profiles\fskabzce.default-default\Extensions\uBlock0@raymondhill.net.xpi [2022-01-12] FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi [2021-06-29] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/wallet/updates.json ] FF HKLM\...\Firefox\Extensions: [bdtbe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi FF Extension: (Bitdefender Anti-tracker) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi [2020-09-17] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/antitracker/updates.json ] FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2021-12-10] [Legacy] [not signed] FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi FF HKLM-x32\...\Firefox\Extensions: [bdtbe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN) Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] CHR HKLM-x32\...\Chrome\Extension: [khndhdhbebhaddchcgnalcjlaekbbeof] Brave: ======= BRA Profile: C:\Users\zumaha\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2022-01-22] BRA DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}&t=brave BRA DefaultSearchKeyword: Default -> :d BRA DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list BRA Extension: (DuckDuckGo) - C:\Users\zumaha\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2022-01-22] BRA Extension: (uBlock Origin) - C:\Users\zumaha\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2022-01-21] BRA Extension: (Bitdefender Wallet) - C:\Users\zumaha\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2022-01-22] BRA Extension: (Bitdefender Anti-tracker) - C:\Users\zumaha\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\khndhdhbebhaddchcgnalcjlaekbbeof [2022-01-22] BRA Extension: (Brave Local Data Files Updater) - C:\Users\zumaha\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2022-01-22] BRA Extension: (Brave NTP background images) - C:\Users\zumaha\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2022-01-21] BRA Extension: (Wallet Data Files Updater) - C:\Users\zumaha\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2022-01-21] BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\zumaha\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-01-21] BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\zumaha\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2022-01-21] BRA Extension: (Brave NTP sponsored images) - C:\Users\zumaha\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2022-01-22] BRA Extension: (Brave SpeedReader Updater) - C:\Users\zumaha\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2022-01-21] BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\zumaha\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2022-01-21] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AfVpnService; C:\Program Files\Bitdefender\Bitdefender VPN\hydra.sdk.windows.service.exe [198256 2021-01-25] (Pango Inc. -> AnchorFree Inc.) R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2988816 2021-03-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 BDAuxSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [821896 2022-01-22] (Bitdefender SRL -> Bitdefender) R2 BDProtSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [821896 2022-01-22] (Bitdefender SRL -> Bitdefender) R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2161256 2018-03-22] (Bitdefender SRL -> Bitdefender) R2 bdredline_agent; C:\Program Files\Bitdefender Agent\redline\bdredline.exe [1899112 2018-03-22] (Bitdefender SRL -> Bitdefender) S2 BdVpnService; C:\Program Files\Bitdefender\Bitdefender VPN\bdvpnservice.exe [245864 2021-12-16] (Bitdefender SRL -> Bitdefender) S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162968 2022-01-21] (Brave Software, Inc. -> BraveSoftware Inc.) S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162968 2022-01-21] (Brave Software, Inc. -> BraveSoftware Inc.) S3 mracsvc; C:\WINDOWS\System32\mracsvc.exe [22174424 2022-01-19] (LLC Mail.Ru -> LLC Mail.Ru) R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [786536 2021-10-27] (Bitdefender SRL -> Bitdefender) S3 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [14204760 2021-12-15] (ADLICE (ASCOET JULIEN) -> ) R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [284760 2022-01-22] (Bitdefender SRL -> Bitdefender) S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [746736 2022-01-17] (Oracle Corporation -> Oracle Corporation) R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [821896 2022-01-22] (Bitdefender SRL -> Bitdefender) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\NisSrv.exe [2876152 2022-01-18] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MsMpEng.exe [128360 2022-01-18] (Microsoft Windows Publisher -> Microsoft Corporation) S2 SDScannerService; "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" [X] S2 SDUpdateService; "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" [X] S2 SDWSCService; "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe" [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 83539951; C:\WINDOWS\System32\drivers\41388804.sys [208216 2022-01-20] () [File not signed] S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2017-11-16] (AnchorFree Inc -> The OpenVPN Project) R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [3864480 2021-10-15] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender S.R.L. Bucharest, ROMANIA) U2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [800672 2021-08-26] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender) S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [22976 2020-12-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender) R0 bdprivmon; C:\WINDOWS\System32\DRIVERS\bdprivmon.sys [32152 2021-09-28] (Microsoft Windows Hardware Compatibility Publisher -> © Bitdefender SRL) S3 bduefiscan; C:\WINDOWS\system32\DRIVERS\bduefiscan.sys [55864 2021-07-09] (Bitdefender SRL -> Bitdefender) R0 Gemma; C:\WINDOWS\System32\DRIVERS\gemma.sys [1188744 2021-09-28] (Microsoft Windows Hardware Compatibility Publisher -> BitDefender S.R.L. Bucharest, ROMANIA) R2 Ignis; C:\WINDOWS\system32\DRIVERS\ignis.sys [185312 2020-10-07] (Bitdefender SRL -> Bitdefender) S3 mracdrv; C:\WINDOWS\System32\drivers\mracdrv1.sys [21413808 2022-01-19] (LLC Mail.Ru -> LLC Mail.Ru) R3 RTL8023x64; C:\WINDOWS\System32\drivers\Rtnic64.sys [51712 2019-12-07] (Microsoft Windows -> Realtek Semiconductor Corporation) R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [47920 2020-02-20] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project) R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [623008 2021-09-29] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender) R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [239648 2022-01-17] (Oracle Corporation -> Oracle Corporation) R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [249560 2022-01-17] (Oracle Corporation -> Oracle Corporation) R1 VBoxSup; C:\WINDOWS\system32\DRIVERS\VBoxSup.sys [1046416 2022-01-17] (Oracle Corporation -> Oracle Corporation) R0 vlflt; C:\WINDOWS\System32\DRIVERS\vlflt.sys [483728 2021-10-14] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2022-01-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [435432 2022-01-18] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86248 2022-01-18] (Microsoft Windows -> Microsoft Corporation) U3 aswbdisk; no ImagePath U4 npcap_wifi; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2022-01-22 18:14 - 2022-01-22 18:16 - 000017915 _____ C:\Users\zumaha\Downloads\FRST.txt 2022-01-22 18:02 - 2022-01-22 18:02 - 002311680 _____ (Farbar) C:\Users\zumaha\Downloads\FRST64.exe 2022-01-22 17:57 - 2022-01-22 17:57 - 000000000 ____D C:\Users\zumaha\AppData\Local\NVIDIA 2022-01-22 17:07 - 2022-01-22 17:07 - 000000000 ____D C:\ProgramData\Apple 2022-01-22 17:07 - 2022-01-22 17:07 - 000000000 ____D C:\Program Files\Bonjour 2022-01-22 17:07 - 2022-01-22 17:07 - 000000000 ____D C:\Program Files (x86)\Bonjour 2022-01-22 17:07 - 2021-12-05 20:00 - 000367096 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\SET1B58.tmp 2022-01-22 17:04 - 2022-01-22 17:04 - 000183944 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\fltsrv.sys 2022-01-22 16:49 - 2022-01-22 16:53 - 726744160 _____ C:\Users\zumaha\Downloads\SeagateDiscWizard_39818.exe 2022-01-22 16:38 - 2022-01-22 18:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate 2022-01-22 16:38 - 2022-01-22 18:13 - 000000000 ____D C:\Program Files (x86)\Seagate 2022-01-22 16:22 - 2022-01-22 17:19 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2022-01-22 16:22 - 2022-01-22 16:22 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\1146D79A.sys 2022-01-22 16:22 - 2022-01-22 16:22 - 000000000 ____D C:\ProgramData\Malwarebytes 2022-01-22 16:21 - 2022-01-22 17:19 - 000000000 ____D C:\Users\zumaha\Desktop\mbar 2022-01-22 16:21 - 2022-01-22 16:21 - 014178840 _____ (Malwarebytes Corp.) C:\Users\zumaha\Downloads\mbar-1.10.3.1001.exe 2022-01-22 16:21 - 2022-01-22 16:21 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2022-01-22 14:19 - 2022-01-22 14:19 - 000000000 ____D C:\Users\zumaha\AppData\Roaming\BleachBit 2022-01-22 14:19 - 2022-01-22 14:19 - 000000000 ____D C:\Users\zumaha\AppData\Local\fontconfig 2022-01-22 14:19 - 2022-01-22 14:19 - 000000000 ____D C:\Users\zumaha\.dbus-keyrings 2022-01-22 00:32 - 2022-01-22 00:32 - 000213080 _____ C:\ProgramData\vpn.1642804329.bdinstall.v2.bin 2022-01-22 00:32 - 2022-01-22 00:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender VPN 2022-01-22 00:32 - 2022-01-22 00:32 - 000000000 ____D C:\ProgramData\Bitdefender VPN 2022-01-22 00:32 - 2022-01-22 00:32 - 000000000 ____D C:\ProgramData\AnchorFree_Inc 2022-01-22 00:32 - 2020-02-20 13:02 - 000047920 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tap0901.sys 2022-01-22 00:25 - 2022-01-22 00:25 - 000000000 ____D C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4 2022-01-22 00:22 - 2022-01-22 12:15 - 000000000 ____D C:\Program Files (x86)\Glarysoft 2022-01-22 00:21 - 2022-01-22 00:32 - 000000000 ____D C:\ProgramData\Glarysoft 2022-01-22 00:20 - 2022-01-22 00:32 - 000000000 ____D C:\Users\zumaha\AppData\Roaming\GlarySoft 2022-01-22 00:20 - 2022-01-22 00:20 - 000655580 _____ C:\ProgramData\cl.1642803272.bdinstall.v2.bin 2022-01-22 00:20 - 2022-01-22 00:20 - 000109244 _____ C:\ProgramData\cl.kit.1642803231.bdinstall.v2.bin 2022-01-22 00:20 - 2022-01-22 00:20 - 000000000 ____D C:\Users\zumaha\AppData\Roaming\DiskDefrag 2022-01-22 00:20 - 2022-01-22 00:20 - 000000000 ____D C:\ProgramData\Gemma 2022-01-22 00:20 - 2022-01-22 00:20 - 000000000 ____D C:\ProgramData\Atc 2022-01-22 00:18 - 2022-01-22 00:32 - 000002191 _____ C:\Users\Public\Desktop\Bitdefender VPN.lnk 2022-01-22 00:18 - 2022-01-22 00:18 - 000002338 _____ C:\Users\Public\Desktop\Bitdefender.lnk 2022-01-22 00:18 - 2022-01-22 00:18 - 000000000 ____D C:\WINDOWS\system32\elambkup 2022-01-22 00:18 - 2022-01-22 00:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Security 2022-01-22 00:18 - 2022-01-22 00:18 - 000000000 ____D C:\ProgramData\BDLogging 2022-01-22 00:18 - 2020-12-18 01:33 - 000022976 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys 2022-01-22 00:16 - 2021-10-15 10:51 - 003864480 _____ (Bitdefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\atc.sys 2022-01-22 00:16 - 2021-09-28 14:31 - 000032152 _____ (© Bitdefender SRL) C:\WINDOWS\system32\Drivers\bdprivmon.sys 2022-01-22 00:16 - 2021-09-28 09:37 - 001188744 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\gemma.sys 2022-01-22 00:16 - 2021-08-26 14:48 - 000800672 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bddci.sys 2022-01-22 00:16 - 2021-07-09 00:36 - 000055864 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bduefiscan.sys 2022-01-22 00:15 - 2022-01-22 00:15 - 000000000 ____D C:\Users\zumaha\AppData\Roaming\Bitdefender 2022-01-22 00:15 - 2020-10-07 10:30 - 000185312 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\ignis.sys 2022-01-22 00:14 - 2022-01-22 12:10 - 000000000 ____D C:\ProgramData\Bitdefender 2022-01-22 00:14 - 2022-01-22 00:32 - 000000000 ____D C:\Program Files\Bitdefender 2022-01-22 00:14 - 2021-10-14 03:16 - 000483728 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\vlflt.sys 2022-01-22 00:14 - 2021-09-29 00:33 - 000623008 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\trufos.sys 2022-01-22 00:13 - 2022-01-22 00:15 - 000000000 ____D C:\Program Files\Common Files\Bitdefender 2022-01-22 00:11 - 2022-01-22 00:11 - 000003846 _____ C:\WINDOWS\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 2022-01-22 00:09 - 2022-01-22 00:09 - 000225196 _____ C:\ProgramData\agent.1642802973.bdinstall.v2.bin 2022-01-22 00:09 - 2022-01-22 00:09 - 000000000 ____D C:\ProgramData\Bitdefender Agent 2022-01-22 00:09 - 2022-01-22 00:09 - 000000000 ____D C:\Program Files\Bitdefender Agent 2022-01-22 00:02 - 2022-01-22 18:06 - 000000361 _____ C:\Users\zumaha\Desktop\virus remain after formatting.txt 2022-01-21 23:28 - 2022-01-21 23:28 - 000000015 _____ C:\Users\zumaha\Desktop\steam pw.txt 2022-01-21 23:24 - 2022-01-21 23:25 - 000000000 ____D C:\Users\zumaha\AppData\Local\Steam 2022-01-21 23:14 - 2022-01-22 14:35 - 000000000 ____D C:\Program Files (x86)\Steam 2022-01-21 23:14 - 2022-01-21 23:14 - 000001032 _____ C:\Users\Public\Desktop\Steam.lnk 2022-01-21 23:14 - 2022-01-21 23:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2022-01-21 23:11 - 2022-01-22 00:09 - 000000000 ____D C:\ProgramData\WRData 2022-01-21 23:02 - 2022-01-21 23:02 - 000000000 ____D C:\ProgramData\NortonRnR 2022-01-21 22:53 - 2022-01-22 12:18 - 000296696 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2022-01-21 22:42 - 2022-01-21 22:42 - 000000104 _____ C:\WINDOWS\K7TSUsrInfo.dat 2022-01-21 22:41 - 2022-01-21 22:41 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2022-01-21 22:36 - 2022-01-21 22:44 - 000000012 _____ C:\ProgramData\oianbuax.xrl 2022-01-21 22:36 - 2022-01-21 22:44 - 000000012 _____ C:\ProgramData\nwckvbae.sbg 2022-01-21 22:36 - 2022-01-21 22:36 - 000000016 _____ C:\ProgramData\rtmeslt 2022-01-21 22:36 - 2022-01-21 22:36 - 000000012 _____ C:\ProgramData\tdcwanbf.gos 2022-01-21 22:36 - 2022-01-21 22:36 - 000000012 _____ C:\ProgramData\jjpoqeig.pvf 2022-01-21 22:36 - 2022-01-21 22:36 - 000000008 _____ C:\ProgramData\okekxhuw.kxh 2022-01-21 22:36 - 2022-01-21 22:36 - 000000008 _____ C:\ProgramData\ewmjdrdx.ejw 2022-01-21 22:36 - 2022-01-21 22:36 - 000000000 ____D C:\Program Files (x86)\NoVirusThanks 2022-01-21 22:35 - 2022-01-21 22:45 - 000000000 ____D C:\Program Files\NoVirusThanks 2022-01-21 22:25 - 2022-01-21 22:26 - 000000000 ____D C:\Users\zumaha\AppData\Local\WhyNotWin11 2022-01-21 22:09 - 2022-01-21 22:42 - 000000290 __RSH C:\ProgramData\ntuser.pol 2022-01-21 22:08 - 2022-01-21 22:49 - 000000000 ____D C:\ProgramData\K7 Computing 2022-01-21 22:04 - 2022-01-21 22:04 - 000000000 ____D C:\Users\zumaha\AppData\LocalLow\IGDump 2022-01-21 20:42 - 2022-01-21 23:03 - 000000000 ____D C:\ProgramData\Norton 2022-01-21 20:42 - 2022-01-21 20:42 - 000000000 ____D C:\ProgramData\NortonInstaller 2022-01-21 20:25 - 2022-01-21 20:38 - 000000000 ____D C:\ProgramData\Evorim 2022-01-21 20:25 - 2022-01-21 20:28 - 000000000 ____D C:\Users\zumaha\AppData\Roaming\FreeFirewall 2022-01-21 20:25 - 2022-01-21 20:25 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evorim 2022-01-21 20:23 - 2022-01-21 20:23 - 000000000 ____D C:\Program Files\Common Files\Evorim 2022-01-21 18:42 - 2022-01-21 18:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\Ivanti 2022-01-21 17:40 - 2022-01-21 20:40 - 000000000 ____D C:\Users\zumaha\AppData\Roaming\Panda Security 2022-01-21 17:40 - 2022-01-21 17:40 - 000000000 ____D C:\WINDOWS\system32\gf2engine 2022-01-21 17:38 - 2022-01-21 22:53 - 000000000 ____D C:\Program Files (x86)\Panda Security 2022-01-21 17:37 - 2022-01-21 20:41 - 000000000 ____D C:\ProgramData\Panda Security 2022-01-21 17:26 - 2022-01-21 17:26 - 000000000 ____D C:\Program Files (x86)\Tweaking.com 2022-01-21 16:24 - 2022-01-21 20:36 - 000000000 ____D C:\Program Files\Npcap 2022-01-21 16:23 - 2022-01-21 16:23 - 000000000 ____D C:\Snort 2022-01-21 12:15 - 2022-01-21 23:24 - 000002362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk 2022-01-21 12:15 - 2022-01-21 23:24 - 000002321 _____ C:\Users\Public\Desktop\Brave.lnk 2022-01-21 12:15 - 2022-01-21 12:15 - 000000000 ____D C:\Program Files\BraveSoftware 2022-01-21 12:14 - 2022-01-21 12:14 - 000003442 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineUA 2022-01-21 12:14 - 2022-01-21 12:14 - 000003318 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineCore 2022-01-21 12:14 - 2022-01-21 12:14 - 000000000 ____D C:\Program Files (x86)\BraveSoftware 2022-01-20 20:19 - 2022-01-21 17:44 - 000000000 ____D C:\Users\zumaha\AppData\Roaming\TeamViewer 2022-01-20 19:47 - 2022-01-21 17:00 - 000000000 ____D C:\cfrbackup-AYLNLFDX 2022-01-20 19:44 - 2022-01-21 17:26 - 000000000 ____D C:\Program Files\Common Files\Quick Heal 2022-01-20 19:44 - 2022-01-20 19:44 - 000000000 ____D C:\Program Files\Quick Heal 2022-01-20 19:23 - 2022-01-20 19:23 - 000000000 ____D C:\Program Files (x86)\F-Secure 2022-01-20 19:20 - 2022-01-20 19:33 - 000000000 ____D C:\ProgramData\F-Secure 2022-01-20 19:20 - 2022-01-20 19:30 - 000000000 ____D C:\Users\zumaha\AppData\Local\F-Secure 2022-01-20 19:13 - 2022-01-20 19:13 - 000000085 _____ C:\WINDOWS\wininit.ini 2022-01-20 19:00 - 2022-01-20 19:13 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy 2022-01-20 19:00 - 2022-01-20 19:00 - 000000000 ____D C:\WINDOWS\system32\Tasks\Safer-Networking 2022-01-20 18:59 - 2022-01-21 12:15 - 000000000 ____D C:\Users\zumaha\AppData\Local\BraveSoftware 2022-01-20 18:18 - 2022-01-20 18:29 - 000000000 ____D C:\EEK 2022-01-20 18:13 - 2022-01-20 18:13 - 000000000 _____ C:\WINDOWS\system32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82} 2022-01-20 13:58 - 2022-01-21 17:44 - 000000000 ____D C:\Program Files\Defraggler 2022-01-20 13:58 - 2022-01-20 13:58 - 000001765 _____ C:\Users\Public\Desktop\Defraggler.lnk 2022-01-20 13:58 - 2022-01-20 13:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler 2022-01-20 08:43 - 2022-01-20 08:43 - 000055479 _____ C:\Users\zumaha\Desktop\TDSSKILLER LOG.txt 2022-01-20 08:21 - 2022-01-20 08:21 - 000208216 _____ C:\WINDOWS\system32\Drivers\41388804.sys 2022-01-19 16:42 - 2022-01-19 16:42 - 000000000 ____D C:\Users\zumaha\VirtualBox VMs 2022-01-19 16:34 - 2022-01-19 17:09 - 000000000 ____D C:\Users\zumaha\.VirtualBox 2022-01-19 16:34 - 2022-01-19 16:34 - 000000000 ____D C:\ProgramData\VirtualBox 2022-01-19 16:33 - 2022-01-19 16:33 - 000001149 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk 2022-01-19 16:33 - 2022-01-19 16:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox 2022-01-19 16:33 - 2022-01-17 04:12 - 001046416 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxSup.sys 2022-01-19 16:33 - 2022-01-17 04:12 - 000188184 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys 2022-01-19 16:32 - 2022-01-19 16:32 - 000000000 ____D C:\Program Files\Oracle 2022-01-19 16:16 - 2022-01-21 17:44 - 000000000 ____D C:\WINDOWS\Minidump 2022-01-19 09:54 - 2022-01-19 18:05 - 000000000 ____D C:\Users\zumaha\AppData\Roaming\vlc 2022-01-19 09:53 - 2022-01-19 09:53 - 000000916 _____ C:\Users\Public\Desktop\VLC media player.lnk 2022-01-19 09:53 - 2022-01-19 09:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2022-01-19 09:52 - 2022-01-19 09:52 - 000000000 ____D C:\Program Files\VideoLAN 2022-01-19 08:37 - 2022-01-19 08:37 - 022174424 _____ (LLC Mail.Ru) C:\WINDOWS\system32\mracsvc.exe 2022-01-19 08:37 - 2022-01-19 08:37 - 021413808 _____ (LLC Mail.Ru) C:\WINDOWS\system32\Drivers\mracdrv1.sys 2022-01-19 07:21 - 2022-01-19 07:21 - 000000000 ____D C:\Users\zumaha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MY.GAMES 2022-01-19 06:47 - 2022-01-20 13:55 - 000007625 _____ C:\Users\zumaha\AppData\Local\Resmon.ResmonCfg 2022-01-18 22:14 - 2022-01-21 10:52 - 000000000 ____D C:\temp 2022-01-18 22:12 - 2022-01-18 22:12 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation 2022-01-18 22:10 - 2018-04-12 23:02 - 000998432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2022-01-18 22:10 - 2018-04-12 23:02 - 000950016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2022-01-18 22:10 - 2018-04-12 23:01 - 001985112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439135.dll 2022-01-18 22:10 - 2018-04-12 23:01 - 001683712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439135.dll 2022-01-18 22:10 - 2018-04-12 23:01 - 001138720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2022-01-18 22:10 - 2018-04-12 23:01 - 001065888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2022-01-18 22:10 - 2018-04-12 23:01 - 000054272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll 2022-01-18 22:10 - 2018-04-12 23:00 - 040278616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll 2022-01-18 22:10 - 2018-04-12 23:00 - 035188992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll 2022-01-18 22:10 - 2018-04-12 23:00 - 004318112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2022-01-18 22:10 - 2018-04-12 23:00 - 003719096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2022-01-18 22:10 - 2018-04-12 22:58 - 019855144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll 2022-01-18 22:10 - 2018-04-12 22:58 - 016496768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll 2022-01-18 22:10 - 2018-04-12 22:58 - 013571520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll 2022-01-18 22:10 - 2018-04-12 22:58 - 011132384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll 2022-01-18 22:10 - 2018-04-12 22:58 - 001153752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll 2022-01-18 22:10 - 2018-04-12 22:57 - 012967056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2022-01-18 22:10 - 2018-04-12 22:57 - 000902096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll 2022-01-18 22:10 - 2018-04-12 22:56 - 011001504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2022-01-18 22:10 - 2018-04-12 22:56 - 003939624 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll 2022-01-18 20:52 - 2022-01-22 13:35 - 000000000 ____D C:\Users\zumaha\AppData\Roaming\discord 2022-01-18 20:52 - 2022-01-20 18:13 - 000002395 _____ C:\Users\zumaha\Desktop\Discord.lnk 2022-01-18 20:52 - 2022-01-18 20:52 - 000000000 ____D C:\Users\zumaha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc 2022-01-18 20:51 - 2022-01-22 12:24 - 000000000 ____D C:\Users\zumaha\AppData\Local\Discord 2022-01-18 20:51 - 2022-01-21 17:44 - 000000000 ____D C:\Users\zumaha\AppData\Local\SquirrelTemp 2022-01-18 17:03 - 2022-01-18 17:03 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2022-01-18 16:53 - 2022-01-18 16:53 - 000000000 ___HD C:\$WinREAgent 2022-01-18 16:50 - 2022-01-18 16:50 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2022-01-18 16:49 - 2022-01-18 16:49 - 000001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk 2022-01-18 16:49 - 2022-01-18 16:49 - 000000000 ____D C:\Program Files\PCHealthCheck 2022-01-18 10:33 - 2022-01-22 13:35 - 000000000 ____D C:\Users\zumaha\AppData\Local\GameCenter 2022-01-18 10:33 - 2022-01-20 18:13 - 000002255 _____ C:\Users\zumaha\Desktop\MY.GAMES GameCenter.lnk 2022-01-18 10:33 - 2022-01-19 14:51 - 000000246 _____ C:\Users\zumaha\Desktop\Allods Online.url 2022-01-18 10:33 - 2022-01-18 10:34 - 000000000 ____D C:\MyGames 2022-01-18 10:33 - 2022-01-18 10:33 - 000000000 ____D C:\Users\zumaha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games 2022-01-17 04:12 - 2022-01-17 04:12 - 000249560 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetLwf.sys 2022-01-17 04:12 - 2022-01-17 04:12 - 000239648 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetAdp6.sys 2022-01-15 21:34 - 2022-01-15 21:34 - 000000000 ____D C:\Users\zumaha\AppData\Local\Citadel_Studios 2022-01-15 18:10 - 2022-01-15 19:54 - 000000015 _____ C:\Users\zumaha\Desktop\Archeage Password.txt 2022-01-15 18:06 - 2022-01-18 19:13 - 000000000 ____D C:\Users\zumaha\AppData\Local\Archeage 2022-01-15 16:05 - 2022-01-15 16:05 - 000000112 ___SH C:\bootTel.dat 2022-01-14 19:59 - 2022-01-14 19:59 - 000000000 ____D C:\Users\zumaha\AppData\Roaming\obs-studio 2022-01-14 19:58 - 2022-01-14 19:59 - 000000000 ____D C:\Users\zumaha\AppData\Local\NCStreaming 2022-01-14 19:30 - 2022-01-15 18:02 - 000000000 ____D C:\Program Files (x86)\NCSOFT 2022-01-13 20:30 - 2022-01-13 21:18 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys 2022-01-13 20:27 - 2022-01-15 21:32 - 000000000 ____D C:\ProgramData\Avast Software 2022-01-13 20:24 - 2022-01-13 20:22 - 004146112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgremoverx.exe 2022-01-13 18:44 - 2022-01-20 18:46 - 000003590 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2022-01-13 18:44 - 2022-01-20 18:46 - 000003494 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d8086bcb9dd83 2022-01-13 18:17 - 2022-01-13 18:18 - 000000000 ____D C:\ProgramData\Wondershare 2022-01-13 18:16 - 2022-01-13 18:18 - 000000000 ____D C:\Users\zumaha\Documents\Wondershare DVD Creator 2022-01-13 18:16 - 2022-01-13 18:16 - 000000000 ____D C:\Users\zumaha\AppData\Local\Wondershare 2022-01-13 18:16 - 2022-01-13 18:16 - 000000000 ____D C:\Program Files (x86)\Wondershare 2022-01-13 18:15 - 2022-01-13 19:32 - 000000000 ____D C:\ProgramData\wDcLibs 2022-01-13 18:15 - 2022-01-13 18:17 - 000000000 ____D C:\Users\Public\Documents\Wondershare 2022-01-13 18:11 - 2022-01-20 18:13 - 000002616 _____ C:\Users\zumaha\Desktop\balenaEtcher.lnk 2022-01-13 18:11 - 2022-01-13 18:12 - 000000000 ____D C:\Users\zumaha\AppData\Roaming\balena-etcher 2022-01-13 18:11 - 2022-01-13 18:11 - 000002461 _____ C:\Users\zumaha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\balenaEtcher.lnk 2022-01-13 18:11 - 2022-01-13 18:11 - 000000000 ____D C:\Users\zumaha\AppData\Local\balena-etcher-updater 2022-01-13 17:48 - 2022-01-13 18:04 - 000000000 ____D C:\Users\zumaha\AppData\Roaming\ImgBurn 2022-01-13 17:17 - 2022-01-13 17:17 - 000001189 _____ C:\Users\Public\Desktop\Avira.lnk 2022-01-13 16:51 - 2022-01-13 16:51 - 000001946 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk 2022-01-13 16:51 - 2022-01-13 16:51 - 000001934 _____ C:\Users\Public\Desktop\ImgBurn.lnk 2022-01-13 16:51 - 2022-01-13 16:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn 2022-01-13 16:51 - 2022-01-13 16:51 - 000000000 ____D C:\Program Files (x86)\ImgBurn 2022-01-13 16:12 - 2022-01-13 16:12 - 000000000 ____D C:\Users\zumaha\AppData\Local\D3DSCache 2022-01-13 15:58 - 2022-01-13 15:58 - 000000000 ____D C:\Users\zumaha\AppData\Local\UniCompactView 2022-01-13 15:56 - 2022-01-22 16:00 - 000000000 ____D C:\Users\zumaha\AppData\Roaming\CC 2022-01-13 15:56 - 2022-01-13 15:56 - 000000000 ____D C:\Users\zumaha\AppData\Roaming\Netease 2022-01-13 15:50 - 2022-01-13 15:50 - 000001955 _____ C:\Users\zumaha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cyber Hunteruninstall.lnk 2022-01-13 15:50 - 2022-01-13 15:50 - 000001948 _____ C:\Users\zumaha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cyber Hunter.lnk 2022-01-13 15:50 - 2022-01-13 15:50 - 000001918 _____ C:\Users\zumaha\Desktop\Cyber Hunter.lnk 2022-01-13 15:50 - 2022-01-13 15:50 - 000000000 ____D C:\Users\zumaha\AppData\Local\UniSDK 2022-01-13 15:44 - 2022-01-22 15:59 - 000000000 ____D C:\Program Files (x86)\Cyber Hunter 2022-01-13 15:44 - 2022-01-13 15:44 - 000048179 _____ C:\Users\zumaha\Cyber Hunter_license.htm 2022-01-13 15:05 - 2022-01-21 19:52 - 000000000 ____D C:\Users\zumaha\AppData\Local\PlaceholderTileLogoFolder 2022-01-13 14:39 - 2022-01-13 14:42 - 000000000 ____D C:\AdwCleaner 2022-01-13 14:29 - 2022-01-13 14:29 - 000000000 ____D C:\Users\zumaha\AppData\Local\mbam 2022-01-13 13:16 - 2022-01-15 19:35 - 000002918 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2093924780-1149955631-761437044-1001 2022-01-13 13:14 - 2022-01-13 13:33 - 000000000 ____D C:\ProgramData\RogueKiller 2022-01-13 13:14 - 2022-01-13 13:14 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk 2022-01-13 13:14 - 2022-01-13 13:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2022-01-13 13:13 - 2022-01-13 13:14 - 000000000 ____D C:\Program Files\RogueKiller 2022-01-13 13:12 - 2022-01-13 13:12 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2022-01-13 13:04 - 2022-01-13 13:04 - 000000020 ___SH C:\Users\zumaha\ntuser.ini 2022-01-13 13:00 - 2022-01-13 13:00 - 000000000 _SHDL C:\Documents and Settings 2022-01-13 12:59 - 2022-01-22 13:25 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2022-01-13 12:59 - 2022-01-18 22:37 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2022-01-13 12:57 - 2022-01-13 12:59 - 000007623 _____ C:\WINDOWS\diagwrn.xml 2022-01-13 12:57 - 2022-01-13 12:59 - 000007623 _____ C:\WINDOWS\diagerr.xml 2022-01-13 12:35 - 2022-01-18 22:28 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2022-01-13 12:23 - 2022-01-13 12:23 - 000000000 ____D C:\Program Files (x86)\VulkanRT 2022-01-13 12:23 - 2017-11-09 04:43 - 000540784 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2022-01-13 12:23 - 2017-11-09 04:43 - 000446392 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2022-01-13 12:22 - 2022-01-20 18:55 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2022-01-13 12:22 - 2022-01-20 18:55 - 000002288 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2022-01-13 12:17 - 2022-01-22 17:57 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2022-01-13 12:17 - 2022-01-22 13:25 - 000008192 ___SH C:\DumpStack.log.tmp 2022-01-13 12:16 - 2022-01-13 13:01 - 000000000 ____D C:\Windows.old 2022-01-13 02:23 - 2022-01-13 12:16 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate 2022-01-13 02:22 - 2022-01-22 14:19 - 000000000 ____D C:\Users\zumaha 2022-01-13 02:22 - 2022-01-13 13:16 - 000002394 _____ C:\Users\zumaha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2022-01-13 02:19 - 2022-01-13 02:23 - 000000000 ____D C:\WINDOWS\ServiceProfiles 2022-01-13 02:06 - 2022-01-13 02:06 - 000000000 ____D C:\WINDOWS\SystemTemp 2022-01-13 02:06 - 2022-01-13 02:06 - 000000000 ____D C:\ProgramData\ssh 2022-01-13 01:43 - 2022-01-13 01:43 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll 2022-01-13 01:40 - 2022-01-13 01:40 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr 2022-01-13 01:40 - 2022-01-13 01:40 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr 2022-01-13 01:40 - 2022-01-13 01:40 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll 2022-01-13 01:39 - 2022-01-13 01:39 - 000464384 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe 2022-01-13 01:39 - 2022-01-13 01:39 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll 2022-01-13 01:39 - 2022-01-13 01:39 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll 2022-01-13 01:38 - 2022-01-13 01:38 - 002371072 _____ C:\WINDOWS\system32\rdpnano.dll 2022-01-13 01:38 - 2022-01-13 01:38 - 000672768 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll 2022-01-13 01:38 - 2022-01-13 01:38 - 000523776 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe 2022-01-13 01:38 - 2022-01-13 01:38 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll 2022-01-13 01:37 - 2022-01-13 01:37 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll 2022-01-13 01:37 - 2022-01-13 01:37 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll 2022-01-13 01:37 - 2022-01-13 01:37 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll 2022-01-13 01:37 - 2022-01-13 01:37 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll 2022-01-13 01:37 - 2022-01-13 01:37 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll 2022-01-13 01:37 - 2022-01-13 01:37 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2022-01-13 01:37 - 2022-01-13 01:37 - 000011797 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2022-01-13 01:36 - 2022-01-13 01:36 - 002111488 _____ (Digimarc) C:\WINDOWS\SysWOW64\DMRCDecoder.dll 2022-01-13 01:36 - 2022-01-13 01:36 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll 2022-01-13 01:36 - 2022-01-13 01:36 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll 2022-01-13 01:36 - 2022-01-13 01:36 - 000611960 _____ C:\WINDOWS\SysWOW64\TextShaping.dll 2022-01-13 01:36 - 2022-01-13 01:36 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll 2022-01-13 01:36 - 2022-01-13 01:36 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll 2022-01-13 01:36 - 2022-01-13 01:36 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll 2022-01-13 01:35 - 2022-01-13 01:35 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll 2022-01-13 01:35 - 2022-01-13 01:35 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll 2022-01-13 01:35 - 2022-01-13 01:35 - 001164288 _____ C:\WINDOWS\system32\MBR2GPT.EXE 2022-01-13 01:35 - 2022-01-13 01:35 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll 2022-01-13 01:35 - 2022-01-13 01:35 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll 2022-01-13 01:35 - 2022-01-13 01:35 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll 2022-01-13 01:35 - 2022-01-13 01:35 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll 2022-01-13 01:35 - 2022-01-13 01:35 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll 2022-01-13 01:35 - 2022-01-13 01:35 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe 2022-01-13 01:35 - 2022-01-13 01:35 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll 2022-01-13 01:35 - 2022-01-13 01:35 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe 2022-01-13 01:33 - 2022-01-13 01:33 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll 2022-01-13 01:33 - 2022-01-13 01:33 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe 2022-01-13 01:33 - 2022-01-13 01:33 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2022-01-13 01:33 - 2022-01-13 01:33 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt 2022-01-13 01:32 - 2022-01-13 01:32 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll 2022-01-13 01:32 - 2022-01-13 01:32 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll 2022-01-13 01:32 - 2022-01-13 01:32 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe 2022-01-13 01:32 - 2022-01-13 01:32 - 000098304 _____ C:\WINDOWS\system32\Drivers\cimfs.sys 2022-01-13 01:31 - 2022-01-13 01:31 - 002295296 _____ (Digimarc) C:\WINDOWS\system32\DMRCDecoder.dll 2022-01-13 01:31 - 2022-01-13 01:31 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll 2022-01-13 01:31 - 2022-01-13 01:31 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll 2022-01-13 01:31 - 2022-01-13 01:31 - 000706536 _____ C:\WINDOWS\system32\TextShaping.dll 2022-01-13 01:31 - 2022-01-13 01:31 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll 2022-01-13 01:31 - 2022-01-13 01:31 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll 2022-01-13 01:31 - 2022-01-13 01:31 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll 2022-01-13 01:31 - 2022-01-13 01:31 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll 2022-01-13 01:30 - 2022-01-13 01:30 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin 2022-01-13 01:30 - 2022-01-13 01:30 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll 2022-01-13 01:30 - 2022-01-13 01:30 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll 2022-01-13 01:30 - 2022-01-13 01:30 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll 2022-01-13 01:30 - 2022-01-13 01:30 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe 2022-01-13 01:30 - 2022-01-13 01:30 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2022-01-13 01:30 - 2022-01-13 01:30 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll 2022-01-13 01:30 - 2022-01-13 01:30 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll 2022-01-13 01:30 - 2022-01-13 01:30 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll 2022-01-13 01:30 - 2022-01-13 01:30 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll 2022-01-13 01:30 - 2022-01-13 01:30 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe 2022-01-13 01:29 - 2022-01-13 01:29 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll 2022-01-13 01:29 - 2022-01-13 01:29 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll 2022-01-13 00:50 - 2022-01-13 00:50 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml 2022-01-13 00:50 - 2022-01-13 00:50 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml 2022-01-13 00:27 - 2022-01-21 23:49 - 000000000 ____D C:\Users\zumaha\AppData\Local\CrashDumps 2022-01-13 00:27 - 2022-01-13 00:27 - 000008192 _____ C:\WINDOWS\system32\config\userdiff 2022-01-12 23:23 - 2022-01-18 10:13 - 000000000 ____D C:\ProgramData\Packages 2022-01-12 22:46 - 2022-01-13 02:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits 2022-01-12 22:46 - 2022-01-12 22:46 - 000000000 ____D C:\Program Files (x86)\Windows Kits 2022-01-12 21:58 - 2022-01-21 19:23 - 000000000 ___DC C:\WINDOWS\Panther 2022-01-12 21:46 - 2022-01-22 18:15 - 000000000 ____D C:\FRST 2022-01-12 20:15 - 2017-10-27 18:12 - 005960824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll 2022-01-12 20:15 - 2017-10-27 18:12 - 002587768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll 2022-01-12 20:15 - 2017-10-27 18:12 - 001766520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll 2022-01-12 20:15 - 2017-10-27 18:12 - 000607168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll 2022-01-12 20:15 - 2017-10-27 18:12 - 000449656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll 2022-01-12 20:15 - 2017-10-27 18:12 - 000123000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll 2022-01-12 20:15 - 2017-10-27 18:12 - 000081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll 2022-01-12 20:15 - 2017-10-25 12:33 - 007802921 _____ C:\WINDOWS\system32\nvcoproc.bin 2022-01-12 20:14 - 2022-01-22 13:25 - 000000000 ____D C:\ProgramData\NVIDIA 2022-01-12 20:14 - 2017-10-27 18:36 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat 2022-01-12 20:13 - 2022-01-18 22:16 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2022-01-12 20:13 - 2022-01-18 22:12 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2022-01-12 18:16 - 2022-01-12 18:18 - 000000000 ____D C:\WINDOWS\system32\MRT 2022-01-12 18:15 - 2022-01-13 13:08 - 000000000 ____D C:\Program Files\rempl 2022-01-12 18:15 - 2022-01-12 18:26 - 000000000 ____D C:\Program Files\ruxim 2022-01-12 18:10 - 2022-01-12 18:10 - 000000000 ____D C:\Users\zumaha\AppData\Local\CEF 2022-01-12 18:06 - 2022-01-12 18:27 - 000000000 ____D C:\Program Files\CUAssistant 2022-01-12 18:04 - 2022-01-12 18:04 - 000000000 ____D C:\ProgramData\Mozilla 2022-01-12 18:00 - 2022-01-21 22:07 - 000000000 ____D C:\ProgramData\AVG 2022-01-12 17:55 - 2022-01-19 16:11 - 000055248 ____N (AVG Technologies) C:\WINDOWS\system32\Drivers\rm.sys 2022-01-12 17:40 - 2022-01-12 17:40 - 000000000 ____D C:\Users\zumaha\AppData\Local\GUI 2022-01-12 17:40 - 2022-01-12 17:40 - 000000000 ____D C:\Users\zumaha\AppData\Local\DBG 2022-01-12 17:25 - 2022-01-18 22:12 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2022-01-12 17:20 - 2022-01-12 17:20 - 000000000 ____D C:\Users\Public\Speedup Sessions 2022-01-12 17:17 - 2022-01-21 12:30 - 000000000 ____D C:\Users\zumaha\AppData\LocalLow\Mozilla 2022-01-12 17:17 - 2022-01-19 19:12 - 000000000 ____D C:\Users\Public\PrivacyPal Sessions 2022-01-12 17:17 - 2022-01-12 17:17 - 000000000 ____D C:\Users\zumaha\AppData\Roaming\librewolf 2022-01-12 17:17 - 2022-01-12 17:17 - 000000000 ____D C:\Users\zumaha\AppData\Local\librewolf 2022-01-12 17:15 - 2022-01-13 17:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2022-01-12 17:15 - 2022-01-12 17:18 - 000000000 ____D C:\Program Files (x86)\Avira 2022-01-12 17:14 - 2022-01-22 16:38 - 000000000 ____D C:\ProgramData\Package Cache 2022-01-12 17:14 - 2022-01-12 17:18 - 000000000 ____D C:\ProgramData\Avira 2022-01-12 17:10 - 2022-01-12 17:11 - 000000000 ____D C:\Users\zumaha\AppData\Local\MicrosoftEdge 2022-01-12 17:10 - 2022-01-12 17:10 - 000000000 ___HD C:\Users\zumaha\MicrosoftEdgeBackups 2022-01-12 15:07 - 2022-01-12 15:07 - 000000000 ___RD C:\Users\zumaha\OneDrive 2022-01-12 15:06 - 2022-01-12 15:06 - 000000000 ____D C:\Users\zumaha\AppData\Local\Comms 2022-01-12 15:01 - 2022-01-12 15:01 - 000000000 ____D C:\Users\zumaha\AppData\Local\Publishers 2022-01-12 15:00 - 2022-01-21 19:26 - 000000000 ____D C:\Users\zumaha\AppData\Local\Packages 2022-01-12 15:00 - 2022-01-13 13:06 - 000000000 __RHD C:\Users\Public\AccountPictures 2022-01-12 15:00 - 2022-01-13 13:06 - 000000000 ___RD C:\Users\zumaha\3D Objects 2022-01-12 15:00 - 2022-01-13 13:05 - 000000000 ____D C:\Users\zumaha\AppData\Local\ConnectedDevicesPlatform 2022-01-12 15:00 - 2022-01-12 15:00 - 000000000 ____D C:\Users\zumaha\AppData\Roaming\Adobe 2022-01-12 15:00 - 2022-01-12 15:00 - 000000000 ____D C:\Users\zumaha\AppData\Local\VirtualStore ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2022-01-22 18:01 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2022-01-22 14:29 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2022-01-22 12:13 - 2019-12-07 11:03 - 000262144 _____ C:\WINDOWS\system32\config\BBI 2022-01-22 11:59 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files 2022-01-22 11:59 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\Offline Web Pages 2022-01-22 00:32 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF 2022-01-22 00:08 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2022-01-21 22:48 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Help 2022-01-21 22:09 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy 2022-01-21 22:09 - 2017-09-29 15:46 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy 2022-01-21 19:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2022-01-21 19:17 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps 2022-01-21 17:44 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2022-01-19 19:26 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2022-01-18 22:37 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows Defender 2022-01-13 19:35 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\appcompat 2022-01-13 13:28 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog 2022-01-13 13:07 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2022-01-13 13:04 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\USOPrivate 2022-01-13 13:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2022-01-13 12:33 - 2019-12-07 11:14 - 000000000 __RHD C:\Users\Public\Libraries 2022-01-13 12:20 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState 2022-01-13 12:16 - 2019-12-07 11:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template 2022-01-13 12:16 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase 2022-01-13 12:16 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\spool 2022-01-13 12:16 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated 2022-01-13 12:16 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\system32\MsDtc 2022-01-13 12:06 - 2019-12-07 11:18 - 000000000 ____D C:\WINDOWS\Setup 2022-01-13 02:27 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\InfusedApps 2022-01-13 02:24 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Resources 2022-01-13 02:24 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2022-01-13 02:24 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\system32\Macromed 2022-01-13 02:06 - 2019-12-07 16:45 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2022-01-13 02:06 - 2019-12-07 16:45 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2022-01-13 02:06 - 2019-12-07 16:43 - 000000000 ____D C:\WINDOWS\system32\OpenSSH 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\UNP 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\F12 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Keywords 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\DDFs 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Com 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\appraiser 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellExperiences 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellComponents 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\IME 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\DiagTrack 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\System 2022-01-13 02:06 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender 2022-01-13 02:06 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\servicing 2022-01-13 01:50 - 2019-12-07 16:45 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll 2022-01-13 01:50 - 2019-12-07 16:45 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml 2022-01-13 00:49 - 2019-12-07 16:42 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN 2022-01-13 00:49 - 2019-12-07 16:42 - 000000000 ____D C:\WINDOWS\system32\WCN 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET 2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA 2022-01-12 21:32 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\TextInput 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\vi-VN 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\ur-PK 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\ug-CN 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\tt-RU 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\tk-TM 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\te-IN 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\sw-KE 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\sq-AL 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\quz-PE 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\prs-AF 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\pa-IN 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\or-IN 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\nn-NO 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\ne-NP 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\mt-MT 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\mr-IN 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\mn-MN 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\ml-IN 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\mk-MK 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\mi-NZ 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\lo-LA 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\lb-LU 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\ky-KG 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\kok-IN 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\kn-IN 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\km-KH 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\kk-KZ 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\ka-GE 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\is-IS 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\id-ID 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\hy-AM 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\gu-IN 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\gd-GB 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\ga-IE 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\fil-PH 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\fa-IR 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\cy-GB 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\bn-IN 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\bn-BD 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\be-BY 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\as-IN 2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\WINDOWS\system32\af-ZA ==================== Files in the root of some directories ======== 2022-01-19 06:47 - 2022-01-20 13:55 - 000007625 _____ () C:\Users\zumaha\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================