Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.03.2024 Ran by Aya (administrator) on AYA (Dell Inc. Inspiron 15 5510) (19-03-2024 20:08:53) Running from C:\Users\Aya\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak\1.56.0_0\lib\FRST64.exe Loaded Profiles: Aya Platform: Microsoft Windows 11 Pro Version 23H2 22631.3296 (X64) Language: English (United States) Default browser: FF Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe ->) (CHENGDU YIWO Tech Development Co., Ltd. -> ) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2> (C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.UserProcess.exe (C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\DCF\Dell.DCF.UA.Bradbury.API.SubAgent.exe (C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\AnalyticsSubAgent\Dell.TechHub.Analytics.SubAgent.exe (C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\DataManagerSubAgent\Dell.TechHub.DataManager.SubAgent.exe (C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\DiagnosticsSubAgent\Dell.TechHub.Diagnostics.SubAgent.exe (C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe (C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_appbroker.exe (C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe (C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (C:\Users\Aya\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe ->) (Wondershare Technology Group Co.,Ltd -> Wondershare) C:\Users\Aya\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe (cmd.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (cmd.exe ->) (Tonec Inc. -> Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMMsgHost.exe (DriverStore\FileRepository\cui_dch.inf_amd64_6673c5322430fc8a\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_6673c5322430fc8a\igfxEMN.exe (DriverStore\FileRepository\dptf_cpu.inf_amd64_1da48d5885266bb7\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_1da48d5885266bb7\dptf_helper.exe (explorer.exe ->) () [File not signed] [File is in use] E:\E\Softwares\2022 Using\Text-Grab-Self-Contained-2023-12-16\Text-Grab-Self-Contained\Text-Grab.exe (explorer.exe ->) (BitTorrent Inc -> BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe (explorer.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2401.26.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <12> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wscript.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <21> (services.exe ->) () [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe (services.exe ->) () [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe (services.exe ->) () [File not signed] C:\Program Files (x86)\Sophos\Connect\charon-svc.exe (services.exe ->) (AdAvoid Ltd -> AdAvoid Ltd) C:\Program Files\AdBlocker Ultimate\AdBlockerUltimateService.exe (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (services.exe ->) (AnyDesk Software GmbH -> AnyDesk Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (services.exe ->) (AOMEI International Network Limited -> AOMEI International Network Limited) C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.3.3\ABService.exe (services.exe ->) (Avanquest Software (7270356 Canada Inc) -> Avanquest Software) C:\Program Files\Soda PDF Desktop 14\activation-service.exe (services.exe ->) (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\ensserver.exe (services.exe ->) (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe (services.exe ->) (CleverFiles) [File not signed] C:\Program Files\CleverFiles\Disk Drill\cfbackd.w32.exe (services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe (services.exe ->) (Dell Inc -> Dell INC.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe (services.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe (services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe (services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe (services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe (services.exe ->) (Dell Inc -> Dell) C:\Program Files\Dell\TechHub\Dell.TechHub.exe (services.exe ->) (FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Common Files\Foxit\Foxit PDF Editor\FoxitPDFEditorUpdateService.exe (services.exe ->) (Glarysoft Ltd -> Glarysoft Ltd) C:\Program Files (x86)\Common Files\Glarysoft\StartupManager\1.0\GUBootService.exe (services.exe ->) (Glarysoft Ltd -> Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities\x64\MemfilesService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_6673c5322430fc8a\igfxCUIServiceN.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_1da48d5885266bb7\esif_uf.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a687edda40db3316\OneApp.IGCC.WinService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_3fd734cf72127ac9\IntelCpHDCPSvc.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_ab7d4ea1d12c01d4\WMIRegistrationService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\TbtP2pShortcutService.exe (services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_29fd1afabcf5470c\AS\IAS\IntelAudioService.exe (services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe (services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe (services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Windows\System32\DriverStore\FileRepository\logi_lamparray_usb.inf_amd64_0772df9f9e65a702\logi_lamparray_service.exe (services.exe ->) (Malwarebytes Corporation -> Malwarebytes) C:\ProgramData\MB3Install\MBAMIService.exe (services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Windows Firewall Control\wfcs.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4> (services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe (services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe (services.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordUpdater\NordUpdateService.exe (services.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordVPN\nordvpn-service.exe (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_04ff63d068f8c626\RtkAudUService64.exe <2> (services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe (services.exe ->) (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe (services.exe ->) (Shenzhen Goodix Technology Co., Ltd. -> Goodix) C:\Windows\System32\drivers\GoodixSessionService.exe (services.exe ->) (Sophos Ltd -> Sophos) C:\Program Files (x86)\Sophos\Connect\scvpn.exe (services.exe ->) (Synology Inc. -> ) C:\Program Files (x86)\Synology\ActiveBackupforBusinessAgent\service\Synology Active Backup for Business Service.exe (services.exe ->) (Synology Inc. -> ) C:\Program Files (x86)\Synology\SynologyDrive\bin\vss-service-x64.exe (services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (services.exe ->) (The OpenVPN Project) [File not signed] C:\Program Files (x86)\Sophos\Connect\openvpnserv.exe (services.exe ->) (voidtools -> voidtools) C:\Program Files\Everything\Everything.exe <2> (services.exe ->) (Waves Inc -> Waves Audio Ltd) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_f7373b847419c8d1\WavesAudioService.exe (services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_f7373b847419c8d1\WavesSysSvc64.exe (services.exe ->) (Wondershare Technology Group Co.,Ltd -> Wondershare) C:\Users\Aya\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe (services.exe ->) (Xerox Corporation -> Xerox Corporation) C:\Program Files\Xerox\XeroxPrintExperience\CommonFiles\XeroxPrintJobEventManagerService.exe (services.exe ->) (Zaozhuang Shizhong District Bopsoft Sales Department -> ) C:\Program Files\Listary\Listary.Service.exe (svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2410.2.0_x64__cv1g1gvanyjgm\WhatsApp.exe (svchost.exe ->) (CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Technology Co., Ltd.) C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.3.3\vsscom.exe (svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.310.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (svchost.exe ->) (Tonec Inc.) [File not signed] C:\Program Files (x86)\Internet Download Manager\IDMan.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_04ff63d068f8c626\RtkAudUService64.exe [1961360 2023-11-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_f7373b847419c8d1\WavesSvc64.exe [4984408 2022-10-03] (Waves Inc -> Waves Audio Ltd.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [AdBlocker Ultimate] => C:\Program Files\AdBlocker Ultimate\AdblockerUltimateGUI.exe [5495584 2022-05-31] (AdAvoid Ltd.) [File not signed] HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [5451544 2023-07-12] (STARDOCK SYSTEMS, INC. -> Stardock Corporation) [File not signed] [File is in use] HKLM\...\Run: [DisplayLinkTrayApp] => C:\Program Files\DisplayLink Core Software\DisplayLinkTrayApp.exe [6331896 2022-09-06] (DISPLAYLINK (UK) LIMITED -> DisplayLink Corp.) HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrotray.exe [7909792 2024-02-24] (Adobe Inc. -> Adobe Systems Inc.) [File not signed] HKLM\...\Run: [UniConverterUpdateHelper] => C:\Program Files\Wondershare\UniConverter 14\WSVCUUpdateHelper.exe [7680 2023-12-26] () [File not signed] HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [3302288 2024-02-04] (Open Source Developer, Dominik Reichl -> Dominik Reichl) HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [2265096 2023-05-25] (voidtools -> voidtools) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3959664 2021-12-07] (Microsoft Windows Hardware Compatibility Publisher -> Logitech, Inc.) HKLM\...\Run: [Malwarebytes Windows Firewall Control] => C:\Program Files\Malwarebytes\Windows Firewall Control\wfcUI.exe [814536 2024-03-07] (Malwarebytes Inc. -> Malwarebytes) HKLM\...\Run: [sd] => wscript.exe //B "C:\Users\Aya\AppData\Local\Temp\sd.vbs" [267977 2024-03-12] () [File not signed] [File is in use] <==== ATTENTION HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [145344 2019-07-26] (Brother Industries, Ltd. -> Brother Industries, Ltd.) HKLM-x32\...\Run: [BrotherSoftwareUpdateNotification] => C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe [3590656 2021-10-20] (Brother Industries, Ltd.) [File not signed] HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3146752 2022-02-07] (Brother Industries, Ltd.) [File not signed] HKLM-x32\...\Run: [M17A] => C:\WINDOWS\twain_32\Brimm17a\Common\TwDsUiLaunch.exe [85912 2021-09-15] (Microsoft Windows Hardware Compatibility Publisher -> ) HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2023-04-30] (Adobe Inc. -> ) HKLM-x32\...\Run: [Sophos Connect] => C:\Program Files (x86)\Sophos\Connect\GUI\scgui.exe [2417504 2022-11-09] (Sophos Ltd -> Sophos) HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" (No File) HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION HKU\S-1-5-21-4166451105-2742076153-1198413139-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [3306416 2024-03-13] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-4166451105-2742076153-1198413139-1001\...\Run: [LGHUB] => C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe [46010112 2024-01-27] (Logitech Inc -> Logitech, Inc.) HKU\S-1-5-21-4166451105-2742076153-1198413139-1001\...\Run: [Listary] => C:\Program Files\Listary\Listary.exe [1406528 2022-11-18] (Zaozhuang Shizhong District Bopsoft Sales Department -> ) HKU\S-1-5-21-4166451105-2742076153-1198413139-1001\...\Run: [Spotify] => C:\Users\Aya\AppData\Roaming\Spotify\Spotify.exe [19678208 2022-05-13] (Spotify Ltd) [File not signed] HKU\S-1-5-21-4166451105-2742076153-1198413139-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [6010880 2024-01-16] (Tonec Inc.) [File not signed] HKU\S-1-5-21-4166451105-2742076153-1198413139-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [123171344 2023-12-13] (Skype Software Sarl -> Skype Technologies S.A.) HKU\S-1-5-21-4166451105-2742076153-1198413139-1001\...\Run: [RingCentral] => C:\Users\Aya\AppData\Local\Programs\RingCentral\RingCentral.exe [152260768 2024-01-25] (RingCentral, Inc. -> RingCentral) HKU\S-1-5-21-4166451105-2742076153-1198413139-1001\...\Run: [MicrosoftEdgeAutoLaunch_582D7030B4CE72813F573DF70F410BB2] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4060712 2024-03-14] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-4166451105-2742076153-1198413139-1001\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [110792 2023-04-14] (WordWeb Software Ltd -> WordWeb Software) HKU\S-1-5-21-4166451105-2742076153-1198413139-1001\...\Run: [Fences] => c:\program files (x86)\stardock\fences\Fences.exe [5451544 2023-07-12] (STARDOCK SYSTEMS, INC. -> Stardock Corporation) [File not signed] [File is in use] HKU\S-1-5-21-4166451105-2742076153-1198413139-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Aya\AppData\Local\Microsoft\Teams\Update.exe [2591920 2024-03-04] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKU\S-1-5-21-4166451105-2742076153-1198413139-1001\...\Run: [Opera Browser Assistant] => C:\Users\Aya\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3996064 2024-03-04] (Opera Norway AS -> Opera Software) HKU\S-1-5-21-4166451105-2742076153-1198413139-1001\...\Run: [sd] => wscript.exe //B "C:\Users\Aya\AppData\Local\Temp\sd.vbs" [267977 2024-03-12] () [File not signed] [File is in use] <==== ATTENTION HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [203936 2023-12-08] (Adobe Inc. -> Adobe Systems Inc) HKLM\...\Print\Monitors\FPP8:: C:\Windows\system32\fppmon8-x64.dll [307968 2024-03-11] (FinePrint Software, LLC -> FinePrint Software, LLC) HKLM\...\Print\Monitors\FPR11:: C:\Windows\system32\fpmon11-x64.dll [307968 2024-03-11] (FinePrint Software, LLC -> FinePrint Software, LLC) HKLM\...\Print\Monitors\Nitro PDF Port 14 Monitor: C:\Windows\system32\NxPrinterMonitor14.dll [358776 2024-02-15] (Nitro Software, Inc. -> Nitro Software, Inc.) HKLM\...\Print\Monitors\Soda PDF Desktop 14 Monitor: C:\WINDOWS\system32\spool\DRIVERS\x64\brand_solution_name_pdfpmon_v.6.23.0.2.dll [974120 2023-12-19] (PDF Tools AG -> PDF Tools AG (hxxp://www.pdf-tools.com)) HKLM\...\Print\Monitors\Wondershare PDFelement Monitor: C:\Windows\system32\PEPrinterMonitor.dll [285232 2021-04-06] (Wondershare Technology Co.,Ltd -> Wondershare Software) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\122.0.6261.129\Installer\chrmstp.exe [2024-03-14] (Google LLC -> Google LLC) HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> Startup: C:\Users\Aya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BlueParrott Updater.lnk [2022-02-02] ShortcutTarget: BlueParrott Updater.lnk -> C:\Program Files (x86)\BlueParrott\BlueParrott Updater\BlueParrott Updater.exe (BlueParrott) [File not signed] Startup: C:\Users\Aya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sd.vbs [2024-03-12] () [File not signed] Startup: C:\Users\Aya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Synology Drive Client.lnk [2024-03-05] ShortcutTarget: Synology Drive Client.lnk -> C:\Program Files (x86)\Synology\SynologyDrive\bin\launcher.exe (Synology Inc. -> Synology Inc.) Startup: C:\Users\Aya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yt.js [2024-03-14] () [File not signed] Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2024-01-19] ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wondershare PEScreenshot.lnk [2023-10-30] ShortcutTarget: Wondershare PEScreenshot.lnk -> C:\Program Files\Wondershare\PDFelement10\PENotify.exe (Wondershare Technology Group Co.,Ltd -> Wondershare) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wondershare PEToolbox.lnk [2023-10-30] ShortcutTarget: Wondershare PEToolbox.lnk -> C:\Program Files\Wondershare\PDFelement10\PENotify.exe (Wondershare Technology Group Co.,Ltd -> Wondershare) GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {46E86273-84AA-4CE1-BBB7-5C1A1B31E350} - System32\Tasks\Avanquest Software\Soda PDF Desktop 14\Update => C:\Program Files\Soda PDF Desktop 14\soda.exe [3498464 2023-12-14] (Avanquest Software (7270356 Canada Inc) -> Avanquest Software) Task: {0AE30936-B95B-4179-99CE-1199C0719D14} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\DivX Update\DivXUpdate.exe (No File) Task: {43829103-5B30-481B-8F42-66558769685D} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem124.0.6359.0{E862084E-4852-4B1E-99BD-C786F884B3F9} => C:\Program Files (x86)\Google\GoogleUpdater\124.0.6359.0\updater.exe [4749088 2024-03-15] (Google LLC -> Google LLC) Task: {C32CDFAC-643B-436E-949B-8A185AB15BC8} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28452352 2024-02-26] (Microsoft Corporation -> Microsoft Corporation) Task: {47A96727-1D87-4396-9CC9-C22E354DC1D8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28452352 2024-02-26] (Microsoft Corporation -> Microsoft Corporation) Task: {60113E09-CA77-4865-88E9-5419C3B66CA4} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309184 2024-03-19] (Microsoft Corporation -> Microsoft Corporation) Task: {C16DF5F3-A40F-429C-82C5-0D7A868D8588} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309184 2024-03-19] (Microsoft Corporation -> Microsoft Corporation) Task: {95AE8B07-6E80-4561-8E2D-4343A0A330C4} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [170136 2024-03-19] (Microsoft Corporation -> Microsoft Corporation) Task: {9B8927F6-8304-4ADE-A69B-715C7278523B} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\UsageDataFluchingAya => C:\Windows\System32\InteL\Microsoft\spool.vbs [160 2024-03-12] () [File not signed] Task: {3B7A5E73-0CC7-407C-9309-61C7142C5635} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\UsageDataReporttingAya => C:\Windows\System32\InteL\Microsoft\sd.vbs [267977 2024-03-12] () [File not signed] Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File) Task: {23CBE276-F22C-4287-9A3D-1E9E81C36F01} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (No File) Task: {7205A524-A187-4E4E-94B3-972311D93E12} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (No File) Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File) Task: {3A29F305-399A-41DF-A77F-4C8A83A048AB} - System32\Tasks\Microsoft\Windows\WaaSMedic\DeferredWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32} Task: {70570095-076B-4A52-93AE-4659EC465538} - System32\Tasks\Microsoft\Windows\WaaSMedic\PerformRemediation => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32} Task: {62ED1F10-EC1D-442C-8D12-9ED794057DC0} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [671648 2024-03-05] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate Task: {CB2907FF-62AD-44FE-8503-44CE49EEAF03} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-4166451105-2742076153-1198413139-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [671648 2024-03-05] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate Task: {E0A3FE69-B239-4544-90C3-66CFF2D39A95} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34720 2024-03-05] (Mozilla Corporation -> Mozilla Foundation) Task: {44AD8C79-5601-4EC0-BE2C-68C06425D7E3} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4205984 2024-03-13] (Microsoft Corporation -> Microsoft Corporation) Task: {E6EED6A8-0454-4B2D-A072-CC022C1AF540} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-4166451105-2742076153-1198413139-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4205984 2024-03-13] (Microsoft Corporation -> Microsoft Corporation) Task: {6CD0A8E7-D4FB-455C-99C3-296A858519BA} - System32\Tasks\Yamicsoft\Pin => C:\Users\Aya\AppData\Local\Temp\pin.vbs (No File) <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{c906e9c6-4603-40f6-bfc5-5eb2436f7573}: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{e2b709e5-8fc8-4077-ac14-aefbcb29856b}: [DhcpNameServer] 192.168.1.254 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\Aya\AppData\Local\Microsoft\Edge\User Data\Default [2024-03-19] Edge Notifications: Default -> hxxps://www.wps.com Edge Session Restore: Default -> is enabled. Edge Extension: (Incognito Adblocker) - C:\Users\Aya\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\efpgcmfgkpmogadebodiegjleafcmdcb [2022-01-21] Edge Extension: (Ads Block Ultimate) - C:\Users\Aya\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fbobegkkdmmcnmoplkgdmfhdlkjfelnb [2023-03-22] Edge Extension: (Google Docs Offline) - C:\Users\Aya\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-02-29] Edge Extension: (Rakuten Button Canada) - C:\Users\Aya\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\idpbkophnbfijcnlffdmmppgnncgappc [2023-10-10] Edge Extension: (Popup Blocker (strict)) - C:\Users\Aya\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ijhfkkgjgpcplfeajghagkcebakjcpge [2024-03-12] Edge Extension: (Edge relevant text changes) - C:\Users\Aya\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-25] Edge Extension: (IDM Integration Module) - C:\Users\Aya\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\llbjbkhnmlidjebalopleeepgdfgcpec [2024-01-21] Edge Extension: (uBlock Origin) - C:\Users\Aya\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2024-02-20] Edge HKU\S-1-5-21-4166451105-2742076153-1198413139-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [kagpabjoboikccfdghpdlaaopmgpgfdc] Edge HKU\S-1-5-21-4166451105-2742076153-1198413139-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx [2024-01-16] Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee] FireFox: ======== FF DefaultProfile: wkgshalm.default FF ProfilePath: C:\Users\Aya\AppData\Roaming\Mozilla\Firefox\Profiles\wkgshalm.default [2021-12-08] FF ProfilePath: C:\Users\Aya\AppData\Roaming\Mozilla\Firefox\Profiles\ua4c2xrg.default-release [2024-03-19] FF Session Restore: Mozilla\Firefox\Profiles\ua4c2xrg.default-release -> is enabled. FF Notifications: Mozilla\Firefox\Profiles\ua4c2xrg.default-release -> hxxps://www.youtube.com; hxxps://www.aliexpress.com; hxxps://photos.google.com; hxxps://xmpow.myshopify.com; hxxps://best.aliexpress.com; hxxps://www.textnow.com FF Extension: (Hoxx VPN Proxy) - C:\Users\Aya\AppData\Roaming\Mozilla\Firefox\Profiles\ua4c2xrg.default-release\Extensions\@hoxx-vpn.xpi [2024-03-08] FF Extension: (AdBlocker Ultimate) - C:\Users\Aya\AppData\Roaming\Mozilla\Firefox\Profiles\ua4c2xrg.default-release\Extensions\adblockultimate@adblockultimate.net.xpi [2024-02-19] FF Extension: (Rakuten Canada Button) - C:\Users\Aya\AppData\Roaming\Mozilla\Firefox\Profiles\ua4c2xrg.default-release\Extensions\ebatesca@ebates.com.xpi [2022-11-03] FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\Aya\AppData\Roaming\Mozilla\Firefox\Profiles\ua4c2xrg.default-release\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2024-03-14] FF Extension: (Kee - Password Manager) - C:\Users\Aya\AppData\Roaming\Mozilla\Firefox\Profiles\ua4c2xrg.default-release\Extensions\keefox@chris.tomlinson.xpi [2023-10-23] FF Extension: (Lush – Bold) - C:\Users\Aya\AppData\Roaming\Mozilla\Firefox\Profiles\ua4c2xrg.default-release\Extensions\lush-bold-colorway@mozilla.org.xpi [2023-03-19] FF Extension: (IDM Integration Module) - C:\Users\Aya\AppData\Roaming\Mozilla\Firefox\Profiles\ua4c2xrg.default-release\Extensions\mozilla_cc3@internetdownloadmanager.com.xpi [2024-01-19] FF Extension: (NordVPN - A VPN Proxy Extension for Firefox) - C:\Users\Aya\AppData\Roaming\Mozilla\Firefox\Profiles\ua4c2xrg.default-release\Extensions\nordvpnproxy@nordvpn.com.xpi [2023-12-28] FF Extension: (Playmaker – Bold) - C:\Users\Aya\AppData\Roaming\Mozilla\Firefox\Profiles\ua4c2xrg.default-release\Extensions\playmaker-bold-colorway@mozilla.org.xpi [2023-03-19] FF Extension: (SaveForReadLater) - C:\Users\Aya\AppData\Roaming\Mozilla\Firefox\Profiles\ua4c2xrg.default-release\Extensions\saveforreadlater@gmail.com.xpi [2021-12-08] FF Extension: (Tab Session Manager) - C:\Users\Aya\AppData\Roaming\Mozilla\Firefox\Profiles\ua4c2xrg.default-release\Extensions\Tab-Session-Manager@sienori.xpi [2023-09-14] FF Extension: (uBlock Origin) - C:\Users\Aya\AppData\Roaming\Mozilla\Firefox\Profiles\ua4c2xrg.default-release\Extensions\uBlock0@raymondhill.net.xpi [2024-02-21] FF Extension: (Cisdem Web Blocker) - C:\Users\Aya\AppData\Roaming\Mozilla\Firefox\Profiles\ua4c2xrg.default-release\Extensions\web_blocker@cisdem.com.xpi [2024-03-14] FF Extension: (Malwarebytes Browser Guard) - C:\Users\Aya\AppData\Roaming\Mozilla\Firefox\Profiles\ua4c2xrg.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2023-12-19] FF Extension: (Tab Session Master) - C:\Users\Aya\AppData\Roaming\Mozilla\Firefox\Profiles\ua4c2xrg.default-release\Extensions\{41aa276a-8947-4d9e-973f-287787ee18fe}.xpi [2021-12-08] FF Extension: (Popup Blocker Ultimate) - C:\Users\Aya\AppData\Roaming\Mozilla\Firefox\Profiles\ua4c2xrg.default-release\Extensions\{60B7679C-BED9-11E5-998D-8526BB8E7F8B}.xpi [2023-11-07] FF Extension: (NoScript) - C:\Users\Aya\AppData\Roaming\Mozilla\Firefox\Profiles\ua4c2xrg.default-release\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2023-12-12] FF Extension: (Selectext: Copy Text from Videos) - C:\Users\Aya\AppData\Roaming\Mozilla\Firefox\Profiles\ua4c2xrg.default-release\Extensions\{88f0c183-636c-43b2-a5eb-f73c26bbc36e}.xpi [2024-02-18] FF Extension: (Capital One Shopping: Save Now) - C:\Users\Aya\AppData\Roaming\Mozilla\Firefox\Profiles\ua4c2xrg.default-release\Extensions\{aff8af88-06a9-4eee-b383-3af08c47b8c8}.xpi [2024-03-05] FF Extension: (Popup Blocker (strict)) - C:\Users\Aya\AppData\Roaming\Mozilla\Firefox\Profiles\ua4c2xrg.default-release\Extensions\{de22fd49-c9ab-4359-b722-b3febdc3a0b0}.xpi [2024-02-24] FF HKLM\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi FF Extension: (Foxit PDF Creator) - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi [2023-02-08] [Legacy] FF HKLM\...\Firefox\Extensions: [FireFoxNew-WebExtensions@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\FirefoxAddin\FireFoxNew-WebExtensions@foxitsoftware.com.xpi FF Extension: (Foxit PDF Creator) - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\FirefoxAddin\FireFoxNew-WebExtensions@foxitsoftware.com.xpi [2023-02-08] FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Extension: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2021-02-01] FF HKLM\...\Firefox\Extensions: [soda_pdf_desktop_14_conv@sodapdf.com] - C:\Program Files\Soda PDF Desktop 14\creator\plugins\FirefoxAddin\soda_pdf_desktop_conv@sodapdf.com.xpi FF Extension: (Soda PDF Desktop 12 Creator) - C:\Program Files\Soda PDF Desktop 14\creator\plugins\FirefoxAddin\soda_pdf_desktop_conv@sodapdf.com.xpi [2023-11-17] FF HKLM-x32\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi FF HKLM-x32\...\Firefox\Extensions: [FireFoxNew-WebExtensions@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\FirefoxAddin\FireFoxNew-WebExtensions@foxitsoftware.com.xpi FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF HKLM-x32\...\Firefox\Extensions: [soda_pdf_desktop_14_conv@sodapdf.com] - C:\Program Files\Soda PDF Desktop 14\creator\plugins\FirefoxAddin\soda_pdf_desktop_conv@sodapdf.com.xpi FF HKU\S-1-5-21-4166451105-2742076153-1198413139-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Aya\AppData\Roaming\IDM\idmmzcc5 FF Extension: (IDM CC) - C:\Users\Aya\AppData\Roaming\IDM\idmmzcc5 [2021-12-08] [Legacy] [not signed] FF HKU\S-1-5-21-4166451105-2742076153-1198413139-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-19] [Legacy] FF Plugin: @java.com/DTPlugin,version=11.391.2 -> C:\Program Files\Java\jre-1.8\bin\dtplugin\npDeployJava1.dll [No File] FF Plugin: @java.com/JavaPlugin,version=11.391.2 -> C:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll [No File] FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-03-12] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.19 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN) FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File] FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [2024-02-04] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [2024-02-04] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [2024-02-04] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [2024-02-04] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [2024-02-04] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2024-03-12] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-03-12] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR Profile: C:\Users\Aya\AppData\Local\Google\Chrome\User Data\Default [2024-03-15] CHR Notifications: Default -> hxxps://www.hp.com CHR Session Restore: Default -> is enabled. CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Aya\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2024-03-07] CHR Extension: (Foxit PDF Creator) - C:\Users\Aya\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifnddnffldieaamihfkhkdgnbhfmaci [2023-04-16] CHR Extension: (Google Docs Offline) - C:\Users\Aya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-07] CHR Extension: (AdBlock — best ad blocker) - C:\Users\Aya\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2024-03-07] CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Aya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-03-15] CHR Extension: (IDM Integration Module) - C:\Users\Aya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2024-03-15] CHR Extension: (Chrome Web Store Payments) - C:\Users\Aya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-01-05] CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\ChromeAddin\ChromeAddin.crx [2023-02-08] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2024-01-16] CHR HKU\S-1-5-21-4166451105-2742076153-1198413139-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKU\S-1-5-21-4166451105-2742076153-1198413139-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ljglajjnnkapghbckkcmodicjhacbfhk] CHR HKU\S-1-5-21-4166451105-2742076153-1198413139-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2024-01-16] CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb] CHR HKLM-x32\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\ChromeAddin\ChromeAddin.crx [2023-02-08] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2024-01-16] Opera: ======= OPR Profile: C:\Users\Aya\AppData\Roaming\Opera Software\Opera Stable [2024-03-06] OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding} OPR Extension: (Rich Hints Agent) - C:\Users\Aya\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-05-14] OPR Extension: (Opera Crypto Wallet) - C:\Users\Aya\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2022-05-14] OPR Extension: (Amazon Assistant Promotion) - C:\Users\Aya\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-12-08] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ABUService; C:\Program Files\AdBlocker Ultimate\AdBlockerUltimateService.exe [5705576 2023-12-12] (AdAvoid Ltd -> AdAvoid Ltd) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.) R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [5216584 2024-02-09] (AnyDesk Software GmbH -> AnyDesk Software GmbH) R2 Backupper Service; C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.3.3\ABService.exe [1102320 2023-10-30] (AOMEI International Network Limited -> AOMEI International Network Limited) S2 BITS_bkp; C:\WINDOWS\System32\qmgr.dll [1388544 2024-03-04] (Microsoft Windows -> Microsoft Corporation) S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [321536 2022-01-26] (Brother Industries, Ltd.) [File not signed] R2 cfbackd; C:\Program Files\CleverFiles\Disk Drill\cfbackd.w32.exe [279040 2022-07-14] (CleverFiles) [File not signed] R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14220768 2024-02-26] (Microsoft Corporation -> Microsoft Corporation) R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [458960 2023-07-06] (Dell Inc -> Dell Technologies Inc.) R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [161488 2023-07-06] (Dell Inc -> Dell Technologies Inc.) R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [484560 2023-07-06] (Dell Inc -> Dell Technologies Inc.) R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [22224 2023-09-27] (Dell Inc -> Dell INC.) S3 Dell.CommandPowerManager.Service; C:\WINDOWS\system32\dllhost.exe /Processid:{02938744-3848-4F98-B736-CA0930AA3AA2} [46416 2022-05-06] (Microsoft Windows -> Microsoft Corporation) R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [49880 2023-06-02] (Dell Inc -> ) R2 DellTechHub; C:\Program Files\Dell\TechHub\Dell.TechHub.exe [156064 2022-12-09] (Dell Inc -> Dell) U2 dosvc_bkp; C:\WINDOWS\system32\dosvc.dll [90112 2024-03-04] (Microsoft Windows -> Microsoft Corporation) R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [49856 2023-09-06] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) R2 EaseUS UPDATE SERVICE; C:\Program Files (x86)\EaseUS\ENS\ensserver.exe [27784 2021-10-28] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] R3 EPMVssEaseusProvider; C:\Windows\system32\dllhost.exe /Processid:{1315EDCD-0B00-4B18-BDBB-4240E15B646E} [46416 2022-05-06] (Microsoft Windows -> Microsoft Corporation) R2 Everything; C:\Program Files\Everything\Everything.exe [2265096 2023-05-25] (voidtools -> voidtools) S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.040.0225.0003\FileSyncHelper.exe [3516832 2024-03-13] (Microsoft Corporation -> Microsoft Corporation) R2 FoxitPhantomPDFUpdateService; C:\Program Files (x86)\Common Files\Foxit\Foxit PDF Editor\FoxitPDFEditorUpdateService.exe [2433008 2024-02-01] (FOXIT SOFTWARE INC. -> Foxit Software Inc.) S2 GoogleUpdaterInternalService124.0.6359.0; C:\Program Files (x86)\Google\GoogleUpdater\124.0.6359.0\updater.exe [4749088 2024-03-15] (Google LLC -> Google LLC) S2 GoogleUpdaterService124.0.6359.0; C:\Program Files (x86)\Google\GoogleUpdater\124.0.6359.0\updater.exe [4749088 2024-03-15] (Google LLC -> Google LLC) R2 GUBootService; C:\Program Files (x86)\Common Files\Glarysoft\StartupManager\1.0\GUBootService.exe [888216 2023-11-19] (Glarysoft Ltd -> Glarysoft Ltd) R2 GUMemfilesService; C:\Program Files (x86)\Glary Utilities\x64\MemfilesService.exe [433560 2024-01-14] (Glarysoft Ltd -> Glarysoft Ltd) S3 GUPMService; C:\Program Files (x86)\Glary Utilities\GUPMService.exe [76696 2024-01-14] (Glarysoft Ltd -> Glarysoft Ltd) R2 IntelAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\intcoed.inf_amd64_29fd1afabcf5470c\AS\IAS\IntelAudioService.exe [530520 2023-10-18] (Intel Corporation -> Intel) R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10962688 2024-01-27] (Logitech Inc -> Logitech, Inc.) R2 ListaryServiceV2; C:\Program Files\Listary\Listary.Service.exe [25152 2022-11-18] (Zaozhuang Shizhong District Bopsoft Sales Department -> ) R2 logi_lamparray_service; C:\WINDOWS\System32\DriverStore\FileRepository\logi_lamparray_usb.inf_amd64_0772df9f9e65a702\logi_lamparray_service.exe [9887216 2024-03-05] (Logitech Inc -> Logitech, Inc.) R2 MBAMIService; C:\ProgramData\MB3Install\MBAMIService.exe [231120 2019-06-26] (Malwarebytes Corporation -> Malwarebytes) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9423680 2024-03-15] (Malwarebytes Inc. -> Malwarebytes) R2 NativePushService; C:\Users\Aya\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe [594320 2023-06-29] (Wondershare Technology Group Co.,Ltd -> Wondershare) R2 NordUpdaterService; C:\Program Files\NordUpdater\NordUpdateService.exe [297848 2022-11-21] (nordvpn s.a. -> nordvpn S.A.) R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [263256 2023-09-25] (nordvpn s.a. -> nordvpn S.A.) S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.040.0225.0003\OneDriveUpdaterService.exe [3856400 2024-03-13] (Microsoft Corporation -> Microsoft Corporation) R3 OpenVPNServiceInteractive; C:\Program Files (x86)\Sophos\Connect\openvpnserv.exe [147456 2022-04-22] (The OpenVPN Project) [File not signed] R2 OptionsPlusUpdaterService; C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe [18545408 2024-03-06] (Logitech Inc -> Logitech, Inc.) R2 scvpn; C:\Program Files (x86)\Sophos\Connect\scvpn.exe [1788768 2022-11-09] (Sophos Ltd -> Sophos) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522200 2024-03-13] (Microsoft Windows Publisher -> Microsoft Corporation) R2 SessionSvc; C:\WINDOWS\System32\drivers\GoodixSessionService.exe [44160 2021-03-18] (Shenzhen Goodix Technology Co., Ltd. -> Goodix) R3 Soda PDF Desktop 14; C:\Program Files\Soda PDF Desktop 14\activation-service.exe [3088352 2023-12-14] (Avanquest Software (7270356 Canada Inc) -> Avanquest Software) S3 Soda PDF Desktop 14 Creator; C:\Program Files\Soda PDF Desktop 14\creator-ws.exe [392672 2023-12-14] (Avanquest Software (7270356 Canada Inc) -> Avanquest Software) S3 Soda PDF Desktop 14 Update Service; C:\Program Files\Soda PDF Desktop 14\update-service.exe [297440 2023-12-14] (Avanquest Software (7270356 Canada Inc) -> Avanquest Software) R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2022-10-04] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [920768 2022-10-04] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) R3 strongSwan; C:\Program Files (x86)\Sophos\Connect\charon-svc.exe [406452 2022-05-05] () [File not signed] R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [160608 2023-10-09] (Dell Inc -> Dell Inc.) R2 Synology Active Backup for Business Service; C:\Program Files (x86)\Synology\ActiveBackupforBusinessAgent\service\Synology Active Backup for Business Service.exe [3592064 2022-09-12] (Synology Inc. -> ) R2 Synology Drive VSS Service x64; C:\Program Files (x86)\Synology\SynologyDrive\bin\vss-service-x64.exe [360320 2022-10-25] (Synology Inc. -> ) R2 TbtP2pShortcutService; C:\WINDOWS\TbtP2pShortcutService.exe [256608 2022-06-29] (Intel Corporation -> Intel Corporation) R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [21242680 2024-03-05] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) R2 USBAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe [11776 2024-01-25] () [File not signed] S2 UsoSvc_bkp; C:\WINDOWS\system32\usosvc.dll [102400 2024-03-04] (Microsoft Windows -> Microsoft Corporation) R3 VssEaseusProvider; C:\WINDOWS\system32\dllhost.exe /Processid:{4A7F1773-44E2-41A1-9812-E04FADD01DFF} [46416 2022-05-06] (Microsoft Windows -> Microsoft Corporation) S3 WaaSMedicSvc_bkp; C:\WINDOWS\System32\WaaSMedicSvc.dll [90112 2024-03-04] (Microsoft Windows -> Microsoft Corporation) R2 WavesAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_f7373b847419c8d1\WavesAudioService.exe [160856 2022-10-03] (Waves Inc -> Waves Audio Ltd) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\NisSrv.exe [3191272 2024-03-12] (Microsoft Windows Publisher -> Microsoft Corporation) R2 wfcs; C:\Program Files\Malwarebytes\Windows Firewall Control\wfcs.exe [240608 2024-03-07] (Malwarebytes Inc. -> Malwarebytes) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MsMpEng.exe [133688 2024-03-12] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WorkflowAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe [18944 2024-01-25] () [File not signed] S3 wuauserv_bkp; C:\WINDOWS\system32\wuaueng.dll [130528 2024-03-04] (Microsoft Windows -> Microsoft Corporation) R2 XeroxPrintJobEventManagerService; C:\Program Files\Xerox\XeroxPrintExperience\CommonFiles\XeroxPrintJobEventManagerService.exe [522184 2024-01-11] (Xerox Corporation -> Xerox Corporation) S3 dcpm-notify; "C:\Program Files\Dell\CommandPowerManager\NotifyService.exe" [X] S2 EAT0NESD; C:\ProgramData\brikyftanlpt\jurdlvswbvel.exe [X] S2 WCVHQHOW; C:\ProgramData\iitpbysmgxhg\oofbasdghoxb.exe [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AcxHdAudio; C:\WINDOWS\System32\drivers\AcxHdAudio.sys [561152 2024-03-04] (Microsoft Windows -> Microsoft Corporation) R1 adavoid; C:\WINDOWS\System32\drivers\adavoid.sys [105528 2023-12-17] (Microsoft Windows Hardware Compatibility Publisher -> AdAvoid Ltd) R1 adgnetworkwfpdrv; C:\WINDOWS\System32\drivers\adgnetworkwfpdrv.sys [98840 2021-11-02] (Microsoft Windows Hardware Compatibility Publisher -> Adguard Software Ltd) R0 ambakdrv; C:\WINDOWS\System32\ambakdrv.sys [51120 2019-05-14] (CHENGDU AOMEI Tech Co., Ltd. -> ) R2 ammntdrv; C:\WINDOWS\system32\ammntdrv.sys [172928 2024-03-05] (AOMEI International Network Limited -> ) R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [32176 2024-03-05] (AOMEI International Network Limited -> ) S3 CSRBC; C:\WINDOWS\System32\Drivers\csrbc.sys [64640 2019-04-18] (CSR plc -> CSR Ltd.) R3 DellInstrumentation; C:\WINDOWS\System32\drivers\DellInstrumentation.sys [46640 2023-08-29] (Microsoft Windows Hardware Compatibility Publisher -> Dell) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-10-04] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) S3 dlcdcncm; C:\WINDOWS\System32\drivers\dlcdcncm660.sys [150216 2022-09-16] (DISPLAYLINK (UK) LIMITED -> DisplayLink Corp.) R1 dokan1; C:\WINDOWS\System32\DRIVERS\dokan1.sys [138760 2021-01-14] (ADAPP SASU -> Dokan Project) S3 epmdkdrv; C:\WINDOWS\system32\epmdkdrv.sys [36280 2020-02-23] (CHENGDU YIWO Tech Development Co., Ltd. -> ) R0 EPMVolFl; C:\WINDOWS\System32\drivers\EPMVolFl.sys [30136 2020-02-23] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [75848 2023-01-13] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd) S3 EUBAKUP0; C:\WINDOWS\system32\drivers\EUBAKUP0.sys [75848 2023-01-13] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd) R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [55352 2023-01-13] (Microsoft Windows Hardware Compatibility Publisher -> ) S3 EUBKMON0; C:\WINDOWS\system32\drivers\EUBKMON0.sys [55352 2023-01-13] (Microsoft Windows Hardware Compatibility Publisher -> ) R0 EUDCPEPM; C:\WINDOWS\System32\drivers\EUDCPEPM.sys [76344 2020-12-08] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd) R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [24152 2023-01-13] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd) R1 EUEDKEPM; C:\Windows\system32\drivers\EUEDKEPM.sys [33712 2020-02-23] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [556112 2023-01-13] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd) S3 EUFDDISK0; C:\WINDOWS\system32\drivers\EUFDDISK0.sys [556112 2023-01-13] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd) R3 euimgprt; C:\WINDOWS\System32\DRIVERS\euimgprt.sys [29248 2023-02-09] (CHENGDU YIWO Tech Development Co., Ltd. -> ) R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [23568 2023-11-08] (Microsoft Windows Hardware Compatibility Publisher -> Glarysoft Ltd) R3 iaLPSS2_GPIO2_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_c330c09d72f3e083\iaLPSS2_GPIO2_TGL.sys [128664 2021-01-27] (Intel Corporation -> Intel Corporation) R3 iaLPSS2_I2C_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_312c3014729186bd\iaLPSS2_I2C_TGL.sys [201376 2021-01-27] (Intel Corporation -> Intel Corporation) R2 IDMWFP; C:\WINDOWS\System32\drivers\idmwfp.sys [173736 2023-11-25] (Microsoft Windows Hardware Compatibility Publisher -> Tonec Inc.) R3 IntcUSB; C:\WINDOWS\System32\DriverStore\FileRepository\intcusb.inf_amd64_bc398e7169495415\IntcUSB.sys [922712 2023-10-18] (Intel Corporation -> Intel(R) Corporation) S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47200 2021-11-24] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net) R3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [44880 2022-09-25] (Logitech Inc -> Logitech) S3 logi_joy_vir_hid; C:\WINDOWS\system32\drivers\logi_joy_vir_hid.sys [32080 2022-09-25] (Logitech Inc -> Logitech) R3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [73040 2022-09-25] (Logitech Inc -> Logitech) R3 logi_lamparray; C:\WINDOWS\System32\DriverStore\FileRepository\logi_lamparray_usb.inf_amd64_0772df9f9e65a702\logi_lamparray.sys [89072 2024-03-05] (Logitech Inc -> Logitech, Inc.) R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223296 2024-03-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-05-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt11.sys [233704 2024-03-19] (Malwarebytes Inc. -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [78400 2024-03-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-02-08] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [188784 2024-03-19] (Malwarebytes Inc. -> Malwarebytes) R2 NDivert; C:\Program Files\NordVPN\7.20.4.0\Drivers\NDivert.sys [131472 2024-01-10] (nordvpn s.a. -> Nordvpn S.A.) R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [44928 2022-02-22] (nordvpn s.a. -> TEFINCOM S.A.) S3 Revoflt; C:\WINDOWS\System32\DRIVERS\revoflt.sys [38400 2021-11-17] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-10-04] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-10-04] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [49744 2021-06-13] (nordvpn s.a. -> The OpenVPN Project) R3 tapSophos; C:\WINDOWS\System32\drivers\tapSophos.sys [36856 2022-02-21] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project) R3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [20928 2024-03-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [603416 2024-03-12] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105752 2024-03-12] (Microsoft Windows -> Microsoft Corporation) R3 WiManH; C:\WINDOWS\System32\DriverStore\FileRepository\wiman.inf_amd64_f54d0a27ac206b8c\WiManH\WiManH.sys [175672 2021-07-28] (Intel Corporation -> Intel Corporation) S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2024-03-19 19:55 - 2024-03-19 20:09 - 000000000 ____D C:\FRST 2024-03-19 19:37 - 2024-03-19 19:38 - 000000000 ____D C:\ProgramData\iitpbysmgxhg 2024-03-19 19:32 - 2024-03-19 19:32 - 000233704 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt11.sys 2024-03-19 19:30 - 2024-03-19 19:30 - 000188784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2024-03-19 19:13 - 2024-03-19 19:13 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe 2024-03-19 18:58 - 2024-03-19 18:58 - 000000510 _____ C:\WINDOWS\system32\.crusader 2024-03-19 18:52 - 2024-03-19 18:59 - 000000000 ____D C:\ProgramData\HitmanPro 2024-03-16 18:01 - 2024-03-16 18:03 - 000000000 ____D C:\AdwCleaner 2024-03-15 18:11 - 2024-03-15 18:26 - 000000000 ____D C:\ProgramData\brikyftanlpt 2024-03-14 21:30 - 2024-03-14 21:33 - 000013051 _____ C:\Users\Aya\Desktop\hosts.txt 2024-03-14 21:13 - 2024-03-15 10:41 - 000000000 ____D C:\Users\Aya\AppData\Local\Cisdem AppCrypt Log 2024-03-14 21:13 - 2024-03-14 22:11 - 000000000 ____D C:\Users\Aya\AppData\Local\dcev 2024-03-14 13:40 - 2024-03-14 13:40 - 000042869 _____ C:\Users\Aya\Downloads\printpayment.pdf 2024-03-14 10:53 - 2024-03-14 10:53 - 000003612 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{7D730479-0D6C-43E9-A190-A9DA5F5E957D} 2024-03-14 10:53 - 2024-03-14 10:53 - 000003488 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{FEB5EA96-14AD-4AB9-82F9-6DF14741EAEA} 2024-03-13 19:34 - 2024-03-15 18:21 - 000000000 ____D C:\Program Files\Microsoft OneDrive 2024-03-13 19:34 - 2024-03-13 19:34 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4166451105-2742076153-1198413139-1001 2024-03-13 19:34 - 2024-03-13 19:34 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task 2024-03-13 19:32 - 2024-03-13 19:32 - 000000088 _____ C:\Users\Public\Documents\Glary_Utilities_Pro_6.lic 2024-03-12 20:44 - 2024-03-12 20:44 - 000018432 _____ C:\WINDOWS\system32\SppExtComObjHook.dll 2024-03-12 20:13 - 2024-03-12 20:13 - 000000000 ____D C:\Program Files\Common Files\DESIGNER 2024-03-12 20:00 - 2024-03-12 20:00 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk 2024-03-12 17:57 - 2024-03-13 19:34 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2024-03-12 17:57 - 2024-03-12 17:57 - 000000000 ___RD C:\Users\Default\OneDrive 2024-03-12 17:55 - 2024-03-12 17:55 - 000002461 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project.lnk 2024-03-12 17:55 - 2024-03-12 17:55 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visio.lnk 2024-03-12 17:55 - 2024-03-12 17:55 - 000002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2024-03-12 17:55 - 2024-03-12 17:55 - 000002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk 2024-03-12 15:20 - 2024-03-12 15:20 - 000000000 ____D C:\WINDOWS\system32\InteL 2024-03-12 15:19 - 2024-03-12 15:19 - 000000000 ____D C:\Users\Public\Crack 2024-03-12 15:19 - 2024-03-12 15:19 - 000000000 ____D C:\ProgramData\Test9 2024-03-12 15:19 - 2024-03-12 15:19 - 000000000 ____D C:\ProgramData\Test8 2024-03-12 15:19 - 2024-03-12 15:19 - 000000000 ____D C:\ProgramData\Test7 2024-03-12 15:19 - 2024-03-12 15:19 - 000000000 ____D C:\ProgramData\Test6 2024-03-12 15:19 - 2024-03-12 15:19 - 000000000 ____D C:\ProgramData\Test5 2024-03-12 15:19 - 2024-03-12 15:19 - 000000000 ____D C:\ProgramData\Test4 2024-03-12 15:19 - 2024-03-12 15:19 - 000000000 ____D C:\ProgramData\Test3 2024-03-12 15:19 - 2024-03-12 15:19 - 000000000 ____D C:\ProgramData\Test2 2024-03-12 15:19 - 2024-03-12 15:19 - 000000000 ____D C:\ProgramData\Test17 2024-03-12 15:19 - 2024-03-12 15:19 - 000000000 ____D C:\ProgramData\Test16 2024-03-12 15:19 - 2024-03-12 15:19 - 000000000 ____D C:\ProgramData\Test15 2024-03-12 15:19 - 2024-03-12 15:19 - 000000000 ____D C:\ProgramData\Test14 2024-03-12 15:19 - 2024-03-12 15:19 - 000000000 ____D C:\ProgramData\Test13 2024-03-12 15:19 - 2024-03-12 15:19 - 000000000 ____D C:\ProgramData\Test12 2024-03-12 15:19 - 2024-03-12 15:19 - 000000000 ____D C:\ProgramData\Test11 2024-03-12 15:19 - 2024-03-12 15:19 - 000000000 ____D C:\ProgramData\Test10 2024-03-12 15:19 - 2024-03-12 15:19 - 000000000 ____D C:\ProgramData\Test1 2024-03-12 15:19 - 2024-03-12 15:19 - 000000000 ____D C:\ProgramData\player9 2024-03-12 15:19 - 2024-03-12 15:19 - 000000000 ____D C:\ProgramData\player8 2024-03-12 15:19 - 2024-03-12 15:19 - 000000000 ____D C:\ProgramData\player7 2024-03-12 15:19 - 2024-03-12 15:19 - 000000000 ____D C:\ProgramData\player6 2024-03-12 15:19 - 2024-03-12 15:19 - 000000000 ____D C:\ProgramData\player5 2024-03-12 15:19 - 2024-03-12 15:19 - 000000000 ____D C:\ProgramData\player4 2024-03-12 15:19 - 2024-03-12 15:19 - 000000000 ____D C:\ProgramData\player3 2024-03-12 15:19 - 2024-03-12 15:19 - 000000000 ____D C:\ProgramData\player2 2024-03-12 15:19 - 2024-03-12 15:19 - 000000000 ____D C:\ProgramData\player17 2024-03-12 15:19 - 2024-03-12 15:19 - 000000000 ____D C:\ProgramData\player16 2024-03-12 15:19 - 2024-03-12 15:19 - 000000000 ____D C:\ProgramData\player15 2024-03-12 15:19 - 2024-03-12 15:19 - 000000000 ____D C:\ProgramData\player14 2024-03-12 15:19 - 2024-03-12 15:19 - 000000000 ____D C:\ProgramData\player13 2024-03-12 15:19 - 2024-03-12 15:19 - 000000000 ____D C:\ProgramData\player12 2024-03-12 15:19 - 2024-03-12 15:19 - 000000000 ____D C:\ProgramData\player11 2024-03-12 15:19 - 2024-03-12 15:19 - 000000000 ____D C:\ProgramData\player10 2024-03-12 15:19 - 2024-03-12 15:19 - 000000000 ____D C:\ProgramData\player1 2024-03-12 15:19 - 2024-03-12 15:19 - 000000000 ____D C:\ProgramData\player 2024-03-12 15:17 - 2024-03-12 15:17 - 000001961 _____ C:\Users\Public\Desktop\TurboTax Canada 2023.lnk 2024-03-12 12:50 - 2024-03-12 12:55 - 000000000 ____D C:\Users\Aya\Documents\FinePrint files 2024-03-12 12:50 - 2024-03-12 12:51 - 000001296 _____ C:\Users\Aya\Desktop\FinePrint.lnk 2024-03-12 12:50 - 2024-03-12 12:50 - 000000000 ____D C:\Users\Aya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FinePrint 2024-03-12 12:50 - 2024-03-11 15:27 - 000307968 _____ (FinePrint Software, LLC) C:\WINDOWS\system32\fpmon11-x64.dll 2024-03-12 12:50 - 2024-03-11 15:22 - 000971776 _____ (FinePrint Software, LLC) C:\WINDOWS\system32\fpres11-x64.dll 2024-03-12 10:07 - 2024-03-12 10:07 - 000000889 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer.lnk 2024-03-12 10:07 - 2024-03-12 10:07 - 000000877 _____ C:\Users\Public\Desktop\TeamViewer.lnk 2024-03-12 10:05 - 2024-03-12 10:12 - 000000000 ____D C:\Users\Aya\AppData\Local\TeamViewer 2024-03-08 21:15 - 2024-03-08 21:15 - 000001157 _____ C:\Users\Public\Desktop\Foxit PDF Editor.lnk 2024-03-08 21:15 - 2024-03-08 21:15 - 000000000 ____D C:\Users\Aya\AppData\Roaming\Foxit Software 2024-03-08 21:15 - 2024-03-08 21:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PDF Editor 2024-03-08 21:15 - 2024-03-08 21:15 - 000000000 ____D C:\ProgramData\Foxit Software 2024-03-07 20:48 - 2024-03-07 20:48 - 000001384 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Malwarebytes Windows Firewall Control.lnk 2024-03-07 20:48 - 2024-03-07 20:48 - 000001378 _____ C:\Users\Public\Desktop\Malwarebytes Windows Firewall Control.lnk 2024-03-07 20:47 - 2024-03-07 20:47 - 000001122 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk 2024-03-07 12:39 - 2024-03-07 12:39 - 000000000 ____D C:\Program Files\LogiOptionsPlus 2024-03-06 20:25 - 2024-03-06 20:25 - 000187659 _____ C:\Users\Aya\Downloads\February 28, 2024.pdf 2024-03-05 22:08 - 2024-03-08 21:13 - 000000000 ____D C:\Program Files\Mozilla Firefox 2024-03-05 13:25 - 2024-03-12 19:34 - 000000000 ____D C:\Users\Aya\AppData\Local\Deployment 2024-03-05 12:03 - 2024-03-05 12:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper 2024-03-05 12:02 - 2024-03-05 12:03 - 000172928 _____ C:\WINDOWS\system32\ammntdrv.sys 2024-03-05 12:02 - 2024-03-05 12:03 - 000032176 _____ C:\WINDOWS\system32\amwrtdrv.sys 2024-03-05 12:02 - 2019-05-14 12:28 - 000051120 _____ C:\WINDOWS\system32\ambakdrv.sys 2024-03-05 10:38 - 2024-03-05 10:38 - 000000000 ____D C:\Program Files\LGHUB 2024-03-04 18:31 - 2024-03-04 18:31 - 000020023 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json 2024-03-04 18:30 - 2024-03-04 18:30 - 000020023 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json 2024-03-04 18:17 - 2024-03-04 18:17 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2024-03-04 18:15 - 2024-03-04 18:15 - 000000020 ___SH C:\Users\Aya\ntuser.ini 2024-03-04 18:14 - 2024-03-19 19:35 - 000850316 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2024-03-04 18:14 - 2024-03-19 19:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2024-03-04 18:14 - 2024-03-04 18:14 - 000011433 _____ C:\WINDOWS\diagwrn.xml 2024-03-04 18:14 - 2024-03-04 18:14 - 000011433 _____ C:\WINDOWS\diagerr.xml 2024-03-04 18:14 - 2024-03-04 18:14 - 000000440 __RSH C:\ProgramData\ntuser.pol 2024-03-04 18:14 - 2024-03-04 18:14 - 000000000 ____D C:\WINDOWS\system32\Tasks\Yamicsoft 2024-03-04 18:14 - 2024-03-04 18:14 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2024-03-04 18:14 - 2024-03-04 18:14 - 000000000 ____D C:\WINDOWS\system32\Tasks\HardDiskSentinel 2024-03-04 18:14 - 2024-03-04 18:14 - 000000000 ____D C:\WINDOWS\system32\Tasks\GoogleSystem 2024-03-04 18:14 - 2024-03-04 18:14 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avanquest Software 2024-03-04 18:14 - 2024-03-04 18:14 - 000000000 ____D C:\WINDOWS\system32\Tasks\Aiseesoft Studio 2024-03-04 18:14 - 2024-03-04 18:14 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime 2024-03-04 18:14 - 2022-03-16 21:36 - 000003708 _____ C:\WINDOWS\system32\Tasks\DivXUpdate 2024-03-04 18:12 - 2024-03-04 18:12 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Network 2024-03-04 18:10 - 2024-03-04 18:10 - 000000000 ____D C:\WINDOWS\system32\config\BFS 2024-03-04 18:09 - 2024-03-19 19:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2024-03-04 18:09 - 2024-03-13 20:37 - 000720016 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2024-03-04 17:43 - 2024-03-04 19:09 - 000000000 ____D C:\Users\Aya\AppData\Roaming\Microsoft\Crypto 2024-03-04 17:43 - 2024-03-04 17:43 - 000000000 ____D C:\Users\Aya\AppData\Roaming\Microsoft\SystemCertificates 2024-03-04 17:43 - 2024-03-04 17:43 - 000000000 ____D C:\Users\Aya\AppData\Roaming\Microsoft\Network 2024-03-04 17:40 - 2024-03-04 19:09 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate 2024-03-04 17:39 - 2024-03-12 15:20 - 000000000 ____D C:\Users\Aya 2024-03-04 17:39 - 2024-03-04 18:16 - 000000000 ____D C:\Users\Aya\AppData\Roaming\Microsoft\Windows 2024-03-04 17:39 - 2024-03-04 18:15 - 000000000 ____D C:\Users\Aya\AppData\Roaming\Microsoft\Spelling 2024-03-04 17:38 - 2024-03-04 17:40 - 000000000 ____D C:\WINDOWS\ServiceProfiles 2024-03-04 17:33 - 2024-03-04 17:33 - 000028675 _____ C:\WINDOWS\SysWOW64\eglowin.dll 2024-03-04 17:32 - 2024-03-04 17:38 - 000000000 ____D C:\WINDOWS\system32\en-CA 2024-03-04 17:31 - 2024-03-04 17:31 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp 2024-03-04 17:31 - 2024-03-04 17:31 - 000000000 ____D C:\WINDOWS\system32\FxsTmp 2024-03-04 17:31 - 2024-03-04 17:31 - 000000000 ____D C:\WINDOWS\addins 2024-03-04 17:30 - 2024-03-04 17:30 - 000000000 ____D C:\Program Files\Reference Assemblies 2024-03-04 17:30 - 2024-03-04 17:30 - 000000000 ____D C:\Program Files\MSBuild 2024-03-04 17:30 - 2024-03-04 17:30 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies 2024-03-04 17:30 - 2024-03-04 17:30 - 000000000 ____D C:\Program Files (x86)\MSBuild 2024-03-04 17:22 - 2024-03-04 17:22 - 000008192 _____ C:\WINDOWS\system32\config\userdiff 2024-03-04 17:12 - 2024-03-16 17:28 - 000000000 ___DC C:\WINDOWS\Panther 2024-03-04 17:09 - 2024-03-04 18:14 - 000000000 ___HD C:\$GetCurrent 2024-03-04 17:09 - 2024-03-04 17:09 - 000000000 ____D C:\Program Files (x86)\WindowsInstallationAssistant 2024-03-04 15:22 - 2024-03-04 15:22 - 000002408 _____ C:\Users\Aya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams classic (work or school).lnk 2024-03-03 21:38 - 2024-03-03 21:38 - 000002108 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro PDF Pro.lnk 2024-03-03 21:38 - 2024-03-03 21:38 - 000000000 ____D C:\ProgramData\Nitro 2024-03-03 21:38 - 2024-03-03 21:38 - 000000000 ____D C:\ProgramData\FileOpen 2024-03-03 21:38 - 2024-03-03 21:38 - 000000000 ____D C:\Program Files\Nitro 2024-03-03 21:38 - 2024-03-03 21:38 - 000000000 ____D C:\Program Files\Common Files\Nitro 2024-03-03 21:38 - 2024-03-03 21:38 - 000000000 ____D C:\Program Files (x86)\Nitro 2024-03-03 21:38 - 2024-02-15 16:30 - 002474360 _____ (Nitro Software, Inc.) C:\WINDOWS\system32\NxPrinterMonitorUI14.dll 2024-03-03 21:38 - 2024-02-15 16:30 - 000358776 _____ (Nitro Software, Inc.) C:\WINDOWS\system32\NxPrinterMonitor14.dll 2024-03-03 21:24 - 2024-03-03 21:24 - 000000000 ____D C:\Users\Aya\AppData\Roaming\FileOpen 2024-03-03 20:14 - 2024-03-03 20:14 - 000016159 _____ C:\Users\Aya\Downloads\Office 2013-2024 C2R Install 7.7.7.7 Optional Office Install Activate.torrent 2024-03-01 15:39 - 2024-03-01 15:39 - 000010757 _____ C:\Users\Aya\Downloads\2023-AllSlips.pdf 2024-02-24 20:26 - 2024-03-19 18:59 - 000000000 ____D C:\Users\Aya\AppData\Local\Everything 2024-02-24 20:25 - 2024-03-19 20:09 - 000000000 ____D C:\Users\Aya\AppData\Roaming\Everything 2024-02-24 20:25 - 2024-02-24 20:25 - 000001074 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Everything.lnk 2024-02-24 20:25 - 2024-02-24 20:25 - 000000000 ____D C:\Program Files\Everything 2024-02-21 17:46 - 2024-03-04 19:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xerox 2024-02-20 12:48 - 2024-03-15 22:15 - 000000000 ____D C:\Program Files (x86)\TurboTax 2023 ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2024-03-19 20:09 - 2023-12-29 20:57 - 000000000 ____D C:\Users\Aya\AppData\Roaming\uTorrent 2024-03-19 19:57 - 2022-05-06 23:22 - 000000000 ____D C:\WINDOWS\INF 2024-03-19 19:45 - 2023-04-29 11:58 - 000000000 ____D C:\Users\Aya\AppData\Local\Malwarebytes 2024-03-19 19:40 - 2023-11-27 19:14 - 000000000 ____D C:\Users\Aya\AppData\Local\LogiOptionsPlus 2024-03-19 19:36 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\SystemTemp 2024-03-19 19:34 - 2022-02-10 00:32 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2024-03-19 19:33 - 2022-03-15 23:55 - 000000000 ____D C:\Users\Aya\AppData\LocalLow\IGDump 2024-03-19 19:30 - 2023-12-19 15:36 - 000000000 ____D C:\ProgramData\boost_interprocess 2024-03-19 19:30 - 2022-12-06 20:03 - 000000000 ____D C:\ProgramData\ActiveBackupforBusinessAgent 2024-03-19 19:30 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\ServiceState 2024-03-19 19:30 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\Registration 2024-03-19 19:30 - 2022-01-10 21:22 - 000000432 _____ C:\WINDOWS\SysWOW64\winsevr.dat 2024-03-19 19:30 - 2022-01-10 21:12 - 000000416 _____ C:\WINDOWS\SysWOW64\AbBakConfig.dat 2024-03-19 19:30 - 2021-12-08 18:29 - 000000000 ____D C:\Program Files\TeamViewer 2024-03-19 19:30 - 2021-12-08 17:41 - 000000000 __SHD C:\Users\Aya\IntelGraphicsProfiles 2024-03-19 19:30 - 2021-12-08 17:41 - 000000000 ____D C:\Intel 2024-03-19 19:29 - 2022-05-06 23:17 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2024-03-19 19:29 - 2021-12-08 17:28 - 000012288 ___SH C:\DumpStack.log.tmp 2024-03-19 19:16 - 2021-12-10 21:53 - 000000000 ____D C:\Users\Aya\AppData\Roaming\MPC-HC 2024-03-19 18:59 - 2021-12-08 18:23 - 000000000 ____D C:\Users\Aya\AppData\Roaming\DMCache 2024-03-19 18:59 - 2021-12-08 17:59 - 000000000 ____D C:\Users\Aya\AppData\Roaming\KeePass 2024-03-19 18:58 - 2022-07-14 21:54 - 000000000 ____D C:\Program Files (x86)\WindowsNetService 2024-03-19 18:55 - 2023-11-24 14:52 - 000000000 ____D C:\Users\Aya\Desktop\TEMP 2024-03-19 18:38 - 2023-04-28 15:57 - 000000432 _____ C:\WINDOWS\system32\winsevr.dat 2024-03-19 18:38 - 2023-04-28 15:57 - 000000416 _____ C:\WINDOWS\system32\AbBakConfig.dat 2024-03-19 18:32 - 2023-08-19 09:36 - 000000000 ____D C:\Program Files\Microsoft Office 2024-03-19 18:32 - 2022-09-13 19:39 - 000001024 ____H C:\SYSTAG.BIN 2024-03-19 18:32 - 2022-01-09 21:31 - 000000000 ____D C:\ProgramData\AomeiBR 2024-03-19 15:26 - 2022-05-06 23:24 - 000000000 ___HD C:\Program Files\WindowsApps 2024-03-19 15:26 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\AppReadiness 2024-03-19 15:26 - 2021-12-08 17:33 - 000000000 ____D C:\Users\Aya\AppData\Local\Packages 2024-03-19 15:05 - 2021-12-08 17:41 - 000000000 ____D C:\ProgramData\Goodix 2024-03-16 18:03 - 2022-07-24 12:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2024-03-16 18:03 - 2022-07-24 12:55 - 000000000 ____D C:\Users\Aya\AppData\Roaming\Samsung 2024-03-16 18:03 - 2022-07-24 12:55 - 000000000 ____D C:\Program Files (x86)\Samsung 2024-03-16 18:03 - 2022-01-02 22:25 - 000000000 ____D C:\ProgramData\Dell 2024-03-16 18:03 - 2022-01-02 22:25 - 000000000 ____D C:\Program Files\Dell 2024-03-16 18:03 - 2021-12-22 11:54 - 000000000 ____D C:\Users\Aya\AppData\Local\CrashDumps 2024-03-16 17:15 - 2021-12-08 18:48 - 000000000 ____D C:\Users\Aya\AppData\Roaming\Microsoft\Word 2024-03-16 16:49 - 2021-12-09 20:06 - 000000000 ____D C:\Users\Aya\AppData\Roaming\Microsoft\Excel 2024-03-15 22:13 - 2021-12-08 17:29 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2024-03-15 18:18 - 2021-12-09 19:43 - 000000000 ____D C:\ProgramData\Glarysoft 2024-03-15 18:14 - 2023-04-30 18:30 - 000000000 ____D C:\Program Files (x86)\AnyDesk 2024-03-14 22:11 - 2023-07-10 15:22 - 000000000 ____D C:\Users\Aya\AppData\Roaming\RingCentral 2024-03-14 16:22 - 2022-01-05 11:00 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2024-03-14 10:53 - 2022-05-06 23:24 - 000000000 ____D C:\ProgramData\USOPrivate 2024-03-13 20:36 - 2023-10-01 00:55 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView 2024-03-13 20:36 - 2022-05-07 01:39 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2024-03-13 20:36 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2024-03-13 20:36 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\SystemResources 2024-03-13 20:36 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\bcastdvr 2024-03-13 20:36 - 2022-05-06 23:17 - 000000000 ____D C:\WINDOWS\servicing 2024-03-13 20:29 - 2021-12-08 17:36 - 000000000 ____D C:\WINDOWS\system32\MRT 2024-03-13 20:17 - 2022-05-06 23:17 - 000000000 ____D C:\WINDOWS\CbsTemp 2024-03-13 19:34 - 2021-12-08 17:35 - 000000000 ___RD C:\Users\Aya\OneDrive 2024-03-13 19:34 - 2021-12-08 17:33 - 000000000 ____D C:\ProgramData\Packages 2024-03-13 19:33 - 2022-05-14 21:37 - 000000000 ____D C:\ProgramData\NordVPN 2024-03-13 19:33 - 2022-05-14 21:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordSec 2024-03-13 19:33 - 2022-05-14 21:37 - 000000000 ____D C:\Program Files\NordVPN 2024-03-13 19:33 - 2022-05-14 21:37 - 000000000 ____D C:\Program Files\NordUpdater 2024-03-12 20:04 - 2021-12-08 17:28 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2024-03-12 20:01 - 2022-05-06 23:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2024-03-12 20:00 - 2024-01-12 21:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2024-03-12 15:20 - 2022-05-06 23:24 - 000000000 __RHD C:\Users\Public\Libraries 2024-03-12 15:17 - 2023-04-08 21:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2024-03-12 12:55 - 2022-06-07 12:29 - 000000000 ____D C:\Users\Aya\Documents\PDF files 2024-03-12 10:16 - 2023-09-03 15:15 - 000000000 ____D C:\WINDOWS\KMS 2024-03-12 10:04 - 2021-12-09 20:10 - 000000000 ____D C:\Users\Aya\AppData\Roaming\qBittorrent 2024-03-12 09:54 - 2022-03-15 15:33 - 000000000 ____D C:\Program Files (x86)\PowerENGAGE 2024-03-11 21:09 - 2021-12-08 18:14 - 000000000 ____D C:\Users\Aya\AppData\Local\D3DSCache 2024-03-11 15:46 - 2023-09-03 16:34 - 000890368 _____ (FinePrint Software, LLC) C:\WINDOWS\system32\fppr8-x64.dll 2024-03-11 15:46 - 2023-09-03 16:34 - 000307968 _____ (FinePrint Software, LLC) C:\WINDOWS\system32\fppmon8-x64.dll 2024-03-08 21:14 - 2021-12-13 14:52 - 000000000 ____D C:\ProgramData\Package Cache 2024-03-08 21:13 - 2021-12-08 18:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2024-03-07 20:47 - 2021-12-08 18:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro 2024-03-07 20:46 - 2022-05-14 21:37 - 000000000 ____D C:\Users\Aya\AppData\Local\NordVPN 2024-03-07 20:46 - 2021-12-08 17:33 - 000000000 ___SD C:\Users\Aya\AppData\Roaming\Microsoft\Credentials 2024-03-07 12:39 - 2023-10-30 12:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi 2024-03-06 21:02 - 2023-04-19 15:49 - 000000000 ____D C:\Users\Aya\Desktop\1. Desktop 2023 2024-03-06 13:23 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2024-03-05 23:31 - 2022-07-05 13:11 - 000000000 ____D C:\Users\Aya\AppData\Roaming\Microsoft\Teams 2024-03-05 23:30 - 2021-12-08 18:40 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2024-03-05 22:09 - 2022-02-26 11:18 - 000000000 ____D C:\Users\Aya\AppData\Local\LGHUB 2024-03-05 18:01 - 2023-09-09 13:34 - 000000000 ____D C:\Users\Aya\AppData\Roaming\G HUB 2024-03-05 14:04 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\NDF 2024-03-05 12:12 - 2022-10-30 19:07 - 000000000 ____D C:\Users\Aya\AppData\Local\SynologyDrive 2024-03-05 11:59 - 2023-09-27 20:49 - 000000048 _____ C:\WINDOWS\SysWOW64\EUTB.TODL 2024-03-05 10:38 - 2022-02-26 11:18 - 000000000 ____D C:\Users\Aya\AppData\Roaming\LGHUB 2024-03-05 10:09 - 2021-12-08 18:50 - 000000000 ____D C:\Users\Aya\AppData\Roaming\vlc 2024-03-05 00:02 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\appcompat 2024-03-04 19:09 - 2024-01-19 20:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyDesk 2024-03-04 19:09 - 2023-12-21 09:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 7.6 2024-03-04 19:09 - 2023-12-19 15:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soda PDF Desktop 14 2024-03-04 19:09 - 2023-11-29 15:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent 2024-03-04 19:09 - 2023-11-08 20:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 2024-03-04 19:09 - 2023-10-25 12:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos 2024-03-04 19:09 - 2023-10-23 15:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2024-03-04 19:09 - 2023-10-23 13:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla Pro 2024-03-04 19:09 - 2023-09-27 20:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup 16.0 2024-03-04 19:09 - 2023-09-17 19:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock 2024-03-04 19:09 - 2023-09-16 20:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BatchPhoto 2024-03-04 19:09 - 2023-05-14 16:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2024-03-04 19:09 - 2023-04-03 11:59 - 000000000 ____D C:\Users\Aya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom 2024-03-04 19:09 - 2023-04-01 15:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother 2024-03-04 19:09 - 2022-12-06 10:38 - 000000000 ____D C:\Users\Aya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop 2024-03-04 19:09 - 2022-12-04 17:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone MaxView 2024-03-04 19:09 - 2022-11-19 00:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FolderSizes 9 2024-03-04 19:09 - 2022-10-30 15:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synology 2024-03-04 19:09 - 2022-10-03 10:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2024-03-04 19:09 - 2022-09-29 20:30 - 000000000 ____D C:\Users\Aya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager 2024-03-04 19:09 - 2022-09-29 20:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager 2024-03-04 19:09 - 2022-09-22 20:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScissors 2024-03-04 19:09 - 2022-09-13 07:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speedtest By Ookla 2024-03-04 19:09 - 2022-08-11 20:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleverFiles Disk Drill (x64) 2024-03-04 19:09 - 2022-08-08 20:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duplicate File Detective 7 2024-03-04 19:09 - 2022-08-08 19:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spotify 2024-03-04 19:09 - 2022-07-27 11:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picture Collage Maker Pro 2024-03-04 19:09 - 2022-07-27 10:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FigrCollage 2024-03-04 19:09 - 2022-07-02 23:08 - 000000000 ____D C:\WINDOWS\system32\qZsYas 2024-03-04 19:09 - 2022-06-26 21:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Schoolhouse Technologies 2024-03-04 19:09 - 2022-06-24 10:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kundli for Windows 5.5 2024-03-04 19:09 - 2022-06-07 12:29 - 000000000 ____D C:\Users\Aya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pdfFactory Pro 2024-03-04 19:09 - 2022-05-07 22:24 - 000000000 ____D C:\WINDOWS\system32\appmgmt 2024-03-04 19:09 - 2022-05-06 23:24 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template 2024-03-04 19:09 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy 2024-03-04 19:09 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase 2024-03-04 19:09 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\spool 2024-03-04 19:09 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth 2024-03-04 19:09 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData 2024-03-04 19:09 - 2022-04-24 23:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Listary 2024-03-04 19:09 - 2022-03-16 22:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hard Disk Sentinel 2024-03-04 19:09 - 2022-02-02 22:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueParrott Updater 2024-03-04 19:09 - 2022-01-28 11:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 2024-03-04 19:09 - 2022-01-07 18:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default) 2024-03-04 19:09 - 2021-12-08 18:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2024-03-04 19:09 - 2021-12-08 18:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix 2024-03-04 19:09 - 2021-12-08 18:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2024-03-04 19:09 - 2021-12-08 18:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboCollage - Collage Maker 2024-03-04 19:09 - 2021-12-08 18:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFPasswordRemover 2024-03-04 19:09 - 2021-12-08 18:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2024-03-04 19:09 - 2021-12-08 18:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Photo Resizer 2024-03-04 19:09 - 2021-12-08 18:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer 2024-03-04 19:09 - 2021-12-08 18:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Capture 2024-03-04 19:09 - 2021-06-05 06:10 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated 2024-03-04 19:09 - 2019-12-07 03:14 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy 2024-03-04 19:09 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\MsDtc 2024-03-04 18:34 - 2022-05-06 23:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2024-03-04 18:34 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\oobe 2024-03-04 18:34 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\appraiser 2024-03-04 18:34 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\ShellExperiences 2024-03-04 18:34 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\ShellComponents 2024-03-04 18:32 - 2022-05-06 23:24 - 000000000 ___RD C:\WINDOWS\PrintDialog 2024-03-04 18:19 - 2021-12-08 17:39 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2024-03-04 18:16 - 2022-09-21 20:43 - 000000000 ____D C:\Users\Aya\AppData\Local\StartAllBack 2024-03-04 18:16 - 2021-12-08 17:33 - 000000000 __RHD C:\Users\Public\AccountPictures 2024-03-04 18:15 - 2022-05-06 23:28 - 000000000 ____D C:\WINDOWS\Setup 2024-03-04 18:14 - 2022-05-06 23:24 - 000000000 ____D C:\Program Files\Windows Defender 2024-03-04 18:12 - 2022-09-17 23:09 - 000028492 _____ C:\WINDOWS\system32\emptyregdb.dat 2024-03-04 18:11 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2024-03-04 17:40 - 2024-01-11 21:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaHuman 2024-03-04 17:40 - 2023-07-14 19:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Radiant Imaging Labs 2024-03-04 17:40 - 2022-09-17 23:01 - 000000000 ____D C:\WINDOWS\Firmware 2024-03-04 17:40 - 2022-06-02 18:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare 2024-03-04 17:40 - 2022-01-24 15:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aiseesoft 2024-03-04 17:40 - 2022-01-14 18:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2024-03-04 17:40 - 2021-12-21 15:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RSA 2024-03-04 17:40 - 2021-12-12 22:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Summitsoft 2024-03-04 17:39 - 2023-10-30 09:39 - 000000000 ____D C:\Users\Aya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rapoo 2024-03-04 17:39 - 2022-05-06 23:24 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows 2024-03-04 17:38 - 2022-05-07 01:39 - 000000000 ___SD C:\WINDOWS\system32\AppV 2024-03-04 17:38 - 2022-05-07 01:39 - 000000000 ____D C:\WINDOWS\InboxApps 2024-03-04 17:38 - 2022-05-06 23:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs 2024-03-04 17:38 - 2022-05-06 23:24 - 000000000 ___SD C:\WINDOWS\system32\UNP 2024-03-04 17:38 - 2022-05-06 23:24 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2024-03-04 17:38 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\UUS 2024-03-04 17:38 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2024-03-04 17:38 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN 2024-03-04 17:38 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2024-03-04 17:38 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation 2024-03-04 17:38 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2024-03-04 17:38 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV 2024-03-04 17:38 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT 2024-03-04 17:38 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID 2024-03-04 17:38 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES 2024-03-04 17:38 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES 2024-03-04 17:38 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE 2024-03-04 17:38 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX 2024-03-04 17:38 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES 2024-03-04 17:38 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2024-03-04 17:38 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\vi-VN 2024-03-04 17:38 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences 2024-03-04 17:38 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm 2024-03-04 17:38 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\setup 2024-03-04 17:38 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates 2024-03-04 17:38 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation 2024-03-04 17:38 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\migwiz 2024-03-04 17:38 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\lv-LV 2024-03-04 17:38 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\lt-LT 2024-03-04 17:38 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\id-ID 2024-03-04 17:38 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient 2024-03-04 17:38 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\gl-ES 2024-03-04 17:38 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\eu-ES 2024-03-04 17:38 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\et-EE 2024-03-04 17:38 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\es-MX 2024-03-04 17:38 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\Dism 2024-03-04 17:38 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\DDFs 2024-03-04 17:38 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\ca-ES 2024-03-04 17:38 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\Provisioning 2024-03-04 17:38 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2024-03-04 17:38 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\DiagTrack 2024-03-04 17:38 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\BrowserCore 2024-03-04 17:38 - 2022-05-06 23:24 - 000000000 ____D C:\Program Files\Common Files\System 2024-03-04 17:37 - 2022-05-07 01:39 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll 2024-03-04 17:37 - 2022-05-06 23:25 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll 2024-03-04 17:37 - 2022-05-06 23:25 - 000076800 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll 2024-03-04 17:37 - 2022-05-06 23:24 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll 2024-03-04 17:37 - 2022-05-06 23:24 - 000118784 _____ (Khronos Group) C:\WINDOWS\system32\opencl.dll 2024-03-04 17:32 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\OCR 2024-03-04 17:30 - 2022-05-07 01:39 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2024-03-04 17:30 - 2022-05-07 01:39 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2024-03-04 17:30 - 2022-05-07 01:30 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN 2024-03-04 17:30 - 2022-05-07 01:30 - 000000000 ____D C:\WINDOWS\system32\WCN 2024-03-04 17:30 - 2022-05-06 23:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12 2024-03-04 17:30 - 2022-05-06 23:24 - 000000000 ___SD C:\WINDOWS\system32\F12 2024-03-04 17:30 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2024-03-04 17:30 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\IME 2024-03-04 17:30 - 2022-05-06 23:24 - 000000000 ____D C:\Program Files (x86)\Windows Defender 2024-03-04 17:11 - 2022-09-17 22:25 - 000000036 _____ C:\WINDOWS\progress.ini 2024-03-04 15:22 - 2021-12-08 18:29 - 000000000 ____D C:\Users\Aya\AppData\Local\SquirrelTemp 2024-03-04 14:18 - 2022-01-23 15:43 - 000000000 ____D C:\Users\Aya\AppData\Local\ElevatedDiagnostics 2024-03-04 14:02 - 2022-02-02 18:46 - 000000000 ____D C:\Users\Aya\Documents\Sound recordings 2024-03-03 21:38 - 2022-01-04 19:14 - 000000000 ____D C:\Users\Aya\AppData\Local\Downloaded Installations 2024-03-01 20:26 - 2023-12-29 20:57 - 000000000 ____D C:\Program Files (x86)\uTorrent 2024-02-29 18:38 - 2021-12-08 18:38 - 000001403 _____ C:\Users\Aya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk 2024-02-27 18:56 - 2022-10-03 10:53 - 000000000 ____D C:\Users\Aya\AppData\Roaming\Microsoft\Skype for Desktop 2024-02-24 19:28 - 2023-12-12 21:07 - 000002084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk 2024-02-24 19:28 - 2023-12-12 21:07 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk 2024-02-21 17:46 - 2022-05-07 22:02 - 000000000 ____D C:\Program Files\Xerox 2024-02-20 19:55 - 2023-04-08 21:36 - 000000000 ____D C:\Program Files (x86)\TurboTax 2022 2024-02-20 19:55 - 2023-03-24 20:10 - 000000000 ____D C:\ProgramData\T2022bk 2024-02-20 17:42 - 2021-12-31 10:38 - 000000000 ____D C:\Output 2024-02-20 17:35 - 2022-02-09 22:54 - 000000000 ____D C:\Users\Aya\Documents\TurboTax 2024-02-20 12:48 - 2022-02-08 19:39 - 000000000 ____D C:\Users\Aya\AppData\Roaming\Intuit Canada 2024-02-20 12:47 - 2022-02-08 19:38 - 000000000 ____D C:\ProgramData\Intuit Canada ==================== Files in the root of some directories ======== 2022-07-27 10:58 - 2022-08-03 16:12 - 000000480 _____ () C:\Users\Aya\AppData\Local\{1C392055-F29F-406A-9E2F-DF9126808B50} 2021-12-08 18:26 - 2022-08-02 16:04 - 000000686 _____ () C:\Users\Aya\AppData\Local\{63BE1D37-80D5-4693-826C-3B6A361CE219} 2022-07-27 10:58 - 2022-08-02 22:07 - 000000000 _____ () C:\Users\Aya\AppData\Local\{7E2F1B10-9A7F-4BA7-98C6-2BBC6CBFF1B1} 2021-12-08 18:26 - 2022-08-02 15:58 - 000000000 _____ () C:\Users\Aya\AppData\Local\{AAF86E04-803E-48BB-9492-DDAD527365CB} ==================== FLock ============================== 2024-03-15 18:26 C:\ProgramData\brikyftanlpt 2024-03-19 19:38 C:\ProgramData\iitpbysmgxhg ==================== FCheck ================================ (If an entry is included in the fixlist, the file/folder will be moved.) FCheck: C:\WINDOWS\SysWOW64\MdSched.exe [2022-06-01] <==== ATTENTION (zero byte File/Folder) FCheck: C:\WINDOWS\SysWOW64\msconfig.exe [2022-06-01] <==== ATTENTION (zero byte File/Folder) FCheck: C:\WINDOWS\SysWOW64\RecoveryDrive.exe [2022-06-01] <==== ATTENTION (zero byte File/Folder) FCheck: C:\WINDOWS\SysWOW64\SnippingTool.exe [2022-06-01] <==== ATTENTION (zero byte File/Folder) FCheck: C:\WINDOWS\SysWOW64\WFS.exe [2022-06-01] <==== ATTENTION (zero byte File/Folder) ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================