Tweet
attached MWAV0001
-
-
Download ZHP Suite to your desktop.
Right Click Run as admin.
Hit the scanner button.
Once it is complete a file name ZHPdiag.txt will be on your desktop.
Attach it.Comment
-
there ya goComment
-
I’ll check when I get home.Comment
-
ok, tyComment
-
Copy the content of the code box below.
[COLOR=rgb(184, 49, 47)]Do not copy the word code!!!
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next message.
[/COLOR]Code:start:: CreateRestorePoint: CloseProcesses: DeleteKey: HKCU\SOFTWARE\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c DeleteKey: HKU\S-1-5-21-2215749033-445842302-415398914-1001\SOFTWARE\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4 C:\Scripts C:\Users\justc\AppData\Roaming\c C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\amlielhlgedcjnbkilihjhoheammcbgm C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdkehkdnojcndhhilglklegbakenkgb C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pnjcioekgpbcdgcnklcnmihpgjjimgoc C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\admmjipmmciaobhojoghlmleefbicajg C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caiblelclndcckfafdaggpephhgfpoip C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lcccdlklhahfmobgpnilndimkankpnkg CMD: "C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe" /SunValley /ForceUninstall emptytemp: Reboot: End::
Comment
-
Sorry about not seeing page 2. My bad.
[HEADING=1]Fix result of Farbar Recovery Scan Tool (x64) Version: 25-09-2023
Ran by justc (01-10-2023 01:09:49) Run:2
Running from C:\Users\justc\Desktop
Loaded Profiles: justc
Boot Mode: Normal[/HEADING]
fixlist content:
start::
CreateRestorePoint:
CloseProcesses:
DeleteKey: HKCU\SOFTWARE\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c
DeleteKey: HKU\S-1-5-21-2215749033-445842302-415398914-1001\SOFTWARE\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c
C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4
C:\Scripts
C:\Users\justc\AppData\Roaming\c
C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\amlielhlgedcjnbkilihjhohea mmcbgm
C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdkehkdnojcndhhilglklegba kenkgb
C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pnjcioekgpbcdgcnklcnmihpgj jimgoc
C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\admmjipmmciaobhojoghlmleef bicajg
C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caiblelclndcckfafdaggpephh gfpoip
C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lcccdlklhahfmobgpnilndimka nkpnkg
CMD: “C:\Program Files (x86)\WindowsInstallationAssistant\Windows10Upgrad erApp.exe” /SunValley /ForceUninstall
emptytemp:
Reboot:
End::
Restore point was successfully created.
Processes closed successfully.
HKCU\SOFTWARE\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c => removed successfully
HKU\S-1-5-21-2215749033-445842302-415398914-1001\SOFTWARE\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c => not found
“C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4” folder move:
Could not move “C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4” => Scheduled to move on reboot.
“C:\Scripts” folder move:
Could not move “C:\Scripts” => Scheduled to move on reboot.
C:\Users\justc\AppData\Roaming\c => moved successfully
“C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\amlielhlgedcjnbkilihjhohea mmcbgm” folder move:
Could not move “C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\amlielhlgedcjnbkilihjhohea mmcbgm” => Scheduled to move on reboot.
“C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdkehkdnojcndhhilglklegba kenkgb” folder move:
Could not move “C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdkehkdnojcndhhilglklegba kenkgb” => Scheduled to move on reboot.
“C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pnjcioekgpbcdgcnklcnmihpgj jimgoc” folder move:
Could not move “C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pnjcioekgpbcdgcnklcnmihpgj jimgoc” => Scheduled to move on reboot.
“C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\admmjipmmciaobhojoghlmleef bicajg” folder move:
Could not move “C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\admmjipmmciaobhojoghlmleef bicajg” => Scheduled to move on reboot.
“C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caiblelclndcckfafdaggpephh gfpoip” folder move:
Could not move “C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caiblelclndcckfafdaggpephh gfpoip” => Scheduled to move on reboot.
“C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lcccdlklhahfmobgpnilndimka nkpnkg” folder move:
Could not move “C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lcccdlklhahfmobgpnilndimka nkpnkg” => Scheduled to move on reboot.
========= “C:\Program Files (x86)\WindowsInstallationAssistant\Windows10Upgrad erApp.exe” /SunValley /ForceUninstall =========
‘C:\Program’ is not recognized as an internal or external command,
operable program or batch file.
========= End of CMD: =========
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 32090522 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 7982 B
Edge => 0 B
Chrome => 469145633 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 51428 B
NetworkService => 62012 B
justc => 34001275 B
RecycleBin => 14050 B
EmptyTemp: => 511.8 MB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 01-10-2023 01:12:45)
C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4 => Is moved successfully
C:\Scripts => Is moved successfully
C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\amlielhlgedcjnbkilihjhohea mmcbgm => Is moved successfully
C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdkehkdnojcndhhilglklegba kenkgb => Is moved successfully
C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pnjcioekgpbcdgcnklcnmihpgj jimgoc => Is moved successfully
C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\admmjipmmciaobhojoghlmleef bicajg => Is moved successfully
C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caiblelclndcckfafdaggpephh gfpoip => Is moved successfully
C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lcccdlklhahfmobgpnilndimka nkpnkg => Is moved successfully
==== End of Fixlog 01:12:45 ====Comment
-
Can you post fresh frst and Addition.txt logs please.
Along with letting me known if there are any issues .Comment
-
ok
Code:==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AfVpnService; C:\Program Files\Bitdefender\Bitdefender VPN\hydra.sdk.windows.service.exe [439856 2023-06-07] (Bitdefender SRL → AnchorFree Inc.) R2 BDAppSrv; C:\Program Files\Bitdefender\Bitdefender Security App\bdservicehost.exe [842264 2023-09-14] (Bitdefender SRL → Bitdefender) R2 BDAuxSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [842264 2023-09-14] (Bitdefender SRL → Bitdefender) R2 BDProtSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [842264 2023-09-14] (Bitdefender SRL → Bitdefender) R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2946088 2023-07-20] (Bitdefender SRL → Bitdefender) R2 bdredline_agent; C:\Program Files\Bitdefender Agent\redline\bdredline.exe [2560552 2023-07-20] (Bitdefender SRL → Bitdefender) R2 BDSafepaySrv; C:\Program Files\Bitdefender\Bitdefender Security App\Safepay\bdservicehost.exe [842264 2023-09-14] (Bitdefender SRL → Bitdefender) R2 bdvpnservice; C:\Program Files\Bitdefender\Bitdefender VPN\bdvpnservice.exe [474672 2023-08-18] (Bitdefender SRL → Bitdefender) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11817040 2023-09-01] (Microsoft Corporation → Microsoft Corporation) S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncHelper.exe [3511720 2023-09-29] (Microsoft Corporation → Microsoft Corporation) S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.189.0910.0001\OneDriveUpdaterService.exe [3849128 2023-09-29] (Microsoft Corporation → Microsoft Corporation) R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [659496 2023-07-27] (Bitdefender SRL → Bitdefender) R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [288792 2023-09-14] (Bitdefender SRL → Bitdefender) R2 VCUpdateSvc; C:\Program Files\Verizon Cloud\VerizonCloudUpdater.exe [54608 2023-08-25] (Verizon Data Services LLC → Verizon) R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [842264 2023-09-14] (Bitdefender SRL → Bitdefender) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-09-17] (Microsoft Windows Publisher → Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-09-17] (Microsoft Windows Publisher → Microsoft Corporation) R2 Windhawk; C:\Program Files\Windhawk\windhawk.exe [762840 2023-09-17] (Michael Maltsev → Ramen Software) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 atc; C:\Windows\System32\DRIVERS\atc.sys [6205488 2023-08-10] (Microsoft Windows Hardware Compatibility Publisher → Bitdefender S.R.L. Bucharest, ROMANIA) R2 BdDci; C:\Windows\system32\DRIVERS\bddci.sys [798128 2022-09-29] (Microsoft Windows Hardware Compatibility Publisher → Bitdefender) S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [22976 2020-12-17] (Microsoft Windows Early Launch Anti-malware Publisher → Bitdefender) R3 bdprivmon; C:\Windows\system32\DRIVERS\bdprivmon.sys [49200 2023-08-09] (Microsoft Windows Hardware Compatibility Publisher → Bitdefender SRL) S3 bduefiscan; C:\Windows\system32\DRIVERS\bduefiscan.sys [39840 2022-08-12] (Microsoft Windows Hardware Compatibility Publisher → Bitdefender) R1 bdvpn_netfilter; C:\Windows\System32\drivers\bdvpn_netfilter.sys [94600 2021-09-16] (Pango Inc. → Pango Inc) S3 cpuz154; C:\Windows\temp\cpuz154\cpuz154_x64.sys [40976 2023-10-01] (Microsoft Windows Hardware Compatibility Publisher → CPUID) R1 Gemma; C:\Windows\System32\DRIVERS\gemma.sys [1347496 2023-07-12] (Microsoft Windows Hardware Compatibility Publisher → BitDefender S.R.L. Bucharest, ROMANIA) R2 Ignisv2; C:\Windows\system32\DRIVERS\ignisv2.sys [165312 2023-08-06] (Microsoft Windows Hardware Compatibility Publisher → Bitdefender) R3 tap0901; C:\Windows\System32\drivers\tap0901.sys [47920 2021-09-16] (Microsoft Windows Hardware Compatibility Publisher → The OpenVPN Project) R2 trufos; C:\Windows\System32\DRIVERS\trufos.sys [633248 2022-12-07] (Microsoft Windows Hardware Compatibility Publisher → Bitdefender) R0 vlflt; C:\Windows\System32\DRIVERS\vlflt.sys [522136 2023-03-17] (Microsoft Windows Hardware Compatibility Publisher → Bitdefender) S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [55872 2023-09-17] (Microsoft Windows Early Launch Anti-malware Publisher → Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [574872 2023-09-17] (Microsoft Windows → Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105864 2023-09-17] (Microsoft Windows → Microsoft Corporation) S3 AscFileFilter; ??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys S3 AscRegistryFilter; ??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.sys ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2023-10-02 14:01 - 2023-10-02 14:03 - 000005603 _____ C:\Users\justc\Desktop\FRST.txt 2023-10-02 14:01 - 2023-10-02 14:02 - 000000000 ____D C:\FRST 2023-10-02 14:00 - 2023-10-02 14:00 - 002382848 _____ (Farbar) C:\Users\justc\Desktop\FRST64.exe 2023-10-02 12:08 - 2023-10-02 12:08 - 000000000 ____D C:\Users\justc\AppData\Roaming\SnookerQ 2023-10-02 12:07 - 2023-10-02 12:07 - 000001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SnookerQ.lnk 2023-10-02 12:07 - 2023-10-02 12:07 - 000000000 ____D C:\Program Files (x86)\SnookerQ 2023-10-02 12:06 - 2023-10-02 12:06 - 107353130 _____ (SnookerQ Inc. ) C:\Users\justc\Downloads\SnookerQSetup-20230923-0.1.710.exe 2023-10-02 12:05 - 2023-10-02 12:05 - 107353130 _____ (SnookerQ Inc. ) C:\Users\justc\Downloads\SnookerQSetup-20230923-0.1.710 (1).exe 2023-10-02 11:58 - 2023-10-02 11:59 - 107353130 _____ (SnookerQ Inc. ) C:\Users\justc\Desktop\SnookerQSetup-20230923-0.1.710.exe 2023-10-02 11:24 - 2023-10-02 11:24 - 000000000 ____D C:\Users\justc\Verizon Cloud 2023-10-02 09:43 - 2023-10-02 09:43 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\HTML Help 2023-10-02 09:40 - 2023-10-02 09:59 - 000000000 ____D C:\Users\justc\AppData\Roaming\CoreFTP 2023-10-02 09:38 - 2023-10-02 09:38 - 003978758 _____ C:\Users\justc\Desktop\coreftplite64.exe 2023-10-02 09:38 - 2023-10-02 09:38 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Core FTP (x64) 2023-10-02 09:38 - 2023-10-02 09:38 - 000000000 ____D C:\Program Files\CoreFTP 2023-10-02 02:26 - 2023-10-02 02:26 - 000000000 ____D C:\Users\justc\AppData\Local\OO Software 2023-10-02 02:23 - 2023-10-02 02:23 - 000003656 _____ C:\Windows\system32\Tasks\CreateExplorerShellUnelevatedTask 2023-10-02 02:22 - 2023-10-02 02:22 - 000000000 ____D C:\KPRM 2023-10-02 01:27 - 2023-10-02 02:23 - 000000000 ____D C:\Users\justc\AppData\Local\ESET 2023-10-01 19:39 - 2023-10-01 19:39 - 000000000 ____D C:\Users\justc\AppData\Local\CEF 2023-10-01 19:33 - 2023-10-02 01:05 - 000000000 ____D C:\Users\justc\AppData\Roaming\ZHP 2023-10-01 19:19 - 2023-10-01 19:19 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc 2023-10-01 19:07 - 2023-10-01 19:07 - 000000015 _____ C:\Users\justc\advanced_ip_scanner_Comments.bin 2023-10-01 19:07 - 2023-10-01 19:07 - 000000015 _____ C:\Users\justc\advanced_ip_scanner_Aliases.bin 2023-10-01 19:07 - 2023-10-01 19:07 - 000000004 _____ C:\Users\justc\advanced_ip_scanner_MAC.bin 2023-10-01 19:06 - 2023-10-01 19:06 - 000000000 ____D C:\Windows\Tasks\ImCleanDisabled 2023-10-01 19:03 - 2023-10-01 19:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2023-10-01 19:03 - 2023-10-01 19:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskCheckup 2023-10-01 19:03 - 2023-10-01 19:03 - 000000000 ____D C:\Program Files\FileZilla FTP Client 2023-10-01 19:03 - 2023-10-01 19:03 - 000000000 ____D C:\Program Files (x86)\DiskCheckup 2023-10-01 19:02 - 2023-10-01 19:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID 2023-10-01 19:02 - 2023-10-01 19:02 - 000000000 ____D C:\Program Files\CPUID 2023-10-01 19:01 - 2023-10-02 11:42 - 000000000 ____D C:\Program Files\CCleaner 2023-10-01 19:01 - 2023-10-02 01:24 - 000000760 _____ C:\Windows\Tasks\CCleanerCrashReporting.job 2023-10-01 19:01 - 2023-10-01 19:02 - 000003472 _____ C:\Windows\system32\Tasks\CCleanerCrashReporting 2023-10-01 19:01 - 2023-10-01 19:01 - 000003936 _____ C:\Windows\system32\Tasks\CCleaner Update 2023-10-01 19:01 - 2023-10-01 19:01 - 000002904 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC - justc 2023-10-01 19:01 - 2023-10-01 19:01 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk 2023-10-01 19:01 - 2023-10-01 19:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2023-10-01 18:58 - 2023-10-01 18:59 - 000000000 ____D C:\Users\justc\AppData\Roaming\Atom 2023-10-01 18:58 - 2023-10-01 18:59 - 000000000 ____D C:\Users\justc.atom 2023-10-01 18:57 - 2023-10-01 19:19 - 000000000 ____D C:\Users\justc\AppData\Local\atom 2023-10-01 18:57 - 2023-10-01 18:58 - 000000000 ____D C:\Users\justc\AppData\Local\SquirrelTemp 2023-10-01 18:56 - 2023-10-01 19:19 - 000000000 ____D C:\Users\justc\AppData\Roaming\AnyDesk 2023-10-01 18:56 - 2023-10-01 19:19 - 000000000 ____D C:\ProgramData\AnyDesk 2023-10-01 18:56 - 2023-10-01 19:19 - 000000000 ____D C:\Program Files\AnyDesk 2023-10-01 18:55 - 2023-10-01 18:55 - 000001848 _____ C:\Windows\system32\Tasks\Amazon Music Helper 2023-10-01 18:55 - 2023-10-01 18:55 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music 2023-10-01 18:54 - 2023-10-01 18:55 - 000000000 ____D C:\Users\justc\AppData\Local\Amazon Music 2023-10-01 18:51 - 2023-10-02 01:05 - 000000000 ____D C:\ProgramData\IObit 2023-10-01 18:51 - 2023-10-01 23:41 - 000000000 ____D C:\Users\justc\AppData\LocalLow\IObit 2023-10-01 18:51 - 2023-10-01 18:53 - 000000000 ____D C:\Users\justc\AppData\Local\Innovative Solutions 2023-10-01 18:51 - 2023-10-01 18:51 - 000000000 ____D C:\ProgramData\ProductData 2023-10-01 18:51 - 2023-10-01 18:51 - 000000000 ____D C:\ProgramData{7D4F950D-61ED-482D-A05D-43620B49B610} 2023-10-01 18:50 - 2023-10-01 23:41 - 000000000 ____D C:\Program Files (x86)\IObit 2023-10-01 18:50 - 2023-10-01 19:13 - 000000000 ____D C:\Users\justc\AppData\Roaming\IObit 2023-10-01 18:50 - 2023-10-01 18:50 - 000000000 ____D C:\Users\justc\AppData\Local\Adobe 2023-10-01 18:50 - 2023-10-01 18:50 - 000000000 ____D C:\Users\Default\AppData\Roaming\Macromedia 2023-10-01 18:50 - 2023-10-01 18:50 - 000000000 ____D C:\ProgramData\Adobe 2023-10-01 18:48 - 2023-10-01 19:13 - 000000000 ____D C:\Program Files (x86)\Adobe 2023-10-01 18:47 - 2023-10-01 19:39 - 000000000 ____D C:\ProgramData\360Quarant 2023-10-01 18:46 - 2023-10-01 18:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2023-10-01 18:46 - 2023-10-01 18:46 - 000000000 ____D C:\Program Files\7-Zip 2023-10-01 18:44 - 2023-10-02 01:25 - 000000000 ____D C:\Program Files (x86)\360 2023-10-01 18:42 - 2023-10-01 18:42 - 000000000 ____D C:\Users\justc\AppData\Local\Patch_My_PC,_LLC 2023-10-01 02:01 - 2023-10-01 02:01 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2023-10-01 02:01 - 2023-10-01 02:01 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2023-10-01 02:01 - 2023-10-01 02:01 - 000002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2023-10-01 02:01 - 2023-10-01 02:01 - 000002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2023-10-01 02:01 - 2023-10-01 02:01 - 000002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2023-10-01 02:01 - 2023-10-01 02:01 - 000002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2023-10-01 02:01 - 2023-10-01 02:01 - 000002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk 2023-10-01 02:01 - 2023-10-01 02:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2023-10-01 01:13 - 2023-10-01 01:13 - 000000000 ____D C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4 2023-10-01 00:32 - 2023-10-01 00:32 - 000710972 _____ C:\ProgramData\cl.1696134161.bdinstall.v2.bin 2023-10-01 00:32 - 2023-10-01 00:32 - 000120408 _____ C:\ProgramData\cl.kit.1696134156.bdinstall.v2.bin 2023-10-01 00:26 - 2023-10-01 00:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Security 2023-10-01 00:24 - 2023-10-01 00:24 - 000000000 ____D C:\Users\justc\AppData\Roaming\Bitdefender 2023-10-01 00:04 - 2023-10-01 00:04 - 043134544 _____ C:\Users\justc\Downloads\Bitdefender_2023_Uninstall_Tool (3).exe 2023-10-01 00:04 - 2023-10-01 00:04 - 000009988 _____ C:\ProgramData\uninstalltool.1696133085.bdinstall.v2.bin 2023-10-01 00:03 - 2023-10-01 00:04 - 043134544 _____ C:\Users\justc\Downloads\Bitdefender_2023_Uninstall_Tool (2).exe 2023-09-30 19:29 - 2023-09-30 19:29 - 000000000 ____D C:\Windows\system32\Tasks\Meta 2023-09-30 19:28 - 2023-09-30 19:28 - 076637736 _____ (Facebook, Inc.) C:\Users\justc\Downloads\Messenger.196.0.0.4.210.exe 2023-09-30 19:26 - 2023-09-30 19:26 - 002904424 _____ (Opera Software) C:\Users\justc\Downloads\OperaSetup.exe 2023-09-30 18:49 - 2023-09-30 18:49 - 043134544 _____ C:\Users\justc\Downloads\Bitdefender_2023_Uninstall_Tool (1).exe 2023-09-30 18:48 - 2023-09-30 18:49 - 043134544 _____ C:\Users\justc\Downloads\Bitdefender_2023_Uninstall_Tool.exe 2023-09-30 16:26 - 2023-09-30 16:26 - 000000000 ____D C:\Users\justc\Desktop\Missy.Mikes business cards 2023-09-29 16:41 - 2023-09-29 16:42 - 000029018 _____ C:\Users\justc\Downloads\8th Grade Athlete Recognition Night Form (1).pdf 2023-09-29 16:39 - 2023-09-29 16:39 - 000029018 _____ C:\Users\justc\Downloads\8th Grade Athlete Recognition Night Form.pdf 2023-09-29 08:38 - 2023-09-29 08:38 - 000000000 ____D C:\PUB 2023-09-29 08:37 - 2023-09-29 08:50 - 000000054 _____ C:\Windows\Lic.*** 2023-09-29 08:36 - 2023-09-29 08:36 - 000176760 _____ (MicroWorld Technologies Inc.) C:\Windows\SysWOW64\eEmpty.exe 2023-09-29 08:36 - 2023-09-29 08:36 - 000000000 ____D C:\ProgramData\MicroWorld 2023-09-29 08:33 - 2023-09-29 08:34 - 303908928 _____ (MicroWorld Technologies Inc.) C:\Users\justc\Downloads\mwav (4).exe 2023-09-29 08:33 - 2023-09-29 08:34 - 303908928 _____ (MicroWorld Technologies Inc.) C:\Users\justc\Downloads\mwav (3).exe 2023-09-29 08:32 - 2023-09-29 08:32 - 015012420 _____ C:\Users\justc\Downloads\avz5.zip 2023-09-29 08:28 - 2023-09-29 08:28 - 000000396 _____ C:\Users\justc\Downloads\avzfix.txt 2023-09-29 08:20 - 2023-09-29 08:20 - 303908928 _____ (MicroWorld Technologies Inc.) C:\Users\justc\Downloads\mwav (2).exe 2023-09-29 08:18 - 2023-09-29 08:19 - 303908928 _____ (MicroWorld Technologies Inc.) C:\Users\justc\Downloads\mwav (1).exe 2023-09-29 07:54 - 2023-09-29 07:54 - 000000000 ____D C:\Users\justc\AppData\Local\ToastNotificationManagerCompat 2023-09-28 22:23 - 2023-09-28 22:23 - 000000000 ____D C:\Windows\ABR 2023-09-28 22:15 - 2023-09-28 22:15 - 018320588 _____ C:\Users\justc\Downloads\AutoLogger (1).zip 2023-09-28 22:09 - 2023-09-28 22:10 - 000388608 _____ (Trend Micro Inc.) C:\Users\justc\Downloads\HijackThis.exe 2023-09-28 22:09 - 2023-09-28 22:10 - 000388608 _____ (Trend Micro Inc.) C:\Users\justc\Downloads\HijackThis (1).exe 2023-09-28 16:03 - 2023-09-28 16:03 - 001029415 _____ C:\Users\justc\Downloads\RegSeeker47.zip 2023-09-28 13:11 - 2023-09-28 13:11 - 000000000 ____D C:\ProgramData\Hydra Windows SDK 2023-09-28 12:58 - 2023-09-28 12:58 - 000000121 _____ C:\Users\justc\Downloads\backup_codes.txt 2023-09-28 11:29 - 2023-09-28 11:29 - 000016059 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json 2023-09-28 10:57 - 2023-09-28 10:57 - 000000000 ___HD C:$WinREAgent 2023-09-27 22:43 - 2023-09-27 22:43 - 000092200 _____ C:\ProgramData\agent.update.1695869008.bdinstall.v2.bin 2023-09-27 22:42 - 2023-09-27 22:42 - 014026096 _____ C:\Users\justc\Downloads\bitdefender_windows_439a9349-ed46-4358-a035-c15a69ffedf2.exe 2023-09-27 22:19 - 2023-09-27 22:19 - 000213860 _____ C:\ProgramData\vpn.1695867536.bdinstall.v2.bin 2023-09-27 22:19 - 2023-09-27 22:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender VPN 2023-09-27 22:19 - 2023-09-27 22:19 - 000000000 ____D C:\ProgramData\AnchorFree_Inc 2023-09-27 22:19 - 2021-09-16 05:55 - 000094600 _____ (Pango Inc) C:\Windows\system32\Drivers\bdvpn_netfilter.sys 2023-09-27 22:11 - 2023-09-27 22:11 - 000000000 ____D C:\ProgramData\Gemma 2023-09-27 22:11 - 2023-09-27 22:11 - 000000000 ____D C:\ProgramData\Atc 2023-09-27 22:08 - 2023-09-28 19:48 - 000000000 ____D C:\ProgramData\BDLogging 2023-09-27 22:08 - 2023-09-27 22:08 - 000000000 ____D C:\Windows\system32\elambkup 2023-09-27 22:07 - 2023-09-27 22:07 - 000000000 ____D C:\Users\justc\AppData\Roaming\Bitdefender Security App 2023-09-27 22:05 - 2023-10-01 00:42 - 000000000 ____D C:\ProgramData\Bitdefender 2023-09-27 22:05 - 2023-10-01 00:24 - 000000000 ____D C:\Program Files\Bitdefender 2023-09-27 22:00 - 2023-10-01 00:24 - 000000000 ____D C:\Program Files\Common Files\Bitdefender 2023-09-27 21:59 - 2023-09-27 22:43 - 000003854 _____ C:\Windows\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 2023-09-27 21:57 - 2023-09-27 22:43 - 000000000 ____D C:\Program Files\Bitdefender Agent 2023-09-27 21:57 - 2023-09-27 21:57 - 000143364 _____ C:\ProgramData\agent.1695866221.bdinstall.v2.bin 2023-09-27 21:57 - 2023-09-27 21:57 - 000000000 ____D C:\Users\justc\AppData\Local\Bitdefender 2023-09-27 21:57 - 2023-09-27 21:57 - 000000000 ____D C:\ProgramData\Bitdefender Agent 2023-09-27 19:47 - 2023-09-27 19:47 - 014026096 _____ C:\Users\justc\Downloads\bitdefender_avfree.exe 2023-09-26 22:00 - 2023-09-26 22:00 - 001789560 _____ () C:\Users\justc\Downloads\Everything-1.4.1.1024.x86-Setup.exe 2023-09-26 20:32 - 2023-09-26 20:32 - 000000000 ____D C:\Users\justc\Documents\Custom Office Templates 2023-09-26 18:41 - 2023-09-27 17:54 - 000000000 ____D C:\Program Files\HijackThis 2023-09-26 17:16 - 2023-09-26 17:16 - 000290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe 2023-09-26 17:16 - 2023-09-26 17:16 - 000000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA 2023-09-26 10:41 - 2023-09-26 10:41 - 000000000 ____D C:\Program Files\Reference Assemblies 2023-09-26 10:41 - 2023-09-26 10:41 - 000000000 ____D C:\Program Files\MSBuild 2023-09-26 10:41 - 2023-09-26 10:41 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies 2023-09-26 10:41 - 2023-09-26 10:41 - 000000000 ____D C:\Program Files (x86)\MSBuild 2023-09-26 10:05 - 2023-09-26 10:14 - 000000000 ___D C:\Users\justc\AppData\Roaming\Geek Uninstaller 2023-09-26 10:05 - 2023-09-26 10:05 - 002961151 _____ C:\Users\justc\Downloads\geek.zip 2023-09-25 17:05 - 2023-09-25 17:05 - 005252911 _____ C:\Users\justc\Downloads\Fw more piks, couldn’t find none of rusty and bian younger.. tryin to make sure all the kids and g kids and g g kids are in.eml 2023-09-24 16:35 - 2023-09-24 16:35 - 000175687 _____ C:\Users\justc\Downloads\HarrellRaeleigh.pdf 2023-09-24 16:32 - 2023-09-24 16:32 - 022152410 _____ C:\Users\justc\Downloads\champion power washer manual.pdf 2023-09-24 16:30 - 2023-09-24 16:30 - 000000000 ____D C:\Users\justc\AppData\LocalLow\webviewdata 2023-09-24 16:13 - 2023-09-24 16:13 - 000000000 ____D C:\ProgramData\VerizonCloud 2023-09-24 16:12 - 2023-10-01 11:43 - 000000000 ____D C:\Users\justc\AppData\Local\VerizonCloud-Data 2023-09-24 16:12 - 2023-09-24 16:13 - 000000000 ____D C:\Windows\system32\Tasks\VerizonCloud 2023-09-24 16:12 - 2023-09-24 16:12 - 000000000 ____D C:\Users\justc\AppData\Local\IsolatedStorage 2023-09-24 15:49 - 2023-09-24 15:49 - 000002533 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon Cloud.lnk 2023-09-24 15:49 - 2023-09-24 15:49 - 000002521 _____ C:\Users\Public\Desktop\Verizon Cloud.lnk 2023-09-24 15:49 - 2023-09-24 15:49 - 000000000 ____D C:\Program Files\Verizon Cloud 2023-09-24 15:37 - 2023-09-24 15:48 - 028643328 _____ C:\Users\justc\Downloads\pc-vzcloud-install.msi 2023-09-24 14:16 - 2023-09-20 00:16 - 012339253 _____ C:\Users\justc\Desktop\Pool.Snooker (2).zip 2023-09-21 21:48 - 2023-09-21 21:48 - 000000721 _____ C:\Users\justc\Downloads\ATT00001 2023-09-21 20:34 - 2023-09-21 20:34 - 000000000 ____D C:\Users\justc\AppData\Roaming\CDTPL 2023-09-21 20:34 - 2023-09-21 20:34 - 000000000 ____D C:\ProgramData\CDTPL 2023-09-21 20:32 - 2023-09-21 20:33 - 087778968 _____ (SysTools Software Pvt Ltd ) C:\Users\justc\Downloads\pst-converter.exe 2023-09-21 07:33 - 2023-09-21 07:33 - 000002967 _____ C:\Users\justc\Downloads\ATT00001.htm 2023-09-20 09:44 - 2023-09-20 09:44 - 000000000 ____D C:\Windows\system32\RTCOM 2023-09-20 09:44 - 2023-09-20 09:44 - 000000000 ____D C:\Program Files\Waves 2023-09-20 09:44 - 2023-09-20 09:44 - 000000000 ____D C:\Program Files (x86)\Realtek 2023-09-20 09:42 - 2023-09-20 09:44 - 000000000 ____D C:\Windows\SysWOW64\RTCOM 2023-09-20 09:42 - 2023-09-20 09:42 - 000000000 ____D C:\Windows\system32\SRSLabs 2023-09-20 09:42 - 2023-09-20 09:42 - 000000000 ____D C:\Program Files\Realtek 2023-09-20 09:42 - 2017-06-19 04:19 - 005762544 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys 2023-09-20 09:42 - 2017-06-19 04:19 - 003685872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl 2023-09-20 09:42 - 2017-06-19 04:19 - 003545984 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 003541896 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 003213808 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 001373792 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000706472 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000692504 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000545808 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000460424 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000399448 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000355480 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000333272 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000333272 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000232696 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000225480 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000220120 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000203424 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000176456 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000174608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkXInterface64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000161928 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000144168 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000120696 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000097952 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000094152 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000032384 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 013245712 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 013110360 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO4064.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 012129784 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxVoiceAPO30.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 007181592 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 007104872 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 003795400 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioMeters64.exe 2023-09-20 09:42 - 2017-06-19 04:18 - 002320104 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO7064.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 002218480 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 002058864 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 001991768 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 001804920 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 001613696 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 001530848 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 001444232 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 001233064 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 001185168 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 001017424 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000759192 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000742512 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000723208 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000693008 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000517448 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000457992 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000453824 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000342264 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000339112 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000283904 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000264952 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000264880 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000263928 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000212240 _____ (Waves Audio) C:\Windows\system32\MaxxAudioVienna264.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000131008 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll 2023-09-20 09:39 - 2017-10-01 20:13 - 000984032 _____ (Realtek ) C:\Windows\system32\Drivers\rt640x64.sys 2023-09-20 00:15 - 2023-09-20 00:16 - 012339253 _____ C:\Users\justc\Downloads\Pool.Snooker.zip 2023-09-20 00:15 - 2023-09-20 00:16 - 012339253 _____ C:\Users\justc\Downloads\Pool.Snooker (2).zip 2023-09-20 00:15 - 2023-09-20 00:16 - 012339253 _____ C:\Users\justc\Downloads\Pool.Snooker (1).zip 2023-09-19 14:49 - 2023-10-01 23:40 - 000000000 ____D C:\Users\justc\AppData\Local\Messenger 2023-09-19 14:49 - 2023-10-01 23:37 - 000000000 ____D C:\Users\justc\AppData\Roaming\Messenger 2023-09-19 14:49 - 2023-09-19 14:49 - 000002333 _____ C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Messenger.lnk 2023-09-19 14:49 - 2023-09-19 14:49 - 000000000 ____D C:\Users\justc\AppData\LocalLow\Messenger 2023-09-19 14:49 - 2023-09-19 14:49 - 000000000 ____D C:\Users\justc\AppData\Local\messenger-updater 2023-09-19 14:48 - 2023-09-19 14:49 - 076276840 _____ (Facebook, Inc.) C:\Users\justc\Downloads\Messenger.195.0.0.4.225 (1).exe 2023-09-19 14:48 - 2023-09-19 14:48 - 076276840 _____ (Facebook, Inc.) C:\Users\justc\Downloads\Messenger.195.0.0.4.225.exe 2023-09-19 14:34 - 2023-09-19 14:34 - 000000089 _____ C:\Users\justc\Downloads\recovery_codes.txt 2023-09-19 12:51 - 2023-09-19 12:51 - 000136344 _____ C:\Users\justc\Downloads\163217533609.JPEG 2023-09-19 10:16 - 2023-09-19 10:16 - 000006876 _____ C:\Users\justc\Downloads\start2.bin 2023-09-19 09:27 - 2023-10-01 00:17 - 000000000 ____D C:\Program Files\Microsoft OneDrive 2023-09-18 17:13 - 2023-09-18 17:13 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\InputMethod 2023-09-18 13:14 - 2023-09-18 13:14 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\UProof 2023-09-18 13:14 - 2023-09-18 13:14 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Proof 2023-09-17 23:01 - 2023-09-17 23:01 - 000000000 ___HD C:\ProgramData\CanonIJScan 2023-09-17 23:00 - 2023-09-17 23:01 - 000000000 ____D C:\Users\justc\AppData\Roaming\Canon 2023-09-17 22:57 - 2023-09-17 22:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX340 series 2023-09-17 22:57 - 2023-09-17 22:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon IJ Network Utilities 2023-09-17 22:57 - 2023-09-17 22:57 - 000000000 ____D C:\ProgramData\Canon IJ Network Tool 2023-09-17 22:56 - 2023-09-17 22:56 - 000000000 ___HD C:\ProgramData\CanonBJ 2023-09-17 22:56 - 2023-09-17 22:56 - 000000000 ____D C:\Windows\system32\STRING 2023-09-17 22:56 - 2023-09-17 22:56 - 000000000 ____D C:\Windows\system32\CanonIJ Uninstaller Information 2023-09-17 22:56 - 2023-09-17 22:56 - 000000000 ____D C:\Program Files\CanonBJ 2023-09-17 22:56 - 2012-06-14 17:18 - 000366592 _____ (CANON INC.) C:\Windows\SysWOW64\CNMNPPM.DLL 2023-09-17 22:56 - 2012-06-14 17:18 - 000359936 _____ (CANON INC.) C:\Windows\system32\CNMN6PPM.DLL 2023-09-17 22:56 - 2012-06-14 17:18 - 000039424 _____ (CANON INC.) C:\Windows\system32\CNMN6UI.DLL 2023-09-17 22:55 - 2023-09-17 22:55 - 032939648 _____ C:\Users\justc\Downloads\mp68-win-mx340-1_06-ea24.exe 2023-09-17 22:49 - 2023-09-17 22:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities 2023-09-17 22:49 - 2023-09-17 22:57 - 000000000 ____D C:\Program Files (x86)\Canon 2023-09-17 22:48 - 2023-09-17 22:49 - 047823992 _____ C:\Users\justc\Downloads\mpnx_3_1-win-3_14-ej.exe 2023-09-17 21:37 - 2023-10-02 09:50 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Word 2023-09-17 21:37 - 2023-09-29 12:42 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task 2023-09-17 21:37 - 2023-09-29 12:42 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2023-09-17 21:37 - 2023-09-17 21:48 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Office 2023-09-17 21:37 - 2023-09-17 21:37 - 000000000 ___RD C:\Users\Default\OneDrive 2023-09-17 21:37 - 2023-09-17 21:37 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\AddIns 2023-09-17 21:27 - 2023-09-17 21:35 - 000000000 ____D C:\Program Files\Microsoft Office 2023-09-17 21:27 - 2023-09-17 21:27 - 000000000 ____D C:\Program Files\Microsoft Office 15 2023-09-17 21:11 - 2023-10-02 12:48 - 000000000 ____D C:\Users\justc\AppData\Local\CrashDumps 2023-09-17 21:11 - 2023-09-17 21:14 - 000000000 ____D C:\ProgramData\Windhawk 2023-09-17 21:11 - 2023-09-17 21:11 - 000003562 _____ C:\Windows\system32\Tasks\WindhawkUpdateTask 2023-09-17 21:11 - 2023-09-17 21:11 - 000003000 _____ C:\Windows\system32\Tasks\WindhawkRunUITask 2023-09-17 21:11 - 2023-09-17 21:11 - 000001824 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windhawk.lnk 2023-09-17 21:10 - 2023-09-26 10:24 - 000000000 ____D C:\Users\justc\AppData\LocalLow\Temp 2023-09-17 21:09 - 2023-09-17 21:11 - 000000000 ____D C:\Program Files\Windhawk 2023-09-17 21:08 - 2023-09-17 21:09 - 129469224 _____ (Ramen Software) C:\Users\justc\Downloads\windhawk_setup.exe 2023-09-17 20:55 - 2023-09-17 21:34 - 000000000 ___HD C:$WINDOWS.~BT 2023-09-17 19:45 - 2023-09-17 19:45 - 000000000 ____D C:\Users\justc\AppData\Local\ElevatedDiagnostics 2023-09-17 19:17 - 2023-09-17 19:22 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\MMC 2023-09-17 17:45 - 2023-09-19 23:29 - 000000000 ____D C:\Windows\Panther 2023-09-17 17:33 - 2023-09-17 17:38 - 000000000 ____D C:\Users\justc\Documents\malwarebytes license key 2023-09-17 17:27 - 2023-09-17 21:34 - 000001908 _____ C:\Windows\diagwrn.xml 2023-09-17 17:27 - 2023-09-17 21:34 - 000001908 _____ C:\Windows\diagerr.xml 2023-09-17 17:09 - 2023-09-17 17:09 - 000000000 ____D C:\Users\justc\AppData\Local\mbam 2023-09-17 17:08 - 2023-09-17 17:08 - 000000000 ____D C:\Users\justc\Tracing 2023-09-17 17:07 - 2023-09-17 17:07 - 002606880 _____ (Malwarebytes) C:\Users\justc\Downloads\MBSetup-5.5 (1).exe 2023-09-17 17:07 - 2023-09-17 17:07 - 000000000 ____D C:\ProgramData\Malwarebytes 2023-09-17 17:07 - 2023-09-17 17:07 - 000000000 ____D C:\Program Files\Malwarebytes 2023-09-17 17:06 - 2023-09-17 17:06 - 002606880 _____ (Malwarebytes) C:\Users\justc\Downloads\MBSetup-5.5.exe 2023-09-17 16:54 - 2023-09-17 16:54 - 000000000 ___HD C:$Windows.~WS 2023-09-17 16:49 - 2023-09-17 16:49 - 000000000 _SHDL C:\Documents and Settings 2023-09-17 16:46 - 2023-10-02 13:52 - 000000000 ____D C:\Windows\system32\SleepStudy 2023-09-17 16:46 - 2023-10-02 01:24 - 000008192 ___SH C:\DumpStack.log.tmp 2023-09-17 16:46 - 2023-10-02 01:24 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2023-09-17 16:46 - 2023-09-30 19:11 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2023-09-17 16:46 - 2023-09-28 12:09 - 000439016 _____ C:\Windows\system32\FNTCACHE.DAT 2023-09-17 16:46 - 2023-09-18 08:05 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2023-09-17 16:46 - 2023-09-18 08:05 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2023-09-17 16:46 - 2023-09-17 16:46 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2023-09-17 16:46 - 2023-09-17 16:46 - 000000000 ____D C:\Windows\ServiceProfiles 2023-09-17 16:46 - 2023-09-17 16:08 - 000000000 ____D C:\Windows\system32\Drivers\wd 2023-09-17 16:43 - 2023-09-17 17:08 - 000000000 ____D C:\ESD 2023-09-17 16:21 - 2023-10-01 19:19 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps 2023-09-17 16:12 - 2023-09-17 16:12 - 000000000 ____H C:\Users\justc\Documents\Default.rdp 2023-09-17 16:09 - 2023-09-17 16:09 - 000000000 ____D C:\Users\justc\AppData\Local\OneDrive 2023-09-17 15:58 - 2023-09-17 15:58 - 000002888 _____ C:\Users\justc\Desktop\Child support portal pin.odt 2023-09-17 15:50 - 2023-09-17 15:58 - 000000000 ____D C:\Windows\system32\MRT 2023-09-17 15:46 - 2023-09-17 15:46 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2023-09-17 14:55 - 2023-09-17 14:55 - 000001044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iPool.lnk 2023-09-17 14:55 - 2023-09-17 14:55 - 000000000 ____D C:\Users\Public\Documents\Memir Games 2023-09-17 14:55 - 2023-09-17 14:55 - 000000000 ____D C:\Program Files (x86)\ipool 2023-09-17 14:54 - 2023-09-17 14:54 - 007933240 _____ (Stratician ) C:\Users\justc\Downloads\setup2302.exe 2023-09-17 14:53 - 2023-09-17 14:53 - 000000000 ____D C:\Users\Public\Documents\Stratician Online 2023-09-17 14:52 - 2023-09-17 14:52 - 000001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSnooker.lnk 2023-09-17 14:52 - 2023-09-17 14:52 - 000000000 ____D C:\Program Files (x86)\iSnooker 2023-09-17 14:51 - 2023-09-17 14:51 - 032390920 _____ (Stratician ) C:\Users\justc\Downloads\setup2528.exe 2023-09-17 14:36 - 2023-09-27 17:12 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2023-09-17 14:36 - 2023-09-17 14:36 - 000000000 ____D C:\Users\justc\AppData\Local\Google 2023-09-17 14:36 - 2023-09-17 14:36 - 000000000 ____D C:\Program Files\Google 2023-09-17 14:35 - 2023-10-02 13:46 - 000000000 ____D C:\Program Files (x86)\Google 2023-09-17 14:35 - 2023-09-18 18:41 - 000003790 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{DE2B8264-B4FC-4FEF-AF29-8679B6F43F3B} 2023-09-17 14:35 - 2023-09-18 18:41 - 000003666 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{6BCD498D-EAE8-4972-BEBF-73EDBE3A0D6F} 2023-09-17 14:35 - 2023-09-17 14:35 - 001372712 _____ (Google LLC) C:\Users\justc\Downloads\ChromeSetup.exe 2023-09-17 14:22 - 2023-09-17 15:08 - 000000000 ____D C:\Users\justc\AppData\Local\Comms 2023-09-17 14:10 - 2023-09-17 20:06 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Spelling 2023-09-17 14:08 - 2023-09-29 12:42 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2215749033-445842302-415398914-1001 2023-09-17 14:08 - 2023-09-20 12:48 - 000000000 ____D C:\Users\justc\AppData\Local\PlaceholderTileLogoFolder 2023-09-17 14:08 - 2023-09-17 14:08 - 000000000 ___HD C:\OneDriveTemp 2023-09-17 14:07 - 2023-10-02 11:22 - 000000000 ___RD C:\Users\justc\OneDrive 2023-09-17 14:07 - 2023-09-17 14:07 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2023-09-17 14:05 - 2023-10-02 12:08 - 000000000 ____D C:\Users\justc\AppData\Local\AMD 2023-09-17 14:05 - 2023-10-02 09:48 - 000000000 ____D C:\Users\justc\AppData\Local\Packages 2023-09-17 14:05 - 2023-10-01 18:50 - 000000000 ____D C:\Users\justc\AppData\Roaming\Adobe 2023-09-17 14:05 - 2023-10-01 00:17 - 000000000 ____D C:\Users\justc\AppData\Local\D3DSCache 2023-09-17 14:05 - 2023-09-26 23:46 - 000000000 ____D C:\ProgramData\Packages 2023-09-17 14:05 - 2023-09-23 09:03 - 000000000 __RHD C:\Users\Public\AccountPictures 2023-09-17 14:05 - 2023-09-21 22:28 - 000000000 ____D C:\Users\justc\AppData\Local\ConnectedDevicesPlatform 2023-09-17 14:05 - 2023-09-17 20:06 - 000000000 ___SD C:\Users\justc\AppData\Roaming\Microsoft\Crypto 2023-09-17 14:05 - 2023-09-17 14:05 - 000000000 ___RD C:\Users\justc\3D Objects 2023-09-17 14:05 - 2023-09-17 14:05 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Vault 2023-09-17 14:05 - 2023-09-17 14:05 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Network 2023-09-17 14:05 - 2023-09-17 14:05 - 000000000 ____D C:\Users\justc\AppData\LocalLow\AMD 2023-09-17 14:05 - 2023-09-17 14:05 - 000000000 ____D C:\Users\justc\AppData\Local\VirtualStore 2023-09-17 14:05 - 2023-09-17 14:05 - 000000000 ____D C:\Users\justc\AppData\Local\Publishers 2023-09-17 14:00 - 2023-10-02 01:23 - 000065536 _____ C:\Windows\system32\spu_storage.bin 2023-09-17 14:00 - 2023-09-17 14:00 - 000000000 ___SD C:\Users\justc\AppData\Roaming\Microsoft\SystemCertificates 2023-09-17 14:00 - 2023-09-17 14:00 - 000000000 ____D C:\Windows\system32\AMD 2023-09-17 14:00 - 2023-09-17 14:00 - 000000000 ____D C:\Program Files\AMD 2023-09-17 14:00 - 2020-10-29 16:31 - 000107560 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\amdkmpfd.sys 2023-09-17 13:59 - 2023-10-02 11:24 - 000000000 ____D C:\Users\justc 2023-09-17 13:59 - 2023-09-28 19:29 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Windows 2023-09-17 13:59 - 2023-09-19 14:51 - 000000000 ___SD C:\Users\justc\AppData\Roaming\Microsoft\Credentials 2023-09-17 13:59 - 2023-09-17 13:59 - 000000020 ___SH C:\Users\justc\ntuser.ini 2023-09-17 13:59 - 2023-09-17 13:59 - 000000000 ___SD C:\Users\justc\AppData\Roaming\Microsoft\Protect 2023-09-17 13:59 - 2020-10-29 16:33 - 001783920 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe 2023-09-17 13:59 - 2020-10-29 16:33 - 001783920 _____ C:\Windows\system32\vulkaninfo.exe 2023-09-17 13:59 - 2020-10-29 16:33 - 001374320 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe 2023-09-17 13:59 - 2020-10-29 16:33 - 001374320 _____ C:\Windows\SysWOW64\vulkaninfo.exe 2023-09-17 13:59 - 2020-10-29 16:33 - 001085360 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll 2023-09-17 13:59 - 2020-10-29 16:33 - 001085360 _____ C:\Windows\system32\vulkan-1.dll 2023-09-17 13:59 - 2020-10-29 16:33 - 000944208 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll 2023-09-17 13:59 - 2020-10-29 16:33 - 000944208 _____ C:\Windows\SysWOW64\vulkan-1.dll 2023-09-17 13:59 - 2020-10-29 16:33 - 000736880 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Rapidfire64.dll 2023-09-17 13:59 - 2020-10-29 16:33 - 000046704 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\RapidFireServer64.dll 2023-09-17 13:59 - 2020-10-29 16:33 - 000043632 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 064809072 _____ C:\Windows\system32\amd_comgr.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 053684848 _____ C:\Windows\SysWOW64\amd_comgr32.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 004630640 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 004141168 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 001774192 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 001341552 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 001341552 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000760432 _____ (AMD) C:\Windows\system32\atieclxx.exe 2023-09-17 13:59 - 2020-10-29 16:32 - 000621168 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000496752 _____ C:\Windows\system32\GameManager64.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000493168 _____ C:\Windows\system32\dgtrayicon.exe 2023-09-17 13:59 - 2020-10-29 16:32 - 000468592 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000456304 _____ C:\Windows\system32\atieah64.exe 2023-09-17 13:59 - 2020-10-29 16:32 - 000432752 _____ C:\Windows\system32\EEURestart.exe 2023-09-17 13:59 - 2020-10-29 16:32 - 000380016 _____ C:\Windows\SysWOW64\GameManager32.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000351856 _____ C:\Windows\SysWOW64\atieah32.exe 2023-09-17 13:59 - 2020-10-29 16:32 - 000339568 _____ C:\Windows\system32\clinfo.exe 2023-09-17 13:59 - 2020-10-29 16:32 - 000245360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000213104 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000186992 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000182392 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000167024 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000166512 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000158656 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000156784 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000142448 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000140912 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000135792 _____ (AMD) C:\Windows\system32\atimuixx.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000134768 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000125552 _____ C:\Windows\system32\atidxx64.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000122480 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdxc64.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000120432 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000107632 _____ C:\Windows\SysWOW64\atidxx32.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000107120 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdxc32.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000090736 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mcl64.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000075376 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mcl32.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000070256 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ati2erec.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 071030384 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdhip64.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 001686016 _____ (AMD) C:\Windows\system32\amf-mft-mjpeg-decoder64.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 001365368 _____ (AMD) C:\Windows\SysWOW64\amf-mft-mjpeg-decoder32.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000941168 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000768624 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000553584 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmcl64.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000546800 _____ C:\Windows\system32\amdmiracast.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000489584 _____ C:\Windows\system32\amdgfxinfo64.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000466544 _____ C:\Windows\system32\amdlogum.exe 2023-09-17 13:59 - 2020-10-29 16:31 - 000383600 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmcl32.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000380016 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000198312 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdihk64.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000167400 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdihk32.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000135928 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000130232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000130232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000120264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000108248 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000108248 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll 2023-09-17 13:59 - 2020-10-29 15:29 - 000154384 _____ C:\Windows\system32\samu_krnl_ci.sbin 2023-09-17 13:59 - 2020-10-29 15:29 - 000138832 _____ C:\Windows\system32\samu_krnl_isv_ci.sbin 2023-09-17 13:59 - 2020-10-29 15:29 - 000125488 _____ C:\Windows\system32\kapp_ci.sbin 2023-09-17 13:59 - 2020-10-29 15:29 - 000121168 _____ C:\Windows\system32\kapp_si.sbin 2023-09-17 13:54 - 2023-10-02 01:31 - 000840598 _____ C:\Windows\system32\PerfStringBackup.INI ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2023-10-02 13:46 - 2023-05-05 08:27 - 000000000 ____D C:\Windows\SystemTemp 2023-10-02 12:31 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2023-10-02 01:31 - 2019-12-07 05:13 - 000000000 ____D C:\Windows\INF 2023-10-02 01:23 - 2019-12-07 05:03 - 000524288 _____ C:\Windows\system32\config\BBI 2023-10-02 00:05 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\AppReadiness 2023-10-01 19:42 - 2019-12-07 05:14 - 000000000 ___HD C:\Windows\ELAMBKUP 2023-10-01 19:26 - 2019-12-07 05:14 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar 2023-10-01 19:23 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2023-10-01 19:05 - 2019-12-07 05:14 - 000000000 __SHD C:\Program Files\Windows Sidebar 2023-10-01 07:36 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps 2023-09-29 14:04 - 2019-12-07 05:14 - 000000554 _____ C:\Windows\win.ini 2023-09-28 22:04 - 2019-12-07 05:14 - 000000000 ___SD C:\Windows\Downloaded Program Files 2023-09-28 22:04 - 2019-12-07 05:14 - 000000000 ___RD C:\Windows\Offline Web Pages 2023-09-28 12:45 - 2019-12-07 05:03 - 000065536 _____ C:\Windows\system32\config\ELAM 2023-09-28 12:23 - 2019-12-07 05:03 - 000000000 ____D C:\Windows\CbsTemp 2023-09-28 12:08 - 2019-12-07 05:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2023-09-28 12:08 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\setup 2023-09-28 12:08 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SystemResources 2023-09-28 12:08 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\setup 2023-09-28 12:08 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\oobe 2023-09-28 12:08 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\migwiz 2023-09-28 12:08 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\appraiser 2023-09-28 12:08 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\ShellExperiences 2023-09-28 12:08 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\PolicyDefinitions 2023-09-28 12:08 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\bcastdvr 2023-09-24 15:49 - 2023-05-05 08:22 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\ProjectedFSLib.dll 2023-09-17 22:57 - 2019-12-07 05:14 - 000000000 __RSD C:\Windows\Media 2023-09-17 20:06 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase 2023-09-17 20:06 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\spool 2023-09-17 20:06 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\MsDtc 2023-09-17 20:06 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\ServiceState 2023-09-17 19:01 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata 2023-09-17 19:01 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\WinMetadata 2023-09-17 19:01 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates 2023-09-17 19:00 - 2019-12-07 05:14 - 000000000 ___RD C:\Windows\PrintDialog 2023-09-17 19:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\appcompat 2023-09-17 17:45 - 2019-12-07 05:14 - 000028672 _____ C:\Windows\system32\config\BCD-Template 2023-09-17 17:21 - 2019-12-07 05:03 - 000000000 ____D C:\Windows\servicing 2023-09-17 16:51 - 2019-12-07 05:50 - 000000000 ____D C:\Windows\system32\FxsTmp 2023-09-17 16:08 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Windows Defender 2023-09-17 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\USOPrivate ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AfVpnService; C:\Program Files\Bitdefender\Bitdefender VPN\hydra.sdk.windows.service.exe [439856 2023-06-07] (Bitdefender SRL → AnchorFree Inc.) R2 BDAppSrv; C:\Program Files\Bitdefender\Bitdefender Security App\bdservicehost.exe [842264 2023-09-14] (Bitdefender SRL → Bitdefender) R2 BDAuxSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [842264 2023-09-14] (Bitdefender SRL → Bitdefender) R2 BDProtSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [842264 2023-09-14] (Bitdefender SRL → Bitdefender) R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2946088 2023-07-20] (Bitdefender SRL → Bitdefender) R2 bdredline_agent; C:\Program Files\Bitdefender Agent\redline\bdredline.exe [2560552 2023-07-20] (Bitdefender SRL → Bitdefender) R2 BDSafepaySrv; C:\Program Files\Bitdefender\Bitdefender Security App\Safepay\bdservicehost.exe [842264 2023-09-14] (Bitdefender SRL → Bitdefender) R2 bdvpnservice; C:\Program Files\Bitdefender\Bitdefender VPN\bdvpnservice.exe [474672 2023-08-18] (Bitdefender SRL → Bitdefender) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11817040 2023-09-01] (Microsoft Corporation → Microsoft Corporation) S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncHelper.exe [3511720 2023-09-29] (Microsoft Corporation → Microsoft Corporation) S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.189.0910.0001\OneDriveUpdaterService.exe [3849128 2023-09-29] (Microsoft Corporation → Microsoft Corporation) R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [659496 2023-07-27] (Bitdefender SRL → Bitdefender) R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [288792 2023-09-14] (Bitdefender SRL → Bitdefender) R2 VCUpdateSvc; C:\Program Files\Verizon Cloud\VerizonCloudUpdater.exe [54608 2023-08-25] (Verizon Data Services LLC → Verizon) R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [842264 2023-09-14] (Bitdefender SRL → Bitdefender) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-09-17] (Microsoft Windows Publisher → Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-09-17] (Microsoft Windows Publisher → Microsoft Corporation) R2 Windhawk; C:\Program Files\Windhawk\windhawk.exe [762840 2023-09-17] (Michael Maltsev → Ramen Software) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 atc; C:\Windows\System32\DRIVERS\atc.sys [6205488 2023-08-10] (Microsoft Windows Hardware Compatibility Publisher → Bitdefender S.R.L. Bucharest, ROMANIA) R2 BdDci; C:\Windows\system32\DRIVERS\bddci.sys [798128 2022-09-29] (Microsoft Windows Hardware Compatibility Publisher → Bitdefender) S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [22976 2020-12-17] (Microsoft Windows Early Launch Anti-malware Publisher → Bitdefender) R3 bdprivmon; C:\Windows\system32\DRIVERS\bdprivmon.sys [49200 2023-08-09] (Microsoft Windows Hardware Compatibility Publisher → Bitdefender SRL) S3 bduefiscan; C:\Windows\system32\DRIVERS\bduefiscan.sys [39840 2022-08-12] (Microsoft Windows Hardware Compatibility Publisher → Bitdefender) R1 bdvpn_netfilter; C:\Windows\System32\drivers\bdvpn_netfilter.sys [94600 2021-09-16] (Pango Inc. → Pango Inc) S3 cpuz154; C:\Windows\temp\cpuz154\cpuz154_x64.sys [40976 2023-10-01] (Microsoft Windows Hardware Compatibility Publisher → CPUID) R1 Gemma; C:\Windows\System32\DRIVERS\gemma.sys [1347496 2023-07-12] (Microsoft Windows Hardware Compatibility Publisher → BitDefender S.R.L. Bucharest, ROMANIA) R2 Ignisv2; C:\Windows\system32\DRIVERS\ignisv2.sys [165312 2023-08-06] (Microsoft Windows Hardware Compatibility Publisher → Bitdefender) R3 tap0901; C:\Windows\System32\drivers\tap0901.sys [47920 2021-09-16] (Microsoft Windows Hardware Compatibility Publisher → The OpenVPN Project) R2 trufos; C:\Windows\System32\DRIVERS\trufos.sys [633248 2022-12-07] (Microsoft Windows Hardware Compatibility Publisher → Bitdefender) R0 vlflt; C:\Windows\System32\DRIVERS\vlflt.sys [522136 2023-03-17] (Microsoft Windows Hardware Compatibility Publisher → Bitdefender) S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [55872 2023-09-17] (Microsoft Windows Early Launch Anti-malware Publisher → Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [574872 2023-09-17] (Microsoft Windows → Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105864 2023-09-17] (Microsoft Windows → Microsoft Corporation) S3 AscFileFilter; ??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys S3 AscRegistryFilter; ??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.sys ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2023-10-02 14:06 - 2023-10-02 14:10 - 000039369 _____ C:\Users\justc\Desktop\Addition.txt 2023-10-02 14:01 - 2023-10-02 14:11 - 000058466 _____ C:\Users\justc\Desktop\FRST.txt 2023-10-02 14:01 - 2023-10-02 14:10 - 000000000 ____D C:\FRST 2023-10-02 14:00 - 2023-10-02 14:00 - 002382848 _____ (Farbar) C:\Users\justc\Desktop\FRST64.exe 2023-10-02 12:08 - 2023-10-02 12:08 - 000000000 ____D C:\Users\justc\AppData\Roaming\SnookerQ 2023-10-02 12:07 - 2023-10-02 12:07 - 000001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SnookerQ.lnk 2023-10-02 12:07 - 2023-10-02 12:07 - 000000000 ____D C:\Program Files (x86)\SnookerQ 2023-10-02 12:06 - 2023-10-02 12:06 - 107353130 _____ (SnookerQ Inc. ) C:\Users\justc\Downloads\SnookerQSetup-20230923-0.1.710.exe 2023-10-02 12:05 - 2023-10-02 12:05 - 107353130 _____ (SnookerQ Inc. ) C:\Users\justc\Downloads\SnookerQSetup-20230923-0.1.710 (1).exe 2023-10-02 11:58 - 2023-10-02 11:59 - 107353130 _____ (SnookerQ Inc. ) C:\Users\justc\Desktop\SnookerQSetup-20230923-0.1.710.exe 2023-10-02 11:24 - 2023-10-02 11:24 - 000000000 ____D C:\Users\justc\Verizon Cloud 2023-10-02 09:43 - 2023-10-02 09:43 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\HTML Help 2023-10-02 09:40 - 2023-10-02 09:59 - 000000000 ____D C:\Users\justc\AppData\Roaming\CoreFTP 2023-10-02 09:38 - 2023-10-02 09:38 - 003978758 _____ C:\Users\justc\Desktop\coreftplite64.exe 2023-10-02 09:38 - 2023-10-02 09:38 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Core FTP (x64) 2023-10-02 09:38 - 2023-10-02 09:38 - 000000000 ____D C:\Program Files\CoreFTP 2023-10-02 02:26 - 2023-10-02 02:26 - 000000000 ____D C:\Users\justc\AppData\Local\OO Software 2023-10-02 02:23 - 2023-10-02 02:23 - 000003656 _____ C:\Windows\system32\Tasks\CreateExplorerShellUnelevatedTask 2023-10-02 02:22 - 2023-10-02 02:22 - 000000000 ____D C:\KPRM 2023-10-02 01:27 - 2023-10-02 02:23 - 000000000 ____D C:\Users\justc\AppData\Local\ESET 2023-10-01 19:39 - 2023-10-01 19:39 - 000000000 ____D C:\Users\justc\AppData\Local\CEF 2023-10-01 19:33 - 2023-10-02 01:05 - 000000000 ____D C:\Users\justc\AppData\Roaming\ZHP 2023-10-01 19:19 - 2023-10-01 19:19 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc 2023-10-01 19:07 - 2023-10-01 19:07 - 000000015 _____ C:\Users\justc\advanced_ip_scanner_Comments.bin 2023-10-01 19:07 - 2023-10-01 19:07 - 000000015 _____ C:\Users\justc\advanced_ip_scanner_Aliases.bin 2023-10-01 19:07 - 2023-10-01 19:07 - 000000004 _____ C:\Users\justc\advanced_ip_scanner_MAC.bin 2023-10-01 19:06 - 2023-10-01 19:06 - 000000000 ____D C:\Windows\Tasks\ImCleanDisabled 2023-10-01 19:03 - 2023-10-01 19:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2023-10-01 19:03 - 2023-10-01 19:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskCheckup 2023-10-01 19:03 - 2023-10-01 19:03 - 000000000 ____D C:\Program Files\FileZilla FTP Client 2023-10-01 19:03 - 2023-10-01 19:03 - 000000000 ____D C:\Program Files (x86)\DiskCheckup 2023-10-01 19:02 - 2023-10-01 19:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID 2023-10-01 19:02 - 2023-10-01 19:02 - 000000000 ____D C:\Program Files\CPUID 2023-10-01 19:01 - 2023-10-02 11:42 - 000000000 ____D C:\Program Files\CCleaner 2023-10-01 19:01 - 2023-10-02 01:24 - 000000760 _____ C:\Windows\Tasks\CCleanerCrashReporting.job 2023-10-01 19:01 - 2023-10-01 19:02 - 000003472 _____ C:\Windows\system32\Tasks\CCleanerCrashReporting 2023-10-01 19:01 - 2023-10-01 19:01 - 000003936 _____ C:\Windows\system32\Tasks\CCleaner Update 2023-10-01 19:01 - 2023-10-01 19:01 - 000002904 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC - justc 2023-10-01 19:01 - 2023-10-01 19:01 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk 2023-10-01 19:01 - 2023-10-01 19:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2023-10-01 18:58 - 2023-10-01 18:59 - 000000000 ____D C:\Users\justc\AppData\Roaming\Atom 2023-10-01 18:58 - 2023-10-01 18:59 - 000000000 ____D C:\Users\justc.atom 2023-10-01 18:57 - 2023-10-01 19:19 - 000000000 ____D C:\Users\justc\AppData\Local\atom 2023-10-01 18:57 - 2023-10-01 18:58 - 000000000 ____D C:\Users\justc\AppData\Local\SquirrelTemp 2023-10-01 18:56 - 2023-10-01 19:19 - 000000000 ____D C:\Users\justc\AppData\Roaming\AnyDesk 2023-10-01 18:56 - 2023-10-01 19:19 - 000000000 ____D C:\ProgramData\AnyDesk 2023-10-01 18:56 - 2023-10-01 19:19 - 000000000 ____D C:\Program Files\AnyDesk 2023-10-01 18:55 - 2023-10-01 18:55 - 000001848 _____ C:\Windows\system32\Tasks\Amazon Music Helper 2023-10-01 18:55 - 2023-10-01 18:55 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music 2023-10-01 18:54 - 2023-10-01 18:55 - 000000000 ____D C:\Users\justc\AppData\Local\Amazon Music 2023-10-01 18:51 - 2023-10-02 01:05 - 000000000 ____D C:\ProgramData\IObit 2023-10-01 18:51 - 2023-10-01 23:41 - 000000000 ____D C:\Users\justc\AppData\LocalLow\IObit 2023-10-01 18:51 - 2023-10-01 18:53 - 000000000 ____D C:\Users\justc\AppData\Local\Innovative Solutions 2023-10-01 18:51 - 2023-10-01 18:51 - 000000000 ____D C:\ProgramData\ProductData 2023-10-01 18:51 - 2023-10-01 18:51 - 000000000 ____D C:\ProgramData{7D4F950D-61ED-482D-A05D-43620B49B610} 2023-10-01 18:50 - 2023-10-01 23:41 - 000000000 ____D C:\Program Files (x86)\IObit 2023-10-01 18:50 - 2023-10-01 19:13 - 000000000 ____D C:\Users\justc\AppData\Roaming\IObit 2023-10-01 18:50 - 2023-10-01 18:50 - 000000000 ____D C:\Users\justc\AppData\Local\Adobe 2023-10-01 18:50 - 2023-10-01 18:50 - 000000000 ____D C:\Users\Default\AppData\Roaming\Macromedia 2023-10-01 18:50 - 2023-10-01 18:50 - 000000000 ____D C:\ProgramData\Adobe 2023-10-01 18:48 - 2023-10-01 19:13 - 000000000 ____D C:\Program Files (x86)\Adobe 2023-10-01 18:47 - 2023-10-01 19:39 - 000000000 ____D C:\ProgramData\360Quarant 2023-10-01 18:46 - 2023-10-01 18:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2023-10-01 18:46 - 2023-10-01 18:46 - 000000000 ____D C:\Program Files\7-Zip 2023-10-01 18:44 - 2023-10-02 01:25 - 000000000 ____D C:\Program Files (x86)\360 2023-10-01 18:42 - 2023-10-01 18:42 - 000000000 ____D C:\Users\justc\AppData\Local\Patch_My_PC,_LLC 2023-10-01 02:01 - 2023-10-01 02:01 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2023-10-01 02:01 - 2023-10-01 02:01 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2023-10-01 02:01 - 2023-10-01 02:01 - 000002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2023-10-01 02:01 - 2023-10-01 02:01 - 000002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2023-10-01 02:01 - 2023-10-01 02:01 - 000002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2023-10-01 02:01 - 2023-10-01 02:01 - 000002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2023-10-01 02:01 - 2023-10-01 02:01 - 000002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk 2023-10-01 02:01 - 2023-10-01 02:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2023-10-01 01:13 - 2023-10-01 01:13 - 000000000 ____D C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4 2023-10-01 00:32 - 2023-10-01 00:32 - 000710972 _____ C:\ProgramData\cl.1696134161.bdinstall.v2.bin 2023-10-01 00:32 - 2023-10-01 00:32 - 000120408 _____ C:\ProgramData\cl.kit.1696134156.bdinstall.v2.bin 2023-10-01 00:26 - 2023-10-01 00:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Security 2023-10-01 00:24 - 2023-10-01 00:24 - 000000000 ____D C:\Users\justc\AppData\Roaming\Bitdefender 2023-10-01 00:04 - 2023-10-01 00:04 - 043134544 _____ C:\Users\justc\Downloads\Bitdefender_2023_Uninstall_Tool (3).exe 2023-10-01 00:04 - 2023-10-01 00:04 - 000009988 _____ C:\ProgramData\uninstalltool.1696133085.bdinstall.v2.bin 2023-10-01 00:03 - 2023-10-01 00:04 - 043134544 _____ C:\Users\justc\Downloads\Bitdefender_2023_Uninstall_Tool (2).exe 2023-09-30 19:29 - 2023-09-30 19:29 - 000000000 ____D C:\Windows\system32\Tasks\Meta 2023-09-30 19:28 - 2023-09-30 19:28 - 076637736 _____ (Facebook, Inc.) C:\Users\justc\Downloads\Messenger.196.0.0.4.210.exe 2023-09-30 19:26 - 2023-09-30 19:26 - 002904424 _____ (Opera Software) C:\Users\justc\Downloads\OperaSetup.exe 2023-09-30 18:49 - 2023-09-30 18:49 - 043134544 _____ C:\Users\justc\Downloads\Bitdefender_2023_Uninstall_Tool (1).exe 2023-09-30 18:48 - 2023-09-30 18:49 - 043134544 _____ C:\Users\justc\Downloads\Bitdefender_2023_Uninstall_Tool.exe 2023-09-30 16:26 - 2023-09-30 16:26 - 000000000 ____D C:\Users\justc\Desktop\Missy.Mikes business cards 2023-09-29 16:41 - 2023-09-29 16:42 - 000029018 _____ C:\Users\justc\Downloads\8th Grade Athlete Recognition Night Form (1).pdf 2023-09-29 16:39 - 2023-09-29 16:39 - 000029018 _____ C:\Users\justc\Downloads\8th Grade Athlete Recognition Night Form.pdf 2023-09-29 08:38 - 2023-09-29 08:38 - 000000000 ____D C:\PUB 2023-09-29 08:37 - 2023-09-29 08:50 - 000000054 _____ C:\Windows\Lic.*** 2023-09-29 08:36 - 2023-09-29 08:36 - 000176760 _____ (MicroWorld Technologies Inc.) C:\Windows\SysWOW64\eEmpty.exe 2023-09-29 08:36 - 2023-09-29 08:36 - 000000000 ____D C:\ProgramData\MicroWorld 2023-09-29 08:33 - 2023-09-29 08:34 - 303908928 _____ (MicroWorld Technologies Inc.) C:\Users\justc\Downloads\mwav (4).exe 2023-09-29 08:33 - 2023-09-29 08:34 - 303908928 _____ (MicroWorld Technologies Inc.) C:\Users\justc\Downloads\mwav (3).exe 2023-09-29 08:32 - 2023-09-29 08:32 - 015012420 _____ C:\Users\justc\Downloads\avz5.zip 2023-09-29 08:28 - 2023-09-29 08:28 - 000000396 _____ C:\Users\justc\Downloads\avzfix.txt 2023-09-29 08:20 - 2023-09-29 08:20 - 303908928 _____ (MicroWorld Technologies Inc.) C:\Users\justc\Downloads\mwav (2).exe 2023-09-29 08:18 - 2023-09-29 08:19 - 303908928 _____ (MicroWorld Technologies Inc.) C:\Users\justc\Downloads\mwav (1).exe 2023-09-29 07:54 - 2023-09-29 07:54 - 000000000 ____D C:\Users\justc\AppData\Local\ToastNotificationManagerCompat 2023-09-28 22:23 - 2023-09-28 22:23 - 000000000 ____D C:\Windows\ABR 2023-09-28 22:15 - 2023-09-28 22:15 - 018320588 _____ C:\Users\justc\Downloads\AutoLogger (1).zip 2023-09-28 22:09 - 2023-09-28 22:10 - 000388608 _____ (Trend Micro Inc.) C:\Users\justc\Downloads\HijackThis.exe 2023-09-28 22:09 - 2023-09-28 22:10 - 000388608 _____ (Trend Micro Inc.) C:\Users\justc\Downloads\HijackThis (1).exe 2023-09-28 16:03 - 2023-09-28 16:03 - 001029415 _____ C:\Users\justc\Downloads\RegSeeker47.zip 2023-09-28 13:11 - 2023-09-28 13:11 - 000000000 ____D C:\ProgramData\Hydra Windows SDK 2023-09-28 12:58 - 2023-09-28 12:58 - 000000121 _____ C:\Users\justc\Downloads\backup_codes.txt 2023-09-28 11:29 - 2023-09-28 11:29 - 000016059 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json 2023-09-28 10:57 - 2023-09-28 10:57 - 000000000 ___HD C:$WinREAgent 2023-09-27 22:43 - 2023-09-27 22:43 - 000092200 _____ C:\ProgramData\agent.update.1695869008.bdinstall.v2.bin 2023-09-27 22:42 - 2023-09-27 22:42 - 014026096 _____ C:\Users\justc\Downloads\bitdefender_windows_439a9349-ed46-4358-a035-c15a69ffedf2.exe 2023-09-27 22:19 - 2023-09-27 22:19 - 000213860 _____ C:\ProgramData\vpn.1695867536.bdinstall.v2.bin 2023-09-27 22:19 - 2023-09-27 22:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender VPN 2023-09-27 22:19 - 2023-09-27 22:19 - 000000000 ____D C:\ProgramData\AnchorFree_Inc 2023-09-27 22:19 - 2021-09-16 05:55 - 000094600 _____ (Pango Inc) C:\Windows\system32\Drivers\bdvpn_netfilter.sys 2023-09-27 22:11 - 2023-09-27 22:11 - 000000000 ____D C:\ProgramData\Gemma 2023-09-27 22:11 - 2023-09-27 22:11 - 000000000 ____D C:\ProgramData\Atc 2023-09-27 22:08 - 2023-09-28 19:48 - 000000000 ____D C:\ProgramData\BDLogging 2023-09-27 22:08 - 2023-09-27 22:08 - 000000000 ____D C:\Windows\system32\elambkup 2023-09-27 22:07 - 2023-09-27 22:07 - 000000000 ____D C:\Users\justc\AppData\Roaming\Bitdefender Security App 2023-09-27 22:05 - 2023-10-01 00:42 - 000000000 ____D C:\ProgramData\Bitdefender 2023-09-27 22:05 - 2023-10-01 00:24 - 000000000 ____D C:\Program Files\Bitdefender 2023-09-27 22:00 - 2023-10-01 00:24 - 000000000 ____D C:\Program Files\Common Files\Bitdefender 2023-09-27 21:59 - 2023-09-27 22:43 - 000003854 _____ C:\Windows\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 2023-09-27 21:57 - 2023-09-27 22:43 - 000000000 ____D C:\Program Files\Bitdefender Agent 2023-09-27 21:57 - 2023-09-27 21:57 - 000143364 _____ C:\ProgramData\agent.1695866221.bdinstall.v2.bin 2023-09-27 21:57 - 2023-09-27 21:57 - 000000000 ____D C:\Users\justc\AppData\Local\Bitdefender 2023-09-27 21:57 - 2023-09-27 21:57 - 000000000 ____D C:\ProgramData\Bitdefender Agent 2023-09-27 19:47 - 2023-09-27 19:47 - 014026096 _____ C:\Users\justc\Downloads\bitdefender_avfree.exe 2023-09-26 22:00 - 2023-09-26 22:00 - 001789560 _____ () C:\Users\justc\Downloads\Everything-1.4.1.1024.x86-Setup.exe 2023-09-26 20:32 - 2023-09-26 20:32 - 000000000 ____D C:\Users\justc\Documents\Custom Office Templates 2023-09-26 18:41 - 2023-09-27 17:54 - 000000000 ____D C:\Program Files\HijackThis 2023-09-26 17:16 - 2023-09-26 17:16 - 000290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe 2023-09-26 17:16 - 2023-09-26 17:16 - 000000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA 2023-09-26 10:41 - 2023-09-26 10:41 - 000000000 ____D C:\Program Files\Reference Assemblies 2023-09-26 10:41 - 2023-09-26 10:41 - 000000000 ____D C:\Program Files\MSBuild 2023-09-26 10:41 - 2023-09-26 10:41 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies 2023-09-26 10:41 - 2023-09-26 10:41 - 000000000 ____D C:\Program Files (x86)\MSBuild 2023-09-26 10:05 - 2023-09-26 10:14 - 000000000 ___D C:\Users\justc\AppData\Roaming\Geek Uninstaller 2023-09-26 10:05 - 2023-09-26 10:05 - 002961151 _____ C:\Users\justc\Downloads\geek.zip 2023-09-25 17:05 - 2023-09-25 17:05 - 005252911 _____ C:\Users\justc\Downloads\Fw more piks, couldn’t find none of rusty and bian younger.. tryin to make sure all the kids and g kids and g g kids are in.eml 2023-09-24 16:35 - 2023-09-24 16:35 - 000175687 _____ C:\Users\justc\Downloads\HarrellRaeleigh.pdf 2023-09-24 16:32 - 2023-09-24 16:32 - 022152410 _____ C:\Users\justc\Downloads\champion power washer manual.pdf 2023-09-24 16:30 - 2023-09-24 16:30 - 000000000 ____D C:\Users\justc\AppData\LocalLow\webviewdata 2023-09-24 16:13 - 2023-09-24 16:13 - 000000000 ____D C:\ProgramData\VerizonCloud 2023-09-24 16:12 - 2023-10-01 11:43 - 000000000 ____D C:\Users\justc\AppData\Local\VerizonCloud-Data 2023-09-24 16:12 - 2023-09-24 16:13 - 000000000 ____D C:\Windows\system32\Tasks\VerizonCloud 2023-09-24 16:12 - 2023-09-24 16:12 - 000000000 ____D C:\Users\justc\AppData\Local\IsolatedStorage 2023-09-24 15:49 - 2023-09-24 15:49 - 000002533 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon Cloud.lnk 2023-09-24 15:49 - 2023-09-24 15:49 - 000002521 _____ C:\Users\Public\Desktop\Verizon Cloud.lnk 2023-09-24 15:49 - 2023-09-24 15:49 - 000000000 ____D C:\Program Files\Verizon Cloud 2023-09-24 15:37 - 2023-09-24 15:48 - 028643328 _____ C:\Users\justc\Downloads\pc-vzcloud-install.msi 2023-09-24 14:16 - 2023-09-20 00:16 - 012339253 _____ C:\Users\justc\Desktop\Pool.Snooker (2).zip 2023-09-21 21:48 - 2023-09-21 21:48 - 000000721 _____ C:\Users\justc\Downloads\ATT00001 2023-09-21 20:34 - 2023-09-21 20:34 - 000000000 ____D C:\Users\justc\AppData\Roaming\CDTPL 2023-09-21 20:34 - 2023-09-21 20:34 - 000000000 ____D C:\ProgramData\CDTPL 2023-09-21 20:32 - 2023-09-21 20:33 - 087778968 _____ (SysTools Software Pvt Ltd ) C:\Users\justc\Downloads\pst-converter.exe 2023-09-21 07:33 - 2023-09-21 07:33 - 000002967 _____ C:\Users\justc\Downloads\ATT00001.htm 2023-09-20 09:44 - 2023-09-20 09:44 - 000000000 ____D C:\Windows\system32\RTCOM 2023-09-20 09:44 - 2023-09-20 09:44 - 000000000 ____D C:\Program Files\Waves 2023-09-20 09:44 - 2023-09-20 09:44 - 000000000 ____D C:\Program Files (x86)\Realtek 2023-09-20 09:42 - 2023-09-20 09:44 - 000000000 ____D C:\Windows\SysWOW64\RTCOM 2023-09-20 09:42 - 2023-09-20 09:42 - 000000000 ____D C:\Windows\system32\SRSLabs 2023-09-20 09:42 - 2023-09-20 09:42 - 000000000 ____D C:\Program Files\Realtek 2023-09-20 09:42 - 2017-06-19 04:19 - 005762544 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys 2023-09-20 09:42 - 2017-06-19 04:19 - 003685872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl 2023-09-20 09:42 - 2017-06-19 04:19 - 003545984 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 003541896 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 003213808 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 001373792 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000706472 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000692504 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000545808 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000460424 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000399448 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000355480 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000333272 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000333272 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000232696 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000225480 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000220120 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000203424 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000176456 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000174608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkXInterface64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000161928 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000144168 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000120696 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000097952 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000094152 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000032384 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 013245712 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 013110360 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO4064.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 012129784 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxVoiceAPO30.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 007181592 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 007104872 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 003795400 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioMeters64.exe 2023-09-20 09:42 - 2017-06-19 04:18 - 002320104 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO7064.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 002218480 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 002058864 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 001991768 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 001804920 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 001613696 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 001530848 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 001444232 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 001233064 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 001185168 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 001017424 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000759192 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000742512 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000723208 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000693008 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000517448 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000457992 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000453824 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000342264 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000339112 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000283904 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000264952 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000264880 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000263928 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000212240 _____ (Waves Audio) C:\Windows\system32\MaxxAudioVienna264.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000131008 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll 2023-09-20 09:39 - 2017-10-01 20:13 - 000984032 _____ (Realtek ) C:\Windows\system32\Drivers\rt640x64.sys 2023-09-20 00:15 - 2023-09-20 00:16 - 012339253 _____ C:\Users\justc\Downloads\Pool.Snooker.zip 2023-09-20 00:15 - 2023-09-20 00:16 - 012339253 _____ C:\Users\justc\Downloads\Pool.Snooker (2).zip 2023-09-20 00:15 - 2023-09-20 00:16 - 012339253 _____ C:\Users\justc\Downloads\Pool.Snooker (1).zip 2023-09-19 14:49 - 2023-10-01 23:40 - 000000000 ____D C:\Users\justc\AppData\Local\Messenger 2023-09-19 14:49 - 2023-10-01 23:37 - 000000000 ____D C:\Users\justc\AppData\Roaming\Messenger 2023-09-19 14:49 - 2023-09-19 14:49 - 000002333 _____ C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Messenger.lnk 2023-09-19 14:49 - 2023-09-19 14:49 - 000000000 ____D C:\Users\justc\AppData\LocalLow\Messenger 2023-09-19 14:49 - 2023-09-19 14:49 - 000000000 ____D C:\Users\justc\AppData\Local\messenger-updater 2023-09-19 14:48 - 2023-09-19 14:49 - 076276840 _____ (Facebook, Inc.) C:\Users\justc\Downloads\Messenger.195.0.0.4.225 (1).exe 2023-09-19 14:48 - 2023-09-19 14:48 - 076276840 _____ (Facebook, Inc.) C:\Users\justc\Downloads\Messenger.195.0.0.4.225.exe 2023-09-19 14:34 - 2023-09-19 14:34 - 000000089 _____ C:\Users\justc\Downloads\recovery_codes.txt 2023-09-19 12:51 - 2023-09-19 12:51 - 000136344 _____ C:\Users\justc\Downloads\163217533609.JPEG 2023-09-19 10:16 - 2023-09-19 10:16 - 000006876 _____ C:\Users\justc\Downloads\start2.bin 2023-09-19 09:27 - 2023-10-01 00:17 - 000000000 ____D C:\Program Files\Microsoft OneDrive 2023-09-18 17:13 - 2023-09-18 17:13 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\InputMethod 2023-09-18 13:14 - 2023-09-18 13:14 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\UProof 2023-09-18 13:14 - 2023-09-18 13:14 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Proof 2023-09-17 23:01 - 2023-09-17 23:01 - 000000000 ___HD C:\ProgramData\CanonIJScan 2023-09-17 23:00 - 2023-09-17 23:01 - 000000000 ____D C:\Users\justc\AppData\Roaming\Canon 2023-09-17 22:57 - 2023-09-17 22:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX340 series 2023-09-17 22:57 - 2023-09-17 22:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon IJ Network Utilities 2023-09-17 22:57 - 2023-09-17 22:57 - 000000000 ____D C:\ProgramData\Canon IJ Network Tool 2023-09-17 22:56 - 2023-09-17 22:56 - 000000000 ___HD C:\ProgramData\CanonBJ 2023-09-17 22:56 - 2023-09-17 22:56 - 000000000 ____D C:\Windows\system32\STRING 2023-09-17 22:56 - 2023-09-17 22:56 - 000000000 ____D C:\Windows\system32\CanonIJ Uninstaller Information 2023-09-17 22:56 - 2023-09-17 22:56 - 000000000 ____D C:\Program Files\CanonBJ 2023-09-17 22:56 - 2012-06-14 17:18 - 000366592 _____ (CANON INC.) C:\Windows\SysWOW64\CNMNPPM.DLL 2023-09-17 22:56 - 2012-06-14 17:18 - 000359936 _____ (CANON INC.) C:\Windows\system32\CNMN6PPM.DLL 2023-09-17 22:56 - 2012-06-14 17:18 - 000039424 _____ (CANON INC.) C:\Windows\system32\CNMN6UI.DLL 2023-09-17 22:55 - 2023-09-17 22:55 - 032939648 _____ C:\Users\justc\Downloads\mp68-win-mx340-1_06-ea24.exe 2023-09-17 22:49 - 2023-09-17 22:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities 2023-09-17 22:49 - 2023-09-17 22:57 - 000000000 ____D C:\Program Files (x86)\Canon 2023-09-17 22:48 - 2023-09-17 22:49 - 047823992 _____ C:\Users\justc\Downloads\mpnx_3_1-win-3_14-ej.exe 2023-09-17 21:37 - 2023-10-02 09:50 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Word 2023-09-17 21:37 - 2023-09-29 12:42 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task 2023-09-17 21:37 - 2023-09-29 12:42 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2023-09-17 21:37 - 2023-09-17 21:48 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Office 2023-09-17 21:37 - 2023-09-17 21:37 - 000000000 ___RD C:\Users\Default\OneDrive 2023-09-17 21:37 - 2023-09-17 21:37 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\AddIns 2023-09-17 21:27 - 2023-09-17 21:35 - 000000000 ____D C:\Program Files\Microsoft Office 2023-09-17 21:27 - 2023-09-17 21:27 - 000000000 ____D C:\Program Files\Microsoft Office 15 2023-09-17 21:11 - 2023-10-02 12:48 - 000000000 ____D C:\Users\justc\AppData\Local\CrashDumps 2023-09-17 21:11 - 2023-09-17 21:14 - 000000000 ____D C:\ProgramData\Windhawk 2023-09-17 21:11 - 2023-09-17 21:11 - 000003562 _____ C:\Windows\system32\Tasks\WindhawkUpdateTask 2023-09-17 21:11 - 2023-09-17 21:11 - 000003000 _____ C:\Windows\system32\Tasks\WindhawkRunUITask 2023-09-17 21:11 - 2023-09-17 21:11 - 000001824 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windhawk.lnk 2023-09-17 21:10 - 2023-09-26 10:24 - 000000000 ____D C:\Users\justc\AppData\LocalLow\Temp 2023-09-17 21:09 - 2023-09-17 21:11 - 000000000 ____D C:\Program Files\Windhawk 2023-09-17 21:08 - 2023-09-17 21:09 - 129469224 _____ (Ramen Software) C:\Users\justc\Downloads\windhawk_setup.exe 2023-09-17 20:55 - 2023-09-17 21:34 - 000000000 ___HD C:$WINDOWS.~BT 2023-09-17 19:45 - 2023-09-17 19:45 - 000000000 ____D C:\Users\justc\AppData\Local\ElevatedDiagnostics 2023-09-17 19:17 - 2023-09-17 19:22 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\MMC 2023-09-17 17:45 - 2023-09-19 23:29 - 000000000 ____D C:\Windows\Panther 2023-09-17 17:33 - 2023-09-17 17:38 - 000000000 ____D C:\Users\justc\Documents\malwarebytes license key 2023-09-17 17:27 - 2023-09-17 21:34 - 000001908 _____ C:\Windows\diagwrn.xml 2023-09-17 17:27 - 2023-09-17 21:34 - 000001908 _____ C:\Windows\diagerr.xml 2023-09-17 17:09 - 2023-09-17 17:09 - 000000000 ____D C:\Users\justc\AppData\Local\mbam 2023-09-17 17:08 - 2023-09-17 17:08 - 000000000 ____D C:\Users\justc\Tracing 2023-09-17 17:07 - 2023-09-17 17:07 - 002606880 _____ (Malwarebytes) C:\Users\justc\Downloads\MBSetup-5.5 (1).exe 2023-09-17 17:07 - 2023-09-17 17:07 - 000000000 ____D C:\ProgramData\Malwarebytes 2023-09-17 17:07 - 2023-09-17 17:07 - 000000000 ____D C:\Program Files\Malwarebytes 2023-09-17 17:06 - 2023-09-17 17:06 - 002606880 _____ (Malwarebytes) C:\Users\justc\Downloads\MBSetup-5.5.exe 2023-09-17 16:54 - 2023-09-17 16:54 - 000000000 ___HD C:$Windows.~WS 2023-09-17 16:49 - 2023-09-17 16:49 - 000000000 _SHDL C:\Documents and Settings 2023-09-17 16:46 - 2023-10-02 13:52 - 000000000 ____D C:\Windows\system32\SleepStudy 2023-09-17 16:46 - 2023-10-02 01:24 - 000008192 ___SH C:\DumpStack.log.tmp 2023-09-17 16:46 - 2023-10-02 01:24 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2023-09-17 16:46 - 2023-09-30 19:11 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2023-09-17 16:46 - 2023-09-28 12:09 - 000439016 _____ C:\Windows\system32\FNTCACHE.DAT 2023-09-17 16:46 - 2023-09-18 08:05 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2023-09-17 16:46 - 2023-09-18 08:05 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2023-09-17 16:46 - 2023-09-17 16:46 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2023-09-17 16:46 - 2023-09-17 16:46 - 000000000 ____D C:\Windows\ServiceProfiles 2023-09-17 16:46 - 2023-09-17 16:08 - 000000000 ____D C:\Windows\system32\Drivers\wd 2023-09-17 16:43 - 2023-09-17 17:08 - 000000000 ____D C:\ESD 2023-09-17 16:21 - 2023-10-01 19:19 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps 2023-09-17 16:12 - 2023-09-17 16:12 - 000000000 ____H C:\Users\justc\Documents\Default.rdp 2023-09-17 16:09 - 2023-09-17 16:09 - 000000000 ____D C:\Users\justc\AppData\Local\OneDrive 2023-09-17 15:58 - 2023-09-17 15:58 - 000002888 _____ C:\Users\justc\Desktop\Child support portal pin.odt 2023-09-17 15:50 - 2023-09-17 15:58 - 000000000 ____D C:\Windows\system32\MRT 2023-09-17 15:46 - 2023-09-17 15:46 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2023-09-17 14:55 - 2023-09-17 14:55 - 000001044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iPool.lnk 2023-09-17 14:55 - 2023-09-17 14:55 - 000000000 ____D C:\Users\Public\Documents\Memir Games 2023-09-17 14:55 - 2023-09-17 14:55 - 000000000 ____D C:\Program Files (x86)\ipool 2023-09-17 14:54 - 2023-09-17 14:54 - 007933240 _____ (Stratician ) C:\Users\justc\Downloads\setup2302.exe 2023-09-17 14:53 - 2023-09-17 14:53 - 000000000 ____D C:\Users\Public\Documents\Stratician Online 2023-09-17 14:52 - 2023-09-17 14:52 - 000001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSnooker.lnk 2023-09-17 14:52 - 2023-09-17 14:52 - 000000000 ____D C:\Program Files (x86)\iSnooker 2023-09-17 14:51 - 2023-09-17 14:51 - 032390920 _____ (Stratician ) C:\Users\justc\Downloads\setup2528.exe 2023-09-17 14:36 - 2023-09-27 17:12 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2023-09-17 14:36 - 2023-09-17 14:36 - 000000000 ____D C:\Users\justc\AppData\Local\Google 2023-09-17 14:36 - 2023-09-17 14:36 - 000000000 ____D C:\Program Files\Google 2023-09-17 14:35 - 2023-10-02 13:46 - 000000000 ____D C:\Program Files (x86)\Google 2023-09-17 14:35 - 2023-09-18 18:41 - 000003790 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{DE2B8264-B4FC-4FEF-AF29-8679B6F43F3B} 2023-09-17 14:35 - 2023-09-18 18:41 - 000003666 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{6BCD498D-EAE8-4972-BEBF-73EDBE3A0D6F} 2023-09-17 14:35 - 2023-09-17 14:35 - 001372712 _____ (Google LLC) C:\Users\justc\Downloads\ChromeSetup.exe 2023-09-17 14:22 - 2023-09-17 15:08 - 000000000 ____D C:\Users\justc\AppData\Local\Comms 2023-09-17 14:10 - 2023-09-17 20:06 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Spelling 2023-09-17 14:08 - 2023-09-29 12:42 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2215749033-445842302-415398914-1001 2023-09-17 14:08 - 2023-09-20 12:48 - 000000000 ____D C:\Users\justc\AppData\Local\PlaceholderTileLogoFolder 2023-09-17 14:08 - 2023-09-17 14:08 - 000000000 ___HD C:\OneDriveTemp 2023-09-17 14:07 - 2023-10-02 11:22 - 000000000 ___RD C:\Users\justc\OneDrive 2023-09-17 14:07 - 2023-09-17 14:07 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2023-09-17 14:05 - 2023-10-02 12:08 - 000000000 ____D C:\Users\justc\AppData\Local\AMD 2023-09-17 14:05 - 2023-10-02 09:48 - 000000000 ____D C:\Users\justc\AppData\Local\Packages 2023-09-17 14:05 - 2023-10-01 18:50 - 000000000 ____D C:\Users\justc\AppData\Roaming\Adobe 2023-09-17 14:05 - 2023-10-01 00:17 - 000000000 ____D C:\Users\justc\AppData\Local\D3DSCache 2023-09-17 14:05 - 2023-09-26 23:46 - 000000000 ____D C:\ProgramData\Packages 2023-09-17 14:05 - 2023-09-23 09:03 - 000000000 __RHD C:\Users\Public\AccountPictures 2023-09-17 14:05 - 2023-09-21 22:28 - 000000000 ____D C:\Users\justc\AppData\Local\ConnectedDevicesPlatform 2023-09-17 14:05 - 2023-09-17 20:06 - 000000000 ___SD C:\Users\justc\AppData\Roaming\Microsoft\Crypto 2023-09-17 14:05 - 2023-09-17 14:05 - 000000000 ___RD C:\Users\justc\3D Objects 2023-09-17 14:05 - 2023-09-17 14:05 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Vault 2023-09-17 14:05 - 2023-09-17 14:05 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Network 2023-09-17 14:05 - 2023-09-17 14:05 - 000000000 ____D C:\Users\justc\AppData\LocalLow\AMD 2023-09-17 14:05 - 2023-09-17 14:05 - 000000000 ____D C:\Users\justc\AppData\Local\VirtualStore 2023-09-17 14:05 - 2023-09-17 14:05 - 000000000 ____D C:\Users\justc\AppData\Local\Publishers 2023-09-17 14:00 - 2023-10-02 01:23 - 000065536 _____ C:\Windows\system32\spu_storage.bin 2023-09-17 14:00 - 2023-09-17 14:00 - 000000000 ___SD C:\Users\justc\AppData\Roaming\Microsoft\SystemCertificates 2023-09-17 14:00 - 2023-09-17 14:00 - 000000000 ____D C:\Windows\system32\AMD 2023-09-17 14:00 - 2023-09-17 14:00 - 000000000 ____D C:\Program Files\AMD 2023-09-17 14:00 - 2020-10-29 16:31 - 000107560 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\amdkmpfd.sys 2023-09-17 13:59 - 2023-10-02 11:24 - 000000000 ____D C:\Users\justc 2023-09-17 13:59 - 2023-09-28 19:29 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Windows 2023-09-17 13:59 - 2023-09-19 14:51 - 000000000 ___SD C:\Users\justc\AppData\Roaming\Microsoft\Credentials 2023-09-17 13:59 - 2023-09-17 13:59 - 000000020 ___SH C:\Users\justc\ntuser.ini 2023-09-17 13:59 - 2023-09-17 13:59 - 000000000 ___SD C:\Users\justc\AppData\Roaming\Microsoft\Protect 2023-09-17 13:59 - 2020-10-29 16:33 - 001783920 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe 2023-09-17 13:59 - 2020-10-29 16:33 - 001783920 _____ C:\Windows\system32\vulkaninfo.exe 2023-09-17 13:59 - 2020-10-29 16:33 - 001374320 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe 2023-09-17 13:59 - 2020-10-29 16:33 - 001374320 _____ C:\Windows\SysWOW64\vulkaninfo.exe 2023-09-17 13:59 - 2020-10-29 16:33 - 001085360 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll 2023-09-17 13:59 - 2020-10-29 16:33 - 001085360 _____ C:\Windows\system32\vulkan-1.dll 2023-09-17 13:59 - 2020-10-29 16:33 - 000944208 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll 2023-09-17 13:59 - 2020-10-29 16:33 - 000944208 _____ C:\Windows\SysWOW64\vulkan-1.dll 2023-09-17 13:59 - 2020-10-29 16:33 - 000736880 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Rapidfire64.dll 2023-09-17 13:59 - 2020-10-29 16:33 - 000046704 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\RapidFireServer64.dll 2023-09-17 13:59 - 2020-10-29 16:33 - 000043632 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 064809072 _____ C:\Windows\system32\amd_comgr.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 053684848 _____ C:\Windows\SysWOW64\amd_comgr32.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 004630640 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 004141168 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 001774192 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 001341552 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 001341552 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000760432 _____ (AMD) C:\Windows\system32\atieclxx.exe 2023-09-17 13:59 - 2020-10-29 16:32 - 000621168 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000496752 _____ C:\Windows\system32\GameManager64.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000493168 _____ C:\Windows\system32\dgtrayicon.exe 2023-09-17 13:59 - 2020-10-29 16:32 - 000468592 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000456304 _____ C:\Windows\system32\atieah64.exe 2023-09-17 13:59 - 2020-10-29 16:32 - 000432752 _____ C:\Windows\system32\EEURestart.exe 2023-09-17 13:59 - 2020-10-29 16:32 - 000380016 _____ C:\Windows\SysWOW64\GameManager32.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000351856 _____ C:\Windows\SysWOW64\atieah32.exe 2023-09-17 13:59 - 2020-10-29 16:32 - 000339568 _____ C:\Windows\system32\clinfo.exe 2023-09-17 13:59 - 2020-10-29 16:32 - 000245360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000213104 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000186992 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000182392 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000167024 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000166512 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000158656 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000156784 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000142448 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000140912 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000135792 _____ (AMD) C:\Windows\system32\atimuixx.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000134768 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000125552 _____ C:\Windows\system32\atidxx64.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000122480 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdxc64.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000120432 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000107632 _____ C:\Windows\SysWOW64\atidxx32.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000107120 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdxc32.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000090736 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mcl64.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000075376 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mcl32.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000070256 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ati2erec.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 071030384 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdhip64.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 001686016 _____ (AMD) C:\Windows\system32\amf-mft-mjpeg-decoder64.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 001365368 _____ (AMD) C:\Windows\SysWOW64\amf-mft-mjpeg-decoder32.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000941168 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000768624 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000553584 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmcl64.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000546800 _____ C:\Windows\system32\amdmiracast.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000489584 _____ C:\Windows\system32\amdgfxinfo64.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000466544 _____ C:\Windows\system32\amdlogum.exe 2023-09-17 13:59 - 2020-10-29 16:31 - 000383600 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmcl32.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000380016 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000198312 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdihk64.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000167400 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdihk32.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000135928 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000130232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000130232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000120264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000108248 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000108248 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll 2023-09-17 13:59 - 2020-10-29 15:29 - 000154384 _____ C:\Windows\system32\samu_krnl_ci.sbin 2023-09-17 13:59 - 2020-10-29 15:29 - 000138832 _____ C:\Windows\system32\samu_krnl_isv_ci.sbin 2023-09-17 13:59 - 2020-10-29 15:29 - 000125488 _____ C:\Windows\system32\kapp_ci.sbin 2023-09-17 13:59 - 2020-10-29 15:29 - 000121168 _____ C:\Windows\system32\kapp_si.sbin 2023-09-17 13:54 - 2023-10-02 01:31 - 000840598 _____ C:\Windows\system32\PerfStringBackup.INI ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2023-10-02 14:10 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2023-10-02 13:46 - 2023-05-05 08:27 - 000000000 ____D C:\Windows\SystemTemp 2023-10-02 01:31 - 2019-12-07 05:13 - 000000000 ____D C:\Windows\INF 2023-10-02 01:23 - 2019-12-07 05:03 - 000524288 _____ C:\Windows\system32\config\BBI 2023-10-02 00:05 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\AppReadiness 2023-10-01 19:42 - 2019-12-07 05:14 - 000000000 ___HD C:\Windows\ELAMBKUP 2023-10-01 19:26 - 2019-12-07 05:14 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar 2023-10-01 19:23 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2023-10-01 19:05 - 2019-12-07 05:14 - 000000000 __SHD C:\Program Files\Windows Sidebar 2023-10-01 07:36 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps 2023-09-29 14:04 - 2019-12-07 05:14 - 000000554 _____ C:\Windows\win.ini 2023-09-28 22:04 - 2019-12-07 05:14 - 000000000 ___SD C:\Windows\Downloaded Program Files 2023-09-28 22:04 - 2019-12-07 05:14 - 000000000 ___RD C:\Windows\Offline Web Pages 2023-09-28 12:45 - 2019-12-07 05:03 - 000065536 _____ C:\Windows\system32\config\ELAM 2023-09-28 12:23 - 2019-12-07 05:03 - 000000000 ____D C:\Windows\CbsTemp 2023-09-28 12:08 - 2019-12-07 05:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2023-09-28 12:08 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\setup 2023-09-28 12:08 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SystemResources 2023-09-28 12:08 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\setup 2023-09-28 12:08 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\oobe 2023-09-28 12:08 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\migwiz 2023-09-28 12:08 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\appraiser 2023-09-28 12:08 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\ShellExperiences 2023-09-28 12:08 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\PolicyDefinitions 2023-09-28 12:08 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\bcastdvr 2023-09-24 15:49 - 2023-05-05 08:22 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\ProjectedFSLib.dll 2023-09-17 22:57 - 2019-12-07 05:14 - 000000000 __RSD C:\Windows\Media 2023-09-17 20:06 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase 2023-09-17 20:06 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\spool 2023-09-17 20:06 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\MsDtc 2023-09-17 20:06 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\ServiceState 2023-09-17 19:01 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata 2023-09-17 19:01 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\WinMetadata 2023-09-17 19:01 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates 2023-09-17 19:00 - 2019-12-07 05:14 - 000000000 ___RD C:\Windows\PrintDialog 2023-09-17 19:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\appcompat 2023-09-17 17:45 - 2019-12-07 05:14 - 000028672 _____ C:\Windows\system32\config\BCD-Template 2023-09-17 17:21 - 2019-12-07 05:03 - 000000000 ____D C:\Windows\servicing 2023-09-17 16:51 - 2019-12-07 05:50 - 000000000 ____D C:\Windows\system32\FxsTmp 2023-09-17 16:08 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Windows Defender 2023-09-17 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\USOPrivate ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== [HEADING=1]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-09-2023 Ran by justc (02-10-2023 14:13:20) Running from C:\Users\justc\Desktop Microsoft Windows 10 Home Version 22H2 19045.3516 (X64) (2023-09-17 20:49:53) Boot Mode: Normal[/HEADING] ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-2215749033-445842302-415398914-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2215749033-445842302-415398914-503 - Limited - Disabled) Guest (S-1-5-21-2215749033-445842302-415398914-501 - Limited - Disabled) justc (S-1-5-21-2215749033-445842302-415398914-1001 - Administrator - Enabled) => C:\Users\justc WDAGUtilityAccount (S-1-5-21-2215749033-445842302-415398914-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Bitdefender Antivirus (Enabled - Up to date) {F4F8BE4F-D893-2EB2-F208-1A2FF1A396CA} FW: Bitdefender Firewall (Enabled) {CCC33F6A-92FC-2FEA-D957-B31A0F70D1B1} ==================== Installed Programs ====================== (Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 23.01 (x64 edition) (HKLM...{23170F69-40C1-2702-2301-000001000000}) (Version: 23.01.00.0 - Igor Pavlov) Amazon Music (HKU\S-1-5-21-2215749033-445842302-415398914-1001...\Amazon Amazon Music) (Version: 9.4.3.2420 - Amazon.com Services LLC) Bitdefender Agent (HKLM...\Bitdefender Agent) (Version: 27.0.1.259 - Bitdefender) Bitdefender Total Security (HKLM...\Bitdefender) (Version: 27.0.20.105 - Bitdefender) Bitdefender VPN (HKLM...\Bitdefender VPN) (Version: 26.0.2.1 - Bitdefender) Canon IJ Network Scan Utility (HKLM-x32...\Canon_IJ_Network_Scan_UTILITY) (Version: - ) Canon IJ Network Tool (HKLM-x32...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.) Canon MP Navigator EX 3.1 (HKLM-x32...\MP Navigator EX 3.1) (Version: - ) Canon MX340 series MP Drivers (HKLM...{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version: - Canon Inc.) CCleaner (HKLM...\CCleaner) (Version: 6.16 - Piriform) Core FTP LE (x64) (HKLM-x32...\CoreFTP(x64)) (Version: - ) CPUID CPU-Z 2.08 (HKLM...\CPUID CPU-Z_is1) (Version: 2.08 - CPUID, Inc.) DiskCheckup (HKLM-x32...\DiskCheckup_is1) (Version: 3.5.1004.0 - PassMark Software) FileZilla 3.65.0 (HKLM-x32...\FileZilla Client) (Version: 3.65.0 - Tim Kosse) Gmail (HKU\S-1-5-21-2215749033-445842302-415398914-1001...\ec710934cdfffbee268692b010a82ad8) (Version: 1.0 - Google\Chrome) Google Chrome (HKLM-x32...\Google Chrome) (Version: 117.0.5938.132 - Google LLC) Google Drive (HKU\S-1-5-21-2215749033-445842302-415398914-1001...\b4857df16d6bf9d14b9f21735bbf7cef) (Version: 1.0 - Google\Chrome) iPool version 2.3.02 (01) (HKLM-x32...{BE5FCCBF-5CBB-487E-AC94-882028E1448C}_is1) (Version: 2.3.02 (01) - Stratician) Maxx Audio Installer (x64) (HKLM...{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.9060.3 - Waves Audio Ltd.) Hidden Messenger (HKU\S-1-5-21-2215749033-445842302-415398914-1001...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 197.0.521392868 - Facebook, Inc.) Microsoft 365 - en-us (HKLM...\O365HomePremRetail - en-us) (Version: 16.0.16731.20234 - Microsoft Corporation) Microsoft Edge (HKLM-x32...\Microsoft Edge) (Version: 117.0.2045.47 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32...\Microsoft EdgeWebView) (Version: 117.0.2045.47 - Microsoft Corporation) Microsoft OneDrive (HKLM...\OneDriveSetup.exe) (Version: 23.189.0910.0001 - Microsoft Corporation) Microsoft Update Health Tools (HKLM...{2953E19B-9F91-4A49-A23B-7E25970A1951}) (Version: 3.73.0.0 - Microsoft Corporation) Office 16 Click-to-Run Licensing Component (HKLM...{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden Realtek High Definition Audio Driver (HKLM-x32...{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8142 - Realtek Semiconductor Corp.) Sheets (HKU\S-1-5-21-2215749033-445842302-415398914-1001...\fcad59d48b6d7f9ac4f8bbdef83897fc) (Version: 1.0 - Google\Chrome) Slides (HKU\S-1-5-21-2215749033-445842302-415398914-1001...\8b71f6b19323d84d678abe6631527c30) (Version: 1.0 - Google\Chrome) SnookerQ version 0.1.710 (HKLM-x32...{45190E74-5CE1-4CF3-9F65-D73F7E69F658}_is1) (Version: 0.1.710 - SnookerQ Inc.) Verizon Cloud (HKLM...{048202BC-F4E7-4AB2-A130-EC887A3C9675}) (Version: 23.9.0.17 - Verizon Wireless) Windhawk v1.3.1 (HKLM-x32...\Windhawk) (Version: 1.3.1 - Ramen Software) YouTube (HKU\S-1-5-21-2215749033-445842302-415398914-1001...\254b4d2813518435f94a19dffc5552cc) (Version: 1.0 - Google\Chrome) [HEADING=1]Packages:[/HEADING] Cortana → C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-09-20] (Microsoft Corporation) Microsoft Defender → C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2309.1001.0_x64__8wekyb3d8bbwe [2023-09-25] (Microsoft Corporation) [Startup Task] Microsoft Remote Desktop → C:\Program Files\WindowsApps\Microsoft.RemoteDesktop_10.2.3012.0_x64__8wekyb3d8bbwe [2023-09-18] (Microsoft Corporation) Outlook for Windows → C:\Program Files\WindowsApps\Microsoft.OutlookForWindows_1.2023.920.900_x64__8wekyb3d8bbwe [2023-10-01] (Microsoft Corporation) Photos Media Engine Add-on → C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2023-09-19] (Microsoft Corporation) Solitaire & Casual Games → C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.8180.0_x64__8wekyb3d8bbwe [2023-09-18] (Microsoft Studios) [MS Ad] Spotify Music → C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0 [2023-09-28] (Spotify AB) [Startup Task] ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2215749033-445842302-415398914-1001_Classes\CLSID{00654f73-86a8-425c-b3a0-038200133493} → [Verizon Cloud] => C:\Users\justc\Verizon Cloud [2023-10-02 11:24] CustomCLSID: HKU\S-1-5-21-2215749033-445842302-415398914-1001_Classes\CLSID{84ff2f8e-2440-1caf-3148-f3d0fdd19ec8}\localserver32 → C:\Program Files\Verizon Cloud\Verizon Cloud.exe (Verizon Data Services LLC → Verizon) ShellIconOverlayIdentifiers: [ OneDrive1] → {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-29] (Microsoft Corporation → Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive2] → {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-29] (Microsoft Corporation → Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive3] → {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-29] (Microsoft Corporation → Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive4] → {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-29] (Microsoft Corporation → Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive5] → {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-29] (Microsoft Corporation → Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive6] → {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-29] (Microsoft Corporation → Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive7] → {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-29] (Microsoft Corporation → Microsoft Corporation) ShellIconOverlayIdentifiers: [ SncrOverlays (Cloud)] → {DC39D95E-101B-4B3B-BF18-D1B4D6584A79} => C:\Program Files\Verizon Cloud\Sncr.Cloud.Windows.Extensions.dll [2023-08-25] (Verizon Data Services LLC → Synchronoss Technologies Inc.) ShellIconOverlayIdentifiers: [ SncrOverlays (InSync)] → {5F4A6070-DB92-4C56-A487-F3850430608F} => C:\Program Files\Verizon Cloud\Sncr.Cloud.Windows.Extensions.dll [2023-08-25] (Verizon Data Services LLC → Synchronoss Technologies Inc.) ShellIconOverlayIdentifiers: [ SncrOverlays (Paused)] → {DC20B35F-DF4A-4783-B48E-7EB2496E5858} => C:\Program Files\Verizon Cloud\Sncr.Cloud.Windows.Extensions.dll [2023-08-25] (Verizon Data Services LLC → Synchronoss Technologies Inc.) ShellIconOverlayIdentifiers: [ SncrOverlays (Syncing)] → {28CDCD88-B179-49D6-8B21-1A9AF9C0AE13} => C:\Program Files\Verizon Cloud\Sncr.Cloud.Windows.Extensions.dll [2023-08-25] (Verizon Data Services LLC → Synchronoss Technologies Inc.) ShellIconOverlayIdentifiers-x32: [ OneDrive1] → {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-29] (Microsoft Corporation → Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive2] → {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-29] (Microsoft Corporation → Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive3] → {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-29] (Microsoft Corporation → Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive4] → {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-29] (Microsoft Corporation → Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive5] → {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-29] (Microsoft Corporation → Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive6] → {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-29] (Microsoft Corporation → Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive7] → {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-29] (Microsoft Corporation → Microsoft Corporation) ContextMenuHandlers1: [ FileSyncEx] → {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-29] (Microsoft Corporation → Microsoft Corporation) ContextMenuHandlers1: [7-Zip] → {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [AIMP] → {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files\AIMP\System\aimp_menu64.dll → No File ContextMenuHandlers4: [ FileSyncEx] → {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-29] (Microsoft Corporation → Microsoft Corporation) ContextMenuHandlers4: [7-Zip] → {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed] ContextMenuHandlers4: [AIMP] → {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files\AIMP\System\aimp_menu64.dll → No File ContextMenuHandlers5: [ FileSyncEx] → {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-29] (Microsoft Corporation → Microsoft Corporation) ContextMenuHandlers6: [7-Zip] → {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed] ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Web Applications_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm\Gmail.lnk → C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) → --profile-directory=Default --app-id=fmgjjmmmlfnkbppncabfkddbjimcfncm ShortcutWithArgument: C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk → C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) → --profile-directory=Default --app-id=fmgjjmmmlfnkbppncabfkddbjimcfncm ShortcutWithArgument: C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk → C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) → --profile-directory=Default --app-id=aghbiahbpaijignceidepookljebhfak ShortcutWithArgument: C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk → C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) → --profile-directory=Default --app-id=fhihpiojkbmbpdjeoajapmgkhlnakfjf ShortcutWithArgument: C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk → C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) → --profile-directory=Default --app-id=kefjledonklijopmnomlcbpllchaibag ShortcutWithArgument: C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk → C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) → --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml ShortcutWithArgument: C:\Users\justc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\188f5ec9d11ded56\Profile 2 - Edge.lnk → C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) → --profile-directory=“Profile 1” ==================== Loaded Modules (Whitelisted) ============= 2023-09-17 21:14 - 2023-09-17 21:10 - 001989632 _____ () [File not signed] C:\ProgramData\Windhawk\Engine\Mods\64\libc++.dll 2023-09-17 21:14 - 2023-09-17 21:10 - 000207872 _____ () [File not signed] C:\ProgramData\Windhawk\Engine\Mods\64\libunwind.dll 2023-09-17 21:14 - 2023-09-17 21:14 - 000107008 _____ () [File not signed] C:\ProgramData\Windhawk\Engine\Mods\64\taskbar-volume-control_906859.dll 2023-09-17 22:57 - 2010-08-23 09:09 - 000019456 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNSU_ENU.DLL 2023-09-17 22:56 - 2012-06-14 17:18 - 000359936 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNMN6PPM.DLL 2023-10-01 18:55 - 2020-04-02 12:15 - 002266624 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\justc\AppData\Local\Amazon Music\QtCore4.dll 2023-10-01 18:55 - 2020-04-02 12:25 - 006267392 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\justc\AppData\Local\Amazon Music\QtGui4.dll 2023-10-01 18:55 - 2020-04-02 12:16 - 000802816 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\justc\AppData\Local\Amazon Music\QtNetwork4.dll 2023-06-20 13:00 - 2023-06-20 13:00 - 000101376 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\justc\Desktop\coreftplite64.exe:BDU [0] AlternateDataStreams: C:\Users\justc\Desktop\FRST64.exe:BDU [0] AlternateDataStreams: C:\Users\justc\Desktop\SnookerQSetup-20230923-0.1.710.exe:BDU [0] AlternateDataStreams: C:\Users\justc\Downloads\HijackThis (1).exe:BDU [0] AlternateDataStreams: C:\Users\justc\Downloads\HijackThis.exe:BDU [0] AlternateDataStreams: C:\Users\justc\Downloads\mwav (1).exe:BDU [0] AlternateDataStreams: C:\Users\justc\Downloads\mwav (2).exe:BDU [0] AlternateDataStreams: C:\Users\justc\Downloads\mwav (3).exe:BDU [0] AlternateDataStreams: C:\Users\justc\Downloads\mwav (4).exe:BDU [0] AlternateDataStreams: C:\Users\justc\Downloads\SnookerQSetup-20230923-0.1.710 (1).exe:BDU [0] AlternateDataStreams: C:\Users\justc\Downloads\SnookerQSetup-20230923-0.1.710.exe:BDU [0] ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = SearchScopes: HKU\S-1-5-21-2215749033-445842302-415398914-1001 → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Bitdefender Anti-tracker → {159ff5d5-55f1-4d2f-b706-767a55f77abb} → C:\Program Files\Bitdefender\Bitdefender Security App\bdtrackerstbie.dll [2023-09-14] (Bitdefender SRL → Bitdefender) BHO-x32: Bitdefender Anti-tracker → {159ff5d5-55f1-4d2f-b706-767a55f77abb} → C:\Program Files\Bitdefender\Bitdefender Security App\antispam32\bdtrackerstbie.dll [2023-09-14] (Bitdefender SRL → Bitdefender) BHO-x32: Skype for Business Browser Helper → {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-09-17] (Microsoft Corporation → Microsoft Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation → Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation → Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation → Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation → Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation → Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation → Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation → Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation → Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2023-09-28 13:11 - 2023-09-28 13:11 - 000000030 _____ C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2215749033-445842302-415398914-1001\Control Panel\Desktop\Wallpaper → C:\Users\justc\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\FB_IMG_1695310969664.jpg DNS Servers: 206.225.75.225 - 206.225.75.226 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKU\S-1-5-21-2215749033-445842302-415398914-1001...\StartupApproved\Run: => “com.messenger” ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{C4710974-CC66-4DAC-97DC-46ECFBC87C84}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation → Microsoft Corporation) FirewallRules: [{741555FC-DBAA-4C45-A05A-1E7ED50921DE}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC → Google LLC) FirewallRules: [{9C70B3D9-4163-45F2-BB1E-80A218AB6FA5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.105.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.) FirewallRules: [{A098CECC-0C8E-43DF-8F81-DD6FEC47E2DB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.105.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.) FirewallRules: [{A53BB836-73A3-46B6-AE43-0F6BB347CCC7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.105.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.) FirewallRules: [{D40E672E-77C1-474E-AE8D-25E049463306}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.105.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.) FirewallRules: [{C519C431-D7FA-47F7-B31C-A3773756A330}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd) FirewallRules: [{3529C841-0699-48F1-9392-62FCDB29338F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd) FirewallRules: [{CC1A9CE4-27CB-413A-B441-DF41E6BF490B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd) FirewallRules: [{2F27A253-A690-40F8-A867-F8101C5EBC94}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd) FirewallRules: [{698331DC-2151-4F02-A95A-6AFC66526A05}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd) FirewallRules: [{28E51699-9D8B-4A31-BA74-9502484D2128}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd) FirewallRules: [{56C4A4C8-5687-4973-8290-AFE65B4933B6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd) FirewallRules: [{A2FD3422-AB33-44A9-A28B-4F37BC2EE2D3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd) FirewallRules: [{50AC0D2F-C593-4FA9-8A8A-96F1C34A2769}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd) FirewallRules: [{E0E182FE-304E-47F5-BB65-265475E3F851}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd) FirewallRules: [{63C41ED2-E777-4D45-BD43-094C58BBC865}] => (Allow) C:\Program Files\AnyDesk\AnyDesk.exe => No File FirewallRules: [{22B4A548-0BF6-4BDB-B1D8-28349A3EBCC1}] => (Allow) C:\Program Files\AnyDesk\AnyDesk.exe => No File FirewallRules: [{AE3179F4-1077-4F2B-B6D6-D4D02C5E96D4}] => (Allow) C:\Program Files\AnyDesk\AnyDesk.exe => No File FirewallRules: [{7AAF1ACB-7D2B-4512-8601-3ED45AD199C9}] => (Allow) C:\Program Files\AnyDesk\AnyDesk.exe => No File FirewallRules: [{1A2B3F20-2182-4AA3-9B76-397614D71878}] => (Allow) C:\Program Files (x86)\360\Total Security\360TsLiveUpd.exe => No File FirewallRules: [{C1B756DA-5FC9-4230-8BB9-E5442F9F7837}] => (Allow) C:\Program Files (x86)\360\Total Security\360TsLiveUpd.exe => No File FirewallRules: [{4DED4035-696D-4339-8855-7585E7EAE911}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe (Microsoft Corporation → Microsoft Corporation) ==================== Restore Points ========================= 02-10-2023 02:24:05 KpRm ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== [HEADING=1]Application errors:[/HEADING] Error: (10/02/2023 12:48:12 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: snookerq.exe, version: 0.0.0.0, time stamp: 0x650f5faf Faulting module name: OpenAL32.dll, version: 1.20.1.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x000247d3 Faulting process id: 0x3650 Faulting application start time: 0x01d9f54fcc2328ed Faulting application path: C:\Program Files (x86)\SnookerQ\snookerq.exe Faulting module path: C:\Program Files (x86)\SnookerQ\OpenAL32.dll Report Id: 780b34e3-b393-4f31-8b6f-905028b53de9 Faulting package full name: Faulting package-relative application ID: Error: (10/02/2023 12:45:03 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: snookerq.exe, version: 0.0.0.0, time stamp: 0x650f5faf Faulting module name: OpenAL32.dll, version: 1.20.1.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x000247d3 Faulting process id: 0x2934 Faulting application start time: 0x01d9f54f0f0cd3f2 Faulting application path: C:\Program Files (x86)\SnookerQ\snookerq.exe Faulting module path: C:\Program Files (x86)\SnookerQ\OpenAL32.dll Report Id: 0128cbe3-2d0d-458d-818e-c1a2e9b6ea22 Faulting package full name: Faulting package-relative application ID: Error: (10/02/2023 12:39:46 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: snookerq.exe, version: 0.0.0.0, time stamp: 0x650f5faf Faulting module name: OpenAL32.dll, version: 1.20.1.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x000247d3 Faulting process id: 0x2ce8 Faulting application start time: 0x01d9f54ab367fccc Faulting application path: C:\Program Files (x86)\SnookerQ\snookerq.exe Faulting module path: C:\Program Files (x86)\SnookerQ\OpenAL32.dll Report Id: 7b9a846f-a71d-4d7e-89d7-ce2c2f6e21b9 Faulting package full name: Faulting package-relative application ID: Error: (10/02/2023 11:44:29 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program CCleaner64.exe version 6.16.0.10662 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 4598 Start Time: 01d9f54715f17fd8 Termination Time: 4294967295 Application Path: C:\Program Files\CCleaner\CCleaner64.exe Report Id: ce3a7024-a81f-44e3-867c-0bf1221114ae Faulting package full name: Faulting package-relative application ID: Hang type: Top level window is idle Error: (10/02/2023 11:44:24 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program CCleaner64.exe version 6.16.0.10662 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1934 Start Time: 01d9f5470ee74fdc Termination Time: 4294967295 Application Path: C:\Program Files\CCleaner\CCleaner64.exe Report Id: 3691cc42-0727-4a1c-b05b-766598319a76 Faulting package full name: Faulting package-relative application ID: Hang type: Top level window is idle Error: (10/02/2023 01:02:59 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary 360FsFlt mini-filter driver. System Error: The system cannot find the file specified. . Error: (10/01/2023 07:42:12 PM) (Source: SecurityCenter) (EventID: 17) (User: ) Description: Security Center failed to validate caller with error %1. Error: (10/01/2023 07:33:32 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: explorer.exe, version: 10.0.19041.3516, time stamp: 0xbf6d7543 Faulting module name: ucrtbase.dll, version: 10.0.19041.789, time stamp: 0x2bd748bf Exception code: 0xc0000409 Fault offset: 0x000000000007286e Faulting process id: 0x4478 Faulting application start time: 0x01d9f4b917d3cc66 Faulting application path: C:\Windows\explorer.exe Faulting module path: C:\Windows\System32\ucrtbase.dll Report Id: d6784a37-8dad-4d7e-a3ff-fa16f9d0c008 Faulting package full name: Faulting package-relative application ID: [HEADING=1]System errors:[/HEADING] Error: (10/02/2023 01:31:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (10/02/2023 01:31:20 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: ??\C:\Users\justc\AppData\Local\Temp\ehdrv.sys Error: (10/02/2023 01:31:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (10/02/2023 01:31:20 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: ??\C:\Users\justc\AppData\Local\Temp\ehdrv.sys Error: (10/02/2023 01:31:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (10/02/2023 01:31:19 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: ??\C:\Users\justc\AppData\Local\Temp\ehdrv.sys Error: (10/02/2023 01:31:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (10/02/2023 01:31:19 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: ??\C:\Users\justc\AppData\Local\Temp\ehdrv.sys [HEADING=1]Windows Defender:[/HEADING] Date: 2023-09-26 23:38:44 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Wacatac.H!ml&threatid=2147814524&enterprise=0 Name: Trojan:Script/Wacatac.H!ml Severity: Severe Category: Trojan Path: containerfile:_C:\Users\justc\Downloads\AutoLogger.zip; file:_C:\Users\justc\Desktop\AutoLogger.exe; file:_C:\Users\justc\Downloads\AutoLogger.zip->AutoLogger.exe; webfile:_C:\Users\justc\Downloads\AutoLogger.zip|https://tools.safezone.cc/drongo/AutoLogger/AutoLogger.zip|pid:11360,ProcessStart:133402595159320135 Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Windows\explorer.exe Security intelligence Version: AV: 1.397.1626.0, AS: 1.397.1626.0, NIS: 1.397.1626.0 Engine Version: AM: 1.1.23080.2005, NIS: 1.1.23080.2005 Date: 2023-09-26 23:38:05 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Wacatac.H!ml&threatid=2147814524&enterprise=0 Name: Trojan:Script/Wacatac.H!ml Severity: Severe Category: Trojan Path: file:_C:\Users\justc\Desktop\AutoLogger.exe Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Windows\explorer.exe Security intelligence Version: AV: 1.397.1626.0, AS: 1.397.1626.0, NIS: 1.397.1626.0 Engine Version: AM: 1.1.23080.2005, NIS: 1.1.23080.2005 Date: 2023-09-26 23:38:05 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Wacatac.H!ml&threatid=2147814524&enterprise=0 Name: Trojan:Script/Wacatac.H!ml Severity: Severe Category: Trojan Path: file:_C:\Users\justc\Desktop\AutoLogger.exe; process:_pid:8452,ProcessStart:133402593126878071; process:_pid:9684,ProcessStart:133402592130541598 Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Windows\System32\RuntimeBroker.exe Security intelligence Version: AV: 1.397.1626.0, AS: 1.397.1626.0, NIS: 1.397.1626.0 Engine Version: AM: 1.1.23080.2005, NIS: 1.1.23080.2005 Date: 2023-09-26 23:37:57 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Wacatac.H!ml&threatid=2147814524&enterprise=0 Name: Trojan:Script/Wacatac.H!ml Severity: Severe Category: Trojan Path: file:_C:\Users\justc\Desktop\AutoLogger.exe; process:_pid:8452,ProcessStart:133402593126878071; process:_pid:9684,ProcessStart:133402592130541598 Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Users\justc\Desktop\AutoLogger.exe Security intelligence Version: AV: 1.397.1626.0, AS: 1.397.1626.0, NIS: 1.397.1626.0 Engine Version: AM: 1.1.23080.2005, NIS: 1.1.23080.2005 Date: 2023-09-26 23:37:51 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Wacatac.H!ml&threatid=2147814524&enterprise=0 Name: Trojan:Script/Wacatac.H!ml Severity: Severe Category: Trojan Path: file:_C:\Users\justc\Desktop\AutoLogger.exe; process:_pid:8452,ProcessStart:133402593126878071; process:_pid:9684,ProcessStart:133402592130541598 Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Users\justc\Desktop\AutoLogger.exe Security intelligence Version: AV: 1.397.1626.0, AS: 1.397.1626.0, NIS: 1.397.1626.0 Engine Version: AM: 1.1.23080.2005, NIS: 1.1.23080.2005 Event[0]: Date: 2023-09-26 10:29:56 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: 1.397.1595.0 Previous security intelligence Version: 1.397.1128.0 Update Source: User Security intelligence Type: AntiSpyware Update Type: Delta Current Engine Version: 1.1.23080.2005 Previous Engine Version: 1.1.23080.2005 Error code: 0x80509004 Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Date: 2023-09-26 10:29:56 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: 1.397.1595.0 Previous security intelligence Version: 1.397.1128.0 Update Source: User Security intelligence Type: AntiVirus Update Type: Delta Current Engine Version: 1.1.23080.2005 Previous Engine Version: 1.1.23080.2005 Error code: 0x80509004 Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Date: 2023-09-26 10:26:33 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.397.1128.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.23080.2005 Error code: 0x80240022 Error description: The program can’t check for definition updates. Date: 2023-09-26 10:26:33 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.397.1128.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.23080.2005 Error code: 0x80240022 Error description: The program can’t check for definition updates. [HEADING=1]CodeIntegrity:[/HEADING] Date: 2023-10-02 14:00:25 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Windhawk\Engine\1.3.1\64\windhawk.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: Dell Inc. 4.3.0 08/10/2016 Motherboard: Dell Inc. 03PYWR Processor: AMD A8-7410 APU with AMD Radeon R5 Graphics Percentage of memory in use: 46% Total physical RAM: 15297.18 MB Available physical RAM: 8171.26 MB Total Virtual: 17601.18 MB Available Virtual: 9090.39 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:930.65 GB) (Free:873.76 GB) (Model: WD Blue SA510 2.5 1000GB) NTFS Drive e: (Audio CD) (CDROM) (Total:0 GB) (Free:0 GB) CDFS \?\Volume{856a1e7d-aa4b-48b9-9ea4-b0bba75d5bc8}\ () (Fixed) (Total:0.75 GB) (Free:0.28 GB) NTFS \?\Volume{29ef0c2e-dd39-4f66-9048-d5dd6009a5c3}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt =======================Comment
-
Frst is incompleteComment
-
Strange, I hit ‘select all’ copied it. I’m running it again. I already got rid of the .txtOriginally posted by MalnutritionComment
-
jUstcAllmEdOc:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2023
Code:Ran by justc (administrator) on DESKTOP-OKFJGL4 (Dell Inc. Inspiron 24-3455) (02-10-2023 15:55:43) Running from C:\Users\justc\Desktop\FRST64.exe Loaded Profiles: justc Platform: Microsoft Windows 10 Home Version 22H2 19045.3516 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (C:\Program Files\Bitdefender Agent\ProductAgentService.exe ->) (Bitdefender SRL → Bitdefender) C:\Program Files\Bitdefender Agent\27.0.1.259_0\DiscoverySrv.exe (C:\Program Files\Bitdefender\Bitdefender Security App\bdservicehost.exe ->) (Bitdefender SRL → Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security App\bdagent.exe (C:\Program Files\Bitdefender\Bitdefender Security App\bdservicehost.exe ->) (Bitdefender SRL → Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security App\bdwtxag.exe (C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe ->) (Bitdefender SRL → Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdntwrk.exe (C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe ->) (Bitdefender SRL → Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bduserhost.exe <4> (C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe ->) (S.C. BITDEFENDER S.R.L. → Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\wsccommunicator.exe (C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. → Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <4> (C:\Program Files\Verizon Cloud\Verizon Cloud.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe <6> (C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23082.131.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23082.131.0_x64__8wekyb3d8bbwe\YourPhoneAppProxy.exe (Canon Inc. → CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (DriverStore\FileRepository\u0360470.inf_amd64_35c64671e7fac064\B360357\atiesrxx.exe ->) (Advanced Micro Devices, Inc. → AMD) C:\Windows\System32\DriverStore\FileRepository\u0360470.inf_amd64_35c64671e7fac064\B360357\atieclxx.exe (explorer.exe ->) (Google LLC → Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <19> (explorer.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <11> (explorer.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe (explorer.exe ->) (Realtek Semiconductor Corp. → Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (explorer.exe ->) (Skype Software Sarl → Skype Technologies S.A.) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.105.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe <6> (explorer.exe ->) (Verizon Data Services LLC → Verizon) C:\Program Files\Verizon Cloud\Verizon Cloud.exe (explorer.exe ->) (Waves Inc → Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe (Google LLC → Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe (Google LLC → Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe (PIRIFORM SOFTWARE LIMITED → Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe (services.exe ->) (Advanced Micro Devices, Inc. → AMD) C:\Windows\System32\DriverStore\FileRepository\u0360470.inf_amd64_35c64671e7fac064\B360357\atiesrxx.exe (services.exe ->) (Bitdefender SRL → AnchorFree Inc.) C:\Program Files\Bitdefender\Bitdefender VPN\Hydra.Sdk.Windows.Service.exe (services.exe ->) (Bitdefender SRL → Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe (services.exe ->) (Bitdefender SRL → Bitdefender) C:\Program Files\Bitdefender Agent\redline\bdredline.exe (services.exe ->) (Bitdefender SRL → Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security App\bdservicehost.exe (services.exe ->) (Bitdefender SRL → Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security App\Safepay\bdservicehost.exe (services.exe ->) (Bitdefender SRL → Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe <3> (services.exe ->) (Bitdefender SRL → Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe (services.exe ->) (Bitdefender SRL → Bitdefender) C:\Program Files\Bitdefender\Bitdefender VPN\bdvpnService.exe (services.exe ->) (Bitdefender SRL → Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe (services.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Qualcomm Atheros → Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe (services.exe ->) (Realtek Semiconductor Corp. → Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (services.exe ->) (Verizon Data Services LLC → Verizon) C:\Program Files\Verizon Cloud\VerizonCloudUpdater.exe (services.exe ->) (Waves Inc → Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe (svchost.exe ->) (Amazon.com Services LLC → Amazon.com Services LLC) C:\Users\justc\AppData\Local\Amazon Music\Amazon Music Helper.exe (svchost.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileCoAuth.exe (svchost.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21580.0_x64__8wekyb3d8bbwe\HxOutlook.exe (svchost.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21580.0_x64__8wekyb3d8bbwe\HxTsr.exe (svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\dllhost.exe (svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235440 2017-06-19] (Realtek Semiconductor Corp. → Realtek Semiconductor) HKLM...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1494000 2017-06-19] (Realtek Semiconductor Corp. → Realtek Semiconductor) HKLM...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1494000 2017-06-19] (Realtek Semiconductor Corp. → Realtek Semiconductor) HKLM...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [723928 2017-01-26] (Waves Inc → Waves Audio Ltd.) HKLM...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender Security App\bdagent.exe [1062424 2023-09-14] (Bitdefender SRL → Bitdefender) HKLM-x32...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (Canon Inc. → CANON INC.) HKU\S-1-5-21-2215749033-445842302-415398914-1001...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2586640 2023-09-29] (Microsoft Corporation → Microsoft Corporation) HKU\S-1-5-21-2215749033-445842302-415398914-1001...\Run: [MicrosoftEdgeAutoLaunch_46C0173F98CBD0BEB36BBC1DDC54FE9A] => “C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe” --no-startup-window --win-session-start /prefetch:5 [4210216 2023-09-29] (Microsoft Corporation → Microsoft Corporation) HKU\S-1-5-21-2215749033-445842302-415398914-1001...\Run: [com.verizon.verizoncloud] => C:\Program Files\Verizon Cloud\Verizon Cloud.exe [8991568 2023-08-25] (Verizon Data Services LLC → Verizon) HKU\S-1-5-21-2215749033-445842302-415398914-1001...\Run: [com.messenger] => C:\Users\justc\AppData\Local\Programs\Messenger\Messenger.exe messenger://openAtLogin (No File) HKU\S-1-5-21-2215749033-445842302-415398914-1001...\Run: [Amazon Music Helper] => C:\Users\justc\AppData\Local\Amazon Music\Amazon Music Helper.exe [2107496 2023-04-12] (Amazon.com Services LLC → Amazon.com Services LLC) HKU\S-1-5-21-2215749033-445842302-415398914-1001...\Run: [GoogleChromeAutoLaunch_B364DB4262BB88E80B8C959641DD7ACE] => “C:\Program Files\Google\Chrome\Application\chrome.exe” --no-startup-window /prefetch:5 [3242272 2023-09-27] (Google LLC → Google LLC) HKU\S-1-5-21-2215749033-445842302-415398914-1001...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [42614688 2023-09-08] (PIRIFORM SOFTWARE LIMITED → Piriform Software Ltd) HKLM...\Windows x64\Print Processors\Canon MX340 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDA5.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher → CANON INC.) HKLM...\Print\Monitors\Canon BJ Language Monitor MX340 series: C:\Windows\system32\CNMLMA5.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher → CANON INC.) HKLM...\Print\Monitors\Canon BJNP Port: C:\Windows\system32\CNMN6PPM.DLL [359936 2012-06-14] (CANON INC.) [File not signed] HKLM...\Print\Monitors\Canon MP FAX Language Monitor MX340 series: C:\Windows\system32\CNCF2Lk.DLL [343552 2009-10-22] (Microsoft Windows Hardware Compatibility Publisher → Canon Inc.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] → C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\chrmstp.exe [2023-09-27] (Google LLC → Google LLC) ==================== Scheduled Tasks (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {7C773FC8-3237-4148-9B0B-4358A3960877} - System32\Tasks\Amazon Music Helper => C:\Users\justc\AppData\Local\Amazon Music\Amazon Music Helper.exe [2107496 2023-04-12] (Amazon.com Services LLC → Amazon.com Services LLC) Task: {B5673D04-8BD3-45A4-8ADE-237CE62BC243} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\27.0.1.259_0\WatchDog.exe [937000 2023-07-27] (Bitdefender SRL → Bitdefender) Task: {38E68DA7-BDC1-45BC-B6F1-E1340C9BF565} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2023-09-08] (PIRIFORM SOFTWARE LIMITED → Piriform Software Ltd) Task: {93365B83-1068-4600-A7E2-0FA633A6FC88} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2023-09-08] (PIRIFORM SOFTWARE LIMITED → Piriform Software) → --product 90 --send dumps|report --path “C:\Program Files\CCleaner\LOG” --programpath “C:\Program Files\CCleaner” --configpath “C:\Program Files\CCleaner\Setup” --guid “331ffa93-1f39-4a84-927a-41c6fb770b18” --version “6.16.10662” --silent Task: {BBBE75CE-C415-4859-B21E-6762426C71B1} - System32\Tasks\CCleanerSkipUAC - justc => C:\Program Files\CCleaner\CCleaner.exe [35675552 2023-09-08] (PIRIFORM SOFTWARE LIMITED → Piriform Software Ltd) Task: {4EC19EEF-BD4F-457C-B099-18AED5C8ED68} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\Explorer.exe [5329280 2023-09-28] (Microsoft Windows → Microsoft Corporation) Task: {6EA4340F-4DCB-4548-8010-72A3DDCAED67} - System32\Tasks\GoogleUpdateTaskMachineCore{6BCD498D-EAE8-4972-BEBF-73EDBE3A0D6F} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162072 2023-09-17] (Google LLC → Google LLC) Task: {8A99C8CB-E11D-414D-AAE3-C816090ED3FF} - System32\Tasks\GoogleUpdateTaskMachineUA{DE2B8264-B4FC-4FEF-AF29-8679B6F43F3B} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162072 2023-09-17] (Google LLC → Google LLC) Task: {E5EAE20A-AF40-4737-B2E6-D8834FFED2DC} - System32\Tasks\Meta\Messenger-SL-Helper-S-1-5-21-2215749033-445842302-415398914-1001 => C:\Users\justc\AppData\Local\Programs\Messenger\MessengerHelper.exe [2265336 2023-09-28] (Facebook, Inc. → Meta Platforms, Inc.) Task: {D521675D-8F95-43CD-B315-9FA40D55AE56} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation → Microsoft Corporation) Task: {C7FB92B1-FEB1-41DC-8A5F-C6F4D1962BA0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation → Microsoft Corporation) Task: {1A636F8D-8343-48C2-8703-6C5231D4A8D2} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-17] (Microsoft Corporation → Microsoft Corporation) Task: {A49083BF-7448-42A3-9649-32DE1D6A76DD} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-17] (Microsoft Corporation → Microsoft Corporation) Task: {07E94C3F-2761-421D-8832-06510B21C5ED} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-09-17] (Microsoft Corporation → Microsoft Corporation) Task: {7666593B-5016-485B-B8DC-427AB9403CC3} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130824 2023-09-29] (Microsoft Corporation → Microsoft Corporation) Task: {BDA65BBA-3279-4AFD-A9DE-FB3351CA4145} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2215749033-445842302-415398914-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130824 2023-09-29] (Microsoft Corporation → Microsoft Corporation) Task: {16F7FE9F-3E7B-421D-8E20-2ED726C9B4E8} - System32\Tasks\VerizonCloud\APMPublisherTask => C:\Program Files\Verizon Cloud\Verizon Cloud.exe [8991568 2023-08-25] (Verizon Data Services LLC → Verizon) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 206.225.75.225 206.225.75.226 Tcpip..\Interfaces{2f15d8f0-b3d3-43cd-9cdd-a6a029120f11}: [NameServer] 198.51.100.1 Tcpip..\Interfaces{2f15d8f0-b3d3-43cd-9cdd-a6a029120f11}: [DhcpNameServer] 8.8.8.8 Tcpip..\Interfaces{732b5a0e-6a0a-43bc-9969-18d77e06b00a}: [DhcpNameServer] 206.225.75.225 206.225.75.226 [HEADING=1]Edge:[/HEADING] Edge DefaultProfile: Default Edge Profile: C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default [2023-10-02] Edge HomePage: Default → hxxps://besthomepageever.com/ Edge StartupUrls: Default → “hxxps://www.foxnews.com/”,“hxxps://besthomepageever.com/” Edge NewTab: Default → Not-active:“chrome-extension://pnjcioekgpbcdgcnklcnmihpgjjimgoc/newTab.html” Edge DefaultSearchURL: Default → hxxps://duckduckgo.com/?q={searchTerms} Edge DefaultSearchKeyword: Default → duckduckgo.com Edge DefaultNewTabURL: Default → hxxps://duckduckgo.com/chrome_newtab Edge DefaultSuggestURL: Default → hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list Edge Extension: (Avira Safe Shopping) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caiblelclndcckfafdaggpephhgfpoip [2023-10-01] Edge Extension: (DuckDuckGo) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caoacbimdbbljakfhgikoodekdnlcgpk [2023-09-26] Edge Extension: (Hulu PIP) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cjnnojbahbfmbhhpkcoihncbojdlhbnj [2023-09-17] Edge Extension: (Picture-in-Picture Everywhere) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cmnlinjalaieggoebkmamaphjghpafhn [2023-09-17] Edge Extension: (Grammarly: Grammar Checker and AI Writing App) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cnlefmmeadmemmdciolhbnfeacpdfbkd [2023-09-23] Edge Extension: (Bitdefender Anti-tracker) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dbconhplchnbippmjabbcedokimacfjl [2023-10-01] Edge Extension: (URL Safety) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ennmhlikbaeahooaiaeanhcdddgibkoi [2023-09-29] Edge Extension: (Browsec VPN - Free VPN for Edge) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fjnehcbecaggobjholekjijaaekbnlgj [2023-09-29] Edge Extension: (NordVPN - VPN Proxy for Privacy and Security) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fphgeikpdcdcheaochkhldmnfblfogla [2023-09-20] Edge Extension: (Google Docs Offline) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-19] Edge Extension: (Office - Enable Copy and Paste) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ifbmcpbgkhlpfcodhjhdbllhiaomkdej [2023-09-29] Edge Extension: (Malwarebytes Browser Guard) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-09-20] Edge Extension: (Chrome Remote Desktop) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2023-09-17] Edge Extension: (Netflix Picture in Picture now for Prime & D+) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jkmakgpojigahjdalffbkimpnpabelio [2023-09-17] Edge Extension: (Edge relevant text changes) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-19] Edge Extension: (ZenMate Free VPN – Best VPN for Edge) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kepdippgcikacmcdaijnponnfgljfbea [2023-09-20] Edge Extension: (Microsoft Outlook) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kkpalkknhlklpbflpcpkepmmbnmfailf [2023-09-20] Edge Extension: (Tubi Ad Skipper | Ad Blocker) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\loiiabknhcakflegiolohkabmacjicbc [2023-09-21] Edge Extension: (Paramount Plus Picture In Picture) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mfmgdailbkanbdajodjgmgncbeflcnci [2023-09-17] Edge Extension: (uBlock Origin) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2023-09-23] Edge Extension: (UltraWide Streaming: custom fullscreen ratios) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ofkcbakkpjefjndcmbkokadbmmaimnlp [2023-09-20] Edge Extension: (Browsec VPN - Free VPN for Chrome) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2023-09-29] Edge Extension: (iCloud Passwords) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pejdijmoenmkgeppbflobdenhhabjlaj [2023-09-26] Edge Extension: (Hulu Ad Skipper | Ad Blocker) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pgpdfnkeeppfohmophlpcfmciioeenig [2023-09-28] Edge Profile: C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2023-10-02] Edge HomePage: Profile 1 → hxxps://besthomepageever.com/ Edge StartupUrls: Profile 1 → “hxxps://www.foxnews.com/”,“hxxps://besthomepageever.com/” Edge Extension: (Hulu PIP) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\cjnnojbahbfmbhhpkcoihncbojdlhbnj [2023-09-17] Edge Extension: (Picture-in-Picture Everywhere) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\cmnlinjalaieggoebkmamaphjghpafhn [2023-09-17] Edge Extension: (Grammarly: Grammar Checker and AI Writing App) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\cnlefmmeadmemmdciolhbnfeacpdfbkd [2023-09-17] Edge Extension: (Free VPN ZenMate-Best VPN for Chrome) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2023-09-17] Edge Extension: (Chrome Remote Desktop) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2023-09-17] Edge Extension: (Netflix Picture in Picture now for Prime & D+) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\jkmakgpojigahjdalffbkimpnpabelio [2023-09-17] Edge Extension: (ZenMate Free VPN – Best VPN for Edge) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\kepdippgcikacmcdaijnponnfgljfbea [2023-09-17] Edge Extension: (Norton Password Manager) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\lcccdlklhahfmobgpnilndimkankpnkg [2023-09-17] Edge Extension: (Paramount Plus Picture In Picture) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\mfmgdailbkanbdajodjgmgncbeflcnci [2023-09-17] Edge Extension: (uBlock Origin) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2023-09-17] Edge Extension: (iCloud Passwords) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\pejdijmoenmkgeppbflobdenhhabjlaj [2023-09-17] Edge Extension: (Hulu Ad Skipper | Ad Blocker) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\pgpdfnkeeppfohmophlpcfmciioeenig [2023-09-17] Edge Extension: (Best Homepage Ever UK - New Tab Quick Launch) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\pnjcioekgpbcdgcnklcnmihpgjjimgoc [2023-09-17] Edge HKLM-x32...\Edge\Extension: [dbconhplchnbippmjabbcedokimacfjl] [HEADING=1]FireFox:[/HEADING] FF HKLM...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security App\bdtbext FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security App\bdtbext [2023-09-21] [Legacy] [not signed] FF HKLM-x32...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security App\bdtbext FF Plugin: @microsoft.com/SharePoint,version=14.0 → C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-09-17] (Microsoft Corporation → Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-09-17] (Microsoft Corporation → Microsoft Corporation) [HEADING=1]Chrome:[/HEADING] CHR DefaultProfile: Default CHR Profile: C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default [2023-10-02] CHR Notifications: Default → hxxps://pchelpforum.net; hxxps://www.facebook.com; hxxps://www.youtube.com CHR HomePage: Default → hxxps://besthomepageever.com/ CHR StartupUrls: Default → “hxxps://www.foxnews.com/”,“hxxps://besthomepageever.com/” CHR NewTab: Default → Active:“chrome-extension://omdkehkdnojcndhhilglklegbakenkgb/newTab.html” CHR DefaultSearchURL: Default → hxxps://www.bing.com/search?q={searchTerms}&PC=U316&FORM=CHROMN CHR DefaultSearchKeyword: Default → bing.com CHR DefaultNewTabURL: Default → hxxps://www.bing.com/chrome/newtab CHR DefaultSuggestURL: Default → hxxps://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316 CHR Extension: (DuckDuckGo) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2023-09-26] CHR Extension: (Hulu PIP) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjnnojbahbfmbhhpkcoihncbojdlhbnj [2023-09-17] CHR Extension: (uBlock Origin) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2023-09-23] CHR Extension: (URL Safety) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ennmhlikbaeahooaiaeanhcdddgibkoi [2023-09-29] CHR Extension: (Free VPN ZenMate-Best VPN for Chrome) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2023-09-17] CHR Extension: (Google Docs Offline) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-17] CHR Extension: (Picture-in-Picture Extension (by Google)) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgfoiooedgoejojocmhlaklaeopbecg [2023-09-17] CHR Extension: (Office - Enable Copy and Paste) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbmcpbgkhlpfcodhjhdbllhiaomkdej [2023-09-19] CHR Extension: (Malwarebytes Browser Guard) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-09-21] CHR Extension: (Chrome Remote Desktop) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2023-09-17] CHR Extension: (Netflix Picture in Picture now for Prime & D+) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkmakgpojigahjdalffbkimpnpabelio [2023-09-17] CHR Extension: (Grammarly: Grammar Checker and AI Writing App) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2023-10-01] CHR Extension: (Bitdefender Anti-tracker) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\khndhdhbebhaddchcgnalcjlaekbbeof [2023-10-01] CHR Extension: (Sea Foam) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lahipjfggmgneaopcckkaipmoandaboo [2023-09-17] CHR Extension: (Paramount Plus Picture In Picture) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfmgdailbkanbdajodjgmgncbeflcnci [2023-09-17] CHR Extension: (Chrome Web Store Payments) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-09-17] CHR Extension: (Best Homepage Ever - New Tab Quick Launch) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdkehkdnojcndhhilglklegbakenkgb [2023-10-02] CHR Extension: (iCloud Passwords) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pejdijmoenmkgeppbflobdenhhabjlaj [2023-09-26] CHR Extension: (Hulu Ad Skipper | Ad Blocker) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgpdfnkeeppfohmophlpcfmciioeenig [2023-09-28] CHR Profile: C:\Users\justc\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-10-02] CHR Extension: (Google Docs Offline) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-02] CHR Extension: (Bitdefender Anti-tracker) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khndhdhbebhaddchcgnalcjlaekbbeof [2023-10-02] CHR Extension: (Chrome Web Store Payments) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-10-02] CHR Profile: C:\Users\justc\AppData\Local\Google\Chrome\User Data\Profile 2 [2023-10-02] CHR Extension: (Google Docs Offline) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-02] CHR Extension: (Bitdefender Anti-tracker) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\khndhdhbebhaddchcgnalcjlaekbbeof [2023-10-02] CHR Extension: (Chrome Web Store Payments) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-10-02] CHR Profile: C:\Users\justc\AppData\Local\Google\Chrome\User Data\System Profile [2023-10-02] CHR HKLM-x32...\Chrome\Extension: [khndhdhbebhaddchcgnalcjlaekbbeof] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AfVpnService; C:\Program Files\Bitdefender\Bitdefender VPN\hydra.sdk.windows.service.exe [439856 2023-06-07] (Bitdefender SRL → AnchorFree Inc.) R2 BDAppSrv; C:\Program Files\Bitdefender\Bitdefender Security App\bdservicehost.exe [842264 2023-09-14] (Bitdefender SRL → Bitdefender) R2 BDAuxSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [842264 2023-09-14] (Bitdefender SRL → Bitdefender) R2 BDProtSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [842264 2023-09-14] (Bitdefender SRL → Bitdefender) R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2946088 2023-07-20] (Bitdefender SRL → Bitdefender) R2 bdredline_agent; C:\Program Files\Bitdefender Agent\redline\bdredline.exe [2560552 2023-07-20] (Bitdefender SRL → Bitdefender) R2 BDSafepaySrv; C:\Program Files\Bitdefender\Bitdefender Security App\Safepay\bdservicehost.exe [842264 2023-09-14] (Bitdefender SRL → Bitdefender) R2 bdvpnservice; C:\Program Files\Bitdefender\Bitdefender VPN\bdvpnservice.exe [474672 2023-08-18] (Bitdefender SRL → Bitdefender) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11817040 2023-09-01] (Microsoft Corporation → Microsoft Corporation) S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncHelper.exe [3511720 2023-09-29] (Microsoft Corporation → Microsoft Corporation) S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.189.0910.0001\OneDriveUpdaterService.exe [3849128 2023-09-29] (Microsoft Corporation → Microsoft Corporation) R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [659496 2023-07-27] (Bitdefender SRL → Bitdefender) R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [288792 2023-09-14] (Bitdefender SRL → Bitdefender) R2 VCUpdateSvc; C:\Program Files\Verizon Cloud\VerizonCloudUpdater.exe [54608 2023-08-25] (Verizon Data Services LLC → Verizon) R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [842264 2023-09-14] (Bitdefender SRL → Bitdefender) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-09-17] (Microsoft Windows Publisher → Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-09-17] (Microsoft Windows Publisher → Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 atc; C:\Windows\System32\DRIVERS\atc.sys [6205488 2023-08-10] (Microsoft Windows Hardware Compatibility Publisher → Bitdefender S.R.L. Bucharest, ROMANIA) R2 BdDci; C:\Windows\system32\DRIVERS\bddci.sys [798128 2022-09-29] (Microsoft Windows Hardware Compatibility Publisher → Bitdefender) S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [22976 2020-12-17] (Microsoft Windows Early Launch Anti-malware Publisher → Bitdefender) R3 bdprivmon; C:\Windows\system32\DRIVERS\bdprivmon.sys [49200 2023-08-09] (Microsoft Windows Hardware Compatibility Publisher → Bitdefender SRL) S3 bduefiscan; C:\Windows\system32\DRIVERS\bduefiscan.sys [39840 2022-08-12] (Microsoft Windows Hardware Compatibility Publisher → Bitdefender) R1 bdvpn_netfilter; C:\Windows\System32\drivers\bdvpn_netfilter.sys [94600 2021-09-16] (Pango Inc. → Pango Inc) R1 Gemma; C:\Windows\System32\DRIVERS\gemma.sys [1347496 2023-07-12] (Microsoft Windows Hardware Compatibility Publisher → BitDefender S.R.L. Bucharest, ROMANIA) R2 Ignisv2; C:\Windows\system32\DRIVERS\ignisv2.sys [165312 2023-08-06] (Microsoft Windows Hardware Compatibility Publisher → Bitdefender) R3 tap0901; C:\Windows\System32\drivers\tap0901.sys [47920 2021-09-16] (Microsoft Windows Hardware Compatibility Publisher → The OpenVPN Project) R2 trufos; C:\Windows\System32\DRIVERS\trufos.sys [633248 2022-12-07] (Microsoft Windows Hardware Compatibility Publisher → Bitdefender) R0 vlflt; C:\Windows\System32\DRIVERS\vlflt.sys [522136 2023-03-17] (Microsoft Windows Hardware Compatibility Publisher → Bitdefender) S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [55872 2023-09-17] (Microsoft Windows Early Launch Anti-malware Publisher → Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [574872 2023-09-17] (Microsoft Windows → Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105864 2023-09-17] (Microsoft Windows → Microsoft Corporation) S3 AscFileFilter; ??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys S3 AscRegistryFilter; ??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.sys S3 cpuz154; ??\C:\Windows\temp\cpuz154\cpuz154_x64.sys ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2023-10-02 15:55 - 2023-10-02 15:57 - 000034227 _____ C:\Users\justc\Desktop\FRST.txt 2023-10-02 15:54 - 2023-10-02 15:54 - 002382848 _____ (Farbar) C:\Users\justc\Downloads\FRST64 (1).exe 2023-10-02 15:50 - 2023-10-02 15:50 - 000000000 ____D C:\Users\justc\Verizon Cloud 2023-10-02 15:48 - 2023-10-02 15:48 - 000000760 _____ C:\Windows\Tasks\CCleanerCrashReporting.job 2023-10-02 14:32 - 2023-10-02 14:32 - 002382848 _____ (Farbar) C:\Users\justc\Desktop\FRST64.exe 2023-10-02 14:01 - 2023-10-02 15:56 - 000000000 ____D C:\FRST 2023-10-02 12:08 - 2023-10-02 12:08 - 000000000 ____D C:\Users\justc\AppData\Roaming\SnookerQ 2023-10-02 12:06 - 2023-10-02 12:06 - 107353130 _____ (SnookerQ Inc. ) C:\Users\justc\Downloads\SnookerQSetup-20230923-0.1.710.exe 2023-10-02 12:05 - 2023-10-02 12:05 - 107353130 _____ (SnookerQ Inc. ) C:\Users\justc\Downloads\SnookerQSetup-20230923-0.1.710 (1).exe 2023-10-02 09:43 - 2023-10-02 09:43 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\HTML Help 2023-10-02 09:40 - 2023-10-02 09:59 - 000000000 ____D C:\Users\justc\AppData\Roaming\CoreFTP 2023-10-02 09:38 - 2023-10-02 09:38 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Core FTP (x64) 2023-10-02 09:38 - 2023-10-02 09:38 - 000000000 ____D C:\Program Files\CoreFTP 2023-10-02 02:26 - 2023-10-02 02:26 - 000000000 ____D C:\Users\justc\AppData\Local\OO Software 2023-10-02 02:23 - 2023-10-02 02:23 - 000003656 _____ C:\Windows\system32\Tasks\CreateExplorerShellUnelevatedTask 2023-10-02 02:22 - 2023-10-02 02:22 - 000000000 ____D C:\KPRM 2023-10-02 01:27 - 2023-10-02 02:23 - 000000000 ____D C:\Users\justc\AppData\Local\ESET 2023-10-01 19:39 - 2023-10-01 19:39 - 000000000 ____D C:\Users\justc\AppData\Local\CEF 2023-10-01 19:33 - 2023-10-02 01:05 - 000000000 ____D C:\Users\justc\AppData\Roaming\ZHP 2023-10-01 19:19 - 2023-10-01 19:19 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc 2023-10-01 19:07 - 2023-10-01 19:07 - 000000015 _____ C:\Users\justc\advanced_ip_scanner_Comments.bin 2023-10-01 19:07 - 2023-10-01 19:07 - 000000015 _____ C:\Users\justc\advanced_ip_scanner_Aliases.bin 2023-10-01 19:07 - 2023-10-01 19:07 - 000000004 _____ C:\Users\justc\advanced_ip_scanner_MAC.bin 2023-10-01 19:06 - 2023-10-01 19:06 - 000000000 ____D C:\Windows\Tasks\ImCleanDisabled 2023-10-01 19:03 - 2023-10-01 19:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2023-10-01 19:03 - 2023-10-01 19:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskCheckup 2023-10-01 19:03 - 2023-10-01 19:03 - 000000000 ____D C:\Program Files\FileZilla FTP Client 2023-10-01 19:03 - 2023-10-01 19:03 - 000000000 ____D C:\Program Files (x86)\DiskCheckup 2023-10-01 19:02 - 2023-10-01 19:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID 2023-10-01 19:02 - 2023-10-01 19:02 - 000000000 ____D C:\Program Files\CPUID 2023-10-01 19:01 - 2023-10-02 15:49 - 000000000 ____D C:\Program Files\CCleaner 2023-10-01 19:01 - 2023-10-02 15:48 - 000003416 _____ C:\Windows\system32\Tasks\CCleanerCrashReporting 2023-10-01 19:01 - 2023-10-01 19:01 - 000003936 _____ C:\Windows\system32\Tasks\CCleaner Update 2023-10-01 19:01 - 2023-10-01 19:01 - 000002904 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC - justc 2023-10-01 19:01 - 2023-10-01 19:01 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk 2023-10-01 19:01 - 2023-10-01 19:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2023-10-01 18:58 - 2023-10-01 18:59 - 000000000 ____D C:\Users\justc\AppData\Roaming\Atom 2023-10-01 18:58 - 2023-10-01 18:59 - 000000000 ____D C:\Users\justc.atom 2023-10-01 18:57 - 2023-10-01 19:19 - 000000000 ____D C:\Users\justc\AppData\Local\atom 2023-10-01 18:57 - 2023-10-01 18:58 - 000000000 ____D C:\Users\justc\AppData\Local\SquirrelTemp 2023-10-01 18:56 - 2023-10-01 19:19 - 000000000 ____D C:\Users\justc\AppData\Roaming\AnyDesk 2023-10-01 18:56 - 2023-10-01 19:19 - 000000000 ____D C:\ProgramData\AnyDesk 2023-10-01 18:56 - 2023-10-01 19:19 - 000000000 ____D C:\Program Files\AnyDesk 2023-10-01 18:55 - 2023-10-01 18:55 - 000001848 _____ C:\Windows\system32\Tasks\Amazon Music Helper 2023-10-01 18:55 - 2023-10-01 18:55 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music 2023-10-01 18:54 - 2023-10-01 18:55 - 000000000 ____D C:\Users\justc\AppData\Local\Amazon Music 2023-10-01 18:51 - 2023-10-02 01:05 - 000000000 ____D C:\ProgramData\IObit 2023-10-01 18:51 - 2023-10-01 23:41 - 000000000 ____D C:\Users\justc\AppData\LocalLow\IObit 2023-10-01 18:51 - 2023-10-01 18:53 - 000000000 ____D C:\Users\justc\AppData\Local\Innovative Solutions 2023-10-01 18:51 - 2023-10-01 18:51 - 000000000 ____D C:\ProgramData\ProductData 2023-10-01 18:51 - 2023-10-01 18:51 - 000000000 ____D C:\ProgramData{7D4F950D-61ED-482D-A05D-43620B49B610} 2023-10-01 18:50 - 2023-10-01 23:41 - 000000000 ____D C:\Program Files (x86)\IObit 2023-10-01 18:50 - 2023-10-01 19:13 - 000000000 ____D C:\Users\justc\AppData\Roaming\IObit 2023-10-01 18:50 - 2023-10-01 18:50 - 000000000 ____D C:\Users\justc\AppData\Local\Adobe 2023-10-01 18:50 - 2023-10-01 18:50 - 000000000 ____D C:\Users\Default\AppData\Roaming\Macromedia 2023-10-01 18:50 - 2023-10-01 18:50 - 000000000 ____D C:\ProgramData\Adobe 2023-10-01 18:48 - 2023-10-01 19:13 - 000000000 ____D C:\Program Files (x86)\Adobe 2023-10-01 18:47 - 2023-10-01 19:39 - 000000000 ____D C:\ProgramData\360Quarant 2023-10-01 18:46 - 2023-10-01 18:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2023-10-01 18:46 - 2023-10-01 18:46 - 000000000 ____D C:\Program Files\7-Zip 2023-10-01 18:44 - 2023-10-02 01:25 - 000000000 ____D C:\Program Files (x86)\360 2023-10-01 18:42 - 2023-10-01 18:42 - 000000000 ____D C:\Users\justc\AppData\Local\Patch_My_PC,_LLC 2023-10-01 02:01 - 2023-10-01 02:01 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2023-10-01 02:01 - 2023-10-01 02:01 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2023-10-01 02:01 - 2023-10-01 02:01 - 000002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2023-10-01 02:01 - 2023-10-01 02:01 - 000002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2023-10-01 02:01 - 2023-10-01 02:01 - 000002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2023-10-01 02:01 - 2023-10-01 02:01 - 000002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2023-10-01 02:01 - 2023-10-01 02:01 - 000002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk 2023-10-01 02:01 - 2023-10-01 02:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2023-10-01 01:13 - 2023-10-01 01:13 - 000000000 ____D C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4 2023-10-01 00:32 - 2023-10-01 00:32 - 000710972 _____ C:\ProgramData\cl.1696134161.bdinstall.v2.bin 2023-10-01 00:32 - 2023-10-01 00:32 - 000120408 _____ C:\ProgramData\cl.kit.1696134156.bdinstall.v2.bin 2023-10-01 00:26 - 2023-10-01 00:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Security 2023-10-01 00:24 - 2023-10-01 00:24 - 000000000 ____D C:\Users\justc\AppData\Roaming\Bitdefender 2023-10-01 00:04 - 2023-10-01 00:04 - 043134544 _____ C:\Users\justc\Downloads\Bitdefender_2023_Uninstall_Tool (3).exe 2023-10-01 00:04 - 2023-10-01 00:04 - 000009988 _____ C:\ProgramData\uninstalltool.1696133085.bdinstall.v2.bin 2023-10-01 00:03 - 2023-10-01 00:04 - 043134544 _____ C:\Users\justc\Downloads\Bitdefender_2023_Uninstall_Tool (2).exe 2023-09-30 19:29 - 2023-09-30 19:29 - 000000000 ____D C:\Windows\system32\Tasks\Meta 2023-09-30 19:28 - 2023-09-30 19:28 - 076637736 _____ (Facebook, Inc.) C:\Users\justc\Downloads\Messenger.196.0.0.4.210.exe 2023-09-30 19:26 - 2023-09-30 19:26 - 002904424 _____ (Opera Software) C:\Users\justc\Downloads\OperaSetup.exe 2023-09-30 18:49 - 2023-09-30 18:49 - 043134544 _____ C:\Users\justc\Downloads\Bitdefender_2023_Uninstall_Tool (1).exe 2023-09-30 18:48 - 2023-09-30 18:49 - 043134544 _____ C:\Users\justc\Downloads\Bitdefender_2023_Uninstall_Tool.exe 2023-09-30 16:26 - 2023-09-30 16:26 - 000000000 ____D C:\Users\justc\Desktop\Missy.Mikes business cards 2023-09-29 16:41 - 2023-09-29 16:42 - 000029018 _____ C:\Users\justc\Downloads\8th Grade Athlete Recognition Night Form (1).pdf 2023-09-29 16:39 - 2023-09-29 16:39 - 000029018 _____ C:\Users\justc\Downloads\8th Grade Athlete Recognition Night Form.pdf 2023-09-29 08:38 - 2023-09-29 08:38 - 000000000 ____D C:\PUB 2023-09-29 08:37 - 2023-09-29 08:50 - 000000054 _____ C:\Windows\Lic.*** 2023-09-29 08:36 - 2023-09-29 08:36 - 000176760 _____ (MicroWorld Technologies Inc.) C:\Windows\SysWOW64\eEmpty.exe 2023-09-29 08:36 - 2023-09-29 08:36 - 000000000 ____D C:\ProgramData\MicroWorld 2023-09-29 08:33 - 2023-09-29 08:34 - 303908928 _____ (MicroWorld Technologies Inc.) C:\Users\justc\Downloads\mwav (4).exe 2023-09-29 08:33 - 2023-09-29 08:34 - 303908928 _____ (MicroWorld Technologies Inc.) C:\Users\justc\Downloads\mwav (3).exe 2023-09-29 08:32 - 2023-09-29 08:32 - 015012420 _____ C:\Users\justc\Downloads\avz5.zip 2023-09-29 08:28 - 2023-09-29 08:28 - 000000396 _____ C:\Users\justc\Downloads\avzfix.txt 2023-09-29 08:20 - 2023-09-29 08:20 - 303908928 _____ (MicroWorld Technologies Inc.) C:\Users\justc\Downloads\mwav (2).exe 2023-09-29 08:18 - 2023-09-29 08:19 - 303908928 _____ (MicroWorld Technologies Inc.) C:\Users\justc\Downloads\mwav (1).exe 2023-09-29 07:54 - 2023-09-29 07:54 - 000000000 ____D C:\Users\justc\AppData\Local\ToastNotificationManagerCompat 2023-09-28 22:23 - 2023-09-28 22:23 - 000000000 ____D C:\Windows\ABR 2023-09-28 22:15 - 2023-09-28 22:15 - 018320588 _____ C:\Users\justc\Downloads\AutoLogger (1).zip 2023-09-28 22:09 - 2023-09-28 22:10 - 000388608 _____ (Trend Micro Inc.) C:\Users\justc\Downloads\HijackThis.exe 2023-09-28 22:09 - 2023-09-28 22:10 - 000388608 _____ (Trend Micro Inc.) C:\Users\justc\Downloads\HijackThis (1).exe 2023-09-28 16:03 - 2023-09-28 16:03 - 001029415 _____ C:\Users\justc\Downloads\RegSeeker47.zip 2023-09-28 13:11 - 2023-09-28 13:11 - 000000000 ____D C:\ProgramData\Hydra Windows SDK 2023-09-28 12:58 - 2023-09-28 12:58 - 000000121 _____ C:\Users\justc\Downloads\backup_codes.txt 2023-09-28 11:29 - 2023-09-28 11:29 - 000016059 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json 2023-09-28 10:57 - 2023-09-28 10:57 - 000000000 ___HD C:$WinREAgent 2023-09-27 22:43 - 2023-09-27 22:43 - 000092200 _____ C:\ProgramData\agent.update.1695869008.bdinstall.v2.bin 2023-09-27 22:42 - 2023-09-27 22:42 - 014026096 _____ C:\Users\justc\Downloads\bitdefender_windows_439a9349-ed46-4358-a035-c15a69ffedf2.exe 2023-09-27 22:19 - 2023-09-27 22:19 - 000213860 _____ C:\ProgramData\vpn.1695867536.bdinstall.v2.bin 2023-09-27 22:19 - 2023-09-27 22:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender VPN 2023-09-27 22:19 - 2023-09-27 22:19 - 000000000 ____D C:\ProgramData\AnchorFree_Inc 2023-09-27 22:19 - 2021-09-16 05:55 - 000094600 _____ (Pango Inc) C:\Windows\system32\Drivers\bdvpn_netfilter.sys 2023-09-27 22:11 - 2023-09-27 22:11 - 000000000 ____D C:\ProgramData\Gemma 2023-09-27 22:11 - 2023-09-27 22:11 - 000000000 ____D C:\ProgramData\Atc 2023-09-27 22:08 - 2023-09-28 19:48 - 000000000 ____D C:\ProgramData\BDLogging 2023-09-27 22:08 - 2023-09-27 22:08 - 000000000 ____D C:\Windows\system32\elambkup 2023-09-27 22:07 - 2023-09-27 22:07 - 000000000 ____D C:\Users\justc\AppData\Roaming\Bitdefender Security App 2023-09-27 22:05 - 2023-10-01 00:42 - 000000000 ____D C:\ProgramData\Bitdefender 2023-09-27 22:05 - 2023-10-01 00:24 - 000000000 ____D C:\Program Files\Bitdefender 2023-09-27 22:00 - 2023-10-01 00:24 - 000000000 ____D C:\Program Files\Common Files\Bitdefender 2023-09-27 21:59 - 2023-09-27 22:43 - 000003854 _____ C:\Windows\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 2023-09-27 21:57 - 2023-09-27 22:43 - 000000000 ____D C:\Program Files\Bitdefender Agent 2023-09-27 21:57 - 2023-09-27 21:57 - 000143364 _____ C:\ProgramData\agent.1695866221.bdinstall.v2.bin 2023-09-27 21:57 - 2023-09-27 21:57 - 000000000 ____D C:\Users\justc\AppData\Local\Bitdefender 2023-09-27 21:57 - 2023-09-27 21:57 - 000000000 ____D C:\ProgramData\Bitdefender Agent 2023-09-27 19:47 - 2023-09-27 19:47 - 014026096 _____ C:\Users\justc\Downloads\bitdefender_avfree.exe 2023-09-26 22:00 - 2023-09-26 22:00 - 001789560 _____ () C:\Users\justc\Downloads\Everything-1.4.1.1024.x86-Setup.exe 2023-09-26 20:32 - 2023-09-26 20:32 - 000000000 ____D C:\Users\justc\Documents\Custom Office Templates 2023-09-26 18:41 - 2023-09-27 17:54 - 000000000 ____D C:\Program Files\HijackThis 2023-09-26 17:16 - 2023-09-26 17:16 - 000290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe 2023-09-26 17:16 - 2023-09-26 17:16 - 000000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA 2023-09-26 10:41 - 2023-09-26 10:41 - 000000000 ____D C:\Program Files\Reference Assemblies 2023-09-26 10:41 - 2023-09-26 10:41 - 000000000 ____D C:\Program Files\MSBuild 2023-09-26 10:41 - 2023-09-26 10:41 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies 2023-09-26 10:41 - 2023-09-26 10:41 - 000000000 ____D C:\Program Files (x86)\MSBuild 2023-09-26 10:05 - 2023-09-26 10:14 - 000000000 ___D C:\Users\justc\AppData\Roaming\Geek Uninstaller 2023-09-26 10:05 - 2023-09-26 10:05 - 002961151 _____ C:\Users\justc\Downloads\geek.zip 2023-09-25 17:05 - 2023-09-25 17:05 - 005252911 _____ C:\Users\justc\Downloads\Fw more piks, couldn’t find none of rusty and bian younger.. tryin to make sure all the kids and g kids and g g kids are in.eml 2023-09-24 16:35 - 2023-09-24 16:35 - 000175687 _____ C:\Users\justc\Downloads\HarrellRaeleigh.pdf 2023-09-24 16:32 - 2023-09-24 16:32 - 022152410 _____ C:\Users\justc\Downloads\champion power washer manual.pdf 2023-09-24 16:30 - 2023-09-24 16:30 - 000000000 ____D C:\Users\justc\AppData\LocalLow\webviewdata 2023-09-24 16:13 - 2023-09-24 16:13 - 000000000 ____D C:\ProgramData\VerizonCloud 2023-09-24 16:12 - 2023-10-01 11:43 - 000000000 ____D C:\Users\justc\AppData\Local\VerizonCloud-Data 2023-09-24 16:12 - 2023-09-24 16:13 - 000000000 ____D C:\Windows\system32\Tasks\VerizonCloud 2023-09-24 16:12 - 2023-09-24 16:12 - 000000000 ____D C:\Users\justc\AppData\Local\IsolatedStorage 2023-09-24 15:49 - 2023-09-24 15:49 - 000002533 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon Cloud.lnk 2023-09-24 15:49 - 2023-09-24 15:49 - 000002521 _____ C:\Users\Public\Desktop\Verizon Cloud.lnk 2023-09-24 15:49 - 2023-09-24 15:49 - 000000000 ____D C:\Program Files\Verizon Cloud 2023-09-24 15:37 - 2023-09-24 15:48 - 028643328 _____ C:\Users\justc\Downloads\pc-vzcloud-install.msi 2023-09-24 14:16 - 2023-09-20 00:16 - 012339253 _____ C:\Users\justc\Desktop\Pool.Snooker (2).zip 2023-09-21 21:48 - 2023-09-21 21:48 - 000000721 _____ C:\Users\justc\Downloads\ATT00001 2023-09-21 20:34 - 2023-09-21 20:34 - 000000000 ____D C:\Users\justc\AppData\Roaming\CDTPL 2023-09-21 20:34 - 2023-09-21 20:34 - 000000000 ____D C:\ProgramData\CDTPL 2023-09-21 20:32 - 2023-09-21 20:33 - 087778968 _____ (SysTools Software Pvt Ltd ) C:\Users\justc\Downloads\pst-converter.exe 2023-09-21 07:33 - 2023-09-21 07:33 - 000002967 _____ C:\Users\justc\Downloads\ATT00001.htm 2023-09-20 09:44 - 2023-09-20 09:44 - 000000000 ____D C:\Windows\system32\RTCOM 2023-09-20 09:44 - 2023-09-20 09:44 - 000000000 ____D C:\Program Files\Waves 2023-09-20 09:44 - 2023-09-20 09:44 - 000000000 ____D C:\Program Files (x86)\Realtek 2023-09-20 09:42 - 2023-09-20 09:44 - 000000000 ____D C:\Windows\SysWOW64\RTCOM 2023-09-20 09:42 - 2023-09-20 09:42 - 000000000 ____D C:\Windows\system32\SRSLabs 2023-09-20 09:42 - 2023-09-20 09:42 - 000000000 ____D C:\Program Files\Realtek 2023-09-20 09:42 - 2017-06-19 04:19 - 005762544 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys 2023-09-20 09:42 - 2017-06-19 04:19 - 003685872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl 2023-09-20 09:42 - 2017-06-19 04:19 - 003545984 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 003541896 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 003213808 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 001373792 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000706472 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000692504 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000545808 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000460424 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000399448 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000355480 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000333272 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000333272 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000232696 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000225480 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000220120 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000203424 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000176456 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000174608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkXInterface64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000161928 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000144168 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000120696 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000097952 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000094152 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000032384 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 013245712 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 013110360 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO4064.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 012129784 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxVoiceAPO30.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 007181592 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 007104872 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 003795400 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioMeters64.exe 2023-09-20 09:42 - 2017-06-19 04:18 - 002320104 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO7064.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 002218480 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 002058864 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 001991768 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 001804920 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 001613696 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 001530848 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 001444232 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 001233064 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 001185168 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 001017424 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000759192 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000742512 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000723208 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000693008 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000517448 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000457992 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000453824 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000342264 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000339112 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000283904 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000264952 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000264880 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000263928 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000212240 _____ (Waves Audio) C:\Windows\system32\MaxxAudioVienna264.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000131008 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll 2023-09-20 09:39 - 2017-10-01 20:13 - 000984032 _____ (Realtek ) C:\Windows\system32\Drivers\rt640x64.sys 2023-09-20 00:15 - 2023-09-20 00:16 - 012339253 _____ C:\Users\justc\Downloads\Pool.Snooker.zip 2023-09-20 00:15 - 2023-09-20 00:16 - 012339253 _____ C:\Users\justc\Downloads\Pool.Snooker (2).zip 2023-09-20 00:15 - 2023-09-20 00:16 - 012339253 _____ C:\Users\justc\Downloads\Pool.Snooker (1).zip 2023-09-19 14:49 - 2023-10-01 23:40 - 000000000 ____D C:\Users\justc\AppData\Local\Messenger 2023-09-19 14:49 - 2023-10-01 23:37 - 000000000 ____D C:\Users\justc\AppData\Roaming\Messenger 2023-09-19 14:49 - 2023-09-19 14:49 - 000002333 _____ C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Messenger.lnk 2023-09-19 14:49 - 2023-09-19 14:49 - 000000000 ____D C:\Users\justc\AppData\LocalLow\Messenger 2023-09-19 14:49 - 2023-09-19 14:49 - 000000000 ____D C:\Users\justc\AppData\Local\messenger-updater 2023-09-19 14:48 - 2023-09-19 14:49 - 076276840 _____ (Facebook, Inc.) C:\Users\justc\Downloads\Messenger.195.0.0.4.225 (1).exe 2023-09-19 14:48 - 2023-09-19 14:48 - 076276840 _____ (Facebook, Inc.) C:\Users\justc\Downloads\Messenger.195.0.0.4.225.exe 2023-09-19 14:34 - 2023-09-19 14:34 - 000000089 _____ C:\Users\justc\Downloads\recovery_codes.txt 2023-09-19 12:51 - 2023-09-19 12:51 - 000136344 _____ C:\Users\justc\Downloads\163217533609.JPEG 2023-09-19 10:16 - 2023-09-19 10:16 - 000006876 _____ C:\Users\justc\Downloads\start2.bin 2023-09-19 09:27 - 2023-10-01 00:17 - 000000000 ____D C:\Program Files\Microsoft OneDrive 2023-09-18 17:13 - 2023-09-18 17:13 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\InputMethod 2023-09-18 13:14 - 2023-09-18 13:14 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\UProof 2023-09-18 13:14 - 2023-09-18 13:14 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Proof 2023-09-17 23:01 - 2023-09-17 23:01 - 000000000 ___HD C:\ProgramData\CanonIJScan 2023-09-17 23:00 - 2023-09-17 23:01 - 000000000 ____D C:\Users\justc\AppData\Roaming\Canon 2023-09-17 22:57 - 2023-09-17 22:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX340 series 2023-09-17 22:57 - 2023-09-17 22:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon IJ Network Utilities 2023-09-17 22:57 - 2023-09-17 22:57 - 000000000 ____D C:\ProgramData\Canon IJ Network Tool 2023-09-17 22:56 - 2023-09-17 22:56 - 000000000 ___HD C:\ProgramData\CanonBJ 2023-09-17 22:56 - 2023-09-17 22:56 - 000000000 ____D C:\Windows\system32\STRING 2023-09-17 22:56 - 2023-09-17 22:56 - 000000000 ____D C:\Windows\system32\CanonIJ Uninstaller Information 2023-09-17 22:56 - 2023-09-17 22:56 - 000000000 ____D C:\Program Files\CanonBJ 2023-09-17 22:56 - 2012-06-14 17:18 - 000366592 _____ (CANON INC.) C:\Windows\SysWOW64\CNMNPPM.DLL 2023-09-17 22:56 - 2012-06-14 17:18 - 000359936 _____ (CANON INC.) C:\Windows\system32\CNMN6PPM.DLL 2023-09-17 22:56 - 2012-06-14 17:18 - 000039424 _____ (CANON INC.) C:\Windows\system32\CNMN6UI.DLL 2023-09-17 22:55 - 2023-09-17 22:55 - 032939648 _____ C:\Users\justc\Downloads\mp68-win-mx340-1_06-ea24.exe 2023-09-17 22:49 - 2023-09-17 22:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities 2023-09-17 22:49 - 2023-09-17 22:57 - 000000000 ____D C:\Program Files (x86)\Canon 2023-09-17 22:48 - 2023-09-17 22:49 - 047823992 _____ C:\Users\justc\Downloads\mpnx_3_1-win-3_14-ej.exe 2023-09-17 21:37 - 2023-10-02 09:50 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Word 2023-09-17 21:37 - 2023-09-29 12:42 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task 2023-09-17 21:37 - 2023-09-29 12:42 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2023-09-17 21:37 - 2023-09-17 21:48 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Office 2023-09-17 21:37 - 2023-09-17 21:37 - 000000000 ___RD C:\Users\Default\OneDrive 2023-09-17 21:37 - 2023-09-17 21:37 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\AddIns 2023-09-17 21:27 - 2023-09-17 21:35 - 000000000 ____D C:\Program Files\Microsoft Office 2023-09-17 21:27 - 2023-09-17 21:27 - 000000000 ____D C:\Program Files\Microsoft Office 15 2023-09-17 21:11 - 2023-10-02 12:48 - 000000000 ____D C:\Users\justc\AppData\Local\CrashDumps 2023-09-17 21:11 - 2023-09-17 21:14 - 000000000 ____D C:\ProgramData\Windhawk 2023-09-17 21:10 - 2023-09-26 10:24 - 000000000 ____D C:\Users\justc\AppData\LocalLow\Temp 2023-09-17 21:09 - 2023-10-02 14:45 - 000000000 ____D C:\Program Files\Windhawk 2023-09-17 21:08 - 2023-09-17 21:09 - 129469224 _____ (Ramen Software) C:\Users\justc\Downloads\windhawk_setup.exe 2023-09-17 20:55 - 2023-09-17 21:34 - 000000000 ___HD C:$WINDOWS.~BT 2023-09-17 19:45 - 2023-09-17 19:45 - 000000000 ____D C:\Users\justc\AppData\Local\ElevatedDiagnostics 2023-09-17 19:17 - 2023-09-17 19:22 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\MMC 2023-09-17 17:45 - 2023-09-19 23:29 - 000000000 ____D C:\Windows\Panther 2023-09-17 17:33 - 2023-09-17 17:38 - 000000000 ____D C:\Users\justc\Documents\malwarebytes license key 2023-09-17 17:27 - 2023-09-17 21:34 - 000001908 _____ C:\Windows\diagwrn.xml 2023-09-17 17:27 - 2023-09-17 21:34 - 000001908 _____ C:\Windows\diagerr.xml 2023-09-17 17:09 - 2023-09-17 17:09 - 000000000 ____D C:\Users\justc\AppData\Local\mbam 2023-09-17 17:08 - 2023-09-17 17:08 - 000000000 ____D C:\Users\justc\Tracing 2023-09-17 17:07 - 2023-09-17 17:07 - 002606880 _____ (Malwarebytes) C:\Users\justc\Downloads\MBSetup-5.5 (1).exe 2023-09-17 17:07 - 2023-09-17 17:07 - 000000000 ____D C:\ProgramData\Malwarebytes 2023-09-17 17:07 - 2023-09-17 17:07 - 000000000 ____D C:\Program Files\Malwarebytes 2023-09-17 17:06 - 2023-09-17 17:06 - 002606880 _____ (Malwarebytes) C:\Users\justc\Downloads\MBSetup-5.5.exe 2023-09-17 16:54 - 2023-09-17 16:54 - 000000000 ___HD C:$Windows.~WS 2023-09-17 16:49 - 2023-09-17 16:49 - 000000000 _SHDL C:\Documents and Settings 2023-09-17 16:46 - 2023-10-02 15:45 - 000008192 ___SH C:\DumpStack.log.tmp 2023-09-17 16:46 - 2023-10-02 15:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2023-09-17 16:46 - 2023-10-02 15:31 - 000000000 ____D C:\Windows\system32\SleepStudy 2023-09-17 16:46 - 2023-09-30 19:11 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2023-09-17 16:46 - 2023-09-28 12:09 - 000439016 _____ C:\Windows\system32\FNTCACHE.DAT 2023-09-17 16:46 - 2023-09-18 08:05 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2023-09-17 16:46 - 2023-09-18 08:05 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2023-09-17 16:46 - 2023-09-17 16:46 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2023-09-17 16:46 - 2023-09-17 16:46 - 000000000 ____D C:\Windows\ServiceProfiles 2023-09-17 16:46 - 2023-09-17 16:08 - 000000000 ____D C:\Windows\system32\Drivers\wd 2023-09-17 16:43 - 2023-09-17 17:08 - 000000000 ____D C:\ESD 2023-09-17 16:21 - 2023-10-01 19:19 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps 2023-09-17 16:12 - 2023-09-17 16:12 - 000000000 ____H C:\Users\justc\Documents\Default.rdp 2023-09-17 16:09 - 2023-09-17 16:09 - 000000000 ____D C:\Users\justc\AppData\Local\OneDrive 2023-09-17 15:58 - 2023-09-17 15:58 - 000002888 _____ C:\Users\justc\Desktop\Child support portal pin.odt 2023-09-17 15:50 - 2023-09-17 15:58 - 000000000 ____D C:\Windows\system32\MRT 2023-09-17 15:46 - 2023-09-17 15:46 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2023-09-17 14:55 - 2023-09-17 14:55 - 000001044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iPool.lnk 2023-09-17 14:55 - 2023-09-17 14:55 - 000000000 ____D C:\Users\Public\Documents\Memir Games 2023-09-17 14:55 - 2023-09-17 14:55 - 000000000 ____D C:\Program Files (x86)\ipool 2023-09-17 14:54 - 2023-09-17 14:54 - 007933240 _____ (Stratician ) C:\Users\justc\Downloads\setup2302.exe 2023-09-17 14:53 - 2023-09-17 14:53 - 000000000 ____D C:\Users\Public\Documents\Stratician Online 2023-09-17 14:52 - 2023-09-17 14:52 - 000001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSnooker.lnk 2023-09-17 14:52 - 2023-09-17 14:52 - 000000000 ____D C:\Program Files (x86)\iSnooker 2023-09-17 14:51 - 2023-09-17 14:51 - 032390920 _____ (Stratician ) C:\Users\justc\Downloads\setup2528.exe 2023-09-17 14:36 - 2023-09-27 17:12 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2023-09-17 14:36 - 2023-09-17 14:36 - 000000000 ____D C:\Users\justc\AppData\Local\Google 2023-09-17 14:36 - 2023-09-17 14:36 - 000000000 ____D C:\Program Files\Google 2023-09-17 14:35 - 2023-10-02 15:47 - 000000000 ____D C:\Program Files (x86)\Google 2023-09-17 14:35 - 2023-09-18 18:41 - 000003790 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{DE2B8264-B4FC-4FEF-AF29-8679B6F43F3B} 2023-09-17 14:35 - 2023-09-18 18:41 - 000003666 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{6BCD498D-EAE8-4972-BEBF-73EDBE3A0D6F} 2023-09-17 14:35 - 2023-09-17 14:35 - 001372712 _____ (Google LLC) C:\Users\justc\Downloads\ChromeSetup.exe 2023-09-17 14:22 - 2023-09-17 15:08 - 000000000 ____D C:\Users\justc\AppData\Local\Comms 2023-09-17 14:10 - 2023-09-17 20:06 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Spelling 2023-09-17 14:08 - 2023-09-29 12:42 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2215749033-445842302-415398914-1001 2023-09-17 14:08 - 2023-09-20 12:48 - 000000000 ____D C:\Users\justc\AppData\Local\PlaceholderTileLogoFolder 2023-09-17 14:08 - 2023-09-17 14:08 - 000000000 ___HD C:\OneDriveTemp 2023-09-17 14:07 - 2023-10-02 15:49 - 000000000 ___RD C:\Users\justc\OneDrive 2023-09-17 14:07 - 2023-09-17 14:07 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2023-09-17 14:05 - 2023-10-02 12:08 - 000000000 ____D C:\Users\justc\AppData\Local\AMD 2023-09-17 14:05 - 2023-10-02 09:48 - 000000000 ____D C:\Users\justc\AppData\Local\Packages 2023-09-17 14:05 - 2023-10-01 18:50 - 000000000 ____D C:\Users\justc\AppData\Roaming\Adobe 2023-09-17 14:05 - 2023-10-01 00:17 - 000000000 ____D C:\Users\justc\AppData\Local\D3DSCache 2023-09-17 14:05 - 2023-09-26 23:46 - 000000000 ____D C:\ProgramData\Packages 2023-09-17 14:05 - 2023-09-23 09:03 - 000000000 __RHD C:\Users\Public\AccountPictures 2023-09-17 14:05 - 2023-09-21 22:28 - 000000000 ____D C:\Users\justc\AppData\Local\ConnectedDevicesPlatform 2023-09-17 14:05 - 2023-09-17 20:06 - 000000000 ___SD C:\Users\justc\AppData\Roaming\Microsoft\Crypto 2023-09-17 14:05 - 2023-09-17 14:05 - 000000000 ___RD C:\Users\justc\3D Objects 2023-09-17 14:05 - 2023-09-17 14:05 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Vault 2023-09-17 14:05 - 2023-09-17 14:05 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Network 2023-09-17 14:05 - 2023-09-17 14:05 - 000000000 ____D C:\Users\justc\AppData\LocalLow\AMD 2023-09-17 14:05 - 2023-09-17 14:05 - 000000000 ____D C:\Users\justc\AppData\Local\VirtualStore 2023-09-17 14:05 - 2023-09-17 14:05 - 000000000 ____D C:\Users\justc\AppData\Local\Publishers 2023-09-17 14:00 - 2023-10-02 15:45 - 000065536 _____ C:\Windows\system32\spu_storage.bin 2023-09-17 14:00 - 2023-09-17 14:00 - 000000000 ___SD C:\Users\justc\AppData\Roaming\Microsoft\SystemCertificates 2023-09-17 14:00 - 2023-09-17 14:00 - 000000000 ____D C:\Windows\system32\AMD 2023-09-17 14:00 - 2023-09-17 14:00 - 000000000 ____D C:\Program Files\AMD 2023-09-17 14:00 - 2020-10-29 16:31 - 000107560 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\amdkmpfd.sys 2023-09-17 13:59 - 2023-10-02 15:50 - 000000000 ____D C:\Users\justc 2023-09-17 13:59 - 2023-09-28 19:29 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Windows 2023-09-17 13:59 - 2023-09-19 14:51 - 000000000 ___SD C:\Users\justc\AppData\Roaming\Microsoft\Credentials 2023-09-17 13:59 - 2023-09-17 13:59 - 000000020 ___SH C:\Users\justc\ntuser.ini 2023-09-17 13:59 - 2023-09-17 13:59 - 000000000 ___SD C:\Users\justc\AppData\Roaming\Microsoft\Protect 2023-09-17 13:59 - 2020-10-29 16:33 - 001783920 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe 2023-09-17 13:59 - 2020-10-29 16:33 - 001783920 _____ C:\Windows\system32\vulkaninfo.exe 2023-09-17 13:59 - 2020-10-29 16:33 - 001374320 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe 2023-09-17 13:59 - 2020-10-29 16:33 - 001374320 _____ C:\Windows\SysWOW64\vulkaninfo.exe 2023-09-17 13:59 - 2020-10-29 16:33 - 001085360 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll 2023-09-17 13:59 - 2020-10-29 16:33 - 001085360 _____ C:\Windows\system32\vulkan-1.dll 2023-09-17 13:59 - 2020-10-29 16:33 - 000944208 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll 2023-09-17 13:59 - 2020-10-29 16:33 - 000944208 _____ C:\Windows\SysWOW64\vulkan-1.dll 2023-09-17 13:59 - 2020-10-29 16:33 - 000736880 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Rapidfire64.dll 2023-09-17 13:59 - 2020-10-29 16:33 - 000046704 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\RapidFireServer64.dll 2023-09-17 13:59 - 2020-10-29 16:33 - 000043632 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 064809072 _____ C:\Windows\system32\amd_comgr.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 053684848 _____ C:\Windows\SysWOW64\amd_comgr32.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 004630640 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 004141168 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 001774192 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 001341552 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 001341552 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000760432 _____ (AMD) C:\Windows\system32\atieclxx.exe 2023-09-17 13:59 - 2020-10-29 16:32 - 000621168 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000496752 _____ C:\Windows\system32\GameManager64.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000493168 _____ C:\Windows\system32\dgtrayicon.exe 2023-09-17 13:59 - 2020-10-29 16:32 - 000468592 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000456304 _____ C:\Windows\system32\atieah64.exe 2023-09-17 13:59 - 2020-10-29 16:32 - 000432752 _____ C:\Windows\system32\EEURestart.exe 2023-09-17 13:59 - 2020-10-29 16:32 - 000380016 _____ C:\Windows\SysWOW64\GameManager32.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000351856 _____ C:\Windows\SysWOW64\atieah32.exe 2023-09-17 13:59 - 2020-10-29 16:32 - 000339568 _____ C:\Windows\system32\clinfo.exe 2023-09-17 13:59 - 2020-10-29 16:32 - 000245360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000213104 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000186992 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000182392 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000167024 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000166512 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000158656 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000156784 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000142448 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000140912 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000135792 _____ (AMD) C:\Windows\system32\atimuixx.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000134768 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000125552 _____ C:\Windows\system32\atidxx64.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000122480 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdxc64.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000120432 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000107632 _____ C:\Windows\SysWOW64\atidxx32.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000107120 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdxc32.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000090736 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mcl64.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000075376 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mcl32.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000070256 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ati2erec.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 071030384 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdhip64.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 001686016 _____ (AMD) C:\Windows\system32\amf-mft-mjpeg-decoder64.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 001365368 _____ (AMD) C:\Windows\SysWOW64\amf-mft-mjpeg-decoder32.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000941168 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000768624 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000553584 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmcl64.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000546800 _____ C:\Windows\system32\amdmiracast.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000489584 _____ C:\Windows\system32\amdgfxinfo64.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000466544 _____ C:\Windows\system32\amdlogum.exe 2023-09-17 13:59 - 2020-10-29 16:31 - 000383600 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmcl32.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000380016 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000198312 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdihk64.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000167400 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdihk32.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000135928 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000130232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000130232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000120264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000108248 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000108248 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll 2023-09-17 13:59 - 2020-10-29 15:29 - 000154384 _____ C:\Windows\system32\samu_krnl_ci.sbin 2023-09-17 13:59 - 2020-10-29 15:29 - 000138832 _____ C:\Windows\system32\samu_krnl_isv_ci.sbin 2023-09-17 13:59 - 2020-10-29 15:29 - 000125488 _____ C:\Windows\system32\kapp_ci.sbin 2023-09-17 13:59 - 2020-10-29 15:29 - 000121168 _____ C:\Windows\system32\kapp_si.sbin 2023-09-17 13:54 - 2023-10-02 15:53 - 000840598 _____ C:\Windows\system32\PerfStringBackup.INI ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2023-10-02 15:53 - 2019-12-07 05:13 - 000000000 ____D C:\Windows\INF 2023-10-02 15:47 - 2023-05-05 08:27 - 000000000 ____D C:\Windows\SystemTemp 2023-10-02 15:47 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2023-10-02 15:45 - 2019-12-07 05:03 - 000524288 _____ C:\Windows\system32\config\BBI 2023-10-02 00:05 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\AppReadiness 2023-10-01 19:42 - 2019-12-07 05:14 - 000000000 ___HD C:\Windows\ELAMBKUP 2023-10-01 19:26 - 2019-12-07 05:14 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar 2023-10-01 19:23 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2023-10-01 19:05 - 2019-12-07 05:14 - 000000000 __SHD C:\Program Files\Windows Sidebar 2023-10-01 07:36 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps 2023-09-29 14:04 - 2019-12-07 05:14 - 000000554 _____ C:\Windows\win.ini 2023-09-28 22:04 - 2019-12-07 05:14 - 000000000 ___SD C:\Windows\Downloaded Program Files 2023-09-28 22:04 - 2019-12-07 05:14 - 000000000 ___RD C:\Windows\Offline Web Pages 2023-09-28 12:45 - 2019-12-07 05:03 - 000065536 _____ C:\Windows\system32\config\ELAM 2023-09-28 12:23 - 2019-12-07 05:03 - 000000000 ____D C:\Windows\CbsTemp 2023-09-28 12:08 - 2019-12-07 05:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2023-09-28 12:08 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\setup 2023-09-28 12:08 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SystemResources 2023-09-28 12:08 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\setup 2023-09-28 12:08 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\oobe 2023-09-28 12:08 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\migwiz 2023-09-28 12:08 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\appraiser 2023-09-28 12:08 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\ShellExperiences 2023-09-28 12:08 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\PolicyDefinitions 2023-09-28 12:08 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\bcastdvr 2023-09-24 15:49 - 2023-05-05 08:22 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\ProjectedFSLib.dll 2023-09-17 22:57 - 2019-12-07 05:14 - 000000000 __RSD C:\Windows\Media 2023-09-17 20:06 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase 2023-09-17 20:06 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\spool 2023-09-17 20:06 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\MsDtc 2023-09-17 20:06 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\ServiceState 2023-09-17 19:01 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata 2023-09-17 19:01 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\WinMetadata 2023-09-17 19:01 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates 2023-09-17 19:00 - 2019-12-07 05:14 - 000000000 ___RD C:\Windows\PrintDialog 2023-09-17 19:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\appcompat 2023-09-17 17:45 - 2019-12-07 05:14 - 000028672 _____ C:\Windows\system32\config\BCD-Template 2023-09-17 17:21 - 2019-12-07 05:03 - 000000000 ____D C:\Windows\servicing 2023-09-17 16:51 - 2019-12-07 05:50 - 000000000 ____D C:\Windows\system32\FxsTmp 2023-09-17 16:08 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Windows Defender 2023-09-17 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\USOPrivate ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2023 Ran by justc (administrator) on DESKTOP-OKFJGL4 (Dell Inc. Inspiron 24-3455) (02-10-2023 15:55:43) Running from C:\Users\justc\Desktop\FRST64.exe Loaded Profiles: justc Platform: Microsoft Windows 10 Home Version 22H2 19045.3516 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (C:\Program Files\Bitdefender Agent\ProductAgentService.exe ->) (Bitdefender SRL → Bitdefender) C:\Program Files\Bitdefender Agent\27.0.1.259_0\DiscoverySrv.exe (C:\Program Files\Bitdefender\Bitdefender Security App\bdservicehost.exe ->) (Bitdefender SRL → Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security App\bdagent.exe (C:\Program Files\Bitdefender\Bitdefender Security App\bdservicehost.exe ->) (Bitdefender SRL → Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security App\bdwtxag.exe (C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe ->) (Bitdefender SRL → Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdntwrk.exe (C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe ->) (Bitdefender SRL → Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bduserhost.exe <4> (C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe ->) (S.C. BITDEFENDER S.R.L. → Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\wsccommunicator.exe (C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. → Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <4> (C:\Program Files\Verizon Cloud\Verizon Cloud.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe <6> (C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23082.131.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23082.131.0_x64__8wekyb3d8bbwe\YourPhoneAppProxy.exe (Canon Inc. → CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (DriverStore\FileRepository\u0360470.inf_amd64_35c64671e7fac064\B360357\atiesrxx.exe ->) (Advanced Micro Devices, Inc. → AMD) C:\Windows\System32\DriverStore\FileRepository\u0360470.inf_amd64_35c64671e7fac064\B360357\atieclxx.exe (explorer.exe ->) (Google LLC → Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <19> (explorer.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <11> (explorer.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe (explorer.exe ->) (Realtek Semiconductor Corp. → Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (explorer.exe ->) (Skype Software Sarl → Skype Technologies S.A.) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.105.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe <6> (explorer.exe ->) (Verizon Data Services LLC → Verizon) C:\Program Files\Verizon Cloud\Verizon Cloud.exe (explorer.exe ->) (Waves Inc → Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe (Google LLC → Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe (Google LLC → Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe (PIRIFORM SOFTWARE LIMITED → Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe (services.exe ->) (Advanced Micro Devices, Inc. → AMD) C:\Windows\System32\DriverStore\FileRepository\u0360470.inf_amd64_35c64671e7fac064\B360357\atiesrxx.exe (services.exe ->) (Bitdefender SRL → AnchorFree Inc.) C:\Program Files\Bitdefender\Bitdefender VPN\Hydra.Sdk.Windows.Service.exe (services.exe ->) (Bitdefender SRL → Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe (services.exe ->) (Bitdefender SRL → Bitdefender) C:\Program Files\Bitdefender Agent\redline\bdredline.exe (services.exe ->) (Bitdefender SRL → Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security App\bdservicehost.exe (services.exe ->) (Bitdefender SRL → Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security App\Safepay\bdservicehost.exe (services.exe ->) (Bitdefender SRL → Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe <3> (services.exe ->) (Bitdefender SRL → Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe (services.exe ->) (Bitdefender SRL → Bitdefender) C:\Program Files\Bitdefender\Bitdefender VPN\bdvpnService.exe (services.exe ->) (Bitdefender SRL → Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe (services.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Qualcomm Atheros → Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe (services.exe ->) (Realtek Semiconductor Corp. → Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (services.exe ->) (Verizon Data Services LLC → Verizon) C:\Program Files\Verizon Cloud\VerizonCloudUpdater.exe (services.exe ->) (Waves Inc → Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe (svchost.exe ->) (Amazon.com Services LLC → Amazon.com Services LLC) C:\Users\justc\AppData\Local\Amazon Music\Amazon Music Helper.exe (svchost.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileCoAuth.exe (svchost.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21580.0_x64__8wekyb3d8bbwe\HxOutlook.exe (svchost.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21580.0_x64__8wekyb3d8bbwe\HxTsr.exe (svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\dllhost.exe (svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235440 2017-06-19] (Realtek Semiconductor Corp. → Realtek Semiconductor) HKLM...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1494000 2017-06-19] (Realtek Semiconductor Corp. → Realtek Semiconductor) HKLM...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1494000 2017-06-19] (Realtek Semiconductor Corp. → Realtek Semiconductor) HKLM...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [723928 2017-01-26] (Waves Inc → Waves Audio Ltd.) HKLM...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender Security App\bdagent.exe [1062424 2023-09-14] (Bitdefender SRL → Bitdefender) HKLM-x32...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (Canon Inc. → CANON INC.) HKU\S-1-5-21-2215749033-445842302-415398914-1001...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2586640 2023-09-29] (Microsoft Corporation → Microsoft Corporation) HKU\S-1-5-21-2215749033-445842302-415398914-1001...\Run: [MicrosoftEdgeAutoLaunch_46C0173F98CBD0BEB36BBC1DDC54FE9A] => “C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe” --no-startup-window --win-session-start /prefetch:5 [4210216 2023-09-29] (Microsoft Corporation → Microsoft Corporation) HKU\S-1-5-21-2215749033-445842302-415398914-1001...\Run: [com.verizon.verizoncloud] => C:\Program Files\Verizon Cloud\Verizon Cloud.exe [8991568 2023-08-25] (Verizon Data Services LLC → Verizon) HKU\S-1-5-21-2215749033-445842302-415398914-1001...\Run: [com.messenger] => C:\Users\justc\AppData\Local\Programs\Messenger\Messenger.exe messenger://openAtLogin (No File) HKU\S-1-5-21-2215749033-445842302-415398914-1001...\Run: [Amazon Music Helper] => C:\Users\justc\AppData\Local\Amazon Music\Amazon Music Helper.exe [2107496 2023-04-12] (Amazon.com Services LLC → Amazon.com Services LLC) HKU\S-1-5-21-2215749033-445842302-415398914-1001...\Run: [GoogleChromeAutoLaunch_B364DB4262BB88E80B8C959641DD7ACE] => “C:\Program Files\Google\Chrome\Application\chrome.exe” --no-startup-window /prefetch:5 [3242272 2023-09-27] (Google LLC → Google LLC) HKU\S-1-5-21-2215749033-445842302-415398914-1001...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [42614688 2023-09-08] (PIRIFORM SOFTWARE LIMITED → Piriform Software Ltd) HKLM...\Windows x64\Print Processors\Canon MX340 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDA5.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher → CANON INC.) HKLM...\Print\Monitors\Canon BJ Language Monitor MX340 series: C:\Windows\system32\CNMLMA5.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher → CANON INC.) HKLM...\Print\Monitors\Canon BJNP Port: C:\Windows\system32\CNMN6PPM.DLL [359936 2012-06-14] (CANON INC.) [File not signed] HKLM...\Print\Monitors\Canon MP FAX Language Monitor MX340 series: C:\Windows\system32\CNCF2Lk.DLL [343552 2009-10-22] (Microsoft Windows Hardware Compatibility Publisher → Canon Inc.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] → C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\chrmstp.exe [2023-09-27] (Google LLC → Google LLC) ==================== Scheduled Tasks (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {7C773FC8-3237-4148-9B0B-4358A3960877} - System32\Tasks\Amazon Music Helper => C:\Users\justc\AppData\Local\Amazon Music\Amazon Music Helper.exe [2107496 2023-04-12] (Amazon.com Services LLC → Amazon.com Services LLC) Task: {B5673D04-8BD3-45A4-8ADE-237CE62BC243} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\27.0.1.259_0\WatchDog.exe [937000 2023-07-27] (Bitdefender SRL → Bitdefender) Task: {38E68DA7-BDC1-45BC-B6F1-E1340C9BF565} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2023-09-08] (PIRIFORM SOFTWARE LIMITED → Piriform Software Ltd) Task: {93365B83-1068-4600-A7E2-0FA633A6FC88} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2023-09-08] (PIRIFORM SOFTWARE LIMITED → Piriform Software) → --product 90 --send dumps|report --path “C:\Program Files\CCleaner\LOG” --programpath “C:\Program Files\CCleaner” --configpath “C:\Program Files\CCleaner\Setup” --guid “331ffa93-1f39-4a84-927a-41c6fb770b18” --version “6.16.10662” --silent Task: {BBBE75CE-C415-4859-B21E-6762426C71B1} - System32\Tasks\CCleanerSkipUAC - justc => C:\Program Files\CCleaner\CCleaner.exe [35675552 2023-09-08] (PIRIFORM SOFTWARE LIMITED → Piriform Software Ltd) Task: {4EC19EEF-BD4F-457C-B099-18AED5C8ED68} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\Explorer.exe [5329280 2023-09-28] (Microsoft Windows → Microsoft Corporation) Task: {6EA4340F-4DCB-4548-8010-72A3DDCAED67} - System32\Tasks\GoogleUpdateTaskMachineCore{6BCD498D-EAE8-4972-BEBF-73EDBE3A0D6F} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162072 2023-09-17] (Google LLC → Google LLC) Task: {8A99C8CB-E11D-414D-AAE3-C816090ED3FF} - System32\Tasks\GoogleUpdateTaskMachineUA{DE2B8264-B4FC-4FEF-AF29-8679B6F43F3B} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162072 2023-09-17] (Google LLC → Google LLC) Task: {E5EAE20A-AF40-4737-B2E6-D8834FFED2DC} - System32\Tasks\Meta\Messenger-SL-Helper-S-1-5-21-2215749033-445842302-415398914-1001 => C:\Users\justc\AppData\Local\Programs\Messenger\MessengerHelper.exe [2265336 2023-09-28] (Facebook, Inc. → Meta Platforms, Inc.) Task: {D521675D-8F95-43CD-B315-9FA40D55AE56} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation → Microsoft Corporation) Task: {C7FB92B1-FEB1-41DC-8A5F-C6F4D1962BA0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation → Microsoft Corporation) Task: {1A636F8D-8343-48C2-8703-6C5231D4A8D2} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-17] (Microsoft Corporation → Microsoft Corporation) Task: {A49083BF-7448-42A3-9649-32DE1D6A76DD} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-17] (Microsoft Corporation → Microsoft Corporation) Task: {07E94C3F-2761-421D-8832-06510B21C5ED} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-09-17] (Microsoft Corporation → Microsoft Corporation) Task: {7666593B-5016-485B-B8DC-427AB9403CC3} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130824 2023-09-29] (Microsoft Corporation → Microsoft Corporation) Task: {BDA65BBA-3279-4AFD-A9DE-FB3351CA4145} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2215749033-445842302-415398914-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130824 2023-09-29] (Microsoft Corporation → Microsoft Corporation) Task: {16F7FE9F-3E7B-421D-8E20-2ED726C9B4E8} - System32\Tasks\VerizonCloud\APMPublisherTask => C:\Program Files\Verizon Cloud\Verizon Cloud.exe [8991568 2023-08-25] (Verizon Data Services LLC → Verizon) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 206.225.75.225 206.225.75.226 Tcpip..\Interfaces{2f15d8f0-b3d3-43cd-9cdd-a6a029120f11}: [NameServer] 198.51.100.1 Tcpip..\Interfaces{2f15d8f0-b3d3-43cd-9cdd-a6a029120f11}: [DhcpNameServer] 8.8.8.8 Tcpip..\Interfaces{732b5a0e-6a0a-43bc-9969-18d77e06b00a}: [DhcpNameServer] 206.225.75.225 206.225.75.226 [HEADING=1]Edge:[/HEADING] Edge DefaultProfile: Default Edge Profile: C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default [2023-10-02] Edge HomePage: Default → hxxps://besthomepageever.com/ Edge StartupUrls: Default → “hxxps://www.foxnews.com/”,“hxxps://besthomepageever.com/” Edge NewTab: Default → Not-active:“chrome-extension://pnjcioekgpbcdgcnklcnmihpgjjimgoc/newTab.html” Edge DefaultSearchURL: Default → hxxps://duckduckgo.com/?q={searchTerms} Edge DefaultSearchKeyword: Default → duckduckgo.com Edge DefaultNewTabURL: Default → hxxps://duckduckgo.com/chrome_newtab Edge DefaultSuggestURL: Default → hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list Edge Extension: (Avira Safe Shopping) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caiblelclndcckfafdaggpephhgfpoip [2023-10-01] Edge Extension: (DuckDuckGo) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caoacbimdbbljakfhgikoodekdnlcgpk [2023-09-26] Edge Extension: (Hulu PIP) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cjnnojbahbfmbhhpkcoihncbojdlhbnj [2023-09-17] Edge Extension: (Picture-in-Picture Everywhere) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cmnlinjalaieggoebkmamaphjghpafhn [2023-09-17] Edge Extension: (Grammarly: Grammar Checker and AI Writing App) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cnlefmmeadmemmdciolhbnfeacpdfbkd [2023-09-23] Edge Extension: (Bitdefender Anti-tracker) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dbconhplchnbippmjabbcedokimacfjl [2023-10-01] Edge Extension: (URL Safety) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ennmhlikbaeahooaiaeanhcdddgibkoi [2023-09-29] Edge Extension: (Browsec VPN - Free VPN for Edge) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fjnehcbecaggobjholekjijaaekbnlgj [2023-09-29] Edge Extension: (NordVPN - VPN Proxy for Privacy and Security) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fphgeikpdcdcheaochkhldmnfblfogla [2023-09-20] Edge Extension: (Google Docs Offline) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-19] Edge Extension: (Office - Enable Copy and Paste) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ifbmcpbgkhlpfcodhjhdbllhiaomkdej [2023-09-29] Edge Extension: (Malwarebytes Browser Guard) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-09-20] Edge Extension: (Chrome Remote Desktop) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2023-09-17] Edge Extension: (Netflix Picture in Picture now for Prime & D+) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jkmakgpojigahjdalffbkimpnpabelio [2023-09-17] Edge Extension: (Edge relevant text changes) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-19] Edge Extension: (ZenMate Free VPN – Best VPN for Edge) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kepdippgcikacmcdaijnponnfgljfbea [2023-09-20] Edge Extension: (Microsoft Outlook) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kkpalkknhlklpbflpcpkepmmbnmfailf [2023-09-20] Edge Extension: (Tubi Ad Skipper | Ad Blocker) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\loiiabknhcakflegiolohkabmacjicbc [2023-09-21] Edge Extension: (Paramount Plus Picture In Picture) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mfmgdailbkanbdajodjgmgncbeflcnci [2023-09-17] Edge Extension: (uBlock Origin) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2023-09-23] Edge Extension: (UltraWide Streaming: custom fullscreen ratios) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ofkcbakkpjefjndcmbkokadbmmaimnlp [2023-09-20] Edge Extension: (Browsec VPN - Free VPN for Chrome) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2023-09-29] Edge Extension: (iCloud Passwords) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pejdijmoenmkgeppbflobdenhhabjlaj [2023-09-26] Edge Extension: (Hulu Ad Skipper | Ad Blocker) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pgpdfnkeeppfohmophlpcfmciioeenig [2023-09-28] Edge Profile: C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2023-10-02] Edge HomePage: Profile 1 → hxxps://besthomepageever.com/ Edge StartupUrls: Profile 1 → “hxxps://www.foxnews.com/”,“hxxps://besthomepageever.com/” Edge Extension: (Hulu PIP) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\cjnnojbahbfmbhhpkcoihncbojdlhbnj [2023-09-17] Edge Extension: (Picture-in-Picture Everywhere) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\cmnlinjalaieggoebkmamaphjghpafhn [2023-09-17] Edge Extension: (Grammarly: Grammar Checker and AI Writing App) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\cnlefmmeadmemmdciolhbnfeacpdfbkd [2023-09-17] Edge Extension: (Free VPN ZenMate-Best VPN for Chrome) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2023-09-17] Edge Extension: (Chrome Remote Desktop) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2023-09-17] Edge Extension: (Netflix Picture in Picture now for Prime & D+) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\jkmakgpojigahjdalffbkimpnpabelio [2023-09-17] Edge Extension: (ZenMate Free VPN – Best VPN for Edge) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\kepdippgcikacmcdaijnponnfgljfbea [2023-09-17] Edge Extension: (Norton Password Manager) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\lcccdlklhahfmobgpnilndimkankpnkg [2023-09-17] Edge Extension: (Paramount Plus Picture In Picture) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\mfmgdailbkanbdajodjgmgncbeflcnci [2023-09-17] Edge Extension: (uBlock Origin) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2023-09-17] Edge Extension: (iCloud Passwords) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\pejdijmoenmkgeppbflobdenhhabjlaj [2023-09-17] Edge Extension: (Hulu Ad Skipper | Ad Blocker) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\pgpdfnkeeppfohmophlpcfmciioeenig [2023-09-17] Edge Extension: (Best Homepage Ever UK - New Tab Quick Launch) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\pnjcioekgpbcdgcnklcnmihpgjjimgoc [2023-09-17] Edge HKLM-x32...\Edge\Extension: [dbconhplchnbippmjabbcedokimacfjl] [HEADING=1]FireFox:[/HEADING] FF HKLM...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security App\bdtbext FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security App\bdtbext [2023-09-21] [Legacy] [not signed] FF HKLM-x32...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security App\bdtbext FF Plugin: @microsoft.com/SharePoint,version=14.0 → C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-09-17] (Microsoft Corporation → Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-09-17] (Microsoft Corporation → Microsoft Corporation) [HEADING=1]Chrome:[/HEADING] CHR DefaultProfile: Default CHR Profile: C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default [2023-10-02] CHR Notifications: Default → hxxps://pchelpforum.net; hxxps://www.facebook.com; hxxps://www.youtube.com CHR HomePage: Default → hxxps://besthomepageever.com/ CHR StartupUrls: Default → “hxxps://www.foxnews.com/”,“hxxps://besthomepageever.com/” CHR NewTab: Default → Active:“chrome-extension://omdkehkdnojcndhhilglklegbakenkgb/newTab.html” CHR DefaultSearchURL: Default → hxxps://www.bing.com/search?q={searchTerms}&PC=U316&FORM=CHROMN CHR DefaultSearchKeyword: Default → bing.com CHR DefaultNewTabURL: Default → hxxps://www.bing.com/chrome/newtab CHR DefaultSuggestURL: Default → hxxps://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316 CHR Extension: (DuckDuckGo) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2023-09-26] CHR Extension: (Hulu PIP) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjnnojbahbfmbhhpkcoihncbojdlhbnj [2023-09-17] CHR Extension: (uBlock Origin) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2023-09-23] CHR Extension: (URL Safety) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ennmhlikbaeahooaiaeanhcdddgibkoi [2023-09-29] CHR Extension: (Free VPN ZenMate-Best VPN for Chrome) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2023-09-17] CHR Extension: (Google Docs Offline) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-17] CHR Extension: (Picture-in-Picture Extension (by Google)) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgfoiooedgoejojocmhlaklaeopbecg [2023-09-17] CHR Extension: (Office - Enable Copy and Paste) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbmcpbgkhlpfcodhjhdbllhiaomkdej [2023-09-19] CHR Extension: (Malwarebytes Browser Guard) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-09-21] CHR Extension: (Chrome Remote Desktop) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2023-09-17] CHR Extension: (Netflix Picture in Picture now for Prime & D+) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkmakgpojigahjdalffbkimpnpabelio [2023-09-17] CHR Extension: (Grammarly: Grammar Checker and AI Writing App) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2023-10-01] CHR Extension: (Bitdefender Anti-tracker) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\khndhdhbebhaddchcgnalcjlaekbbeof [2023-10-01] CHR Extension: (Sea Foam) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lahipjfggmgneaopcckkaipmoandaboo [2023-09-17] CHR Extension: (Paramount Plus Picture In Picture) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfmgdailbkanbdajodjgmgncbeflcnci [2023-09-17] CHR Extension: (Chrome Web Store Payments) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-09-17] CHR Extension: (Best Homepage Ever - New Tab Quick Launch) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdkehkdnojcndhhilglklegbakenkgb [2023-10-02] CHR Extension: (iCloud Passwords) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pejdijmoenmkgeppbflobdenhhabjlaj [2023-09-26] CHR Extension: (Hulu Ad Skipper | Ad Blocker) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgpdfnkeeppfohmophlpcfmciioeenig [2023-09-28] CHR Profile: C:\Users\justc\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-10-02] CHR Extension: (Google Docs Offline) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-02] CHR Extension: (Bitdefender Anti-tracker) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khndhdhbebhaddchcgnalcjlaekbbeof [2023-10-02] CHR Extension: (Chrome Web Store Payments) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-10-02] CHR Profile: C:\Users\justc\AppData\Local\Google\Chrome\User Data\Profile 2 [2023-10-02] CHR Extension: (Google Docs Offline) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-02] CHR Extension: (Bitdefender Anti-tracker) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\khndhdhbebhaddchcgnalcjlaekbbeof [2023-10-02] CHR Extension: (Chrome Web Store Payments) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-10-02] CHR Profile: C:\Users\justc\AppData\Local\Google\Chrome\User Data\System Profile [2023-10-02] CHR HKLM-x32...\Chrome\Extension: [khndhdhbebhaddchcgnalcjlaekbbeof] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AfVpnService; C:\Program Files\Bitdefender\Bitdefender VPN\hydra.sdk.windows.service.exe [439856 2023-06-07] (Bitdefender SRL → AnchorFree Inc.) R2 BDAppSrv; C:\Program Files\Bitdefender\Bitdefender Security App\bdservicehost.exe [842264 2023-09-14] (Bitdefender SRL → Bitdefender) R2 BDAuxSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [842264 2023-09-14] (Bitdefender SRL → Bitdefender) R2 BDProtSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [842264 2023-09-14] (Bitdefender SRL → Bitdefender) R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2946088 2023-07-20] (Bitdefender SRL → Bitdefender) R2 bdredline_agent; C:\Program Files\Bitdefender Agent\redline\bdredline.exe [2560552 2023-07-20] (Bitdefender SRL → Bitdefender) R2 BDSafepaySrv; C:\Program Files\Bitdefender\Bitdefender Security App\Safepay\bdservicehost.exe [842264 2023-09-14] (Bitdefender SRL → Bitdefender) R2 bdvpnservice; C:\Program Files\Bitdefender\Bitdefender VPN\bdvpnservice.exe [474672 2023-08-18] (Bitdefender SRL → Bitdefender) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11817040 2023-09-01] (Microsoft Corporation → Microsoft Corporation) S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncHelper.exe [3511720 2023-09-29] (Microsoft Corporation → Microsoft Corporation) S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.189.0910.0001\OneDriveUpdaterService.exe [3849128 2023-09-29] (Microsoft Corporation → Microsoft Corporation) R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [659496 2023-07-27] (Bitdefender SRL → Bitdefender) R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [288792 2023-09-14] (Bitdefender SRL → Bitdefender) R2 VCUpdateSvc; C:\Program Files\Verizon Cloud\VerizonCloudUpdater.exe [54608 2023-08-25] (Verizon Data Services LLC → Verizon) R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [842264 2023-09-14] (Bitdefender SRL → Bitdefender) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-09-17] (Microsoft Windows Publisher → Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-09-17] (Microsoft Windows Publisher → Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 atc; C:\Windows\System32\DRIVERS\atc.sys [6205488 2023-08-10] (Microsoft Windows Hardware Compatibility Publisher → Bitdefender S.R.L. Bucharest, ROMANIA) R2 BdDci; C:\Windows\system32\DRIVERS\bddci.sys [798128 2022-09-29] (Microsoft Windows Hardware Compatibility Publisher → Bitdefender) S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [22976 2020-12-17] (Microsoft Windows Early Launch Anti-malware Publisher → Bitdefender) R3 bdprivmon; C:\Windows\system32\DRIVERS\bdprivmon.sys [49200 2023-08-09] (Microsoft Windows Hardware Compatibility Publisher → Bitdefender SRL) S3 bduefiscan; C:\Windows\system32\DRIVERS\bduefiscan.sys [39840 2022-08-12] (Microsoft Windows Hardware Compatibility Publisher → Bitdefender) R1 bdvpn_netfilter; C:\Windows\System32\drivers\bdvpn_netfilter.sys [94600 2021-09-16] (Pango Inc. → Pango Inc) R1 Gemma; C:\Windows\System32\DRIVERS\gemma.sys [1347496 2023-07-12] (Microsoft Windows Hardware Compatibility Publisher → BitDefender S.R.L. Bucharest, ROMANIA) R2 Ignisv2; C:\Windows\system32\DRIVERS\ignisv2.sys [165312 2023-08-06] (Microsoft Windows Hardware Compatibility Publisher → Bitdefender) R3 tap0901; C:\Windows\System32\drivers\tap0901.sys [47920 2021-09-16] (Microsoft Windows Hardware Compatibility Publisher → The OpenVPN Project) R2 trufos; C:\Windows\System32\DRIVERS\trufos.sys [633248 2022-12-07] (Microsoft Windows Hardware Compatibility Publisher → Bitdefender) R0 vlflt; C:\Windows\System32\DRIVERS\vlflt.sys [522136 2023-03-17] (Microsoft Windows Hardware Compatibility Publisher → Bitdefender) S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [55872 2023-09-17] (Microsoft Windows Early Launch Anti-malware Publisher → Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [574872 2023-09-17] (Microsoft Windows → Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105864 2023-09-17] (Microsoft Windows → Microsoft Corporation) S3 AscFileFilter; ??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys S3 AscRegistryFilter; ??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.sys S3 cpuz154; ??\C:\Windows\temp\cpuz154\cpuz154_x64.sys ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2023-10-02 15:55 - 2023-10-02 15:57 - 000034227 _____ C:\Users\justc\Desktop\FRST.txt 2023-10-02 15:54 - 2023-10-02 15:54 - 002382848 _____ (Farbar) C:\Users\justc\Downloads\FRST64 (1).exe 2023-10-02 15:50 - 2023-10-02 15:50 - 000000000 ____D C:\Users\justc\Verizon Cloud 2023-10-02 15:48 - 2023-10-02 15:48 - 000000760 _____ C:\Windows\Tasks\CCleanerCrashReporting.job 2023-10-02 14:32 - 2023-10-02 14:32 - 002382848 _____ (Farbar) C:\Users\justc\Desktop\FRST64.exe 2023-10-02 14:01 - 2023-10-02 15:56 - 000000000 ____D C:\FRST 2023-10-02 12:08 - 2023-10-02 12:08 - 000000000 ____D C:\Users\justc\AppData\Roaming\SnookerQ 2023-10-02 12:06 - 2023-10-02 12:06 - 107353130 _____ (SnookerQ Inc. ) C:\Users\justc\Downloads\SnookerQSetup-20230923-0.1.710.exe 2023-10-02 12:05 - 2023-10-02 12:05 - 107353130 _____ (SnookerQ Inc. ) C:\Users\justc\Downloads\SnookerQSetup-20230923-0.1.710 (1).exe 2023-10-02 09:43 - 2023-10-02 09:43 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\HTML Help 2023-10-02 09:40 - 2023-10-02 09:59 - 000000000 ____D C:\Users\justc\AppData\Roaming\CoreFTP 2023-10-02 09:38 - 2023-10-02 09:38 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Core FTP (x64) 2023-10-02 09:38 - 2023-10-02 09:38 - 000000000 ____D C:\Program Files\CoreFTP 2023-10-02 02:26 - 2023-10-02 02:26 - 000000000 ____D C:\Users\justc\AppData\Local\OO Software 2023-10-02 02:23 - 2023-10-02 02:23 - 000003656 _____ C:\Windows\system32\Tasks\CreateExplorerShellUnelevatedTask 2023-10-02 02:22 - 2023-10-02 02:22 - 000000000 ____D C:\KPRM 2023-10-02 01:27 - 2023-10-02 02:23 - 000000000 ____D C:\Users\justc\AppData\Local\ESET 2023-10-01 19:39 - 2023-10-01 19:39 - 000000000 ____D C:\Users\justc\AppData\Local\CEF 2023-10-01 19:33 - 2023-10-02 01:05 - 000000000 ____D C:\Users\justc\AppData\Roaming\ZHP 2023-10-01 19:19 - 2023-10-01 19:19 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc 2023-10-01 19:07 - 2023-10-01 19:07 - 000000015 _____ C:\Users\justc\advanced_ip_scanner_Comments.bin 2023-10-01 19:07 - 2023-10-01 19:07 - 000000015 _____ C:\Users\justc\advanced_ip_scanner_Aliases.bin 2023-10-01 19:07 - 2023-10-01 19:07 - 000000004 _____ C:\Users\justc\advanced_ip_scanner_MAC.bin 2023-10-01 19:06 - 2023-10-01 19:06 - 000000000 ____D C:\Windows\Tasks\ImCleanDisabled 2023-10-01 19:03 - 2023-10-01 19:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2023-10-01 19:03 - 2023-10-01 19:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskCheckup 2023-10-01 19:03 - 2023-10-01 19:03 - 000000000 ____D C:\Program Files\FileZilla FTP Client 2023-10-01 19:03 - 2023-10-01 19:03 - 000000000 ____D C:\Program Files (x86)\DiskCheckup 2023-10-01 19:02 - 2023-10-01 19:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID 2023-10-01 19:02 - 2023-10-01 19:02 - 000000000 ____D C:\Program Files\CPUID 2023-10-01 19:01 - 2023-10-02 15:49 - 000000000 ____D C:\Program Files\CCleaner 2023-10-01 19:01 - 2023-10-02 15:48 - 000003416 _____ C:\Windows\system32\Tasks\CCleanerCrashReporting 2023-10-01 19:01 - 2023-10-01 19:01 - 000003936 _____ C:\Windows\system32\Tasks\CCleaner Update 2023-10-01 19:01 - 2023-10-01 19:01 - 000002904 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC - justc 2023-10-01 19:01 - 2023-10-01 19:01 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk 2023-10-01 19:01 - 2023-10-01 19:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2023-10-01 18:58 - 2023-10-01 18:59 - 000000000 ____D C:\Users\justc\AppData\Roaming\Atom 2023-10-01 18:58 - 2023-10-01 18:59 - 000000000 ____D C:\Users\justc.atom 2023-10-01 18:57 - 2023-10-01 19:19 - 000000000 ____D C:\Users\justc\AppData\Local\atom 2023-10-01 18:57 - 2023-10-01 18:58 - 000000000 ____D C:\Users\justc\AppData\Local\SquirrelTemp 2023-10-01 18:56 - 2023-10-01 19:19 - 000000000 ____D C:\Users\justc\AppData\Roaming\AnyDesk 2023-10-01 18:56 - 2023-10-01 19:19 - 000000000 ____D C:\ProgramData\AnyDesk 2023-10-01 18:56 - 2023-10-01 19:19 - 000000000 ____D C:\Program Files\AnyDesk 2023-10-01 18:55 - 2023-10-01 18:55 - 000001848 _____ C:\Windows\system32\Tasks\Amazon Music Helper 2023-10-01 18:55 - 2023-10-01 18:55 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music 2023-10-01 18:54 - 2023-10-01 18:55 - 000000000 ____D C:\Users\justc\AppData\Local\Amazon Music 2023-10-01 18:51 - 2023-10-02 01:05 - 000000000 ____D C:\ProgramData\IObit 2023-10-01 18:51 - 2023-10-01 23:41 - 000000000 ____D C:\Users\justc\AppData\LocalLow\IObit 2023-10-01 18:51 - 2023-10-01 18:53 - 000000000 ____D C:\Users\justc\AppData\Local\Innovative Solutions 2023-10-01 18:51 - 2023-10-01 18:51 - 000000000 ____D C:\ProgramData\ProductData 2023-10-01 18:51 - 2023-10-01 18:51 - 000000000 ____D C:\ProgramData{7D4F950D-61ED-482D-A05D-43620B49B610} 2023-10-01 18:50 - 2023-10-01 23:41 - 000000000 ____D C:\Program Files (x86)\IObit 2023-10-01 18:50 - 2023-10-01 19:13 - 000000000 ____D C:\Users\justc\AppData\Roaming\IObit 2023-10-01 18:50 - 2023-10-01 18:50 - 000000000 ____D C:\Users\justc\AppData\Local\Adobe 2023-10-01 18:50 - 2023-10-01 18:50 - 000000000 ____D C:\Users\Default\AppData\Roaming\Macromedia 2023-10-01 18:50 - 2023-10-01 18:50 - 000000000 ____D C:\ProgramData\Adobe 2023-10-01 18:48 - 2023-10-01 19:13 - 000000000 ____D C:\Program Files (x86)\Adobe 2023-10-01 18:47 - 2023-10-01 19:39 - 000000000 ____D C:\ProgramData\360Quarant 2023-10-01 18:46 - 2023-10-01 18:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2023-10-01 18:46 - 2023-10-01 18:46 - 000000000 ____D C:\Program Files\7-Zip 2023-10-01 18:44 - 2023-10-02 01:25 - 000000000 ____D C:\Program Files (x86)\360 2023-10-01 18:42 - 2023-10-01 18:42 - 000000000 ____D C:\Users\justc\AppData\Local\Patch_My_PC,_LLC 2023-10-01 02:01 - 2023-10-01 02:01 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2023-10-01 02:01 - 2023-10-01 02:01 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2023-10-01 02:01 - 2023-10-01 02:01 - 000002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2023-10-01 02:01 - 2023-10-01 02:01 - 000002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2023-10-01 02:01 - 2023-10-01 02:01 - 000002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2023-10-01 02:01 - 2023-10-01 02:01 - 000002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2023-10-01 02:01 - 2023-10-01 02:01 - 000002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk 2023-10-01 02:01 - 2023-10-01 02:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2023-10-01 01:13 - 2023-10-01 01:13 - 000000000 ____D C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4 2023-10-01 00:32 - 2023-10-01 00:32 - 000710972 _____ C:\ProgramData\cl.1696134161.bdinstall.v2.bin 2023-10-01 00:32 - 2023-10-01 00:32 - 000120408 _____ C:\ProgramData\cl.kit.1696134156.bdinstall.v2.bin 2023-10-01 00:26 - 2023-10-01 00:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Security 2023-10-01 00:24 - 2023-10-01 00:24 - 000000000 ____D C:\Users\justc\AppData\Roaming\Bitdefender 2023-10-01 00:04 - 2023-10-01 00:04 - 043134544 _____ C:\Users\justc\Downloads\Bitdefender_2023_Uninstall_Tool (3).exe 2023-10-01 00:04 - 2023-10-01 00:04 - 000009988 _____ C:\ProgramData\uninstalltool.1696133085.bdinstall.v2.bin 2023-10-01 00:03 - 2023-10-01 00:04 - 043134544 _____ C:\Users\justc\Downloads\Bitdefender_2023_Uninstall_Tool (2).exe 2023-09-30 19:29 - 2023-09-30 19:29 - 000000000 ____D C:\Windows\system32\Tasks\Meta 2023-09-30 19:28 - 2023-09-30 19:28 - 076637736 _____ (Facebook, Inc.) C:\Users\justc\Downloads\Messenger.196.0.0.4.210.exe 2023-09-30 19:26 - 2023-09-30 19:26 - 002904424 _____ (Opera Software) C:\Users\justc\Downloads\OperaSetup.exe 2023-09-30 18:49 - 2023-09-30 18:49 - 043134544 _____ C:\Users\justc\Downloads\Bitdefender_2023_Uninstall_Tool (1).exe 2023-09-30 18:48 - 2023-09-30 18:49 - 043134544 _____ C:\Users\justc\Downloads\Bitdefender_2023_Uninstall_Tool.exe 2023-09-30 16:26 - 2023-09-30 16:26 - 000000000 ____D C:\Users\justc\Desktop\Missy.Mikes business cards 2023-09-29 16:41 - 2023-09-29 16:42 - 000029018 _____ C:\Users\justc\Downloads\8th Grade Athlete Recognition Night Form (1).pdf 2023-09-29 16:39 - 2023-09-29 16:39 - 000029018 _____ C:\Users\justc\Downloads\8th Grade Athlete Recognition Night Form.pdf 2023-09-29 08:38 - 2023-09-29 08:38 - 000000000 ____D C:\PUB 2023-09-29 08:37 - 2023-09-29 08:50 - 000000054 _____ C:\Windows\Lic.*** 2023-09-29 08:36 - 2023-09-29 08:36 - 000176760 _____ (MicroWorld Technologies Inc.) C:\Windows\SysWOW64\eEmpty.exe 2023-09-29 08:36 - 2023-09-29 08:36 - 000000000 ____D C:\ProgramData\MicroWorld 2023-09-29 08:33 - 2023-09-29 08:34 - 303908928 _____ (MicroWorld Technologies Inc.) C:\Users\justc\Downloads\mwav (4).exe 2023-09-29 08:33 - 2023-09-29 08:34 - 303908928 _____ (MicroWorld Technologies Inc.) C:\Users\justc\Downloads\mwav (3).exe 2023-09-29 08:32 - 2023-09-29 08:32 - 015012420 _____ C:\Users\justc\Downloads\avz5.zip 2023-09-29 08:28 - 2023-09-29 08:28 - 000000396 _____ C:\Users\justc\Downloads\avzfix.txt 2023-09-29 08:20 - 2023-09-29 08:20 - 303908928 _____ (MicroWorld Technologies Inc.) C:\Users\justc\Downloads\mwav (2).exe 2023-09-29 08:18 - 2023-09-29 08:19 - 303908928 _____ (MicroWorld Technologies Inc.) C:\Users\justc\Downloads\mwav (1).exe 2023-09-29 07:54 - 2023-09-29 07:54 - 000000000 ____D C:\Users\justc\AppData\Local\ToastNotificationManagerCompat 2023-09-28 22:23 - 2023-09-28 22:23 - 000000000 ____D C:\Windows\ABR 2023-09-28 22:15 - 2023-09-28 22:15 - 018320588 _____ C:\Users\justc\Downloads\AutoLogger (1).zip 2023-09-28 22:09 - 2023-09-28 22:10 - 000388608 _____ (Trend Micro Inc.) C:\Users\justc\Downloads\HijackThis.exe 2023-09-28 22:09 - 2023-09-28 22:10 - 000388608 _____ (Trend Micro Inc.) C:\Users\justc\Downloads\HijackThis (1).exe 2023-09-28 16:03 - 2023-09-28 16:03 - 001029415 _____ C:\Users\justc\Downloads\RegSeeker47.zip 2023-09-28 13:11 - 2023-09-28 13:11 - 000000000 ____D C:\ProgramData\Hydra Windows SDK 2023-09-28 12:58 - 2023-09-28 12:58 - 000000121 _____ C:\Users\justc\Downloads\backup_codes.txt 2023-09-28 11:29 - 2023-09-28 11:29 - 000016059 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json 2023-09-28 10:57 - 2023-09-28 10:57 - 000000000 ___HD C:$WinREAgent 2023-09-27 22:43 - 2023-09-27 22:43 - 000092200 _____ C:\ProgramData\agent.update.1695869008.bdinstall.v2.bin 2023-09-27 22:42 - 2023-09-27 22:42 - 014026096 _____ C:\Users\justc\Downloads\bitdefender_windows_439a9349-ed46-4358-a035-c15a69ffedf2.exe 2023-09-27 22:19 - 2023-09-27 22:19 - 000213860 _____ C:\ProgramData\vpn.1695867536.bdinstall.v2.bin 2023-09-27 22:19 - 2023-09-27 22:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender VPN 2023-09-27 22:19 - 2023-09-27 22:19 - 000000000 ____D C:\ProgramData\AnchorFree_Inc 2023-09-27 22:19 - 2021-09-16 05:55 - 000094600 _____ (Pango Inc) C:\Windows\system32\Drivers\bdvpn_netfilter.sys 2023-09-27 22:11 - 2023-09-27 22:11 - 000000000 ____D C:\ProgramData\Gemma 2023-09-27 22:11 - 2023-09-27 22:11 - 000000000 ____D C:\ProgramData\Atc 2023-09-27 22:08 - 2023-09-28 19:48 - 000000000 ____D C:\ProgramData\BDLogging 2023-09-27 22:08 - 2023-09-27 22:08 - 000000000 ____D C:\Windows\system32\elambkup 2023-09-27 22:07 - 2023-09-27 22:07 - 000000000 ____D C:\Users\justc\AppData\Roaming\Bitdefender Security App 2023-09-27 22:05 - 2023-10-01 00:42 - 000000000 ____D C:\ProgramData\Bitdefender 2023-09-27 22:05 - 2023-10-01 00:24 - 000000000 ____D C:\Program Files\Bitdefender 2023-09-27 22:00 - 2023-10-01 00:24 - 000000000 ____D C:\Program Files\Common Files\Bitdefender 2023-09-27 21:59 - 2023-09-27 22:43 - 000003854 _____ C:\Windows\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 2023-09-27 21:57 - 2023-09-27 22:43 - 000000000 ____D C:\Program Files\Bitdefender Agent 2023-09-27 21:57 - 2023-09-27 21:57 - 000143364 _____ C:\ProgramData\agent.1695866221.bdinstall.v2.bin 2023-09-27 21:57 - 2023-09-27 21:57 - 000000000 ____D C:\Users\justc\AppData\Local\Bitdefender 2023-09-27 21:57 - 2023-09-27 21:57 - 000000000 ____D C:\ProgramData\Bitdefender Agent 2023-09-27 19:47 - 2023-09-27 19:47 - 014026096 _____ C:\Users\justc\Downloads\bitdefender_avfree.exe 2023-09-26 22:00 - 2023-09-26 22:00 - 001789560 _____ () C:\Users\justc\Downloads\Everything-1.4.1.1024.x86-Setup.exe 2023-09-26 20:32 - 2023-09-26 20:32 - 000000000 ____D C:\Users\justc\Documents\Custom Office Templates 2023-09-26 18:41 - 2023-09-27 17:54 - 000000000 ____D C:\Program Files\HijackThis 2023-09-26 17:16 - 2023-09-26 17:16 - 000290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe 2023-09-26 17:16 - 2023-09-26 17:16 - 000000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA 2023-09-26 10:41 - 2023-09-26 10:41 - 000000000 ____D C:\Program Files\Reference Assemblies 2023-09-26 10:41 - 2023-09-26 10:41 - 000000000 ____D C:\Program Files\MSBuild 2023-09-26 10:41 - 2023-09-26 10:41 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies 2023-09-26 10:41 - 2023-09-26 10:41 - 000000000 ____D C:\Program Files (x86)\MSBuild 2023-09-26 10:05 - 2023-09-26 10:14 - 000000000 ___D C:\Users\justc\AppData\Roaming\Geek Uninstaller 2023-09-26 10:05 - 2023-09-26 10:05 - 002961151 _____ C:\Users\justc\Downloads\geek.zip 2023-09-25 17:05 - 2023-09-25 17:05 - 005252911 _____ C:\Users\justc\Downloads\Fw more piks, couldn’t find none of rusty and bian younger.. tryin to make sure all the kids and g kids and g g kids are in.eml 2023-09-24 16:35 - 2023-09-24 16:35 - 000175687 _____ C:\Users\justc\Downloads\HarrellRaeleigh.pdf 2023-09-24 16:32 - 2023-09-24 16:32 - 022152410 _____ C:\Users\justc\Downloads\champion power washer manual.pdf 2023-09-24 16:30 - 2023-09-24 16:30 - 000000000 ____D C:\Users\justc\AppData\LocalLow\webviewdata 2023-09-24 16:13 - 2023-09-24 16:13 - 000000000 ____D C:\ProgramData\VerizonCloud 2023-09-24 16:12 - 2023-10-01 11:43 - 000000000 ____D C:\Users\justc\AppData\Local\VerizonCloud-Data 2023-09-24 16:12 - 2023-09-24 16:13 - 000000000 ____D C:\Windows\system32\Tasks\VerizonCloud 2023-09-24 16:12 - 2023-09-24 16:12 - 000000000 ____D C:\Users\justc\AppData\Local\IsolatedStorage 2023-09-24 15:49 - 2023-09-24 15:49 - 000002533 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon Cloud.lnk 2023-09-24 15:49 - 2023-09-24 15:49 - 000002521 _____ C:\Users\Public\Desktop\Verizon Cloud.lnk 2023-09-24 15:49 - 2023-09-24 15:49 - 000000000 ____D C:\Program Files\Verizon Cloud 2023-09-24 15:37 - 2023-09-24 15:48 - 028643328 _____ C:\Users\justc\Downloads\pc-vzcloud-install.msi 2023-09-24 14:16 - 2023-09-20 00:16 - 012339253 _____ C:\Users\justc\Desktop\Pool.Snooker (2).zip 2023-09-21 21:48 - 2023-09-21 21:48 - 000000721 _____ C:\Users\justc\Downloads\ATT00001 2023-09-21 20:34 - 2023-09-21 20:34 - 000000000 ____D C:\Users\justc\AppData\Roaming\CDTPL 2023-09-21 20:34 - 2023-09-21 20:34 - 000000000 ____D C:\ProgramData\CDTPL 2023-09-21 20:32 - 2023-09-21 20:33 - 087778968 _____ (SysTools Software Pvt Ltd ) C:\Users\justc\Downloads\pst-converter.exe 2023-09-21 07:33 - 2023-09-21 07:33 - 000002967 _____ C:\Users\justc\Downloads\ATT00001.htm 2023-09-20 09:44 - 2023-09-20 09:44 - 000000000 ____D C:\Windows\system32\RTCOM 2023-09-20 09:44 - 2023-09-20 09:44 - 000000000 ____D C:\Program Files\Waves 2023-09-20 09:44 - 2023-09-20 09:44 - 000000000 ____D C:\Program Files (x86)\Realtek 2023-09-20 09:42 - 2023-09-20 09:44 - 000000000 ____D C:\Windows\SysWOW64\RTCOM 2023-09-20 09:42 - 2023-09-20 09:42 - 000000000 ____D C:\Windows\system32\SRSLabs 2023-09-20 09:42 - 2023-09-20 09:42 - 000000000 ____D C:\Program Files\Realtek 2023-09-20 09:42 - 2017-06-19 04:19 - 005762544 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys 2023-09-20 09:42 - 2017-06-19 04:19 - 003685872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl 2023-09-20 09:42 - 2017-06-19 04:19 - 003545984 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 003541896 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 003213808 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 001373792 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000706472 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000692504 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000545808 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000460424 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000399448 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000355480 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000333272 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000333272 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000232696 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000225480 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000220120 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000203424 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000176456 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000174608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkXInterface64.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000161928 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000144168 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000120696 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000097952 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000094152 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll 2023-09-20 09:42 - 2017-06-19 04:19 - 000032384 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 013245712 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 013110360 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO4064.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 012129784 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxVoiceAPO30.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 007181592 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 007104872 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 003795400 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioMeters64.exe 2023-09-20 09:42 - 2017-06-19 04:18 - 002320104 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO7064.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 002218480 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 002058864 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 001991768 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 001804920 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 001613696 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 001530848 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 001444232 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 001233064 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 001185168 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 001017424 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000759192 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000742512 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000723208 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000693008 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000517448 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000457992 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000453824 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000342264 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000339112 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000283904 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000264952 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000264880 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000263928 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000212240 _____ (Waves Audio) C:\Windows\system32\MaxxAudioVienna264.dll 2023-09-20 09:42 - 2017-06-19 04:18 - 000131008 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll 2023-09-20 09:39 - 2017-10-01 20:13 - 000984032 _____ (Realtek ) C:\Windows\system32\Drivers\rt640x64.sys 2023-09-20 00:15 - 2023-09-20 00:16 - 012339253 _____ C:\Users\justc\Downloads\Pool.Snooker.zip 2023-09-20 00:15 - 2023-09-20 00:16 - 012339253 _____ C:\Users\justc\Downloads\Pool.Snooker (2).zip 2023-09-20 00:15 - 2023-09-20 00:16 - 012339253 _____ C:\Users\justc\Downloads\Pool.Snooker (1).zip 2023-09-19 14:49 - 2023-10-01 23:40 - 000000000 ____D C:\Users\justc\AppData\Local\Messenger 2023-09-19 14:49 - 2023-10-01 23:37 - 000000000 ____D C:\Users\justc\AppData\Roaming\Messenger 2023-09-19 14:49 - 2023-09-19 14:49 - 000002333 _____ C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Messenger.lnk 2023-09-19 14:49 - 2023-09-19 14:49 - 000000000 ____D C:\Users\justc\AppData\LocalLow\Messenger 2023-09-19 14:49 - 2023-09-19 14:49 - 000000000 ____D C:\Users\justc\AppData\Local\messenger-updater 2023-09-19 14:48 - 2023-09-19 14:49 - 076276840 _____ (Facebook, Inc.) C:\Users\justc\Downloads\Messenger.195.0.0.4.225 (1).exe 2023-09-19 14:48 - 2023-09-19 14:48 - 076276840 _____ (Facebook, Inc.) C:\Users\justc\Downloads\Messenger.195.0.0.4.225.exe 2023-09-19 14:34 - 2023-09-19 14:34 - 000000089 _____ C:\Users\justc\Downloads\recovery_codes.txt 2023-09-19 12:51 - 2023-09-19 12:51 - 000136344 _____ C:\Users\justc\Downloads\163217533609.JPEG 2023-09-19 10:16 - 2023-09-19 10:16 - 000006876 _____ C:\Users\justc\Downloads\start2.bin 2023-09-19 09:27 - 2023-10-01 00:17 - 000000000 ____D C:\Program Files\Microsoft OneDrive 2023-09-18 17:13 - 2023-09-18 17:13 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\InputMethod 2023-09-18 13:14 - 2023-09-18 13:14 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\UProof 2023-09-18 13:14 - 2023-09-18 13:14 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Proof 2023-09-17 23:01 - 2023-09-17 23:01 - 000000000 ___HD C:\ProgramData\CanonIJScan 2023-09-17 23:00 - 2023-09-17 23:01 - 000000000 ____D C:\Users\justc\AppData\Roaming\Canon 2023-09-17 22:57 - 2023-09-17 22:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX340 series 2023-09-17 22:57 - 2023-09-17 22:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon IJ Network Utilities 2023-09-17 22:57 - 2023-09-17 22:57 - 000000000 ____D C:\ProgramData\Canon IJ Network Tool 2023-09-17 22:56 - 2023-09-17 22:56 - 000000000 ___HD C:\ProgramData\CanonBJ 2023-09-17 22:56 - 2023-09-17 22:56 - 000000000 ____D C:\Windows\system32\STRING 2023-09-17 22:56 - 2023-09-17 22:56 - 000000000 ____D C:\Windows\system32\CanonIJ Uninstaller Information 2023-09-17 22:56 - 2023-09-17 22:56 - 000000000 ____D C:\Program Files\CanonBJ 2023-09-17 22:56 - 2012-06-14 17:18 - 000366592 _____ (CANON INC.) C:\Windows\SysWOW64\CNMNPPM.DLL 2023-09-17 22:56 - 2012-06-14 17:18 - 000359936 _____ (CANON INC.) C:\Windows\system32\CNMN6PPM.DLL 2023-09-17 22:56 - 2012-06-14 17:18 - 000039424 _____ (CANON INC.) C:\Windows\system32\CNMN6UI.DLL 2023-09-17 22:55 - 2023-09-17 22:55 - 032939648 _____ C:\Users\justc\Downloads\mp68-win-mx340-1_06-ea24.exe 2023-09-17 22:49 - 2023-09-17 22:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities 2023-09-17 22:49 - 2023-09-17 22:57 - 000000000 ____D C:\Program Files (x86)\Canon 2023-09-17 22:48 - 2023-09-17 22:49 - 047823992 _____ C:\Users\justc\Downloads\mpnx_3_1-win-3_14-ej.exe 2023-09-17 21:37 - 2023-10-02 09:50 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Word 2023-09-17 21:37 - 2023-09-29 12:42 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task 2023-09-17 21:37 - 2023-09-29 12:42 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2023-09-17 21:37 - 2023-09-17 21:48 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Office 2023-09-17 21:37 - 2023-09-17 21:37 - 000000000 ___RD C:\Users\Default\OneDrive 2023-09-17 21:37 - 2023-09-17 21:37 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\AddIns 2023-09-17 21:27 - 2023-09-17 21:35 - 000000000 ____D C:\Program Files\Microsoft Office 2023-09-17 21:27 - 2023-09-17 21:27 - 000000000 ____D C:\Program Files\Microsoft Office 15 2023-09-17 21:11 - 2023-10-02 12:48 - 000000000 ____D C:\Users\justc\AppData\Local\CrashDumps 2023-09-17 21:11 - 2023-09-17 21:14 - 000000000 ____D C:\ProgramData\Windhawk 2023-09-17 21:10 - 2023-09-26 10:24 - 000000000 ____D C:\Users\justc\AppData\LocalLow\Temp 2023-09-17 21:09 - 2023-10-02 14:45 - 000000000 ____D C:\Program Files\Windhawk 2023-09-17 21:08 - 2023-09-17 21:09 - 129469224 _____ (Ramen Software) C:\Users\justc\Downloads\windhawk_setup.exe 2023-09-17 20:55 - 2023-09-17 21:34 - 000000000 ___HD C:$WINDOWS.~BT 2023-09-17 19:45 - 2023-09-17 19:45 - 000000000 ____D C:\Users\justc\AppData\Local\ElevatedDiagnostics 2023-09-17 19:17 - 2023-09-17 19:22 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\MMC 2023-09-17 17:45 - 2023-09-19 23:29 - 000000000 ____D C:\Windows\Panther 2023-09-17 17:33 - 2023-09-17 17:38 - 000000000 ____D C:\Users\justc\Documents\malwarebytes license key 2023-09-17 17:27 - 2023-09-17 21:34 - 000001908 _____ C:\Windows\diagwrn.xml 2023-09-17 17:27 - 2023-09-17 21:34 - 000001908 _____ C:\Windows\diagerr.xml 2023-09-17 17:09 - 2023-09-17 17:09 - 000000000 ____D C:\Users\justc\AppData\Local\mbam 2023-09-17 17:08 - 2023-09-17 17:08 - 000000000 ____D C:\Users\justc\Tracing 2023-09-17 17:07 - 2023-09-17 17:07 - 002606880 _____ (Malwarebytes) C:\Users\justc\Downloads\MBSetup-5.5 (1).exe 2023-09-17 17:07 - 2023-09-17 17:07 - 000000000 ____D C:\ProgramData\Malwarebytes 2023-09-17 17:07 - 2023-09-17 17:07 - 000000000 ____D C:\Program Files\Malwarebytes 2023-09-17 17:06 - 2023-09-17 17:06 - 002606880 _____ (Malwarebytes) C:\Users\justc\Downloads\MBSetup-5.5.exe 2023-09-17 16:54 - 2023-09-17 16:54 - 000000000 ___HD C:$Windows.~WS 2023-09-17 16:49 - 2023-09-17 16:49 - 000000000 _SHDL C:\Documents and Settings 2023-09-17 16:46 - 2023-10-02 15:45 - 000008192 ___SH C:\DumpStack.log.tmp 2023-09-17 16:46 - 2023-10-02 15:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2023-09-17 16:46 - 2023-10-02 15:31 - 000000000 ____D C:\Windows\system32\SleepStudy 2023-09-17 16:46 - 2023-09-30 19:11 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2023-09-17 16:46 - 2023-09-28 12:09 - 000439016 _____ C:\Windows\system32\FNTCACHE.DAT 2023-09-17 16:46 - 2023-09-18 08:05 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2023-09-17 16:46 - 2023-09-18 08:05 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2023-09-17 16:46 - 2023-09-17 16:46 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2023-09-17 16:46 - 2023-09-17 16:46 - 000000000 ____D C:\Windows\ServiceProfiles 2023-09-17 16:46 - 2023-09-17 16:08 - 000000000 ____D C:\Windows\system32\Drivers\wd 2023-09-17 16:43 - 2023-09-17 17:08 - 000000000 ____D C:\ESD 2023-09-17 16:21 - 2023-10-01 19:19 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps 2023-09-17 16:12 - 2023-09-17 16:12 - 000000000 ____H C:\Users\justc\Documents\Default.rdp 2023-09-17 16:09 - 2023-09-17 16:09 - 000000000 ____D C:\Users\justc\AppData\Local\OneDrive 2023-09-17 15:58 - 2023-09-17 15:58 - 000002888 _____ C:\Users\justc\Desktop\Child support portal pin.odt 2023-09-17 15:50 - 2023-09-17 15:58 - 000000000 ____D C:\Windows\system32\MRT 2023-09-17 15:46 - 2023-09-17 15:46 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2023-09-17 14:55 - 2023-09-17 14:55 - 000001044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iPool.lnk 2023-09-17 14:55 - 2023-09-17 14:55 - 000000000 ____D C:\Users\Public\Documents\Memir Games 2023-09-17 14:55 - 2023-09-17 14:55 - 000000000 ____D C:\Program Files (x86)\ipool 2023-09-17 14:54 - 2023-09-17 14:54 - 007933240 _____ (Stratician ) C:\Users\justc\Downloads\setup2302.exe 2023-09-17 14:53 - 2023-09-17 14:53 - 000000000 ____D C:\Users\Public\Documents\Stratician Online 2023-09-17 14:52 - 2023-09-17 14:52 - 000001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSnooker.lnk 2023-09-17 14:52 - 2023-09-17 14:52 - 000000000 ____D C:\Program Files (x86)\iSnooker 2023-09-17 14:51 - 2023-09-17 14:51 - 032390920 _____ (Stratician ) C:\Users\justc\Downloads\setup2528.exe 2023-09-17 14:36 - 2023-09-27 17:12 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2023-09-17 14:36 - 2023-09-17 14:36 - 000000000 ____D C:\Users\justc\AppData\Local\Google 2023-09-17 14:36 - 2023-09-17 14:36 - 000000000 ____D C:\Program Files\Google 2023-09-17 14:35 - 2023-10-02 15:47 - 000000000 ____D C:\Program Files (x86)\Google 2023-09-17 14:35 - 2023-09-18 18:41 - 000003790 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{DE2B8264-B4FC-4FEF-AF29-8679B6F43F3B} 2023-09-17 14:35 - 2023-09-18 18:41 - 000003666 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{6BCD498D-EAE8-4972-BEBF-73EDBE3A0D6F} 2023-09-17 14:35 - 2023-09-17 14:35 - 001372712 _____ (Google LLC) C:\Users\justc\Downloads\ChromeSetup.exe 2023-09-17 14:22 - 2023-09-17 15:08 - 000000000 ____D C:\Users\justc\AppData\Local\Comms 2023-09-17 14:10 - 2023-09-17 20:06 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Spelling 2023-09-17 14:08 - 2023-09-29 12:42 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2215749033-445842302-415398914-1001 2023-09-17 14:08 - 2023-09-20 12:48 - 000000000 ____D C:\Users\justc\AppData\Local\PlaceholderTileLogoFolder 2023-09-17 14:08 - 2023-09-17 14:08 - 000000000 ___HD C:\OneDriveTemp 2023-09-17 14:07 - 2023-10-02 15:49 - 000000000 ___RD C:\Users\justc\OneDrive 2023-09-17 14:07 - 2023-09-17 14:07 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2023-09-17 14:05 - 2023-10-02 12:08 - 000000000 ____D C:\Users\justc\AppData\Local\AMD 2023-09-17 14:05 - 2023-10-02 09:48 - 000000000 ____D C:\Users\justc\AppData\Local\Packages 2023-09-17 14:05 - 2023-10-01 18:50 - 000000000 ____D C:\Users\justc\AppData\Roaming\Adobe 2023-09-17 14:05 - 2023-10-01 00:17 - 000000000 ____D C:\Users\justc\AppData\Local\D3DSCache 2023-09-17 14:05 - 2023-09-26 23:46 - 000000000 ____D C:\ProgramData\Packages 2023-09-17 14:05 - 2023-09-23 09:03 - 000000000 __RHD C:\Users\Public\AccountPictures 2023-09-17 14:05 - 2023-09-21 22:28 - 000000000 ____D C:\Users\justc\AppData\Local\ConnectedDevicesPlatform 2023-09-17 14:05 - 2023-09-17 20:06 - 000000000 ___SD C:\Users\justc\AppData\Roaming\Microsoft\Crypto 2023-09-17 14:05 - 2023-09-17 14:05 - 000000000 ___RD C:\Users\justc\3D Objects 2023-09-17 14:05 - 2023-09-17 14:05 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Vault 2023-09-17 14:05 - 2023-09-17 14:05 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Network 2023-09-17 14:05 - 2023-09-17 14:05 - 000000000 ____D C:\Users\justc\AppData\LocalLow\AMD 2023-09-17 14:05 - 2023-09-17 14:05 - 000000000 ____D C:\Users\justc\AppData\Local\VirtualStore 2023-09-17 14:05 - 2023-09-17 14:05 - 000000000 ____D C:\Users\justc\AppData\Local\Publishers 2023-09-17 14:00 - 2023-10-02 15:45 - 000065536 _____ C:\Windows\system32\spu_storage.bin 2023-09-17 14:00 - 2023-09-17 14:00 - 000000000 ___SD C:\Users\justc\AppData\Roaming\Microsoft\SystemCertificates 2023-09-17 14:00 - 2023-09-17 14:00 - 000000000 ____D C:\Windows\system32\AMD 2023-09-17 14:00 - 2023-09-17 14:00 - 000000000 ____D C:\Program Files\AMD 2023-09-17 14:00 - 2020-10-29 16:31 - 000107560 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\amdkmpfd.sys 2023-09-17 13:59 - 2023-10-02 15:50 - 000000000 ____D C:\Users\justc 2023-09-17 13:59 - 2023-09-28 19:29 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Windows 2023-09-17 13:59 - 2023-09-19 14:51 - 000000000 ___SD C:\Users\justc\AppData\Roaming\Microsoft\Credentials 2023-09-17 13:59 - 2023-09-17 13:59 - 000000020 ___SH C:\Users\justc\ntuser.ini 2023-09-17 13:59 - 2023-09-17 13:59 - 000000000 ___SD C:\Users\justc\AppData\Roaming\Microsoft\Protect 2023-09-17 13:59 - 2020-10-29 16:33 - 001783920 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe 2023-09-17 13:59 - 2020-10-29 16:33 - 001783920 _____ C:\Windows\system32\vulkaninfo.exe 2023-09-17 13:59 - 2020-10-29 16:33 - 001374320 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe 2023-09-17 13:59 - 2020-10-29 16:33 - 001374320 _____ C:\Windows\SysWOW64\vulkaninfo.exe 2023-09-17 13:59 - 2020-10-29 16:33 - 001085360 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll 2023-09-17 13:59 - 2020-10-29 16:33 - 001085360 _____ C:\Windows\system32\vulkan-1.dll 2023-09-17 13:59 - 2020-10-29 16:33 - 000944208 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll 2023-09-17 13:59 - 2020-10-29 16:33 - 000944208 _____ C:\Windows\SysWOW64\vulkan-1.dll 2023-09-17 13:59 - 2020-10-29 16:33 - 000736880 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Rapidfire64.dll 2023-09-17 13:59 - 2020-10-29 16:33 - 000046704 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\RapidFireServer64.dll 2023-09-17 13:59 - 2020-10-29 16:33 - 000043632 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 064809072 _____ C:\Windows\system32\amd_comgr.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 053684848 _____ C:\Windows\SysWOW64\amd_comgr32.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 004630640 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 004141168 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 001774192 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 001341552 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 001341552 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000760432 _____ (AMD) C:\Windows\system32\atieclxx.exe 2023-09-17 13:59 - 2020-10-29 16:32 - 000621168 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000496752 _____ C:\Windows\system32\GameManager64.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000493168 _____ C:\Windows\system32\dgtrayicon.exe 2023-09-17 13:59 - 2020-10-29 16:32 - 000468592 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000456304 _____ C:\Windows\system32\atieah64.exe 2023-09-17 13:59 - 2020-10-29 16:32 - 000432752 _____ C:\Windows\system32\EEURestart.exe 2023-09-17 13:59 - 2020-10-29 16:32 - 000380016 _____ C:\Windows\SysWOW64\GameManager32.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000351856 _____ C:\Windows\SysWOW64\atieah32.exe 2023-09-17 13:59 - 2020-10-29 16:32 - 000339568 _____ C:\Windows\system32\clinfo.exe 2023-09-17 13:59 - 2020-10-29 16:32 - 000245360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000213104 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000186992 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000182392 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000167024 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000166512 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000158656 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000156784 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000142448 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000140912 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000135792 _____ (AMD) C:\Windows\system32\atimuixx.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000134768 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000125552 _____ C:\Windows\system32\atidxx64.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000122480 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdxc64.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000120432 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000107632 _____ C:\Windows\SysWOW64\atidxx32.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000107120 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdxc32.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000090736 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mcl64.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000075376 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mcl32.dll 2023-09-17 13:59 - 2020-10-29 16:32 - 000070256 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ati2erec.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 071030384 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdhip64.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 001686016 _____ (AMD) C:\Windows\system32\amf-mft-mjpeg-decoder64.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 001365368 _____ (AMD) C:\Windows\SysWOW64\amf-mft-mjpeg-decoder32.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000941168 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000768624 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000553584 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmcl64.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000546800 _____ C:\Windows\system32\amdmiracast.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000489584 _____ C:\Windows\system32\amdgfxinfo64.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000466544 _____ C:\Windows\system32\amdlogum.exe 2023-09-17 13:59 - 2020-10-29 16:31 - 000383600 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmcl32.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000380016 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000198312 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdihk64.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000167400 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdihk32.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000135928 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000130232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000130232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000120264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000108248 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll 2023-09-17 13:59 - 2020-10-29 16:31 - 000108248 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll 2023-09-17 13:59 - 2020-10-29 15:29 - 000154384 _____ C:\Windows\system32\samu_krnl_ci.sbin 2023-09-17 13:59 - 2020-10-29 15:29 - 000138832 _____ C:\Windows\system32\samu_krnl_isv_ci.sbin 2023-09-17 13:59 - 2020-10-29 15:29 - 000125488 _____ C:\Windows\system32\kapp_ci.sbin 2023-09-17 13:59 - 2020-10-29 15:29 - 000121168 _____ C:\Windows\system32\kapp_si.sbin 2023-09-17 13:54 - 2023-10-02 15:53 - 000840598 _____ C:\Windows\system32\PerfStringBackup.INI ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2023-10-02 15:53 - 2019-12-07 05:13 - 000000000 ____D C:\Windows\INF 2023-10-02 15:47 - 2023-05-05 08:27 - 000000000 ____D C:\Windows\SystemTemp 2023-10-02 15:47 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2023-10-02 15:45 - 2019-12-07 05:03 - 000524288 _____ C:\Windows\system32\config\BBI 2023-10-02 00:05 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\AppReadiness 2023-10-01 19:42 - 2019-12-07 05:14 - 000000000 ___HD C:\Windows\ELAMBKUP 2023-10-01 19:26 - 2019-12-07 05:14 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar 2023-10-01 19:23 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2023-10-01 19:05 - 2019-12-07 05:14 - 000000000 __SHD C:\Program Files\Windows Sidebar 2023-10-01 07:36 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps 2023-09-29 14:04 - 2019-12-07 05:14 - 000000554 _____ C:\Windows\win.ini 2023-09-28 22:04 - 2019-12-07 05:14 - 000000000 ___SD C:\Windows\Downloaded Program Files 2023-09-28 22:04 - 2019-12-07 05:14 - 000000000 ___RD C:\Windows\Offline Web Pages 2023-09-28 12:45 - 2019-12-07 05:03 - 000065536 _____ C:\Windows\system32\config\ELAM 2023-09-28 12:23 - 2019-12-07 05:03 - 000000000 ____D C:\Windows\CbsTemp 2023-09-28 12:08 - 2019-12-07 05:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2023-09-28 12:08 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\setup 2023-09-28 12:08 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SystemResources 2023-09-28 12:08 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\setup 2023-09-28 12:08 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\oobe 2023-09-28 12:08 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\migwiz 2023-09-28 12:08 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\appraiser 2023-09-28 12:08 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\ShellExperiences 2023-09-28 12:08 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\PolicyDefinitions 2023-09-28 12:08 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\bcastdvr 2023-09-24 15:49 - 2023-05-05 08:22 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\ProjectedFSLib.dll 2023-09-17 22:57 - 2019-12-07 05:14 - 000000000 __RSD C:\Windows\Media 2023-09-17 20:06 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase 2023-09-17 20:06 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\spool 2023-09-17 20:06 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\MsDtc 2023-09-17 20:06 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\ServiceState 2023-09-17 19:01 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata 2023-09-17 19:01 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\WinMetadata 2023-09-17 19:01 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates 2023-09-17 19:00 - 2019-12-07 05:14 - 000000000 ___RD C:\Windows\PrintDialog 2023-09-17 19:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\appcompat 2023-09-17 17:45 - 2019-12-07 05:14 - 000028672 _____ C:\Windows\system32\config\BCD-Template 2023-09-17 17:21 - 2019-12-07 05:03 - 000000000 ____D C:\Windows\servicing 2023-09-17 16:51 - 2019-12-07 05:50 - 000000000 ____D C:\Windows\system32\FxsTmp 2023-09-17 16:08 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Windows Defender 2023-09-17 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\USOPrivate ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== [HEADING=1]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-09-2023 Ran by justc (02-10-2023 15:59:58) Running from C:\Users\justc\Desktop Microsoft Windows 10 Home Version 22H2 19045.3516 (X64) (2023-09-17 20:49:53) Boot Mode: Normal[/HEADING] ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-2215749033-445842302-415398914-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2215749033-445842302-415398914-503 - Limited - Disabled) Guest (S-1-5-21-2215749033-445842302-415398914-501 - Limited - Disabled) justc (S-1-5-21-2215749033-445842302-415398914-1001 - Administrator - Enabled) => C:\Users\justc WDAGUtilityAccount (S-1-5-21-2215749033-445842302-415398914-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Bitdefender Antivirus (Enabled - Up to date) {F4F8BE4F-D893-2EB2-F208-1A2FF1A396CA} FW: Bitdefender Firewall (Enabled) {CCC33F6A-92FC-2FEA-D957-B31A0F70D1B1} ==================== Installed Programs ====================== (Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 23.01 (x64 edition) (HKLM...{23170F69-40C1-2702-2301-000001000000}) (Version: 23.01.00.0 - Igor Pavlov) Amazon Music (HKU\S-1-5-21-2215749033-445842302-415398914-1001...\Amazon Amazon Music) (Version: 9.4.3.2420 - Amazon.com Services LLC) Bitdefender Agent (HKLM...\Bitdefender Agent) (Version: 27.0.1.259 - Bitdefender) Bitdefender Total Security (HKLM...\Bitdefender) (Version: 27.0.20.105 - Bitdefender) Bitdefender VPN (HKLM...\Bitdefender VPN) (Version: 26.0.2.1 - Bitdefender) Canon IJ Network Scan Utility (HKLM-x32...\Canon_IJ_Network_Scan_UTILITY) (Version: - ) Canon IJ Network Tool (HKLM-x32...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.) Canon MP Navigator EX 3.1 (HKLM-x32...\MP Navigator EX 3.1) (Version: - ) Canon MX340 series MP Drivers (HKLM...{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version: - Canon Inc.) CCleaner (HKLM...\CCleaner) (Version: 6.16 - Piriform) Core FTP LE (x64) (HKLM-x32...\CoreFTP(x64)) (Version: - ) CPUID CPU-Z 2.08 (HKLM...\CPUID CPU-Z_is1) (Version: 2.08 - CPUID, Inc.) DiskCheckup (HKLM-x32...\DiskCheckup_is1) (Version: 3.5.1004.0 - PassMark Software) FileZilla 3.65.0 (HKLM-x32...\FileZilla Client) (Version: 3.65.0 - Tim Kosse) Gmail (HKU\S-1-5-21-2215749033-445842302-415398914-1001...\ec710934cdfffbee268692b010a82ad8) (Version: 1.0 - Google\Chrome) Google Chrome (HKLM-x32...\Google Chrome) (Version: 117.0.5938.132 - Google LLC) Google Drive (HKU\S-1-5-21-2215749033-445842302-415398914-1001...\b4857df16d6bf9d14b9f21735bbf7cef) (Version: 1.0 - Google\Chrome) iPool version 2.3.02 (01) (HKLM-x32...{BE5FCCBF-5CBB-487E-AC94-882028E1448C}_is1) (Version: 2.3.02 (01) - Stratician) Maxx Audio Installer (x64) (HKLM...{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.9060.3 - Waves Audio Ltd.) Hidden Messenger (HKU\S-1-5-21-2215749033-445842302-415398914-1001...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 197.0.521392868 - Facebook, Inc.) Microsoft 365 - en-us (HKLM...\O365HomePremRetail - en-us) (Version: 16.0.16731.20234 - Microsoft Corporation) Microsoft Edge (HKLM-x32...\Microsoft Edge) (Version: 117.0.2045.47 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32...\Microsoft EdgeWebView) (Version: 117.0.2045.47 - Microsoft Corporation) Microsoft OneDrive (HKLM...\OneDriveSetup.exe) (Version: 23.189.0910.0001 - Microsoft Corporation) Microsoft Update Health Tools (HKLM...{2953E19B-9F91-4A49-A23B-7E25970A1951}) (Version: 3.73.0.0 - Microsoft Corporation) Office 16 Click-to-Run Licensing Component (HKLM...{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden Realtek High Definition Audio Driver (HKLM-x32...{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8142 - Realtek Semiconductor Corp.) Sheets (HKU\S-1-5-21-2215749033-445842302-415398914-1001...\fcad59d48b6d7f9ac4f8bbdef83897fc) (Version: 1.0 - Google\Chrome) Slides (HKU\S-1-5-21-2215749033-445842302-415398914-1001...\8b71f6b19323d84d678abe6631527c30) (Version: 1.0 - Google\Chrome) Verizon Cloud (HKLM...{048202BC-F4E7-4AB2-A130-EC887A3C9675}) (Version: 23.9.0.17 - Verizon Wireless) YouTube (HKU\S-1-5-21-2215749033-445842302-415398914-1001...\254b4d2813518435f94a19dffc5552cc) (Version: 1.0 - Google\Chrome) [HEADING=1]Packages:[/HEADING] Cortana → C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-09-20] (Microsoft Corporation) Microsoft Defender → C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2309.1001.0_x64__8wekyb3d8bbwe [2023-09-25] (Microsoft Corporation) [Startup Task] Microsoft Remote Desktop → C:\Program Files\WindowsApps\Microsoft.RemoteDesktop_10.2.3012.0_x64__8wekyb3d8bbwe [2023-09-18] (Microsoft Corporation) Outlook for Windows → C:\Program Files\WindowsApps\Microsoft.OutlookForWindows_1.2023.920.900_x64__8wekyb3d8bbwe [2023-10-01] (Microsoft Corporation) Photos Media Engine Add-on → C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2023-09-19] (Microsoft Corporation) Solitaire & Casual Games → C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.8180.0_x64__8wekyb3d8bbwe [2023-09-18] (Microsoft Studios) [MS Ad] Spotify Music → C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0 [2023-09-28] (Spotify AB) [Startup Task] ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2215749033-445842302-415398914-1001_Classes\CLSID{00654f73-86a8-425c-b3a0-038200133493} → [Verizon Cloud] => C:\Users\justc\Verizon Cloud [2023-10-02 15:50] CustomCLSID: HKU\S-1-5-21-2215749033-445842302-415398914-1001_Classes\CLSID{84ff2f8e-2440-1caf-3148-f3d0fdd19ec8}\localserver32 → C:\Program Files\Verizon Cloud\Verizon Cloud.exe (Verizon Data Services LLC → Verizon) ShellIconOverlayIdentifiers: [ OneDrive1] → {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-29] (Microsoft Corporation → Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive2] → {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-29] (Microsoft Corporation → Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive3] → {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-29] (Microsoft Corporation → Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive4] → {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-29] (Microsoft Corporation → Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive5] → {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-29] (Microsoft Corporation → Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive6] → {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-29] (Microsoft Corporation → Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive7] → {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-29] (Microsoft Corporation → Microsoft Corporation) ShellIconOverlayIdentifiers: [ SncrOverlays (Cloud)] → {DC39D95E-101B-4B3B-BF18-D1B4D6584A79} => C:\Program Files\Verizon Cloud\Sncr.Cloud.Windows.Extensions.dll [2023-08-25] (Verizon Data Services LLC → Synchronoss Technologies Inc.) ShellIconOverlayIdentifiers: [ SncrOverlays (InSync)] → {5F4A6070-DB92-4C56-A487-F3850430608F} => C:\Program Files\Verizon Cloud\Sncr.Cloud.Windows.Extensions.dll [2023-08-25] (Verizon Data Services LLC → Synchronoss Technologies Inc.) ShellIconOverlayIdentifiers: [ SncrOverlays (Paused)] → {DC20B35F-DF4A-4783-B48E-7EB2496E5858} => C:\Program Files\Verizon Cloud\Sncr.Cloud.Windows.Extensions.dll [2023-08-25] (Verizon Data Services LLC → Synchronoss Technologies Inc.) ShellIconOverlayIdentifiers: [ SncrOverlays (Syncing)] → {28CDCD88-B179-49D6-8B21-1A9AF9C0AE13} => C:\Program Files\Verizon Cloud\Sncr.Cloud.Windows.Extensions.dll [2023-08-25] (Verizon Data Services LLC → Synchronoss Technologies Inc.) ShellIconOverlayIdentifiers-x32: [ OneDrive1] → {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-29] (Microsoft Corporation → Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive2] → {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-29] (Microsoft Corporation → Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive3] → {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-29] (Microsoft Corporation → Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive4] → {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-29] (Microsoft Corporation → Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive5] → {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-29] (Microsoft Corporation → Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive6] → {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-29] (Microsoft Corporation → Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive7] → {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-29] (Microsoft Corporation → Microsoft Corporation) ContextMenuHandlers1: [ FileSyncEx] → {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-29] (Microsoft Corporation → Microsoft Corporation) ContextMenuHandlers1: [7-Zip] → {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [AIMP] → {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files\AIMP\System\aimp_menu64.dll → No File ContextMenuHandlers4: [ FileSyncEx] → {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-29] (Microsoft Corporation → Microsoft Corporation) ContextMenuHandlers4: [7-Zip] → {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed] ContextMenuHandlers4: [AIMP] → {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files\AIMP\System\aimp_menu64.dll → No File ContextMenuHandlers5: [ FileSyncEx] → {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-29] (Microsoft Corporation → Microsoft Corporation) ContextMenuHandlers6: [7-Zip] → {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed] ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Web Applications_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm\Gmail.lnk → C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) → --profile-directory=Default --app-id=fmgjjmmmlfnkbppncabfkddbjimcfncm ShortcutWithArgument: C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk → C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) → --profile-directory=Default --app-id=fmgjjmmmlfnkbppncabfkddbjimcfncm ShortcutWithArgument: C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk → C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) → --profile-directory=Default --app-id=aghbiahbpaijignceidepookljebhfak ShortcutWithArgument: C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk → C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) → --profile-directory=Default --app-id=fhihpiojkbmbpdjeoajapmgkhlnakfjf ShortcutWithArgument: C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk → C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) → --profile-directory=Default --app-id=kefjledonklijopmnomlcbpllchaibag ShortcutWithArgument: C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk → C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) → --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml ShortcutWithArgument: C:\Users\justc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\188f5ec9d11ded56\Profile 2 - Edge.lnk → C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) → --profile-directory=“Profile 1” ==================== Loaded Modules (Whitelisted) ============= 2023-09-17 22:57 - 2010-08-23 09:09 - 000019456 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNSU_ENU.DLL 2023-09-17 22:56 - 2012-06-14 17:18 - 000359936 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNMN6PPM.DLL 2023-10-01 18:55 - 2020-04-02 12:15 - 002266624 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\justc\AppData\Local\Amazon Music\QtCore4.dll 2023-10-01 18:55 - 2020-04-02 12:25 - 006267392 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\justc\AppData\Local\Amazon Music\QtGui4.dll 2023-10-01 18:55 - 2020-04-02 12:16 - 000802816 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\justc\AppData\Local\Amazon Music\QtNetwork4.dll 2023-06-20 13:00 - 2023-06-20 13:00 - 000101376 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\justc\Desktop\FRST64.exe:BDU [0] AlternateDataStreams: C:\Users\justc\Downloads\HijackThis (1).exe:BDU [0] AlternateDataStreams: C:\Users\justc\Downloads\HijackThis.exe:BDU [0] AlternateDataStreams: C:\Users\justc\Downloads\mwav (1).exe:BDU [0] AlternateDataStreams: C:\Users\justc\Downloads\mwav (2).exe:BDU [0] AlternateDataStreams: C:\Users\justc\Downloads\mwav (3).exe:BDU [0] AlternateDataStreams: C:\Users\justc\Downloads\mwav (4).exe:BDU [0] AlternateDataStreams: C:\Users\justc\Downloads\SnookerQSetup-20230923-0.1.710 (1).exe:BDU [0] AlternateDataStreams: C:\Users\justc\Downloads\SnookerQSetup-20230923-0.1.710.exe:BDU [0] ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = SearchScopes: HKU\S-1-5-21-2215749033-445842302-415398914-1001 → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Bitdefender Anti-tracker → {159ff5d5-55f1-4d2f-b706-767a55f77abb} → C:\Program Files\Bitdefender\Bitdefender Security App\bdtrackerstbie.dll [2023-09-14] (Bitdefender SRL → Bitdefender) BHO-x32: Bitdefender Anti-tracker → {159ff5d5-55f1-4d2f-b706-767a55f77abb} → C:\Program Files\Bitdefender\Bitdefender Security App\antispam32\bdtrackerstbie.dll [2023-09-14] (Bitdefender SRL → Bitdefender) BHO-x32: Skype for Business Browser Helper → {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-09-17] (Microsoft Corporation → Microsoft Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation → Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation → Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation → Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation → Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation → Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation → Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation → Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation → Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2023-09-28 13:11 - 2023-10-02 15:44 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2215749033-445842302-415398914-1001\Control Panel\Desktop\Wallpaper → C:\Users\justc\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\FB_IMG_1695310969664.jpg DNS Servers: 206.225.75.225 - 206.225.75.226 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKU\S-1-5-21-2215749033-445842302-415398914-1001...\StartupApproved\Run: => “com.messenger” ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 02-10-2023 02:24:05 KpRm ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== [HEADING=1]Application errors:[/HEADING] Error: (10/02/2023 03:44:21 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (10/02/2023 03:43:43 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {6d830346-3ced-4167-82d9-58a850152846} Error: (10/02/2023 02:49:08 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program FRST64.exe version 25.9.2023.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 3f60 Start Time: 01d9f560eef7a8f5 Termination Time: 4294967295 Application Path: C:\Users\justc\Desktop\FRST64.exe Report Id: 94c81d2e-c485-48af-92ef-216ae6f9a9a8 Faulting package full name: Faulting package-relative application ID: Hang type: Top level window is idle Error: (10/02/2023 02:47:38 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program FRST64.exe version 25.9.2023.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 3b94 Start Time: 01d9f560d7522c40 Termination Time: 4294967295 Application Path: C:\Users\justc\Desktop\FRST64.exe Report Id: 33c12e90-3db2-4427-a0e5-a7c62d700d5b Faulting package full name: Faulting package-relative application ID: Hang type: Top level window is idle Error: (10/02/2023 12:48:12 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: snookerq.exe, version: 0.0.0.0, time stamp: 0x650f5faf Faulting module name: OpenAL32.dll, version: 1.20.1.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x000247d3 Faulting process id: 0x3650 Faulting application start time: 0x01d9f54fcc2328ed Faulting application path: C:\Program Files (x86)\SnookerQ\snookerq.exe Faulting module path: C:\Program Files (x86)\SnookerQ\OpenAL32.dll Report Id: 780b34e3-b393-4f31-8b6f-905028b53de9 Faulting package full name: Faulting package-relative application ID: Error: (10/02/2023 12:45:03 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: snookerq.exe, version: 0.0.0.0, time stamp: 0x650f5faf Faulting module name: OpenAL32.dll, version: 1.20.1.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x000247d3 Faulting process id: 0x2934 Faulting application start time: 0x01d9f54f0f0cd3f2 Faulting application path: C:\Program Files (x86)\SnookerQ\snookerq.exe Faulting module path: C:\Program Files (x86)\SnookerQ\OpenAL32.dll Report Id: 0128cbe3-2d0d-458d-818e-c1a2e9b6ea22 Faulting package full name: Faulting package-relative application ID: Error: (10/02/2023 12:39:46 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: snookerq.exe, version: 0.0.0.0, time stamp: 0x650f5faf Faulting module name: OpenAL32.dll, version: 1.20.1.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x000247d3 Faulting process id: 0x2ce8 Faulting application start time: 0x01d9f54ab367fccc Faulting application path: C:\Program Files (x86)\SnookerQ\snookerq.exe Faulting module path: C:\Program Files (x86)\SnookerQ\OpenAL32.dll Report Id: 7b9a846f-a71d-4d7e-89d7-ce2c2f6e21b9 Faulting package full name: Faulting package-relative application ID: Error: (10/02/2023 11:44:29 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program CCleaner64.exe version 6.16.0.10662 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 4598 Start Time: 01d9f54715f17fd8 Termination Time: 4294967295 Application Path: C:\Program Files\CCleaner\CCleaner64.exe Report Id: ce3a7024-a81f-44e3-867c-0bf1221114ae Faulting package full name: Faulting package-relative application ID: Hang type: Top level window is idle [HEADING=1]System errors:[/HEADING] Error: (10/02/2023 03:43:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The AfVpnService service terminated unexpectedly. It has done this 1 time(s). Error: (10/02/2023 03:43:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (10/02/2023 03:43:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Bitdefender Agent RedLine Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (10/02/2023 03:43:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Waves Audio Services service terminated unexpectedly. It has done this 1 time(s). Error: (10/02/2023 03:43:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Verizon Cloud Update Service service terminated unexpectedly. It has done this 1 time(s). Error: (10/02/2023 03:43:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The ProductAgentService service terminated unexpectedly. It has done this 1 time(s). Error: (10/02/2023 03:43:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error: (10/02/2023 03:43:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The AtherosSvc service terminated unexpectedly. It has done this 1 time(s). [HEADING=1]Windows Defender:[/HEADING] Date: 2023-09-26 23:38:44 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Wacatac.H!ml&threatid=2147814524&enterprise=0 Name: Trojan:Script/Wacatac.H!ml Severity: Severe Category: Trojan Path: containerfile:_C:\Users\justc\Downloads\AutoLogger.zip; file:_C:\Users\justc\Desktop\AutoLogger.exe; file:_C:\Users\justc\Downloads\AutoLogger.zip->AutoLogger.exe; webfile:_C:\Users\justc\Downloads\AutoLogger.zip|https://tools.safezone.cc/drongo/AutoLogger/AutoLogger.zip|pid:11360,ProcessStart:133402595159320135 Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Windows\explorer.exe Security intelligence Version: AV: 1.397.1626.0, AS: 1.397.1626.0, NIS: 1.397.1626.0 Engine Version: AM: 1.1.23080.2005, NIS: 1.1.23080.2005 Date: 2023-09-26 23:38:05 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Wacatac.H!ml&threatid=2147814524&enterprise=0 Name: Trojan:Script/Wacatac.H!ml Severity: Severe Category: Trojan Path: file:_C:\Users\justc\Desktop\AutoLogger.exe Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Windows\explorer.exe Security intelligence Version: AV: 1.397.1626.0, AS: 1.397.1626.0, NIS: 1.397.1626.0 Engine Version: AM: 1.1.23080.2005, NIS: 1.1.23080.2005 Date: 2023-09-26 23:38:05 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Wacatac.H!ml&threatid=2147814524&enterprise=0 Name: Trojan:Script/Wacatac.H!ml Severity: Severe Category: Trojan Path: file:_C:\Users\justc\Desktop\AutoLogger.exe; process:_pid:8452,ProcessStart:133402593126878071; process:_pid:9684,ProcessStart:133402592130541598 Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Windows\System32\RuntimeBroker.exe Security intelligence Version: AV: 1.397.1626.0, AS: 1.397.1626.0, NIS: 1.397.1626.0 Engine Version: AM: 1.1.23080.2005, NIS: 1.1.23080.2005 Date: 2023-09-26 23:37:57 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Wacatac.H!ml&threatid=2147814524&enterprise=0 Name: Trojan:Script/Wacatac.H!ml Severity: Severe Category: Trojan Path: file:_C:\Users\justc\Desktop\AutoLogger.exe; process:_pid:8452,ProcessStart:133402593126878071; process:_pid:9684,ProcessStart:133402592130541598 Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Users\justc\Desktop\AutoLogger.exe Security intelligence Version: AV: 1.397.1626.0, AS: 1.397.1626.0, NIS: 1.397.1626.0 Engine Version: AM: 1.1.23080.2005, NIS: 1.1.23080.2005 Date: 2023-09-26 23:37:51 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Wacatac.H!ml&threatid=2147814524&enterprise=0 Name: Trojan:Script/Wacatac.H!ml Severity: Severe Category: Trojan Path: file:_C:\Users\justc\Desktop\AutoLogger.exe; process:_pid:8452,ProcessStart:133402593126878071; process:_pid:9684,ProcessStart:133402592130541598 Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Users\justc\Desktop\AutoLogger.exe Security intelligence Version: AV: 1.397.1626.0, AS: 1.397.1626.0, NIS: 1.397.1626.0 Engine Version: AM: 1.1.23080.2005, NIS: 1.1.23080.2005 Event[0]: Date: 2023-09-26 10:29:56 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: 1.397.1595.0 Previous security intelligence Version: 1.397.1128.0 Update Source: User Security intelligence Type: AntiSpyware Update Type: Delta Current Engine Version: 1.1.23080.2005 Previous Engine Version: 1.1.23080.2005 Error code: 0x80509004 Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Date: 2023-09-26 10:29:56 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: 1.397.1595.0 Previous security intelligence Version: 1.397.1128.0 Update Source: User Security intelligence Type: AntiVirus Update Type: Delta Current Engine Version: 1.1.23080.2005 Previous Engine Version: 1.1.23080.2005 Error code: 0x80509004 Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Date: 2023-09-26 10:26:33 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.397.1128.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.23080.2005 Error code: 0x80240022 Error description: The program can’t check for definition updates. Date: 2023-09-26 10:26:33 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.397.1128.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.23080.2005 Error code: 0x80240022 Error description: The program can’t check for definition updates. [HEADING=1]CodeIntegrity:[/HEADING] Date: 2023-10-02 15:48:54 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\bdamsi\266693960119962704\antimalware_provider64.dll that did not meet the Microsoft signing level requirements. Date: 2023-10-02 15:47:54 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\bdamsi\266693960119962704\antimalware_provider64.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== BIOS: Dell Inc. 4.3.0 08/10/2016 Motherboard: Dell Inc. 03PYWR Processor: AMD A8-7410 APU with AMD Radeon R5 Graphics Percentage of memory in use: 41% Total physical RAM: 15297.18 MB Available physical RAM: 8897.68 MB Total Virtual: 17601.18 MB Available Virtual: 10510.78 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:930.65 GB) (Free:874.71 GB) (Model: WD Blue SA510 2.5 1000GB) NTFS Drive e: (Audio CD) (CDROM) (Total:0 GB) (Free:0 GB) CDFS \?\Volume{856a1e7d-aa4b-48b9-9ea4-b0bba75d5bc8}\ () (Fixed) (Total:0.75 GB) (Free:0.28 GB) NTFS \?\Volume{29ef0c2e-dd39-4f66-9048-d5dd6009a5c3}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt =======================Comment
-
Copy the content of the code box below.
[COLOR=rgb(184, 49, 47)]Do not copy the word code!!!
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next message.
[/COLOR]Code:start:: CreateRestorePoint: HKU\S-1-5-21-2215749033-445842302-415398914-1001\...\Run: [MicrosoftEdgeAutoLaunch_46C0173F98CBD0BEB36BBC1DDC54FE9A] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4210216 2023-09-29] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-2215749033-445842302-415398914-1001\...\Run: [GoogleChromeAutoLaunch_B364DB4262BB88E80B8C959641DD7ACE] => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 [3242272 2023-09-27] (Google LLC -> Google LLC) S3 cpuz154; \??\C:\Windows\temp\cpuz154\cpuz154_x64.sys [X] S3 AscFileFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys [X] S3 AscRegistryFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.sys [X] 2023-10-01 18:51 - 2023-10-02 01:05 - 000000000 ____D C:\ProgramData\IObit 2023-10-01 18:51 - 2023-10-01 23:41 - 000000000 ____D C:\Users\justc\AppData\LocalLow\IObit 2023-10-01 18:50 - 2023-10-01 23:41 - 000000000 ____D C:\Program Files (x86)\IObit 2023-10-01 18:50 - 2023-10-01 19:13 - 000000000 ____D C:\Users\justc\AppData\Roaming\IObit C:\ProgramData\{7D4F950D-61ED-482D-A05D-43620B49B610} C:\ProgramData\ProductData C:\ProgramData\360Quarant C:\Program Files (x86)\360 ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files\AIMP\System\aimp_menu64.dll -> No File ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files\AIMP\System\aimp_menu64.dll -> No File ShortcutWithArgument: C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm\Gmail.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fmgjjmmmlfnkbppncabfkddbjimcfncm ShortcutWithArgument: C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fmgjjmmmlfnkbppncabfkddbjimcfncm ShortcutWithArgument: C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=aghbiahbpaijignceidepookljebhfak ShortcutWithArgument: C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fhihpiojkbmbpdjeoajapmgkhlnakfjf ShortcutWithArgument: C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kefjledonklijopmnomlcbpllchaibag ShortcutWithArgument: C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml ShortcutWithArgument: C:\Users\justc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\188f5ec9d11ded56\Profile 2 - Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 1" AlternateDataStreams: C:\Users\justc\Desktop\FRST64.exe:BDU [0] AlternateDataStreams: C:\Users\justc\Downloads\HijackThis (1).exe:BDU [0] AlternateDataStreams: C:\Users\justc\Downloads\HijackThis.exe:BDU [0] AlternateDataStreams: C:\Users\justc\Downloads\mwav (1).exe:BDU [0] AlternateDataStreams: C:\Users\justc\Downloads\mwav (2).exe:BDU [0] AlternateDataStreams: C:\Users\justc\Downloads\mwav (3).exe:BDU [0] AlternateDataStreams: C:\Users\justc\Downloads\mwav (4).exe:BDU [0] AlternateDataStreams: C:\Users\justc\Downloads\SnookerQSetup-20230923-0.1.710 (1).exe:BDU [0] AlternateDataStreams: C:\Users\justc\Downloads\SnookerQSetup-20230923-0.1.710.exe:BDU [0] emptytemp: Reboot: End::Comment
-
[COLOR=rgb(184, 49, 47)]Originally posted by Malnutrition
[HEADING=1]Again, no where to attach.
Fix result of Farbar Recovery Scan Tool (x64) Version: 25-09-2023
Ran by justc (03-10-2023 08:22:11) Run:1
Running from C:\Users\justc\Desktop
Loaded Profiles: justc
Boot Mode: Normal[/HEADING]
fixlist content:
start::
CreateRestorePoint:
HKU\S-1-5-21-2215749033-445842302-415398914-1001...\Run: [MicrosoftEdgeAutoLaunch_46C0173F98CBD0BEB36BBC1DDC 54FE9A] => “C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe” --no-startup-window --win-session-start /prefetch:5 [4210216 2023-09-29] (Microsoft Corporation → Microsoft Corporation)
HKU\S-1-5-21-2215749033-445842302-415398914-1001...\Run: [GoogleChromeAutoLaunch_B364DB4262BB88E80B8C959641D D7ACE] => “C:\Program Files\Google\Chrome\Application\chrome.exe” --no-startup-window /prefetch:5 [3242272 2023-09-27] (Google LLC → Google LLC)
S3 cpuz154; ??\C:\Windows\temp\cpuz154\cpuz154_x64.sys
S3 AscFileFilter; ??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys
S3 AscRegistryFilter; ??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.s ys
2023-10-01 18:51 - 2023-10-02 01:05 - 000000000 ____D C:\ProgramData\IObit
2023-10-01 18:51 - 2023-10-01 23:41 - 000000000 ____D C:\Users\justc\AppData\LocalLow\IObit
2023-10-01 18:50 - 2023-10-01 23:41 - 000000000 ____D C:\Program Files (x86)\IObit
2023-10-01 18:50 - 2023-10-01 19:13 - 000000000 ____D C:\Users\justc\AppData\Roaming\IObit
C:\ProgramData{7D4F950D-61ED-482D-A05D-43620B49B610}
C:\ProgramData\ProductData
C:\ProgramData\360Quarant
C:\Program Files (x86)\360
ContextMenuHandlers1: [AIMP] → {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files\AIMP\System\aimp_menu64.dll → No File
ContextMenuHandlers4: [AIMP] → {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files\AIMP\System\aimp_menu64.dll → No File
ShortcutWithArgument: C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Web Applications_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm\ Gmail.lnk → C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) → --profile-directory=Default --app-id=fmgjjmmmlfnkbppncabfkddbjimcfncm
ShortcutWithArgument: C:\Users\justc\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Chrome Apps\Gmail.lnk → C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) → --profile-directory=Default --app-id=fmgjjmmmlfnkbppncabfkddbjimcfncm
ShortcutWithArgument: C:\Users\justc\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Chrome Apps\Google Drive.lnk → C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) → --profile-directory=Default --app-id=aghbiahbpaijignceidepookljebhfak
ShortcutWithArgument: C:\Users\justc\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Chrome Apps\Sheets.lnk → C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) → --profile-directory=Default --app-id=fhihpiojkbmbpdjeoajapmgkhlnakfjf
ShortcutWithArgument: C:\Users\justc\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Chrome Apps\Slides.lnk → C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) → --profile-directory=Default --app-id=kefjledonklijopmnomlcbpllchaibag
ShortcutWithArgument: C:\Users\justc\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Chrome Apps\YouTube.lnk → C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) → --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml
ShortcutWithArgument: C:\Users\justc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\188f5ec9d11ded56\Profi le 2 - Edge.lnk → C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) → --profile-directory=“Profile 1”
AlternateDataStreams: C:\Users\justc\Desktop\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\justc\Downloads\HijackThis (1).exe:BDU [0]
AlternateDataStreams: C:\Users\justc\Downloads\HijackThis.exe:BDU [0]
AlternateDataStreams: C:\Users\justc\Downloads\mwav (1).exe:BDU [0]
AlternateDataStreams: C:\Users\justc\Downloads\mwav (2).exe:BDU [0]
AlternateDataStreams: C:\Users\justc\Downloads\mwav (3).exe:BDU [0]
AlternateDataStreams: C:\Users\justc\Downloads\mwav (4).exe:BDU [0]
AlternateDataStreams: C:\Users\justc\Downloads\SnookerQSetup-20230923-0.1.710 (1).exe:BDU [0]
AlternateDataStreams: C:\Users\justc\Downloads\SnookerQSetup-20230923-0.1.710.exe:BDU [0]
emptytemp:
Reboot:
End::
Restore point was successfully created.
“HKU\S-1-5-21-2215749033-445842302-415398914-1001\Software\Microsoft\Windows\CurrentVersion\Run \MicrosoftEdgeAutoLaunch_46C0173F98CBD0BEB36BBC1DD C54FE9A” => removed successfully
“HKU\S-1-5-21-2215749033-445842302-415398914-1001\Software\Microsoft\Windows\CurrentVersion\Run \GoogleChromeAutoLaunch_B364DB4262BB88E80B8C959641 DD7ACE” => removed successfully
HKLM\System\CurrentControlSet\Services\cpuz154 => removed successfully
cpuz154 => service removed successfully
HKLM\System\CurrentControlSet\Services\AscFileFilt er => removed successfully
AscFileFilter => service removed successfully
HKLM\System\CurrentControlSet\Services\AscRegistry Filter => removed successfully
AscRegistryFilter => service removed successfully
“C:\ProgramData\IObit” folder move:
Could not move “C:\ProgramData\IObit” => Scheduled to move on reboot.
“C:\Users\justc\AppData\LocalLow\IObit” folder move:
Could not move “C:\Users\justc\AppData\LocalLow\IObit” => Scheduled to move on reboot.
“C:\Program Files (x86)\IObit” folder move:
Could not move “C:\Program Files (x86)\IObit” => Scheduled to move on reboot.
“C:\Users\justc\AppData\Roaming\IObit” folder move:
Could not move “C:\Users\justc\AppData\Roaming\IObit” => Scheduled to move on reboot.
“C:\ProgramData{7D4F950D-61ED-482D-A05D-43620B49B610}” folder move:
Could not move “C:\ProgramData{7D4F950D-61ED-482D-A05D-43620B49B610}” => Scheduled to move on reboot.
“C:\ProgramData\ProductData” folder move:
Could not move “C:\ProgramData\ProductData” => Scheduled to move on reboot.
“C:\ProgramData\360Quarant” folder move:
Could not move “C:\ProgramData\360Quarant” => Scheduled to move on reboot.
“C:\Program Files (x86)\360” folder move:
Could not move “C:\Program Files (x86)\360” => Scheduled to move on reboot.
HKLM\Software\Classes*\ShellEx\ContextMenuHandlers \AIMP => removed successfully
HKLM\Software\Classes\CLSID{1F77B17B-F531-44DB-ACA4-76ABB5010A28} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMen uHandlers\AIMP => removed successfully
C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Web Applications_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm\ Gmail.lnk => Shortcut argument removed successfully
C:\Users\justc\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Chrome Apps\Gmail.lnk => Shortcut argument removed successfully
C:\Users\justc\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Chrome Apps\Google Drive.lnk => Shortcut argument removed successfully
C:\Users\justc\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Chrome Apps\Sheets.lnk => Shortcut argument removed successfully
C:\Users\justc\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Chrome Apps\Slides.lnk => Shortcut argument removed successfully
C:\Users\justc\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Chrome Apps\YouTube.lnk => Shortcut argument removed successfully
C:\Users\justc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\188f5ec9d11ded56\Profi le 2 - Edge.lnk => Shortcut argument removed successfully
“C:\Users\justc\Desktop\FRST64.exe” => “:BDU” ADS not found.
C:\Users\justc\Downloads\HijackThis (1).exe => “:BDU” ADS removed successfully
C:\Users\justc\Downloads\HijackThis.exe => “:BDU” ADS removed successfully
C:\Users\justc\Downloads\mwav (1).exe => “:BDU” ADS removed successfully
C:\Users\justc\Downloads\mwav (2).exe => “:BDU” ADS removed successfully
C:\Users\justc\Downloads\mwav (3).exe => “:BDU” ADS removed successfully
C:\Users\justc\Downloads\mwav (4).exe => “:BDU” ADS removed successfully
C:\Users\justc\Downloads\SnookerQSetup-20230923-0.1.710 (1).exe => “:BDU” ADS removed successfully
C:\Users\justc\Downloads\SnookerQSetup-20230923-0.1.710.exe => “:BDU” ADS removed successfully
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8547112 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 2604868 B
Edge => 0 B
Chrome => 334229704 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 9648 B
NetworkService => 9648 B
justc => -3068634 B
RecycleBin => 753 B
EmptyTemp: => 329.4 MB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 03-10-2023 08:25:12)
C:\ProgramData\IObit => Is moved successfully
C:\Users\justc\AppData\LocalLow\IObit => Is moved successfully
C:\Program Files (x86)\IObit => Is moved successfully
C:\Users\justc\AppData\Roaming\IObit => Is moved successfully
C:\ProgramData{7D4F950D-61ED-482D-A05D-43620B49B610} => Is moved successfully
C:\ProgramData\ProductData => Is moved successfully
C:\ProgramData\360Quarant => Is moved successfully
C:\Program Files (x86)\360 => Is moved successfully
==== End of Fixlog 08:25:12 ====[/color]Comment
-
Any issues to speak of?Comment
Comment