I was testing something
- Thread starter Fouler
- Start date
- Status
- Nov 5, 2019
- 1,597
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
I need more information.
What were you trying to test?
Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Check the boxes as seen here:
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and Attach it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Please attach the logs for my review.
How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "Upload file" button.
Do this for both files. Then pres the "Post reply" button.
<<<>>>
Wait for further instructions
p.s.
The Farbar program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
You should restore the program from the Quarantine folder.
<<<>>>
I'm nasdaq and will be helping you.
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
I need more information.
What were you trying to test?
Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Check the boxes as seen here:
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and Attach it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Please attach the logs for my review.
How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "Upload file" button.
Do this for both files. Then pres the "Post reply" button.
<<<>>>
Wait for further instructions
p.s.
The Farbar program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
You should restore the program from the Quarantine folder.
<<<>>>
- Oct 5, 2022
- 17
First what i was testing? well the answer is simple i had an app that i unistalled but the installer remained so i wanted to get rid of it so i right clicked the installer in the start menu open original and open original again and i couldnt unistall it so i changed the ownership to myself thats when i realised that is in the windows system so i stopped and i am trying to revert
- Oct 5, 2022
- 17
The FRST file i couldnt upload it for a reasom
anotepad.com
Note 10/6/2022 2:04:44 PM - Online Notepad
aNotepad.com is your everyday online notepad. You can take notes and share notes online without having to login. You can use a rich text editor and download your note as PDF or Word document. Best of all - aNotepad is a fast, clean, and easy-to-use notepad online.
anotepad.com
Last edited:
- Nov 5, 2019
- 1,597
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.
Please open the Microsoft Notepad or an other Text editior.
Novigate to the FRST.TXt log in the Farbar folder and copy the file to the Editor.
Save the file and post or attach it to your next reply.
I will review your logs and advise.
I'm nasdaq and will be helping you.
Please open the Microsoft Notepad or an other Text editior.
Novigate to the FRST.TXt log in the Farbar folder and copy the file to the Editor.
Save the file and post or attach it to your next reply.
I will review your logs and advise.
- Nov 5, 2019
- 1,597
Hi,
The Farbar program is parked in the folder in bold.
Running from C:\Users\Marcelino\Desktop\My stuff\College stuff\MAT-110
Please copy the Farar.exe downloaded file and copy the downloaded program file to your Desktop.
Run a Scan from that folder.
If you are not able to copy the logs to this topic let me know and will try something else.
The Farbar program is parked in the folder in bold.
Running from C:\Users\Marcelino\Desktop\My stuff\College stuff\MAT-110
Please copy the Farar.exe downloaded file and copy the downloaded program file to your Desktop.
Run a Scan from that folder.
If you are not able to copy the logs to this topic let me know and will try something else.
- Oct 5, 2022
- 17
here is the rescan and yes i cant upload the FRST fileeven if i change its name copy its content to another notepad
- Nov 5, 2019
- 1,597
Hi,
Let's try this.
Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.
Run FRST and click Fix only once and wait.
The Computer will restart when the fix is completed.
It will create a log (Fixlog.txt) please post it to your reply.
===
If still unable to post or attach the FRST.TXT log. try this.
Copy only the following lines from:
Paste this only to your next reply.
Let's try this.
Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.
Run FRST and click Fix only once and wait.
The Computer will restart when the fix is completed.
It will create a log (Fixlog.txt) please post it to your reply.
===
If still unable to post or attach the FRST.TXT log. try this.
Copy only the following lines from:
Paste this only to your next reply.
- Nov 5, 2019
- 1,597
Hi,
I may be wrong but a line or a string of text may be blocked by the Forum security.
Open the FRST.TXT file and just copy the lines:
From here:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-10-2022
Ran by ...
Running from ...
Loaded Profiles: ...
Platform: ...
Default browser: ...
Boot Mode: ...
==================== Processes (Whitelisted) =================
to and including this one.
All the lines between these 2 section of the log.
==================== Registry (Whitelisted) ===================
Post this result in your next reply.
If you can you can send me each section in it's own new topic and I will merge them.
I may be wrong but a line or a string of text may be blocked by the Forum security.
Open the FRST.TXT file and just copy the lines:
From here:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-10-2022
Ran by ...
Running from ...
Loaded Profiles: ...
Platform: ...
Default browser: ...
Boot Mode: ...
==================== Processes (Whitelisted) =================
to and including this one.
All the lines between these 2 section of the log.
==================== Registry (Whitelisted) ===================
Post this result in your next reply.
If you can you can send me each section in it's own new topic and I will merge them.
- Oct 5, 2022
- 17
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-10-2022 01
Ran by Marcelino (administrator) on DESKTOP-8EA7VHH (LENOVO 20JJS1GT00) (08-10-2022 19:51:58)
Running from C:\Users\Marcelino\Desktop
Loaded Profiles: Marcelino
Platform: Microsoft Windows 10 Pro Version 21H2 19044.2006 (X64) Language: English (United States)
Default browser: Brave
Boot Mode: Normal
Ran by Marcelino (administrator) on DESKTOP-8EA7VHH (LENOVO 20JJS1GT00) (08-10-2022 19:51:58)
Running from C:\Users\Marcelino\Desktop
Loaded Profiles: Marcelino
Platform: Microsoft Windows 10 Pro Version 21H2 19044.2006 (X64) Language: English (United States)
Default browser: Brave
Boot Mode: Normal
- Oct 5, 2022
- 17
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [126403424 2022-03-21] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-447692794-3553672351-1439513873-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2630040 2022-09-28] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-447692794-3553672351-1439513873-1001\...\Run: [MicrosoftEdgeAutoLaunch_2637468F629D085AF58FF97A279BEA2A] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3795360 2022-09-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-447692794-3553672351-1439513873-1001\...\Run: [Lync] => C:\Program Files\Microsoft Office\root\Office16\lync.exe [26461552 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-447692794-3553672351-1439513873-1001\...\Run: [WarThunderLauncher] => "C:\Users\Marcelino\AppData\Local\WarThunder\launcher.exe" (No File)
HKU\S-1-5-21-447692794-3553672351-1439513873-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Marcelino\AppData\Local\Microsoft\Teams\Update.exe [2576128 2022-09-13] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-447692794-3553672351-1439513873-1001\...\RunOnce: [Application Restart #0] => C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe [2968368 2022-10-06] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\106.1.44.108\Installer\chrmstp.exe [2022-10-07] (Brave Software, Inc. -> Brave Software, Inc.)
Startup: C:\Users\Marcelino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2022-09-29]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Firebit OU -> Rainmeter)
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [126403424 2022-03-21] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-447692794-3553672351-1439513873-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2630040 2022-09-28] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-447692794-3553672351-1439513873-1001\...\Run: [MicrosoftEdgeAutoLaunch_2637468F629D085AF58FF97A279BEA2A] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3795360 2022-09-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-447692794-3553672351-1439513873-1001\...\Run: [Lync] => C:\Program Files\Microsoft Office\root\Office16\lync.exe [26461552 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-447692794-3553672351-1439513873-1001\...\Run: [WarThunderLauncher] => "C:\Users\Marcelino\AppData\Local\WarThunder\launcher.exe" (No File)
HKU\S-1-5-21-447692794-3553672351-1439513873-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Marcelino\AppData\Local\Microsoft\Teams\Update.exe [2576128 2022-09-13] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-447692794-3553672351-1439513873-1001\...\RunOnce: [Application Restart #0] => C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe [2968368 2022-10-06] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\106.1.44.108\Installer\chrmstp.exe [2022-10-07] (Brave Software, Inc. -> Brave Software, Inc.)
Startup: C:\Users\Marcelino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2022-09-29]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Firebit OU -> Rainmeter)
- Oct 5, 2022
- 17
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0277FEBC-81C9-4EE6-A478-7AA11553FDA8} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [165120 2022-04-24] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {0B9A7ED6-2EDD-49F8-BAC4-4A079B7B4AAB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1CB66DE3-3943-4727-A562-7962DC6D9D08} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142208 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {1F2E7058-7B85-41C1-87D4-4FD0081C4A22} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [149280 2022-09-23] (Lenovo -> Lenovo Group Ltd.)
Task: {30465312-0519-476A-AC96-E499EF0BDA64} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {36ABC681-F7AC-4F83-AA4D-E46A0A07A698} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23709120 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {416927A1-9415-419D-9D79-17D24C4209C8} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [165120 2022-04-24] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {42952BD2-6FBC-437B-BC48-2C9BA3987F65} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {48F07B8E-0F5D-4667-B6F4-3AED88AC2214} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [69056 2022-09-17] (Microsoft Corporation -> Microsoft)
Task: {4C07CC26-92BF-4502-919C-20E6B9397FAE} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {58B1944B-CFCC-47FF-99DB-478ABD6A3F42} - System32\Tasks\Power_a17007 => C:\Program Files\Cold Turkey\CTServiceInstaller.exe [20224 2021-02-19] (Cold Turkey Software, Inc. -> Cold Turkey Software Inc.)
Task: {60AB739F-574F-423F-9754-33DFCCEEDF7B} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [64256 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {64623DC6-69EF-406C-9CDB-B282F622A8B2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {64D889D4-1DA2-4B22-B148-8D6CA1D52190} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {69245592-6650-431D-9D99-E4BBF4647384} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {719827E8-772A-4EFD-9A72-E6F1DCE8BCF1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8517576 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {8217198B-DE8C-4D93-ADD7-08237D0182C9} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {85EC4AB5-628A-4FE0-AFB4-49412AB495EA} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {8A2140A0-85B8-4DD4-A3A4-DD065543292E} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4165016 2022-09-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {8C404A77-1CEF-4457-99A6-DE13971B7EA5} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\58cc1d76-4f33-4bde-ae6d-9fea1c5092de => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {90E8D318-EB2B-4221-861A-F2B28069E094} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {911D1705-0984-47EA-A103-7D0E4751AAA0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23709120 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {94124F9A-C156-4A4C-BFFA-8D3CAC8E7024} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [64408 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {A8DB8F4C-400E-43A7-B89A-BF92B3CF2326} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\WINDOWS\SysWOW64\PowerMgrInst.exe [63936 2021-12-03] (Lenovo -> )
Task: {ACD23635-1605-4037-9026-538351CD28BB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BAA25143-E641-43FD-A86E-AFF5FB872A1B} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-447692794-3553672351-1439513873-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4165016 2022-09-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {C243BBE9-905B-40D6-80FB-FE6494C0F7AA} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\c6adb83f-dc03-40c2-9799-f0015936b50e => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {CD64DE92-DA58-4CB5-B86B-8B2A9652B899} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.SScan => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {D2F401AA-5399-465A-8687-65B9142B0CC5} - System32\Tasks\Microsoft\Windows\Conexant\SA2 => C:\Program Files\CONEXANT\SAII\SACpl.exe [1832280 2017-06-07] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
Task: {D3F46FCF-0900-44CE-AD00-2A629E901642} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D998035B-B3E9-4CDC-AA1D-6374FEB29158} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142208 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {DCEDB43D-E4D9-465A-9139-CDB7CDC4B956} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {F3FA56C4-0BAE-4F31-9B5E-5762933E2C1A} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {F956AC7F-8CE0-4A3B-B010-93218FA905A5} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\7fd97bcf-7822-4277-a9f7-c9f4bc146d45 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {FBC684C9-7132-48F0-A3B1-AA7080DEC5D5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8517576 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {FCFA3921-C3CB-405D-B597-FFDF3AD07B68} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe [128976 2022-05-17] (Lenovo -> Lenovo)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0277FEBC-81C9-4EE6-A478-7AA11553FDA8} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [165120 2022-04-24] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {0B9A7ED6-2EDD-49F8-BAC4-4A079B7B4AAB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1CB66DE3-3943-4727-A562-7962DC6D9D08} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142208 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {1F2E7058-7B85-41C1-87D4-4FD0081C4A22} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [149280 2022-09-23] (Lenovo -> Lenovo Group Ltd.)
Task: {30465312-0519-476A-AC96-E499EF0BDA64} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {36ABC681-F7AC-4F83-AA4D-E46A0A07A698} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23709120 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {416927A1-9415-419D-9D79-17D24C4209C8} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [165120 2022-04-24] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {42952BD2-6FBC-437B-BC48-2C9BA3987F65} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {48F07B8E-0F5D-4667-B6F4-3AED88AC2214} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [69056 2022-09-17] (Microsoft Corporation -> Microsoft)
Task: {4C07CC26-92BF-4502-919C-20E6B9397FAE} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {58B1944B-CFCC-47FF-99DB-478ABD6A3F42} - System32\Tasks\Power_a17007 => C:\Program Files\Cold Turkey\CTServiceInstaller.exe [20224 2021-02-19] (Cold Turkey Software, Inc. -> Cold Turkey Software Inc.)
Task: {60AB739F-574F-423F-9754-33DFCCEEDF7B} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [64256 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {64623DC6-69EF-406C-9CDB-B282F622A8B2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {64D889D4-1DA2-4B22-B148-8D6CA1D52190} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {69245592-6650-431D-9D99-E4BBF4647384} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {719827E8-772A-4EFD-9A72-E6F1DCE8BCF1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8517576 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {8217198B-DE8C-4D93-ADD7-08237D0182C9} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {85EC4AB5-628A-4FE0-AFB4-49412AB495EA} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {8A2140A0-85B8-4DD4-A3A4-DD065543292E} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4165016 2022-09-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {8C404A77-1CEF-4457-99A6-DE13971B7EA5} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\58cc1d76-4f33-4bde-ae6d-9fea1c5092de => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {90E8D318-EB2B-4221-861A-F2B28069E094} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {911D1705-0984-47EA-A103-7D0E4751AAA0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23709120 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {94124F9A-C156-4A4C-BFFA-8D3CAC8E7024} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [64408 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {A8DB8F4C-400E-43A7-B89A-BF92B3CF2326} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\WINDOWS\SysWOW64\PowerMgrInst.exe [63936 2021-12-03] (Lenovo -> )
Task: {ACD23635-1605-4037-9026-538351CD28BB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BAA25143-E641-43FD-A86E-AFF5FB872A1B} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-447692794-3553672351-1439513873-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4165016 2022-09-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {C243BBE9-905B-40D6-80FB-FE6494C0F7AA} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\c6adb83f-dc03-40c2-9799-f0015936b50e => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {CD64DE92-DA58-4CB5-B86B-8B2A9652B899} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.SScan => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {D2F401AA-5399-465A-8687-65B9142B0CC5} - System32\Tasks\Microsoft\Windows\Conexant\SA2 => C:\Program Files\CONEXANT\SAII\SACpl.exe [1832280 2017-06-07] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
Task: {D3F46FCF-0900-44CE-AD00-2A629E901642} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D998035B-B3E9-4CDC-AA1D-6374FEB29158} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142208 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {DCEDB43D-E4D9-465A-9139-CDB7CDC4B956} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {F3FA56C4-0BAE-4F31-9B5E-5762933E2C1A} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {F956AC7F-8CE0-4A3B-B010-93218FA905A5} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\7fd97bcf-7822-4277-a9f7-c9f4bc146d45 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {FBC684C9-7132-48F0-A3B1-AA7080DEC5D5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8517576 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {FCFA3921-C3CB-405D-B597-FFDF3AD07B68} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe [128976 2022-05-17] (Lenovo -> Lenovo)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
- Oct 5, 2022
- 17
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0f62e563-d38a-4ac2-9f99-a8eb222c3cde}: [DhcpNameServer] 192.168.44.1
Tcpip\..\Interfaces\{a309d837-069f-4d31-8d12-bb7301875262}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{a309d837-069f-4d31-8d12-bb7301875262}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Marcelino\AppData\Local\Microsoft\Edge\User Data\Default [2022-10-05]
Edge Extension: (Mindful Browsing) - C:\Users\Marcelino\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cciemibfcmeeiijeefebhojenhnpoibc [2022-04-24]
Edge Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\Marcelino\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2022-06-11]
Edge Extension: (Cold Turkey Blocker) - C:\Users\Marcelino\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jfphahkinplobmabmgjmjgflbhjjddeb [2022-06-28]
Edge Extension: (AdBlock — best ad blocker) - C:\Users\Marcelino\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2022-08-30]
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-09-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-09-08] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-09-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-09-05] (Microsoft Corporation -> Microsoft Corporation)
Brave:
=======
BRA DefaultProfile: Default
BRA Profile: C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2022-10-08]
BRA Extension: (Google Translate) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2022-04-24]
BRA Extension: (Lean Library) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\hghakoefmnkhamdhenpbogkeopjlkpoa [2022-10-06]
BRA Extension: (Filter Anything Everywhere) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\jmandnadineideoebcmaekgaccoagnki [2022-10-01]
BRA Extension: (Cold Turkey Blocker) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\pganeibhckoanndahmnfggfoeofncnii [2022-06-02]
BRA Profile: C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\Guest Profile [2022-07-07]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2022-10-05]
BRA Extension: (Brave NTP background images) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2022-08-11]
BRA Extension: (Wallet Data Files Updater) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2022-09-16]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-10-08]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2022-04-28]
BRA Extension: (Brave NTP sponsored images) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2022-10-08]
BRA Extension: (Brave Ads Resources) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\iblokdlgekdjophgeonmanpnjihcjkjj [2022-10-05]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2022-04-24]
BRA Extension: (Brave Ads Resources) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\ocilmpijebaopmdifcomolmpigakocmo [2022-10-05]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2022-10-05]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [165120 2022-04-24] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [165120 2022-04-24] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12131256 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2020-06-02] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.186.0904.0001\FileSyncHelper.exe [3383704 2022-09-28] (Microsoft Corporation -> Microsoft Corporation)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
R2 Lenovo Instant On; C:\WINDOWS\SysWOW64\EasyResume.exe [2351304 2021-12-03] (Lenovo -> Lenovo Group Limited)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe [31072 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
S2 LPlatSvc; C:\WINDOWS\System32\LPlatSvc.exe [906216 2022-03-27] (Lenovo -> Lenovo)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8765464 2022-10-05] (Malwarebytes Inc. -> Malwarebytes)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.186.0904.0001\OneDriveUpdaterService.exe [3803544 2022-09-28] (Microsoft Corporation -> Microsoft Corporation)
R2 Power_a17007; C:\Program Files\Cold Turkey\ServiceHub.Power.exe [117008 2021-05-11] (Cold Turkey Software, Inc. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [224192 2022-09-18] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SSSvc; C:\ProgramData\Lenovo\ImController\Plugins\ThinkIntelligentSensingPackage\x86\SSSvc.exe [146200 2018-07-20] (Lenovo -> Lenovo)
R2 TPHKLOAD; C:\WINDOWS\System32\DriverStore\FileRepository\fn.inf_amd64_9c4c29de89199c58\driver\TPHKLOAD.exe [473760 2021-10-22] (Lenovo -> Lenovo Group Limited)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [142304 2022-06-01] (Microsoft Corporation -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\NisSrv.exe [3125112 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe [133560 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 BraveElevationService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\106.1.44.108\elevation_service.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 LenovoBoost; C:\WINDOWS\system32\DRIVERS\vanboost.sys [47888 2022-06-14] (Lenovo -> Lenovo Group Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-10-06] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-05-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-06-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsl7c521db3; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CB1F20A4-FCB8-4151-A3D6-6BAA50D7F639}\MpKslDrv.sys [228600 2022-10-07] (Microsoft Windows -> Microsoft Corporation)
R1 PMDRVS; C:\WINDOWS\System32\drivers\pmdrvs.sys [38888 2022-03-27] (Lenovo -> Lenovo)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167544 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 WacHIDRouterISDU; C:\WINDOWS\System32\drivers\WacHIDRouterISDU.sys [136952 2022-04-21] (Wacom Co., Ltd. -> Wacom Technology, Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2022-09-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [453904 2022-09-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [94480 2022-09-07] (Microsoft Windows -> Microsoft Corporation)
U4 npcap_wifi; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-10-08 19:51 - 2022-10-08 19:52 - 000031237 _____ C:\Users\Marcelino\Desktop\FRST.txt
2022-10-08 19:49 - 2022-10-08 19:49 - 002372096 _____ (Farbar) C:\Users\Marcelino\Desktop\FRST64.exe
2022-10-08 19:42 - 2022-10-08 19:42 - 000001753 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2022.lnk
2022-10-07 19:01 - 2022-10-07 19:01 - 000000000 ____D C:\Users\Marcelino\AppData\LocalLow\Plausible Concept
2022-10-06 16:59 - 2022-10-06 16:59 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-10-05 22:37 - 2022-10-08 19:52 - 000000000 ____D C:\FRST
2022-10-05 11:09 - 2022-10-05 11:09 - 000007639 _____ C:\Users\Marcelino\AppData\Local\Resmon.ResmonCfg
2022-10-05 10:22 - 2022-10-05 10:41 - 000036319 _____ C:\Users\Marcelino\Documents\Jacinta Semaan EB6a.pptx
2022-10-05 09:51 - 2022-10-05 09:51 - 000000063 _____ C:\Users\Marcelino\.gitconfig
2022-10-05 09:45 - 2022-10-08 17:53 - 000004174 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{A6C4FD6D-7C72-4028-B0ED-5CEDDF65DB18}
2022-10-01 08:02 - 2022-10-01 08:02 - 000000000 ___HD C:\$WinREAgent
2022-09-30 21:45 - 2022-09-30 21:45 - 000000000 ____D C:\Users\Marcelino\AppData\Local\IsolatedStorage
2022-09-30 09:43 - 2022-09-30 09:43 - 004311040 _____ C:\Users\Marcelino\Downloads\sfs4e_ppt_04.ppt
2022-09-29 09:17 - 2022-09-29 21:43 - 000000000 ____D C:\Users\Marcelino\AppData\Local\@anydoelectron-app-updater
2022-09-29 09:17 - 2022-09-29 09:17 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\@anydo
2022-09-25 11:37 - 2022-09-25 11:37 - 000000000 ____D C:\Program Files (x86)\Intel
2022-09-25 11:34 - 2022-05-09 00:12 - 000462736 _____ C:\WINDOWS\system32\ze_tracing_layer.dll
2022-09-25 11:34 - 2022-05-09 00:12 - 000385448 _____ C:\WINDOWS\system32\ze_loader.dll
2022-09-25 11:34 - 2022-05-09 00:12 - 000151976 _____ C:\WINDOWS\system32\ze_validation_layer.dll
2022-09-25 11:33 - 2022-05-09 00:14 - 000513272 _____ (Intel) C:\WINDOWS\system32\libvpl.dll
2022-09-25 11:33 - 2022-05-09 00:14 - 000445496 _____ (Intel) C:\WINDOWS\SysWOW64\libvpl.dll
2022-09-25 11:33 - 2022-05-09 00:13 - 000602960 _____ (Intel Corporation) C:\WINDOWS\system32\intel_gfx_api-x64.dll
2022-09-25 11:33 - 2022-05-09 00:13 - 000461976 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\intel_gfx_api-x86.dll
2022-09-25 11:33 - 2022-05-09 00:12 - 001897072 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2022-09-25 11:33 - 2022-05-09 00:12 - 001897072 _____ C:\WINDOWS\system32\vulkaninfo.exe
2022-09-25 11:33 - 2022-05-09 00:12 - 001474672 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-09-25 11:33 - 2022-05-09 00:12 - 001474672 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2022-09-25 11:33 - 2022-05-09 00:12 - 001333472 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2022-09-25 11:33 - 2022-05-09 00:12 - 001333472 _____ C:\WINDOWS\system32\vulkan-1.dll
2022-09-25 11:33 - 2022-05-09 00:12 - 001052832 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2022-09-25 11:33 - 2022-05-09 00:12 - 001052832 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2022-09-25 11:33 - 2022-05-09 00:12 - 000509864 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2022-09-25 11:33 - 2022-05-09 00:12 - 000372624 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2022-09-25 11:33 - 2022-05-09 00:11 - 000296832 _____ C:\WINDOWS\system32\igfxCPL.cpl
2022-09-25 11:32 - 2022-05-09 00:12 - 000176104 _____ C:\WINDOWS\system32\ControlLib32.dll
2022-09-25 11:32 - 2022-05-09 00:11 - 000220520 _____ C:\WINDOWS\system32\ControlLib.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 002251288 _____ (Intel Corporation) C:\WINDOWS\system32\qve.signed.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 002104328 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_dcap_quoteverify.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000805928 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_quote_ex.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000693768 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_quote_ex.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000693768 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_epid.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000688136 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_launch.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000173064 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_dcap_ql.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000130600 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_urts.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000106504 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_urts.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000057864 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_enclave_common.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000047128 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_platform.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000042528 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_uae_service.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000035848 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_uae_service.dll
2022-09-25 11:29 - 2022-06-13 01:54 - 001113120 _____ (Intel Corporation) C:\WINDOWS\system32\qe3.signed.dll
2022-09-25 11:29 - 2022-06-13 01:54 - 000806432 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_epid.dll
2022-09-25 11:29 - 2022-06-13 01:54 - 000801824 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_launch.dll
2022-09-25 11:29 - 2022-06-13 01:54 - 000712216 _____ (Intel Corporation) C:\WINDOWS\system32\pce.signed.dll
2022-09-25 11:29 - 2022-06-13 01:54 - 000145944 _____ (Intel Corporation) C:\WINDOWS\system32\id_enclave.signed.dll
2022-09-25 11:29 - 2022-06-13 01:54 - 000072736 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_enclave_common.dll
2022-09-25 11:29 - 2022-06-13 01:54 - 000057896 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_platform.dll
2022-09-25 11:28 - 2022-09-25 11:28 - 000000000 ____D C:\Program Files\Lenovo
2022-09-25 11:28 - 2022-05-26 14:12 - 002519008 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\wintab32.dll
2022-09-25 11:28 - 2022-05-26 14:12 - 001951024 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\ISD_Tablet.dll
2022-09-25 11:28 - 2022-05-26 14:12 - 001924024 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\wintab32.dll
2022-09-25 11:28 - 2022-05-26 14:12 - 001565488 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\ISD_Tablet.dll
2022-09-25 11:28 - 2022-05-26 14:12 - 000774352 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\WacomCustomBT-Single.exe
2022-09-25 11:28 - 2022-05-26 14:12 - 000774352 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\WacomCustomBT-Long.exe
2022-09-25 11:28 - 2022-05-26 14:12 - 000774352 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\WacomCustomBT-Double.exe
2022-09-24 10:20 - 2022-09-24 10:20 - 000101230 _____ C:\Users\Marcelino\Downloads\رزنامة عمل 2022-2023.pdf
2022-09-22 10:27 - 2022-09-22 10:27 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2022-09-21 15:33 - 2022-09-21 15:33 - 000000000 ____D C:\Users\Marcelino\AppData\Local\Gaijin
2022-09-21 15:33 - 2022-09-21 15:33 - 000000000 ____D C:\ProgramData\Gaijin
2022-09-19 20:40 - 2022-09-19 20:40 - 000001085 _____ C:\Users\Marcelino\Desktop\College stuff - Shortcut.lnk
2022-09-18 19:16 - 2022-09-30 17:00 - 013634861 _____ C:\Users\Marcelino\Downloads\Oral presentation-DESKTOP-8EA7VHH.pptx
2022-09-18 12:01 - 2022-09-18 12:01 - 000011813 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-09-18 12:00 - 2022-09-18 12:00 - 000413696 _____ C:\WINDOWS\system32\AzureCheck.dll
2022-09-18 12:00 - 2022-09-18 12:00 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-09-18 12:00 - 2022-09-18 12:00 - 000098816 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2022-09-18 12:00 - 2022-09-18 12:00 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2022-09-17 19:49 - 2022-09-17 19:53 - 000000000 ____D C:\Program Files (x86)\dotnet
2022-09-17 18:02 - 2022-09-18 19:17 - 000000000 ___RD C:\Users\Marcelino\OneDrive - Université Saint-Esprit de Kaslik
2022-09-15 10:55 - 2022-09-15 10:55 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\com.adobe.dunamis
2022-09-14 14:10 - 2022-09-14 14:10 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\Skype
2022-09-13 10:57 - 2022-09-13 10:57 - 000002384 _____ C:\Users\Marcelino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2022-09-12 20:27 - 2022-09-12 20:27 - 000000000 ____D C:\Users\Marcelino\AppData\Local\CEF
2022-09-12 17:39 - 2022-09-29 09:12 - 000001747 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
2022-09-12 17:39 - 2022-09-29 09:12 - 000000000 ____D C:\Program Files\Rainmeter
2022-09-12 17:39 - 2022-09-26 18:12 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\Rainmeter
2022-09-12 17:39 - 2022-09-12 17:39 - 000000000 ____D C:\Users\Marcelino\Documents\Rainmeter
2022-09-11 17:28 - 2022-10-05 09:45 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\Adobe
2022-09-11 17:28 - 2022-09-30 18:05 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-09-11 17:28 - 2022-09-14 19:56 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2022-09-11 17:28 - 2022-09-11 17:28 - 000000000 ____D C:\Users\Marcelino\AppData\Local\SolidDocuments
2022-09-11 17:28 - 2022-09-11 17:28 - 000000000 ____D C:\Users\Marcelino\.ms-ad
2022-09-11 17:27 - 2022-09-11 17:27 - 000000000 ____D C:\Program Files\Adobe
2022-09-11 17:26 - 2022-09-11 17:29 - 000000000 ____D C:\ProgramData\Adobe
2022-09-11 17:26 - 2022-09-11 17:27 - 000000000 ____D C:\Program Files\Common Files\Adobe
2022-09-11 17:12 - 2022-09-12 20:27 - 000000000 ____D C:\Users\Marcelino\AppData\Local\Adobe
2022-09-11 17:11 - 2022-09-11 17:11 - 000000162 ____H C:\Users\Marcelino\Downloads\~$ecalculus graphical, numerical, algebraic (Demana, Franklin D) (z-lib.org).pdf
2022-09-09 20:25 - 2022-09-09 20:25 - 000000000 ____D C:\Users\Marcelino\AppData\LocalLow\Temp
2022-09-09 02:11 - 2022-09-09 02:11 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\NuGet
2022-09-09 02:10 - 2022-09-09 02:10 - 000000000 ____D C:\Users\Marcelino\source
2022-09-09 02:10 - 2022-09-09 02:10 - 000000000 ____D C:\Users\Marcelino\AppData\Local\ServiceHub
2022-09-09 02:10 - 2022-09-09 02:10 - 000000000 ____D C:\Users\Marcelino\AppData\Local\IdentityNexusIntegration
2022-09-09 00:03 - 2022-09-09 02:11 - 000000000 ____D C:\Users\Marcelino\Documents\Visual Studio 2022
2022-09-09 00:03 - 2022-09-09 00:03 - 000000000 ____D C:\Users\Marcelino\AppData\Local\Microsoft SDKs
2022-09-09 00:03 - 2022-09-09 00:03 - 000000000 ____D C:\Users\Marcelino\.templateengine
2022-09-09 00:02 - 2022-10-08 19:53 - 000000000 ____D C:\Users\Marcelino\AppData\Local\.IdentityService
2022-09-08 23:56 - 2022-09-08 23:56 - 000001754 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2022.lnk
2022-09-08 23:56 - 2022-09-08 23:56 - 000000000 ____D C:\Program Files (x86)\HTML Help Workshop
2022-09-08 23:54 - 2022-09-08 23:54 - 000000000 ____D C:\ProgramData\Windows App Certification Kit
2022-09-08 23:54 - 2022-09-08 23:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2022-09-08 23:54 - 2022-09-08 23:54 - 000000000 ____D C:\Program Files\Application Verifier
2022-09-08 23:54 - 2022-09-08 23:54 - 000000000 ____D C:\Program Files (x86)\Application Verifier
2022-09-08 23:53 - 2019-12-06 16:35 - 000374784 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DXCpl.exe
2022-09-08 23:53 - 2019-12-06 16:34 - 000417792 _____ C:\WINDOWS\system32\d3dconfig.exe
2022-09-08 23:53 - 2019-12-06 16:27 - 000347136 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DXCpl.exe
2022-09-08 23:53 - 2019-12-06 16:26 - 000365056 _____ C:\WINDOWS\SysWOW64\d3dconfig.exe
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\3082
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\2052
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1055
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1049
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1046
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1045
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1042
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1041
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1040
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1036
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1033
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1031
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1029
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1028
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\3082
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\2052
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1055
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1049
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1046
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1045
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1042
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1041
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1040
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1036
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1033
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1031
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1029
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1028
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\Program Files (x86)\NuGet
2022-09-08 23:49 - 2022-09-17 20:09 - 000000000 ____D C:\Users\Marcelino\.dotnet
2022-09-08 23:49 - 2022-09-17 20:09 - 000000000 ____D C:\Program Files\dotnet
2022-09-08 23:47 - 2022-09-08 23:47 - 000000000 ____D C:\Program Files\Microsoft SQL Server
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-10-08 19:53 - 2022-06-02 18:19 - 000000000 ____D C:\ProgramData\Cold Turkey
2022-10-08 19:40 - 2022-04-25 05:50 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-10-08 19:28 - 2022-04-25 05:49 - 000000000 ____D C:\WINDOWS\INF
2022-10-08 19:28 - 2022-04-24 19:10 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-10-08 18:13 - 2022-04-24 18:58 - 000000000 ____D C:\ProgramData\UIU
2022-10-08 18:13 - 2022-04-24 18:58 - 000000000 ____D C:\Program Files\CONEXANT
2022-10-08 17:49 - 2022-02-21 05:43 - 000000000 __SHD C:\Users\Marcelino\IntelGraphicsProfiles
2022-10-08 13:18 - 2022-06-07 12:30 - 000000000 ____D C:\Users\Marcelino\Desktop\My stuff
2022-10-08 13:17 - 2022-04-24 20:23 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\WhatsApp
2022-10-08 12:20 - 2022-04-24 18:57 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-10-07 12:39 - 2022-04-24 19:09 - 000000000 ____D C:\Users\Marcelino\AppData\Local\Packages
2022-10-07 11:02 - 2022-04-24 19:24 - 000002364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2022-10-06 22:09 - 2022-09-05 19:20 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\Telegram Desktop
2022-10-05 10:50 - 2022-06-01 10:51 - 000000000 ____D C:\Users\Marcelino\AppData\Local\CrashDumps
2022-10-05 09:51 - 2022-04-24 19:01 - 000000000 ____D C:\Users\Marcelino
2022-10-05 08:44 - 2022-04-25 05:50 - 000000000 ___HD C:\Program Files\WindowsApps
2022-10-05 08:44 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-10-04 21:30 - 2022-06-12 11:49 - 000000000 ____D C:\WINDOWS\TempInst
2022-10-01 08:43 - 2022-04-25 05:54 - 000000000 ____D C:\Intel
2022-10-01 08:43 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\ServiceState
2022-10-01 08:43 - 2022-04-24 18:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-10-01 08:43 - 2022-02-21 05:38 - 000008192 ___SH C:\DumpStack.log.tmp
2022-10-01 08:42 - 2022-04-25 05:46 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-09-30 18:36 - 2022-04-24 19:26 - 000000000 ____D C:\Users\Marcelino\AppData\Local\D3DSCache
2022-09-30 12:35 - 2022-06-23 20:09 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2022-09-30 12:10 - 2022-06-12 11:21 - 000015474 _____ C:\WINDOWS\storelibdebug.txt
2022-09-29 21:34 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-09-29 09:54 - 2022-02-21 05:43 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-09-29 09:47 - 2022-04-24 19:28 - 000000000 ____D C:\Users\Marcelino\AppData\Local\PlaceholderTileLogoFolder
2022-09-29 09:47 - 2022-04-24 19:09 - 000000000 ____D C:\ProgramData\Packages
2022-09-28 21:05 - 2022-06-19 18:14 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-09-28 21:05 - 2022-06-19 18:14 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-09-28 21:05 - 2022-04-27 09:24 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-447692794-3553672351-1439513873-1001
2022-09-25 15:26 - 2022-08-25 20:30 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\cookie-electron
2022-09-25 11:58 - 2022-04-25 05:46 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-09-18 12:15 - 2022-09-07 09:06 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2022-09-18 12:15 - 2022-04-24 18:57 - 000464752 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\SystemResources
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\system32\setup
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\Provisioning
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-09-18 12:00 - 2022-04-24 18:59 - 003011072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-09-18 09:37 - 2022-04-24 20:23 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2022-09-18 09:37 - 2022-04-24 20:23 - 000000000 ____D C:\Users\Marcelino\AppData\Local\WhatsApp
2022-09-18 09:33 - 2022-07-23 18:50 - 000000000 ____D C:\Program Files\Npcap
2022-09-17 19:48 - 2022-04-24 20:22 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-09-17 19:46 - 2022-04-24 20:21 - 141646296 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-09-17 19:33 - 2022-09-07 09:08 - 000001429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2022-09-17 19:28 - 2022-09-05 18:31 - 000000000 ____D C:\Program Files\Microsoft Office
2022-09-17 18:02 - 2022-02-21 06:16 - 000000000 ___RD C:\Users\Marcelino\OneDrive
2022-09-17 17:19 - 2022-02-21 05:38 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-09-15 18:03 - 2022-09-07 09:26 - 000000000 ____D C:\Users\Marcelino\Documents\Sound recordings
2022-09-15 10:56 - 2022-07-01 13:04 - 000000000 ____D C:\Users\Marcelino\AppData\Local\ElevatedDiagnostics
2022-09-13 10:57 - 2022-04-24 20:23 - 000000000 ____D C:\Users\Marcelino\AppData\Local\SquirrelTemp
2022-09-11 18:02 - 2022-06-23 19:34 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\krita
2022-09-09 00:01 - 2022-09-07 13:51 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2022-09-08 23:54 - 2022-04-24 21:59 - 000000000 ____D C:\ProgramData\Package Cache
==================== Files in the root of some directories ========
2022-06-26 16:23 - 2022-06-26 16:23 - 000000356 _____ () C:\Users\Marcelino\AppData\Local\karboncalligraphyrc
2022-10-05 11:09 - 2022-10-05 11:09 - 000007639 _____ () C:\Users\Marcelino\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0f62e563-d38a-4ac2-9f99-a8eb222c3cde}: [DhcpNameServer] 192.168.44.1
Tcpip\..\Interfaces\{a309d837-069f-4d31-8d12-bb7301875262}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{a309d837-069f-4d31-8d12-bb7301875262}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Marcelino\AppData\Local\Microsoft\Edge\User Data\Default [2022-10-05]
Edge Extension: (Mindful Browsing) - C:\Users\Marcelino\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cciemibfcmeeiijeefebhojenhnpoibc [2022-04-24]
Edge Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\Marcelino\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2022-06-11]
Edge Extension: (Cold Turkey Blocker) - C:\Users\Marcelino\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jfphahkinplobmabmgjmjgflbhjjddeb [2022-06-28]
Edge Extension: (AdBlock — best ad blocker) - C:\Users\Marcelino\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2022-08-30]
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-09-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-09-08] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-09-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-09-05] (Microsoft Corporation -> Microsoft Corporation)
Brave:
=======
BRA DefaultProfile: Default
BRA Profile: C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2022-10-08]
BRA Extension: (Google Translate) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2022-04-24]
BRA Extension: (Lean Library) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\hghakoefmnkhamdhenpbogkeopjlkpoa [2022-10-06]
BRA Extension: (Filter Anything Everywhere) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\jmandnadineideoebcmaekgaccoagnki [2022-10-01]
BRA Extension: (Cold Turkey Blocker) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\pganeibhckoanndahmnfggfoeofncnii [2022-06-02]
BRA Profile: C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\Guest Profile [2022-07-07]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2022-10-05]
BRA Extension: (Brave NTP background images) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2022-08-11]
BRA Extension: (Wallet Data Files Updater) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2022-09-16]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-10-08]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2022-04-28]
BRA Extension: (Brave NTP sponsored images) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2022-10-08]
BRA Extension: (Brave Ads Resources) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\iblokdlgekdjophgeonmanpnjihcjkjj [2022-10-05]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2022-04-24]
BRA Extension: (Brave Ads Resources) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\ocilmpijebaopmdifcomolmpigakocmo [2022-10-05]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2022-10-05]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [165120 2022-04-24] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [165120 2022-04-24] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12131256 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2020-06-02] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.186.0904.0001\FileSyncHelper.exe [3383704 2022-09-28] (Microsoft Corporation -> Microsoft Corporation)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
R2 Lenovo Instant On; C:\WINDOWS\SysWOW64\EasyResume.exe [2351304 2021-12-03] (Lenovo -> Lenovo Group Limited)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe [31072 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
S2 LPlatSvc; C:\WINDOWS\System32\LPlatSvc.exe [906216 2022-03-27] (Lenovo -> Lenovo)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8765464 2022-10-05] (Malwarebytes Inc. -> Malwarebytes)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.186.0904.0001\OneDriveUpdaterService.exe [3803544 2022-09-28] (Microsoft Corporation -> Microsoft Corporation)
R2 Power_a17007; C:\Program Files\Cold Turkey\ServiceHub.Power.exe [117008 2021-05-11] (Cold Turkey Software, Inc. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [224192 2022-09-18] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SSSvc; C:\ProgramData\Lenovo\ImController\Plugins\ThinkIntelligentSensingPackage\x86\SSSvc.exe [146200 2018-07-20] (Lenovo -> Lenovo)
R2 TPHKLOAD; C:\WINDOWS\System32\DriverStore\FileRepository\fn.inf_amd64_9c4c29de89199c58\driver\TPHKLOAD.exe [473760 2021-10-22] (Lenovo -> Lenovo Group Limited)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [142304 2022-06-01] (Microsoft Corporation -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\NisSrv.exe [3125112 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe [133560 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 BraveElevationService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\106.1.44.108\elevation_service.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 LenovoBoost; C:\WINDOWS\system32\DRIVERS\vanboost.sys [47888 2022-06-14] (Lenovo -> Lenovo Group Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-10-06] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-05-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-06-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsl7c521db3; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CB1F20A4-FCB8-4151-A3D6-6BAA50D7F639}\MpKslDrv.sys [228600 2022-10-07] (Microsoft Windows -> Microsoft Corporation)
R1 PMDRVS; C:\WINDOWS\System32\drivers\pmdrvs.sys [38888 2022-03-27] (Lenovo -> Lenovo)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167544 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 WacHIDRouterISDU; C:\WINDOWS\System32\drivers\WacHIDRouterISDU.sys [136952 2022-04-21] (Wacom Co., Ltd. -> Wacom Technology, Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2022-09-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [453904 2022-09-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [94480 2022-09-07] (Microsoft Windows -> Microsoft Corporation)
U4 npcap_wifi; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-10-08 19:51 - 2022-10-08 19:52 - 000031237 _____ C:\Users\Marcelino\Desktop\FRST.txt
2022-10-08 19:49 - 2022-10-08 19:49 - 002372096 _____ (Farbar) C:\Users\Marcelino\Desktop\FRST64.exe
2022-10-08 19:42 - 2022-10-08 19:42 - 000001753 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2022.lnk
2022-10-07 19:01 - 2022-10-07 19:01 - 000000000 ____D C:\Users\Marcelino\AppData\LocalLow\Plausible Concept
2022-10-06 16:59 - 2022-10-06 16:59 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-10-05 22:37 - 2022-10-08 19:52 - 000000000 ____D C:\FRST
2022-10-05 11:09 - 2022-10-05 11:09 - 000007639 _____ C:\Users\Marcelino\AppData\Local\Resmon.ResmonCfg
2022-10-05 10:22 - 2022-10-05 10:41 - 000036319 _____ C:\Users\Marcelino\Documents\Jacinta Semaan EB6a.pptx
2022-10-05 09:51 - 2022-10-05 09:51 - 000000063 _____ C:\Users\Marcelino\.gitconfig
2022-10-05 09:45 - 2022-10-08 17:53 - 000004174 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{A6C4FD6D-7C72-4028-B0ED-5CEDDF65DB18}
2022-10-01 08:02 - 2022-10-01 08:02 - 000000000 ___HD C:\$WinREAgent
2022-09-30 21:45 - 2022-09-30 21:45 - 000000000 ____D C:\Users\Marcelino\AppData\Local\IsolatedStorage
2022-09-30 09:43 - 2022-09-30 09:43 - 004311040 _____ C:\Users\Marcelino\Downloads\sfs4e_ppt_04.ppt
2022-09-29 09:17 - 2022-09-29 21:43 - 000000000 ____D C:\Users\Marcelino\AppData\Local\@anydoelectron-app-updater
2022-09-29 09:17 - 2022-09-29 09:17 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\@anydo
2022-09-25 11:37 - 2022-09-25 11:37 - 000000000 ____D C:\Program Files (x86)\Intel
2022-09-25 11:34 - 2022-05-09 00:12 - 000462736 _____ C:\WINDOWS\system32\ze_tracing_layer.dll
2022-09-25 11:34 - 2022-05-09 00:12 - 000385448 _____ C:\WINDOWS\system32\ze_loader.dll
2022-09-25 11:34 - 2022-05-09 00:12 - 000151976 _____ C:\WINDOWS\system32\ze_validation_layer.dll
2022-09-25 11:33 - 2022-05-09 00:14 - 000513272 _____ (Intel) C:\WINDOWS\system32\libvpl.dll
2022-09-25 11:33 - 2022-05-09 00:14 - 000445496 _____ (Intel) C:\WINDOWS\SysWOW64\libvpl.dll
2022-09-25 11:33 - 2022-05-09 00:13 - 000602960 _____ (Intel Corporation) C:\WINDOWS\system32\intel_gfx_api-x64.dll
2022-09-25 11:33 - 2022-05-09 00:13 - 000461976 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\intel_gfx_api-x86.dll
2022-09-25 11:33 - 2022-05-09 00:12 - 001897072 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2022-09-25 11:33 - 2022-05-09 00:12 - 001897072 _____ C:\WINDOWS\system32\vulkaninfo.exe
2022-09-25 11:33 - 2022-05-09 00:12 - 001474672 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-09-25 11:33 - 2022-05-09 00:12 - 001474672 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2022-09-25 11:33 - 2022-05-09 00:12 - 001333472 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2022-09-25 11:33 - 2022-05-09 00:12 - 001333472 _____ C:\WINDOWS\system32\vulkan-1.dll
2022-09-25 11:33 - 2022-05-09 00:12 - 001052832 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2022-09-25 11:33 - 2022-05-09 00:12 - 001052832 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2022-09-25 11:33 - 2022-05-09 00:12 - 000509864 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2022-09-25 11:33 - 2022-05-09 00:12 - 000372624 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2022-09-25 11:33 - 2022-05-09 00:11 - 000296832 _____ C:\WINDOWS\system32\igfxCPL.cpl
2022-09-25 11:32 - 2022-05-09 00:12 - 000176104 _____ C:\WINDOWS\system32\ControlLib32.dll
2022-09-25 11:32 - 2022-05-09 00:11 - 000220520 _____ C:\WINDOWS\system32\ControlLib.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 002251288 _____ (Intel Corporation) C:\WINDOWS\system32\qve.signed.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 002104328 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_dcap_quoteverify.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000805928 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_quote_ex.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000693768 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_quote_ex.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000693768 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_epid.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000688136 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_launch.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000173064 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_dcap_ql.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000130600 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_urts.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000106504 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_urts.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000057864 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_enclave_common.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000047128 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_platform.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000042528 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_uae_service.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000035848 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_uae_service.dll
2022-09-25 11:29 - 2022-06-13 01:54 - 001113120 _____ (Intel Corporation) C:\WINDOWS\system32\qe3.signed.dll
2022-09-25 11:29 - 2022-06-13 01:54 - 000806432 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_epid.dll
2022-09-25 11:29 - 2022-06-13 01:54 - 000801824 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_launch.dll
2022-09-25 11:29 - 2022-06-13 01:54 - 000712216 _____ (Intel Corporation) C:\WINDOWS\system32\pce.signed.dll
2022-09-25 11:29 - 2022-06-13 01:54 - 000145944 _____ (Intel Corporation) C:\WINDOWS\system32\id_enclave.signed.dll
2022-09-25 11:29 - 2022-06-13 01:54 - 000072736 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_enclave_common.dll
2022-09-25 11:29 - 2022-06-13 01:54 - 000057896 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_platform.dll
2022-09-25 11:28 - 2022-09-25 11:28 - 000000000 ____D C:\Program Files\Lenovo
2022-09-25 11:28 - 2022-05-26 14:12 - 002519008 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\wintab32.dll
2022-09-25 11:28 - 2022-05-26 14:12 - 001951024 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\ISD_Tablet.dll
2022-09-25 11:28 - 2022-05-26 14:12 - 001924024 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\wintab32.dll
2022-09-25 11:28 - 2022-05-26 14:12 - 001565488 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\ISD_Tablet.dll
2022-09-25 11:28 - 2022-05-26 14:12 - 000774352 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\WacomCustomBT-Single.exe
2022-09-25 11:28 - 2022-05-26 14:12 - 000774352 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\WacomCustomBT-Long.exe
2022-09-25 11:28 - 2022-05-26 14:12 - 000774352 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\WacomCustomBT-Double.exe
2022-09-24 10:20 - 2022-09-24 10:20 - 000101230 _____ C:\Users\Marcelino\Downloads\رزنامة عمل 2022-2023.pdf
2022-09-22 10:27 - 2022-09-22 10:27 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2022-09-21 15:33 - 2022-09-21 15:33 - 000000000 ____D C:\Users\Marcelino\AppData\Local\Gaijin
2022-09-21 15:33 - 2022-09-21 15:33 - 000000000 ____D C:\ProgramData\Gaijin
2022-09-19 20:40 - 2022-09-19 20:40 - 000001085 _____ C:\Users\Marcelino\Desktop\College stuff - Shortcut.lnk
2022-09-18 19:16 - 2022-09-30 17:00 - 013634861 _____ C:\Users\Marcelino\Downloads\Oral presentation-DESKTOP-8EA7VHH.pptx
2022-09-18 12:01 - 2022-09-18 12:01 - 000011813 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-09-18 12:00 - 2022-09-18 12:00 - 000413696 _____ C:\WINDOWS\system32\AzureCheck.dll
2022-09-18 12:00 - 2022-09-18 12:00 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-09-18 12:00 - 2022-09-18 12:00 - 000098816 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2022-09-18 12:00 - 2022-09-18 12:00 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2022-09-17 19:49 - 2022-09-17 19:53 - 000000000 ____D C:\Program Files (x86)\dotnet
2022-09-17 18:02 - 2022-09-18 19:17 - 000000000 ___RD C:\Users\Marcelino\OneDrive - Université Saint-Esprit de Kaslik
2022-09-15 10:55 - 2022-09-15 10:55 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\com.adobe.dunamis
2022-09-14 14:10 - 2022-09-14 14:10 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\Skype
2022-09-13 10:57 - 2022-09-13 10:57 - 000002384 _____ C:\Users\Marcelino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2022-09-12 20:27 - 2022-09-12 20:27 - 000000000 ____D C:\Users\Marcelino\AppData\Local\CEF
2022-09-12 17:39 - 2022-09-29 09:12 - 000001747 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
2022-09-12 17:39 - 2022-09-29 09:12 - 000000000 ____D C:\Program Files\Rainmeter
2022-09-12 17:39 - 2022-09-26 18:12 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\Rainmeter
2022-09-12 17:39 - 2022-09-12 17:39 - 000000000 ____D C:\Users\Marcelino\Documents\Rainmeter
2022-09-11 17:28 - 2022-10-05 09:45 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\Adobe
2022-09-11 17:28 - 2022-09-30 18:05 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-09-11 17:28 - 2022-09-14 19:56 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2022-09-11 17:28 - 2022-09-11 17:28 - 000000000 ____D C:\Users\Marcelino\AppData\Local\SolidDocuments
2022-09-11 17:28 - 2022-09-11 17:28 - 000000000 ____D C:\Users\Marcelino\.ms-ad
2022-09-11 17:27 - 2022-09-11 17:27 - 000000000 ____D C:\Program Files\Adobe
2022-09-11 17:26 - 2022-09-11 17:29 - 000000000 ____D C:\ProgramData\Adobe
2022-09-11 17:26 - 2022-09-11 17:27 - 000000000 ____D C:\Program Files\Common Files\Adobe
2022-09-11 17:12 - 2022-09-12 20:27 - 000000000 ____D C:\Users\Marcelino\AppData\Local\Adobe
2022-09-11 17:11 - 2022-09-11 17:11 - 000000162 ____H C:\Users\Marcelino\Downloads\~$ecalculus graphical, numerical, algebraic (Demana, Franklin D) (z-lib.org).pdf
2022-09-09 20:25 - 2022-09-09 20:25 - 000000000 ____D C:\Users\Marcelino\AppData\LocalLow\Temp
2022-09-09 02:11 - 2022-09-09 02:11 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\NuGet
2022-09-09 02:10 - 2022-09-09 02:10 - 000000000 ____D C:\Users\Marcelino\source
2022-09-09 02:10 - 2022-09-09 02:10 - 000000000 ____D C:\Users\Marcelino\AppData\Local\ServiceHub
2022-09-09 02:10 - 2022-09-09 02:10 - 000000000 ____D C:\Users\Marcelino\AppData\Local\IdentityNexusIntegration
2022-09-09 00:03 - 2022-09-09 02:11 - 000000000 ____D C:\Users\Marcelino\Documents\Visual Studio 2022
2022-09-09 00:03 - 2022-09-09 00:03 - 000000000 ____D C:\Users\Marcelino\AppData\Local\Microsoft SDKs
2022-09-09 00:03 - 2022-09-09 00:03 - 000000000 ____D C:\Users\Marcelino\.templateengine
2022-09-09 00:02 - 2022-10-08 19:53 - 000000000 ____D C:\Users\Marcelino\AppData\Local\.IdentityService
2022-09-08 23:56 - 2022-09-08 23:56 - 000001754 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2022.lnk
2022-09-08 23:56 - 2022-09-08 23:56 - 000000000 ____D C:\Program Files (x86)\HTML Help Workshop
2022-09-08 23:54 - 2022-09-08 23:54 - 000000000 ____D C:\ProgramData\Windows App Certification Kit
2022-09-08 23:54 - 2022-09-08 23:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2022-09-08 23:54 - 2022-09-08 23:54 - 000000000 ____D C:\Program Files\Application Verifier
2022-09-08 23:54 - 2022-09-08 23:54 - 000000000 ____D C:\Program Files (x86)\Application Verifier
2022-09-08 23:53 - 2019-12-06 16:35 - 000374784 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DXCpl.exe
2022-09-08 23:53 - 2019-12-06 16:34 - 000417792 _____ C:\WINDOWS\system32\d3dconfig.exe
2022-09-08 23:53 - 2019-12-06 16:27 - 000347136 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DXCpl.exe
2022-09-08 23:53 - 2019-12-06 16:26 - 000365056 _____ C:\WINDOWS\SysWOW64\d3dconfig.exe
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\3082
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\2052
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1055
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1049
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1046
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1045
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1042
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1041
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1040
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1036
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1033
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1031
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1029
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1028
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\3082
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\2052
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1055
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1049
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1046
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1045
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1042
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1041
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1040
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1036
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1033
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1031
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1029
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1028
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\Program Files (x86)\NuGet
2022-09-08 23:49 - 2022-09-17 20:09 - 000000000 ____D C:\Users\Marcelino\.dotnet
2022-09-08 23:49 - 2022-09-17 20:09 - 000000000 ____D C:\Program Files\dotnet
2022-09-08 23:47 - 2022-09-08 23:47 - 000000000 ____D C:\Program Files\Microsoft SQL Server
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-10-08 19:53 - 2022-06-02 18:19 - 000000000 ____D C:\ProgramData\Cold Turkey
2022-10-08 19:40 - 2022-04-25 05:50 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-10-08 19:28 - 2022-04-25 05:49 - 000000000 ____D C:\WINDOWS\INF
2022-10-08 19:28 - 2022-04-24 19:10 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-10-08 18:13 - 2022-04-24 18:58 - 000000000 ____D C:\ProgramData\UIU
2022-10-08 18:13 - 2022-04-24 18:58 - 000000000 ____D C:\Program Files\CONEXANT
2022-10-08 17:49 - 2022-02-21 05:43 - 000000000 __SHD C:\Users\Marcelino\IntelGraphicsProfiles
2022-10-08 13:18 - 2022-06-07 12:30 - 000000000 ____D C:\Users\Marcelino\Desktop\My stuff
2022-10-08 13:17 - 2022-04-24 20:23 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\WhatsApp
2022-10-08 12:20 - 2022-04-24 18:57 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-10-07 12:39 - 2022-04-24 19:09 - 000000000 ____D C:\Users\Marcelino\AppData\Local\Packages
2022-10-07 11:02 - 2022-04-24 19:24 - 000002364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2022-10-06 22:09 - 2022-09-05 19:20 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\Telegram Desktop
2022-10-05 10:50 - 2022-06-01 10:51 - 000000000 ____D C:\Users\Marcelino\AppData\Local\CrashDumps
2022-10-05 09:51 - 2022-04-24 19:01 - 000000000 ____D C:\Users\Marcelino
2022-10-05 08:44 - 2022-04-25 05:50 - 000000000 ___HD C:\Program Files\WindowsApps
2022-10-05 08:44 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-10-04 21:30 - 2022-06-12 11:49 - 000000000 ____D C:\WINDOWS\TempInst
2022-10-01 08:43 - 2022-04-25 05:54 - 000000000 ____D C:\Intel
2022-10-01 08:43 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\ServiceState
2022-10-01 08:43 - 2022-04-24 18:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-10-01 08:43 - 2022-02-21 05:38 - 000008192 ___SH C:\DumpStack.log.tmp
2022-10-01 08:42 - 2022-04-25 05:46 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-09-30 18:36 - 2022-04-24 19:26 - 000000000 ____D C:\Users\Marcelino\AppData\Local\D3DSCache
2022-09-30 12:35 - 2022-06-23 20:09 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2022-09-30 12:10 - 2022-06-12 11:21 - 000015474 _____ C:\WINDOWS\storelibdebug.txt
2022-09-29 21:34 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-09-29 09:54 - 2022-02-21 05:43 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-09-29 09:47 - 2022-04-24 19:28 - 000000000 ____D C:\Users\Marcelino\AppData\Local\PlaceholderTileLogoFolder
2022-09-29 09:47 - 2022-04-24 19:09 - 000000000 ____D C:\ProgramData\Packages
2022-09-28 21:05 - 2022-06-19 18:14 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-09-28 21:05 - 2022-06-19 18:14 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-09-28 21:05 - 2022-04-27 09:24 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-447692794-3553672351-1439513873-1001
2022-09-25 15:26 - 2022-08-25 20:30 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\cookie-electron
2022-09-25 11:58 - 2022-04-25 05:46 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-09-18 12:15 - 2022-09-07 09:06 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2022-09-18 12:15 - 2022-04-24 18:57 - 000464752 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\SystemResources
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\system32\setup
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\Provisioning
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-09-18 12:00 - 2022-04-24 18:59 - 003011072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-09-18 09:37 - 2022-04-24 20:23 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2022-09-18 09:37 - 2022-04-24 20:23 - 000000000 ____D C:\Users\Marcelino\AppData\Local\WhatsApp
2022-09-18 09:33 - 2022-07-23 18:50 - 000000000 ____D C:\Program Files\Npcap
2022-09-17 19:48 - 2022-04-24 20:22 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-09-17 19:46 - 2022-04-24 20:21 - 141646296 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-09-17 19:33 - 2022-09-07 09:08 - 000001429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2022-09-17 19:28 - 2022-09-05 18:31 - 000000000 ____D C:\Program Files\Microsoft Office
2022-09-17 18:02 - 2022-02-21 06:16 - 000000000 ___RD C:\Users\Marcelino\OneDrive
2022-09-17 17:19 - 2022-02-21 05:38 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-09-15 18:03 - 2022-09-07 09:26 - 000000000 ____D C:\Users\Marcelino\Documents\Sound recordings
2022-09-15 10:56 - 2022-07-01 13:04 - 000000000 ____D C:\Users\Marcelino\AppData\Local\ElevatedDiagnostics
2022-09-13 10:57 - 2022-04-24 20:23 - 000000000 ____D C:\Users\Marcelino\AppData\Local\SquirrelTemp
2022-09-11 18:02 - 2022-06-23 19:34 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\krita
2022-09-09 00:01 - 2022-09-07 13:51 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2022-09-08 23:54 - 2022-04-24 21:59 - 000000000 ____D C:\ProgramData\Package Cache
==================== Files in the root of some directories ========
2022-06-26 16:23 - 2022-06-26 16:23 - 000000356 _____ () C:\Users\Marcelino\AppData\Local\karboncalligraphyrc
2022-10-05 11:09 - 2022-10-05 11:09 - 000007639 _____ () C:\Users\Marcelino\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Last edited:
- Status
Similar threads
- Locked
- Locked
