- Nov 5, 2019
- 1,597
All topics incorposrate.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-10-2022 01
Ran by Marcelino (administrator) on DESKTOP-8EA7VHH (LENOVO 20JJS1GT00) (08-10-2022 19:51:58)
Running from C:\Users\Marcelino\Desktop
Loaded Profiles: Marcelino
Platform: Microsoft Windows 10 Pro Version 21H2 19044.2006 (X64) Language: English (United States)
Default browser: Brave
Boot Mode: Normal
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [126403424 2022-03-21] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-447692794-3553672351-1439513873-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2630040 2022-09-28] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-447692794-3553672351-1439513873-1001\...\Run: [MicrosoftEdgeAutoLaunch_2637468F629D085AF58FF97A279BEA2A] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3795360 2022-09-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-447692794-3553672351-1439513873-1001\...\Run: [Lync] => C:\Program Files\Microsoft Office\root\Office16\lync.exe [26461552 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-447692794-3553672351-1439513873-1001\...\Run: [WarThunderLauncher] => "C:\Users\Marcelino\AppData\Local\WarThunder\launcher.exe" (No File)
HKU\S-1-5-21-447692794-3553672351-1439513873-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Marcelino\AppData\Local\Microsoft\Teams\Update.exe [2576128 2022-09-13] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-447692794-3553672351-1439513873-1001\...\RunOnce: [Application Restart #0] => C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe [2968368 2022-10-06] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\106.1.44.108\Installer\chrmstp.exe [2022-10-07] (Brave Software, Inc. -> Brave Software, Inc.)
Startup: C:\Users\Marcelino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2022-09-29]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Firebit OU -> Rainmeter)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0277FEBC-81C9-4EE6-A478-7AA11553FDA8} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [165120 2022-04-24] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {0B9A7ED6-2EDD-49F8-BAC4-4A079B7B4AAB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1CB66DE3-3943-4727-A562-7962DC6D9D08} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142208 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {1F2E7058-7B85-41C1-87D4-4FD0081C4A22} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [149280 2022-09-23] (Lenovo -> Lenovo Group Ltd.)
Task: {30465312-0519-476A-AC96-E499EF0BDA64} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {36ABC681-F7AC-4F83-AA4D-E46A0A07A698} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23709120 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {416927A1-9415-419D-9D79-17D24C4209C8} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [165120 2022-04-24] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {42952BD2-6FBC-437B-BC48-2C9BA3987F65} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {48F07B8E-0F5D-4667-B6F4-3AED88AC2214} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [69056 2022-09-17] (Microsoft Corporation -> Microsoft)
Task: {4C07CC26-92BF-4502-919C-20E6B9397FAE} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {58B1944B-CFCC-47FF-99DB-478ABD6A3F42} - System32\Tasks\Power_a17007 => C:\Program Files\Cold Turkey\CTServiceInstaller.exe [20224 2021-02-19] (Cold Turkey Software, Inc. -> Cold Turkey Software Inc.)
Task: {60AB739F-574F-423F-9754-33DFCCEEDF7B} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [64256 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {64623DC6-69EF-406C-9CDB-B282F622A8B2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {64D889D4-1DA2-4B22-B148-8D6CA1D52190} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {69245592-6650-431D-9D99-E4BBF4647384} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {719827E8-772A-4EFD-9A72-E6F1DCE8BCF1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8517576 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {8217198B-DE8C-4D93-ADD7-08237D0182C9} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {85EC4AB5-628A-4FE0-AFB4-49412AB495EA} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {8A2140A0-85B8-4DD4-A3A4-DD065543292E} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4165016 2022-09-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {8C404A77-1CEF-4457-99A6-DE13971B7EA5} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\58cc1d76-4f33-4bde-ae6d-9fea1c5092de => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {90E8D318-EB2B-4221-861A-F2B28069E094} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {911D1705-0984-47EA-A103-7D0E4751AAA0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23709120 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {94124F9A-C156-4A4C-BFFA-8D3CAC8E7024} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [64408 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {A8DB8F4C-400E-43A7-B89A-BF92B3CF2326} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\WINDOWS\SysWOW64\PowerMgrInst.exe [63936 2021-12-03] (Lenovo -> )
Task: {ACD23635-1605-4037-9026-538351CD28BB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BAA25143-E641-43FD-A86E-AFF5FB872A1B} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-447692794-3553672351-1439513873-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4165016 2022-09-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {C243BBE9-905B-40D6-80FB-FE6494C0F7AA} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\c6adb83f-dc03-40c2-9799-f0015936b50e => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {CD64DE92-DA58-4CB5-B86B-8B2A9652B899} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.SScan => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {D2F401AA-5399-465A-8687-65B9142B0CC5} - System32\Tasks\Microsoft\Windows\Conexant\SA2 => C:\Program Files\CONEXANT\SAII\SACpl.exe [1832280 2017-06-07] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
Task: {D3F46FCF-0900-44CE-AD00-2A629E901642} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D998035B-B3E9-4CDC-AA1D-6374FEB29158} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142208 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {DCEDB43D-E4D9-465A-9139-CDB7CDC4B956} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {F3FA56C4-0BAE-4F31-9B5E-5762933E2C1A} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {F956AC7F-8CE0-4A3B-B010-93218FA905A5} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\7fd97bcf-7822-4277-a9f7-c9f4bc146d45 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {FBC684C9-7132-48F0-A3B1-AA7080DEC5D5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8517576 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {FCFA3921-C3CB-405D-B597-FFDF3AD07B68} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe [128976 2022-05-17] (Lenovo -> Lenovo)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0f62e563-d38a-4ac2-9f99-a8eb222c3cde}: [DhcpNameServer] 192.168.44.1
Tcpip\..\Interfaces\{a309d837-069f-4d31-8d12-bb7301875262}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{a309d837-069f-4d31-8d12-bb7301875262}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Marcelino\AppData\Local\Microsoft\Edge\User Data\Default [2022-10-05]
Edge Extension: (Mindful Browsing) - C:\Users\Marcelino\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cciemibfcmeeiijeefebhojenhnpoibc [2022-04-24]
Edge Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\Marcelino\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2022-06-11]
Edge Extension: (Cold Turkey Blocker) - C:\Users\Marcelino\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jfphahkinplobmabmgjmjgflbhjjddeb [2022-06-28]
Edge Extension: (AdBlock — best ad blocker) - C:\Users\Marcelino\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2022-08-30]
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-09-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-09-08] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-09-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-09-05] (Microsoft Corporation -> Microsoft Corporation)
Brave:
=======
BRA DefaultProfile: Default
BRA Profile: C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2022-10-08]
BRA Extension: (Google Translate) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2022-04-24]
BRA Extension: (Lean Library) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\hghakoefmnkhamdhenpbogkeopjlkpoa [2022-10-06]
BRA Extension: (Filter Anything Everywhere) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\jmandnadineideoebcmaekgaccoagnki [2022-10-01]
BRA Extension: (Cold Turkey Blocker) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\pganeibhckoanndahmnfggfoeofncnii [2022-06-02]
BRA Profile: C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\Guest Profile [2022-07-07]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2022-10-05]
BRA Extension: (Brave NTP background images) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2022-08-11]
BRA Extension: (Wallet Data Files Updater) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2022-09-16]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-10-08]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2022-04-28]
BRA Extension: (Brave NTP sponsored images) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2022-10-08]
BRA Extension: (Brave Ads Resources) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\iblokdlgekdjophgeonmanpnjihcjkjj [2022-10-05]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2022-04-24]
BRA Extension: (Brave Ads Resources) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\ocilmpijebaopmdifcomolmpigakocmo [2022-10-05]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2022-10-05]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [165120 2022-04-24] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [165120 2022-04-24] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12131256 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2020-06-02] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.186.0904.0001\FileSyncHelper.exe [3383704 2022-09-28] (Microsoft Corporation -> Microsoft Corporation)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
R2 Lenovo Instant On; C:\WINDOWS\SysWOW64\EasyResume.exe [2351304 2021-12-03] (Lenovo -> Lenovo Group Limited)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe [31072 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
S2 LPlatSvc; C:\WINDOWS\System32\LPlatSvc.exe [906216 2022-03-27] (Lenovo -> Lenovo)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8765464 2022-10-05] (Malwarebytes Inc. -> Malwarebytes)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.186.0904.0001\OneDriveUpdaterService.exe [3803544 2022-09-28] (Microsoft Corporation -> Microsoft Corporation)
R2 Power_a17007; C:\Program Files\Cold Turkey\ServiceHub.Power.exe [117008 2021-05-11] (Cold Turkey Software, Inc. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [224192 2022-09-18] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SSSvc; C:\ProgramData\Lenovo\ImController\Plugins\ThinkIntelligentSensingPackage\x86\SSSvc.exe [146200 2018-07-20] (Lenovo -> Lenovo)
R2 TPHKLOAD; C:\WINDOWS\System32\DriverStore\FileRepository\fn.inf_amd64_9c4c29de89199c58\driver\TPHKLOAD.exe [473760 2021-10-22] (Lenovo -> Lenovo Group Limited)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [142304 2022-06-01] (Microsoft Corporation -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\NisSrv.exe [3125112 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe [133560 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 BraveElevationService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\106.1.44.108\elevation_service.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 LenovoBoost; C:\WINDOWS\system32\DRIVERS\vanboost.sys [47888 2022-06-14] (Lenovo -> Lenovo Group Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-10-06] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-05-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-06-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsl7c521db3; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CB1F20A4-FCB8-4151-A3D6-6BAA50D7F639}\MpKslDrv.sys [228600 2022-10-07] (Microsoft Windows -> Microsoft Corporation)
R1 PMDRVS; C:\WINDOWS\System32\drivers\pmdrvs.sys [38888 2022-03-27] (Lenovo -> Lenovo)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167544 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 WacHIDRouterISDU; C:\WINDOWS\System32\drivers\WacHIDRouterISDU.sys [136952 2022-04-21] (Wacom Co., Ltd. -> Wacom Technology, Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2022-09-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [453904 2022-09-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [94480 2022-09-07] (Microsoft Windows -> Microsoft Corporation)
U4 npcap_wifi; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-10-08 19:51 - 2022-10-08 19:52 - 000031237 _____ C:\Users\Marcelino\Desktop\FRST.txt
2022-10-08 19:49 - 2022-10-08 19:49 - 002372096 _____ (Farbar) C:\Users\Marcelino\Desktop\FRST64.exe
2022-10-08 19:42 - 2022-10-08 19:42 - 000001753 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2022.lnk
2022-10-07 19:01 - 2022-10-07 19:01 - 000000000 ____D C:\Users\Marcelino\AppData\LocalLow\Plausible Concept
2022-10-06 16:59 - 2022-10-06 16:59 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-10-05 22:37 - 2022-10-08 19:52 - 000000000 ____D C:\FRST
2022-10-05 11:09 - 2022-10-05 11:09 - 000007639 _____ C:\Users\Marcelino\AppData\Local\Resmon.ResmonCfg
2022-10-05 10:22 - 2022-10-05 10:41 - 000036319 _____ C:\Users\Marcelino\Documents\Jacinta Semaan EB6a.pptx
2022-10-05 09:51 - 2022-10-05 09:51 - 000000063 _____ C:\Users\Marcelino\.gitconfig
2022-10-05 09:45 - 2022-10-08 17:53 - 000004174 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{A6C4FD6D-7C72-4028-B0ED-5CEDDF65DB18}
2022-10-01 08:02 - 2022-10-01 08:02 - 000000000 ___HD C:\$WinREAgent
2022-09-30 21:45 - 2022-09-30 21:45 - 000000000 ____D C:\Users\Marcelino\AppData\Local\IsolatedStorage
2022-09-30 09:43 - 2022-09-30 09:43 - 004311040 _____ C:\Users\Marcelino\Downloads\sfs4e_ppt_04.ppt
2022-09-29 09:17 - 2022-09-29 21:43 - 000000000 ____D C:\Users\Marcelino\AppData\Local\@anydoelectron-app-updater
2022-09-29 09:17 - 2022-09-29 09:17 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\@anydo
2022-09-25 11:37 - 2022-09-25 11:37 - 000000000 ____D C:\Program Files (x86)\Intel
2022-09-25 11:34 - 2022-05-09 00:12 - 000462736 _____ C:\WINDOWS\system32\ze_tracing_layer.dll
2022-09-25 11:34 - 2022-05-09 00:12 - 000385448 _____ C:\WINDOWS\system32\ze_loader.dll
2022-09-25 11:34 - 2022-05-09 00:12 - 000151976 _____ C:\WINDOWS\system32\ze_validation_layer.dll
2022-09-25 11:33 - 2022-05-09 00:14 - 000513272 _____ (Intel) C:\WINDOWS\system32\libvpl.dll
2022-09-25 11:33 - 2022-05-09 00:14 - 000445496 _____ (Intel) C:\WINDOWS\SysWOW64\libvpl.dll
2022-09-25 11:33 - 2022-05-09 00:13 - 000602960 _____ (Intel Corporation) C:\WINDOWS\system32\intel_gfx_api-x64.dll
2022-09-25 11:33 - 2022-05-09 00:13 - 000461976 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\intel_gfx_api-x86.dll
2022-09-25 11:33 - 2022-05-09 00:12 - 001897072 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2022-09-25 11:33 - 2022-05-09 00:12 - 001897072 _____ C:\WINDOWS\system32\vulkaninfo.exe
2022-09-25 11:33 - 2022-05-09 00:12 - 001474672 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-09-25 11:33 - 2022-05-09 00:12 - 001474672 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2022-09-25 11:33 - 2022-05-09 00:12 - 001333472 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2022-09-25 11:33 - 2022-05-09 00:12 - 001333472 _____ C:\WINDOWS\system32\vulkan-1.dll
2022-09-25 11:33 - 2022-05-09 00:12 - 001052832 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2022-09-25 11:33 - 2022-05-09 00:12 - 001052832 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2022-09-25 11:33 - 2022-05-09 00:12 - 000509864 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2022-09-25 11:33 - 2022-05-09 00:12 - 000372624 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2022-09-25 11:33 - 2022-05-09 00:11 - 000296832 _____ C:\WINDOWS\system32\igfxCPL.cpl
2022-09-25 11:32 - 2022-05-09 00:12 - 000176104 _____ C:\WINDOWS\system32\ControlLib32.dll
2022-09-25 11:32 - 2022-05-09 00:11 - 000220520 _____ C:\WINDOWS\system32\ControlLib.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 002251288 _____ (Intel Corporation) C:\WINDOWS\system32\qve.signed.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 002104328 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_dcap_quoteverify.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000805928 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_quote_ex.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000693768 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_quote_ex.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000693768 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_epid.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000688136 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_launch.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000173064 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_dcap_ql.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000130600 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_urts.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000106504 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_urts.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000057864 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_enclave_common.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000047128 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_platform.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000042528 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_uae_service.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000035848 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_uae_service.dll
2022-09-25 11:29 - 2022-06-13 01:54 - 001113120 _____ (Intel Corporation) C:\WINDOWS\system32\qe3.signed.dll
2022-09-25 11:29 - 2022-06-13 01:54 - 000806432 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_epid.dll
2022-09-25 11:29 - 2022-06-13 01:54 - 000801824 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_launch.dll
2022-09-25 11:29 - 2022-06-13 01:54 - 000712216 _____ (Intel Corporation) C:\WINDOWS\system32\pce.signed.dll
2022-09-25 11:29 - 2022-06-13 01:54 - 000145944 _____ (Intel Corporation) C:\WINDOWS\system32\id_enclave.signed.dll
2022-09-25 11:29 - 2022-06-13 01:54 - 000072736 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_enclave_common.dll
2022-09-25 11:29 - 2022-06-13 01:54 - 000057896 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_platform.dll
2022-09-25 11:28 - 2022-09-25 11:28 - 000000000 ____D C:\Program Files\Lenovo
2022-09-25 11:28 - 2022-05-26 14:12 - 002519008 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\wintab32.dll
2022-09-25 11:28 - 2022-05-26 14:12 - 001951024 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\ISD_Tablet.dll
2022-09-25 11:28 - 2022-05-26 14:12 - 001924024 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\wintab32.dll
2022-09-25 11:28 - 2022-05-26 14:12 - 001565488 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\ISD_Tablet.dll
2022-09-25 11:28 - 2022-05-26 14:12 - 000774352 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\WacomCustomBT-Single.exe
2022-09-25 11:28 - 2022-05-26 14:12 - 000774352 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\WacomCustomBT-Long.exe
2022-09-25 11:28 - 2022-05-26 14:12 - 000774352 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\WacomCustomBT-Double.exe
2022-09-24 10:20 - 2022-09-24 10:20 - 000101230 _____ C:\Users\Marcelino\Downloads\رزنامة عمل 2022-2023.pdf
2022-09-22 10:27 - 2022-09-22 10:27 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2022-09-21 15:33 - 2022-09-21 15:33 - 000000000 ____D C:\Users\Marcelino\AppData\Local\Gaijin
2022-09-21 15:33 - 2022-09-21 15:33 - 000000000 ____D C:\ProgramData\Gaijin
2022-09-19 20:40 - 2022-09-19 20:40 - 000001085 _____ C:\Users\Marcelino\Desktop\College stuff - Shortcut.lnk
2022-09-18 19:16 - 2022-09-30 17:00 - 013634861 _____ C:\Users\Marcelino\Downloads\Oral presentation-DESKTOP-8EA7VHH.pptx
2022-09-18 12:01 - 2022-09-18 12:01 - 000011813 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-09-18 12:00 - 2022-09-18 12:00 - 000413696 _____ C:\WINDOWS\system32\AzureCheck.dll
2022-09-18 12:00 - 2022-09-18 12:00 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-09-18 12:00 - 2022-09-18 12:00 - 000098816 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2022-09-18 12:00 - 2022-09-18 12:00 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2022-09-17 19:49 - 2022-09-17 19:53 - 000000000 ____D C:\Program Files (x86)\dotnet
2022-09-17 18:02 - 2022-09-18 19:17 - 000000000 ___RD C:\Users\Marcelino\OneDrive - Université Saint-Esprit de Kaslik
2022-09-15 10:55 - 2022-09-15 10:55 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\com.adobe.dunamis
2022-09-14 14:10 - 2022-09-14 14:10 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\Skype
2022-09-13 10:57 - 2022-09-13 10:57 - 000002384 _____ C:\Users\Marcelino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2022-09-12 20:27 - 2022-09-12 20:27 - 000000000 ____D C:\Users\Marcelino\AppData\Local\CEF
2022-09-12 17:39 - 2022-09-29 09:12 - 000001747 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
2022-09-12 17:39 - 2022-09-29 09:12 - 000000000 ____D C:\Program Files\Rainmeter
2022-09-12 17:39 - 2022-09-26 18:12 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\Rainmeter
2022-09-12 17:39 - 2022-09-12 17:39 - 000000000 ____D C:\Users\Marcelino\Documents\Rainmeter
2022-09-11 17:28 - 2022-10-05 09:45 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\Adobe
2022-09-11 17:28 - 2022-09-30 18:05 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-09-11 17:28 - 2022-09-14 19:56 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2022-09-11 17:28 - 2022-09-11 17:28 - 000000000 ____D C:\Users\Marcelino\AppData\Local\SolidDocuments
2022-09-11 17:28 - 2022-09-11 17:28 - 000000000 ____D C:\Users\Marcelino\.ms-ad
2022-09-11 17:27 - 2022-09-11 17:27 - 000000000 ____D C:\Program Files\Adobe
2022-09-11 17:26 - 2022-09-11 17:29 - 000000000 ____D C:\ProgramData\Adobe
2022-09-11 17:26 - 2022-09-11 17:27 - 000000000 ____D C:\Program Files\Common Files\Adobe
2022-09-11 17:12 - 2022-09-12 20:27 - 000000000 ____D C:\Users\Marcelino\AppData\Local\Adobe
2022-09-11 17:11 - 2022-09-11 17:11 - 000000162 ____H C:\Users\Marcelino\Downloads\~$ecalculus graphical, numerical, algebraic (Demana, Franklin D) (z-lib.org).pdf
2022-09-09 20:25 - 2022-09-09 20:25 - 000000000 ____D C:\Users\Marcelino\AppData\LocalLow\Temp
2022-09-09 02:11 - 2022-09-09 02:11 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\NuGet
2022-09-09 02:10 - 2022-09-09 02:10 - 000000000 ____D C:\Users\Marcelino\source
2022-09-09 02:10 - 2022-09-09 02:10 - 000000000 ____D C:\Users\Marcelino\AppData\Local\ServiceHub
2022-09-09 02:10 - 2022-09-09 02:10 - 000000000 ____D C:\Users\Marcelino\AppData\Local\IdentityNexusIntegration
2022-09-09 00:03 - 2022-09-09 02:11 - 000000000 ____D C:\Users\Marcelino\Documents\Visual Studio 2022
2022-09-09 00:03 - 2022-09-09 00:03 - 000000000 ____D C:\Users\Marcelino\AppData\Local\Microsoft SDKs
2022-09-09 00:03 - 2022-09-09 00:03 - 000000000 ____D C:\Users\Marcelino\.templateengine
2022-09-09 00:02 - 2022-10-08 19:53 - 000000000 ____D C:\Users\Marcelino\AppData\Local\.IdentityService
2022-09-08 23:56 - 2022-09-08 23:56 - 000001754 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2022.lnk
2022-09-08 23:56 - 2022-09-08 23:56 - 000000000 ____D C:\Program Files (x86)\HTML Help Workshop
2022-09-08 23:54 - 2022-09-08 23:54 - 000000000 ____D C:\ProgramData\Windows App Certification Kit
2022-09-08 23:54 - 2022-09-08 23:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2022-09-08 23:54 - 2022-09-08 23:54 - 000000000 ____D C:\Program Files\Application Verifier
2022-09-08 23:54 - 2022-09-08 23:54 - 000000000 ____D C:\Program Files (x86)\Application Verifier
2022-09-08 23:53 - 2019-12-06 16:35 - 000374784 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DXCpl.exe
2022-09-08 23:53 - 2019-12-06 16:34 - 000417792 _____ C:\WINDOWS\system32\d3dconfig.exe
2022-09-08 23:53 - 2019-12-06 16:27 - 000347136 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DXCpl.exe
2022-09-08 23:53 - 2019-12-06 16:26 - 000365056 _____ C:\WINDOWS\SysWOW64\d3dconfig.exe
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\3082
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\2052
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1055
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1049
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1046
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1045
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1042
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1041
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1040
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1036
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1033
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1031
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1029
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1028
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\3082
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\2052
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1055
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1049
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1046
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1045
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1042
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1041
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1040
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1036
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1033
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1031
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1029
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1028
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\Program Files (x86)\NuGet
2022-09-08 23:49 - 2022-09-17 20:09 - 000000000 ____D C:\Users\Marcelino\.dotnet
2022-09-08 23:49 - 2022-09-17 20:09 - 000000000 ____D C:\Program Files\dotnet
2022-09-08 23:47 - 2022-09-08 23:47 - 000000000 ____D C:\Program Files\Microsoft SQL Server
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-10-08 19:53 - 2022-06-02 18:19 - 000000000 ____D C:\ProgramData\Cold Turkey
2022-10-08 19:40 - 2022-04-25 05:50 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-10-08 19:28 - 2022-04-25 05:49 - 000000000 ____D C:\WINDOWS\INF
2022-10-08 19:28 - 2022-04-24 19:10 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-10-08 18:13 - 2022-04-24 18:58 - 000000000 ____D C:\ProgramData\UIU
2022-10-08 18:13 - 2022-04-24 18:58 - 000000000 ____D C:\Program Files\CONEXANT
2022-10-08 17:49 - 2022-02-21 05:43 - 000000000 __SHD C:\Users\Marcelino\IntelGraphicsProfiles
2022-10-08 13:18 - 2022-06-07 12:30 - 000000000 ____D C:\Users\Marcelino\Desktop\My stuff
2022-10-08 13:17 - 2022-04-24 20:23 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\WhatsApp
2022-10-08 12:20 - 2022-04-24 18:57 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-10-07 12:39 - 2022-04-24 19:09 - 000000000 ____D C:\Users\Marcelino\AppData\Local\Packages
2022-10-07 11:02 - 2022-04-24 19:24 - 000002364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2022-10-06 22:09 - 2022-09-05 19:20 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\Telegram Desktop
2022-10-05 10:50 - 2022-06-01 10:51 - 000000000 ____D C:\Users\Marcelino\AppData\Local\CrashDumps
2022-10-05 09:51 - 2022-04-24 19:01 - 000000000 ____D C:\Users\Marcelino
2022-10-05 08:44 - 2022-04-25 05:50 - 000000000 ___HD C:\Program Files\WindowsApps
2022-10-05 08:44 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-10-04 21:30 - 2022-06-12 11:49 - 000000000 ____D C:\WINDOWS\TempInst
2022-10-01 08:43 - 2022-04-25 05:54 - 000000000 ____D C:\Intel
2022-10-01 08:43 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\ServiceState
2022-10-01 08:43 - 2022-04-24 18:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-10-01 08:43 - 2022-02-21 05:38 - 000008192 ___SH C:\DumpStack.log.tmp
2022-10-01 08:42 - 2022-04-25 05:46 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-09-30 18:36 - 2022-04-24 19:26 - 000000000 ____D C:\Users\Marcelino\AppData\Local\D3DSCache
2022-09-30 12:35 - 2022-06-23 20:09 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2022-09-30 12:10 - 2022-06-12 11:21 - 000015474 _____ C:\WINDOWS\storelibdebug.txt
2022-09-29 21:34 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-09-29 09:54 - 2022-02-21 05:43 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-09-29 09:47 - 2022-04-24 19:28 - 000000000 ____D C:\Users\Marcelino\AppData\Local\PlaceholderTileLogoFolder
2022-09-29 09:47 - 2022-04-24 19:09 - 000000000 ____D C:\ProgramData\Packages
2022-09-28 21:05 - 2022-06-19 18:14 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-09-28 21:05 - 2022-06-19 18:14 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-09-28 21:05 - 2022-04-27 09:24 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-447692794-3553672351-1439513873-1001
2022-09-25 15:26 - 2022-08-25 20:30 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\cookie-electron
2022-09-25 11:58 - 2022-04-25 05:46 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-09-18 12:15 - 2022-09-07 09:06 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2022-09-18 12:15 - 2022-04-24 18:57 - 000464752 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\SystemResources
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\system32\setup
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\Provisioning
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-09-18 12:00 - 2022-04-24 18:59 - 003011072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-09-18 09:37 - 2022-04-24 20:23 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2022-09-18 09:37 - 2022-04-24 20:23 - 000000000 ____D C:\Users\Marcelino\AppData\Local\WhatsApp
2022-09-18 09:33 - 2022-07-23 18:50 - 000000000 ____D C:\Program Files\Npcap
2022-09-17 19:48 - 2022-04-24 20:22 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-09-17 19:46 - 2022-04-24 20:21 - 141646296 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-09-17 19:33 - 2022-09-07 09:08 - 000001429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2022-09-17 19:28 - 2022-09-05 18:31 - 000000000 ____D C:\Program Files\Microsoft Office
2022-09-17 18:02 - 2022-02-21 06:16 - 000000000 ___RD C:\Users\Marcelino\OneDrive
2022-09-17 17:19 - 2022-02-21 05:38 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-09-15 18:03 - 2022-09-07 09:26 - 000000000 ____D C:\Users\Marcelino\Documents\Sound recordings
2022-09-15 10:56 - 2022-07-01 13:04 - 000000000 ____D C:\Users\Marcelino\AppData\Local\ElevatedDiagnostics
2022-09-13 10:57 - 2022-04-24 20:23 - 000000000 ____D C:\Users\Marcelino\AppData\Local\SquirrelTemp
2022-09-11 18:02 - 2022-06-23 19:34 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\krita
2022-09-09 00:01 - 2022-09-07 13:51 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2022-09-08 23:54 - 2022-04-24 21:59 - 000000000 ____D C:\ProgramData\Package Cache
==================== Files in the root of some directories ========
2022-06-26 16:23 - 2022-06-26 16:23 - 000000356 _____ () C:\Users\Marcelino\AppData\Local\karboncalligraphyrc
2022-10-05 11:09 - 2022-10-05 11:09 - 000007639 _____ () C:\Users\Marcelino\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-10-2022 01
Ran by Marcelino (administrator) on DESKTOP-8EA7VHH (LENOVO 20JJS1GT00) (08-10-2022 19:51:58)
Running from C:\Users\Marcelino\Desktop
Loaded Profiles: Marcelino
Platform: Microsoft Windows 10 Pro Version 21H2 19044.2006 (X64) Language: English (United States)
Default browser: Brave
Boot Mode: Normal
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [126403424 2022-03-21] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-447692794-3553672351-1439513873-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2630040 2022-09-28] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-447692794-3553672351-1439513873-1001\...\Run: [MicrosoftEdgeAutoLaunch_2637468F629D085AF58FF97A279BEA2A] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3795360 2022-09-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-447692794-3553672351-1439513873-1001\...\Run: [Lync] => C:\Program Files\Microsoft Office\root\Office16\lync.exe [26461552 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-447692794-3553672351-1439513873-1001\...\Run: [WarThunderLauncher] => "C:\Users\Marcelino\AppData\Local\WarThunder\launcher.exe" (No File)
HKU\S-1-5-21-447692794-3553672351-1439513873-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Marcelino\AppData\Local\Microsoft\Teams\Update.exe [2576128 2022-09-13] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-447692794-3553672351-1439513873-1001\...\RunOnce: [Application Restart #0] => C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe [2968368 2022-10-06] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\106.1.44.108\Installer\chrmstp.exe [2022-10-07] (Brave Software, Inc. -> Brave Software, Inc.)
Startup: C:\Users\Marcelino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2022-09-29]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Firebit OU -> Rainmeter)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0277FEBC-81C9-4EE6-A478-7AA11553FDA8} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [165120 2022-04-24] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {0B9A7ED6-2EDD-49F8-BAC4-4A079B7B4AAB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1CB66DE3-3943-4727-A562-7962DC6D9D08} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142208 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {1F2E7058-7B85-41C1-87D4-4FD0081C4A22} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [149280 2022-09-23] (Lenovo -> Lenovo Group Ltd.)
Task: {30465312-0519-476A-AC96-E499EF0BDA64} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {36ABC681-F7AC-4F83-AA4D-E46A0A07A698} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23709120 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {416927A1-9415-419D-9D79-17D24C4209C8} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [165120 2022-04-24] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {42952BD2-6FBC-437B-BC48-2C9BA3987F65} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {48F07B8E-0F5D-4667-B6F4-3AED88AC2214} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [69056 2022-09-17] (Microsoft Corporation -> Microsoft)
Task: {4C07CC26-92BF-4502-919C-20E6B9397FAE} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {58B1944B-CFCC-47FF-99DB-478ABD6A3F42} - System32\Tasks\Power_a17007 => C:\Program Files\Cold Turkey\CTServiceInstaller.exe [20224 2021-02-19] (Cold Turkey Software, Inc. -> Cold Turkey Software Inc.)
Task: {60AB739F-574F-423F-9754-33DFCCEEDF7B} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [64256 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {64623DC6-69EF-406C-9CDB-B282F622A8B2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {64D889D4-1DA2-4B22-B148-8D6CA1D52190} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {69245592-6650-431D-9D99-E4BBF4647384} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {719827E8-772A-4EFD-9A72-E6F1DCE8BCF1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8517576 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {8217198B-DE8C-4D93-ADD7-08237D0182C9} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {85EC4AB5-628A-4FE0-AFB4-49412AB495EA} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {8A2140A0-85B8-4DD4-A3A4-DD065543292E} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4165016 2022-09-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {8C404A77-1CEF-4457-99A6-DE13971B7EA5} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\58cc1d76-4f33-4bde-ae6d-9fea1c5092de => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {90E8D318-EB2B-4221-861A-F2B28069E094} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {911D1705-0984-47EA-A103-7D0E4751AAA0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23709120 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {94124F9A-C156-4A4C-BFFA-8D3CAC8E7024} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [64408 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {A8DB8F4C-400E-43A7-B89A-BF92B3CF2326} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\WINDOWS\SysWOW64\PowerMgrInst.exe [63936 2021-12-03] (Lenovo -> )
Task: {ACD23635-1605-4037-9026-538351CD28BB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BAA25143-E641-43FD-A86E-AFF5FB872A1B} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-447692794-3553672351-1439513873-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4165016 2022-09-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {C243BBE9-905B-40D6-80FB-FE6494C0F7AA} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\c6adb83f-dc03-40c2-9799-f0015936b50e => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {CD64DE92-DA58-4CB5-B86B-8B2A9652B899} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.SScan => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {D2F401AA-5399-465A-8687-65B9142B0CC5} - System32\Tasks\Microsoft\Windows\Conexant\SA2 => C:\Program Files\CONEXANT\SAII\SACpl.exe [1832280 2017-06-07] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
Task: {D3F46FCF-0900-44CE-AD00-2A629E901642} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D998035B-B3E9-4CDC-AA1D-6374FEB29158} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142208 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {DCEDB43D-E4D9-465A-9139-CDB7CDC4B956} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {F3FA56C4-0BAE-4F31-9B5E-5762933E2C1A} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {F956AC7F-8CE0-4A3B-B010-93218FA905A5} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\7fd97bcf-7822-4277-a9f7-c9f4bc146d45 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {FBC684C9-7132-48F0-A3B1-AA7080DEC5D5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8517576 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {FCFA3921-C3CB-405D-B597-FFDF3AD07B68} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe [128976 2022-05-17] (Lenovo -> Lenovo)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0f62e563-d38a-4ac2-9f99-a8eb222c3cde}: [DhcpNameServer] 192.168.44.1
Tcpip\..\Interfaces\{a309d837-069f-4d31-8d12-bb7301875262}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{a309d837-069f-4d31-8d12-bb7301875262}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Marcelino\AppData\Local\Microsoft\Edge\User Data\Default [2022-10-05]
Edge Extension: (Mindful Browsing) - C:\Users\Marcelino\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cciemibfcmeeiijeefebhojenhnpoibc [2022-04-24]
Edge Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\Marcelino\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2022-06-11]
Edge Extension: (Cold Turkey Blocker) - C:\Users\Marcelino\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jfphahkinplobmabmgjmjgflbhjjddeb [2022-06-28]
Edge Extension: (AdBlock — best ad blocker) - C:\Users\Marcelino\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2022-08-30]
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-09-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-09-08] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-09-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-09-05] (Microsoft Corporation -> Microsoft Corporation)
Brave:
=======
BRA DefaultProfile: Default
BRA Profile: C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2022-10-08]
BRA Extension: (Google Translate) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2022-04-24]
BRA Extension: (Lean Library) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\hghakoefmnkhamdhenpbogkeopjlkpoa [2022-10-06]
BRA Extension: (Filter Anything Everywhere) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\jmandnadineideoebcmaekgaccoagnki [2022-10-01]
BRA Extension: (Cold Turkey Blocker) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\pganeibhckoanndahmnfggfoeofncnii [2022-06-02]
BRA Profile: C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\Guest Profile [2022-07-07]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2022-10-05]
BRA Extension: (Brave NTP background images) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2022-08-11]
BRA Extension: (Wallet Data Files Updater) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2022-09-16]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-10-08]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2022-04-28]
BRA Extension: (Brave NTP sponsored images) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2022-10-08]
BRA Extension: (Brave Ads Resources) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\iblokdlgekdjophgeonmanpnjihcjkjj [2022-10-05]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2022-04-24]
BRA Extension: (Brave Ads Resources) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\ocilmpijebaopmdifcomolmpigakocmo [2022-10-05]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Marcelino\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2022-10-05]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [165120 2022-04-24] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [165120 2022-04-24] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12131256 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2020-06-02] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.186.0904.0001\FileSyncHelper.exe [3383704 2022-09-28] (Microsoft Corporation -> Microsoft Corporation)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
R2 Lenovo Instant On; C:\WINDOWS\SysWOW64\EasyResume.exe [2351304 2021-12-03] (Lenovo -> Lenovo Group Limited)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe [31072 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
S2 LPlatSvc; C:\WINDOWS\System32\LPlatSvc.exe [906216 2022-03-27] (Lenovo -> Lenovo)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8765464 2022-10-05] (Malwarebytes Inc. -> Malwarebytes)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.186.0904.0001\OneDriveUpdaterService.exe [3803544 2022-09-28] (Microsoft Corporation -> Microsoft Corporation)
R2 Power_a17007; C:\Program Files\Cold Turkey\ServiceHub.Power.exe [117008 2021-05-11] (Cold Turkey Software, Inc. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [224192 2022-09-18] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SSSvc; C:\ProgramData\Lenovo\ImController\Plugins\ThinkIntelligentSensingPackage\x86\SSSvc.exe [146200 2018-07-20] (Lenovo -> Lenovo)
R2 TPHKLOAD; C:\WINDOWS\System32\DriverStore\FileRepository\fn.inf_amd64_9c4c29de89199c58\driver\TPHKLOAD.exe [473760 2021-10-22] (Lenovo -> Lenovo Group Limited)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [142304 2022-06-01] (Microsoft Corporation -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\NisSrv.exe [3125112 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe [133560 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 BraveElevationService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\106.1.44.108\elevation_service.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 LenovoBoost; C:\WINDOWS\system32\DRIVERS\vanboost.sys [47888 2022-06-14] (Lenovo -> Lenovo Group Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-10-06] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-05-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-06-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsl7c521db3; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CB1F20A4-FCB8-4151-A3D6-6BAA50D7F639}\MpKslDrv.sys [228600 2022-10-07] (Microsoft Windows -> Microsoft Corporation)
R1 PMDRVS; C:\WINDOWS\System32\drivers\pmdrvs.sys [38888 2022-03-27] (Lenovo -> Lenovo)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167544 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 WacHIDRouterISDU; C:\WINDOWS\System32\drivers\WacHIDRouterISDU.sys [136952 2022-04-21] (Wacom Co., Ltd. -> Wacom Technology, Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2022-09-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [453904 2022-09-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [94480 2022-09-07] (Microsoft Windows -> Microsoft Corporation)
U4 npcap_wifi; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-10-08 19:51 - 2022-10-08 19:52 - 000031237 _____ C:\Users\Marcelino\Desktop\FRST.txt
2022-10-08 19:49 - 2022-10-08 19:49 - 002372096 _____ (Farbar) C:\Users\Marcelino\Desktop\FRST64.exe
2022-10-08 19:42 - 2022-10-08 19:42 - 000001753 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2022.lnk
2022-10-07 19:01 - 2022-10-07 19:01 - 000000000 ____D C:\Users\Marcelino\AppData\LocalLow\Plausible Concept
2022-10-06 16:59 - 2022-10-06 16:59 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-10-05 22:37 - 2022-10-08 19:52 - 000000000 ____D C:\FRST
2022-10-05 11:09 - 2022-10-05 11:09 - 000007639 _____ C:\Users\Marcelino\AppData\Local\Resmon.ResmonCfg
2022-10-05 10:22 - 2022-10-05 10:41 - 000036319 _____ C:\Users\Marcelino\Documents\Jacinta Semaan EB6a.pptx
2022-10-05 09:51 - 2022-10-05 09:51 - 000000063 _____ C:\Users\Marcelino\.gitconfig
2022-10-05 09:45 - 2022-10-08 17:53 - 000004174 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{A6C4FD6D-7C72-4028-B0ED-5CEDDF65DB18}
2022-10-01 08:02 - 2022-10-01 08:02 - 000000000 ___HD C:\$WinREAgent
2022-09-30 21:45 - 2022-09-30 21:45 - 000000000 ____D C:\Users\Marcelino\AppData\Local\IsolatedStorage
2022-09-30 09:43 - 2022-09-30 09:43 - 004311040 _____ C:\Users\Marcelino\Downloads\sfs4e_ppt_04.ppt
2022-09-29 09:17 - 2022-09-29 21:43 - 000000000 ____D C:\Users\Marcelino\AppData\Local\@anydoelectron-app-updater
2022-09-29 09:17 - 2022-09-29 09:17 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\@anydo
2022-09-25 11:37 - 2022-09-25 11:37 - 000000000 ____D C:\Program Files (x86)\Intel
2022-09-25 11:34 - 2022-05-09 00:12 - 000462736 _____ C:\WINDOWS\system32\ze_tracing_layer.dll
2022-09-25 11:34 - 2022-05-09 00:12 - 000385448 _____ C:\WINDOWS\system32\ze_loader.dll
2022-09-25 11:34 - 2022-05-09 00:12 - 000151976 _____ C:\WINDOWS\system32\ze_validation_layer.dll
2022-09-25 11:33 - 2022-05-09 00:14 - 000513272 _____ (Intel) C:\WINDOWS\system32\libvpl.dll
2022-09-25 11:33 - 2022-05-09 00:14 - 000445496 _____ (Intel) C:\WINDOWS\SysWOW64\libvpl.dll
2022-09-25 11:33 - 2022-05-09 00:13 - 000602960 _____ (Intel Corporation) C:\WINDOWS\system32\intel_gfx_api-x64.dll
2022-09-25 11:33 - 2022-05-09 00:13 - 000461976 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\intel_gfx_api-x86.dll
2022-09-25 11:33 - 2022-05-09 00:12 - 001897072 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2022-09-25 11:33 - 2022-05-09 00:12 - 001897072 _____ C:\WINDOWS\system32\vulkaninfo.exe
2022-09-25 11:33 - 2022-05-09 00:12 - 001474672 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-09-25 11:33 - 2022-05-09 00:12 - 001474672 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2022-09-25 11:33 - 2022-05-09 00:12 - 001333472 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2022-09-25 11:33 - 2022-05-09 00:12 - 001333472 _____ C:\WINDOWS\system32\vulkan-1.dll
2022-09-25 11:33 - 2022-05-09 00:12 - 001052832 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2022-09-25 11:33 - 2022-05-09 00:12 - 001052832 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2022-09-25 11:33 - 2022-05-09 00:12 - 000509864 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2022-09-25 11:33 - 2022-05-09 00:12 - 000372624 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2022-09-25 11:33 - 2022-05-09 00:11 - 000296832 _____ C:\WINDOWS\system32\igfxCPL.cpl
2022-09-25 11:32 - 2022-05-09 00:12 - 000176104 _____ C:\WINDOWS\system32\ControlLib32.dll
2022-09-25 11:32 - 2022-05-09 00:11 - 000220520 _____ C:\WINDOWS\system32\ControlLib.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 002251288 _____ (Intel Corporation) C:\WINDOWS\system32\qve.signed.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 002104328 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_dcap_quoteverify.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000805928 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_quote_ex.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000693768 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_quote_ex.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000693768 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_epid.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000688136 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_launch.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000173064 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_dcap_ql.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000130600 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_urts.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000106504 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_urts.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000057864 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_enclave_common.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000047128 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_platform.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000042528 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_uae_service.dll
2022-09-25 11:29 - 2022-06-13 01:55 - 000035848 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_uae_service.dll
2022-09-25 11:29 - 2022-06-13 01:54 - 001113120 _____ (Intel Corporation) C:\WINDOWS\system32\qe3.signed.dll
2022-09-25 11:29 - 2022-06-13 01:54 - 000806432 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_epid.dll
2022-09-25 11:29 - 2022-06-13 01:54 - 000801824 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_launch.dll
2022-09-25 11:29 - 2022-06-13 01:54 - 000712216 _____ (Intel Corporation) C:\WINDOWS\system32\pce.signed.dll
2022-09-25 11:29 - 2022-06-13 01:54 - 000145944 _____ (Intel Corporation) C:\WINDOWS\system32\id_enclave.signed.dll
2022-09-25 11:29 - 2022-06-13 01:54 - 000072736 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_enclave_common.dll
2022-09-25 11:29 - 2022-06-13 01:54 - 000057896 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_platform.dll
2022-09-25 11:28 - 2022-09-25 11:28 - 000000000 ____D C:\Program Files\Lenovo
2022-09-25 11:28 - 2022-05-26 14:12 - 002519008 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\wintab32.dll
2022-09-25 11:28 - 2022-05-26 14:12 - 001951024 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\ISD_Tablet.dll
2022-09-25 11:28 - 2022-05-26 14:12 - 001924024 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\wintab32.dll
2022-09-25 11:28 - 2022-05-26 14:12 - 001565488 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\ISD_Tablet.dll
2022-09-25 11:28 - 2022-05-26 14:12 - 000774352 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\WacomCustomBT-Single.exe
2022-09-25 11:28 - 2022-05-26 14:12 - 000774352 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\WacomCustomBT-Long.exe
2022-09-25 11:28 - 2022-05-26 14:12 - 000774352 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\WacomCustomBT-Double.exe
2022-09-24 10:20 - 2022-09-24 10:20 - 000101230 _____ C:\Users\Marcelino\Downloads\رزنامة عمل 2022-2023.pdf
2022-09-22 10:27 - 2022-09-22 10:27 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2022-09-21 15:33 - 2022-09-21 15:33 - 000000000 ____D C:\Users\Marcelino\AppData\Local\Gaijin
2022-09-21 15:33 - 2022-09-21 15:33 - 000000000 ____D C:\ProgramData\Gaijin
2022-09-19 20:40 - 2022-09-19 20:40 - 000001085 _____ C:\Users\Marcelino\Desktop\College stuff - Shortcut.lnk
2022-09-18 19:16 - 2022-09-30 17:00 - 013634861 _____ C:\Users\Marcelino\Downloads\Oral presentation-DESKTOP-8EA7VHH.pptx
2022-09-18 12:01 - 2022-09-18 12:01 - 000011813 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-09-18 12:00 - 2022-09-18 12:00 - 000413696 _____ C:\WINDOWS\system32\AzureCheck.dll
2022-09-18 12:00 - 2022-09-18 12:00 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-09-18 12:00 - 2022-09-18 12:00 - 000098816 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2022-09-18 12:00 - 2022-09-18 12:00 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2022-09-17 19:49 - 2022-09-17 19:53 - 000000000 ____D C:\Program Files (x86)\dotnet
2022-09-17 18:02 - 2022-09-18 19:17 - 000000000 ___RD C:\Users\Marcelino\OneDrive - Université Saint-Esprit de Kaslik
2022-09-15 10:55 - 2022-09-15 10:55 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\com.adobe.dunamis
2022-09-14 14:10 - 2022-09-14 14:10 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\Skype
2022-09-13 10:57 - 2022-09-13 10:57 - 000002384 _____ C:\Users\Marcelino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2022-09-12 20:27 - 2022-09-12 20:27 - 000000000 ____D C:\Users\Marcelino\AppData\Local\CEF
2022-09-12 17:39 - 2022-09-29 09:12 - 000001747 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
2022-09-12 17:39 - 2022-09-29 09:12 - 000000000 ____D C:\Program Files\Rainmeter
2022-09-12 17:39 - 2022-09-26 18:12 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\Rainmeter
2022-09-12 17:39 - 2022-09-12 17:39 - 000000000 ____D C:\Users\Marcelino\Documents\Rainmeter
2022-09-11 17:28 - 2022-10-05 09:45 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\Adobe
2022-09-11 17:28 - 2022-09-30 18:05 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-09-11 17:28 - 2022-09-14 19:56 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2022-09-11 17:28 - 2022-09-11 17:28 - 000000000 ____D C:\Users\Marcelino\AppData\Local\SolidDocuments
2022-09-11 17:28 - 2022-09-11 17:28 - 000000000 ____D C:\Users\Marcelino\.ms-ad
2022-09-11 17:27 - 2022-09-11 17:27 - 000000000 ____D C:\Program Files\Adobe
2022-09-11 17:26 - 2022-09-11 17:29 - 000000000 ____D C:\ProgramData\Adobe
2022-09-11 17:26 - 2022-09-11 17:27 - 000000000 ____D C:\Program Files\Common Files\Adobe
2022-09-11 17:12 - 2022-09-12 20:27 - 000000000 ____D C:\Users\Marcelino\AppData\Local\Adobe
2022-09-11 17:11 - 2022-09-11 17:11 - 000000162 ____H C:\Users\Marcelino\Downloads\~$ecalculus graphical, numerical, algebraic (Demana, Franklin D) (z-lib.org).pdf
2022-09-09 20:25 - 2022-09-09 20:25 - 000000000 ____D C:\Users\Marcelino\AppData\LocalLow\Temp
2022-09-09 02:11 - 2022-09-09 02:11 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\NuGet
2022-09-09 02:10 - 2022-09-09 02:10 - 000000000 ____D C:\Users\Marcelino\source
2022-09-09 02:10 - 2022-09-09 02:10 - 000000000 ____D C:\Users\Marcelino\AppData\Local\ServiceHub
2022-09-09 02:10 - 2022-09-09 02:10 - 000000000 ____D C:\Users\Marcelino\AppData\Local\IdentityNexusIntegration
2022-09-09 00:03 - 2022-09-09 02:11 - 000000000 ____D C:\Users\Marcelino\Documents\Visual Studio 2022
2022-09-09 00:03 - 2022-09-09 00:03 - 000000000 ____D C:\Users\Marcelino\AppData\Local\Microsoft SDKs
2022-09-09 00:03 - 2022-09-09 00:03 - 000000000 ____D C:\Users\Marcelino\.templateengine
2022-09-09 00:02 - 2022-10-08 19:53 - 000000000 ____D C:\Users\Marcelino\AppData\Local\.IdentityService
2022-09-08 23:56 - 2022-09-08 23:56 - 000001754 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2022.lnk
2022-09-08 23:56 - 2022-09-08 23:56 - 000000000 ____D C:\Program Files (x86)\HTML Help Workshop
2022-09-08 23:54 - 2022-09-08 23:54 - 000000000 ____D C:\ProgramData\Windows App Certification Kit
2022-09-08 23:54 - 2022-09-08 23:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2022-09-08 23:54 - 2022-09-08 23:54 - 000000000 ____D C:\Program Files\Application Verifier
2022-09-08 23:54 - 2022-09-08 23:54 - 000000000 ____D C:\Program Files (x86)\Application Verifier
2022-09-08 23:53 - 2019-12-06 16:35 - 000374784 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DXCpl.exe
2022-09-08 23:53 - 2019-12-06 16:34 - 000417792 _____ C:\WINDOWS\system32\d3dconfig.exe
2022-09-08 23:53 - 2019-12-06 16:27 - 000347136 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DXCpl.exe
2022-09-08 23:53 - 2019-12-06 16:26 - 000365056 _____ C:\WINDOWS\SysWOW64\d3dconfig.exe
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\3082
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\2052
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1055
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1049
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1046
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1045
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1042
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1041
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1040
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1036
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1033
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1031
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1029
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\SysWOW64\1028
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\3082
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\2052
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1055
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1049
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1046
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1045
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1042
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1041
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1040
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1036
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1033
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1031
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1029
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\WINDOWS\system32\1028
2022-09-08 23:51 - 2022-09-08 23:51 - 000000000 ____D C:\Program Files (x86)\NuGet
2022-09-08 23:49 - 2022-09-17 20:09 - 000000000 ____D C:\Users\Marcelino\.dotnet
2022-09-08 23:49 - 2022-09-17 20:09 - 000000000 ____D C:\Program Files\dotnet
2022-09-08 23:47 - 2022-09-08 23:47 - 000000000 ____D C:\Program Files\Microsoft SQL Server
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-10-08 19:53 - 2022-06-02 18:19 - 000000000 ____D C:\ProgramData\Cold Turkey
2022-10-08 19:40 - 2022-04-25 05:50 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-10-08 19:28 - 2022-04-25 05:49 - 000000000 ____D C:\WINDOWS\INF
2022-10-08 19:28 - 2022-04-24 19:10 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-10-08 18:13 - 2022-04-24 18:58 - 000000000 ____D C:\ProgramData\UIU
2022-10-08 18:13 - 2022-04-24 18:58 - 000000000 ____D C:\Program Files\CONEXANT
2022-10-08 17:49 - 2022-02-21 05:43 - 000000000 __SHD C:\Users\Marcelino\IntelGraphicsProfiles
2022-10-08 13:18 - 2022-06-07 12:30 - 000000000 ____D C:\Users\Marcelino\Desktop\My stuff
2022-10-08 13:17 - 2022-04-24 20:23 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\WhatsApp
2022-10-08 12:20 - 2022-04-24 18:57 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-10-07 12:39 - 2022-04-24 19:09 - 000000000 ____D C:\Users\Marcelino\AppData\Local\Packages
2022-10-07 11:02 - 2022-04-24 19:24 - 000002364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2022-10-06 22:09 - 2022-09-05 19:20 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\Telegram Desktop
2022-10-05 10:50 - 2022-06-01 10:51 - 000000000 ____D C:\Users\Marcelino\AppData\Local\CrashDumps
2022-10-05 09:51 - 2022-04-24 19:01 - 000000000 ____D C:\Users\Marcelino
2022-10-05 08:44 - 2022-04-25 05:50 - 000000000 ___HD C:\Program Files\WindowsApps
2022-10-05 08:44 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-10-04 21:30 - 2022-06-12 11:49 - 000000000 ____D C:\WINDOWS\TempInst
2022-10-01 08:43 - 2022-04-25 05:54 - 000000000 ____D C:\Intel
2022-10-01 08:43 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\ServiceState
2022-10-01 08:43 - 2022-04-24 18:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-10-01 08:43 - 2022-02-21 05:38 - 000008192 ___SH C:\DumpStack.log.tmp
2022-10-01 08:42 - 2022-04-25 05:46 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-09-30 18:36 - 2022-04-24 19:26 - 000000000 ____D C:\Users\Marcelino\AppData\Local\D3DSCache
2022-09-30 12:35 - 2022-06-23 20:09 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2022-09-30 12:10 - 2022-06-12 11:21 - 000015474 _____ C:\WINDOWS\storelibdebug.txt
2022-09-29 21:34 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-09-29 09:54 - 2022-02-21 05:43 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-09-29 09:47 - 2022-04-24 19:28 - 000000000 ____D C:\Users\Marcelino\AppData\Local\PlaceholderTileLogoFolder
2022-09-29 09:47 - 2022-04-24 19:09 - 000000000 ____D C:\ProgramData\Packages
2022-09-28 21:05 - 2022-06-19 18:14 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-09-28 21:05 - 2022-06-19 18:14 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-09-28 21:05 - 2022-04-27 09:24 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-447692794-3553672351-1439513873-1001
2022-09-25 15:26 - 2022-08-25 20:30 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\cookie-electron
2022-09-25 11:58 - 2022-04-25 05:46 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-09-18 12:15 - 2022-09-07 09:06 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2022-09-18 12:15 - 2022-04-24 18:57 - 000464752 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\SystemResources
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\system32\setup
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\Provisioning
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-09-18 12:14 - 2022-04-25 05:50 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-09-18 12:00 - 2022-04-24 18:59 - 003011072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-09-18 09:37 - 2022-04-24 20:23 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2022-09-18 09:37 - 2022-04-24 20:23 - 000000000 ____D C:\Users\Marcelino\AppData\Local\WhatsApp
2022-09-18 09:33 - 2022-07-23 18:50 - 000000000 ____D C:\Program Files\Npcap
2022-09-17 19:48 - 2022-04-24 20:22 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-09-17 19:46 - 2022-04-24 20:21 - 141646296 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-09-17 19:33 - 2022-09-07 09:08 - 000001429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2022-09-17 19:28 - 2022-09-05 18:31 - 000000000 ____D C:\Program Files\Microsoft Office
2022-09-17 18:02 - 2022-02-21 06:16 - 000000000 ___RD C:\Users\Marcelino\OneDrive
2022-09-17 17:19 - 2022-02-21 05:38 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-09-15 18:03 - 2022-09-07 09:26 - 000000000 ____D C:\Users\Marcelino\Documents\Sound recordings
2022-09-15 10:56 - 2022-07-01 13:04 - 000000000 ____D C:\Users\Marcelino\AppData\Local\ElevatedDiagnostics
2022-09-13 10:57 - 2022-04-24 20:23 - 000000000 ____D C:\Users\Marcelino\AppData\Local\SquirrelTemp
2022-09-11 18:02 - 2022-06-23 19:34 - 000000000 ____D C:\Users\Marcelino\AppData\Roaming\krita
2022-09-09 00:01 - 2022-09-07 13:51 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2022-09-08 23:54 - 2022-04-24 21:59 - 000000000 ____D C:\ProgramData\Package Cache
==================== Files in the root of some directories ========
2022-06-26 16:23 - 2022-06-26 16:23 - 000000356 _____ () C:\Users\Marcelino\AppData\Local\karboncalligraphyrc
2022-10-05 11:09 - 2022-10-05 11:09 - 000007639 _____ () C:\Users\Marcelino\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
