Hello and thank you all in advance for your help!
I’ve been battling this for months without any success beyond a couple of weeks at best before symptoms and red flags begin returning. I first became aware of the problem in January when I started using a machine again routinely after about a year where I was logging in sparsely at most for basic tasks and quite frankly not paying much attention to the machine’s health. I spent far too many hours trying to save that machine (Lenovo Think Center i5 originally win 7 pro upgraded to win 10 pro) and last month bought a pre-owned pre-owned machine (iBuyPower i7 win10 home). I used two laptops in the process of trying to fix the lenovo and despite keeping them on my phone’s hotspot rather than my home network the lenovo was previously on and unplugged to rule out the router and treating flash drives as one-time-use if I need to install a tool – both ended up with permission issues, unwanted firewall rules, start up processes, questionable registry entries, etc consistent with what I found on the lenovo. Tools I installed via my one-time-use flash drive policy from the laptops (prior to their issues appearing) don’t come up with anything and appear to be susceptible to whatever is going on.
Tools I’ve tried – Malwarebytes (even when I wasn’t paying close attention, I scanned whenever I used the lenovo, pro was installed when I first noticed the issues), CCleaner (also routinely used to clean registry and run whenever I scanned with MB), ADWcleaner (routinely, same policy as MB and CC). Post discovery – Kaspersky boot rescue, win defender offline, Rkill, TDsskiller, Temp File Cleaner (temp files seem to be a source). Registry entries in HKEY_USERSS-1-5-21-(long string) and HKEY_USERSS-1-5-21-(long string)_Classes include references to games I’ve never installed (I had never installed any games on any of the machines) and it looks like my machines were being used as some sort of game server.
I wanted a completely fresh start with the iBuypower, shut down lenovo and both laptops, bought a new router, created an install disk with the media creation tool from a friend’s days old pc on a new flash drive on their network, ran diskpart, wiped the ssd © and the data drive, installed windows with clean all drives option and purchased a new copy of windows 10 pro from the MS store, activated, installed all updates, installed bitdefender pro. Life was good – for a couple of weeks… now I’m seeing the same issues on the iBuypower. I never should have let it get to this point, but it has and I chased this to the point where I trust nothing on the machine, I’m likely assigning blame to symptoms and the root cause is probably staring me in the face -this has been a humbling experience. Ironically, after years of using PCs as tools, now I’m just a guy that wants to browse the internet and play some games. In closing, treat me as a novice, but I will follow any instructions to the letter and nothing is out of my comfort zone on a pc.
FRST Results:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-05-2021
Ran by Winston Smith (administrator) on HAL-9000 (27-05-2021 12:22:39)
Running from C:Program FilesFarbar
Loaded Profiles: Winston Smith
Platform: Windows 10 Pro Version 20H2 19042.985 (X64) Language: English (United States)
Default browser: Brave
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefender AgentDiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefender AgentProductAgentService.exe
(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Securitybdagent.exe
(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Securitybdntwrk.exe
(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Securitybdservicehost.exe <3>
(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Securitybdtrackersnmh.exe
(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Securitybdwtxcr.exe
(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Securityupdatesrv.exe
(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender VPNbdvpnapp.exe
(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender VPNBdVpnService.exe
(Bitdefender SRL -> Bitdefender) C:Program FilesCommon FilesBitdefenderSetupInformationBitdefender RedLinebdredline.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:Program FilesBraveSoftwareBrave-BrowserApplicationbrave.exe <21>
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorydal.inf_amd64_ffc75848a6342fdfjhi_service.exe
(Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-Malwarembamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:Program Files (x86)MicrosoftEdgeApplicationmsedge.exe <8>
(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbweWinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsImmersiveControlPanelSystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:Windowsregedit.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32cmd.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32hvsimgr.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32hvsirdpclient.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32hvsirpcd.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32oobeUserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32WindowsPowerShellv1.0powershell.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2104.14-0MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:WindowsSystem32vmwp.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:WindowsSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_3784df9edffd3314Display.NvContainerNVDisplay.Container.exe <2>
(Surfshark Ltd. -> Surfshark) C:Program Files (x86)SurfsharkResourcesx64nssm.exe <2>
(Surfshark Ltd. -> Surfshark) C:Program Files (x86)SurfsharkSurfshark.exe
(Surfshark Ltd. -> Surfshark) C:Program Files (x86)SurfsharkSurfshark.Service.exe
(Surfshark Ltd. -> Surfshark) C:Program Files (x86)SurfsharkSurfshark.ShadowsocksService.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM…Run: [MouseDriver] => TiltWheelMouse.exe
HKLM…Run: [Logitech Download Assistant] => C:WindowsSystem32LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM…Run: [BdVpnApp] => C:Program FilesBitdefenderBitdefender VPNBdVpnApp.exe [251496 2021-05-13] (Bitdefender SRL -> Bitdefender)
HKUS-1-5-21-1122837440-1392308684-3391438225-1001…Run: [Surfshark] => C:Program Files (x86)SurfsharkSurfshark.exe [5835576 2021-05-04] (Surfshark Ltd. -> Surfshark)
HKUS-1-5-21-1122837440-1392308684-3391438225-1001…MountPoints2: {267f256f-b59f-11eb-a797-7085c28d32b1} – “F:SETUP.EXE”
HKUS-1-5-18…Run: [] => [X]
HKLMSoftwareMicrosoftActive SetupInstalled Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:Program FilesGoogleChromeApplication90.0.4430.212Installerchrmstp.exe [2021-05-17] (Google LLC -> Google LLC)
HKLMSoftwareMicrosoftActive SetupInstalled Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:Program FilesBraveSoftwareBrave-BrowserApplication90.1.24.86Installerchrmstp.exe [2021-05-25] (Brave Software, Inc. -> Brave Software, Inc.)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:ProgramDataNTUSER.pol: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1694F1C6-B6C8-44D1-83D1-90276BAB9616} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cache Maintenance => C:ProgramDataMicrosoftWindows Defenderplatform4.18.2104.14-0MpCmdRun.exe [595288 2021-05-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {41DF9EA9-A0EC-4857-8D61-CC700B9F203A} – System32TasksGoogleUpdateTaskMachineCore => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [154456 2021-05-17] (Google LLC -> Google LLC)
Task: {4A79C647-15DB-4EBF-B8A5-CDEEBDACFE20} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Verification => C:ProgramDataMicrosoftWindows Defenderplatform4.18.2104.14-0MpCmdRun.exe [595288 2021-05-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4E085685-D1C1-4A42-844F-D6E5DCDAA6D3} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Scheduled Scan => C:ProgramDataMicrosoftWindows Defenderplatform4.18.2104.14-0MpCmdRun.exe [595288 2021-05-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {69BFA093-5892-4E7B-B16A-75F7FD07039A} – System32TasksBitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:Program FilesBitdefender AgentWatchDog.exe [888232 2021-01-29] (Bitdefender SRL -> Bitdefender)
Task: {70852859-873B-4AE0-9EA2-DC1AD4362475} – System32TasksBraveSoftwareUpdateTaskMachineCore => C:Program Files (x86)BraveSoftwareUpdateBraveUpdate.exe [162400 2021-05-15] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {7844BED8-F456-4E4F-B6A2-403F58FDFC60} – System32TasksGoogleUpdateTaskMachineUA => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [154456 2021-05-17] (Google LLC -> Google LLC)
Task: {BEB90C98-7A07-49D5-9F18-7031FED170C7} – System32TasksBitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:Program FilesBitdefenderBitdefender Securitybdagent.exe [954456 2021-05-20] (Bitdefender SRL -> Bitdefender)
Task: {BFBBE493-CD18-4ED2-BA13-D656E1A87EDE} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cleanup => C:ProgramDataMicrosoftWindows Defenderplatform4.18.2104.14-0MpCmdRun.exe [595288 2021-05-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C88F3DD4-BC2E-4070-B7F8-972517706C94} – System32TasksBraveSoftwareUpdateTaskMachineUA => C:Program Files (x86)BraveSoftwareUpdateBraveUpdate.exe [162400 2021-05-15] (Brave Software, Inc. -> BraveSoftware Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:WindowsTasksCreateExplorerShellUnelevatedTask.job => C:Windowsexplorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip..Interfaces{0ca5e559-250d-49e7-b7b1-1784c34d1d0d}: [NameServer] 9.9.9.9
Tcpip..Interfaces{0ca5e559-250d-49e7-b7b1-1784c34d1d0d}: [DhcpNameServer] 9.9.9.9
Tcpip..Interfaces{d5796d03-315e-4620-ab98-b9aabd6348ca}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:UsersWinston SmithAppDataLocalMicrosoftEdgeUser DataDefault [2021-05-27]
Edge HKLM-x32…EdgeExtension: [pdhdldaneekjpoaldekpgomomeabpnek]
FireFox:
========
FF HKLM…FirefoxExtensions: [bdwtwe@bitdefender.com] – C:Program FilesBitdefenderBitdefender Securitybdwteff.xpi
FF Extension: (Bitdefender Wallet) – C:Program FilesBitdefenderBitdefender Securitybdwteff.xpi [2020-07-16] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/wallet/updates.json ]
FF HKLM…FirefoxExtensions: [bdtbe@bitdefender.com] – C:Program FilesBitdefenderBitdefender Securitybdtbef.xpi
FF Extension: (Bitdefender Anti-tracker) – C:Program FilesBitdefenderBitdefender Securitybdtbef.xpi [2020-09-17] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/antitracker/updates.json ]
FF HKLM…ThunderbirdExtensions: [bdThunderbird@bitdefender.com] – C:Program FilesBitdefenderBitdefender Securitybdtbext
FF Extension: (Bitdefender Antispam Toolbar) – C:Program FilesBitdefenderBitdefender Securitybdtbext [2021-04-28] [Legacy] [not signed]
FF HKLM-x32…FirefoxExtensions: [bdwtwe@bitdefender.com] – C:Program FilesBitdefenderBitdefender Securitybdwteff.xpi
FF HKLM-x32…FirefoxExtensions: [bdtbe@bitdefender.com] – C:Program FilesBitdefenderBitdefender Securitybdtbef.xpi
FF HKLM-x32…ThunderbirdExtensions: [bdThunderbird@bitdefender.com] – C:Program FilesBitdefenderBitdefender Securitybdtbext
Chrome:
=======
CHR Profile: C:UsersWinston SmithAppDataLocalGoogleChromeUser DataDefault [2021-05-20]
CHR Extension: (Slides) – C:UsersWinston SmithAppDataLocalGoogleChromeUser DataDefaultExtensionsaapocclcgogkmnckokdopfmhonfmgoek [2021-05-17]
CHR Extension: (Docs) – C:UsersWinston SmithAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [2021-05-17]
CHR Extension: (Google Drive) – C:UsersWinston SmithAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2021-05-17]
CHR Extension: (YouTube) – C:UsersWinston SmithAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2021-05-17]
CHR Extension: (Sheets) – C:UsersWinston SmithAppDataLocalGoogleChromeUser DataDefaultExtensionsfelcaaldnbdncclmgdcncolpebgiejap [2021-05-17]
CHR Extension: (Google Docs Offline) – C:UsersWinston SmithAppDataLocalGoogleChromeUser DataDefaultExtensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-17]
CHR Extension: (Bitdefender Anti-tracker) – C:UsersWinston SmithAppDataLocalGoogleChromeUser DataDefaultExtensionskhndhdhbebhaddchcgnalcjlaekbbeof [2021-05-17]
CHR Extension: (Chrome Web Store Payments) – C:UsersWinston SmithAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2021-05-17]
CHR Extension: (Gmail) – C:UsersWinston SmithAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2021-05-17]
CHR Extension: (Chrome Media Router) – C:UsersWinston SmithAppDataLocalGoogleChromeUser DataDefaultExtensionspkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-05-17]
CHR HKLM-x32…ChromeExtension: [gannpgaobkkhmpomoijebaigcapoeebl]
CHR HKLM-x32…ChromeExtension: [khndhdhbebhaddchcgnalcjlaekbbeof]
Brave:
=======
BRA Profile: C:UsersWinston SmithAppDataLocalBraveSoftwareBrave-BrowserUser DataDefault [2021-05-27]
BRA DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}&t=brave
BRA DefaultSearchKeyword: Default -> :d
BRA DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
BRA Extension: (TrafficLight) – C:UsersWinston SmithAppDataLocalBraveSoftwareBrave-BrowserUser DataDefaultExtensionscfnpidifppmenkapgihekkeednfoenal [2021-05-15]
BRA Extension: (Bitdefender Wallet) – C:UsersWinston SmithAppDataLocalBraveSoftwareBrave-BrowserUser DataDefaultExtensionsgannpgaobkkhmpomoijebaigcapoeebl [2021-05-15]
BRA Extension: (Bitdefender Anti-tracker) – C:UsersWinston SmithAppDataLocalBraveSoftwareBrave-BrowserUser DataDefaultExtensionskhndhdhbebhaddchcgnalcjlaekbbeof [2021-05-15]
BRA Extension: (Brave Local Data Files Updater) – C:UsersWinston SmithAppDataLocalBraveSoftwareBrave-BrowserUser Dataafalakplffnnnlkncjhbmahjfjhmlkal [2021-05-15]
BRA Extension: (Brave Ad Block Updater (Default)) – C:UsersWinston SmithAppDataLocalBraveSoftwareBrave-BrowserUser Datacffkpbalmllkdoenhmdmpbkajipdjfam [2021-05-26]
BRA Extension: (Brave NTP sponsored images) – C:UsersWinston SmithAppDataLocalBraveSoftwareBrave-BrowserUser Datagccbbckogglekeggclmmekihdgdpdgoe [2021-05-27]
BRA Extension: (Brave SpeedReader Updater) – C:UsersWinston SmithAppDataLocalBraveSoftwareBrave-BrowserUser Datajicbkmdloagakknpihibphagfckhjdih [2021-05-15]
BRA Extension: (Brave HTTPS Everywhere Updater) – C:UsersWinston SmithAppDataLocalBraveSoftwareBrave-BrowserUser Dataoofiananboodjbbmdelgdommihjbkfag [2021-05-26]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AfVpnService; C:Program FilesBitdefenderBitdefender VPNhydra.sdk.windows.service.exe [198256 2021-01-26] (Pango Inc. -> AnchorFree Inc.)
R2 BDAuxSrv; C:Program FilesBitdefenderBitdefender Securitybdservicehost.exe [798640 2020-10-02] (Bitdefender SRL -> Bitdefender)
R2 BDProtSrv; C:Program FilesBitdefenderBitdefender Securitybdservicehost.exe [798640 2020-10-02] (Bitdefender SRL -> Bitdefender)
R2 bdredline; C:Program FilesCommon FilesBitdefenderSetupInformationBitdefender RedLinebdredline.exe [2161256 2018-03-22] (Bitdefender SRL -> Bitdefender)
R2 BdVpnService; C:Program FilesBitdefenderBitdefender VPNbdvpnservice.exe [246888 2021-05-13] (Bitdefender SRL -> Bitdefender)
S2 brave; C:Program Files (x86)BraveSoftwareUpdateBraveUpdate.exe [162400 2021-05-15] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:Program Files (x86)BraveSoftwareUpdateBraveUpdate.exe [162400 2021-05-15] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 MBAMService; C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe [7391408 2021-05-15] (Malwarebytes Inc -> Malwarebytes)
R2 ProductAgentService; C:Program FilesBitdefender AgentProductAgentService.exe [1358248 2021-01-29] (Bitdefender SRL -> Bitdefender)
S3 Sense; C:Program FilesWindows Defender Advanced Threat ProtectionMsSense.exe [5393288 2021-05-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Surfshark Service; C:Program Files (x86)SurfsharkResourcesx64nssm.exe [440120 2020-06-15] (Surfshark Ltd. -> Surfshark)
R2 Surfshark Shadowsocks Service; C:Program Files (x86)SurfsharkResourcesx64nssm.exe [440120 2020-06-15] (Surfshark Ltd. -> Surfshark)
R2 UPDATESRV; C:Program FilesBitdefenderBitdefender Securityupdatesrv.exe [301144 2021-05-20] (Bitdefender SRL -> Bitdefender)
R2 VSSERV; C:Program FilesBitdefenderBitdefender Securitybdservicehost.exe [798640 2020-10-02] (Bitdefender SRL -> Bitdefender)
S3 WdNisSvc; C:ProgramDataMicrosoftWindows Defenderplatform4.18.2104.14-0NisSrv.exe [2599328 2021-05-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:ProgramDataMicrosoftWindows Defenderplatform4.18.2104.14-0MsMpEng.exe [128376 2021-05-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:WindowsSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_3784df9edffd3314Display.NvContainerNVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%NVIDIANVDisplay.ContainerLocalSystem.log -l 3 -d C:WindowsSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_3784df9edffd3314Display.NvContainerpluginsLocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystemLocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleKmdfFilter; C:WindowsSystem32driversAppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:WindowsSystem32driversAppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R1 atc; C:WindowsSystem32DRIVERSatc.sys [2718744 2021-02-26] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)
R2 BdDci; C:Windowssystem32DRIVERSbddci.sys [802976 2020-12-04] (Bitdefender SRL -> Bitdefender)
S0 bdelam; C:WindowsSystem32driversbdelam.sys [22976 2020-12-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
R0 bdprivmon; C:WindowsSystem32DRIVERSbdprivmon.sys [46056 2020-01-17] (Bitdefender SRL -> © Bitdefender SRL)
R0 Gemma; C:WindowsSystem32DRIVERSgemma.sys [488592 2021-02-16] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:WindowsSystem32DRIVERSgzflt.sys [195232 2020-09-03] (Bitdefender SRL -> BitDefender LLC)
R2 Ignis; C:Windowssystem32DRIVERSignis.sys [185312 2020-10-07] (Bitdefender SRL -> Bitdefender)
S3 logi_generic_hid_filter; C:Windowssystem32driverslogi_generic_hid_filter.sys [56568 2019-03-11] (Logitech Inc -> Logitech)
S3 logi_joy_bus_enum; C:Windowssystem32driverslogi_joy_bus_enum.sys [38136 2021-01-13] (Logitech Inc -> Logitech)
S3 logi_joy_hid_filter; C:Windowssystem32driverslogi_joy_hid_filter.sys [57592 2019-03-11] (Logitech Inc -> Logitech)
S3 logi_joy_hid_lo; C:Windowssystem32driverslogi_joy_hid_lo.sys [46840 2019-03-11] (Logitech Inc -> Logitech)
S3 logi_joy_vir_hid; C:Windowssystem32driverslogi_joy_vir_hid.sys [26672 2021-01-13] (Logitech Inc -> Logitech)
S3 logi_joy_xlcore; C:Windowssystem32driverslogi_joy_xlcore.sys [66808 2021-01-13] (Logitech Inc -> Logitech)
S3 logi_mouse_hid_filter; C:WindowsSystem32driverslogi_mouse_hid_filter.sys [56024 2019-03-11] (Logitech Inc -> Logitech)
R2 MBAMChameleon; C:WindowsSystem32DriversMbamChameleon.sys [220752 2021-05-15] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:WindowsSystem32DRIVERSMbamElam.sys [19912 2021-05-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:WindowsSystem32Driversmbamswissarmy.sys [248992 2021-05-15] (Malwarebytes Inc -> Malwarebytes)
S3 RzDev_0060; C:WindowsSystem32driversRzDev_0060.sys [51688 2018-04-22] (Razer USA Ltd. -> Razer Inc)
S3 RzDev_0078; C:WindowsSystem32driversRzDev_0078.sys [52504 2020-02-17] (Razer USA Ltd. -> Razer Inc)
S3 RzDev_007a; C:WindowsSystem32driversRzDev_007a.sys [52496 2020-02-17] (Razer USA Ltd. -> Razer Inc)
S3 RzDev_007e; C:WindowsSystem32driversRzDev_007e.sys [52288 2020-02-17] (Razer USA Ltd. -> Razer Inc)
S3 RzDev_0209; C:WindowsSystem32driversRzDev_0209.sys [52288 2020-02-17] (Razer USA Ltd. -> Razer Inc)
S3 RzDev_0306; C:WindowsSystem32driversRzDev_0306.sys [52504 2020-02-17] (Razer USA Ltd. -> Razer Inc)
S3 ssbthid; C:WindowsSystem32driversssbthid.sys [45752 2020-10-08] (SteelSeries ApS -> SteelSeries ApS)
S3 ssdevfactory; C:WindowsSystem32driversssdevfactory.sys [48848 2020-12-21] (SteelSeries ApS -> SteelSeries ApS)
S3 sshid; C:WindowsSystem32driverssshid.sys [57440 2020-12-21] (SteelSeries ApS -> SteelSeries ApS)
S3 SurfsharkSplitTunnelDriver; C:Program Files (x86)SurfsharkResourcesx64SurfsharkSplitTunnelCalloutDriver.sys [39648 2020-12-28] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 tap0901; C:WindowsSystem32driverstap0901.sys [47920 2020-02-20] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 tapsurfshark; C:WindowsSystem32driverstapsurfshark.sys [38728 2020-06-15] (WDKTestCert Lenovo,131775874531219913 -> The OpenVPN Project)
R0 trufos; C:WindowsSystem32DRIVERStrufos.sys [641728 2021-02-26] (Bitdefender SRL -> Bitdefender)
S3 t_mouse.sys; C:WindowsSystem32driverst_mouse.sys [6144 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> )
S0 WdBoot; C:WindowsSystem32driverswdWdBoot.sys [49560 2021-05-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:WindowsSystem32driverswdWdFilter.sys [421112 2021-05-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:WindowsSystem32driverswdWdNisDrv.sys [73960 2021-05-15] (Microsoft Windows -> Microsoft Corporation)
R3 wintunshark; C:Windowssystem32DRIVERSwintunshark.sys [31096 2020-09-17] (WDKTestCert nikod,132409123292239223 -> Surfshark Ltd)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-05-26 21:19 – 2021-05-26 23:30 – 000008253 _____ C:UsersWinston SmithDesktopNetStat.txt
2021-05-26 12:54 – 2021-05-26 12:54 – 000001575 _____ C:Windowssystem32configVSMIDK
2021-05-26 12:53 – 2021-05-26 12:53 – 000000000 ___SD C:Windowssystem32containers
2021-05-26 12:53 – 2021-05-26 12:53 – 000000000 ____D C:Windowssystem32HvsiSettingsProviders
2021-05-20 16:57 – 2021-05-20 16:57 – 000000000 _____ C:UsersWinston SmithDesktopG1.txt
2021-05-17 14:49 – 2021-05-17 14:54 – 000000000 ____D C:UsersWinston SmithAppDataLocalGoogle
2021-05-17 14:49 – 2021-05-17 14:49 – 000003418 _____ C:Windowssystem32TasksGoogleUpdateTaskMachineUA
2021-05-17 14:49 – 2021-05-17 14:49 – 000003294 _____ C:Windowssystem32TasksGoogleUpdateTaskMachineCore
2021-05-17 14:49 – 2021-05-17 14:49 – 000002330 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk
2021-05-17 14:49 – 2021-05-17 14:49 – 000002289 _____ C:UsersPublicDesktopGoogle Chrome.lnk
2021-05-17 14:49 – 2021-05-17 14:49 – 000002289 _____ C:ProgramDataDesktopGoogle Chrome.lnk
2021-05-17 14:49 – 2021-05-17 14:49 – 000000000 ____D C:Program FilesGoogle
2021-05-17 14:49 – 2021-05-17 14:49 – 000000000 ____D C:Program Files (x86)Google
2021-05-17 14:47 – 2021-05-17 14:47 – 001310832 _____ (Google LLC) C:UsersWinston SmithDownloadsChromeSetup.exe
2021-05-17 12:39 – 2021-05-17 12:39 – 000000000 ____D C:UsersWinston SmithAppDataLocalCrashDumps
2021-05-17 11:55 – 2021-05-17 12:01 – 004379204 _____ C:UsersWinston SmithDocumentsATkey_Manual.pdf
2021-05-16 05:33 – 2021-05-17 15:07 – 000000000 ____D C:UsersWinston SmithAppDataLocalD3DSCache
2021-05-16 00:23 – 2021-05-16 00:23 – 000000000 ____D C:Program FilesIntel
2021-05-16 00:23 – 2021-05-16 00:23 – 000000000 _____ C:Rule.txt
2021-05-16 00:23 – 2021-05-16 00:17 – 000432560 _____ (Intel Corporation) C:Windowssystem32PROUnstl.exe
2021-05-16 00:23 – 2021-05-16 00:17 – 000001088 ____N C:Windowssystem32SetupBD.din
2021-05-16 00:17 – 2021-05-16 00:18 – 000000000 ____D C:UsersWinston SmithDownloads26_2
2021-05-16 00:06 – 2021-05-16 00:14 – 710281897 _____ C:UsersWinston SmithDownloads26_2.zip
2021-05-15 22:44 – 2021-05-16 06:13 – 000000000 ____D C:ProgramDataSurfshark
2021-05-15 22:44 – 2021-05-15 22:44 – 000001025 _____ C:UsersPublicDesktopSurfshark.lnk
2021-05-15 22:44 – 2021-05-15 22:44 – 000001025 _____ C:ProgramDataDesktopSurfshark.lnk
2021-05-15 22:44 – 2021-05-15 22:44 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsSurfshark
2021-05-15 22:44 – 2021-05-15 22:44 – 000000000 ____D C:ProgramDataCaphyon
2021-05-15 22:44 – 2021-05-15 22:44 – 000000000 ____D C:Program Files (x86)Surfshark
2021-05-15 22:43 – 2021-05-17 16:03 – 000000000 ____D C:UsersWinston SmithAppDataRoamingSurfshark
2021-05-15 22:43 – 2021-05-15 22:43 – 000000000 ____D C:Program FilesSurfshark
2021-05-15 21:56 – 2021-05-15 21:56 – 026893576 _____ (Surfshark) C:UsersWinston SmithDownloadsSurfsharkSetup.exe
2021-05-15 16:57 – 2021-05-15 16:57 – 000001086 _____ C:UsersPublicDesktopRevo Uninstaller.lnk
2021-05-15 16:57 – 2021-05-15 16:57 – 000001086 _____ C:ProgramDataDesktopRevo Uninstaller.lnk
2021-05-15 16:57 – 2021-05-15 16:57 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsRevo Uninstaller
2021-05-15 16:57 – 2021-05-15 16:57 – 000000000 ____D C:Program FilesVS Revo Group
2021-05-15 16:56 – 2021-05-15 16:56 – 007495512 _____ (VS Revo Group ) C:UsersWinston SmithDownloadsrevosetup.exe
2021-05-15 16:47 – 2021-05-15 16:48 – 000001870 _____ C:UsersWinston SmithDesktopRkill.txt
2021-05-15 16:46 – 2021-05-15 16:47 – 000069182 _____ C:TDSSKiller.3.1.0.28_15.05.2021_13.46.41_log.txt
2021-05-15 16:44 – 2021-05-15 16:44 – 040488656 _____ (Adlice Software ) C:UsersWinston SmithDownloadsRogueKiller_setup.exe
2021-05-15 16:43 – 2021-05-15 16:48 – 000000000 ____D C:Program FilesrKill
2021-05-15 16:40 – 2021-05-15 16:40 – 000000000 ____D C:Program FilesKaspesky
2021-05-15 16:38 – 2021-05-15 16:40 – 000000000 ____D C:UsersWinston SmithDownloadstdsskiller
2021-05-15 16:36 – 2021-05-15 16:36 – 004962800 _____ C:UsersWinston SmithDownloadstdsskiller.zip
2021-05-15 16:10 – 2021-05-26 14:37 – 070254592 _____ C:Windowssystem32configSOFTWARE
2021-05-15 16:08 – 2021-05-15 16:10 – 000000000 ____D C:WindowsMicrosoft Antimalware
2021-05-15 15:28 – 2021-05-27 12:22 – 000000000 ____D C:Program FilesFarbar
2021-05-15 15:27 – 2021-05-27 12:22 – 000000000 ____D C:FRST
2021-05-15 15:24 – 2021-05-15 15:24 – 000000000 ____D C:UsersWinston SmithAppDataLocalOneDrive
2021-05-15 14:57 – 2021-05-15 14:57 – 000000000 ____D C:Program FilesAdwCleaner
2021-05-15 14:55 – 2021-05-15 14:59 – 000000000 ____D C:AdwCleaner
2021-05-15 14:40 – 2021-05-15 14:40 – 000000000 ____D C:UsersWinston SmithAppDataLocalmbam
2021-05-15 14:39 – 2021-05-15 14:39 – 000248992 _____ (Malwarebytes) C:Windowssystem32Driversmbamswissarmy.sys
2021-05-15 14:39 – 2021-05-15 14:39 – 000220752 _____ (Malwarebytes) C:Windowssystem32DriversMbamChameleon.sys
2021-05-15 14:39 – 2021-05-15 14:39 – 000199128 _____ (Malwarebytes) C:Windowssystem32Driversmbae64.sys
2021-05-15 14:39 – 2021-05-15 14:39 – 000019912 _____ (Malwarebytes) C:Windowssystem32DriversMbamElam.sys
2021-05-15 14:39 – 2021-05-15 14:39 – 000000000 ____D C:ProgramDataMalwarebytes
2021-05-15 14:39 – 2021-05-15 14:39 – 000000000 ____D C:Program FilesMalwarebytes
2021-05-15 14:38 – 2021-05-15 14:38 – 002078632 _____ (Malwarebytes) C:UsersWinston SmithDownloadsMBSetup.exe
2021-05-15 14:32 – 2021-05-15 17:06 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsRack – Cleaners
2021-05-15 14:22 – 2021-05-15 14:22 – 000000000 ____D C:UsersWinston SmithAppDataRoamingMicrosoftWindowsStart MenuProgramsSYStools-Rack
2021-05-15 14:19 – 2021-05-15 14:20 – 000000000 ____D C:Program Files (x86)SYStools-Rack
2021-05-15 14:09 – 2021-05-15 14:09 – 000208256 _____ C:ProgramDatavpn.1621102141.bdinstall.v2.bin
2021-05-15 14:09 – 2021-05-15 14:09 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsBitdefender VPN
2021-05-15 14:09 – 2021-05-15 14:09 – 000000000 ____D C:ProgramDataBitdefender VPN
2021-05-15 14:09 – 2021-05-15 14:09 – 000000000 ____D C:ProgramDataAnchorFree_Inc
2021-05-15 14:08 – 2021-05-15 14:08 – 000774428 _____ C:ProgramDatacl.1621101941.bdinstall.v2.bin
2021-05-15 14:08 – 2021-05-15 14:08 – 000104068 _____ C:ProgramDatacl.kit.1621101934.bdinstall.v2.bin
2021-05-15 14:08 – 2021-05-15 14:08 – 000003420 _____ C:Windowssystem32TasksBitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C
2021-05-15 14:08 – 2021-05-15 14:08 – 000000000 ____D C:ProgramData48C4687D-9760-4F5B-BAB3-60351B0841E4
2021-05-15 14:06 – 2021-05-15 14:06 – 000003802 _____ C:Windowssystem32TasksBitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2021-05-15 14:06 – 2021-05-15 14:06 – 000000000 ____D C:Windowssystem32elambkup
2021-05-15 14:06 – 2021-05-15 14:06 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsBitdefender Security
2021-05-15 14:06 – 2021-05-15 14:06 – 000000000 ____D C:ProgramDataGemma
2021-05-15 14:06 – 2021-05-15 14:06 – 000000000 ____D C:ProgramDataBDLogging
2021-05-15 14:06 – 2021-05-15 14:06 – 000000000 ____D C:ProgramDataAtc
2021-05-15 14:06 – 2021-02-26 16:40 – 002718744 _____ (Bitdefender S.R.L. Bucharest, ROMANIA) C:Windowssystem32Driversatc.sys
2021-05-15 14:06 – 2021-02-16 18:31 – 000488592 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:Windowssystem32Driversgemma.sys
2021-05-15 14:06 – 2020-12-18 05:33 – 000022976 _____ (Bitdefender) C:Windowssystem32Driversbdelam.sys
2021-05-15 14:06 – 2020-12-04 19:15 – 000802976 _____ (Bitdefender) C:Windowssystem32Driversbddci.sys
2021-05-15 14:06 – 2020-01-17 06:03 – 000046056 _____ (© Bitdefender SRL) C:Windowssystem32Driversbdprivmon.sys
2021-05-15 14:05 – 2021-05-15 14:22 – 000000000 ____D C:ProgramDataBitdefender
2021-05-15 14:05 – 2021-05-15 14:09 – 000000000 ____D C:Program FilesBitdefender
2021-05-15 14:05 – 2021-05-15 14:05 – 000118136 _____ C:ProgramDataagent.1621101897.bdinstall.v2.bin
2021-05-15 14:05 – 2021-05-15 14:05 – 000000000 ____D C:UsersWinston SmithAppDataRoamingBitdefender
2021-05-15 14:05 – 2021-05-15 14:05 – 000000000 ____D C:Program FilesCommon FilesBitdefender
2021-05-15 14:05 – 2021-02-26 21:31 – 000641728 _____ (Bitdefender) C:Windowssystem32Driverstrufos.sys
2021-05-15 14:05 – 2020-10-07 14:30 – 000185312 _____ (Bitdefender) C:Windowssystem32Driversignis.sys
2021-05-15 14:05 – 2020-09-03 08:20 – 000195232 _____ (BitDefender LLC) C:Windowssystem32Driversgzflt.sys
2021-05-15 14:04 – 2021-05-15 14:08 – 000000000 ____D C:Program FilesBitdefender Agent
2021-05-15 14:04 – 2021-05-15 14:04 – 013568464 _____ C:UsersWinston SmithDownloadsbitdefender_windows_3101ff80-da9a-493e-a4d2-5aee6a7731f9.exe
2021-05-15 14:04 – 2021-05-15 14:04 – 000000000 ____D C:ProgramDataBitdefender Agent
2021-05-15 13:59 – 2021-05-25 23:36 – 000002371 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsBrave.lnk
2021-05-15 13:58 – 2021-05-15 13:59 – 000000000 ____D C:UsersWinston SmithAppDataLocalBraveSoftware
2021-05-15 13:58 – 2021-05-15 13:58 – 001243504 _____ (BraveSoftware Inc.) C:UsersWinston SmithDownloadsBraveBrowserSetup.exe
2021-05-15 13:58 – 2021-05-15 13:58 – 000003438 _____ C:Windowssystem32TasksBraveSoftwareUpdateTaskMachineUA
2021-05-15 13:58 – 2021-05-15 13:58 – 000003314 _____ C:Windowssystem32TasksBraveSoftwareUpdateTaskMachineCore
2021-05-15 13:58 – 2021-05-15 13:58 – 000000000 ____D C:Program FilesBraveSoftware
2021-05-15 13:58 – 2021-05-15 13:58 – 000000000 ____D C:Program Files (x86)BraveSoftware
2021-05-15 13:27 – 2021-05-15 13:47 – 000000000 ____D C:UsersWinston SmithAppDataRoamingBitwarden
2021-05-15 13:27 – 2021-05-15 13:27 – 000000862 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsBitwarden.lnk
2021-05-15 13:27 – 2021-05-15 13:27 – 000000000 ____D C:UsersWinston SmithAppDataLocalbitwarden-updater
2021-05-15 13:25 – 2021-05-15 13:25 – 000710864 _____ (Bitwarden Inc.) C:UsersWinston SmithDownloadsBitwarden-Installer-1.26.3.exe
2021-05-15 13:19 – 2021-05-15 13:19 – 000000000 ____D C:UsersWinston SmithAppDataLocalSteam
2021-05-15 13:19 – 2021-05-15 13:19 – 000000000 ____D C:UsersWinston SmithAppDataLocalCEF
2021-05-15 13:18 – 2021-05-15 13:18 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsSteam
2021-05-15 12:38 – 2021-05-15 12:55 – 000003214 __RSH C:ProgramDatantuser.pol
2021-05-15 12:15 – 2021-05-15 12:15 – 000000000 ___HD C:OneDriveTemp
2021-05-15 12:10 – 2021-05-15 12:10 – 002755584 _____ (Microsoft Corporation) C:WindowsSysWOW64mshtml.tlb
2021-05-15 12:10 – 2021-05-15 12:10 – 002755584 _____ (Microsoft Corporation) C:Windowssystem32mshtml.tlb
2021-05-15 12:10 – 2021-05-15 12:10 – 001314120 _____ (Microsoft Corporation) C:Windowssystem32SecConfig.efi
2021-05-15 12:10 – 2021-05-15 12:10 – 001163776 _____ C:Windowssystem32MBR2GPT.EXE
2021-05-15 12:10 – 2021-05-15 12:10 – 000700928 _____ C:Windowssystem32FsNVSDeviceSource.dll
2021-05-15 12:10 – 2021-05-15 12:10 – 000164168 _____ C:Windowssystem32cmdiag.exe
2021-05-15 12:10 – 2021-05-15 12:10 – 000157184 _____ C:Windowssystem32uwfcsp.dll
2021-05-15 12:10 – 2021-05-15 12:10 – 000153600 _____ C:Windowssystem32uwfcfgmgmt.dll
2021-05-15 12:10 – 2021-05-15 12:10 – 000103936 _____ C:Windowssystem32cmimageworker.exe
2021-05-15 12:10 – 2021-05-15 12:10 – 000060928 _____ C:Windowssystem32runexehelper.exe
2021-05-15 12:10 – 2021-05-15 12:10 – 000014848 _____ C:Windowssystem32hnsproxy.dll
2021-05-15 12:10 – 2021-05-15 12:10 – 000011351 _____ C:Windowssystem32DrtmAuthTxt.wim
2021-05-15 12:09 – 2021-05-15 12:09 – 001823816 _____ (Microsoft Corporation) C:Windowssystem32winload.efi
2021-05-15 12:09 – 2021-05-15 12:09 – 001393504 _____ (Microsoft Corporation) C:Windowssystem32winresume.efi
2021-05-15 12:09 – 2021-05-15 12:09 – 000165888 _____ C:Windowssystem32DataStoreCacheDumpTool.exe
2021-05-15 12:09 – 2021-05-15 12:09 – 000013312 _____ C:Windowssystem32agentactivationruntimestarter.exe
2021-05-15 12:04 – 2021-05-15 12:04 – 000000000 ____D C:Program FilesMicrosoft Update Health Tools
2021-05-15 12:02 – 2021-05-15 12:03 – 000000000 ____D C:Windowssystem32MRT
2021-05-15 12:02 – 2021-05-15 12:02 – 000000000 ___HD C:$WinREAgent
2021-05-14 16:53 – 2021-05-17 11:14 – 000000000 ____D C:UsersWinston SmithAppDataLocalPlaceholderTileLogoFolder
2021-05-14 16:09 – 2021-05-14 16:09 – 000000000 ____D C:UsersWinston SmithAppDataLocalLowTemp
2021-05-10 12:58 – 2021-05-10 12:58 – 000000000 ____D C:UsersWinston SmithAppDataLocalElevatedDiagnostics
2021-05-10 12:52 – 2021-05-10 12:58 – 000240422 _____ C:Windowsntbtlog.txt
2021-05-10 12:52 – 2021-05-10 12:52 – 000000214 _____ C:WindowsTasksCreateExplorerShellUnelevatedTask.job
2021-04-30 20:50 – 2021-04-30 20:50 – 001718626 _____ (pendrivelinux.com) C:UsersWinston SmithDownloadsYUMI-2.0.8.7.exe
2021-04-30 15:01 – 2021-04-30 15:01 – 000000000 ____H C:Windowssystem32DriversMsft_User_WpdFs_01_11_00.Wdf
2021-04-30 14:50 – 2021-04-30 14:50 – 000000000 ____D C:UsersWinston SmithAppDataLocalPeerDistRepub
2021-04-30 14:36 – 2021-04-30 14:36 – 000000000 ____D C:UsersWinston SmithAppDataLocalComms
2021-04-30 14:21 – 2021-05-15 12:20 – 000000000 ___RD C:UsersWinston SmithOneDrive
2021-04-30 14:21 – 2021-05-14 16:52 – 000003396 _____ C:Windowssystem32TasksOneDrive Standalone Update Task-S-1-5-21-1122837440-1392308684-3391438225-1001
2021-04-30 14:21 – 2021-04-30 14:21 – 000000000 ____D C:ProgramDataMicrosoft OneDrive
2021-04-30 14:19 – 2021-05-26 14:27 – 000000000 ____D C:UsersWinston SmithAppDataLocalPackages
2021-04-30 14:19 – 2021-05-15 12:14 – 000000000 ____D C:UsersWinston SmithAppDataLocalConnectedDevicesPlatform
2021-04-30 14:19 – 2021-05-15 12:05 – 000000000 __RHD C:UsersPublicAccountPictures
2021-04-30 14:19 – 2021-05-15 12:01 – 000000000 ____D C:ProgramDataPackages
2021-04-30 14:19 – 2021-04-30 14:19 – 000000000 ___RD C:UsersWinston Smith3D Objects
2021-04-30 14:19 – 2021-04-30 14:19 – 000000000 ____D C:UsersWinston SmithAppDataRoamingAdobe
2021-04-30 14:19 – 2021-04-30 14:19 – 000000000 ____D C:UsersWinston SmithAppDataLocalVirtualStore
2021-04-30 14:19 – 2021-04-30 14:19 – 000000000 ____D C:UsersWinston SmithAppDataLocalPublishers
2021-04-30 14:18 – 2021-05-14 16:52 – 000002398 _____ C:UsersWinston SmithAppDataRoamingMicrosoftWindowsStart MenuProgramsOneDrive.lnk
2021-04-30 14:18 – 2021-05-10 12:47 – 000000000 ____D C:UsersWinston Smith
2021-04-30 14:18 – 2021-04-30 14:18 – 000000020 ___SH C:UsersWinston Smithntuser.ini
2021-04-30 14:12 – 2021-05-26 21:06 – 000795742 _____ C:Windowssystem32PerfStringBackup.INI
2021-04-30 14:08 – 2021-04-30 14:08 – 000000000 _SHDL C:UsersDefault User
2021-04-30 14:08 – 2021-04-30 14:08 – 000000000 _SHDL C:UsersAll Users
2021-04-30 14:08 – 2021-04-30 14:08 – 000000000 _SHDL C:Documents and Settings
2021-04-30 11:20 – 2021-05-27 11:20 – 000000000 ____D C:Windowssystem32SleepStudy
2021-04-30 11:20 – 2021-05-26 21:02 – 000008192 ___SH C:DumpStack.log.tmp
2021-04-30 11:20 – 2021-05-26 21:02 – 000000006 ____H C:WindowsTasksSA.DAT
2021-04-30 11:20 – 2021-05-25 23:35 – 000002445 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk
2021-04-30 11:20 – 2021-05-15 12:13 – 000258688 _____ C:Windowssystem32FNTCACHE.DAT
2021-04-30 11:20 – 2021-05-15 12:09 – 000000000 ____D C:Windowssystem32Driverswd
2021-04-30 11:20 – 2021-05-15 12:04 – 000003480 _____ C:Windowssystem32TasksMicrosoftEdgeUpdateTaskMachineUA
2021-04-30 11:20 – 2021-05-15 12:04 – 000003356 _____ C:Windowssystem32TasksMicrosoftEdgeUpdateTaskMachineCore
2021-04-30 11:20 – 2021-04-30 16:15 – 000000000 ____D C:ProgramDataNVIDIA Corporation
2021-04-30 11:20 – 2021-04-30 11:20 – 000000000 ____D C:Windowssystem32lxss
2021-04-30 11:20 – 2021-04-30 11:20 – 000000000 ____D C:Windowssystem32DriversNVIDIA Corporation
2021-04-30 11:20 – 2021-04-30 11:20 – 000000000 ____D C:WindowsServiceProfiles
2021-04-30 03:21 – 2021-04-30 14:11 – 000000000 ____D C:WindowsPanther
2021-04-30 03:19 – 2021-04-30 03:19 – 000000000 ____D C:Program FilesSteelSeries
2021-04-30 03:18 – 2021-04-30 03:18 – 000008192 _____ C:Windowssystem32configuserdiff
2021-04-30 03:18 – 2021-04-30 03:18 – 000000000 ____D C:Program Files (x86)Razer
2021-04-30 03:17 – 2021-04-30 03:17 – 000000000 ____D C:WindowsSysWOW64winrm
2021-04-30 03:17 – 2021-04-30 03:17 – 000000000 ____D C:WindowsSysWOW64WCN
2021-04-30 03:17 – 2021-04-30 03:17 – 000000000 ____D C:WindowsSysWOW64sysprep
2021-04-30 03:17 – 2021-04-30 03:17 – 000000000 ____D C:WindowsSysWOW64slmgr
2021-04-30 03:17 – 2021-04-30 03:17 – 000000000 ____D C:WindowsSysWOW64Printing_Admin_Scripts
2021-04-30 03:17 – 2021-04-30 03:17 – 000000000 ____D C:WindowsSysWOW64MailContactsCalendarSync
2021-04-30 03:17 – 2021-04-30 03:17 – 000000000 ____D C:WindowsSysWOW64�409
2021-04-30 03:17 – 2021-04-30 03:17 – 000000000 ____D C:Windowssystem32winrm
2021-04-30 03:17 – 2021-04-30 03:17 – 000000000 ____D C:Windowssystem32WCN
2021-04-30 03:17 – 2021-04-30 03:17 – 000000000 ____D C:Windowssystem32slmgr
2021-04-30 03:17 – 2021-04-30 03:17 – 000000000 ____D C:Windowssystem32Printing_Admin_Scripts
2021-04-30 03:17 – 2021-04-30 03:17 – 000000000 ____D C:Windowssystem32MailContactsCalendarSync
2021-04-30 03:17 – 2021-04-30 03:17 – 000000000 ____D C:Windowssystem32�409
2021-04-30 03:17 – 2021-04-30 03:17 – 000000000 ____D C:WindowsSetup
2021-04-30 03:17 – 2021-04-30 03:17 – 000000000 ____D C:WindowsOCR
2021-04-30 03:17 – 2021-04-30 03:17 – 000000000 ____D C:WindowsDigitalLocker
2021-04-30 03:15 – 2021-05-27 12:23 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft
2021-04-30 03:15 – 2021-05-26 22:38 – 000000000 ____D C:WindowsINF
2021-04-30 03:15 – 2021-05-26 21:46 – 000000000 ___HD C:Program FilesWindowsApps
2021-04-30 03:15 – 2021-05-26 21:46 – 000000000 ____D C:WindowsAppReadiness
2021-04-30 03:15 – 2021-05-26 14:26 – 000000000 ____D C:Windowssystem32NDF
2021-04-30 03:15 – 2021-05-17 14:49 – 000000000 ___RD C:Program Files (x86)
2021-04-30 03:15 – 2021-05-17 11:32 – 000000000 ____D C:WindowsLiveKernelReports
2021-04-30 03:15 – 2021-05-15 23:10 – 000000000 ____D C:WindowsSystemResources
2021-04-30 03:15 – 2021-05-15 23:10 – 000000000 ____D C:Windowssystem32setup
2021-04-30 03:15 – 2021-05-15 23:10 – 000000000 ____D C:WindowsPolicyDefinitions
2021-04-30 03:15 – 2021-05-15 14:39 – 000000000 ___HD C:WindowsELAMBKUP
2021-04-30 03:15 – 2021-05-15 14:11 – 000000000 ___SD C:WindowsDownloaded Program Files
2021-04-30 03:15 – 2021-05-15 14:11 – 000000000 ___RD C:WindowsOffline Web Pages
2021-04-30 03:15 – 2021-05-15 12:37 – 000000000 ___HD C:Windowssystem32GroupPolicy
2021-04-30 03:15 – 2021-05-15 12:15 – 000000000 ___RD C:WindowsImmersiveControlPanel
2021-04-30 03:15 – 2021-05-15 12:12 – 000000000 ___RD C:WindowsPrintDialog
2021-04-30 03:15 – 2021-05-15 12:12 – 000000000 ____D C:WindowsSysWOW64WinMetadata
2021-04-30 03:15 – 2021-05-15 12:12 – 000000000 ____D C:WindowsSysWOW64setup
2021-04-30 03:15 – 2021-05-15 12:12 – 000000000 ____D C:WindowsSysWOW64oobe
2021-04-30 03:15 – 2021-05-15 12:12 – 000000000 ____D C:WindowsSysWOW64Dism
2021-04-30 03:15 – 2021-05-15 12:12 – 000000000 ____D C:Windowssystem32WinMetadata
2021-04-30 03:15 – 2021-05-15 12:12 – 000000000 ____D C:Windowssystem32SystemResetPlatform
2021-04-30 03:15 – 2021-05-15 12:12 – 000000000 ____D C:Windowssystem32oobe
2021-04-30 03:15 – 2021-05-15 12:12 – 000000000 ____D C:Windowssystem32Dism
2021-04-30 03:15 – 2021-05-15 12:12 – 000000000 ____D C:WindowsProvisioning
2021-04-30 03:15 – 2021-05-15 12:12 – 000000000 ____D C:WindowsDiagTrack
2021-04-30 03:15 – 2021-05-15 12:12 – 000000000 ____D C:Windowsbcastdvr
2021-04-30 03:15 – 2021-05-15 12:12 – 000000000 ____D C:Program FilesWindows Defender Advanced Threat Protection
2021-04-30 03:15 – 2021-05-15 12:08 – 000000000 ____D C:Program FilesWindows Defender
2021-04-30 03:15 – 2021-05-14 16:52 – 000000000 ____D C:Windowsappcompat
2021-04-30 03:15 – 2021-05-10 13:42 – 000000000 ____D C:Windowssystem32MsDtc
2021-04-30 03:15 – 2021-05-10 12:47 – 000000000 ____D C:Windowssystem32configTxR
2021-04-30 03:15 – 2021-04-30 16:58 – 000000000 ____D C:ProgramDataUSOPrivate
2021-04-30 03:15 – 2021-04-30 14:36 – 000000000 ____D C:WindowsServiceState
2021-04-30 03:15 – 2021-04-30 14:18 – 000000000 ____D C:Windowssystem32WinBioDatabase
2021-04-30 03:15 – 2021-04-30 14:11 – 000000000 ____D C:Windowssystem32spool
2021-04-30 03:15 – 2021-04-30 14:07 – 000000000 ____D C:WindowsCSC
2021-04-30 03:15 – 2021-04-30 11:20 – 000000000 ____D C:Windowssystem32DriversDriverData
2021-04-30 03:15 – 2021-04-30 05:06 – 000028672 _____ C:Windowssystem32configBCD-Template
2021-04-30 03:15 – 2021-04-30 03:21 – 000000000 ____D C:WindowsContainers
2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ___SD C:WindowsSysWOW64F12
2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ___SD C:WindowsSysWOW64DiagSvcs
2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ___SD C:Windowssystem32F12
2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ___SD C:Windowssystem32dsc
2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ___SD C:Windowssystem32DiagSvcs
2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ____D C:WindowsSysWOW64MUI
2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ____D C:WindowsSysWOW64Com
2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ____D C:Windowssystem32WinBioPlugIns
2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ____D C:Windowssystem32Sysprep
2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ____D C:Windowssystem32PerceptionSimulation
2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ____D C:Windowssystem32MUI
2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ____D C:Windowssystem32migwiz
2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ____D C:Windowssystem32Com
2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ____D C:WindowsIME
2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ____D C:WindowsHelp
2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ____D C:Program FilesWindows Photo Viewer
2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ____D C:Program FilesWindows NT
2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ____D C:Program FilesCommon FilesSystem
2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ____D C:Program FilesCommon Filesmicrosoft shared
2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ____D C:Program Files (x86)Windows Photo Viewer
2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ____D C:Program Files (x86)Windows NT
2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ____D C:Program Files (x86)Windows Defender
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 __SHD C:WindowsBitLockerDiscoveryVolumeContents
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 __SHD C:Program FilesWindows Sidebar
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 __SHD C:Program Files (x86)Windows Sidebar
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 __RSD C:WindowsMedia
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 __RHD C:UsersPublicLibraries
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ___SD C:WindowsSysWOW64Nui
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ___SD C:WindowsSysWOW64Configuration
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ___SD C:Windowssystem32UNP
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ___SD C:Windowssystem32Nui
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ___SD C:Windowssystem32Configuration
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ___SD C:Windowssystem32AppV
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ___HD C:WindowsLanguageOverlayCache
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsWeb
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsWaaS
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsVss
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowstracing
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsTAPI
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSysWOW64SMI
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSysWOW64ras
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSysWOW64PerceptionSimulation
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSysWOW64NDF
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSysWOW64Msdtc
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSysWOW64migwiz
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSysWOW64Keywords
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSysWOW64Ipmi
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSysWOW64InputMethod
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSysWOW64inetsrv
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSysWOW64IME
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSysWOW64icsxml
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSysWOW64GroupPolicyUsers
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSysWOW64GroupPolicy
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSysWOW64downlevel
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSysWOW64Bthprops
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSysWOW64AppLocker
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSysWOW64AdvancedInstallers
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSystemApps
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32winevt
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32ti-et
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32ta-lk
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32ta-in
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32si-lk
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32ShellExperiences
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32Sgrm
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32SecureBootUpdates
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32ras
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32ProximityToast
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32PointOfService
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32osa-Osge-001
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32my-mm
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32Keywords
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32Ipmi
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32InputMethod
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32inetsrv
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32IME
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32icsxml
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32ias
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32Hydrogen
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32GroupPolicyUsers
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32ff-Adlm-SN
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32DriverState
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32downlevel
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32DDFs
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32ContainerSettingsProviders
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32configsystemprofile
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32configRegBack
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32configJournal
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32Bthprops
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32appraiser
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32AppLocker
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32am-et
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32AdvancedInstallers
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSystem
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSKB
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsShellExperiences
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsShellComponents
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssecurity
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowsschemas
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSchCache
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsResources
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowsrescache
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsRemotePackages
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsRegistration
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsPLA
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsPerformance
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsModemLogs
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsL2Schemas
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsInputMethod
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsIdentityCRL
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsGlobalization
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsGameBarPresenceWriter
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsCursors
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsBranding
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:ProgramDataWindowsHolographicDevices
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:ProgramDataUSOShared
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Program FilesWindows Security
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Program FilesWindows Portable Devices
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Program FilesWindows Multimedia Platform
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Program FilesModifiableWindowsApps
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Program FilesCommon FilesServices
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Program Files (x86)Windows Portable Devices
2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Program Files (x86)Windows Multimedia Platform
2021-04-30 03:15 – 2021-04-30 03:14 – 000215943 _____ C:WindowsSysWOW64dssec.dat
2021-04-30 03:15 – 2021-04-30 03:14 – 000215943 _____ C:Windowssystem32dssec.dat
2021-04-30 03:15 – 2021-04-30 03:14 – 000020908 _____ C:Windowssystem32OEMDefaultAssociations.xml
2021-04-30 03:15 – 2021-04-30 03:14 – 000017635 _____ C:Windowssystem32Driversetcservices
2021-04-30 03:15 – 2021-04-30 03:14 – 000003683 _____ C:Windowssystem32Driversetclmhosts.sam
2021-04-30 03:15 – 2021-04-30 03:14 – 000003103 _____ C:WindowsSysWOW64mmc.exe.config
2021-04-30 03:15 – 2021-04-30 03:14 – 000003103 _____ C:Windowssystem32mmc.exe.config
2021-04-30 03:15 – 2021-04-30 03:14 – 000001358 _____ C:Windowssystem32Driversetcprotocol
2021-04-30 03:15 – 2021-04-30 03:14 – 000000858 _____ C:Windowssystem32DefaultQuestions.json
2021-04-30 03:15 – 2021-04-30 03:14 – 000000741 _____ C:WindowsSysWOW64NOISE.DAT
2021-04-30 03:15 – 2021-04-30 03:14 – 000000741 _____ C:Windowssystem32NOISE.DAT
2021-04-30 03:15 – 2021-04-30 03:14 – 000000407 _____ C:Windowssystem32Driversetcnetworks
2021-04-30 03:15 – 2021-04-30 03:14 – 000000219 _____ C:Windowssystem.ini
2021-04-30 03:15 – 2021-04-30 03:14 – 000000092 _____ C:Windowswin.ini
2021-04-30 03:12 – 2021-05-26 12:53 – 000000000 ____D C:WindowsCbsTemp
2021-04-30 03:11 – 2021-05-26 14:37 – 014417920 _____ C:Windowssystem32configSYSTEM
2021-04-30 03:11 – 2021-05-26 14:37 – 000524288 _____ C:Windowssystem32configDEFAULT
2021-04-30 03:11 – 2021-05-26 14:37 – 000524288 _____ C:Windowssystem32configBBI
2021-04-30 03:11 – 2021-05-26 14:37 – 000131072 _____ C:Windowssystem32configSAM
2021-04-30 03:11 – 2021-05-26 14:37 – 000032768 _____ C:Windowssystem32configSECURITY
2021-04-30 03:11 – 2021-05-26 13:59 – 000065536 _____ C:Windowssystem32configELAM
2021-04-30 03:11 – 2021-05-15 12:11 – 000000000 ____D C:Windowsservicing
2021-04-30 03:11 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32SMI
2021-04-29 23:52 – 2021-04-29 23:52 – 000581120 _____ (Microsoft Corporation) C:Windowssystem32PhotoScreensaver.scr
2021-04-29 23:52 – 2021-04-29 23:52 – 000575488 _____ (Microsoft Corporation) C:WindowsSysWOW64hhctrl.ocx
2021-04-29 23:52 – 2021-04-29 23:52 – 000499200 _____ (Microsoft Corporation) C:WindowsSysWOW64PhotoScreensaver.scr
2021-04-29 23:52 – 2021-04-29 23:52 – 000480256 _____ C:Windowssystem32AssignedAccessCsp.dll
2021-04-29 23:52 – 2021-04-29 23:52 – 000469504 _____ (Microsoft Corporation) C:WindowsSysWOW64appwiz.cpl
2021-04-29 23:52 – 2021-04-29 23:52 – 000374072 _____ C:Windowssystem32vp9fs.dll
2021-04-29 23:52 – 2021-04-29 23:52 – 000304128 _____ (Microsoft Corporation) C:Windowssystem32ksproxy.ax
2021-04-29 23:52 – 2021-04-29 23:52 – 000266240 _____ (Microsoft Corporation) C:Windowssystem32mpg2splt.ax
2021-04-29 23:52 – 2021-04-29 23:52 – 000234496 _____ (Microsoft Corporation) C:WindowsSysWOW64ksproxy.ax
2021-04-29 23:52 – 2021-04-29 23:52 – 000204800 _____ (Microsoft Corporation) C:WindowsSysWOW64mpg2splt.ax
2021-04-29 23:52 – 2021-04-29 23:52 – 000191288 _____ C:Windowssystem32HvsiSettingsWorker.exe
2021-04-29 23:52 – 2021-04-29 23:52 – 000170496 _____ (Microsoft Corporation) C:Windowssystem32VBICodec.ax
2021-04-29 23:52 – 2021-04-29 23:52 – 000152912 _____ C:Windowssystem32IsolatedWindowsEnvironmentUtils.dll
2021-04-29 23:52 – 2021-04-29 23:52 – 000138056 _____ C:Windowssystem32HvsiManagementApi.dll
2021-04-29 23:52 – 2021-04-29 23:52 – 000135168 _____ (Microsoft Corporation) C:WindowsSysWOW64VBICodec.ax
2021-04-29 23:52 – 2021-04-29 23:52 – 000119296 _____ C:Windowssystem32hvsiproxyapp.exe
2021-04-29 23:52 – 2021-04-29 23:52 – 000111920 _____ C:WindowsSysWOW64IsolatedWindowsEnvironmentUtils.dll
2021-04-29 23:52 – 2021-04-29 23:52 – 000101704 _____ C:WindowsSysWOW64HvsiManagementApi.dll
2021-04-29 23:52 – 2021-04-29 23:52 – 000095744 _____ C:Windowssystem32VirtualMonitorManager.dll
2021-04-29 23:52 – 2021-04-29 23:52 – 000089912 _____ C:Windowssystem32HvsiMachinePolicies.dll
2021-04-29 23:52 – 2021-04-29 23:52 – 000087552 _____ C:Windowssystem32hvsiDspdvcclient.dll
2021-04-29 23:52 – 2021-04-29 23:52 – 000084992 _____ (Microsoft Corporation) C:Windowssystem32wscui.cpl
2021-04-29 23:52 – 2021-04-29 23:52 – 000079688 _____ C:Windowssystem32hvsifiletrust.dll
2021-04-29 23:52 – 2021-04-29 23:52 – 000072704 _____ (Microsoft Corporation) C:WindowsSysWOW64tdc.ocx
2021-04-29 23:52 – 2021-04-29 23:52 – 000071680 _____ C:Windowssystem32wdagtool.exe
2021-04-29 23:52 – 2021-04-29 23:52 – 000067584 _____ (Microsoft Corporation) C:WindowsSysWOW64wscui.cpl
2021-04-29 23:52 – 2021-04-29 23:52 – 000061264 _____ C:WindowsSysWOW64hvsifiletrust.dll
2021-04-29 23:52 – 2021-04-29 23:52 – 000053760 _____ C:WindowsSysWOW64BWContextHandler.dll
2021-04-29 23:52 – 2021-04-29 23:52 – 000045880 _____ C:Windowssystem32HvSocket.dll
2021-04-29 23:52 – 2021-04-29 23:52 – 000044344 _____ C:Windowssystem32AuditSettingsProvider.dll
2021-04-29 23:51 – 2021-04-29 23:51 – 004898144 _____ (Microsoft Corporation) C:Windowssystem32rtmpltfm.dll
2021-04-29 23:51 – 2021-04-29 23:51 – 003860832 _____ (Microsoft Corporation) C:WindowsSysWOW64rtmpltfm.dll
2021-04-29 23:51 – 2021-04-29 23:51 – 002260992 _____ C:Windowssystem32TextInputMethodFormatter.dll
2021-04-29 23:51 – 2021-04-29 23:51 – 002260480 _____ (The ICU Project) C:Windowssystem32icu.dll
2021-04-29 23:51 – 2021-04-29 23:51 – 002254336 _____ C:Windowssystem32dwmscene.dll
2021-04-29 23:51 – 2021-04-29 23:51 – 001354080 _____ (Microsoft Corporation) C:Windowssystem32rtmpal.dll
2021-04-29 23:51 – 2021-04-29 23:51 – 001333760 _____ C:WindowsSysWOW64TextInputMethodFormatter.dll
2021-04-29 23:51 – 2021-04-29 23:51 – 001091936 _____ (Microsoft Corporation) C:Windowssystem32rtmcodecs.dll
2021-04-29 23:51 – 2021-04-29 23:51 – 001032544 _____ (Microsoft Corporation) C:Windowssystem32ortcengine.dll
2021-04-29 23:51 – 2021-04-29 23:51 – 000980320 _____ (Microsoft Corporation) C:WindowsSysWOW64rtmpal.dll
2021-04-29 23:51 – 2021-04-29 23:51 – 000915296 _____ (Microsoft Corporation) C:WindowsSysWOW64rtmcodecs.dll
2021-04-29 23:51 – 2021-04-29 23:51 – 000732000 _____ (Microsoft Corporation) C:WindowsSysWOW64ortcengine.dll
2021-04-29 23:51 – 2021-04-29 23:51 – 000729600 _____ (Microsoft Corporation) C:Windowssystem32hhctrl.ocx
2021-04-29 23:51 – 2021-04-29 23:51 – 000707016 _____ C:Windowssystem32TextShaping.dll
2021-04-29 23:51 – 2021-04-29 23:51 – 000643072 _____ C:Windowssystem32WindowManagementAPI.dll
2021-04-29 23:51 – 2021-04-29 23:51 – 000611952 _____ C:WindowsSysWOW64TextShaping.dll
2021-04-29 23:51 – 2021-04-29 23:51 – 000595968 _____ (Microsoft Corporation) C:Windowssystem32appwiz.cpl
2021-04-29 23:51 – 2021-04-29 23:51 – 000544768 _____ (Microsoft Corporation) C:Windowssystem32mmsys.cpl
2021-04-29 23:51 – 2021-04-29 23:51 – 000455680 _____ C:WindowsSysWOW64WindowManagementAPI.dll
2021-04-29 23:51 – 2021-04-29 23:51 – 000446976 _____ (Microsoft Corporation) C:WindowsSysWOW64mmsys.cpl
2021-04-29 23:51 – 2021-04-29 23:51 – 000422912 _____ (Microsoft Corporation) C:WindowsSysWOW64winspool.drv
2021-04-29 23:51 – 2021-04-29 23:51 – 000363520 _____ C:Windowssystem32Windows.Internal.UI.Shell.WindowTabManager.dll
2021-04-29 23:51 – 2021-04-29 23:51 – 000330752 _____ C:WindowsSysWOW64ssdm.dll
2021-04-29 23:51 – 2021-04-29 23:51 – 000306688 _____ C:Windowssystem32HeatCore.dll
2021-04-29 23:51 – 2021-04-29 23:51 – 000266752 _____ (Microsoft Corporation) C:Windowssystem32bthprops.cpl
2021-04-29 23:51 – 2021-04-29 23:51 – 000266240 _____ C:WindowsSysWOW64Windows.Internal.UI.Shell.WindowTabManager.dll
2021-04-29 23:51 – 2021-04-29 23:51 – 000243200 _____ (Microsoft Corporation) C:Windowssystem32timedate.cpl
2021-04-29 23:51 – 2021-04-29 23:51 – 000240640 _____ C:WindowsSysWOW64CoreMas.dll
2021-04-29 23:51 – 2021-04-29 23:51 – 000238592 _____ (Microsoft Corporation) C:Windowssystem32intl.cpl
2021-04-29 23:51 – 2021-04-29 23:51 – 000235520 _____ C:WindowsSysWOW64HeatCore.dll
2021-04-29 23:51 – 2021-04-29 23:51 – 000231248 _____ C:Windowssystem32containerdevicemanagement.dll
2021-04-29 23:51 – 2021-04-29 23:51 – 000221184 _____ (Microsoft Corporation) C:WindowsSysWOW64bthprops.cpl
2021-04-29 23:51 – 2021-04-29 23:51 – 000190976 _____ C:Windowssystem32BthpanContextHandler.dll
2021-04-29 23:51 – 2021-04-29 23:51 – 000182272 _____ (Microsoft Corporation) C:WindowsSysWOW64timedate.cpl
2021-04-29 23:51 – 2021-04-29 23:51 – 000178688 _____ (Microsoft Corporation) C:WindowsSysWOW64intl.cpl
2021-04-29 23:51 – 2021-04-29 23:51 – 000152064 _____ C:Windowssystem32EoAExperiences.exe
2021-04-29 23:51 – 2021-04-29 23:51 – 000112128 _____ (Microsoft Corporation) C:WindowsSysWOW64activeds.tlb
2021-04-29 23:51 – 2021-04-29 23:51 – 000112128 _____ (Microsoft Corporation) C:Windowssystem32activeds.tlb
2021-04-29 23:51 – 2021-04-29 23:51 – 000102912 _____ (Microsoft Corporation) C:Windowssystem32ncpa.cpl
2021-04-29 23:51 – 2021-04-29 23:51 – 000100864 _____ (Microsoft Corporation) C:WindowsSysWOW64ncpa.cpl
2021-04-29 23:51 – 2021-04-29 23:51 – 000091136 _____ C:Windowssystem32Driverscimfs.sys
2021-04-29 23:51 – 2021-04-29 23:51 – 000087552 _____ (Microsoft Corporation) C:Windowssystem32tdc.ocx
2021-04-29 23:51 – 2021-04-29 23:51 – 000067072 _____ C:Windowssystem32BWContextHandler.dll
2021-04-29 23:51 – 2021-04-29 23:51 – 000056672 _____ (Microsoft Corporation) C:Windowssystem32rtmmvrortc.dll
2021-04-29 23:51 – 2021-04-29 23:51 – 000055376 _____ (Microsoft Corporation) C:WindowsSysWOW64rtmmvrortc.dll
2021-04-29 23:51 – 2021-04-29 23:51 – 000048640 _____ (Adobe Systems) C:Windowssystem32atmlib.dll
2021-04-29 23:51 – 2021-04-29 23:51 – 000047472 _____ C:WindowsSysWOW64umpdc.dll
2021-04-29 23:51 – 2021-04-29 23:51 – 000039936 _____ (Adobe Systems) C:WindowsSysWOW64atmlib.dll
2021-04-29 23:51 – 2021-04-29 23:51 – 000029696 _____ (The ICU Project) C:Windowssystem32icuuc.dll
2021-04-29 23:51 – 2021-04-29 23:51 – 000025088 _____ (The ICU Project) C:Windowssystem32icuin.dll
2021-04-29 23:51 – 2021-04-29 23:51 – 000023552 _____ (Microsoft Corporation) C:WindowsSysWOW64msacm32.drv
2021-04-29 23:51 – 2021-04-29 23:51 – 000010752 _____ C:WindowsSysWOW64agentactivationruntimestarter.exe
2021-04-29 23:51 – 2021-04-29 23:51 – 000001370 _____ C:Windowssystem32ThirdPartyNoticesBySHS.txt
2021-04-29 23:50 – 2021-04-29 23:50 – 004227116 _____ C:Windowssystem32DefaultHrtfs.bin
2021-04-29 23:50 – 2021-04-29 23:50 – 000562688 _____ (Microsoft Corporation) C:Windowssystem32winspool.drv
2021-04-29 23:50 – 2021-04-29 23:50 – 000455168 _____ C:Windowssystem32ssdm.dll
2021-04-29 23:50 – 2021-04-29 23:50 – 000287232 _____ C:Windowssystem32CoreMas.dll
2021-04-29 23:50 – 2021-04-29 23:50 – 000197632 _____ C:Windowssystem32IHDS.dll
2021-04-29 23:50 – 2021-04-29 23:50 – 000089088 _____ C:Windowssystem32windows.applicationmodel.conversationalagent.proxystub.dll
2021-04-29 23:50 – 2021-04-29 23:50 – 000074240 _____ C:Windowssystem32rdsxvmaudio.dll
2021-04-29 23:50 – 2021-04-29 23:50 – 000073216 _____ C:Windowssystem32windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-04-29 23:50 – 2021-04-29 23:50 – 000064552 _____ C:Windowssystem32umpdc.dll
2021-04-29 23:50 – 2021-04-29 23:50 – 000030208 _____ (Microsoft Corporation) C:Windowssystem32msacm32.drv
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-05-14 15:04 – 2021-04-14 03:03 – 000000000 ___HD C:$SysReset
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Addition Results:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2021
Ran by Winston Smith (27-05-2021 12:24:42)
Running from C:Program FilesFarbar
Windows 10 Pro Version 20H2 19042.985 (X64) (2021-04-30 18:11:04)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1122837440-1392308684-3391438225-500 – Administrator – Disabled)
DefaultAccount (S-1-5-21-1122837440-1392308684-3391438225-503 – Limited – Disabled)
Guest (S-1-5-21-1122837440-1392308684-3391438225-501 – Limited – Disabled)
WDAGUtilityAccount (S-1-5-21-1122837440-1392308684-3391438225-504 – Limited – Disabled)
Winston Smith (S-1-5-21-1122837440-1392308684-3391438225-1001 – Administrator – Enabled) => C:UsersWinston Smith
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Bitdefender Antivirus (Enabled – Up to date) {BAD274F4-FA00-8560-1CDE-6C830442BEFA}
AV: Windows Defender (Disabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled – Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: Bitdefender Firewall (Enabled) {82E9F5D1-B06F-8438-3781-C5B6FA91F981}
==================== Installed Programs ======================
(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Bitdefender Agent (HKLM…Bitdefender Agent) (Version: 25.0.1.181 – Bitdefender)
Bitdefender Total Security (HKLM…Bitdefender) (Version: 25.0.19.75 – Bitdefender)
Bitdefender VPN (HKLM…Bitdefender VPN) (Version: 25.4.2.36 – Bitdefender)
Bitwarden (HKLM…173a9bac-6f0d-50c4-8202-4744c69d091a) (Version: 1.26.3 – Bitwarden Inc.)
Brave (HKLM-x32…BraveSoftware Brave-Browser) (Version: 90.1.24.86 – Brave Software Inc)
Google Chrome (HKLM-x32…Google Chrome) (Version: 90.0.4430.212 – Google LLC)
Google Update Helper (HKLM-x32…{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 – Google LLC) Hidden
Intel® Network Connections 26.2.0.1 (HKLM…PROSetDX) (Version: 26.2.0.1 – Intel)
Malwarebytes version 4.3.3.116 (HKLM…{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.3.116 – Malwarebytes)
Microsoft Edge (HKLM-x32…Microsoft Edge) (Version: 90.0.818.66 – Microsoft Corporation)
Microsoft OneDrive (HKUS-1-5-21-1122837440-1392308684-3391438225-1001…OneDriveSetup.exe) (Version: 21.073.0411.0002 – Microsoft Corporation)
Microsoft Update Health Tools (HKLM…{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 – Microsoft Corporation)
Revo Uninstaller 2.2.5 (HKLM…{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.2.5 – VS Revo Group, Ltd.)
Steam (HKLM-x32…Steam) (Version: 2.10.91.91 – Valve Corporation)
Surfshark (HKLM-x32…{65CF9983-D382-4451-9A12-152D7ADA9395}) (Version: 2.8.3999 – Surfshark) Hidden
Surfshark (HKLM-x32…Surfshark 2.8.3999) (Version: 2.8.3999 – Surfshark)
Surfshark TAP Driver Windows (HKLM-x32…{9F9505BB-72D3-4E0E-8438-3C32D8375843}) (Version: 1.0 – Surfshark)
Surfshark TUN Driver Windows (HKLM…{D8B32360-DF13-4386-9C95-CE3657D4582B}) (Version: 1.0 – Surfshark)
Packages:
=========
ATKey for Windows -> C:Program FilesWindowsAppsCCD7B6D7.AuthenTrendProKey.BLE_2.0.63.0_x64__ryhvpf98a35rp [2021-05-17] (AuthenTrend Technology Inc.)
NVIDIA Control Panel -> C:Program FilesWindowsAppsNVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-05-26] (NVIDIA Corp.)
Spotify Music -> C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0 [2021-05-26] (Spotify AB) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2021-05-15] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:WindowsSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_3784df9edffd3314nvshext.dll [2021-03-26] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2021-05-15] (Malwarebytes Corporation -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2020-10-12 13:54 – 2020-10-12 13:54 – 000324096 _____ () [File not signed] C:Program Files (x86)SurfsharkResourcesx64Surfshark.Firewall.dll
2020-11-20 03:06 – 2020-11-20 03:06 – 004035072 _____ () [File not signed] C:Program Files (x86)SurfsharkResourcesx64SurfsharkWg.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)
HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMBAMService => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMBAMService => “”=”Service”
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page =
HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Search Page =
HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Default_Page_URL =
HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =
HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Default_Search_URL =
HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Local Page =
BHO: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:Program FilesBitdefenderBitdefender Securitybdtbie.dll [2021-05-20] (Bitdefender SRL -> Bitdefender)
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:Program FilesBitdefenderBitdefender Securitypmbxie.dll [2021-05-20] (Bitdefender SRL -> Bitdefender)
BHO-x32: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:Program FilesBitdefenderBitdefender Securityantispam32bdtbie.dll [2021-05-20] (Bitdefender SRL -> Bitdefender)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:Program FilesBitdefenderBitdefender SecurityAntispam32pmbxie.dll [2021-05-20] (Bitdefender SRL -> Bitdefender)
Toolbar: HKLM – Bitdefender Wallet – {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} – C:Program FilesBitdefenderBitdefender Securitypmbxie.dll [2021-05-20] (Bitdefender SRL -> Bitdefender)
Toolbar: HKLM-x32 – Bitdefender Wallet – {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} – C:Program FilesBitdefenderBitdefender SecurityAntispam32pmbxie.dll [2021-05-20] (Bitdefender SRL -> Bitdefender)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2021-04-30 03:15 – 2021-05-27 12:20 – 000000822 _____ C:Windowssystem32driversetchosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKUS-1-5-21-1122837440-1392308684-3391438225-1001Control PanelDesktop\Wallpaper -> C:WindowswebwallpaperWindowsimg0.jpg
DNS Servers: 9.9.9.9
HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM…StartupApprovedRun: => “MouseDriver”
HKLM…StartupApprovedRun: => “Logitech Download Assistant”
HKUS-1-5-21-1122837440-1392308684-3391438225-1001…StartupApprovedRun: => “OneDrive”
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{19E11198-9944-4D9F-9C7F-F476A9233045}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{220A3018-E6C5-4ACC-9BEE-C1774D3B8241}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{85779EDE-EB23-4655-9679-8CE3F7DE5F73}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A8BA7E55-8628-4EF3-85D4-D48D65CD8A5F}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{71C0411F-8B17-4485-B5E2-401212921182}] => (Allow) G:SteamSteam.exe => No File
FirewallRules: [{22E0219B-993D-484E-8BED-7966EB3ADA31}] => (Allow) G:SteamSteam.exe => No File
FirewallRules: [{541A6925-1652-4873-B163-7535BAE3D3C0}] => (Allow) C:Program FilesGoogleChromeApplicationchrome.exe (Google LLC -> Google LLC)
FirewallRules: [{A2011472-3B81-45C5-BCC4-B9DC275259C2}] => (Allow) C:Program FilesBraveSoftwareBrave-BrowserApplicationbrave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{B8FEED4E-D830-4B23-BE5D-3DA567256310}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DD14EBA4-0BCE-4714-99C9-861BC1C6A39E}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{35E3F563-A6D9-43E0-8185-2F7D6DDEB1FC}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3683B4C4-386B-4269-A56D-977A0BBFAB69}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BD4E8F53-439C-4FF9-A04B-5D5766AE7C43}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{41138384-A831-48B6-A5F0-B26ADA42D9CD}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D0732CD2-0006-419C-A327-CF608B5F675C}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B9569097-DDC9-43D6-BEC0-B85C740A09C8}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
==================== Restore Points =========================
15-05-2021 12:03:34 Windows Modules Installer
15-05-2021 16:38:09 5-15-preclean
15-05-2021 17:06:09 Revo Uninstaller’s restore point – RogueKiller version 14.8.6.0
15-05-2021 22:43:52 Installed Surfshark
16-05-2021 00:23:18 Installed Intel® Network Connections.
16-05-2021 05:44:37 Revo Uninstaller’s restore point – Cortana
16-05-2021 06:00:40 Revo Uninstaller’s restore point – Xbox Game Bar
16-05-2021 06:04:30 Revo Uninstaller’s restore point – Microsoft Edge
16-05-2021 06:05:14 Revo Uninstaller’s restore point – Microsoft Edge
16-05-2021 06:05:51 Revo Uninstaller’s restore point – Microsoft Edge
16-05-2021 06:06:55 Revo Uninstaller’s restore point – Microsoft Edge
16-05-2021 06:13:33 Revo Uninstaller’s restore point – Microsoft Edge
16-05-2021 06:17:00 Revo Uninstaller’s restore point – Microsoft Edge
16-05-2021 06:20:21 Revo Uninstaller’s restore point – Microsoft Edge
16-05-2021 06:31:46 Revo Uninstaller’s restore point – Microsoft Solitaire Collection
26-05-2021 12:52:45 Windows Modules Installer
==================== Faulty Device Manager Devices ============
Name: Generic Bluetooth Adapter
Description: Generic Bluetooth Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: GenericAdapter
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click “Action”, and then click “Enable Device”. This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: ========================
Application errors:
==================
Error: (05/26/2021 11:40:08 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={3D588F8B-25E2-49B2-9819-CC27A4B10B1C}: The user SYSTEM dialed a connection named IKEv2-Surfshark Connection which has failed. The error code returned on failure is 868.
Error: (05/26/2021 11:40:03 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={E78019A0-0612-4BB2-ADB4-35A75E0C1D02}: The user SYSTEM dialed a connection named IKEv2-Surfshark Connection which has failed. The error code returned on failure is 868.
Error: (05/26/2021 11:39:58 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={A37358C3-E542-4B19-A3CE-4DF15ED02BFA}: The user SYSTEM dialed a connection named IKEv2-Surfshark Connection which has failed. The error code returned on failure is 868.
Error: (05/26/2021 11:39:52 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={07F54186-6861-419A-9D1C-7AC1EC1DDEDF}: The user SYSTEM dialed a connection named IKEv2-Surfshark Connection which has failed. The error code returned on failure is 868.
Error: (05/26/2021 11:39:37 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={370AF094-AD52-454C-A84E-7090E290ADA6}: The user SYSTEM dialed a connection named IKEv2-Surfshark Connection which has failed. The error code returned on failure is 868.
Error: (05/26/2021 11:39:32 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={3365600C-D445-46F3-B105-6D8ED9DBF1B7}: The user SYSTEM dialed a connection named IKEv2-Surfshark Connection which has failed. The error code returned on failure is 868.
Error: (05/26/2021 11:39:27 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={08F0D1E5-3E70-4116-AEF0-E5F0C32BF51B}: The user SYSTEM dialed a connection named IKEv2-Surfshark Connection which has failed. The error code returned on failure is 868.
Error: (05/26/2021 11:39:22 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={55CF7806-EFF4-446F-81CE-E46F3F8CAD7A}: The user SYSTEM dialed a connection named IKEv2-Surfshark Connection which has failed. The error code returned on failure is 868.
System errors:
=============
Error: (05/26/2021 11:39:07 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport DeviceNetBT_Tcpip_{37F3BB35-F722-4328-B9BB-755EC36F0D0E} because another computer on the network has the same name. The server could not start.
Error: (05/26/2021 11:39:07 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport DeviceNetBT_Tcpip_{2CC77596-4A8B-4777-8168-24440F668A70} because another computer on the network has the same name. The server could not start.
Error: (05/26/2021 11:39:07 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport DeviceNetBT_Tcpip_{4C524602-04DE-4265-8ED3-34ADED9FE7DE} because another computer on the network has the same name. The server could not start.
Error: (05/26/2021 10:25:52 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: Event-ID 14
Error: (05/26/2021 09:09:52 PM) (Source: DCOM) (EventID: 10001) (User: HAL-9000)
Description: Unable to start a DCOM Server: Microsoft.MicrosoftEdge_44.19041.964.0_neutral__8wekyb3d8bbwe!MicrosoftEdge.AppXc2415ab8qmchmrznxwpax4mw6b3qz5ay.mca as Unavailable/Unavailable. The error:
“2147942402”
Happened while starting this command:
“C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweMicrosoftEdge.exe” -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
Error: (05/26/2021 09:05:35 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport DeviceNetBT_Tcpip_{7568BA80-31D2-4D08-B3BF-5DDE50F22C77} because another computer on the network has the same name. The server could not start.
Error: (05/26/2021 09:05:35 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport DeviceNetBT_Tcpip_{37F3BB35-F722-4328-B9BB-755EC36F0D0E} because another computer on the network has the same name. The server could not start.
Error: (05/26/2021 09:05:35 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport DeviceNetBT_Tcpip_{6410557B-E577-43B0-A9F8-B25EEF764F62} because another computer on the network has the same name. The server could not start.
Windows Defender:
================
Date: 2021-05-20 16:30:34
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-05-20 16:19:24
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-05-15 15:47:05
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-05-15 13:43:55
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-05-15 13:39:51
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-05-14 16:47:36
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 0.0.0.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 0.0.0.0
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2021-05-14 16:22:35
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 0.0.0.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2021-05-14 16:22:35
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 0.0.0.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2021-05-14 16:22:35
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 0.0.0.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2021-05-14 16:22:35
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 0.0.0.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
CodeIntegrity:
===============
Date: 2021-05-26 21:21:50
Description:
Windows is unable to verify the image integrity of the file DeviceHarddiskVolume4WindowsInstaller{AC44C09E-6D45-4F0F-8749-C3DF69A55FDE}ARPPRODUCTICON.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-05-26 21:04:37
Description:
Windows is unable to verify the image integrity of the file DeviceHarddiskVolume4Program FilesMalwarebytesAnti-MalwareMBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
BIOS: American Megatrends Inc. P1.50 03/21/2018
Motherboard: ASRock Z370 Pro4-IB
Processor: Intel® Core i7-8700K CPU @ 3.70GHz
Percentage of memory in use: 34%
Total physical RAM: 32702.4 MB
Available physical RAM: 21579.72 MB
Total Virtual: 37566.4 MB
Available Virtual: 23520.9 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:222.97 GB) (Free:183.88 GB) (Protected) NTFS
Drive d: (New Volume) (Fixed) (Total:0.01 GB) (Free:0 GB) NTFS
Drive e: () (Fixed) (Total: ? GB) (Free: ? GB) (Protected) (Locked)
Drive g: () (Fixed) (Total: ? GB) (Free: ? GB) (Protected) (Locked)
Drive w: () (Fixed) (Total: ? GB) (Free: ? GB) (Protected) (Locked)
\?Volume{92de8726-0409-4285-a2a2-2301c39c3832} () (Fixed) (Total:0.49 GB) (Free:0.04 GB) NTFS
\?Volume{629458e4-0000-0000-0000-010000000000} (PortableBaseLayer) (Fixed) (Total:8 GB) (Free:7.51 GB) NTFS
\?Volume{e0945509-11f4-4013-b63a-bffe3f438e95} (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 223.6 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: EF084E29)
Partition: GPT.
==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 8 GB) (Disk ID: 629458E4)
Partition 1: (Not Active) – (Size=8 GB) – (Type=07 NTFS)
==================== End of Addition.txt =======================
